My Tech Lessons

OutofMemory with Ant

2008-04-23T16:25:00.000-07:00

When javac is compiling a large number of java source files, it may fail with java.lang.OutOfMemoryError:

The system is out of resources.
Consult the following stack trace for details.
java.lang.OutOfMemoryError: Java heap space
It's no different than OutOfMemoryError in other java applications. When you run javac in Sun JDK, it's invoking com.sun.tools.javac.main.Main located in %JAVA_HOME%\lib\tools.jar.

If you are compiling with javac task in Apache Ant, set fork attribute to true, to run javac in a separate process with its own heap size settings. If fork is set to false, or not set (default is false), javac will run in the same process as Ant, which has a default maximum heap size of 64m.
srcdir="${basedir}/src"
destdir="${basedir}/build/classes"
classpath="${project.classpath}"
memoryinitialsize="256m"
memorymaximumsize="256m">

Setting fork to true will also limit any memory leaks in javac implementation to its own child process, without affecting the parent Ant process.

If setting fork, memoryInitialSize, and memoryMaximumSize still doesn't fix the problem, you can execute javac task several times, each javac compiling a subset of your source tree. But this should really be the last rescort, since you are now managing source code dependency, which should be javac's business. You will need to decide which modules get compiled first, and classes in certain modules cannot have direct references to classes in certain other modules, and so on. I'd rather increase the memoryMaximumSize to 2g.

If you don't want to modify existing build.xml files, another option is to increase the heap size for Ant JVM and still execute javac task in-process. You just need to set environment variable ANT_OPTS:
export ANT_OPTS="-Xms256m -Xmx256m" (ksh/bash)
setenv ANT_OPTS="-Xms256m -Xmx256m" (tcsh/csh)
set ANT_OPTS="-Xms256m -Xmx256m" (Windows)
A disadvantage of this approach is users will need to remember to set this environment variable, or use some sort of wrapper script on top of %ANT_HOME%\bin\ant.bat, or $ANT_HOME/bin/ant.

If you are invoking javac directly, you can also increase the heap size for the underlying JVM:
javac -d build/classes -classpath ... -J-Xms256m -J-Xmx256m

From : http://javahowto.blogspot.com/2006/06/fix-javac-java-lang-outofmemoryerror.html

How to reset Administrator login password to Windows due to a forgotten password?

2008-02-02T19:35:00.001-08:00

1. Place your Windows XP CD in your cd-rom and start your computer (it’s assumed here that your XP CD is bootable – as it should be - and that you have your bios set to boot from CD)

2. Keep your eye on the screen messages for booting to your cd Typically, it will be “Press any key to boot from cd”

3. Once you get in, the first screen will indicate that Setup is inspecting your system and loading files.

4. When you get to the Welcome to Setup screen, press ENTER to Setup Windows now

5. The Licensing Agreement comes next - Press F8 to accept it.

6. The next screen is the Setup screen which gives you the option to do a Repair.

It should read something like “If one of the following Windows XP installations is damaged, Setup can try to repair it”
Use the up and down arrow keys to select your XP installation (if you only have one, it should already be selected) and press R to begin the Repair process.

7. Let the Repair run. Setup will now check your disks and then start copying files which can take several minutes.

8. Shortly after the Copying Files stage, you will be required to reboot. (this will happen automatically – you will see a progress bar stating “Your computer will reboot in 15 seconds”

9. During the reboot, do not make the mistake of “pressing any key” to boot from the CD again! Setup will resume automatically with the standard billboard screens and you will notice Installing Windows is highlighted.

10. Keep your eye on the lower left hand side of the screen and when you see the Installing Devices progress bar, press SHIFT + F10. This is the security hole! A command console will now open up giving you the potential for wide access to your system.

11. At the prompt, type NUSRMGR.CPL and press Enter. Voila! You have just gained graphical access to your User Accounts in the Control Panel.

12. Now simply pick the account you need to change and remove or change your password as you prefer. If you want to log on without having to enter your new password, you can type control userpasswords2 at the prompt and choose to log on without being asked for password. After you’ve made your changes close the windows, exit the command box and continue on with the Repair (have your Product key handy).

13. Once the Repair is done, you will be able to log on with your new password (or without a password if you chose not to use one or if you chose not to be asked for a password). Your programs and personalized settings should remain intact.
I tested the above on Windows XP Pro with and without SP1 and also used this method in a real situation where someone could not remember their password and it worked like a charm to fix the problem. This security hole allows access to more than just user accounts. You can also access the Registry and Policy Editor, for example. And its gui access with mouse control. Of course, a Product Key will be needed to continue with the Repair after making the changes, but for anyone intent on gaining access to your system, this would be no problem.
And in case you are wondering, NO, you cannot cancel install after making the changes and expect to logon with your new password.
Cancelling will just result in Setup resuming at bootup and your changes will be lost.

Create oracle Database

2008-01-16T11:56:00.001-08:00

Two methods are available for creating a new database: the Database Configuration Assistant (DBCA) GUI application and the CREATE DATABASE SQL statement. For simplicity we'll use the DBCA. You can read about creating a database using the SQL interface in Chapter 2 of the Oracle Database Administrators Guide.

To use the configuration assistant, export your display (if your not on the console) and run dbca:

bash-2.05$ export DISPLAY=10.10.1.100:0
bash-2.05$ pwd
/u01/app/oracle/product/10.1.0/db_1/bin
bash-2.05$ ./dbca
We'll then use the following steps in the GUI.

In step 1, choose "Create a database"
In step 2, choose "General Purpose"
In step 3, we'll name the database test.cuddletech.com with the SID test
In step 4, we'll leave "Configure the database with Enterprise Manager" checked and also check "Enable Email Notifications" specifying both our local SMTP server and our email address.
In step 5, we'll use the same password for all accounts. I'll use "passwd".
In step 6, we'll use regular file system storage.
In step 7, we'll choose "Use Common location for all database files", and according to the OFA we'll use /u02/oradata as the location.
In step 8, we'll disable flash recovery by unchecking all boxes.
In step 9, we'll uncheck "Sample Schemas"
In step 10, we'll use the default settings for memory management. In my case thats 120M for the shared pool, 24M for the buffer cache, 8M for the Large pool, and 24M for the PGA. The only thing to change is "Java Pool", set it to 0.
In step 11, look over the layout of the storage. Nothing needs to be changed here.
Finally, in step 12 we can actually create the database or save it as a template. Make sure "Create Database" is checked and click Finish.
We'll now have the chance to look at our configuration and save an HTML copy of it. When done, create the database.
The database will now build. On my Sun Blade 100 this process took about 10 minutes.
Lastly, you'll get a confirmation dialog with the database name, SID, Server Parameter Filename and an Enterprise Manager URL.
After the database has been created, you can go examine the files it created.

bash-2.05# cd /u02/oradata/test
bash-2.05# ls -alh
total 1451556
drwxr-xr-x 2 oracle oinstall 512 Oct 5 16:43 .
drwxr-xr-x 4 oracle dba 512 Oct 5 16:40 ..
-rw-r----- 1 oracle oinstall 2.7M Oct 5 16:53 control01.ctl
-rw-r----- 1 oracle oinstall 2.7M Oct 5 16:53 control02.ctl
-rw-r----- 1 oracle oinstall 2.7M Oct 5 16:53 control03.ctl
-rw-r----- 1 oracle oinstall 10M Oct 5 16:53 redo01.log
-rw-r----- 1 oracle oinstall 10M Oct 5 16:46 redo02.log
-rw-r----- 1 oracle oinstall 10M Oct 5 16:51 redo03.log
-rw-r----- 1 oracle oinstall 210M Oct 5 16:53 sysaux01.dbf
-rw-r----- 1 oracle oinstall 430M Oct 5 16:53 system01.dbf
-rw-r----- 1 oracle oinstall 20M Oct 5 16:43 temp01.dbf
-rw-r----- 1 oracle oinstall 25M Oct 5 16:53 undotbs01.dbf
-rw-r----- 1 oracle oinstall 5.0M Oct 5 16:46 users01.dbf
There will also be files in your oracle admin directory (OFA path: /u01/app/oracle/admin/(sid)) and the dbs directory (OFA path: /u01/app/oracle/product/10.1.0/db_1/dbs).

If you want to play with Enterprise Manager, you can do so now. Go to the URL listed in the final dialog of the dbca session. At the login screen use the username "sys", the password "passwd" (as we specified during creation) and from the drop down choose "SYSDBA". Once you login you'll get a licensing information screen, agree to the terms to keep playing. After this you'll get the full Enterprise Manager experience. You'll see that the database has already been started and is up. On the "Administration" tab you can really play with some nifty things. You can create nearly any database component here without ever touching SQL*Plus.

If you playing with the Enterprise Manager (EM), go ahead and shutdown the database so we can see how to start it up using SQL*Plus.

RCDefaultApp for Mac OS X

2008-01-14T15:07:00.001-08:00

I came across this nifty preference pane RCDefaultApp for Mac OS X, that allows you to manage all kinds of associations like file associations, default applications for various file extensions, url protocol associations at a single place.

Its a relief to be able to set the default browser, default newsreader or default application for .xxx files at one place, instead of hunting around for the settings in various applications like Safari, Mail, Finder, etc.

This is now one of my must-have utilities for Mac.

Tech Related Quotes

2008-01-12T14:19:00.001-08:00

All of the biggest technological inventions created by man - the airplane, the automobile, the computer - says little about his intelligence, but speaks volumes about his laziness. ~Mark Kennedy

Inventor: A person who makes an ingenious arrangement of wheels, levers and springs, and believes it civilization. ~Ambrose Bierce, The Devil's Dictionary

Modern technology
Owes ecology
An apology.
~Alan M. Eddison

It has become appallingly obvious that our technology has exceeded our humanity. ~Albert Einstein

One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man. ~Elbert Hubbard, The Roycroft Dictionary and Book of Epigrams, 1923

For a successful technology, reality must take precedence over public relations, for Nature cannot be fooled. ~Richard P. Feynman

If it keeps up, man will atrophy all his limbs but the push-button finger. ~Frank Lloyd Wright

Soon silence will have passed into legend. Man has turned his back on silence. Day after day he invents machines and devices that increase noise and distract humanity from the essence of life, contemplation, meditation...tooting, howling, screeching, booming, crashing, whistling, grinding, and trilling bolster his ego. His anxiety subsides. His inhuman void spreads monstrously like a gray vegetation. ~Jean Arp

Technological progress has merely provided us with more efficient means for going backwards. ~Aldous Huxley

Technology... the knack of so arranging the world that we don't have to experience it. ~Max Frisch

Do you realize if it weren't for Edison we'd be watching TV by candlelight? ~Al Boliska

Western society has accepted as unquestionable a technological imperative that is quite as arbitrary as the most primitive taboo: not merely the duty to foster invention and constantly to create technological novelties, but equally the duty to surrender to these novelties unconditionally, just because they are offered, without respect to their human consequences. ~Lewis Mumford

God never made his work for man to mend.
~John Dryden

It is a medium of entertainment which permits millions of people to listen to the same joke at the same time, and yet remain lonesome. ~T.S. Eliot, about radio

Technology... is a queer thing. It brings you great gifts with one hand, and it stabs you in the back with the other. ~C.P. Snow, New York Times, 15 March 1971

Don't get smart alecksy
With the galaxy
Leave the atom alone.
~E.Y. Harburg, "Leave the Atom Alone," 1957

The drive toward complex technical achievement offers a clue to why the U.S. is good at space gadgetry and bad at slum problems. ~John Kenneth Galbraith

The system of nature, of which man is a part, tends to be self-balancing, self-adjusting, self-cleansing. Not so with technology. ~E.F. Schumacher, Small is Beautiful, 1973

I am sorry to say that there is too much point to the wisecrack that life is extinct on other planets because their scientists were more advanced than ours. ~John F. Kennedy

The most important and urgent problems of the technology of today are no longer the satisfactions of the primary needs or of archetypal wishes, but the reparation of the evils and damages by the technology of yesterday. ~Dennis Gabor, Innovations: Scientific, Technological and Social, 1970

This is perhaps the most beautiful time in human history; it is really pregnant with all kinds of creative possibilities made possible by science and technology which now constitute the slave of man - if man is not enslaved by it. ~Jonas Salk

Never trust anything that can think for itself if you can't see where it keeps its brain. ~J.K. Rowling

As far as I'm concerned, progress peaked with frozen pizza. ~From the movie Die Hard 2, spoken by the character John McClane regarding technological advances, screenplay by Steven E. de Souza and Doug Richardson, based on the novel 58 Minutes by Walter Wager

I like my new telephone, my computer works just fine, my calculator is perfect, but Lord, I miss my mind! ~Author Unknown

The production of too many useful things results in too many useless people. ~Karl Marx

The saddest aspect of life right now is that science gathers knowledge faster than society gathers wisdom. ~Isaac Asimov, Isaac Asimov's Book of Science and Nature Quotations, 1988

When a machine begins to run without human aid, it is time to scrap it - whether it be a factory or a government. ~Alexander Chase, Perspectives, 1966

We are becoming the servants in thought, as in action, of the machine we have created to serve us. ~John Kenneth Galbraith

I'm struck by the insidious, computer-driven tendency to take things out of the domain of muscular activity and put them into the domain of mental activity. The transfer is not paying off. Sure, muscles are unreliable, but they represent several million years of accumulated finesse. ~Brian Eno, Wired, January 1999

Use of advanced messaging technology does not imply an endorsement of western industrial civilization. ~Anonymous email sig line

Once upon a time we were just plain people. But that was before we began having relationships with mechanical systems. Get involved with a machine and sooner or later you are reduced to a factor. ~Ellen Goodman, "The Human Factor," The Washington Post, January 1987

I think I should not go far wrong if I asserted that the amount of genuine leisure available in a society is generally in inverse proportion to the amount of labor-saving machinery it employs. ~E.F. Schumacher

Technology presumes there's just one right way to do things and there never is. ~Robert M. Pirsig

It is difficult not to wonder whether that combination of elements which produces a machine for labor does not create also a soul of sorts, a dull resentful metallic will, which can rebel at times. ~Pearl S. Buck

The real problem is not whether machines think but whether men do. ~B.F. Skinner, Contingencies of Reinforcement, 1969

The machine does not isolate man from the great problems of nature but plunges him more deeply into them. ~Saint-Exupéry, Wind, Sand, and Stars, 1939

What the country needs are a few labor-making inventions. ~Arnold Glasow

Humanity is acquiring all the right technology for all the wrong reasons. ~R. Buckminster Fuller

The greatest task before civilization at present is to make machines what they ought to be, the slaves, instead of the masters of men. ~Havelock Ellis

The factory of the future will have only two employees, a man and a dog. The man will be there to feed the dog. The dog will be there to keep the man from touching the equipment. ~Warren G. Bennis

It is questionable if all the mechanical inventions yet made have lightened the day's toil of any human being. ~John Stuart Mill

Any sufficiently advanced technology is indistinguishable from magic. ~Arthur C. Clarke

You cannot endow even the best machine with initiative; the jolliest steam-roller will not plant flowers. ~Walter Lippmann

We live in a society exquisitely dependent on science and technology, in which hardly anyone knows anything about science and technology. ~Carl Sagan

Where there is the necessary technical skill to move mountains, there is no need for the faith that moves mountains. ~Eric Hoffer

We've arranged a civilization in which most crucial elements profoundly depend on science and technology. We have also arranged things so that almost no one understands science and technology. This is a prescription for disaster. We might get away with it for a while, but sooner or later this combustible mixture of ignorance and power is going to blow up in our faces. ~Carl Sagan

Civilization advances by extending the number of important operations which we can perform without thinking of them. ~Alfred North Whitehead

Education makes machines which act like men and produces men who act like machines. ~Erich Fromm

Some people worry that artificial intelligence will make us feel inferior, but then, anybody in his right mind should have an inferiority complex every time he looks at a flower. ~Alan C. Kay

Lo! Men have become the tools of their tools. ~Henry David Thoreau

For a list of all the ways technology has failed to improve the quality of life, please press three. ~Alice Kahn

The real danger is not that computers will begin to think like men, but that men will begin to think like computers. ~Sydney J. Harris

WhatSize for Mac

2007-12-19T13:04:00.001-08:00

WhatSize is a shareware tool that allows the user to quickly measure the size in bytes of a given folder and all subfolders and files within it. You would be surprised at how many useless files might be laying around on your hard disks. The files and folders are automatically sorted by size, with the biggest sizes first.

While the app is measuring a folder the user can browse the files within that folder and immediately see the size in bytes. Hidden files, cache files, directories will all show up with their corresponding size.

Once the measuring of a folder has ended the user can also view the information by filtering for particular file sizes or types. The user can also move unwanted files and folders in the corresponding Trash bin similar to the Finder’s Delete button.

Developed in Cocoa, Objective-C, the application makes use of multithreading, low level UNIX file system APIs, C programming and Obj-C method implementation(IMP) caching to achieve speed, low memory footprint and stability, unmatched by other tools.

Use it free as long as you wish or purchase a license for $12.99 to support development and have access to the System Administrator functionality.

create user syntax for mysql

2007-11-30T18:42:00.000-08:00

1. CREATE USER user [IDENTIFIED BY [PASSWORD] 'password']

Then u'll have to do the grants for the db

2. Grant all on .* to user

Turn Off Archiving in Oracle

2007-11-29T16:33:00.000-08:00

Shutdown edit pfile / spfile (spfile when instance is up of course) to say log_archive_start = false.

startup mount

alter database noarchivelog;

alter database open;

Chmox CHM reader for Mac

2007-11-25T13:07:00.000-08:00

Chmox is a viewer for Microsoft Help "CHM" (a.k.a. Compiled HTML) files and ebooks. It uses Cocoa, WebKit, and chmlib.

This product is designed to run on the following operating systems:
Mac OS X 10.4 Intel
Mac OS X 10.4 PPC
Mac OS X 10.3.9

It is an alternate to chimp

and can be downloaded from http://chmox.sourceforge.net/

Tinkertool for Mac

2007-11-17T11:20:00.000-08:00

TinkerTool is an application that gives you access to additional preference settings Apple has built into Mac OS X. This allows to activate hidden features in the operating system and in some of the applications delivered with the system.

The tool makes sure that preference changes can only affect the current user. You don't need administrative privileges to use the tool. With this design, it is no problem to use TinkerTool in professional networks where users have restricted permissions. The program will never change any component of the operating system, so the integrity of your system is not put at risk, and there will be no negative effect on system updates.

All preference settings changed by TinkerTool can be reset to Apple's defaults, or to the state that existed before using the tool. No dangerous background processes are used for TinkerTool's operation.

TinkerTool is electronically distributed software. You can download the product free of charge from http://www.bresink.de/osx/0TinkerTool/download.html

Easy way to hack the iPhone 1.02 or 1.1.1

2007-10-26T17:34:00.000-07:00

The way to unlock the iphone is neither the simplest or the most straight forward method. An alternate and much simpler way is to use iNdependence_v1.2.5 which can be downloaded here

Use iNdependence to actiavte and jaibreak your iPhone. Then install anySIM through iNdependence and use it to unlock your phone. anySim is available from gizmodo

How To HAck the iPhone Firmware 1.1.1

2007-10-18T01:29:00.001-07:00

-- DO NOT FOLLOW THESE INSTRUCTIONS IF YOU HAVE EVER MODIFIED YOUR BASEBAND --

INTRODUCTION

Jailbreaking iPhone software v1.1.1 is an involved process, but can be
accomplished with the documentation here. The following steps will be
explained in-depth. Please read them thoroughly before proceeding.

0. Downgrading to 1.0.2 (if necessary)
1. Preparing the iPhone for a jailbroken update
2. Performing a software update, leaving you with a jailbroken v1.1.1
3. Forcing v1.1.1 to mount read-write so you can access it
4. Installing SSH and BSD world
5. Activating with a Non-ATT SIM
6. Patching SpringBoard to allow third-party applications
7. Clean-up

STEP 0: DOWNGRADING TO 1.0.2

Certain steps must be run prior to upgrading to v1.1.1. If you have already
upgraded to v1.1.1, follow these steps to downgrade back to v1.0.2.

1. Make sure you have a copy of the v1.0.2 firmware handy. It can be downloaded
here: http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-3823.20070821.vormd/iPhone1,1_1.0.2_1C28_Restore.ipsw

2. With the iPhone turned on, hold down the POWER and HOME buttons
simultaneously for ten seconds (until the screen goes dark). Then release
POWER while CONTINUING TO HOLD DOWN HOME for another 15 seconds.

At this stage, the iPhone WILL APPEAR TO BE POWERED DOWN, but it is actually
in a special type of recovery mode allowing software downgrades. If you
see the "Connect to iTunes" icon, you've placed the phone into the wrong
recovery mode, and will need to try again.

3. While continuing to hold HOME, launch iTunes. You should be prompted to
restore your iPhone. If your iPhone instead boots up, then you powered it
down instead of putting it into downgrade mode, so give step 2 another try.

Once iTunes is up, you can now release HOME. You will be prompted to
restore your iPhone (if you are not, try step 2 again). Hold down the
OPTION key (or SHIFT if you're running Windows) and click RESTORE.
You will then be prompted with a file selection window allowing you to
select a firmware file. Select the 'iPhone1,1_1.0.2_1C28_Restore.ipsw'
file you downloaded in step 1, and begin the restore.

4. After the restore is complete, you'll be told that the process failed, and
the iPhone will be in recovery mode. This is normal. Grab a copy of
NullRiver's Installer.app from http://iphone.nullriver.com/beta/ and
attempt to install the Installer.app. This will cause your phone to boot
again, however the installation of Installer.app will fail (it's OK).

5. Congratulations, you're now back at 1.0.2. You'll need to get shell access
to move onto the next step. Since you have Installer.app right there,
just run the installer again. This time it should succeed. Now activate.

Drudge has prepared a package called Trip1Prepz, which is designed
for people having to downgrade. It will perform all the necessary
preparations from STEP 1 without needing to set SSH back up, etcetera.

After Installer.app has been installed, go to this URL in Safari:
http://conceitedsoftware.com/iphone/beta

This will prompt you to add a community source to Installer. Once you've
done this, you should see Trip1Prepz listed as a package. BEFORE
INSTALLING IT, connect to iTunes, and ensure that you have an 'update' or
'check for updates' button. This is important, because once you install
Trip1Prepz, iTunes will no longer give you an option to update, but
only restore.

Once you're up in iTunes, stay connected and install Trip1Prepz from
Installer.app.

NOW SKIP "STEP 1: PREPARING THE IPHONE FOR A JAILBROKEN UPDATE" COMPLETELY!

Alternatively, if you don't want to use Trip1Prepz, you'll need to
get going again with SSH and BSD world. This method will require that you
DO execute the preparation steps in step 1.

To do it this way, use Installer.app and install the "Community Sources"
package. This will add the "OpenSSH" package to the installer manifest.
Now install BSD Subsystem then OpenSSH and you should be able to get back
into your iPhone (root password is dottie). You'll also want to add
BSD Subsystem. Now move onto the steps below (do not skip them in this case).

STEP 1: PREPARING THE IPHONE FOR A JAILBROKEN UPDATE

NOTE: This step requires you to be at iPhone software v1.0.2. If you are
not, please see STEP 0: DOWNGRATING TO 1.0.2 before proceeding.

Before upgrading to v1.1.1, some preparations must be made. The v1.1.1
update re-jails the iPhone. We're going to use a little hack which will
keep 1.1.1 from being able to jail once you upgrade.

The way this hack works is this: An "update" in iTunes is unlike a "restore",
in that the /private/var partition is preserved. The iPhone jails itself
to /private/var/root/Media. We're going to move Media out of the way and
replace it with a symlink to /. This fools v1.1.1 into jailing to /, which
really is no jail at all. This will allow us to access the root filesystem,
which we're going to throw into read-write mode later on.

1. Connect the iPhone to iTunes! It is critical that iTunes already
recognize your phone and that you have the "update" button available to you
BEFORE making the changes below. This is because executing the steps below
will otherwise cause iTunes to go into recovery mode, which will NOT WORK
with this jailbreak. Open iTunes, and if you have a "Check for Updates"
button, click it. You will be prompted to upgrade to 1.1.1. Tell iTunes
to "Download Only"; DO NOT click "Download and Install".

Once you see the "update" button, DONT CLICK IT, but continue to step 2.

2. While still connected to iTunes, SSH into your iPhone while still at
version 1.0.2. If you don't have SSH set up, see STEP 0's steps four and
five to install OpenSSH.

Now execute the following commands:

mv /var/root/Media /var/root/Media.old
ln -s / /var/root/Media

Your Media folders should now look like this:

lrwxr-xr-x 1 root wheel 1 Oct 10 12:06 Media -> /
drwxr-x--- 7 root wheel 272 Oct 10 10:51 Media.old

If it doesn't look like this, try again.

3. If you plan on activating later using a Non-AT&T SIM (or without iTunes),
you'll want to back up your existing copy of the lockdownd binary
(we'll use these later)...

cp /usr/libexec/lockdownd /var/root/lockdownd.1.0.2

STEP 2: PERFORMING A SOFTWARE UPDATE

Now that you've symlinked Media -> /, you are ready to perform an update to
1.1.1. This MUST BE DONE WITH THE UPDATE BUTTON, and NOT the restore button.
The update process preserves your /private/var partition, while the restore
blows it away (which will just re-jail you).

Click the UPDATE button in iTunes, and upgrade to 1.1.1

If you didn't listen and shut iTunes, you may no longer have an update button.
If this is the case, you'll need to delete the symlink, put Media back,
start iTunes, then repeat STEP 1 again.

STEP 3: FORCING READ-WRITE MODE

If you've followed the steps properly, your iPhone should now be jailbroken, but
not yet writable. To confirm this, shut down iTunes and use iPHUC to connect
to the iPhone. Run 'ls' and you should see the root folders (Applications,
System, etc). If you see iTunes_Control, then you've botched a step and
will need to start over at STEP 0.

Forcing read-write mode involves overwriting the part of the disk partition that
contains /etc/fstab. This is done by writing to /dev/rdisk0s1. The included
iphuc-jailbreak code supports a command called "putjailbreak" which does this.
After we overwrite the disk, we'll reboot and the iPhone will be mounted in
read-write!

1. Run iphuc:

Make sure iTunes is closed
killall iTunesHelper

- If you are on OSX/Intel: ./iphuc-jailbreak.osx
- If you are on OSX/PPC: ./iphuc-jailbreak.ppc
- If you are on Windows: ./iphuc-jailbreak.exe

NOTE: If you are using Windows, you'll need to grab an existing iPHUC
distribution to get all the remaining files

2. You should now be connected to your iPhone. Test this by running 'ls', and
make sure you see 'dev' among the list of directories. If you see
iTunes_Control, then you haven't jailbroken properly and will need to start
again from STEP 0.

3. We are now going to overwrite part of the disk partition with our payload
using the 2K file included in this distribution called rdisk0s1.
In iphuc, execute this command:

putjailbreak rdisk0s1 /dev/rdisk0s1

4. The upload should be relatively quick. Once finished, reboot your iPhone.
You're now in read-write mode, and jail broken! You can test this by
connecting again with iphuc after rebooting and running:

getfile /etc/fstab fstab

Open the file, and you should see the options for / to be 'rw' instead of
'ro'. If you still see 'ro', then something's gone wrong, try repeating
from step three.

STEP 4: INSTALLING SSH AND BSD WORLD

At this stage, you can crack shell on iPhone in the same way that you did
with 1.0.2. If you're using a Mac, the easiest way is using the iPhone
SSH Installer for Mac, which can be found here:

For Mac:
http://iphone.natetrue.com/iPhone_SSH_Install_for_Mac.zip

1. Just run iPhoneMacSSHInstall.sh in that package and it will walk you through
an automated install of SSH:

sh iPhoneMacSSHInstall.sh

The new root password for v1.1.1 is 'alpine', once it's finished:

ssh -l root iphone

Your SSH keys are likely to change, so if you get any errors about an
incorrect key, you can:

rm -f ~/.ssh/known_hosts

from your desktop's home directory and try again.

2. Once you're in, you will also want to install the BSD world. NerveGas has
built a new version of the BSD subsystem that doesn't require libarmfp.
Download and extract the following files:

http://iphone.natetrue.com/BSD_Base-2.0.tar.gz
http://iphone.natetrue.com/BSD_Extra-2.0.tar.gz

tar -zvxf BSD_Base-2.0.tar.gz
tar -zvxf BSD_Extra-2.0.tar.gz

Change into each of these directories and run:

cd BSD_Base
scp -r * root@[IPHONE IP]:/
cd ../BSD_Extra
scp -r * root@[IPHONE IP]:/

For Windows:

1. Follow the instructions here:
http://cre.ations.net/blog/post/howto-install-ssh-on-your-iphone

NOTE: If you download Nate True's iPhone SSH kit you will need to
grab iphoneinterface.exe from his latest iBrickr release to
actually make it work.

STEP 5: ACTIVATING WITH A NON-AT&T SIM

If you're using an AT&T SIM that will activate through iTunes, skip this
step and just activate through iTunes.

To activate with a non-AT&T SIM, we'll need to copy over that lockdownd
binary and activation certification we backed up when we were on v1.0.2
and do a little hackery, then copy the v1.1.1 lockdownd back when we're done.

NOTE: In order for afc to start, you must BOOT the phone with
lockdownd v1.1.1, so do not reboot the phone during this process. If
you have no choice, copy lockdownd v1.1.1 back after, then reboot
again to make sure afc comes up.

1. Back up v1.1.1's lockdownd:
cp /usr/libexec/lockdownd /var/root/lockdownd.1.1.1

Now overwrite the iPhone's copy with your old v1.0.2 copy:
cp /var/root/lockdownd.1.0.2 /usr/libexec/lockdownd

And upload the certificate included in this distribution:
scp iPhoneActivation.pem root@[IPHONE IP]:/System/Library/Lockdown/

Now:
killall lockdownd

This will restart lockdownd with v1.0.2's version

2. Download iASign from http://iphone.fiveforty.net/wiki/index.php/IASign

bunzip2 iASign-v0.2.tar.bz2
tar -xf iASign-v0.2.tar
cd iASign/bin

Overwrite iASign's iPhoneActivation.pem with the one provided in this package
cp /path/to/1.1.1-jailbreak/iPhoneActivation.pem /path/to/iASign/bin/

Now run: ./iASign.mac --automatic iPhoneActivation_private.pem

After a while, it should complete and say "New State: Activated", but it
doesn't really work. Don't worry, we're almost there!

3. Now copy the v1.1.1 lockdownd back and restart it:

cp /var/root/lockdownd.1.1.1 /usr/libexec/lockdownd
killall lockdownd

4. Run iAsign once more:

./iASign.mac --automatic iPhoneActivation_private.pem

It should look like this:
Activating...
InvalidActivationRecord
New State: Unactivated

Don't let iAsign fool you, the phone is now activated.

STEP 6: PATCHING SPRINGBOARD

The new version of SpringBoard has been hard-coded to allow only factory
applications to run. We've coded up a patcher that will fix this "bug",
and back up your original SpringBoard app.

1. Upload the springpatch binary included with this distribution:

scp springpatch root@[IPHONE IP]:/usr/bin

Then low into your iPhone and run it:

$ springpatch

SpringBoard Patcher for iPhone v1.1.1
Brought to you by the iPhone Dev Team
Successfully patched /System/Library/CoreServices/SpringBoard.app/SpringBoard
Original backed up to:
/System/Library/CoreServices/SpringBoard.app/SpringBoard.original.
Please reboot your iPhone or kill springboard for changes to take effect.

If it exits successfully, you can now restart SpringBoard to enable third
party applications:

killall SpringBoard

2. You will need to list at least one application in:

/System/Library/CoreServices/SpringBoard.app/M68AP.plist

This is the new "DisplayOrder.plist". The application MUST be placed just
before the MobileStore application. The reason for this is that MobileStore
is placed at the end of the Springboard to specifically hide other
applications. Adding at least one application appears to break free from
this.

For example, if you have installed NES.app, your M68AP.plist will be modified
to look like:

displayIdentifier
com.natetrue.iphone.nesapp

displayIdentifier
com.apple.MobileStore

STEP 7: CLEAN UP

You've now successfully jailbroken your iPhone and set up shop. Congratulations!

Before you can sync, you will need to remove the symlink you created:

rm /var/root/Media
mv /var/root/Media.old /var/root/Media

That's it!

- iPhone/iTouch Dev Team

uncover a lost product key for Windows

2007-09-19T23:01:00.001-07:00

There are several methods you can use to uncover a lost product key for a version of Windows that you currently have installed.

For older versions of Windows you can extract the product key from the Windows Registry. Click Start | Run and then type regedit and click OK.

For Windows 95 and Windows 98, browse to this key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProductID
For Windows NT 4.0, browse to this key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductID
Alternatively, there are also some free scripts and freeware software programs that can help you:

Magical Jelly Bean Keyfinder: This is probably the best tool for this task. In addition to finding and identifying product keys for Windows 95/98/ME/NT/2000/XP, it can also uncover product keys for installed versions of Microsoft Office.
Windows Key Finders: This is actually a group of tools that can be used for unearthing product keys for different versions of Windows.
Belarc Advisor: This free utility builds a detailed profile of your installed software and hardware. (As suggested in the discussion thread by ShadyHouse).
Whichever method you use, make sure you write down the product key and put it in a safe place for future reference.

Nothing comes Free!!!

2007-08-23T22:48:00.001-07:00

One of my friends started a company and I registered a free website with Microsoft Office Live. Well turns out its not so free after all. Today I got a mail (snail mail) from Capital One for a business credit card for a small business owner.

The mail was addressed to the company name and my address.

Now the only place where I gave both the company name and my address was at the microsoft site when I signed up. So how did capital one get the info.

Here comes the best news. I cant unsubscribe or delete the site from the free service.

Maybe I didnt read the fine print where Microsoft (maybe) said that it would share information or maybe microsoft did not share the information. But it sure does leave bad taste in the mouth

Convert pdf to html - free

2007-08-22T19:09:00.000-07:00

If the Adobe PDF file is on local media, such as a hard drive, CD-ROM, or internal server, it can be submitted as a MIME attachment to an e-mail message. All converted Adobe PDF documents will be sent back to the sender as MIME attachments. For plain text, mail the attached PDF to pdf2txt@adobe.com. For HTML, mail the attached PDF to pdf2html@adobe.com.

To convert a pdf file on the web to a html format, go to http://www.adobe.com/products/acrobat/access_onlinetools.html and provide the url for the pdf file

Blackberry vs iphone

2007-08-20T20:55:00.000-07:00

Found this stuff at http://www.techcrunch.com/2007/07/25/iphone-v-blackberry-side-by-side-two-week-comparison/

With the Wi-Fi-equipped BlackBerry 8820 coming soon to an AT&T store near you, business folks around the country will be faced with the decision of switching to the trendy new iPhone or upgrading to a more iPhonesque version of their trusty CrackBerry. To determine whether the grass really is greener on the iPhone side of the fence, we have chronicled the experience of a venture capitalist (who wishes to remain anonymous) who has been using an iPhone and a BlackBerry 8800 side-by-side for the past few weeks. His conclusion: despite the overall attractiveness of the iPhone, it lacks too many vital features to replace the BlackBerry as the corporate weapon of choice.

For starters, a BlackBerry set up with Microsoft Exchange Server sports intelligent push email while the iPhone does not. When an email is sent to an account on a BlackBerry, the message is downloaded immediately and an LED on the phone notifies the user that he or she has a new message. The iPhone, on the other hand, recognizes new messages at most every 15 minutes and must be checked actively to see if anything has arrived. This deficiency makes handling email on the iPhone slower and less efficient; it also translates into wasted battery power as users need to perform the extra step of opening the iPhone’s email program every time they want to check for new mail.

Perhaps even more significantly, the iPhone fails to synchronize as well as the BlackBerry. When a BlackBerry user changes a calendar event or some contact information on his or her desktop computer in Exchange, the changes automatically appear on the BlackBerry. This makes keeping track of basic business information a snap because one never has to worry about acting on outdated data or manually updating one’s handheld. In contrast, the iPhone does not synchronize calendar and contact information wirelessly, which makes it less dependable for information ultimately stored on a server.

In addition to these major drawbacks of the iPhone, our venture capitalist cites the following as reasons to prefer the BlackBerry:

The BlackBerry 8800 possesses GPS, which makes Google Maps much more useful, especially for turn-by-turn directions
The iPhone lacks basic cut and paste capabilities
Despite Apple’s reputation for superior user interface design, the BlackBerry possesses keyboard shortcuts that make navigation around and between applications a breeze
The BlackBerry’s phone quality is better than the iPhone’s
The Safari browser is certainly more stunning than the BlackBerry’s primitive browser, but the iPhone seems to load even text-only pages more slowly than the BlackBerry over the EDGE network
The BlackBerry possesses a general contacts application that makes contacting people by any given method more convenient
The battery runs out faster on the iPhone simply because it is used for more tasks. This makes it less reliable for when one must take the device somewhere overnight without the opportunity to recharge.
Despite all of these criticisms of the iPhone, our venture capitalist admits that he would switch over to the iPhone if only it supported push email, calendar and contacts synchronization, and GPS. For him, the prospect of ridding his pockets of a separate device for music (an iPod nano), as well as enjoying all of the iPhone’s slick features (such as full-featured web browsing, stocks and weather apps, and its YouTube program), makes the iPhone very tempting. However, until Apple resolves these shortcomings (and perhaps Google makes its applications, especially Gmail, work as seamlessly with the iPhone as Microsoft makes Exchange work with the BlackBerry), others are going to have to pry his BlackBerry from his cold, dead hands (his words, mind you, not ours).

Sitemeter ....

2007-08-20T15:42:00.001-07:00

I used sitemeter till today - not anymore. Reason the following content I found on http://michaelsync.net/2007/04/11/things-you-should-know-before-using-sitemeter/

It’s so sad for me to hear that SiteMeter, a well-known web stats providers, is pushing specificclick tracking and advertising cookies on to visitors of sites using their service. (You may already heard about this since it was happened last month.) For me, that news is pretty new. Actually, I came to know about this when I read this post in Wordpress Support Forum.

When it was started?

Actually, nobody noticed about specificclick tracking or cookies of SiteMeter before StatCounter published this post “StatCounter Says NO!” as below in their Official blog on March 25, 2007.

A few months back, StatCounter was approached by an advertiser, offered lots of $$$, and asked to include a spyware cookie on all of our member sites…we refused on the spot.

You install StatCounter to track visitors to your site NOT to open yourself and your visitors up to being spied upon by phantom advertising corporations.

It appears, however, that other players in the world of webstats were happy to take up this offer…

We were shocked to discover just today that another well known stats provider is allowing up to 9 cookies to be installed in the browser of every visitor that hits one of their member websites. This means that the provider is making money by transmitting data on you and your visitors to a third party advertiser. Not only that, but to add insult to injury, the cookies are causing the member websites to load very slowly too.

But StatCounter didn’t mention the exact name of web stats provider.

Sitemeter?

Eric Odom came up with this post as below after doing some reaseaches on different stat trackers.

I use several different stat trackers on all of my sites and blogs, so naturally, I went on a frantic hunt to figure out who had sold out.

In comes Sitemeter…

I have indeed been able to confirm, on two of my own sites, that Sitemeter is sending specificclick cookies onto websites hosting the counter. I immediately removed the counter and now have all of my sites using StatCounter or Google Analytics.

Sitemeter has gone silent today. Not a peep has been mentioned on their blog, and so far my e-mail has not been responded to.

I certainly hope Sitemeter will confront this, bail out on the spam advertiser, and get back on track. If not, users will be sure there is hell to pay.

So yes, it has been confirmed, Sitemeter has apparently sold out to Spyware.

What a shame.

UPDATE: A Digger just e-mailed me the following information.

The parent company of specificclick.net is Specific Media. This was originally spotted by a Digger who noticed the Specific Media logo on the specificclick homepage, which oddly enough, has vanished from the web.

Another interesting tidbit as pointed out on Digg is that at the time of posting this, Sitemeter has NOT YET updated its privacy policy to reflect the deal they did with Specific Media.

I believe that there are a lot of people who are really disappointed with Sitemeter. I wonder how come Sitemeter wanna do like that. Money is an issue? I think, Money should not be an issue for them since they have really nice and popular service and they also have a lot of paid users. Anyway, they are gonna lost a lot of both free users or paid users because of that.

More here

Antivirus for Mac (Freeware)

2007-08-20T15:17:00.000-07:00

I suppose Norton is the household name for antivirus but its not free. I know scores of free antivirus programs for the Windows platform but didnt know of any free antivirus for Mac. A quick search in google landed me at http://www.clamxav.com/index.php

From the site:

ClamXav is a free virus checker for Mac OS X. It uses the tried, tested and very popular ClamAV open source antivirus engine as a back end.

Back in the days before OS X, the number of viruses which attacked Macintosh users totalled somewhere between about 60 and 80. Today, the number of viruses actively attacking OS X users is...NONE! However, this doesn't mean we should get complacent about checking incoming email attachments or web downloads, for two reasons. Firstly, there's no guarantee that we Mac users will continue to enjoy the status quo, but more importantly, the majority of the computing world use machines running MS Windows, for which an enormous quantity of viruses exist, so we must be vigilant in checking the files we pass on to our friends and colleagues etc. For example, if you're a wise person and you've turned MS Office's macro support off then you're not going to notice that virus which is hiding inside this month's edition of Extreme Ironing.doc which your friend sent you. If you then forward that document to a less wise person who has not turned off the macro support, then you have most likely just sent him a shiny new Pandora's Box with a sign saying "Open this end"!

Flippancy aside, I'm sure you get the idea: check the file before opening and/or sending it on to someone else. This gives you the opportunity to avoid the file altogether or at least copy and paste any vital information into a new document and send that instead.

Don't forget, if you run VirtualPC you can still become infected and lose valuable data on your Mac even though technically you're running Windows inside a sandbox. VPC will run any application you tell it to, virus or no virus, it doesn't know the difference. You can protect yourself slightly by not using VPC's "shared folders", but that's a useful feature which you shouldn't have to be without.

I tried it out and it picked up a couple of viruses in my MS Excel. Unfortunately it did not clean them

CHM reader for Mac

2007-08-20T12:46:00.000-07:00

I keep getting stuck with windows apps and docs that I need but cant run on my mac. Well here's a way to open CHM files on the mac.

Chimp Publisher's Description:

Chimp lets you view all those pesky CHM files that are floating around. CHM stands for Compiled HTML, and it's used by Microsoft Windows for help files, documentation, magazines and eBooks. Chimp lets you open these files with the elegance and ease you'd expect from OS X.

Chimp features:

* Document-wide searching
* Document-wide printing
* Editable bookmarks

What's new in this version:

* Export to PDF (10.4 only)
* Spotlight indexing
* More compatible with unusually formatted files
* Bug fixes

http://www.spherasoft.com/chimp.html

Download from : http://www.spherasoft.com/download/chimp.dmg

HOW DO I DETECT AN IPHONE USER COMING TO MY SITE?

2007-08-19T14:15:00.000-07:00

Article I found on http://www.askdavetaylor.com/detect_apple_iphone_user_web_site_server.html

The key to detecting a browser type is to remember that there's an environment full of information transmitted with each query sent from the web browser to the server. It includes the obvious things like the requested data file (which can be an HTML document, GIF or JPEG image, AVI movie, FLV animation or related) and the IP address of the browser's computer, but it also includes a critical variable called HTTP_USER_AGENT.

Visit with a regular browser from a regular computer and you'll see something like this:

HTTP_USER_AGENT=Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)
Here you can see that I'm testing from Firefox (which identifies itself as Mozilla for historical reasons) running on Windows XP (though it's identifying it as Windows NT for some cockamainie reason) and that I'm also running .NET.

Grab that same environment value from a slick Apple iPhone query, though, and the values are quite a bit different:

HTTP_USER_AGENT=Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en)
AppleWebKit/420+ (KHTML, like Gecko) Version/3.0 Mobile/1C25 Safari/419.3
Pretty interesting reading if you're a geek: You can see where it's also identifying itself as Mozilla, but this time as Mozilla/5.0 rather than Mozilla/4.0. The string "iPhone" appears, which is what we'll key on, but notice also that it says that it's on a system with a "CPU like Mac OS X", just as we iPhone users have been suspecting for a while.

You can see the basic test we'll need to do here to ascertain if the visitor is using an iPhone or not: if their HTTP_USER_AGENT environment value contains the string "iPhone", we've got a match. Otherwise it's something else on some other device or computer.

You can do this test and act on it in a zillion different places, ranging from the actual Web server ruleset to JavaScript code to PHP conditional code to even having a separate "gateway" script page that everyone hits and redirects them to the iPhone or non-iPhone version of your Web page and site.

A JavaScript snippet might look like this:

var agent=navigator.userAgent.toLowerCase();
var is_iphone = ((agent.indexOf('iPhone')!=-1);
if (is_iphone) { conditional code goes here }
Rather do it as a shell script? Me too. Here's how I'd do that as a rudimentary Linux shell script:

#!/bin/sh

if [ ! -z "$(echo $HTTP_USER_AGENT | grep iPhone)" ] ; then
echo "Location: iphone/index.html"
else
echo "Location: index2.html"
fi
exit 0
You can also have the conditional directly in CSS itself, if you're really into cryptic notations:

The basic idea in either case is that once you have detected that they're running an iPhone, you can modify what you deliver to them, either changing what's on the page, perhaps giving them a completely different version of the page, or even taking them to a different site entirely.

IP Spoofing

2007-08-19T00:44:00.000-07:00

Nice article on IP Spoofing (From http://www.securityfocus.com/infocus/1674 )

Criminals have long employed the tactic of masking their true identity, from disguises to aliases to caller-id blocking. It should come as no surprise then, that criminals who conduct their nefarious activities on networks and computers should employ such techniques. IP spoofing is one of the most common forms of on-line camouflage. In IP spoofing, an attacker gains unauthorized access to a computer or a network by making it appear that a malicious message has come from a trusted machine by “spoofing” the IP address of that machine. In this article, we will examine the concepts of IP spoofing: why it is possible, how it works, what it is used for and how to defend against it.

History

The concept of IP spoofing, was initially discussed in academic circles in the 1980's. While known about for sometime, it was primarily theoretical until Robert Morris, whose son wrote the first Internet Worm, discovered a security weakness in the TCP protocol known as sequence prediction. Stephen Bellovin discussed the problem in-depth in Security Problems in the TCP/IP Protocol Suite, a paper that addressed design problems with the TCP/IP protocol suite. Another infamous attack, Kevin Mitnick's Christmas Day crack of Tsutomu Shimomura's machine, employed the IP spoofing and TCP sequence prediction techniques. While the popularity of such cracks has decreased due to the demise of the services they exploited, spoofing can still be used and needs to be addressed by all security administrators.

Technical Discussion

To completely understand how these attacks can take place, one must examine the structure of the TCP/IP protocol suite. A basic understanding of these headers and network exchanges is crucial to the process.

Internet Protocol – IP

Internet protocol (IP) is a network protocol operating at layer 3 (network) of the OSI model. It is a connectionless model, meaning there is no information regarding transaction state, which is used to route packets on a network. Additionally, there is no method in place to ensure that a packet is properly delivered to the destination.

Examining the IP header, we can see that the first 12 bytes (or the top 3 rows of the header) contain various information about the packet. The next 8 bytes (the next 2 rows), however, contains the source and destination IP addresses. Using one of several tools, an attacker can easily modify these addresses – specifically the “source address” field. It's important to note that each datagram is sent independent of all others due to the stateless nature of IP. Keep this fact in mind as we examine TCP in the next section.

Transmission Control Protocol – TCP

IP can be thought of as a routing wrapper for layer 4 (transport), which contains the Transmission Control Protocol (TCP). Unlike IP, TCP uses a connection-oriented design. This means that the participants in a TCP session must first build a connection - via the 3-way handshake (SYN-SYN/ACK-ACK) - then update one another on progress - via sequences and acknowledgements. This “conversation”, ensures data reliability, since the sender receives an OK from the recipient after each packet exchange.

As you can see above, a TCP header is very different from an IP header. We are concerned with the first 12 bytes of the TCP packet, which contain port and sequencing information. Much like an IP datagram, TCP packets can be manipulated using software. The source and destination ports normally depend on the network application in use (for example, HTTP via port 80). What's important for our understanding of spoofing are the sequence and acknowledgement numbers. The data contained in these fields ensures packet delivery by determining whether or not a packet needs to be resent. The sequence number is the number of the first byte in the current packet, which is relevant to the data stream. The acknowledgement number, in turn, contains the value of the next expected sequence number in the stream. This relationship confirms, on both ends, that the proper packets were received. It’s quite different than IP, since transaction state is closely monitored.

Consequences of the TCP/IP Design

Now that we have an overview of the TCP/IP formats, let's examine the consequences. Obviously, it's very easy to mask a source address by manipulating an IP header. This technique is used for obvious reasons and is employed in several of the attacks discussed below. Another consequence, specific to TCP, is sequence number prediction, which can lead to session hijacking or host impersonating. This method builds on IP spoofing, since a session, albeit a false one, is built. We will examine the ramifications of this in the attacks discussed below.

Spoofing Attacks

There are a few variations on the types of attacks that successfully employ IP spoofing. Although some are relatively dated, others are very pertinent to current security concerns.

Non-Blind Spoofing

This type of attack takes place when the attacker is on the same subnet as the victim. The sequence and acknowledgement numbers can be sniffed, eliminating the potential difficulty of calculating them accurately. The biggest threat of spoofing in this instance would be session hijacking. This is accomplished by corrupting the datastream of an established connection, then re-establishing it based on correct sequence and acknowledgement numbers with the attack machine. Using this technique, an attacker could effectively bypass any authentication measures taken place to build the connection.

Blind Spoofing

This is a more sophisticated attack, because the sequence and acknowledgement numbers are unreachable. In order to circumvent this, several packets are sent to the target machine in order to sample sequence numbers. While not the case today, machines in the past used basic techniques for generating sequence numbers. It was relatively easy to discover the exact formula by studying packets and TCP sessions. Today, most OSs implement random sequence number generation, making it difficult to predict them accurately. If, however, the sequence number was compromised, data could be sent to the target. Several years ago, many machines used host-based authentication services (i.e. Rlogin). A properly crafted attack could add the requisite data to a system (i.e. a new user account), blindly, enabling full access for the attacker who was impersonating a trusted host.

Man In the Middle Attack

Both types of spoofing are forms of a common security violation known as a man in the middle (MITM) attack. In these attacks, a malicious party intercepts a legitimate communication between two friendly parties. The malicious host then controls the flow of communication and can eliminate or alter the information sent by one of the original participants without the knowledge of either the original sender or the recipient. In this way, an attacker can fool a victim into disclosing confidential information by “spoofing” the identity of the original sender, who is presumably trusted by the recipient.

Denial of Service Attack

IP spoofing is almost always used in what is currently one of the most difficult attacks to defend against – denial of service attacks, or DoS. Since crackers are concerned only with consuming bandwidth and resources, they need not worry about properly completing handshakes and transactions. Rather, they wish to flood the victim with as many packets as possible in a short amount of time. In order to prolong the effectiveness of the attack, they spoof source IP addresses to make tracing and stopping the DoS as difficult as possible. When multiple compromised hosts are participating in the attack, all sending spoofed traffic, it is very challenging to quickly block traffic.

Misconceptions of IP Spoofing

While some of the attacks described above are a bit outdated, such as session hijacking for host-based authentication services, IP spoofing is still prevalent in network scanning and probes, as well as denial of service floods. However, the technique does not allow for anonymous Internet access, which is a common misconception for those unfamiliar with the practice. Any sort of spoofing beyond simple floods is relatively advanced and used in very specific instances such as evasion and connection hijacking.

Defending Against Spoofing

There are a few precautions that can be taken to limit IP spoofing risks on your network, such as:

Filtering at the Router - Implementing ingress and egress filtering on your border routers is a great place to start your spoofing defense. You will need to implement an ACL (access control list) that blocks private IP addresses on your downstream interface. Additionally, this interface should not accept addresses with your internal range as the source, as this is a common spoofing technique used to circumvent firewalls. On the upstream interface, you should restrict source addresses outside of your valid range, which will prevent someone on your network from sending spoofed traffic to the Internet.

Encryption and Authentication - Implementing encryption and authentication will also reduce spoofing threats. Both of these features are included in Ipv6, which will eliminate current spoofing threats. Additionally, you should eliminate all host-based authentication measures, which are sometimes common for machines on the same subnet. Ensure that the proper authentication measures are in place and carried out over a secure (encrypted) channel.

Conclusion

IP Spoofing is a problem without an easy solution, since it’s inherent to the design of the TCP/IP suite. Understanding how and why spoofing attacks are used, combined with a few simple prevention methods, can help protect your network from these malicious cloaking and cracking techniques.

Free Web Hosting

2007-08-18T20:02:00.000-07:00

Free Webspace" is a directory list of free web hosting providers (free hompage hosting sites), with over 300 of the best free web space hosting sites with reviews, testimonials, and ratings, and is updated daily. To find a free web page hosting service that fits your needs, use the Search box on their site. If you need special web hosting features for your free web space, such as FrontPage server extensions, PHP, CGI, ASP, MySQL databases, etc., try their Advanced Free Web Hosting Search. The web hosting review page for each free website hosting company listed will allow you to read the reviews and ratings by others, or give your own. The newest additions to our searchable database of free webhosting providers are in a list below. The Linux web hosting for this website is now hosted on a fast dedicated server hosting, to serve you better.

http://www.free-webhosts.com/

public proxies

2007-08-18T19:47:00.001-07:00

Proxy Servers

A proxy server is a kind of buffer between your computer and the Internet resources you are accessing. They accumulate and save files that are most often requested by thousands of Internet users in a special database, called “cache”. Therefore, proxy servers are able to increase the speed of your connection to the Internet. The cache of a proxy server may already contain information you need by the time of your request, making it possible for the proxy to deliver it immediately. The overall increase in performance may be very high. Also, proxy servers can help in cases when some owners of the Internet resources impose some restrictions on users from certain countries or geographical regions. In addition to that, among proxy servers there are so called anonymous proxy servers that hide your IP address thereby saving you from vulnerabilities concerned with it.

Anonymous Proxy Servers

Anonymous proxy servers hide your IP address and thereby prevent unauthorized access to your computer through the Internet. They do not provide anyone with your IP address and effectively hide any information about you and your reading interests. Besides that, they don’t even let anyone know that you are surfing through a proxy server. Anonymous proxy servers can be used for all kinds of Web-services, such as Web-Mail (MSN Hot Mail, Yahoo mail), web-chat rooms, FTP archives, etc. ProxySite.com - a place where the huge list of public proxies is compiled. In a database you always can find the most modern lists, the Proxy are checked every minute, and the list is updated daily from various sources. The system uses the latest algorithm for set and sortings of servers by proxy, servers for anonymous access are checked. Results of Search always can be kept in file Excel.

Why Should You Use Anonymous Proxy Servers?

Any web resource you access can gather personal information about you through your unique IP address – your ID in the Internet. They can monitor your reading interests, spy upon you and, according to some policies of the Internet resources, deny accessing any information you might need. You might become a target for many marketers and advertising agencies who, having information about your interests and knowing your IP address as well as your e-mail, will be able to send you regularly their spam and junk e-mails.

A web site can automatically exploit security holes in your system using not-very-complex, ready-made, free hacking programs. Some of such programs may just hang your machine, making you reboot it, but other, more powerful ones, can get access to the content of your hard drive or RAM. Everything a web site may need for that is only your IP address and some information about your operating system.

How to make money with Google Adsense

2007-08-18T18:13:00.000-07:00

Found a nice article about google adsense at http://www.trap17.com/index.php/google-adsense_t6544.html

Having used Google's Adsense program before, I know it's a great way to generate money from your website. Google Adsense Program offers you PPC Advertising, know as Pay Per Click, it's a great way for you to earn money for a website that would otherwise be sitting there, generating no money. I've decided to teach you a few steps and tips, on how to squeeze the most out Google Adsense. If you're successful, you could be raking out anywhere from 300 - 500 Dollars US a month. (Or even more)*~Drool~*

THE STEPS.

1.Register for a Google Adsense account, here

After you registered, it's time to play the waiting game. Google takes approx. 2 - 3 days to check your website, and see that it's got the right content, etc, etc... Here's a note, Google tends to not let Blog sites to participate in the Google Adsense Program, you'll understand why, later on.

2. Hopefully, you will now have a verified Google Adsense account. And you can log onto your Publisher's account.

3. Now, the money making begins, first of all, make sure that your site actually has VISITORS! If not, try to visit a traffic exchange site, or convince your siblings to visit it often. Customize your codes, and paste it onto your site.

THE DO'S AND DON'T OF GOOGLE ADSENSE.

1. Consistency is Good.

Google watches your account VERY closely, and if they notice that there's something "fishy" going on with your account, they say "Bye Bye" to your account. I still insist till today that I never did anything against the Google Rules and TOS. So, If you suddenly have a jump in the number of Clicks that you get, you might just get screwed over by Google. That's why you always want a steady stream of visitors, or else, you'll risk having your account suspended, like what happened to me.

2. Keywords are the KEY.
I mentioned earlier that Google tends to not accept blogs for the Adsense Program, here's why: Blog's as you know, give out a wide variety of information, one day, the author could be talking about Goose Repellent, the other he could be talking about Computers. The was Adsense works is that it scans your page for keywords, then applies those keywords into the advertisements, therefore, if you're website is all about Computers, you'll have computer-based ads, if it's about goose repellent, then, you'll, er, have goose repellent ads. The thing about ads, is, that they all aren't worth the same price per click. So to say, if you have a computer ad, and someone clicked on it, you'd probably get $2 for that, on the other hand, if you had a Goose Repellent site, you'd get 2 cents for that click. So, if you had a blog, then you could talk about certain keywords and you’d get more revenue, as opposed to a goose repellent site, which cant change their content.
Therefore, it's important that you maximize your revenue by using "expensive" keywords, such include:

Web Hosting - 2 - 8 dollars a click
Computers 1 -3 dollars a click

So, if you website is technology oriented, you’ll tend to get more money than those who use a Goose Repellent site.

In addition, Google checks the amount of times your page uses a certain words therefore, if you have the word “cpu” 100 times on a site, it’s very likely that your advertisement will inceldue something that has to do with CPU’s.

You can use this handy Keyword density checker to see how many words and stats on you keyword density of a website. http://www.ranks.nl/tools/spider.html. Limit is a 40k website.

3. DO NOT click on your own ads.
Seriously, if you click on your own ads, Google automatically logs you IP address, and then it notifies a moderator, then, well, you’d be pretty screwed. Because you aren’t allowed to click on them, and if you’re the sneaky type, you’d go to computers with different IP’s and <- snipped -> yourself. It’s a good idea, but, again, Google also monitors how frequently the ads come from the same IP, therefore ,even if it’s not your computer, but you use it to click from it frequently, Google will notice, Google tends to go for a wide variety of IP’s to ensure that it is actually getting real visitors.

Hacker Alarm on Your Web Mail Box

2007-08-15T22:15:00.000-07:00

Nice article from washington post to identify if someone is reading our mail. Wonder if it will work on yahoo or gmail.

Read the article here

Oracle 10g on Tiger

2007-08-15T19:44:00.000-07:00

Taken from the orablog at http://www.orablogs.com/sergio/archives/000781.html

Installing Oracle Database 10g on Mac OS X
Recently Oracle and Apple announced the availability of Oracle Database 10g for Mac OS X. In in this — longer than usual — blog post, I document my experience installing the Oracle database on my Mac. In a subsequent post, I'll talk about my experience installing Oracle HTML DB. These instructions should not be considered a best practice, but they are steps that worked for me. I tried to incorporate as many screenshots as possible to help you when you are performing the install.

1. Hardware Requirements
The Quick Installation Guide states the following hardware requirements:
• 512 MB RAM
• 1GB or twice the size of RAM swap space
• 400MB of disk space in /tmp
• 2Gb disk space for software files
• 1.2Gb disk space for database files
I performed my installation on an iMac G5 with 1Gb of RAM and 160GB of disk.
2. Operating Sytems Requirements
Oracle Database 10g is only supported on Mac OS X Server. As I was just experimenting, I installed on regular OS X. There are no doubt minimum requirements. You can verify the version of Mac OS X, by executing the following command:
# sw_vers
Below is what I saw when I executed this.

3. Install Developer Tools
To install the Oracle database, you need a C compiler. I didn't have one installed, so I signed up for a (free) Apple Developer Connection (ADC) account to download the Developer tools. To do this, sign in to ADC then click on Download Software then Developer Tools. First, download and install Xcode Tools v1.1 then download and install Dec 2003 gccLongBranch Tools Installing Xcode 1.1

After installing these packages you, verify you have the correct version of gcc installed by issuing the following command:
# gcc -v
Make sure you have at least the version as shown below.

Mac OS X LeopardPreOrder Now. Free Shipping Lowest Price Guaranteed $129.00  www.Amazon.Com/Mac-Leopard

MactoolboxIphone, Ipod and macbook fixes. Apple pro's at your service.  www.mactoolbox.com

MerlinProfessional project management software for Mac OS X.  www.merlin2.net

GoToMeetingSave Time & Money w/ GoToMeeting Do More, Travel Less. Try Free Now!  www.GoToMeeting.com

4. Create Required User and Groups
The Quick Installation Guide suggests to start the Workgroup Manager. I didn't find one on my system, so I imagine this is a OS X Server thing. I used the command line instructions from the Database Installation Guide 10g for Mac OS X instead.
First, make sure you're root by executing in a Terminal:
# sudo sh

Determine Available Group ID
Execute the following command:
# nireport . /groups gid name | more
You'll see a list similar to the one below.
...
70 www
74 mysql
75 sshd
76 qtss
78 mailman
79 appserverusr
80 admin
81 appserveradm
99 unknown
...
Choose an unused group ID. I chose 600.
Create oinstall Group
Using the available group ID, create a group called oinstall by executing the following three commands:
# nicl . -create /groups/oinstall
# nicl . -append /groups/oinstall gid 600
# nicl . -append /groups/oinstall passwd "*"
Create dba Group
Repeat the steps above to determine another available group ID. I chose 601. Then, create a dba group by executing these commands:
# nicl . -create /groups/dba
# nicl . -append /groups/dba gid 601
# nicl . -append /groups/dba passwd "*"
Create the Oracle Software Owner User
First, find an unused user ID, or UID, by executing the following command:
# nireport . /users uid name | more
You'll see a list similar to the following:
...
27 postfix
70 www
71 eppc
74 mysql
75 sshd
76 qtss
77 cyrus
78 mailman
79 appserver
502 sleuniss
...
I chose 601 as an available UID. Create the oracle user by executing these commands. Substitiute the gid and uid you chose where appropriate:
# nicl . -create /users/oracle
# nicl . -append /users/oracle uid 601
# nicl . -append /users/oracle gid 600
# nicl . -append /users/oracle shell /bin/bash
# nicl . -append /users/oracle home /Users/oracle
# nicl . -append /users/oracle realname "Oracle software owner"

Here's what it looked like.

Next, add the oracle user to the dba group:
# nicl . -append /groups/dba users oracle
Create a home directory and change the owner and group:
# mkdir /Users/oracle
# chown oracle:oinstall /Users/oracle
Finally, set the password for the oracle user:
# passwd oracle

5. Create Required Directories
Based on the suggestions in the Quick Installation Guide, I created two directories, one for the Oracle software, and one for the datafiles. Strictly speaking two separate directories are not required here.
Create the Oracle Base Directory
Create the Oracle base directory as follows:
# mkdir -p /Volumes/u01/app/oracle
Create Directory for Datafiles
Create the directory for datafile as follows:
# mkdir -p /Volumes/u02/oradata
Change Groups and Permissions for Directories
Change the groups and permissions for the directories you just created by executing these commands:
# chown -R oracle:oinstall /Volumes/u01/app/oracle
# chown -R oracle:oinstall /Volumes/u02/oradata
then:

# chmod -R 775 /Volumes/u01/app/oracle
# chmod -R 775 /Volumes/u02/oradata
6. Configure Kernel Parameters
As is often the case when installing Oracle on Linux or other flavors or UNIX, certain kernel parameters will have to be adjusted for Oracle to run properly. The Quick Installation Guide specifies the proper minimum values.
To verify the kernel parameter values, execute:
# /usr/sbin/sysctl -a | grep corefile
# /usr/sbin/sysctl -a | grep sem
# /usr/sbin/sysctl -a | grep maxproc
Here's what I saw:

I only had to adjust two values by executing these commands:

To make these values stick, that is, presist after a reboot, edit /etc/sysctl.conf and add lines for values that need changing. I used vi to edit the file, but you can use any text editor.

Set Shell Limits
For performance reasons, shell limits need to be adjusted. Begin by navigating to the directory that contains the IPServices script.
# cd /System/Library/StartupItems/IPServices
Using any text editor, edit the file IPServices and add the following ulimit commands inside the StartService() function:
ulimit -Hu 2068
ulimit -Su 2068
ulimit -Hn 65536
ulimit -Sn 65536
Here's where I put them:

7. Configure Oracle User's Environment
The installer is run from the oracle user. Before you can run the installer, however, the environment for oracle has to be set properly.
Create .bash_profile
While logged in as oracle, I created a file called .bash_profile using a text editor.

Execute .bash_profile
Run the .bash_profile as follows:
oracle$ . ./.bash_profile
8. Add Hostname to /etc/hosts
Because I performed my installation on machine at home, which gets its IP address through DHCP from a wireless router, I had to make sure the installer could find this IP address by adding it to my /etc/hosts file. You may not need to do this, depending on how your machine is networked. If, during the install process, you see an error related to the installer not being able to determine the IP address, stop the installer, perform these steps and launch the installer again. As Root, edit the file /etc/hosts and add an entry with your hostname and IP address. I determined my IP address by executing the following commands as root:
sh-2.05b# hostname
sh-2.05b# ifconfig -a
The first command returned sergio-g5.local. The second returned configuration details for each network device in my iMac. The one I'm using is en1, an Airport card. The IP address for that is 192.168.0.5. So, I added a line to my /etc/hosts file to make it look like this:

9. Install Oracle
Download the Files
If you're like me and you don't have the CDs, you can download the necessary files from OTN. To install the database, you'll need the file ship_mac_db.cpio.gz While you're there, you might as well get the Companion CD, ship_mac_companioncd.cpio.gz and HTML DB 1.6 as well. I downloaded the files to the desktop while logged using my own account, so for the oracle user to access these files, I first moved the file from the Desktop to the /tmp directory and then copied them there to a stage directory in /Volumes/u01/app/oracle/, owned by oracle by executing the following commands from within a Terminal:

sleuniss% cd Desktop
sleuniss% mv ship_mac_db.cpio.gz /tmp
sleuniss% su - oracle
oracle$ mkdir /Volumes/u01/app/oracle/stage
oracle$ cd /Volumes/u01/app/oracle/stage
oracle$ cp /tmp/ship_mac_db.cpio.gz .

Uncompress the File
While in the stage directory, issue the following commands to uncompress the file:
oracle$ gunzip ship_mac_db.cpio.gz
oracle$ cpio -idm < ship_mac_db.cpio
When I did this, I was presented with a message after the first command, Operation not permitted. Not sure what that was about, but it seemed harmless.
Launch Installer
To launch the installer, run the script runInstaller in the Disk1 directory.
oracle$ cd Disk1
oracle$ ./runInstaller

Keep clicking Next until you are asked to run a script as root. To do so, launch a new Terminal and become root. Then execute these commands:
sh-2.05b# cd /Volumes/u01/app/oracle/oraInventory/
sh-2.05b# ./orainstRoot.sh
Accept all the default values, and keep clicking Next.
Choose Edition
When prompted to choose a database edition, I selected Enterprise.
Choose Starter Database
I chose to create a General Purpose starter database
Choose Character Set
I changed from the default to AL32UTF8. This is not necessary unless you plan to to use Unicode or multibyte characters in your database.
Database File Storage
Earlier, during preparation for this installation, I set up a location for database files in /Volumes/u02/oradata. When prompted for the location on the file system for database files, change the default value.
Database Schema Passwords
The installer allows you to set all password to be the same.
Install
After a quick glance at the install summary, it's time to kick off the installation.
Run root.sh
When prompted to run root.sh, run the following commands as root:
sh-2.05b# cd /Volumes/u01/app/oracle/product/10.1.0/g5db/
sh-2.05b# ./root.sh
End of Installation
You've reached the end of the installation
Logging in
To run SQL*PLUS, you'll need to configure the PATH to the executables. While logged in as oracle, execute these commands:
oracle$ cd /Volumes/u01/app/oracle/product/10.1.0/g5db
oracle$ export ORACLE_HOME=`pwd`
oracle$ export PATH=$PATH:$ORACLE_HOME/bin
Now you can run SQL*PLUS. You may want to add these environment variable settings to the oracle user's .bash_profile for subsequent sessions.

That's it, the 10g database is installed. In the next few weeks, I'll write up some instructions to install Oracle HTML DB as well.