Search the Site

My Social
Meta
Powered by Squarespace

Entries by Willem (532)

Friday
Sep282007

iPhone Bricking. Who's to Blame?

Still, it's not official if the latest update is bricking the iPhone. Reports are mixed on the several Apple related sites. This might mean that even less people than you might think had converted their iPhone. One would think that if thousands of people had removed the simlock, that the reports are pooring in. But they don't (so far). Another possibility is that everyone is waiting to see what really happens. Apple could have avoided this be making sure that everyone who buys an iPhone also gets a carrier subscription before they leave the store. But somehow this wasn't the case. It was possible to buy the iPhone, take it home, and choose the subscription when you activate it. This leaves lot's of room to find way around the AT&T carrier service. And this is what's happening. Apple (and AT&T) wouldn't mind as much if every unlocked phone had an AT&T carrier subscription with it. Hell, they will get their (monthly) money anyway. No matter what SIM is inserted. So, I can't blame the users for unlocking their phones. And I can understand the measures Apple is taking, cause they might be loosing money on those unlocked phones. But they somehow let it happen by releasing unactivated phones into the wild. Knowing the nature of the average resident of the United "I will see you in court" States this hasn't ended yet :-) B.t.w., here in the Netherlands, it's quite normal to sign a contract before you get the 'sponsored' phone. After that they don't care what you do with the phone. The carrier gets his money for the next (couple of) years no matter what.

Click to read more ...

Thursday
Sep272007

Hacked iPhone Turns to Brick 

The iPhone has a SIM-lock to make sure that you can only use the AT&T network in the US. After some weeks the reports about SIM-lock removers (both hardware and software) got loose on the Internet. This meant that users abroad could also use an iPhone on different networks, and the Americans could choose different providers. This week Apple reported that an update was imminent, and that might cripple your iPhone. The latest update was release hours ago, and the first reports of expensive bricks are coming in.. Apple is striking back. Just to make sure that they receive their cut from AT&T. My initial reaction on the iPhone was; 'Gimme, Gimme, Gimme', but this is no longer true. I'm still very happy with my Nokia E61i, and I don't think that the iPhone will be SIM-lock free when it becomes available in Holland. Or that KPN will be the operator to sell the phone.

Click to read more ...

Wednesday
Sep262007

Photo Tagging eq Tedious Work

A while ago I cataloged my photo's in iView Media Pro (now property of Microsoft). It took me hours to do this, and it still needed some finetuning. Somewhere along the line, I decided to switch to Adobe Lightroom for some weird reason. The actual importing of the photo's was quite easy, but somehow I wasn't able to import the metadata I had attached to the photo's. So this meant that I had to do this all over again. This time it took me hours without a couple of minutes. I did it a bit faster because of the more intuitive interface. Man, tagging sucks. I must remind myself to do this everytime I add new images. Next time when I have an epiphany about changing image catalog/management tools I might want to read this as a discouragement. B.t.w. the reason for changing from iView to Adobe was the better collaboration between the OSX and Windows versions. Somehow iView lacked this, even though it was available on both platforms. iView used absolute path to the images in the catalogs. As far as I can see, Adobe uses relative paths if you exchange catalogs. Anyway I exported, and imported several catalogs between the platforms and so far everything worked.

Click to read more ...

Wednesday
Sep262007

BorderMaker Crossplatform Challenges

BorderMaker is a tool for creating borders, watermarks etc on digital images. The nice part is that it comes in a Windows version (written in Java) and a cross-platform version (JAR file). It's a pretty versatile tool and it's for free :). The cross-platform version works on Apple OSX, but has the limitation that the EXIF information gets lost. On Windows the supplied jhead.exe program works without any problems. On OSX, the .exe file (obviously) won't work. Thankfully, there is a OSX compiled version available. The program (jhead) itself works like a charm, but won't work from the BorderMaker interface (under OSX).

./jhead -te "${src_file}" "${dest_file}"

The parameters ${src_file} and ${dest_file} generate errors. When the command is executed from the command line, everything works (with the variables substituted with the real filenames). Currently I use a workaround on OSX by executing jhead after I have created the 'bordered' images wit the command explained on the jhead website;

jhead -te "originals\&i" *.jpg

Click to read more ...

Tuesday
Sep252007

Wordpress v2.3 Update

Wordpress.org release version 2.3 of their blogging software. Lot's of improvements, so time to upgrade. The upgrade itself was pretty straight forward. First backup everthing. Second, upload the new files and run the upgrade script. After that it was business as usual.... Well not quite. I needed to alter my theme to allow widgets etc., and that wasn't that easy. Especially since I'm not that familiar with PHP. Finally I got most of my plugins up and running. The only thing that won't work is the Rich Editor. When I want to create a link the 'window' doesn't appear. Only a white placeholder appears.

Create Link Window Missing

UPDATE: Oke, I found the cause of the white placeholder after some deliberation on things I did the last hours. Apart from the upgrade on wordpress I didn't do much. I did however play with OpenID for a couple of minutes, and installed the VeriSign OpenID SeatBelt extension for FireFox. After disabling the extension everything worked just fine. I wonder if this is an extension, TinyMCE, or a FireFox problem?

Click to read more ...

Monday
Sep242007

'Faking' CA's

A while back, I was asked if it's possible to fake a VeriSign issued SSL certificate. In theory, this is possible (if you have like unlimited resources), but on the practical side, it's impossible. It is possible however to create a CA which resembles the VeriSign root up to some level. Everything, apart to some 'details', can be forged. Name, serial number, timestamps, additional fields etc., can be created by OpenSSL and a special crafted config file. It's just finding out how to do it. The tough (and this is a definite understatement) part is the thumbprint, and the public key. The public key is generated by cryptographic algorithme (along with the private key), and it's impossible to 'regenerate' this. But for the casual user, this is not a problem. For a normal user it's pretty hard to tell the original from the fake CA certificate, since only details are different. Also, these differences are unreadable pieces of hexadecimal strings. So all you have to do is to persuade the user to trust the new (and improved) VeriSign CA, and every site he visits may be fraudulent (and probably is). The following sections contain the real certificate from VeriSign, and the fake one. Now you figure out which one is the real one.

Certificate: Data: Version: 1 (0x0) Serial Number: 02:ad:66:7e:4e:45:fe:5e:57:6f:3c:98:19:5e:dd:c0 Signature Algorithm: md2WithRSAEncryption Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority Validity Not Before: Nov 9 01:00:00 1994 GMT Not After : Jan 8 01:00:00 2010 GMT Subject: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1000 bit) Modulus (1000 bit): 00:b8:93:ae:c9:5e:c7:8a:9e:97:c7:c3:32:00:73: 45:54:03:db:29:e2:13:4b:7b:78:6e:57:69:b3:c8: 77:a4:a7:48:40:51:99:1b:86:9f:f2:e7:8d:34:40: fc:99:91:ac:ed:2e:07:7b:da:f6:97:b3:e7:63:2c: 7c:14:c4:8a:61:8f:e4:96:02:40:40:e4:ba:9a:bb: 6a:cb:d9:75:78:00:b7:5f:b3:ca:1b:a8:1f:6b:5b: 44:e3:65:04:72:98:55:5c:fb:e2:2d:bc:46:eb:c7: 44:78:5c:bf:9a:b4:a3:19:a5:d9:17:47:87:bb:73: 12:60:b9:77:18:59 Exponent: 65537 (0x10001) Signature Algorithm: md2WithRSAEncryption 61:29:b8:7b:55:3b:c6:c7:7c:ed:86:73:b8:30:4a:02:c0:93: 79:06:83:39:f2:9c:9e:40:ca:42:e6:7f:12:e2:7c:22:d3:2b: d6:8f:a7:d9:a4:93:20:09:9a:6b:26:71:65:bb:ff:dc:70:fb: d9:5c:a2:34:c6:88:00:ec:51:8a:65:75:53:d4:18:a3:38:f5: d3:61:14:7b:8f:e4:d2:b3:fe:39:45:7a:4d:ec:f5:35:61:d7: 22:9a:2c:1a:c8:d2:f7:d1:55:4d:02:83:cc:f0:fc:5c:32:a9: 49:d3:d2:2c:5a:c9:b8:9f:b5:d7:7f:3a:9a:b5:d8:55:9d
And the second CA certificate
Certificate: Data: Version: 1 (0x0) Serial Number: 02:ad:66:7e:4e:45:fe:5e:57:6f:3c:98:19:5e:dd:c0 Signature Algorithm: md2WithRSAEncryption Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority Validity Not Before: Nov 9 00:00:00 1994 GMT Not After : Jan 7 23:59:59 2010 GMT Subject: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1000 bit) Modulus (1000 bit): 00:92:ce:7a:c1:ae:83:3e:5a:aa:89:83:57:ac:25: 01:76:0c:ad:ae:8e:2c:37:ce:eb:35:78:64:54:03: e5:84:40:51:c9:bf:8f:08:e2:8a:82:08:d2:16:86: 37:55:e9:b1:21:02:ad:76:68:81:9a:05:a2:4b:c9: 4b:25:66:22:56:6c:88:07:8f:f7:81:59:6d:84:07: 65:70:13:71:76:3e:9b:77:4c:e3:50:89:56:98:48: b9:1d:a7:29:1a:13:2e:4a:11:59:9c:1e:15:d5:49: 54:2c:73:3a:69:82:b1:97:39:9c:6d:70:67:48:e5: dd:2d:d6:c8:1e:7b Exponent: 65537 (0x10001) Signature Algorithm: md2WithRSAEncryption 65:dd:7e:e1:b2:ec:b0:e2:3a:e0:ec:71:46:9a:19:11:b8:d3: c7:a0:b4:03:40:26:02:3e:09:9c:e1:12:b3:d1:5a:f6:37:a5: b7:61:03:b6:5b:16:69:3b:c6:44:08:0c:88:53:0c:6b:97:49: c7:3e:35:dc:6c:b9:bb:aa:df:5c:bb:3a:2f:93:60:b6:a9:4b: 4d:f2:20:f7:cd:5f:7f:64:7b:8e:dc:00:5c:d7:fa:77:ca:39: 16:59:6f:0e:ea:d3:b5:83:7f:4d:4d:42:56:76:b4:c9:5f:04: f8:38:f8:eb:d2:5f:75:5f:cd:7b:fc:e5:8e:80:7c:fc:50
After creating the CA, I made the SSL certificate (some data has been obscured).
Certificate: Data: Version: 3 (0x2) Serial Number: 1a:b6:68:61:a3:c7:c5:ca:a0:b8:4f:09:c1:97:0e:f4 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority Validity Not Before: Apr 18 15:17:43 2007 GMT Not After : Apr 17 15:17:43 2008 GMT Subject: C=NL, ST=Noord-Holland, L=Amsterdam, O=###########., OU=#####, OU=Terms of use at www.verisign.com/rpa (c)00, CN=www.#######.nl Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:b5:b7:78:80:6f:a9:3d:d0:d8:99:8e:0c:d3:34: f2:95:d5:1b:a4:30:44:45:6c:11:71:9b:dc:ae:b7: 3c:1e:0a:5b:81:2d:bd:e6:be:34:cb:7c:e2:de:5f: 20:1f:df:0d:36:ad:83:74:64:b7:52:34:10:f0:bd: 72:09:cf:31:84:77:81:c1:01:16:1d:a5:e9:58:27: 8f:f6:ea:20:15:04:e6:b9:40:d0:16:3f:b9:f3:cb: 06:75:9c:2c:93:d1:55:6e:04:f0:e1:43:6b:53:16: 39:ee:b3:84:62:02:eb:f8:f0:df:74:f4:da:6e:3a: 8a:6b:4a:ab:be:c1:16:9e:d3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: Digital Signature, Key Encipherment X509v3 CRL Distribution Points: URI:http://crl.verisign.com/RSASecureServer.crl X509v3 Certificate Policies: Policy: 2.16.840.1.113733.1.7.23.3 CPS: https://www.verisign.com/rpa; X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Authority Information Access: OCSP - URI:http://ocsp.verisign.com 1.3.6.1.5.5.7.1.12: 0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif Signature Algorithm: sha1WithRSAEncryption 87:d1:47:c7:ea:59:18:9c:8d:e6:17:53:9c:76:d4:fb:bb:ce: ab:ab:3f:8a:a6:74:98:67:86:53:39:79:98:62:89:e5:07:27: 73:db:65:9f:10:8c:51:6e:ca:bc:cb:25:46:49:49:8f:0c:b4: 2c:f8:3b:47:95:c2:ba:8c:5e:d8:54:52:83:d5:4d:ed:b2:95: 0b:62:13:1e:9a:61:7c:97:b7:f9:02:52:7a:4f:7a:c6:19:f3: 80:3a:99:6e:27:5b:b2:b8:80:c1:43:d1:b9:0b:9f:02:26:9c: 50:39:a1:18:82:cd:cd:89:dd:ca:5e:e1:52:02:ab:bf:b1
The second CA is the real thing. The first one is the fake CA. So all you have to do is to persuade the user to trust the new (and improved) VeriSign CA, and every site he visits may be fraudulent (and probably is). Or just infect him/her with a trojan to insert the CA for you. The 'fun' part is that if you should replace the actual (original) VeriSign CA in your crypto store you get warnings/error messages which aren't very clear. The OS/Browser tries to 'tie' the SSL certificate to the CA, but not everything seems to add up :).

Click to read more ...

Saturday
Sep222007

New Piece of Glass

Yesterday, I bought a new piece of glass for my camera. I had two on my radar, but only enough money to get one. The contestants were:

And the winner is: the Sigma 10-20mm. A very nice ultra wide-angle lens. I guess that the Nikkor has to wait a couple of weeks.

Outside Dudok

You can see some other images I shot today on my Flickr page.

Click to read more ...

Thursday
Sep202007

Teh Internets Are Gone!!1

OK... Disaster struck... Yesterday morning I had a flashing DSL LED on my DSL modem. Flashing ain't good. A stable green light is good, flashing is bad, very bad. Flashing means it tries to connect to teh Internets, but it can't. Thankfully, I have a nice neighbor with no encryption on his wireless. Downside is that I need to sit in the hallway to use it. Hopefully the problem will be fixed tomorrow. If not you might be reading this somewhere next week (if ever). UPDATE: Well things are improving (a very tiny little bit). Statistics show, that the website is available 15% of the time instead of 2%. An optimist would say; 'an improvement of 750%'. My opinion is not that optimistic I might say...... UPDATE#2: No idea what's wrong with the Internets connection. Last night it downloaded three movies worked without any problems. This morning I had to switch it off and on to get it going again. I must say that the modem itself is running awfully hot. In the mean time I have two different types of modems in spare (510i and a 546i). Strange thing is that the logs show disconnections due to idle time?? Idle? The thing hasn't been idle ever since I installed it. UPDATE#3: Well, the techies suggested a downgrade path to check if it might help. Off course, I'm against this. This means slower lines, slower downloads etc. It's like going back to the digital stone ages. Furthermore, it worked perfectly over the last 7 years.... The performance didn't degrade over time. The performance just said 'poof'. Anyway, in the meantime I'm back to 4Mbps, and things seem to look good, but it also looked good yesterday. So until further notice this website might be online (or not, or whatever).

Click to read more ...

Monday
Sep172007

Nikon Camera Control Pro

Back in the old days, when I was struggling on the Windows platform, I used Nikon Camera Control with my nikon D100. Great tool for experimenting. Downside was that the D100 had a USB 1.0 interface, so it took forever to download the images. During the transition to the Mac I found the OSX version, but it was only available for the PowerPC platform.... until recently. Version 1.3.x is Intel compatible, so now I can unleash the tool on my MacBook Pro.

Note: v1.0 installs on an Intel Mac, but it DOESN'T run. You need to upgrade it before you run it. Too bad though that the D200 doesn't have a LiveView kinda feature.

Click to read more ...

Saturday
Sep152007

Symcaimport Available for Download

The last couple of days, I've had several requests for the source code of the Symcaimport pages. Therefor, I decided to 'zip' the files, and serve them to the world.

The pages are written in Macromedia Adobe Coldfusion, but for some one with PHP or ASP knowledge, it should be fairly easy to understand.

Click here to download

B.t.w. It would be nice if you create a link back to my website if you use the pages in some form. And remember that you still need to modify the MIME settings for your webserver for this to work. An alternative is to send the specific MIME setting with the download. Coldfusion does support this, but when I created the pages, I couldn't be bothered. Perhaps someday....