Jimiz.net – Jim Becher on the web

I found a great site for creating custom QR codes. 

I had a project a few years back where I had to generate QR codes, so I wrote my own engine.  Then I used the .net framework to impose images on top of QR codes using GDI+.  The qrhacker.com site does a great job of putting the elements I did a while back into an easy to use site.  

The issue I had with the program we wrote, is that depending on the QR code generation the logo or icon you placed over the image would cause the QR to not render.   What I like is how they let you know when you may have caused the QR quality to be out of range.    I have just a generic version that generates a QR code based on size quality at tilde32.com/qr.aspx.   

QR codes have come  along way in the past two years.   Part of the reason I created my own generator is that I could validate the quality and also have control when needing to batch the QR generation.  Here is the previous post on some discussions on QR codes  – http://jimiz.net/blog/2010/12/qr-code-generator-2d-barcode/

While starting to  write an android application I had to re-install the Android SDK on my new system.  When I did this and tried to execute the Emulator I go the following error:

"invalid command-line parameter: Files.

Hint: use '@foo' to launch a virtual device named 'foo'. please use -help for more information"

After some google searches and some testing I finally found a fix.  The issue it appears is the referenced path that Android is using.  Since I have an x64 system, the location that the default android install is : C:\Program Files (x86)\Android\android-sdk

One of the posts and install documents I read was to add that directory to your “Path” in windows.  I made that change and still had the same issue.  After some more digging I found that the issue is related to the spaces in the folder path.   To solve this issue I added the “SFN” directory location into the PATH variables.

Short File name is sometimes called 8.3 file name.   Because it envokes a limit on the filename and extension length (wikipedia)

Since x64 machines place files that are 32bit into a different Program files directory the install location is : C:\Program Files (x86)\android\android-sdk

SO THE FIX IS:

Add the location sfn name into the path.  My 8.3 file location for the sdk is:

C:\PROGRA~2\android\android-sdk

This will remove the spaces from the path.  To add a folder location in your path on windows 7 you need to:

• go to control panel
• 
• System | Edit the System Environment Variables
• Click the Environment Variables button
• 
• Scroll Down under “system Variables” until you find path
• 
• Place a “;” before you add the path to the sdk folder (C:\PROGRA~2\android\android-sdk)
• 

I’m in the middle of writing a Windows Phone 7 application.  It is part experiment and part project that I’ve wanted to do for a while.   In doing the development I have found a few difficult things in developing for WP7.

The application I’m writing requires the use of the network adaptor and also some mapping.  So far the available information for the network adapter is very sparse.   The other interesting component is also that fact that you can’t launch a Map (bing map) task very easily.  You would think this would be a built in feature.

There is a work around that Kevin Marshall has posted (http://blogs.claritycon.com/kevinmarshall/2010/12/07/wp7-tip-pseudo-map-launcher/)

The main idea is that you call out a bing search and utilize the map call:

var task = new WebBrowserTask();
task.URL = “maps:1%20N%20Franklin%2060606″;

or

//task.URL = “maps:37.788153%2C-122.440162″;

task.Show();

I love to use a good pen.  I recently lost my good Cross pen that I always have carried.   In the spirit of being frugal I decided to see what I could find on a budget.  I came across a quick post on lifehacker discussing a Mont Blanc Pen for $15 bucks.   Being a person who likes a good pen, I decided to give this little project a try.

The steps are pretty easy.

1. Get a G2 pen (pro or regular)  I did both.

2. Purchase Mont Blanc refills – I got 15158

3. Trim the plastic end of the refill – I used a utility knife

4. Re-assemble and enjoy.

I chose the G2 pro for the more executive look, but realized I like the clear regular G2 becuase you can see the Mont Blanc and it reminds me that I am using a nice writing utensil.

Lifehacker article: http://lifehacker.com/186819/convert-a-3-pen-into-a-200-pen

Read the entire how-to at indistructuables : http://www.instructables.com/id/Save-%24200-in-2-minutes-and-have-the-worlds-best-wr/#step1

I get all types of security questions from home users.  How do I secure my wireless so people can’t use it?  How can I make sure people can’t steal files on my computer?  How can I keep the kids from going to sites they are not suppose to be on?

For the last one, how to secure and block sites I recommend OpenDNS.  Not only does open dns allow you to speed up your surfing (more on that later). It also allows you to monitor, maintain, and block sites that are used from your network.

To utilize OpenDNS you need to set your router’s dns service to use OpenDNS. This is a fairly simple task if you know how to admin your home router. In most cases your router is a (netgear, linksys, or dlink device). OpenDNS has instructions for most versions. Once you add their Primary (208.67.222.222) and Secondary (208.67.220.220) ip address to your router you are almost done.

You then create an account at openDNS and setup your rules. I choose the moderate setting and then modified it to block adult content and removed Proxy / anonymous sites (since I use wifi-vpn.com)

customized Settings

With a simple DNS change on your router you can now block all types of sites and specific urls. Example, if you wanted to block some specific port site or other url (www.xxxsomething.com) you would add this to the open dns block list. One of my colleagues at work has blocked facebook when his kids did not meet the grades or rules.

Once you have set your rules / filters for OpenDNS you can now monitor what is being done on your network. OpenDNS has great reporting to show you how much traffic you have done and what domains people go to. Here is a sample of what people have gone to on our Family cottage wireless network.

Overall OpenDNS is a great tool for your home or business. It can block unwanted sites and also track usage and sites people should not go to.

If you use google apps and an iPhone or iPad you have probably tried to add other calendars to your in app calendar application.  A very simple way to do this is to use iphoneselect.   Iphone select allows you to select the calendars from a webpage and then configure your iPad or iPhone app to sync with them

Google APPS: https://www.google.com/calendar/hosted/YOURDOMAINNAME/iphoneselect

Change YOURDOMAINName to the appropriate url mine is “jimiz.net”.

Gmail: https://www.google.com/calendar/iphoneselect

You will then see your available calendars to sync with, the same selection you have in the gmail web application.  This great little url can quickly configure your calendar.

I recently configured my cousins google apps account and allowed him to sync the other team members.

So today I updated my iPhone to 4.3.2 and Jailbroke it again.   I always get asked why I jailbreak.  The simple answer is because I like to hack devices.  The more to the point reasons are the cool customizations.  The business reason is simple, MyWi it allows me to make the device a wifi hotspot and always have internet where ever I go.

I used the redSn0w process to jail break.  You can follow this process it is for 4.3.1 but  but can work with 4.3.2 if you download the proper IPSW version.   Lifehacker always has hst up to date version of the files.

My intial attempt failed.   This is because I did not follow the steps for x64 and modify the affinity for redsnow.exe and set to cpu1

I also did not run redsn0w.exe as administrator.  To do that you just need to right click on the exe and select (run as administrator)

These steps are all in the instructions. Have fun and enjoy if you do decide to jail break.  Drop me a note with your experiences.   I

I have not jailbroken my iPad yet.  I do know this version will not do the iPad2

Update:  I got a note from someone asking if I backed up my iPhone prior to jailbreaking.  Yes, I used AptBackup for the jailbroken apps and did a lot of system file copy with ssh.

I’ve been doing some research on QR codes (the funny looking squares you see in magazines and Sunday advertisements). QR codes are “Quick Reference” barcodes that can contain a lot of information. They started to become popular in Japan and have recently been showing up more and more in media and at stores.

There are a few great QR code generators out there but I set out to make one for myself that I would be able to share. I used an opensource qrcode library from twit88.com.

Head over to www.tilde32.com/qr.aspx to use the generator. Create a QRcode for your site, or for a business card, even your wifi info. You can use the permalink to add the QR code to your site or just download and save the image. I have also been working on a GDI app that you can add your logo on top of the QR code (coming soon) Similar to what the BBC did with their logo. I am also adding a Microsoft TAG generator.

QR code for : jimiz.net

Why are QR codes so popular? There are over 50 Million smartphone users in the US. Any smartphone with a camera should have the ability to read a QR code. It is a simple way to transmit data to a end user. QR codes are easy and free to create and can store a lot of data. They are easy to embed into media and marketing materials.

I was reading my daily RSS feeds and came across this headline.

“More than 10% of all PCs worldwide now on Windows 7″. (http://windowsteamblog.com/blogs/windows7/archive/2010/04/22/more-than-10-of-all-pcs-worldwide-now-on-windows-7.aspx)

It stood out and made me interested. That is pretty amazing, since Windows 7 has only been out for a few months. Considering the volume of users that have a PC that is huge number and to get to 10% this quick is just outstanding. I have been lucky enough to use 7 for quite a while at home, but still use XP at the office.

I am continually amazed at how people upgrade and update their home PC’s. Not many of the people I know who are not technical would even be able to tell you how to upgrade their OS. In fact, most of the people I end up helping with their tech problems just purchase a new PC rather than upgrade the OS.

I wonder how many of the sales are tied to a new PC? I would even love to know what the numbers were of people upgrading from XP or Vista?

Here are some great basic money mistakes. If you are in any way questioning these items please email me so I can explain. I am not a financial planner or even a consultant (I work in IT). However, if you don’t understand why these are bad, I am offering to take the time to explain them and answer questions.

Here is the original link from USAToday (http://www.usatoday.com/money/perfi/basics/2010-04-19-personalfinance19_ST_N.htm?csp=usat.me)

1. Raiding your 401(k)
2. Walking out on a mortgage (Please understand the major financial issue behind this)
3. Ignoring the card balance (Dave Ramsey)
4. Debt-wipeout scams (don’t be a sucker)
5. Co-signing a loan (Stay away)
6. Payday loans
7. Reverse mortgages
8. Trying to stiff Uncle Sam (it is not worth it)

These are some pretty simple mistakes to avoid, some are done because people are under stress to pay things or get out of a bad situation. Just please remember how important it is to understand the financial decisions you make

As a follow up to my original post of watching some kid at a coffee shop sniff the wireless network for passwords, I am doing a wi-fi security series.

In this post I will show wi-fi users how easy it is to gather information from other computers and users by just sniffing the network. I first must explain what “sniffing the network” means. In the simplest form it is just listening and capturing the information that is sent across the network this information is in network packets. This can be done on a wireless or wired network. Network sniffers come in all different flavors and types. I prefer Eathereal, this is because it works on linux and Windows. These tools are used to troubleshoot and also diagnose issues on networks and applications. They can also be used to ease drop or snoop on others, which is what I plan on explaining in this post.

So you may ask, what can a person “sniffing the network” find? Well for starters, it is really easy to gather usernames and passwords. Especially from POP email accounts. Most people who use email have an email client, such as (outlook, outlook express, thunderbird, or some other branded client like AOL or earthlink) Most of these clients user POP3 to communicate with the server to read your email. This all happens when you hit the Send/Receive email button. These clients that use POP3 may send your username, password, and messages in clear text. By default these programs as set to be easy to use and do not have the security features that are available turned on. So what does this mean? Well let’s look at a typical transaction from a user who is checking his or her mail. The open up Thunderbird (my email client of choice) at a coffee shop and hit send/receive while using the free wi-fi.

When they do they are sending information unsecured over that network, which happens to be a wi-fi network. Other users, which use the wi-fi also, have the abilty to overhear or sniff your information. The image below shows an Ethereal capture of my fake user called jvandenbon.

As you can see from the image, the username jvandenbon is sending his password of Alice623001 to his mail server. This happens each time he hits send and receive. Not only is the username and password readable, but so is the email. Below is a screen capture of an email I sent to that user. You can see from the capture that I read the email then deleted it.

Here is the actual information from that email inside ethereal:

Received: from ?192.168.1.107? ( [22.131.13.51])
by mx.gmail.com with ESMTP id j4sm126467nzd.2005.11.22.19.09.50;
Tue, 22 Nov 2005 19:09:50 -0800 (PST)
Message-ID: <4383DD50.9050706@jimiz.net>
Date: Tue, 22 Nov 2005 22:09:04 -0500
User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)
X-Accept-Language: en-us, en
MIME-Version: 1.0

So as you can see a default email client and POP3 account is not very secure. You are basically sending your userinformation and password for all to see if they know how. What is scary, is when you actually do sniff a network the amount of email usernames and passwords are actually sent. The day that I caught that kid at the coffee shop I saw about 10 username flying over the network.

At this point some people may be saying why do I care, it is just an email account? Well ask yourself, a few questions. Do you use that password for anything else, like your online bank site, or bill pay, or paypal, or even your gas or electric site? Do you use that email for any other accounts like paypal, ebay, or your bank site. Could someone use your email and password to ask your bank to reset your online bank password? These are all just food for thought.

Others are probably reading this and saying that the users should know how to secure their email account properly and use SSL / TLS over POP. I plan on helping people do that in my next post.

To keep this part 1 section going, let’s discuss what other information your machine may be telling people about you. So far we have seen that email; usernames, passwords, and messages can be viewed. Now I will show how online web email accounts can also be viewed. Though not as easy, online or web mail can also be seen over the network. This is only true when it is not used under SSL (https). Below is a picture of what a typical web mail login looks like. You can see the username jvandenbon and his password being sent over the network.

All the information I have talked about so far is from a user’s computer being sent out. This means you are initiating traffic, checking email, browsing web sites. But, what about your computer, does it answer questions about you when asked? It amazed me when I did a quick scan of the coffee shop wi-fi the other week. I saw 3 laptops that had network shares available on them. That means I was able to copy files off that machine.
The user turned on network sharing without any security. In my next post I will discuss methods of protection against intruding eyes.

As always, leave me feedback. Both good and bad.

Well I have finally decided to make the actual move from AT&T to Cingular. It is not that I am uhappy with AT&T wireless. It is just that they are no longer around. They are cingular.

One issue I am having is that I have a family plan. I did not have one with AT&T but with cingular they label my plan as a family plan. So I am unable to upgrade online. Which happens to be the only way to upgrade to get the phone I desire.

So about 50 min of calls today and a few people who could not have confused me more.. I am now in waiting for a phone that I don’t know which number it belongs to. But, I am calm. You see if I am able to get the phone I want for the price they advertise it for, then I will be happy.

Yesterday I completed my first marathon. On Oct 9th I ran the Chicago Marathon in 4 hours and 27 min. That is near a 10 min mile. I did not know what to expect going into this race. I figured it would be interesting, and I was right.

The day was perfect, 40 degrees in the morning and near 60 and sunny at the finish. I now know why they call Chicago the “Windy City.” I knew there would be 40 thousand people there but I did not know how they would effect me when I was running. I spend the first 10 miles just trying to get out of the way of people. Mostly passing runners and dodging people who just decided to start walking. You see, with that many people you had people around you at all times. At most times during the race if I stuck my arms out to my side I would have touched someone.

I realize know some of my mistakes. First, I will make sure that I get in with a pace team that is a bit faster. I would have liked to be in the 4 hour range or less. We ran with the 4:30 pace team (we go to the start a bit late to move up to the 4 range). What I found is that we ended up passing almost everyone around us, and not having too many people pass us.

Second, I would probably run a bit harder in the beginning and then rest in the middle. I did not really get tired until mile 24. Let me tell you that the last 2 miles were hard.

I ran the race with my sister-in-law and brother-in-law, Rodney and Alyssa. We all finished together.

It was one great adventure that I recommend everyone trying.

I have finally realized how much I use Instant Messaging. It is not a matter that I did not consider IM a viable means of communication, but rather the fact of how often I use it as a means of communication. Since switching jobs recently I have been able to consolidate my email, contact list, and useful files. The one thing that was left was IM. I use AIM, MSN, Yahoo, and Google Talk. It was when google talk was released that I realized how many programs I had to just do IM. I have all these IM accounts because of the diverse people I communicate with. Most of my friends are on MSN, and most a lot of business associates are on AIM and Yahoo.

To make all this easier for me and to consolidate and simplify (I seem to be doing this a lot lately) I moved to using Trillian Pro 3.1. I have used trillian before but that was the basic version. The pro version (cost me 25 bucks) and so far seems to be worth it. One of the major things I did not like about Trillian in the past was the interface. The pro version allows you to try different skins. I am using a minimal skin to let me get the most screen real estate. The reason I chose Trillian was that it was compatible with almost any IM protocol. One nice feature is the ability to use it as an RSS reader. I am still playing with all the settings but it is nice to get a full view of all IM people online and also a quick look at your Email for each IM account.

So in closing, I give it 4 our of 5 stars.

You often hear about security and web services. How they need to be more secure and how they can pass unsecured information. Well, I recently had an issue with a client that felt they were exposing too much information with the web service provided. This web service allows for products to be returned based on some search criteria. Unfortunately the web service was located in the root of the main web site so the asmx file was available by going to (http://www.someurl.com/somefile.asmx). The client felt that the web service gave too much info out.

We had a few methods to resolve this issue. One was to move the web service to another virtual folder and only allow the specific ip address to access that location. This did not seem to be the logical choice for us because we had multiple applications obtaining information from this location. We would have to find and adjust all the linking applications. So we started to look at the asmx file.

After some googling we really did not find too much info on how to secure the asmx file. Because in it’s true sense it is meant to explain / expose the methods of the web service. In one of the searches we were able to find some information on how the asmx file was built and displayed on the server. Specifically how the can be changed to show the order of the methods.

Using this information we set out to modify the asmx file to not show information about the web service methods. To do this we needed to modify the DefaultWsdlHelperGenerator.aspx file. This file is located in %SYSTEMROOT%\microsoft.net\framework\v1.1.4322\Config

In this file it allows for description and display of all exposed methods on page load. By modifying the SHOWingMethodList function and replacing the list of methods with some text or links back to the site we effectively removed any information the asmx file displayed. The ShowingMethodList had a repeater listing, we removed the repeater and added some text and a url.

We also removed the header information that had the standard documentation and put some text in it’s place.

In the end we had a functional asmx web service page that only displayed the text we wanted. It was not the ideal way of securing a web service, but in our situation it was useful.