Upgrading the X10 to Android 2.1 on Rogers Wireless

After much waiting, Rogers Wireless has finally pushed the upgrade for Android 2.1 out to its Sony Ericsson Xperia X10 phones. I noticed the update available last night but only had time to upgrade this morning. But I ran into a problem: it asked that I use the Sony Ericsson PC Companion software to upgrade, but I kept on getting an error.

Installation Error message given from PC Companion software

Installation Error message given from PC Companion software: "Unable to install or start phone software update components."

Initially, I thought I would have to restart my computer since I downloaded a new version of PC Companion when I plugged in the X10 phone. I know that those phone helper applications tend to install drivers that should prompt your computer to restart so they could be registered, but not so with this update. So I tried three times under different conditions–phone on, computer restarted, phone off–but same error message: Unable to install or start phone software update components. Looking back, I should have tried re-running PC Companion under an administrator account and seen if that worked. Unfortunately, Sony Ericsson does not pay me to do QA work for them.

My Solution

I remembered reading in the manual that there was something called Update Service. It’s another application from Sony Ericsson, but one that is dedicating to updating phone software. I gave it a download and this time it worked! You can download it here: http://www.sonyericsson.com/cws/support/softwaredownloads/detailed/updateservice/xperiax10

Whenever you run Update Service on Windows Vista or above, it requests administrator access. It also prompts you to turn off your phone and connect it in a special way. But the installation of the update went very smoothly using this tool. Screenshots below.

Sony Ericsson Update Service software - Downloading the Update

Sony Ericsson Update Service software - Downloading the Update

Sony Ericsson Update Service software - Installing the Update

Sony Ericsson Update Service software - Installing the Update

After this update these were the version numbers on my X10a:

Firmware version - 2.1-update1
Baseband version - 2.0.46
Kernel version - 2.6.29 [SEMCUser@SEMCHost #1]
Build number - 2.0.A.0.504
Posted in Uncategorized | 11 Comments

Fortune Cookie of Fate

Today my family went to a Chinese buffet restaurant to celebrate Joe (my brother-in-law) and Amrita’s birthdays. After every meal there, they always give us fortune cookies. I just thought mine was very fortuitous, so here it is:

You will be successful in a business of your own.

I found it amusing because I have been contemplating about that very same thing.

Posted in Uncategorized | Leave a comment

Authentication Loop with .htaccess Protected Pages

DRAFT

After trying out my .htaccess scheme to protect my WordPress installation I was running into an endless pop-up of authentication pop-ups.

I searched around and found a post by DianeV on the WP forums: http://wordpress.org/support/topic/113881#post-546028

She links to a post she made back in 2007 (yikes) entitled:
WordPress admin password protection 404 http://developedtraffic.com/2007/05/27/wordpress-admin-password-protection-404/

She points to a support issue with the TextPattern CMS http://textpattern.com/faq/173/password-protected-directories-with-htaccess which happens to give a solution.

It turns out that some servers need to be told explicitly where the error pages are, especially those for 401 and 403 errors, in order for .htaccess authentication to work properly.

Posted in Uncategorized | Leave a comment

Installing WordPress Securely on DreamHost

DRAFT

After my WordPress website was hacked into, I began to look into all the options and advice for setting it up securely.
http://codex.wordpress.org/Installing_WordPress

Step 1: Getting the Latest WordPress Version

I like to use the shell for this since it saves on downloading it on one of my computers and then transferring it onto a remote server. Login to your file hosting server with the shell account you assigned to your domain. Navigate to a directory where you want to work from, keeping in mind that it doesn’t have to be the directory that is set to be public on the Internet (i.e. where the files placed here can be reached via a browser). At the prompt, run: wget http://wordpress.org/latest.tar.gz

The above link will always download the latest release. Now you need to decompress this archive, run: tar -xzvf latest.tar.gz

In your current directory, you should now have a directory called wordpress that you can rename to anything. You will be pointing your URL address to this folder as your root.

Delete readme.html from the wordpress root directory as this will tip off the exact version you have installed to possible attackers.

Step 2: Changing the wp-config.php File

Fill in the information related to the database you’ll be using in the following defines: DB_NAME, DB_USER, DB_PASSWORD, DB_HOST

You should always change the default database table prefix from wp_ to something a bit harder to guess. In most installations, people will have one database devoted strictly to WordPress, so you don’t even have to prefix the tables with wp_; just create a random alphanumeric string (about 4-6 characters long) and use that as your prefix.

$table_prefix  = 'wp_';
$table_prefix  = 'rRe342_';

Pay attention to the Authentication Unique Keys section and be sure to get a new generated set from the WP secret-key service https://api.wordpress.org/secret-key/1.1/ as it says in the comments area.

A good discussion of other wp-config.php options is found here: http://codex.wordpress.org/Editing_wp-config.php

Step 3: Creating Directory-Level Password Checks

htpasswd -cm /home/<username>/<website>/.htpasswd <new username you want to create a password for>

use the -m for MD5

Step 4: Changing the DreamHost Server Settings to Point to Your New WordPress Installation

To run the WordPress install script, you will need to change the settings of the server to point to your WP root directory (the one created during the decompressing of the archive in Step 1). For DreamHost Web Panel users, head to Manage Domains found either through the Toolbox shortcut or under the Main Menu Domains heading. Find the domain (or sub-domain) name you want WordPress to be shown from and click on its Edit button. Now fill out the Web Directory textbox to map onto the WP root directory.

It may be handy to have phpMyAdmin open and ready for the database you’ll be using as you’re going to want to modify a few things.

Posted in Uncategorized | Tagged , | Leave a comment

My WordPress Installation Hacked on Netfirms

DRAFT

I was looking over some settings on my website earlier and I just happened to check on my Google Webmaster Tools account where I discovered that something was not quite right. Google’s site crawler was reporting that there were 24(?) unlinked pages on one of my WordPress pages. I clicked through to find that there was an entirely new directory (/pdd) on my website that linked to a radio podcasting site from the Netherlands. But that directory didn’t exist! Here’s the worrisome part: whoever managed to hack into my account was able to change my root .htaccess file. So they created a new rewrite rule to route the tiago.kamots.net/pdd requests through another vector.

The Altered .htaccess File:
RewriteEngine On
RewriteRule pdd/(.*)/(.*)/(.*)/$ /wp-admin/includes/?post=$3|$1|$2 [L]
RewriteRule pdd/$ /wp-admin/includes/ [L]
RewriteBase /

Whatever changed the .htaccess file was smart enough to create the new rewrite rules near the top of the file for full effect. Had it simply been appended, it would not have worked.

I transferred a part of the Kamots Network from Netfirms to DreamHost on January 15, 2010, and I originally thought that it was during this small window that the attack was made. But I was wrong. I checked back on the Netfirms servers and there were several files with a last modified timestamp of interest (November 15, 2009). They are (using relative pathnames):

WordPress root directory represented as ~
~/.htaccess [Last Modified: 2009-October-23]
~/wp-includes/class-read.php [8 KB]
~/wp-includes/common.php [0 bytes]
~/wp-includes/wp-common.php [69 KB]
~/wp-includes/wp-vars.php [0 bytes]
~/wp-includes/wp-version.php [105 bytes]

When transferring these files to my desktop computer, my Norton Antivirus detected a High severity PHP.Backdoor.Trojan in wp-common.php. It turns out that this file was written by a “security group” in China, which is also where 90% of my spam messages on WordPress originate from. You can download this toolkit off of this group’s website so there is a strong chance it was used as part of an automated/scripted attack by another entity entirely.

Running a Hidden Website Within a WordPress Installation

What interests me is how this attack was able to implant 46 hidden pages within my WordPress installation. For example, this URL:

http://tiago.kamots.net/pdd/41/hoor/hoorspelcast-raquo-gezocht/

actually gets redirected through the .htaccess rule into:
tiago.kamots.net/wp-admin/includes/?post= hoorspelcast-raquo-gezocht |41|hoor

But none of those 46 pages are anywhere in my database or file structure! What an ingenious exploit, and it’s been known since at least 2008 which is the date that this wp-common.php Trojan file was written.

This was quite a learning experience.

Netfirms
You may need to look into your file system security. And shouldn’t you have an antivirus scan of some sort running on your servers? Also, your FTP users are limited with passwords of only 6 characters. That’s way too small! Since you randomly generate them for your customers, you may as well go all the way and have longer (and more complicated) passwords created.
Good References
http://ocaoimh.ie/did-your-wordpress-site-get-hacked/
http://enthusiasm.cozy.org/archives/2010/01/argh-blog-hacked
http://www.askapache.com/htaccess/htaccess.html

Posted in Uncategorized | Tagged | Leave a comment

Discounted Windows 7 Professional Upgrade for Canadian Students Now Available

Microsoft has really opened up to students in recent years, offering their flagship products at a dramatic price reduction. Most MSDN software is even free, including their Visual Studio line of products. Anyways, I’m here to say that Microsoft has already added Windows 7 Professional Upgrade (Wikipedia comparison of editions) to their student discount program.

Windows 7 Professional Upgrade Canadian Student Pricing

At TheUltimateSteal.ca, the Windows 7 Professional Upgrade is listed at $39.99 (in Canadian dollars)! Granted, that’s only for the digital download but you can have them ship you the official DVD for $13 (includes shipping and you don’t even pay tax).

To order your copy, visit TheUltimateSteal.ca or through Microsoft’s longer URL: www.microsoft.com/student/discounts/theultimatesteal-ca/

Since this is an Upgrade, you will most likely have to have an existing genuine license for another Windows product (Windows XP and Vista only). There was a loophole with Windows Vista Upgrades where you would not need to enter in your existing key, but that they may be fixed in this new version. If in doubt, do a search for more information.

Enjoy the next step of PC evolution; thumbs up and thanks Microsoft.

Posted in Uncategorized | Tagged , | Leave a comment

An Allegory of the Business-IT Relationship

I just came back from an RBC launch party for one of the new internal products I worked on as a QA Analyst. I heard a great story from Martin Venema that I just had to share.

IT vs Business

A man is flying in a hot air balloon and realizes he is lost. He reduces height and spots a man down below. He lowers the balloon further and shouts: “Excuse me, can you tell me where I am?”

The man below says: “yes you’re in a hot air balloon, hovering 30 feet above this field.”

“You must work in Information Technology” says the balloonist.

“I do” replies the man. “How did you know?”

“Well” says the balloonist, “everything you have told me is technically correct, but it’s no use to anyone.”

The man below says “you must work in business.”

“I do” replies the balloonist, “but how did you know?”

“Well”, says the man, “you don’t know where you are, or where you’re going, but you expect me to be able to help. You’re in the same position you were before we met, but now it’s my fault.” [possible source]

Posted in Uncategorized | Tagged | Leave a comment

The (Un)Ethics of IT

Ethics for the IT professional. Why does that sentence sound so pretentious? The act of developing (or even maintaining) software is a power. But some people with this power do not go by any rules and so create software that they know is not good enough and probably should not see any public use. Why don’t they speak up? Perhaps we have not experienced a severe enough software-related disaster to truly make us rethink our complacency with ethics.

There are three codes which I am aware of for software professionals as I am a member of these organizations:

Posted in Uncategorized | Tagged , , , , | Leave a comment

Office 2007 Service Pack 2 – Now with more goodness!

That’s a tasty service pack! Microsoft Office 2007 is now at Service Pack 2 and this one’s big.

From an updated version of Office 2007 SP1, it was 350.3 MB on my Windows Vista PC. That’s a lot of ones and zeros.

What’s great about this Service Pack is that it adds full support for OpenDocument Format (ODF) and saving as Portable Document Format (PDF) and XML Paper Specification (XPS). No more having to download external add-ins for this. I’m noticing more and more that Microsoft is allowing a lot more open source interoperability in their products, but I don’t think it’s Big M “caving in”; on the contrary, they’re giving you more reasons to stay with their products.

Oh, and they also added an interface to program against to extend what formats Office 2007 is capable of working with. From their patch notes:

Extensible File Formats: Word, Excel, and PowerPoint now include a converter interface that lets you plug third-party custom file formats into these Office programs. A developer can create a converter for files of a particular extension. When this converter is installed on a user’s computer, the custom file format effectively behaves like a built-in file format. Specifically, users can open files of this format and save them by using the Open or Save UI. They can even set the custom format as their default file format. For more information, visit the following MSDN Web site.

I’m interested to see where this goes.

Posted in Uncategorized | Tagged , , | Leave a comment

CIPS Toronto – Discussion on Work-Life Balance

I just returned from my first CIPS Toronto event. After being a member for just under a year, I finally found a meeting time that fit in with my schedule. Since I’m back at RBC for another summer term, it also put me much closer to the location: the Groundhog Pub.

Upon arriving at the basement room, I found only a handful of people sitting around a table chatting. I was greeted by Cameron McKay (the president of CIPS Toronto) and Jeff Knetchel. I also remember Adam Cole being there, but I did not remember everyone else’s name. I was the only student there and, by far, the youngest.

Cameron had brought along a large microphone to record the talk in hopes of turning it into a podcast. It started as a roundtable discussion where Cameron would ask a question and then go around the table asking the other people (around 10 at this point) what their thoughts or experiences were. I tried to contribute a few times, but I think I only really spoke at any length maybe three times. I asked a question of the others since they all seemed fairly successful and it was very enlightening to hear their experiences and advice on how to manage the balance in our lives. Hopefully the podcast is put up on the CIPS Toronto website.

Posted in Uncategorized | Tagged | Leave a comment