Archive for the ‘Computer and Internet’ Category
Dropbox is a cloud storage service. It is like a remote online drive that you can put your files there. It is slower than your local hard drive, but it is super reliable. A basic personal account is free to open, and it has 2GB free space.
I have been using Dropbox for quite a few years. There are many nice features of it. For me, the most convenient feature of Dropbox is automatic uploading of photos that I take on my mobile phone. I just install the Dropbox app on my Android phone, and set up the automatic uploading. Whenever I take a picture, it would be backed up to my online Dropbox account automatically. It saved a lot of photos when my microSD card in my phone went wrong some time ago.
If you open an account at Dropbox right now, you get 2GB free space. However, if you create a Dropbox account through a referral link from an existing Dropbox user, you will get extra 500MB space, i.e., 2.5GB total free space. The existing user will also get 500MB extra space for free.
If you so happen to need a Dropbox account, you can use my referral link https://db.tt/4WHpE8bR. To get the 500MB extra space, you need to:
- Use the referral link to create a new Dropbox account; and
- Install the Dropbox desktop application on a Windows, Linux or Mac computer; and
- Sign in to the installed application with the newly created Dropbox account.
That’s it. You will see 2.5GB (instead of 2.0GB) space available in your Dropbox account. And thanks, this will also add 500MB to my Dropbox account. If you need more space, you can publish your referral link to earn bonus space.
Please note that, for this to work, you have to install the Dropbox desktop application on a desktop computer. Installing the Dropbox app on your Android or iOS phone or tablet does NOT qualify for the referral program.
For details, you can also check with Dropbox Referral Program.
My wife tried to use her computer with her employer’s VPN. The VPN client did not work until she turned off Windows Firewall. I could have made the VPN client an exception in Windows Firewall earlier, but in 2 days when the firewall was off, her computer showed annoyances.
First of all, her Chrome browser started with an unfamiliar home page, not google.com that she had used. When she visited LinkedIn, there were extra blocks of fishy ads right in the LinkedIn web page. Google search also showed extra funny ad blocks. As contrast, Chrome on my computer does not have this problem.
I checked her Chrome settings, and found two strange extensions. The Chrome on my computer has only one Google Docs extension. I deleted the two extra extensions from her Chrome. After restarting, her Chrome worked fine.
I though it was done. But the next day she said, those annoyances came back to her Chrome again! And she found her Internet Explorer (IE) had the same problem! I went into Manage add-ons in IE, and found fishy add-ons like deal2x, saveas etc. They resided under hidden C:/ProgramData folder. Even running IE as Administrator would not allow me to delete these add-ons. They were rogue add-ons. Very likely, there could be something that would run automatically messing up the system.
A very well known tool to check what run automatically in Windows is Autoruns. This is a green application, just extract the files to a local folder, and run autoruns.exe. It revealed the IE add-ons. I tried to delete them from within Autoruns but it complained it could not find the files, although they were there. More importantly, it showed that AppInit was hooked up by fastandsafe.dll. Hooking up AppInit can hijack Windows API calls, and anything doing that is automatically suspicious. A simple Google search showed that Fast and Safe is malware.
One simple way to remove those stubborn malware is to reboot into Safe Mode of Windows. In this mode Windows loads minimal device drivers and runs least autorun programs, therefore the bad code does not get to run, and we can clean it. It’s a bit involved to boot into Safe Mode for Windows 8 or 8.1. After booting in Safe Mode, I ran Autoruns again, then deleted the AppInit and Internet Explorer entries, then went to C:\ProgramData and deleted those fishy subdirectories. I also deleted the Chrome extensions.
After rebooting, her computer has been normal. Of course, I make sure Windows Defender and Windows Firewall are enabled.
If you want to watch Amazon Instant Video on your Android phone or tablet, you may be surprised to find that there is no such app available on Google Play Store. You can of course try to use the web Browser app in Android, get to Amazon’s website, and log in to Instant Video; but when you click any title, it does not play, and you see this message: “You can watch it on Kindle Fire, mobile devices, game consoles and other compatible devices”. Amazon’s list of Compatible Mobile Devices includes only Amazon Kindle, its new Fire Phone, and Apple iPad/iPhone/iPod Touch series. As you already know, Android phone/tablet is not on the list. It is unacceptable that Amazon Instant Video subscribers cannot use Android phones or tablets to watch the titles.
Android users basically have only one workaround – pretending to be using a Desktop web browser, like watching on your Windows PC.
Install Dolphin Browser
We need a bowser app on Android that can pretend to be a Desktop web browser. Luckily, Dolphin is such a browser on Android that you can set User agent to “Desktop”. That way the web servers would believe you are using a desktop computer than a phone/tablet. You can install Dolphin from Play Store.
When Dolphin is running, touch the little dolphin icon to the right of the web URL box, then choose Settings icon (to the left of Dolphin icon in the pop up), choose Customize, then touch User agent and change to Desktop.
Use Adobe Flash Instead of Microsoft Silverlight
If you think that’s it, you are wrong. Now you run Dolphin, log in to your Amazon account, and get to Instant Video. When you click to watch a video, it does not play and says that it needs Microsoft Silverlight. Silverlight is a web browser plug-in for PC. Amazon does not know your browser is in fact running on Android. It thinks you are running on Windows. The problem is, there is no Silverlight on Android! Microsoft does not provide that support for Android.
Amazon used to use Adobe Flash for playing videos in web browser. Some old posts over the internet worked with that assumption. But Amazon became favoring Microsoft Silverlight from Adobe Flash.
However, Amazon still allows you to use Flash. You need to click Settings in the web page and get to Amazon Instant Video Settings. Scroll down to near the bottom, you find WEB PLAYER PREFERENCES, and you choose Adobe Flash Player instead of Silverlight (Recommended). Now that annoying Download Silverlight message is gone.
Install Adobe Flash Player
But, most likely your Dolphin still does not play the movie. On my HP Touchpad CM10 (Android 4.0.4), Dolphin shows a little cube with a few question marks – basically no Adobe Flash Player is available in my Android tablet. Abode stopped support of Flash Player on mobile platforms a few years back. Most Android systems do not come with Adobe Flash Player installed today.
However, you can still download the stagnant Flash Player 11.1 for Android from Flash Player archives at Adobe. For example, depending on your Android version, you can download:
After the apk is downloaded, just install it and you are done. Now you can come back to Dolphin and reload the page, your Amazon Instant Video now plays!
Update 7/16/2014: Amazon has confirmed that it will launch an Android app for its video streaming service “soon” (PC Advisor).
Introduction to Asus RT-N65R/RT-N65U
Asus RT-N65R is a powerful home wireless router. You can find both RT-N65R and RT-N65U models, but they are exactly the same hardware. RT-N65R is the retail version sold by Best Buy and so on, and RT-N65U is supposedly sold by Asus directly. The only difference is the firmware on board. In fact, if you go to Asus support website, you will find the firmware updates for RT-N65R and the firmware updates for RT-N65U are exactly the same. From now on, you can assume that they are the same model.
Why do you need to consider this router? There are a few reasons.
- The router is very affordable. It is not 802.11ac so not the fastest. But that’s why you may get it for cheap. The AC models are almost all well above $100, but you may get this one for less than $50.
- The router is feature-rich and powerful.
- Dual-band 802.11n with theoretical 750Mbps speed
- Pretty good range coverage for most homes
- 2 USB ports for storage, printers and so on
- Ralink RT3883 500MHz CPU, 128MB RAM, 16MB Flash
- You can install custom firmware. Given its powerful CPU and ample RAM/Flash, with USB storage drive, it can easily be turned into an always-on Linux server. You may use it as file server, VOIP server, and so on. This is the most appealing reason that I bought this router.
The in-depth review can be found at SmallNetBuilder.com. There are some concerns with this router that you may want to know:
- Even though the 2 USB ports are USB 3.0, do not insert USB 3.0 devices. The hardware has flaws. Inserting USB 3.0 devices would interfere with 2.4GHz band and causing devices on this band to disconnect from the router. It is however fine if you only use USB 2.0 devices on the 2 ports. For details, see here. If you have to use USB 3.0 devices, you need to look at other models.
- The router runs warm/hot. Some users worry that heat may prematurely damage the router. Asus says it is designed to withstand that heat. Just remember to have enough clearance on all sides when positioning the router.
The factory AsusWrt web UI is pretty and powerful. It looks like this:
However, custom firmware offers more features and flexibility. DD-WRT and Tomato supports some Asus routers, but not RT-N65U. Recent Asus routers run the unified AsusWrt firmware, which is mostly open source (except certain modules from chip vendors). That makes the (benevolent) hackers easier to create custom firmware. Although stock AsusWrt is already quite flexible for hackers, custom firmware such as AsusWrt-Merlin is even more flexible. AsusWrt-Merlin however does not support RT-N65U yet.
Flash Padavan Custom Firmware and Install Entware
Luckily the Padavan custom firmware supports RT-N65U (and some other Asus routers such as RT-N56U/R, RT-N14U). From here, you can see the Padavan firmware has a lot of built-in features. If that is not enough, the Padavan firmware supports Entware. Entware is a package repository for embedded devices. If you have no clue, Entware for router is like App Store for smart phone. Running Entware package manager utility opkg, you can download and install many software packages on the router, and turn it into a versatile little server machine. For example, you can install Asterisk PBX, with whose SIP support the router can be a VOIP server.
Flashing custom firmware to AsusWrt router is very easy.
- Download the proper Padavan firmware here. I used the latest “full” version RT-N65U_22.214.171.124-081_full.trx. Also download the matching .md5 file – you do not want to flash a corrupt firmware binary to the router. If you are on Windows, you may want to download Microsoft File Checksum Integrity Verifier to generate md5 from the downloaded firmware and verify it is not corrupt.
- Before flashing the new custom firmware, save your current router settings. Go to Advanced Settings | Administration | Restore/Save/Upload Settings, then backup the current router settings to a local file on your PC. In case you need to revert your custom firmware back to AsusWrt, you will be able to restore the router settings easily with the backup settings file.
- Installing Padavan firmware is considered “Firmware Upgrade”. You just need to go to Advanced Settings | Administration | Firmware Upgrade. From there you upload the Padavan firmware file (RT-N65U_126.96.36.199-081_full.trx), similar to this (courtesy to Ricky Gao, screenshot is for RT-N16):
- Once router is flashed, reboot it, and enter the settings if they are different from your original settings. It should work the same way as AsusWrt now.
There are some more steps you may want to do.
- Disable Telnet and Enable SSH. Telnet is not safe and SSH is better. You will need to use SSH often in hacking this router. P.S., this Padavan firmware is not affected by the Heartbleed vulnerability.
- If you use Windows, install PuTTY if you haven’t. Using PuTTY as your SSH client connecting to the router, see here. When you connect to router SSH server for the first time, PuTTY prompts a message like “
The server's host key is not cached in the registry...”. Just accept it. For details, check here.
- Once you login to the router through SSH, you can now prepare to use Entware. The first step is to get USB storage for Entware packages, following instructions here. I use a USB thumb drive.
- You do not need a swap partition on a USB drive, because USB drive is slow and not meant to sustain many writes. RT-N65U probably has enough RAM for most services.
- Be careful when creating file system on a small USB drive such as 1GB or 512MB. The default command may create too few inodes. When many small files are installed by Entware on the partition, it can run out of inodes before the space is used up, and no more files can be created. You may want to change -i option when making file system.
- Use Entware opkg to install software packages. For example, update Entware and install nano. The default editor in Padavan firmware is vi, which is too hard to use for anyone from Windows background. Gnu nano will be very useful when you edit the script and configuration files in hacking the router:
opkg update opkg install nano
That’s it at the moment. The router is now open to a lot of explorations!
Following the guide here, below is an example of creating a family of strong passwords.
Part 1: Create Base Passwords
- Use a sentence that you can easily remember. For example, “A Li Ba Ba Shi Ge Kui Le De Qing Nian”.
- Take the initial letters of the words: “ALBBSGKLDQN”. This is the password base 0.
- Add some numbers or change some letters to numbers, and make some letters lower case. For example: “AL88SGKLDQn”. This is the password base 1.
- Optionally, add a little personal customization. For example, adding initial of my name: “AL88SGKLDQnb”. This is the alphanumeric password base 2. Base 2 is moderately complex. Base 2 should have at least 8 characters to have sufficient strength.
- Add special characters or change some characters into special characters. For example: “@L88SGKLDQnb”. This is this full-strength password base 3. Base 3 should have at least 8 characters to have sufficient strength. Base 3 is normally quite hard to crack. When adding special characters, make sure you do not use a special character that cannot appear in the password for some organizations.
The base passwords should be hard to guess, funny looking, but quite easy for you to remember.
Part 2: Derive Actual Passwords
The base passwords are not used as actual passwords directly. Actual passwords are derived from them. You will normally derive passwords using some information from the organization that you have an account with.
- For accounts that do not allow special characters in passwords, derive a password from base 2. For example, if your fictional bank Fairview falls in this category, you could add the initial f to base 2 to create a password: “AL88SGKLDQnbf”. You can also add numbers to it – some organizations require you to change your password every 6 month or so, so you may just change the number then.
- For accounts that allow special characters in passwords, derive a password from base 3. For example, for an account with Best Buy you could add the initial b to base 3 to create a password: “@L88SGKLDQnbb”.
Using organization-specific passwords reduce the risk. If you use the same password for all your accounts, when one of your accounts is hacked the hacker gains access to all your accounts. Use a organization-specific derivation scheme, such that it is easy for your to remember, but hard for hackers to guess.
In the end, you have a family of passwords that you could easily remember, but they are very hard for hackers to break.
P.S., do not use the exact password bases above, and the exact approach shown above to derive organization-specific passwords. Use your creativity in creating bases and derivation scheme.