Django User Group London Meeting

I attended yesterday’s DJUGL meeting, held at the Guardian in London. The evening consisted of three presentations with gaps for discussions and consumption of free beer and pizza. Entry was free and open to all with an interest in making Django better, though registration was strongly advised as the venue was almost full. The best way to find out more about upcoming meetings is probably through the London Django User Group Google newsgroup or the London Python Twitter stream.

The talks were quite inspiring. Nicholas Tollervey’s FluidDB talk had quite an interesting concept, though the company seemed to be at an early start-up phase and I will probably wait to see how it progresses before making my apps feed data to them. Toby White’s Solr talk was an insight into the techniques used by companies that have masses of data the wrangle into searchable formats. The Celery/RabbitMQ talk by Mat Clayton was the most familiar subject to me as I’d read articles on Celery before. It included some practical tips and lessons from their infrastructure experience. I can definately see how implementing a queuing system like this would be beneficial for parts of my apps that have to send emails and communicate with public web APIs.

Ubuntu Opportunistic Developers Week

I’ve been following along with the latest community program from Ubuntu this week – Ubuntu Opportunistic Developers Week. There are a number of talks, each one hour long, which aim to stir up some action in the minds of would-be developers.

The talks are carried out through a tool called Lernid from community manager Jono Bacon. I feel this has been very successful in bringing down the perceived barriers between the well known developers and those of us who wish to get an application going.

Listeners were encouraged at the beginning of the week to think of an app and, hopefully by the end of the week, make it happen. Almost all levels of programmer could benefit from the talks and the leaders were very willing to answer in depth questioning throughout.

The format has worked really well in that you can choose which parts to listen in on and somehow feel less intimidated to ask questions than in a real-life conference.

The week has definitely inspired me so far to start putting some of the ideas I’ve had in to practise. A few of the projects I had tried before such as Quickly and Ground Control, but I was good to hear from the humans behind them. Talks that engaged me especially were CouchDB/DesktopCouch with Stuart Langridge, GStreamer with Laszlo Pandy and GooCanvas with Rick Spencer.

I look forward to the rest of the week and hope it inspires many more developers like me to create some really cool open-source apps. Thanks to everyone who has taken the time to make it possible.

PC to HDTV HDMI Woes

I’ve connected my PC to my HD TV via HDMI. There were some problems with the picture quality that I came across, so I thought I’d explain how I’ve managed to fix them.

The TV is a 22″ 1680x1050px LG M2294D and is labelled as a ‘Digital TV Monitor’. The PC is an Acer Aspire Revo 3600 which has a dual core Intel Atom 330 processor with Nvidia Ion graphics.

Auto-adjusting backlight

Firstly was the problem with auto-contrast/auto-brightness. If this is enabled, the TV’s processor will look at the picture signal–If it is mainly dark (black) the back-light turns down and if the signal is light (white) the back-light gets brighter. This could be a good feature when watching films or TV (though I’m not convinced) but it is very distracting when using your computer.

With this TV, you configure the picture by first selecting from some pre-defined modes (such as ‘Standard’, ‘Vivid’, ‘Cinema’) and then adjusting brightness contrast etc. to your taste. Apparently, some of these modes have the auto-contrast enabled and some to not. You can try different modes and also the picture reset function if you have this problem. I’m sure it varies from set to set but I set mine to ‘Standard’, then did a ‘picture reset’ which did the job.

Signal post-processing

Secondly the TV was trying to do some sort of processing to the video signal which made it quite blurred. I should clarify that I had the PC set to the exact same resolution as the TV’s native resolution (1680×1050). It is very important to set this as you will never get a good picture otherwise.

The kind of problem I had was that the bright colours appeared to bleed horizontally for maybe 3-4 pixels. I didn’t notice this in text, but did when I saw the Firefox icon against the light grey of my task bar panel. This is also supposed to be something desirable when watching TV or Films as I guess it blurs over the artifacts in video compression. If I had a high-def player I would probably still want to turn this off as I’d want to see the real signal. It was quite hard to turn this off actually on my TV. I had to go into the general settings and then ‘Label inputs’. I had seen this feature before but never thought it would make a difference to the picture quality. There were a pre-defined list of labels for HDMI1, (such as ‘Set-top box, Games console and PC) I chose PC. I then changed to a different input, then back to my newly labeled HDMI1-PC and it was good.

Nvidia drivers

Finally I found the Proprietary Nvidia graphics card drivers were trying to be clever. There is a protocol called EDID which allows the TV to tell the graphics cards about itself. This is useful as the graphics card can then set the correct resolution among other things. Another thing the TV says is that it is a TV and not a monitor. The problem is how the proprietary Nvidia drivers for Linux use this. A kind of unsharp mask is applied to this signal from then on which has the effect of showing small halo type marks around high contrast shapes such as text. This is a bug in my opinion as I don’t see why a high definition television should require extra sharpening. Someone has thankfully come up with a work-around, which involves taking the description data from the TV, saving it, removing the part about the device being a TV, then telling the driver to use this customised EDID file. You can get a further description of how to do this from the project website along with tiny programs that capture and modify the data. After you have your modified EDID file, you need to add a reference to it in your /etc/X11/xorg.conf configuration file as an override.

Final result

The picture still has minor imperfections where it appears to be slightly sharpened. This is apparrent sometimes if you look closely at the edges of text. However, the picture is very much improved from what it was. I reconnected the PC through the TV’s DVI socket and the picture has the same slight sharpening. If I find out any further improvements, I’ll post them here.

Security measures for protecting web accounts

I though I would write some notes on website security today – specifically for account logins. So many sites these days require some sort of login. Even if there is no facility for users to register, most will require some sort of admin interface to a CMS for maintenance.

The dictionary/brute force attack is the simplest way somebody would try to gain access, and once they’ve gained access to your admin privileged account, they can do almost unrestricted amounts of damage. Once a cracker found the login page to your site they could quickly write a script which repeatedly enters usernames and passwords and submits the form. A script like this could make many attempts per seconds and will eventually get the correct combination, provided they do not get blocked in some way.

There are however a number of ways you can make it harder for a attacks to happen to your sites and your users.

Choosing safe passwords

Most brute force attack scripts will start off by going through the dictionary or a list of commonly used passwords (e.g. ‘password’, ’12345′, ‘letmein’, ‘querty’, ‘liverpool’ , more). Your admin password should use a combination of letters, numbers and symbols even if you can’t make your users do the same.

Obscuring the admin account

Use an obscure username for your admin account. Most web administration systems will initially create a user called ‘admin’ or ‘root’ with full access rights. A cracker will know this and will start off trying various passwords against the admin user account. Removing the default admin user or renaming it to something else will make the attempts useless – at least for a lot longer until they start trying other usernames.

Limiting login attempts

Limit the number of login attempts someone is allowed in a certain period of time. Surprisingly, many web login systems do not implement any such security. The principal is simple, when a predefined number of failed attempts have been attempted from a single IP address in a predefined period of time, further attempts are ignored. This works because it seriously slows down crackers so that, for example, instead of hundreds of attempts per minute, they are only allowed three.

You should check whether your current systems implement this feature. If you use a popular framework, somebody has probably already already written a plug-in, module or patch to fix this.

SSL/TLS encryption

Use SSL/TLS to encrypt the form data (HTTPS) There are many occasions, where a man-in-the-middle (MITM) attack could be performed to listen in on the username and password data you send when you log in to a web form. This is especially a risk if you are using public wi-fi or an internet connection in a hotel or cyber-cafe. This is very easy for the attacker to do if the connection is unencrypted. If you enable SSL/TLS on your webserver and the web form is submitting to a URL beginning with ‘https://’, it will be next to impossible for the attacker to gain the username or password.

The unfortunate issue with getting this set up is that the server requires a certificate to be installed. You can generate one of these yourself (self-signed), however, as it will not be signed by a certificate authority (CA) that browser manufacturers trust, your users will probably be put off by a big warning message.

The problem is that a certificate is doing two things – enabling encryption security and proving that a website belongs to who they say it does. We just want the security aspect, but you have to have both. You have to make the decision on whether your visitors are savvy enough to trust the certificate, or whether you pay for a trusted certificate. There are projects such as CAcert [http://www.cacert.org/] that are trying to get accepted as a trusted CA whilst signing your certificates for free. However, until they are supported in every major browser, I have decided to go ahead and purchase one. Thankfully they are a lot cheaper than they used to be, but it pays to shop around and also check the list of supported browsers. Some can be bought for around £15.

There is one other reason for not using self-signed certificates and why users should not blindly accept these when they visit. Since your CA in unknown, a man in the middle could watch out for unknown CAs and auto-generate another certificate on-the-fly then pass it on to the user. If the user accepted this certificate, the data would be encrypted to the MITM, then the MITM would re-encrypt it to the server, leaving the user unaware of anything unusual. For this reason I would suggest only using a self-signed certificate if you and your users’ browsers are setup to trust the correct certificate at the start, then you would be notified if it has been changed in between. You will probably want to generate a self-signed certificate with an expiry date very far into the future if you are going to use this approach.

Phishing attacks

Phishing is an alternative way for an attacker to gain access. It’s really hard to protect your users from phishing attacks but you should learn how to avoid falling into the trap yourself.

If your site becomes popular, it is likely scammers will duplicate your login page and host it on their server where it will collect all username/password combinations entered. They will then send out emails to your users telling them they need to log in for some reason or another, including a link to their cloned login page.

Users should be warned not to ever click links in emails and/or inspect domain/subdomains, but this requires some technical knowledge. Once a user tries to enter their login details, the scammer can now access their account for malicious purposes. Among the most serious of these attacks are the ones that pose as your online bank or building society.

If you are a site administrator, it is likely that scammers have created pages that look like all of the standard website maintenance panels. Imagine, you received an email that appeared to be from someone who maintains your server, telling you that you need to change your password. Would you blindly click the link and log in?

All change

OK, so I’ve neglected the blog a bit recently but hopefully I can be excused. I had three weeks of exams for my final year at University of Essex and dissertation presentation before that. The exams were over almost two weeks ago now and since then I have catching up with other work and starting a few of my own projects I have been thinking about lately.

I have been gennerally been working on the way I integrate websites for customers in future, and making my source code for web applications more structured and re-usable. There are several useful segments of code I have written over the years and I feel it would be beneficial to make them more generic so they can be added to new projects more easily and extended.

The management system I developed a few years ago for the family business website http://courchevel-1650.com has proven to be successfull and new features have been developed regularly. The system handles all the areas associated with renting out property to holiday makers, such as storing customer details, managing availability, updating the website and printing letters. With a proven system like this that does so much, I’m sure other businesses could make use of it so am making it more generic.

Aside from these I have several other ideas in the pipeline inspired from courses I took in ‘Image Processing’ and ‘Further Concepts in Databases’ but you’ll have to wait for further details at a later date. I also feel the urge to contribute source code to a few open source projects so expect to see developments in this area in future.

Easter vacation

Well, it’s the end of spring term at uni now and I’m back for the holiday staying with parents. The past few months have been pretty busy with assignments and dissertation (which I’ll post about at a later date). Here’s a list of what I’ll be up to until I return to uni for my final term.

• Keep an eye out for jobs.
• Work on my ‘Mobile Robots’ coursework, which involves programming Aria/Pioneer robots to manoeuvre a course with sensors.
• Prepare my presentation to demonstrate my dissertation project next term.
• Revise some course material for exams.
• Carry out some restoration work on Bertie (the Rover Mini shared my Jayne and myself).
• Get a week of snowboarding action in Courchevel, France.

I’ll probably be blogging about several of these, so stay tuned!

Mobile 3G Internet

Yesterday I switched my mobile network provider to ’3′, mainly because of their attractive fixed-rate Internet bundle. For £5 I get 30 days Internet access, up to a 2GB data-transfer limit. Compare that to my previous network provider (who shall remain nameless) and my £5 would get me only 1MB (0.5p per KB). Obviously this has given me a lot of freedom to surf the web, send/receive email and read RSS feed, which are supported nicely on my Sony Ericsson K800i. Other networked applications I have installed so far are Google Maps and YouTube. I had always wanted to use Google Maps when out and about before, but the amount of data that it uses was just too expensive before.

A particular feature that I have found interesting is my phone’s support for IMAP4 ‘push’ email. After adding support into my Courier-IMAP server, the phone receives email notification (like receiving an SMS message) as soon as new emails are stored on the server. If only my desktop mail client (Evolution) supported this too!

The other thing I want to mention is mobile TV. For £2 I decided to try out 3′s 30 day mobile TV add-on. Quality is obviously not brilliant as it is streamed and there’s not a mass of channels, but it’s amazing none-the-less the first time you see it. I don’t know yet whether I will continue to purchase this add-on, but I can see it being a boredom-buster for those train and bus journeys.

Overall, I’m really happy with the switch–SIM card cost nothing (free with £10 credit), it’s given my phone so much more value, I’m getting to keep my old number and still on pay-as-you-go (pre-pay).

Sony Ericsson phones reading ID3 tags

I’ve been having trouble transferring/playing music on the SE W610i and K800i phones. Copying the MP3 files to the phone is easy–when you plug it in with the USB cable you can select ‘File Transfer’ on the phone and it will reboot as a mass storage device so Linux can mount it. However, after transferring albums and safely unmounting the disks, they appeared to have strange names in the music player. When viewing by artist, album and track in the Walkman and standard music player sometimes the ends of names would be cut off even if they weren’t particularly long. For example, after transferring Mark Ronson’s album ‘Version’ and viewing by artist, the album would be split apparently between three artists:

   Mark Ro
   Mark Ron
   Mark Ronso

Initially I assumed the files were becoming corrupt somehow, even though I made sure I was unmounting properly from Ubuntu and even tried the same files from a Windows machine. After a bit of searching I found a forum thread about the same problem. The problem is due to ID3 tags–specifically version 2.4. The way the Sony Ericssons (at least these phones) display artist and track names has nothing to do with directories or file names but ID3 tag embedded in your MP3 files. Many of my albums had information stored in v2.4 of ID3 (Amarok uses 2.4 by default), but the phones can’t handle this properly and much prefer the 2.3 version. Problem identified! Now for a solution.

Warning: There is a possibility you will loose some ID3 data when converting from v2.4 back to v2.3, However the stuff that does get removed can’t be that great as I haven’t noticed anything missing. V2.4 is supposedly a bit controversial anyway, so v2.3 should make your files more widely supported.

There are two open source tools I can see as being helpful–id3v2 (command line) and Kid3 (graphical GUI KDE application). id3v2 has the argument -c (–convert) which is supposed to convert from id3v1 to id3v2. This will allow you to convert all MP3s in a directory with one command as follows:

id3v2 -C Music/MarkRonson/*

Kid3 has a reasonable user interface and may in fact do a better job at conversion as it has a specific v2.4 to v2.3 conversion tool. You select the files you wish to convert by opening them, Ctrl-A then from the main menu select ‘Tools’ -> ‘Convert ID3v2.4 to ID3v2.3′.

Hope this has helped someone out. This fix works but hopefully a more elegant solution will come at a later date (e.g. ID3 tags get converted automatically when being copied or SE release a firmware update to support v2.4)

Packard Bell Syntek webcam success

Approximately 18 months ago, my girlfriend was looking for a small and light laptop to replace her broken iBook. The replacement laptop is a Packard Bell Easynote BU45-U-045 (I think that’s the model number–product details). Most of the hardware is well supported by Ubuntu Linux–Intel graphics chip runs Compiz-Fusion well, SD card reader, and wireless–although with ‘Restricted Drivers Manager’. There is also a webcam integrated above the screen, but I didn’t get this working until today. The camera chip comes from Syntek Semiconductor Ltd but is usually assembled under the name D-Max.

The command ‘lsusb‘ was an obvious starting point, but no manufacturer/device name is given so you have to look carefully at the ID numbers. This is the output I have (174f:a821) but apparently there are other devices by Syntek that are supported (174f:6a31, 174f:6a33, 174f:6a51, 174f:6a54 and 174f:a311).

jayne@jayne-laptop:~$ lsusb
Bus 004 Device 001: ID 0000:0000
Bus 005 Device 001: ID 0000:0000
Bus 003 Device 001: ID 0000:0000
Bus 003 Device 002: ID 08ff:1600 AuthenTec, Inc.
Bus 002 Device 001: ID 0000:0000
Bus 001 Device 002: ID 174f:a821
Bus 001 Device 001: ID 0000:0000

I found the Syntek DC-1125 Camera Driver Project hosted on SourceForge, still in development (in face the latest version was released today!) but it worked OK for me. These instructions are how I managed to get it to work on Ubuntu. If you decide to carry out these yourself, you do so at you own risk and I accept no responsibility.

Download the drivers from the project page–you want the file stk11xx-*.tar.gz–and extract them. From the extracted directory, make the Loadable Kernel Module with the command sudo make -f Makefile.standalone. I got the following error about ctags, but this didn’t matter as the module had been compiled by this point (.ko file).

make: ctags: Command not found
make: *** [driver] Error 127

If compilation goes OK you should see a file called ‘stk11xx.ko’ in the directory which you should copy to your kernel’s module directory, sudo cp stk11xx.ko /lib/modules/`uname -r`/kernel/drivers.

Run the following commands to load you camera’s kernel module. The light next to it flashes if you have one.

sudo depmod -a
sudo modprobe stk11xx

If all has gone well up to this point, test it with an application like Camorama or Ekiga. Install Camorama through Synaptic or by typing the following command.

sudo apt-get install camorama

For me the image shown was upside down, which was annoying at first. However there is an argument you can pass when you load the module which counteracts this. If you need the image flipped, use these commands to unload the module and re-load it with the argument ‘vflip=1′.

sudo rmmod stk11xx
sudo modprobe stk11xx vflip=1

Open Camorama again and you will hopefully now be the right way up. Now we have to make sure that this argument gets added automatically or you will be the wrong way up next time you start the computer. You want to create a new file in the directory ‘/etc/modprobe.d’ for the module with the line ‘options stk11xx vflip=1′ in it.

sudo touch /etc/modprobe.d/stk11xx
sudo gedit /etc/modprobe.d/stk11xx

If you have a similar webcam, I hope this post is useful to you. If you have tried this for yourself, please leave a comment.

Introducing: Another Blog

I set-up this blog a few months ago and it’s just been kicking ’round doing nothing. So, here we go–my first blog post.

I am a 3rd year undergraduate student studying Computer Science at Essex University. This blog will hopefully allow me to document my thoughts and provoke discussions on matters that are relevant. I have a small web design business that has been running for a few years now, and a wiki which I add to whenever I solve a problem–It’s mainly so I don’t forget, but you may also find it useful. Things that interest me and will be covered in this blog are:

• Web development (CSS, XHTML, server-side scripting)
• Graphic design (print and 3D–notably Blender)
• Linux (FOSS, community, Gentoo, Ubuntu)
• Servers (Web, email, SQL, backups)
• Programming languages (PHP, Java, C, C++, Ruby, Python etc.)
• Recreation (Snowboarding, Jazz–Saxophone, cars–Minis)

Anyway, thanks for reading so far and hope you have a use for this blog.