Feed Change!!!

Due to the blog's name change and some some maintenance work, the feed to the site has changed. Subscribe again by clicking the icons on the right, by clicking one of these icons:

Or by changing your feed's address to: http://feeds.feedburner.com/TheTravelingTechGuy?format=xml.

Notice that from now, we'll all know how many people have subscribed to the blog.

Liven Your Site with a FavIcon

If you want your web page (or blog) to have a FavIcon (just like the one you see at the address bar right now), do the following:

1. Create a FavIcon. This is an icon (.ico) file, that can be created using agraphic editor, or Visual Studio. The easiest way, would be to browse to FavIcon from Pics and create one online.
2. Upload the .ico file to your site.
   
3. Add the following line to your homepage, in the <head> section:
   <link href="path to your icon file" rel="shortcut icon">
4. Flush the cache of your browser (FireFox got over this, IE still needs this step).
5. Browse to the homepage and bookmark it (if you want to).
   

HD DVD

HD DVD is one of the 2 new movie formats competing to replace DVDs in your leaving room (it's being pushed by Microsoft, Phillips and Toshiba. The other format is BluRay from Sony). Essentially supporting higher resolution, special features - and much more capacity on a single media, for storage (15-30GB per media).
While new players have been in the $500 for a while, their price is starting to drop. And since I have an HD TV in my living room, I decided to jump on the bandwagon. And just in time, it seems:
The Microsoft HD DVD player for the XBox 360 has been considered one of the cheapest players ($199) for 6 months now. It just got cheaper. Microsoft just announced that between 8/1/07 and 9/30/07, the player would sell for $179, accompanied by 5 HD DVD movies from a list of 15.
Cool!

PS: A new generation of players that can play both HD DVD and BluRay is headed to production as we speak, but this low price beats the waiting. And since the XBox player is connected via USB, I'm sure a hack would come along, allowing its connection to a PC one day :).

PPS: Here's the list of titles available for selection:

• Apollo 13
• Blazing Saddles
• Casablanca
• The Chronicles of Riddick
• Constantine
• The Dukes of Hazzard
• Four Brothers
• Lara Croft: Tomb Raider
• The Perfect Storm
• The Rundown
• Seabiscuit
• Sky Captain and the World of Tomorrow
• U2: Rattle and Hum
• U-571
• We Were Soldiers

Widgets Online

In my last post, I've discussed widgets.
One form of widgets I've neglected to mention is the online type - the kind that is hosted in a web site. Here are 3 samples:

1. iGoogle - Google's home page - allows adding widgets from it's huge repository.
   Must have a Google account if you want them saved for next time.
2. Live.com - Microsoft's stab at a homepage.
   Must have a Live ID to...
3. ProtopageNice, cool and highly configurable homepage.
   

Widgets, Gadgets and Applets (oh my!)

I love widgets!
For those who haven't heard of these tiny little helper programs, a widget is an applet (an application running in the context of another application - such as a Java applet running inside a browser) that runs on your desktop.
Widgets will usually show information in a graphical way, or will show data from a web service or an RSS feed.
I usually have at least a calendar available, along with some CPU/memory statistics. Sometimes I add weather, news feed etc.
I'm running 3 operating systems: XP, Vista and Mac OS 10.4. Each has its own widget engine:

Windows XP XP has many engines available, but the most common by far is Konfabulator (bought by Yahoo and renamed to Yahoo Widgets). A gallery of available widgets can be found here and there are literally thousands available. PS: each widget runs as a separate process, so you can use task manager or Process Explorer to make sure not too many resources are consumed by your "helper" applications.

Windows Vista In Vista, these are called "gadgets" and reside in the sidebar - a new Vista feature, that is part of the operating system. More gadgets for Vista can be found here

Mac OS X On the Mac, widgets are also part of the operating system and can be shown or hidden quite easily, using a feature called "dashboard". You can find some mac widgets here. PS: there's a version of Yahoo Widgets for Mac as well - allowing for cross-platform widgets.

Development

Widgets are usually easy to develop. They are written in a mixture of JavaScript and XML (that means you can use a text editor to write them). It's the task of the engine to parse the file and render the widget - allowing for cross-platform widgets (or easy conversions).
Konfabulator even provides a "my-first-widget" wizard. Think of any information you may want to show on the desktop, and you can develop a widget to show it.

Microsoft's answer to Bittorent?

Microsoft released today a new tool called Microsoft Secure Content Downloader (MSCD for short). The tool is described as

a peer-assisted download manager capable of securely downloading specific files.

and

• MCSD is a peer-assisted technology. Each client downloads content by exchanging parts of the file they’re interested in with other clients, in addition to downloading parts from the server.
• No matter how great the internet’s demand for the file, you will always be able to make progress downloading.
• MSCD lets you download content quicker than is possible without peer assistance.

This, to me , sounds just like the definition of Bittorent.

Yes, again Microsoft joins the game later than the other players (IE anyone?), but if history tells us anything, they usually get it right in the end and leave competition well behind (Netscape anyone?).

Visual Studio 2008 B2 - continued

Addendum to my last post. 2 new tools that were released today by Microsoft:

1. Microsoft Silverlight Tools Alpha for Visual Studio 2008 Beta 2 - an add-on to the Beta 2 release of Visual Studio 2008 to provide tooling for Microsoft Silverlight 1.1 Alpha Refresh. It provides a Silverlight project system for developing Silverlight applications using C# or Visual Basic.


2. Microsoft ASP.NET Futures - The Microsoft ASP.NET Futures July 2007 (“Futures”) release contains an early developer preview of features providing a wide range of new functionality for both ASP.NET and Silverlight™.

Visual Studio 2008 B2 is out

I've been playing with VStudio 2008 beta (codename "Orcas") for a while now, trying the new .Net 3.5 features for size. Today, Microsoft announced beta 2 of both VS 2008 and the .Net framework.
More can be read here and the software can be downloaded from MSDN.
The good news: better Linq support in C# and you can now develop SilverLight applications inside VStudio.

7

The next version of Windows client operating system, codename "7", is planned (according to a Microsoft "leak" - some claim an intentional leak) to be released in 2010 (make it 2013 if Vista is any indication :)). Get the lowdown and rumors here and here.

The big news seems to be that 32-bit lives on...

Control your Boot

If you want to have better control of your boot process in Windows (any version), get cozy with the available parameters you can specify in the boot.ini file.

You can find boot.ini in your root folder (mostly C:\). If you can't see it, enable showing hidden files: in Windows Explorer, go to Tools->Folder Options..., browse to the View tab and select show hidden files and folders.

The file should now be visible.

It can be edited with any text editor, such as notepad (although I recommend Notepad++ for it's superb code handling and multi-tab view).

Once you select the flags you need from this list, add it to the file and reboot.
Make sure you save a backup copy of the original file!

If after booting you experience weird or erratic behavior, restore the old file. If you can't boot into the normal OS, boot into safe mode, restore the boot.ini file and reboot.

I just added the /PAE to support the 4GB upgrade to my memory (alas, Windows XP only "sees" 3GB regardless...).

SOA in the Real World

An interesting article (or book? it's 196 pages long) from Microsoft, about SOA (Service Oriented Architecture), can be downloaded from here.

Just read chapter 1 to get the lowdown. Yes, it is slanted to show the Microsoft point-of-view of SOA (use of .Net technologies such as CardSpace and WCF is highlighted), but then, you don't expect to get this for free, right?

The document can be downloaded as a PDF or an XPS (the new Microsoft "PDF-killer" format).

SilverLight Airlines

Back to technology posts (yes, I tend to get of the tech topic while I'm on the road, bare with me).
This short post is just a link to a great SilverLight demo, called SilverLight Airlines.
To read more about SilverLight, refer to my earlier post.
Don't forget to install the SilverLight ActiveX/Plug in for your IE/Firefox (respectively), before playing with the demo.

Waiting for Harry Potter

Jet lagged as I am, I decided to stroll to the Borders shop next to my hotel and stand in line for the last, seventh Harry Potter book.

I like Harry Potter, but it's safe to say I'm not a rabid fan. I'm aware of the fact that I could probably get the book tomorrow with no line, for half-price in the US (cost me 12GBP) or less on Amazon. But having missed the big "let's stand in line for 2 days to be the first in the office to have an iPhone" event, I felt like doing this for the experience. And definitely, standing in line for a book, is a much worthy cause than standing in line for the gadget-du-jour (and here you thought I was 100% techy :)).

So, the book was released at midnight, July 21st 2007. Prompted by a countdown. I was way back in line. But since this is the UK, the lined advanced fast and in an orderly manner. No cutting, pushing, cursing etc. People kept other people's place in line if they had to go to the restroom or get a coffee. My line-neighbor offered to get me one. Seeing as this is the UK, we did have a string of drunk people from the neighboring pubs popping in once in a while to share their wisdom. The Brits do love their alcohol :)

So, got there at 11:50pm, got my book at 1:39am. All in all, not that bad. And managed to start reading a book while walking in circles in the store. It's Robert Harris's new book Imperium - I'll definitely get it when I'm back in the US.

More pictures of the line can be found here, or in my Picasa web albums (link on the right).

SJC-IAH-AMS-ZUR-TLV-LHR-ZUR-EWR-MIA-LHR

I'm writing this in my hotel room in London. This is my 10th (or so) jet lag this month and while trying to sleep, I'm reflecting on the amount of travel I did in the last four weeks. In case you haven't caught on yet, the title of the post contains all the airport codes of the places I've visited in the last 4 weeks.

I truly feel exhausted. My next stop is RDU, by the way, and then, I'll finally return home to SJC through IAH again. All in all, if I could convert my miles to dollars, I'd be able to retire by year's end.

PS: Yes, I've been to London and Zürich twice.
PPS: airport codes cheat sheet:

Code	Airport
SJC	San Jose, CA
IAH	Houston, TX
AMS	Amsterdam, the Netherlands
ZUR	Zürich, Switzerland
TLV	Tel Aviv, Israel
LHR	London, UK
EWR	Newark, NJ
MIA	Miami, FL
RDU	Raleigh, NC

Fold your shirt in record time

Most people have probably seen this video, but I still find it interesting. Needless to say, I can't replicate it. BTW, the link will take you to a post on John Dvorak's blog - another tech writer I appreciate and quote.

A backdoor in a VPN? What were they thinking...

Our company uses the Nortel Contivity VPN (no link on this because I think it's one of the buggiest, crappiest VPNs in the world). I just came across this security advisory from Secunia, which shows you how screwed up it is, apparently

Two default user accounts ("FIPSecryptedtest1219" and "FIPSunecryptedtest1219") are configured on the VPN Router, which are not readily visible to the system manager. These can be exploited to gain unauthorized access to the private network.

And there's more. The developers probably left it behind during tests, that's my guess. The stupidest backdoor I've ever seen in ANY software, and this is a Security Product.
On this the Romans used to say "Sed quis custodiet ipsos custodes?" (who watches the watchmen?)

Is the US part of the EU?

A non-tech-related post. Jeff suggested I post my funny experience from my last trip to the UK. I've landed at Heathrow airport in London and got to the passport control area. There are 2 lines: a short one for Europeans (EU and European Economic zone), clearly marked, with a list of countries and flags, and a longer one for rest of the world.
I whipped out my European passport (useless most of the year - only saved for days like this) and strode to the shorter line. But pretty soon I felt there was a snag in the line: the other one actually advanced faster. I looked over the shoulder of the woman in front of me and heard the following sentence: "sir, the US is not part of the EU". A man was trying to argue with the girl at the counter. He desperately looked at the long line to the right and asked the girl: "do you expect me to go to the end of this line?", to which she replied, with the same tone as before "sir, the US is not part of the EU".
After some more grumbling, he took his bag and moved to the end of the other line. The girl then asked "is there anyone else from the US in this line?", I looked behind me, and at least 3 other passengers were raising their hands...

Skype for the Blackberry

Damian suggested that I write about Skype for the Blackberry, and I thougt it was a marvelous idea, since I've been happily using Skype for 3 years now.

For anyone who's been living in a cave, Skype is a free VOIP (voice over IP) software, that allows having voice (and most recently video) calls from one computer to another, free of charge, and from a computer to a domestic, or international phone - for a small fee (also known as SkypeOut).

Now it's available on the Blackberry (voice only, of course).
The benefit? most Blackberries come with unlimited data plans and a quite high phone plan. Now you get to screw the system: make voice calls on the data infrastructure.

The name of the application is iSkoot and you can read the announcement here.
Sadly, you have to register to download it - which I always find a hassle. It supports all Blackberries, 8800 included. But, according to Damian:

...the bad thing about it that I noticed is that it doesn't integrate with your phonebook so you actually need to type the phone you want to dial for SkyepOut or add contacts.
A better option I've been playing with is Eqo. This one does integrate with the BlackBerry phonebook and also gives you messenger capabilities (MSN, Yahoo etc), only thing is that it doesn't use Skype, but their own service so you need to put money there, but the good thing is that it works to make phone calls really nice.

Thanks Damian for the idea, allowing me to write about one of my favorite softwares. Please feel free to suggest other (tech-related) ideas and I'll do my best to accomodate.

Some More TOR

In a previous post ("How to hide your IP?") we've discussed TOR - the online, free proxy, put out there by the Electronic Frontier Foundation, to promote privacy on the 'net.

For those who don't like to learn a new product and tinker with a bunch of settings, I've mentioned XB Browser. But if you want to "torrify" more than just your browsing, here's an easy solution: it's called JanusVM and it's a self-contained VMWare virtual machine. To "play" it, get the free VMWare Player (if you want to create VMs, you'll need the full workstation).

Just download it, run it, and point your network software at it.

I've been turned Blue by American Express

I have the Blue by American Express credit card. If you look at the image, you can see the small RFID chip, that allows you to shop at certain places (7-11, gas stations) with a "wave of a hand".

RFID, or Radio Frequency IDentifier is a technology that allows you to store data on a chip and read it remotely (up to 30 feet and more, with some self-powered chips) using a cheap RFID reader. The chips usually have a small antenna to boost the range of reception (see those metal curly lines?).
Originally they were designed for digital warehouse management (allowing you to keep score of your entire inventory, and locate items with a wave of a reader).The US government is already adding those to American passports for authentication purposes.

And therein lies the problem: everyone can buy this reader and read your chip from afar. Due to it's small size, encryption, if it even exists, is limited.
Meaning someone can sit at a parking lot, read all my details off my card, replicate the chip and start celebrating on my account. Bad :(

Well, after reading several cautionary articles and posts (read some more about credit card vulnerabilities also this and this make good points), I called American Express yesterday and asked for a chip-less card.

I spent 30-40 minutes on the phone explaining myself. After about 20 minutes, and several "put you on hold, talk to my supervisor" phrases, they "disconnected the service" - as if that helps. I spent the next 10 minutes trying to explain that the activity or inactivity of the service doesn't matter - my private info is on this chip and any kid can read it (as indeed some kids have already demonstrated - see the DefCon link below).
No go - they wouldn't replace my card. They only told me I can get a different card, with a different plan yadda yadda.
I'll definitely do something about this - either call them again (when I have more patience) or just scratch the chip off the card.

Recommendation: make sure your card doesn't have such a chip and demand a replacement if it has. If you have an RFID chip that you don't want being read,
keep it in a metal case (aluminum is great) as it breaks the reception.

Read some more RFID fun news here:

• German hackers clone passports
• How to disable your passport's RFID
• The DefCon Hackers convention, where every year RFID hacking records are broken
  (last year, an RFID was hacked from 69 feet away, off a roof. The year before that the FBI arrested a presenter as he was demonstrating hacking
  a passport).
• Search Google for RFID hacks - there's a wealth of info.

Update 3/19/08
Some people call me paranoid (others call me a Space Cowboy, but that's a whole different post ) but now I feel justified in my paranoia. While this post was written in July 07, this video, out today from BoingBoing, is clearly showing how you can get all the information you want off a Blue Amex, using an $8 reader bought on eBay.
That's right - your privacy is worth $8 to Amex.


If you can't see the flash, download the movie here.

Update 5/17/08
I've gone ahead and done it! It took 30 seconds, a screwdriver and a hammer. My card looks like this right now (pertinent data removed, of course):

Let's zoom in on the kill shot:


I am now blissfully RFID-less!

How to Hide Your IP?

In an earlier post we've discussed finding your real IP. A reader asked me how to actually hide your IP from the rest of the world.
Although I've answered in a comment, I thought the issue is worth a special post.

Hiding your IP affords you a) a semblance of privacy in the jungle the Internet has become and b) browsing to sites blocked by your network.

Essentially, there are 3 types of IP spoof/bypass/hiding mechanisms:

1. Online - sites such as HideMyAss and Anonimyzer take the URL you want to get to and browse to it, showing you the content, thus achieving a + b.
   Find some more sites here.
2. Proxy - a proxy program such as EFF's free TOR (The Onion Ring), allows you to browse to a network of anonymous computers, acting as your proxy.
   Your IP will automatically change every several minutes. Someone actually took this idea a step further and built a version of FireFox with TOR embedded in it.
   It used to be called TorPark, but is now a company called XeroBank and the browser is called XB Browser.
3. Spoofing software - such as Hide IP or Stealth Mode in your firewall (such as ZoneAlarm) - pay attention to the fact that this screws up file sharing software.

Interesting note: I tried using TOR in my office today and within 5 minutes someone called me from the security team, alerting me that my internal IP is about to be blocked,
since someone is using TOR on it. Clearly, TOR is easy to discover and will be blocked easily in the future :(

Random Password Generator

We all need secure passwords, but suck at generating them. We always come up with names, or objects, or fragments of words that can be found in a dictionary.
With the ubiquitous computing power available today, brute-force algorithms
and Rainbow Tables allow any kid to break most of the passwords you can come up with in time to create some damage.

More problematic is protecting your wireless network. Not only was the WEP security protocol hacked to pieces, but now even WAP is in danger.

Why make it easier for hackers to tap your network? Use this great Ultra High Security Password Generator by the security guru Steve Gibson to generate absolutely random, long passwords. It can even generate 63 or 64 character-long passwords for your wireless network. Guaranteed to take a normal brute-force algorithm years to crack (until quantum computers come out :)).

PS: even after using a highly secured password, I highly recommend limiting the computers that can use your wireless network by their MAC address (refere to your wireless router's documentation).

Feed me!

No, this is not a desperate call for food, just a reminder that you can now subscribe to my blog's RSS feed
and be notified automatically every time I have a brain dump.

What is RSS? it stands for Real Simple Syndication. It is an alternative means of accessing the vast amount of information that now exists on the world wide web.
Instead of the user browsing web sites for information of interest, the information is sent directly to the user.

Since RSS is XML based, following an RSS link, or indeed any time you see the international icon on any site, will get you an XML file.
To really utilize RSS, you need a Reader. But, chances are you already have one installed:

• Both Firefox (download link on the right) and IE7 support RSS bookmarks (also known as "live bookmarks" since they update automatically).
• You can use sites like Google Reader to subscribe to feeds.
  
• If you're using Microsoft Outlook 2007, you can subscribe to an RSS feed in it and receive feeds as you would email. Now you can filter, categorize, search and archive those feeds as you do your email messages.
  If you have an earlier version of Outlook, get NewsGator to get the same functionality.
• If you want a standalone app to manage your feeds, I recommend the free FeedReader.
• And finally, if you are a Blackberry junkie, get your feed need with Viigo (browse to it from your Blackberry).

And here's a neat fact: since I'm too lazy to manage my feed on my own, I signed up with FeedBurner (recently acquired by Google). Not only do they update my feed regularly,
but if you do follow the link above, you'll get the feed in a human-readable form rather than the XML format.

That's it! Subscribe and enjoy!

Collect your system's info

CPU-Z is a freeware utility that gathers information on some of the main devices of your system. CPU-Z does not need to be installed, just unzip the files in a directory and run the .exe. In order to remove the program, just delete the files and that's it. The program does not copy any file in any Windows directory, nor write in the registry. Get it here.

What is my (real) IP?

Want to know how the rest of the world sees you, behind your router/proxy?
Go to www.whatismyip.com.
They also have a nice explanation of the ipconfig command here.

Mobile phone trojan 'bugs' user conversations

According to a ZDNet article a new software called FlexiSpy can

record conversations and log all SMS and e-mail messages sent to and from the phone. It can also remotely turn on a phone's microphone to listen to a users surrounds (without a call even being made), and reveal the location of the mobile user.

According to the article,

The software, once physically loaded onto any Symbian, Windows Mobile or BlackBerry-based device, enables a remote user to monitor and control nearly all aspects of a mobile device.

Scary! but RIM, the makers of the Blackberry, are not fazed. Well, I am!

Network Monitor 3.1 released

Version 3.1 of Network Monitor now includes Wi-Fi sniffing (hackers, don't say Microsoft doesn't like you :) ). Read my previous post about what it does.

The changes in the new version can be found here and download from here, or, if you have version 3 installed, the Windows Update site will update it automatically.

All set to go!

I've been tinkering with this blog for a few days.
Some changes I went through:

1. A new profile (including a pointer to LinkedIn)
   
2. A new template
3. Some HTML/CSS fixes
4. Google AdSense (look on the right, and click some :) )
   
5. Labeled all posts (you can now see all posts that deal with a certain subject)
6. From now on, only 10 posts will be shown per page.
   Jump to older posts by using the archive tree on the right, or by clicking the "older posts" link at the bottom.
   

In my opinion, ready to be launched globally. Once I find a way to get some recognition, I'll publish it here.

Now written on Windows Vista

Yes, it's slower. Yes, it's more of an eye candy. Yes, security warnings are driving me mad. And yes, I'll continue using Firefox (see ad on right, click to download the latest version) rather than IE7 (don't expect an ad here - this browser is waaay behind).

But I enjoy working in Vista. Call me a kid, but I like alphas, gammas, transparencies and 3D effects.
So, I've installed the latest Windows Live Writer (read my previous posts here and here) and will post my future posts from here.

Oh, I know why I like it so much! because the effects look just like my Mac!
Finally, OS X in Windows :)