razor# tech blog

Coding, Technology, and More!

uShare Linux/Ubuntu Based UPNP Media Server Auto Refresh

As you might know, I use my Ubuntu box as a media server that streams content to my Xbox/PS3. I currently use uShare because of it’s easy configuration (and it’s the only one I’ve found that works for me 100%!). The only problem with the software was that if something was added to my media directory, I would have to reboot in order for it to rescan my media directories.

Today I’ve come up with a way to address this issue which is actually so simple I’m not sure why I never though of it before. All you have to do is enable the web interface for uShare, and add a crontab using this command:

sudo crontab -e

Then:

5,15,20,25,30,35,40,45,50,55 * * * * wget http://127.0.0.1:[port]/web/ushare.cgi?action=refresh -o -

This should refresh your share every 5 minutes. I’m probably going to make mine scan every 15-30 minutes because this would probably spike the CPU too much for my personal media directory at 5 minutes.

I’ve used ushare for years without having an easy way to update the files, and now that I’ve figured this out, I’m going to be much happier with my server.

Clean Your Code: Secure Your AJAX Pages!

Wow, after toying around a few minutes with the beautiful Video Flick v2.0 Wordpress theme from Press75 (too bad its too buggy to use) I came across some interesting code.

The theme is primarily for showing videos on your website, and such it adds an iframe at the bottom of the “new post” page.

<iframe src="http://thirteen37.ramonecung.com/wp-content/themes/videoflick/functions/video-poster/video-upload-box.php?post=7" width="100%" height="200px" frameborder="0"></iframe>

The code from the video-upload-box.php file was not secured any in any way, so anyone could add “wp-content/themes/videoflick/functions/video-poster/video-upload-box.php?post=” and a valid post ID and edit a video.

I don’t know PHP very well any more, but it doesn’t look like there’s any input sanitization so a potential hacker could probably completely own the database server along with executing any arbitrary PHP.

You can check me if I’m wrong:

$postID = $_GET['post'];

if( $postID==0 )
{
$postID = $wpdb->get_var(”SELECT ID FROM $wpdb->posts ORDER BY ID DESC LIMIT 1″);
$postID++;
}

FYI, I’m not sure how the $wpdb class works and if it sanitizes or not.

I’m just very surprised that this level of bug is present in any production level application, especially one that is being sold for $75 dollars each (as much as $250 for the developer version!).

Let this be a lesson to never assume security, check your access control list on each page and sanitize all input.

Multi-Sensory Computing in the 21st Century

I’ve been getting more and more interested in haptic computing and how users can gain more usability through multi-sensory computing interfaces. That sounds pretty complicated, but really it just means users of technology can gain productivity using more senses than just vision, touch, and sound (via the a display device, input device, and speaker; ex: monitor and keyboard/mouse).

There are two areas of integrating “non-normal” computing senses in a computing environment: entertainment and productivity. Entertainment focuses on providing a more enjoyable user interface and may or may not provide any tangible or quantifiable benefit. Possible examples of the entertainment area are fans placed on either side of a computer monitor that are activated when the user plays a game to mimic in-game conditions, and using 3D glasses to enhance the vision sense and create a dynamic 3-dimensional environment.

The productivity area focuses on actually providing mechanisms that stimulate senses that provide measurable and quantifiable increases in an arbitrary benefit.  This can mean a user may require fewer keystrokes to perform the same task because of the way the information is presented, or simply that more information is presented to the user at once. Windows Vista has native support for an implementation of such a technology called SideShow which allows an external LCD display to be attached to a computer and display information such as weather, traffic, CPU/RAM usage, and other information that the user would normally have to look up manually. Of course, this is a limited usage of the main concept, but it is a step in the right direction.

I believe with devices such as the iPhone and technologies such as Compiz/Aero/Quartz exceed in providing a more engaging and dynamic experience that is not only visually apealing, but useful as well. This is a starting point that uses current technology (accelerated 3D graphics cards and clever programming), but there is a capacity for much more information to be passed from a computing device to the user that what is currently being used. I believe the concept of measuring the capacity of information will be my next train of thought.

ClickOnce Framework Error on WinXP

Ahhhhhhh I just love figuring out solutions to problems. The latest problem I’ve had to face at work has been a tough one. We are in the process of imaging tablet PC’s running Windows XP Tablet Edition. In the imaging process we’ve set all the settings and permissions and installed an in-house developed .NET application that was deployed using the ClickOnce framework.

dfsvcexeI was tasked with setting up the image and actually running sysprep to create the image so we can pass it off to the desktop team. I kept running into a random error on the limited user account when I tried to run the in-house .NET app as shown here. I narrowed it down to ClickOnce not liking something about sysprep so I tried a few different configurations to no avail.

After trying to figure out how to change the Windows SID’s without sysprep, I came across a Microsoft TechNet article that describes how to use a program called NewSID v4.10 to change the SID on a Windows XP installation. After changing the SID using NewSID, I ran into the same issue with the ClickOnce updater application crashing.

After figuring out the actual problem, fixing the dfsvc.exe error was simple. I was able to log in to the machine with the account that has administrator rights, navigate to the “Documents and Settings” and delete the “Local Settings” folder that resides in the folder of the account that has the access problems. (ex: “C:\Documents and Settings\limiteduser\Local Settings”)

After this folder is deleted, simply reboot, login to the restricted account, and restart the application. Please note that it will probably reinstall after this, so if your application has any data stored in the Local Settings folder please make sure you back it up.

Dynamic RSS Forum Images

I got bored last night and decided to whip up some code that allows people (namely me!) to advertise their blog on forums that they may post at. Take a look at the version 0.1 release:

Dynamic RSS Generated Image

Dynamic RSS Generated Image

There are a few features I’d like to add, such as changing the image from a static image (its currently only changeable via a URL variable) to a gravatar, and being able to actually display some of the body of the blog post. I’m not sure how to decode all of the HTML escaped characters, and it’s just a version 0.1 so I’m not that worried about it.

I have one last hurdle to overcome before it’s ready for primetime, but once I can figure out how to draw it directly to the screen it’ll be golden. I’ll post the code now so if I never get around to playing with it again someone else can hop on it.

It’s pretty simple to figure out, but the usage is http://razorrifh.com/apps/rssimg/?rssurl=[URL to your RSS feed]&imageurl=[URL to your background image]. The background image should be 60px high and 400px wide. The logo on the image should be 80px wide.

Enjoy the code.

By the way, I think I figured out what I’m going to make for Project: thirteen 37. Hope TSA doesn’t think an Arduino is a bomb :-\

Download the source code to rss[img].

Vegas Hackery - Project: thirteen 37

Well now that I know I’m going to Vegas for a few days in July, I need to do something truly one-of-a-kind to remember my experience. I’ve dubbed this project: thirteen 37.

Yes, I’m really going to call it that.

Now for step 1 of project: thirteen 37: figure out what project I’m going to do. I’m guessing it’s going to be something done with digital photography or my Arduino, but who knows! I’ll be sure to put videos of the build on YouTube and I’ll have a write up done soon after the project is completed. Of course, if I think of something cool enough, I’ll have to build it before and then think of something else to do in Vegas.

Hm… this should be fun…

HOW TO: Block Ads from Facebook

Have you ever wanted to use Facebook without all of the ads that use your personal information to target you? I did, and here’s how!

All you have to do is use an ad filtering program such as Adblock Plus. Normally to get rid of an ad using Adblock Plus you would right click the image, choose “Adblock Image” and “OK” and the image won’t appear again. This time we’re going to need to block elements in a web page, not just an image.

In Firefox, simply click on “Tools” -> “Adblock Plus” then add the following lines:

facebook.com#*(adcolumn_advertise)
facebook.com#*(social_advert)
facebook.com#*(sponsored_links)
facebook.com#*(ssponsor)
facebook.com#*(adcolumn_more_ads)
facebook.com#*(home_sponsor)

If you want to block more elements on your own, simply open the page with the ad on it, click in “View” -> “Page Source”, and find the element that you want to block. If you want to block a section of text that starts with “Sponsored Links” find that text in the HTML source, then look for the ID of the element, such as

<div id=”home_sponsor”>Sponsored Links blah blah</div>

and use the ID to block the element. It may look more confusing in some situations if they use javascript or multiple div/span tags, but anything that’s in the ID that you block won’t show up on the page.

Please note this will not work on class names, just ID names!

Arduino Fun: Day 1

Well I just got my Arduino Diecimila in the mail today and I had fun toying with it so far. I’m going to have to get some more sensors and stuff so I can actually create something usefull/fun. It surprisingly didn’t take me all that long to install on my Ubuntu system. I just have to remove the braille USB drivers, install avr-gcc and java 1.5, set java 1.5 to be the default java version, then download and run the Arduino SDK.

I actually ripped apart a McDonalds Happy Meal toy to get at the electronics in it before I realized I didn’t have any solder, so I’ll have to run back to RadioShack tomorrow to pick some up. That should make for an interesting day! I may have to get another Happy Meal on the way home… and maybe look for an Esquire magazine with the e-paper display.  Hrm…

Here’s a video of one of the projects I built:

It’s basically an LDR, LED, 1k resistor, and some wires. When the light comes on, the LED goes off, and vise versa. Maybe it’s time to break down and get the GPRS module already :-X

EDIT: Ah I think I figured out why the light flashes sometimes. I need to increase the delay after I it switches. Apparently the voltage is bouncing after it switches and I need to compensate for that. I could probably average the last 3-5 samples of the LDR as well, but when it spikes, it drops down to values between 1-100, so that would throw my average off. The code for this simple little project is after the break.
[Read the rest of this entry...]

My (Not So) Sophisticated Market Outlook

Buy low, sell high is the old adage, but what happens when emotions are thrown into the mix? Masses of panicked selling when now may be the right time to buy.

The Beginning

Eleven zeros. That may be how much you feel your investment account is worth right about now, but it’s also the number of zeros in seven-hundred billion dollars. Of course it’s a lot of money, but there was obviously a need for something to be done as quickly as possible and that was the only plan ushered forth by the United States Treasury Secretary Henry Paulson.

The TED spread (essentially a figure that shows how much banks charge each other to borrow money from each other) was rising signaling the banks didn’t trust each other to pay the money back, and the mortgage crisis continued which made the bank’s balance sheets look worse while ensuring mortgage-backed securities the banks were invested in were losing value.

Paulson had to do something, and with his background as the CEO of Goldman Sachs, the plan that made the most sense was to print up some money and beef up the bank’s balance sheets so they won’t be afraid to lend to each other. The plan in combination with other efforts like a multi-national interest rate drop seems to be working slowly but surely as the TED spread has been slowly declining and the commercial paper industry has been slowly thawing. [Read the rest of this entry...]

The Difference Between a Mission and Vision

I just read a really good article from the BlueSummit (blog.bluesummit.net, link) blog about an organization’s mission versus it’s vision. It breaks down the differences between the mission and vision and even goes as far as to explain the different levels of the organization down to personal plans. [Read the rest of this entry...]