An iPhone Remote Shutter? It’s a Snap!

For a while now it has been possible to take a picture with your iPhone using the volume controls on the phone and this also extends to the controls on the headphone mic too. But what if you need to be further away than the length of the headphone cable? Turns out that there is a cheap (under three quid) device for that.

This little two button widget works over bluetooth and emulates the keyboard for sending the command to trigger the camera shutter. It is incredibly simple to use in that you pair it with your device, start the camera (it works with the stock camera app and Camera+ in my tests) and then press the appropriate button, big for iPhone, small for Android. The button also works as a toggle when taking videos so you can start and stop the recording.

And that’s it. Simple and works well. Grab your’s here from Amazon.

IMG_9080

Is My Tile Here Yet?

About a year ago, well to be accurate as I write this it was 382 days ago, I ordered some tiles. No not bathroom tiles but a small bluetooth device about the size of a postage stamp that you can stick to almost anything and then using a companion app hunt them down when you have mislaid them. This also included a neat feature that allows you to effectively declare a tile lost and every other tile user can then be on the look out for your lost item, which is pretty neat.

The downside of them are that they are a sealed unit and so once the battery dies (after about a year) you have to return them and buy replacements at a price that doesn’t seem very clear. Much, much worse is that over a year later the tiles still have not arrived and don’t seem to be coming anytime soon. Tile also seem pretty blasé abut the whole situation and why wouldn’t you when you have been sat on mine and plenty of other peoples money for quite a while.

So I have knocked up a quick website to keep you up to speed with whether my Tiles have arrived:

http://neilthompson.co.uk/tile/

They had better be fucking awesome when they arrive is all I can say.

What to do in the event of an NTP attack

Earlier this week the server that hosts this blog and other sites that I run became unreachable. I know this because it is being monitored by New Relic and I got notifications emails. I couldn’t access the server either via HTTP or SSH so all I could do was reboot it and hope I could hop on. The issue had the feel of a DoS attack and so once I was back on the server I stopped Apache and inspected the logs. A while later, I restarted the service and all seemed ok.

Then I received this worrisome email from the company that hosts my server:

We received an abuse complaint from your server (below). Please respond within the next 48 hours with a resolution. Please let me know if you have any questions.

A public NTP server on your network, running on IP address 17x.254.25x.9x and UDP port 123, participated in a very large-scale attack against a customer of ours, generating UDP responses to spoofed "monlist" requests that claimed to be from the attack target.

Clearly this is not what you want to receive but at least it did explain the issues. With it being so easy to host your own servers these days it is possible to get into these problems without realising. For me I turned off NTP Server as advised below. This seems to be a bit of standard text sent in the event of an issue such as this. I will now be applying to all my servers.

  1. If you run ntpd, upgrading to the latest version, which removes the “monlist” command that is used for these attacks; alternately, disabling the monitoring function by adding “disable monitor” to /etc/ntp.conf file.
  2. Setting the NTP installation to act as a client only. With ntpd, that can be done with “restrict default ignore” in /etc/ntp.conf; other daemons should have a similar configuration option. More information on configuring different devices can be found here: https://www.team-cymru.org/ReadingRoom/Templates/secure-ntp-template.html.
  3. Adjusting your firewall or NTP server configuration so that it only serves your users and does not respond to outside IP addresses.

If you don’t mean to run a public NTP server, we recommend #1 and #2. If you do mean to run a public NTP server, we recommend #1, and also that you rate-limit responses to individual source IP addresses — silently discarding those that exceed a low number, such as one request per IP address per second. Rate-limit functionality is built into many recently-released NTP daemons, including ntpd, but needs to be enabled; it would help with different types of attacks than this one.

Fixing open NTP servers is important; with the 1000x+ amplification factor of NTP DRDoS attacks — one 40-byte-long request can generate up to 46800 bytes worth of response traffic — it only takes one machine on an unfiltered 100 Mbps link to create a 100+ Gbps attack!

If you are an ISP, please also look at your network configuration and make sure that you do not allow spoofed traffic (that pretends to be from external IP addresses) to leave the network. Hosts that allow spoofed traffic make possible this type of attack.

Further reading:

https://cert.litnet.lt/en/docs/ntp-distributed-reflection-dos-attacks
https://isc.sans.org/forums/diary/NTP+reflection+attack/17300
http://www.symantec.com/connect/blogs/hackers-spend-christmas-break-launching-large-scale-ntp-reflection-attacks
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10613&smlogin=true

Using Kindlegen with PHP on Linux to Create Kindle Files

I’m working on a side project at the moment that requires the conversion programatically of a page of html to something that can be consumed by an Amazon Kindle. I did a quick search to see if anything existed as a PHP class library that I could use and while there was they were either hugely bloated or too alpha for my needs.

I then stumbled upon Amazon’s command line tool KindleGen which allows conversion of HTML and ePub docs to the MOBI format that the Kindle requires. This is a multi-platform too and, crucially, a version for Linux is available.

Installation is a simple case of copying the single file to an appropriate place on your server, such as /usr/local/bin. Then create a new folder somewhere and make sure that the web process has write access to it. On Ubuntu this would be, for example, by :

sudo chown www-data:www-data /var/www/kindle

In my case I needed to convert some HTML to MOBI format and while experimenting found that it was very important to have well formed code, particularly with html and body tags. The other thing that you might like to consider is including a title tag as this is what is used as the name in the Kindle library and if this is omitted Amazon will use the name of the attached file instead.

To convert the file you simply need to pass to kindlegen the name of the html file and the output filename – note that you don’t need to give the path for the output file as it is created in the same place as the source. In PHP you can use “exec” to call a Linux command:

exec('kindlegen ' . '/var/www/kindle/input.html' . ' -c0 -o ' 
. 'output.mobi' );

If you were allowing a user to enter their own HTML that you were going to process this way I would highly recommend sanitizing the input first!

As a full example of this the following code stub will convert html in the $content variable and then send the resulting file to your Kindle email.

<?php

$content = "<html><head><title>Your title</title></head><body>
            <p>Your Content</p></body></html>";

// create the input file
$filename = date('Ymd_His');
$body = file_put_contents($filename.'.html',$content);

// convert to mobi format
exec('kindlegen ' . '/var/www/kindle/'.$filename.'.html' . 
     ' -c0 -o ' . $filename.'.mobi' );

// send the file as an attachment to your Kindle
$mail = new PHPMailer();
$mail->IsSendmail(); 
$mail->AddReplyTo('registered @ domain.com'
 ,'First Last');

// this address must be registered with your Amazon account
$mail->SetFrom("registered @ domain","First Last");

// this is the email address of your Kindle
$mail->AddAddress("your_address @ kindle.com", "First Last");

// the next two are required by PHPMailer but not by Amazon
$mail->Subject  = "";
$mail->MsgHTML(" ");

// add the mobi file
$mail->AddAttachment('/var/www/kindle/'.$filename.'.mobi'); 

// send the file
if(!$mail->Send()) {
  echo "Mailer Error: " . $mail->ErrorInfo;
} else {
  echo "Message sent!";
}
          
// delete the files created
unlink('/var/www/kindle/'.$filename.'.mobi');
unlink('/var/www/kindle/'.$filename.'.html');

?>

Creating Good Looking Product Shots on Devices

A while back I wrote about what I described as “One of the most amazing websites” I had seen and it was great. Placeit allows you to create screen mockups by uploading a screenshot that is then rendered into a chosen device. Unfortunately when I went back recently the prices had sky rocketed. To download even the most basic image now costs $8 a pop and a “casual” plan is $29 a month. For someone that uses the service about once a year that was prohibitively expensive.

I should state at this point that I have absolutely no issue with a software developer charging for their work, in fact I would say that was pretty essential, however, the amount I am willing to pay has to be in proportion to the value that I think that I will get. In this case the service didn’t meet that threshold. So I went to look for an alternative solution.

I could learn to use Photoshop which can do these in a breeze but, of course, it costs a fortune to get. Then I discovered Insta Mockup for iOS which is a free app that has a number of templates that you can use to create good looking screen mockups, such as the one below. It is easy to use and while doesn’t have the range of device mockups that Placeit has it is cost effective. You can download a low-res version of an image for free or upgrade and get higher resolution for only £1.49. It’s a bargain and works well.

Download it here.

IMG_1100

Happy 10th Birthday Us!

So I have been blogging on technology now for just over ten years it would seem, the first post was June 5th 2004. It’s somewhat ironic, however, that I am today writing this post in WordPress and the very first post was about Noah Grey’s excellent Greymatter another great CMS. This also means that I have been connected for about 20 years launching my first website in May 1996 – The Williams Database.

How things have change in that very short space of time. That first site was launched on the “free” 0.5 mb of space that was provided by my ISP. I fondly remember doing all my site changes off line and only dialing up to upload the changes and then immediately cutting the line to ensure that we didn’t run up great costs. Today even my thermostat is permanently connected to the Internet and dialing up is no more. As for webspace people are falling over themselves to offer me gigabytes and now it is called the cloud.

Who knows what the next ten years will bring but the rate of change is ever increasing so it will be fascinating to watch and be part of.

A Tale of Two Chromebooks

A couple of years ago I spent weeks searching high and lo for a Samsung Series 3 Chromebook which was the first of the really affordable cloud laptops. I finally found one and paid £240 – nothing compared to the price of some Windows and especially Mac laptops.

Initially I was amazed at the start-up time of seconds and the fantastic battery life. I found that I could access my email and calendar through the browser (as I had been for a while since ditching Outlook) and do all my general web-browsing. I was hooked and decided that, away from the office, this was going to be me goto machine. And then reality started to sink in. No Skype, No Microsoft Office and the machine was so underpowered that it struggled with only a few tabs open and Evernote in a browser just killed it. The machine was quietly shelved.

Then, a couple of weeks ago, I attended an event sponsored by Google where we were all given a brand new Acer c720 Chromebook (thanks Google and Twilio!). The cloud landscape has changed considerably in the last couple of years so I was keen to check out the device to see whether it was now more suitable for my work purposes.

The first thing to note was that the devices are very similar in size and weight but the build quality on the Samsung is much better as there are a few literal rough edges on the Acer but I guess that to hit a certain price (£180 at the time of writing and £60 less than the Samsung) some compromises had to be made.

The feel of the Acer in use is exactly the same as using Google Chrome on any other machine and it is cleverly integrated with all of Goggle’s properties, such as Calendar and Drive. The question is what is it like when trying to use it for work?

I have a particular use case that is fairly demanding and likely to be more than most need and this includes being able to remotely manage our servers and do some light development work. Two years ago this would have been a complete no no but I was pleasantly surprised to find that Chrome now has a fully functional SSH client with support for keys meaning I could easily access my servers. Issue number one sorted. Development I knew would be no problem as I already use ShiftEdit for accessing the servers and doing PHP changes as necessary. So that was a check too.

Skype is the primary way I communicate with others in the organisation and so is key to the smooth running of our business. Last time I tried to use a Chromebook there was no way to use Skype and this put me off completely. Now though Skype is available through Microsoft’s live.com portal, offering Outlook (nee Hotmail) email, cloud storage etc. It’s surprising just how useable Skype in a browser is – it appears as a side bar and offers IM, voice and video calling. I don’t miss the desktop client at all and, I think, that live.com looks great and is better integrated than the Google equivalents.

Live.com also proved to be the solution to dealing to Microsoft Office documents too as you can now open to view them in the browser. You are also offered the option to either download the file and edit it in the desktop Office apps or edit in the browser to make what Microsoft calls “quick changes” although it seems to have all the functionality I need. I’m not sure if this editing ability needs an Office 365 subscription though as I have one.

So that just leaves Evernote, my digital brain. As I said opening Evernote in the browser on the Samsung was just a nightmare making the machine pretty much unusable. I am guessing that a combination of the more powerful machine and optimisation on the part of Evernote has transformed it into something that is really quite workable, although still a little clunky but at least now you can continue to do other things too.

So in the space of two years it seems that things have progressed sufficiently to make the Chromebook a realistic working proposition, at least for the things that I need.