iOS 8 Keyboard Issues

iOS8’s introduction of custom keyboards is one of my favourite features but like so much in this release it is very buggy. I’m not sure if the issues are with iOS or the keyboards or a combination of both but they are frequent.

Some of the issues I have encountered are:

1. keyboards not appearing
2. no words appearing when I type
3. no button to change the keyboard appearing (and not just in passowrd fields)
4. keyboards appearing all over the place (see below)

I’m sure that all this is fixable but right now I would describe the custom keyboards as alpha at best.

IMG_1667.PNG

IMG_1666.PNG

IMG_1669.PNG

IMG_1668.PNG

Flickr Sildeshow Code Generator

Despite all the changes over the years I still like Flickr but since the sexing up of the interface there are some things that I have found have become impossible to find. One of these is the ability to find the code that allowed you to embed a slideshow on another page (you can see an example at the bottom of the page).

Fed up with this I decided to take matters into my own hands a write a script to throw out the necessary code. Just copy the album url as follows and paste it into the form below. Choose the width and height you want and Bob’s your uncle!

Disney_EPCOT_2014_-_an_album_on_Flickr

Cutting the cord and ridding ourselves of BT

When was the last time that your home phone got serious, regular, use?

That was the question I found myself asking when BT announced recently that they were upping their prices again. This got me to thinking about what we were actually paying for and I quickly came to the conclusion that we weren’t getting very good value for money.

The problem (for BT) is that there are so many other ways we can be reached these days whether it is email, text message, Skype, Facebook or even Snapchat. Very, very few choose to phone us and those that do either do so on our mobiles or are “marketing” calls that I could do without. All this led me to consider the alternatives.

One possibility was to go VOIP only and hook up our home phone to Skype. For this we tried a FREETALK Connect-me box which acts as a bridge between your home phone and Skype. It also allows you to switch between the two with a series of shortcodes. For this to work you need a good broadband service and with BT’s Infinity that wasn’t a problem. What was an issue was the echo on the line when making some calls rendering the service pretty useless. Also there was still a cost involved in this as we would have needed to have paid for a Skype calling package which while cheaper than BT I thought that there might be other, cheaper, solutions.

The answer is, of course, to go mobile. Everyone in our house has at least one mobile and can be reached wherever they are, which can be a blessing and a curse of course. The only problem with going mobile was that there is pretty much no mobile signal in our house, which was a bit of an impediment! Never fear, Three to the rescue, who sent us one of these.

IMG_8871

This magic box (well the one shown at the top of the page) is a signal booster which channels your mobile phone via your broadband connection, so again you need a pretty good connection, and it works pretty well given that we now have signal when we didn’t before.

The final piece in the jigsaw was to get rid of the home phone altogether. One oddity of most broadband contracts is that you have to have a phone line and pay for such, even if you don’t use it. This was a £15 a month cost I was trying to rid myself of. Fortunately our area is cabled up and so we have moved over to that which doesn’t require a phone line and associated charges.

Everything is now in place and it looks like we will save over £200 a year with the added bonus that I will no longer to take calls from “Windows Technical Support” about a virus on my PC which is actually a Mac!

The Problem with the New Generic Top-Level Domains (gTLDs)

Over the last year the number of generic top-level domains (gTLD) has been greatly expanded. gTLDs are what you see at the end of a domain such as .com, .net, .org etc. This was clearly felt to be too limiting and so a whole raft of new gTLDs were proposed and adopted. These include .london, .furniture and even .blackfriday. You can find a fuller list here.

To me these were interesting but not ultimately useful until I started on a new side project and needed a new catchy domain. After going through countless .com domain variations and finding that all the best ones were taken but available for sale. I took a look at the new gTLDs and found the .tools domain which would work perfectly for what I wanted. So I went and registered ever.tools which looks a bit odd but really is valid.

All was fine and dandy until I tried to register for third party services with my new email address admin (at) ever (dot) tools and quickly found that I wasn’t as welcome as I expected to be. Both Amazon and Twilio rejected the email address although the error messages in both cases were misleading. In the case of Amazon their issue seems to be that they are expecting the gTLD to be no more than four characters.

Twilio___Try_Twilio_Free

I was interested to see if this was a generic problem so I put together the following to see how PHP handled the new gTLDs and all I tried passed without problems.

<?php

	$email = "admin @ ever.tools";

	if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
    	echo "This ($email) email address is considered valid.";
	}else{
    	echo "This ($email) email address is considered invalid.";

	}
	
?>

I have reported the issue to both companies and Amazon have acknowledge that it is an issue. Now I just need to wait for a fix to be rolled out.

Instagram’s Hyperlapse

Instagram, Facebook’s $1B lovechild, this week released a new iOS app called Hyperlapse that allows time lapse videos to be shot without the shakes that are usually associated with such videos.

I took a quick example on the bus into town yesterday and as you can see it is really steady. With hindsight I wish I had held the camera in landscape mode!

If all this sounds familiar that will be because Microsoft Research documented just such a technique earlier this year which got widespread attention including on the BBC. So congratulations to Instagram for getting this out so quickly.

The app itself is simplicity to use. There are very few controls just a big red button to start and stop the recording and the ability to change the speed of playback before rendering the video and that’s it.

As with anything that Facebook has it’s claws into privacy is a concern but Hyperlapse doesn’t make you login nor does it insist that you publish to either Instagram or Facebook you can simply download the video and upload wherever you wish.

All in all a great little app and free too. Download it from the App Store here.

 

An iPhone Remote Shutter? It’s a Snap!

For a while now it has been possible to take a picture with your iPhone using the volume controls on the phone and this also extends to the controls on the headphone mic too. But what if you need to be further away than the length of the headphone cable? Turns out that there is a cheap (under three quid) device for that.

This little two button widget works over bluetooth and emulates the keyboard for sending the command to trigger the camera shutter. It is incredibly simple to use in that you pair it with your device, start the camera (it works with the stock camera app and Camera+ in my tests) and then press the appropriate button, big for iPhone, small for Android. The button also works as a toggle when taking videos so you can start and stop the recording.

And that’s it. Simple and works well. Grab your’s here from Amazon.

IMG_9080

Is My Tile Here Yet?

About a year ago, well to be accurate as I write this it was 382 days ago, I ordered some tiles. No not bathroom tiles but a small bluetooth device about the size of a postage stamp that you can stick to almost anything and then using a companion app hunt them down when you have mislaid them. This also included a neat feature that allows you to effectively declare a tile lost and every other tile user can then be on the look out for your lost item, which is pretty neat.

The downside of them are that they are a sealed unit and so once the battery dies (after about a year) you have to return them and buy replacements at a price that doesn’t seem very clear. Much, much worse is that over a year later the tiles still have not arrived and don’t seem to be coming anytime soon. Tile also seem pretty blasé abut the whole situation and why wouldn’t you when you have been sat on mine and plenty of other peoples money for quite a while.

So I have knocked up a quick website to keep you up to speed with whether my Tiles have arrived:

http://neilthompson.co.uk/tile/

They had better be fucking awesome when they arrive is all I can say.

What to do in the event of an NTP attack

Earlier this week the server that hosts this blog and other sites that I run became unreachable. I know this because it is being monitored by New Relic and I got notifications emails. I couldn’t access the server either via HTTP or SSH so all I could do was reboot it and hope I could hop on. The issue had the feel of a DoS attack and so once I was back on the server I stopped Apache and inspected the logs. A while later, I restarted the service and all seemed ok.

Then I received this worrisome email from the company that hosts my server:

We received an abuse complaint from your server (below). Please respond within the next 48 hours with a resolution. Please let me know if you have any questions.

A public NTP server on your network, running on IP address 17x.254.25x.9x and UDP port 123, participated in a very large-scale attack against a customer of ours, generating UDP responses to spoofed "monlist" requests that claimed to be from the attack target.

Clearly this is not what you want to receive but at least it did explain the issues. With it being so easy to host your own servers these days it is possible to get into these problems without realising. For me I turned off NTP Server as advised below. This seems to be a bit of standard text sent in the event of an issue such as this. I will now be applying to all my servers.

  1. If you run ntpd, upgrading to the latest version, which removes the “monlist” command that is used for these attacks; alternately, disabling the monitoring function by adding “disable monitor” to /etc/ntp.conf file.
  2. Setting the NTP installation to act as a client only. With ntpd, that can be done with “restrict default ignore” in /etc/ntp.conf; other daemons should have a similar configuration option. More information on configuring different devices can be found here: https://www.team-cymru.org/ReadingRoom/Templates/secure-ntp-template.html.
  3. Adjusting your firewall or NTP server configuration so that it only serves your users and does not respond to outside IP addresses.

If you don’t mean to run a public NTP server, we recommend #1 and #2. If you do mean to run a public NTP server, we recommend #1, and also that you rate-limit responses to individual source IP addresses — silently discarding those that exceed a low number, such as one request per IP address per second. Rate-limit functionality is built into many recently-released NTP daemons, including ntpd, but needs to be enabled; it would help with different types of attacks than this one.

Fixing open NTP servers is important; with the 1000x+ amplification factor of NTP DRDoS attacks — one 40-byte-long request can generate up to 46800 bytes worth of response traffic — it only takes one machine on an unfiltered 100 Mbps link to create a 100+ Gbps attack!

If you are an ISP, please also look at your network configuration and make sure that you do not allow spoofed traffic (that pretends to be from external IP addresses) to leave the network. Hosts that allow spoofed traffic make possible this type of attack.

Further reading:

https://cert.litnet.lt/en/docs/ntp-distributed-reflection-dos-attacks
https://isc.sans.org/forums/diary/NTP+reflection+attack/17300
http://www.symantec.com/connect/blogs/hackers-spend-christmas-break-launching-large-scale-ntp-reflection-attacks
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10613&smlogin=true

Using Kindlegen with PHP on Linux to Create Kindle Files

I’m working on a side project at the moment that requires the conversion programatically of a page of html to something that can be consumed by an Amazon Kindle. I did a quick search to see if anything existed as a PHP class library that I could use and while there was they were either hugely bloated or too alpha for my needs.

I then stumbled upon Amazon’s command line tool KindleGen which allows conversion of HTML and ePub docs to the MOBI format that the Kindle requires. This is a multi-platform too and, crucially, a version for Linux is available.

Installation is a simple case of copying the single file to an appropriate place on your server, such as /usr/local/bin. Then create a new folder somewhere and make sure that the web process has write access to it. On Ubuntu this would be, for example, by :

sudo chown www-data:www-data /var/www/kindle

In my case I needed to convert some HTML to MOBI format and while experimenting found that it was very important to have well formed code, particularly with html and body tags. The other thing that you might like to consider is including a title tag as this is what is used as the name in the Kindle library and if this is omitted Amazon will use the name of the attached file instead.

To convert the file you simply need to pass to kindlegen the name of the html file and the output filename – note that you don’t need to give the path for the output file as it is created in the same place as the source. In PHP you can use “exec” to call a Linux command:

exec('kindlegen ' . '/var/www/kindle/input.html' . ' -c0 -o ' 
. 'output.mobi' );

If you were allowing a user to enter their own HTML that you were going to process this way I would highly recommend sanitizing the input first!

As a full example of this the following code stub will convert html in the $content variable and then send the resulting file to your Kindle email.

<?php

$content = "<html><head><title>Your title</title></head><body>
            <p>Your Content</p></body></html>";

// create the input file
$filename = date('Ymd_His');
$body = file_put_contents($filename.'.html',$content);

// convert to mobi format
exec('kindlegen ' . '/var/www/kindle/'.$filename.'.html' . 
     ' -c0 -o ' . $filename.'.mobi' );

// send the file as an attachment to your Kindle
$mail = new PHPMailer();
$mail->IsSendmail(); 
$mail->AddReplyTo('registered @ domain.com'
 ,'First Last');

// this address must be registered with your Amazon account
$mail->SetFrom("registered @ domain","First Last");

// this is the email address of your Kindle
$mail->AddAddress("your_address @ kindle.com", "First Last");

// the next two are required by PHPMailer but not by Amazon
$mail->Subject  = "";
$mail->MsgHTML(" ");

// add the mobi file
$mail->AddAttachment('/var/www/kindle/'.$filename.'.mobi'); 

// send the file
if(!$mail->Send()) {
  echo "Mailer Error: " . $mail->ErrorInfo;
} else {
  echo "Message sent!";
}
          
// delete the files created
unlink('/var/www/kindle/'.$filename.'.mobi');
unlink('/var/www/kindle/'.$filename.'.html');

?>