Firefox and Chrome Private Browsing Not So Private

Recently, Chad Tilbury posted a blog article on Flash Cookie Forensics. If you didn’t already know, Adobe Flash stores cookies (actually called LSO’s) on your computer that act more or less like regular HTTP cookies, except they never expire. This got me thinking about the built-in private browsing settings found in the current versions of Firefox (3.5.2) and Chrome (2.0). Both of these browsers have an easy to use private browsing setting that block histories, HTTP cookies, form data, etc. In Firefox, private browsing is called “Private Browsing”, and Chrome has “Incognito” mode. After reading this article, I began wondering just how private Firefox’s and Chrome’s privacy settings were when it comes to Flash cookies. A couple of simple tests showed me that there isn’t much privacy at all.

The tests were simple: locate the storage of Flash cookies (as demonstrated in Chad Tilbury’s article), and see if cookies are being saved while browsing in Firefox’s Private Browsing mode, and in Google Chrome’s Incognito mode. Here is a screenshot of the Flash cookies stored on my computer before I began internet surfing in Firefox:

Firefox Private Browsing Before Surfing the Net

And here is a screenshot of the stored Flash cookies after I surfed to hulu.com in Firefox Private Browsing mode:

Firefox Private Browsing after Surfing to Hulu

As you can see, even when using Firefox Private Browsing, Flash cookies are saved to the computer. Let’s see how well Google Chrome’s Incognito mode does. Here is a before screenshot, with Chrome cracked open in Incognito mode and ready to surf:

Google Chrome in Incognito Before Surfing

After surfing to hulu.com in Chrome Incognito, the Flash cookie was clearly stored on my computer:

Google Chrome Incognito after Surfing to Hulu

The problem really shouldn’t be a surprise based on how Flash cookies work, and I am not reporting any thing new. It might not really be the browsers’ fault. Flash cookies aren’t handled by Chrome or Firefox, and thus the browser has no way to block them (as far as I understand it). Still, the private browsing features in Chrome and Firefox are a complete false sense of privacy and security. One might make the argument that both browsers should be able to build in protection against Flash cookies. As Chad mentions in his article, Firefox has an add-on called BetterPrivacy that can manage Flash cookies, and No Script blocks Flash completely, so if an add-on can do it, why can’t it be built into the browser? By the way, as far as I can tell, there isn’t a similar add-on for Chrome.

(This article is dedicated to my friend, John.)

How to Install and Fix Stumbler Plus Crashes on an iPhone (Jailbroken)

Google seems to have a lot of older forum discussions about how to get Stumbler Plus to work on the iPhone. Most of these discussions revolve around an old upgrade that resulted in a crashing state for this app. However, I have found that new installations of Stumbler Plus from Cydia also crash, and the fixes described in a lot of the Google results don’t solve the problem.

Before you can do this, your phone must be jailbroken, and you need to have OpenSSH up and running. If you are using Windows, you will need a command line SSH client like Putty and pscp.exe. Remember to turn off OpenSSH on your iPhone after this is done (there is no need to leave the service running. Anyone can scan your phone and find the service running on your phone).

To install Stumbler Plus on a jailbroken iPhone, first install it from Cydia. The app will crash as soon as it is launched. Follow these instructions to get it working properly. If you are using Windows and have downloaded pscp.exe, use pscp.exe where these instructions say to use “scp” to copy the Stumbler package to your phone. Use putty to ssh into your phone to complete the rest of the steps from the Stumbler website. If you are not comfortable using putty, you can also use the MobileTerminal application from Cydia directly on your phone.

My Twitter

Follow me on Twitter: http://twitter.com/Dantheman_13

Naming Computers in LANDesk Upgrade

Late last year I wrote an article on how to rename computers before an image is applied during LANDesk’s OSD process (read this article first if you haven’t already). Here at CSN, we PXE boot our faculty/staff computers into LANDesk’s specially configured WinPE, which launches a GUI menu of OSD tasks. These OSD tasks can be anything really, but that is a story for another article. My previous article about injecting the computer name into the Sysprep.inf file used a VBScript. I have since then upgraded to an AutoIt script that gives us more options.

First, let me give a brief explanation of our environment. We have a parent domain, and a child domain for students. We have four LANDesk agent configurations: one for labs and classrooms, one for office computers, one for laptops, and one for computers that don’t reside on our network. The LANDesk agent gets installed during the GUIRunOnce section of Sysprep. So, I upgraded our OSD task to prompt the technician to select which domain to join (or none), and which LANDesk agent to install. Here is the script. I won’t go through line by line like I did for the VBScript; you’ll just have to visit the AutoIt documentation website to look up some of the functions. Re-read my previous article on how I did the VBScript. The AutoIt script follows the exact same logic, but expands the idea to add more options. You can download it here.

AutoIt scripts can easily be converted into an executable using AutoIt’s “Compile Script to .exe” tool.

I guess I also owe an explanation on how tokreplw.exe works. You can probably get this file by downloading the trial version of LANDesk Management Suite. This command takes two inputs: a file and a pair of tokens. The file is obvious, this is the target file to look at for token replacement. The token syntax is VARIABLE=VALUE, where VARIABLE appears in your target file as %VARIABLE%, and the value is whatever you decide. For example let’s examine one line in the prename.au3 script, line 35:

FileWriteLine($f, "tokreplw c:\sysprep\sysprep.inf DOMAIN=CSN")

To help not confuse the Autoit portion of the code, we’ll break this down to the tokreplw command:

tokreplw c:\sysprep\sysprep.inf DOMAIN=CSN

So, the “c:\sysprep\sysprep.inf” file is targeted. Within this file, an occurrence of the variable %DOMAIN% will be replaced with the value of CSN, which is the name of our parent domain. If we crack open our sysprep.inf file (do an Advanced Edit in LANDesk Console), we have this:

[Identification]
%NOWG%JoinDomain=%DOMAIN%
DomainAdmin=csn\BadBoy
DomainAdminPassword=LeeroyJenkins
%WG%JoinWorkgroup=WORKGROUP

You can see the %DOMAIN% variable here. You will also notice several other variables as well. I use tokreplw to manipulate the sysprep.inf file dynamically, depending on what the technician chooses. If the tech selects to join a domain then %NOWG% becomes blank, and %DOMAIN% becomes the name of one of our two domains. The %WG% variable becomes a semicolon, which comments out the JoinWorkgroup line. If the tech does not select to join a domain, then %NOWG% becomes a semicolon, which comments out the JoinDomain line, and %WG% becomes blank. This configures the sysprep.inf file to join the computer to a workgroup instead.

Feel free to ask any questions about the script, and I will do my best to answer them.

Google Voice on the iPhone

You can currently get an invite for Google Voice. The invitation came right away for me. The only problem is Apple rejected the Google Voice app for iPhones. Of course, this isn’t a big deal for people who have jailbroken phones. With Cydia installed, you can download GV Mobile, and make phone calls through your Google Voice account.

So what is Google Voice, and why would you want one? Let me tell you right now that this thing is cool once you grasp how it works and see it in real time! GV works like this: Google gives you an account and a phone number. In your Google Voice account, you enter your cell phone number, home number, and/or work number. When someone calls your Google voice number, it forwards the phone call to all of your listed phone numbers! You can even specify which numbers ring based on who the caller is. If you have more than one phone, this really allows you to consolidate your phone numbers into one number. I am sure that if you spend any time thinking about the possibilities for this application, you can realize that the uses for this could be huge! For example, you can give your home or cell number to agencies or businesses, while keeping your Google Voice phone number private for friends and family. The main concept to remember here is that your Google Voice number isn’t tied to a phone or device, it is tied to you.

GV also has a lot of neat features, particularly related to voicemail. You can have different greetings for different callers or groups of callers based on your Google Contacts. You can listen to voicemail on the Google Voice webpage. Voicemail is transcribed into text, both when you receive it on your phone (at least for the iPhone), and when you check it on the web. You can forward voicemail recordings to email, or even embed them on websites. GV can record phone call conversations, and listen to a voicemail message as it is being recorded. If you decide to take the call, you can do that too (provided the caller doesn’t hang up of course). Here is the list of things GV can do with links to short videos on how they work.

The one last thing that impressed me, and really sold me on Google Voice, is the international rates. This alone is a good reason to have Google Voice. I occasionally have the need to call Australia, which is only $0.03 a minute. Compare that to my cell phone provider’s international rate, which is $3.50 per minute for the same phone call. I just couldn’t pass that up.

Unfortunately, Google Voice is only available in the USA. There are plans to add it in other countries though. I highly advise folks to go to the GV website and apply for an invitation. If you have a Google or Gmail account, use that if you can. I don’t know if it makes a difference, but I signed up using my Gmail account which I have had for a few years now, and got my invitation instantly. Good luck!

Internet Communities Making Revolutionary Changes

I’ve recently discovered an interesting phenomenon creeping up on then net. Well, political grassroots movements are not new to the internet at all. Every organization out there has a website, some using technology with varying levels of effectiveness. Politicians are using the net to communicate their platforms. Online communities have been around for a long time, from the early days of Usenet, to web bulletin boards, and now Web 2.0 sites like Youtube, Facebook, and Twitter. One impressive grassroots Youtube movement in particular has caught my eye as a movement that has stood out with a rather amazing and recent success story.

A couple of months ago, I watched an interesting vlog on Youtube from AtheneWins. As an ex-WoW player, I’ve watched Athene videos before, particularly for their humor. The rather large following that Athene videos have created apparently lead to a spin-off by the amateur film makers of the AtheneWins videos, I Power. I Power’s focus was self-improvement, and, more to the point of this article, politics. I Power has taken a particular stance on supporting Net Neutrality in Europe.

I had known about Net Neutrality before, but this was the first that I heard about it being considered in European Parliament. As a US citizen, I suddenly became increasingly interested in Net Neutrality. If laws could be passed in Europe that allow ISP’s or governments to restrict what their users can view on the internet, why couldn’t it happen in the US?

Inspiration happened when I Power posted an “emergency” video on on Youtube that encouraged Europeans to contact their Parliament, and support Net Neutrality. The video got 40,000 hits. As a skeptical, somewhat apathetic American, I had to wonder just how this would affect the European Parliament’s decision on whether or not to allow ISP’s to control the content of the internet as it’s delivered to their customers.

A few days later, I Power posted this follow up video announcing a victory in protecting Net Neutrality. Apparently, European Parliament members received so many letters, emails, and phone calls, that they realized just how important Net Neutrality is to the internet as we know it today, and refused to allow ISP’s the ability to control what content their users could view. I couldn’t believe it!

This is a very real example of how online communities are making their voices heard, and making a difference. You always hear about how the “world is being changed by technology”, and the “internet is a huge part of change”. From politicians using Youtube and Twitter to spread their campaign message, to the leaked Iran protests videos (which Iran’s government has tried to suppress by blocking direct access to Youtube), these are more than just buzz words. The success of I Power stands out as one of the most impressive examples of how every day people can use technology to make their voices heard, and when voices are heard by politicians (in democratic countries), change can become a reality.

A Windows SSH Client with Tabs

I’ve decided to upload my SSH client code, written in C# for Windows, to Sourceforge. This is very unfinished, buggy, and probably not well written. There is no installer yet. I need to update the telnet code since the library I am using (and had to hack to include some basic telnet negotiation code) has been updated. I am not sure how much of the telnet code I need to change, but the library looks like it has been improved quite a bit. The site manager portion of the code is also very unfinished, and I would like to finish that as well before making an installer for this program.

Here’s the code

iPhone with Exchange and Google Calendar

I finally broke down and got myself an iPhone. I must say that my initial reaction to the phone was partial excitement, and partial disappointment. You see, I’ve never owned a Smart Phone before. I had high expectations for these devices. I knew there were limitations, such as only being able to run one app at a time on iPhones, and no Flash Player. However, I was still willing to give this device a try.

One of the things that aggravated me was the lack of information on how to set up two separate Calendars on the iPhone. Apparently, the iPhone can only recently do this. I finally found the technical information I was looking for on how the iPhone Calendar/Mail apps actually work on Stephen Foskett’s Blog.

You see, I, like many, use Exchange Server 2008 for work, but I also needed a separate personal Calendar, particularly for reminding me about personal appointments. I had a Google account that would be perfect for this if I could get it to sync onto my iPhone. Google now has an ActiveSync application, which will sync your Google email, Contacts, and Calendar. However, there was one problem. If you read Foskett’s blog, you’ll learn that you can only have one ActiveSync (Exchange) account on your iPhone at a time. Now, the iPhone can easily add multiple Mailboxes without a problem. I added my Gmail account as a new email account on my iPhone, along with my existing Exchange account, and both accounts were kept separate. However, this only added my Google email, and not my Google Calendar.

As of now, I am still left without a solution to this.

Well, there is a solution, but it involves jailbreaking your iPhone using “redsn0w” for 3G and 3GS iPhones. After this is accomplished, an application called NemusSync can be installed using Cydia that will create a second, separate Calendar on your iPhone. You then launch the NemusSync app, and manually sync your Google Calendar. Too bad this isn’t built into the iPhone!

Message to Mythic

Below is a post I made on the VN boards in regards to what players want in regards to keeps in Warhammer Online:

Everyone knows that there is currently no incentive to defend a keep or BO right now, other than trying to cap a zone. However, capping a zone is such an involved, and seemingly random thing that this currently does not qualify as an incentive in my opinion. People play this game to RvR, but they also play the game to advance and experience the end game. Put simply, advancement is made by capping zones. The oRvR experience and the VP system are deeply interconnected within the player experience, and I think that this interconnectness needs to be exploited by Mythic to produce a potentially awesome gaming experience.

We need incentive to defend keeps, and I think that incentive should be focused on the VP system. Such a solution could also solve another problem with Warhammer: the VP system currently does not appeal to players. This system in its current, seemingly obscure and random form, is just not tangible to us. Right now, the only realistic way to cap a zone is to win scenarios. When enough VP’s are accumulated from winning scenarios, we quickly take the keeps and hope we have enough VP’s to cap when we are done. This “rush” to take keeps in a zone does not create keep defense. There is also currently no reason to defend a keep unless you are really close to capping a zone from winning scenarios. So, Mythic should shift the focus from scenario wins, to success in oRvR to solve both problems in one blow. The system of static VP’s from keeps and maybe BO’s has to go.

Here are a couple of ideas that could be applied, perhaps with some modifications (the VP system is very complex, and I am far from understanding its complexities). Neither of the two ideas are original, but within this context they could work to help make this game really great:

Idea #1: If a keep is captured by a realm, and/or possibly only when claimed by a guild, it will slowly trickle in VP’s for that realm. When a keep is taken back by the enemy realm, those VP’s are lost, including the accumulated VP’s (or maybe VP decay would take care of this, but only after a certain amount of time has passed.). So, if a realm can hold a zone for a reasonable time length (maybe 2 days for example), then it should have a higher chance of capping the zone, depending on how well the realm is doing in scenarios. Winning scenarios would still be a factor, but less of one.

Idea #2: Instead of Idea #1, capturing all of the keeps and/or BO’s could result in VP decay being halted. Currently, VP decay is set in place to balance against a sweep of (perhaps lucky) scenario wins, which is good in theory, but from experience it can also be very demoralizing when you’ve worked with your entire realm to cap a zone, and there just aren’t enough quick, back-to-back scenario wins to do it. Perhaps the VP decay system itself needs to be redone, but in the meantime this idea would give a realm incentive to defend taken keeps/BO’s if defending will help cap the zone.

These are not the only ideas that could work. The important thing that I would like to communicate to Mythic as a player who loves this game, but wants it to improve is that they should use the inherited interest of players to cap a zone and advance the game, to increase keep defense and game play in oRvR. This is what the player base wants, and I think Mythic could easily give it to us. Being successful in oRvR should lead to being successful in pushing or defending zones.

Thank you,
BB

Naming Computers and LANDesk OSD

LANDesk puts out a technical paper on how to accomplish Hardware Independent Imaging with its Management Suite.  If you don’t know what HII is, basically it is the process of creating a single image or imaging task that will work regardless of your hardware.  LANDesk’s tools plus Sysprep create a very easy to maintain HII imaging solution.  However, I wanted to add a little piece of of my own to this mix.

We have a newly implemented naming convention here at CSN.  This was very thoroughly thought out by many people, but more or less the naming convention identifies a computer’s location, and its asset tag number.  With the documentation on HII that LANDesk provides, a computer must be named properly in the LANDesk database, or named after the imaging task has finished.  Since our computers move from one location to another quite often, and renaming computers in the LANDesk database is not easy, I created a way for technicians to name the computer before the imaging process begins.  Once named, the computer images, and reboots into Sysprep where it joins the domain and installs all of its device drivers.  Wonderful!

Now, if you are not familiar with LANDesk, a lot of this won’t make sense.  Basically, LANDesk OSD scripts are a text file which you can alter to your liking much like any other scripting method.  Now, to get started with adding dynamic renaming to the script, I enter the following command into the LANDesk OSD script in the part just before the imaging command is executed:

REMEXEC259=sdclient /f /o /dest="X:\ldclient\pcname.vbs" /p="http://server/PC_Rename/pcname.vbs", STATUS

SDCLIENT.EXE is the swiss army knife utility of LANDesk.  It does lots of stuff.  Here it just copies a file from an HTTP share onto the WinPE environment.  I then add another line right underneath the one I just created that will execute the pcname.vbs script that was just copied from a server:

REMEXEC260=cscript x:\ldclient\pcname.vbs

So, let’s take a look at the contents of the pcname.vbs file.  Keep in mind that I do have a programming educational background, but I’ve never done any vbscripting before this, so the script may not be the most elegant vbscript around:

Dim objShell
Dim getName
Dim objFSO
Dim f

Set objShell = WScript.CreateObject("WScript.Shell")
getName = InputBox("What is the computer's name? Press Cancel to rename and rejoin the Domain later.")

set objFSO = CreateObject("Scripting.FileSystemObject")
set f = objFSO.CreateTextFile("x:\\LDClient\\insertname.bat", 2)
If getName <> "" Then
f.WriteLine("tokreplw c:\sysprep\sysprep.inf COMPUTERNAME=" & getName)
Else
f.WriteLine("tokreplw C:\sysprep\sysprep.inf COMPUTERNAME=%Computer - Device Name%")
End If
f.close

So, for a rough explanation of this vbscript.  First, an input box is called, which prompts the technician to input the computer’s name.  Whatever the user enters is returned to the variable “getName”.  A batch file is created that will get executed by the LANDesk OSD script later, “insertname.bat”.  If the user enters something, then the batch file is created with a single tokreplw command containing the text as an argument to the tokrepw command.  If the user does not enter anything, or presses cancel, then the batch file gets created with the original naming command that LANDesk put into the script originally.  I’ll go into tokreplw in a later post.

I mentioned that LANDesk creates its own naming command. Let me expand on that. By default, LANDesk attempts to find the name of the computer in the LANDesk database and name the computer for us.  The line that LANDesk puts into the OSD script when you initially create the OSD task in the LANDesk Management Suite Console looks like this (note that when you create a LANDesk OSD script, you do not see the actual text of the script. Instead, the LANDesk administrator uses a GUI wizard to create the OSD script. The OSD script can be opened in a text editor by selecting the OSD task and selecting “Advanced Edit”):

REMEXEC29=tokreplw C:\sysprep\sysprep.inf COMPUTERNAME=%Computer - Device Name%

Looks very similar to the contents of our batch file, doesn’t it?  We simply remove the command for REMEXEC29, and replace it with the execution of our batch file:

REMEXEC29=cmd /c x:\ldclient\insertname.bat

Instead of the computer getting the name that LANDesk thinks it should have, the technician can specify the name that the computer actually needs to have.  Since our computers move around a lot, their names change a lot.  This is convenient for our environment.

Well, that is all for now.  If I get a moment or two, I will try to pump out a post about the mysterious tokrepw program.