Sven Slootweg's Blog

Have you ever wanted to provide live support, or even just a way to chat to the visitors of your site? But were you put off by the price, hassle, or platform restrictions of the regular Live Support packages that can be downloaded? There’s quite an easy solution.

A while ago, Meebo launched a “widget” called MeeboMe, for this exact purpose. However, you were required to use Meebo in order to actually make use of it, which is quite annoying if there is no Meebo Notifier for your system (Linux for example), and you need to keep Meebo open in a browser tab all the time. I’ve had this exact same problem (while wanting to offer Live Support for www.YuNicc.ws), so I started searching. I came across several pages, and several configurations, and in the end I found one that seemed to work.

I am making use of Pidgin, a free crossplatform Instant Messaging client supporting a lot (and I mean a LOT) of networks, including the MSN, Yahoo, and AIM networks, as well as Jabber/XMPP-based networks like Google Talk. Now luck has it that Meebo built their platform on that exact same XMPP protocol, which means we can easily use it in Pidgin if we know how to configure it.

But then we have another problem. XMPP works with “contact lists” as well, and that means you would get a friend request for every new user of your Live Support, something which may be very annoying for many people. But for that, there is a plugin. Let me explain how it works:

1. First download Pidgin if you don’t already have it. You can get it for free from http://www.pidgin.im/ (you may want to use Adium for Mac OS X, which is built on the same libraries).

2. Download the MeeboMe Widget Plugin from http://jrpomeroy.com/pidgin/ and place it in your plugin directory (directories are listed on the download page).

3. Make a Meebo account and MeeboMe widget at www.meebome.com. It’s free. Be sure to choose a representative name like your real name or the name “Live Support” as your screen name, it is what others will see. You might also want to change the title to “Live Support”.

3. Add a new account. Use XMPP as protocol, with the following settings:
Username: <your Meebo username>
Password: <your Meebo password> (also, click Remember Password)
Resource: Pidgin
Domain: meebo.org

4. BEFORE clicking OK, go to the Advanced tab. UNCHECK the “SSL/TLS” box (it doesn’t work with Meebo, apparently), CHECK the “allow unencrypted data” checkbox, and enter the following:
Connection server: meebo.org
Connection port:  5222

5. Click OK now. Go to  Extra -> Plugins and enable the MeeboMe plugin.

6. If everything is OK, you should now be connected to Meebo without errors. Grab the URL of the swf file from the “embed” code the MeeboMe site gave you, and paste it into your browser address bar. If everything is set up the right way, you should get a message on Pidgin as soon as you start talking in the MeeboMe widget. You can use the entire embed code in your website to offer support, or, if you are using a popup or direct link, just give them the URL to the SWF file.

7. You’re done!

Quite a weird sight on my MSN account today. Someone I haven’t talked to in ages suddenly started talking to me. The conversation went somewhat like this:

(00:34:39) David: Hey are you there?
(00:42:46) Me: yus
(00:43:17) David: i just took an IQ quiz
(00:43:39) Me: what was the result then?
(00:44:04) David: I was smarter than I am! I scored 111
(00:44:13) Me: lol
(00:44:40) David: you gotta see if u can do better than me, <harmful link>
(00:45:47) Me: :S
(00:47:34) Me: are you a bot?
(00:48:10) David: im not a bot silly, its me

It actually took me until the (very suspicious) link to realize that it was a bot I was talking to, and not the person I thought was behind it.

And yes, I did click the link. Why? I was wondering what would happen, and since I’m running Linux anyway I didn’t expect anything bad to happen. After all, it’s most likely written for Windows. And I was right: nothing happened.

On another forum, I read an even more curious case. The following is a snippet from a forum post on http://rumtumblurpei.blogspot.com/2010/07/new-msn-virus.html?showComment=1281585428280#c5009037735819209825:

BIG says:
tell me something only noah would know
BIG says:
lol
NOAH says:
are you kidding? its me and not some bot, stop this

MSN worms are sure getting smarter, these days.

I have been neglecting my blog lately. I’ve been very busy with projects like YuNicc, as well as some other freelance and personal projects I can’t release any information about yet. I’ll try to write more articles when I have time. I will also write about some other subjects occasionally, that aren’t directly IT-related… just to make it a little bit more interesting.

Keep an eye on my blog.

I recently ordered a pretty amazing product from China. It’s called the Dingoo A320, also known as Gemei A320 or Chinavasion Multi Platform Portable Gaming Entertainment Station (yes, that’s really the name Chinavasion gives it).

Even though I haven’t received my Dingoo A320 yet, I’m going to write some stuff about it in advance. As soon as I get it, I will write a review and post it on this weblog.

In short, it’s an amazing multimedia device. Some pictures to drool at (this is the black version, there is also a white version available):

It has some very amazing specs for a multimedia player from China. Some of the most remarkable specs:
* Built-in emulators for 3D/CPS2/CPS1/GBA/MVS/NEOGEO/NES/SFC (SNES)/SMD
* 7-8 hours battery life (not just manufacturer claimed, it’s actually been tested on this)
* Lightweight: 110 grams
* Plays MP4, AVI (even DivX and XviD), RealMedia, Quicktime MOV, ASF, 3GP, Flash Video, SWF (up to Flash 6), MP3, FLAC, APE, RealAudio, WMA, WAV
* 4GB internal flash memory, has a MiniSDHC slot to further expand the memory
* Comes with USB data/charging cable (including power socket to USB adaptor), earplugs, and most important, a manual in decent English
* Built-in FM radio.
* Microphone. Besides recording from the microphone, it can also record from the FM radio, which is pretty unique!
* Has four action buttons, a d-pad (directional button), shoulder buttons, and start/select buttons. Oh, and a power button of course.
* One of the most remarkable features: it has TV-Out. You can hook it up to your TV screen, and actually watch a movie or play a game on your TV using your Dingoo. As far as I know, it outputs DVD resolution/quality from the TV-Out, and the video is really clear and high quality.

Some tech specs:
* CPU Ingenic JZ4732 @ 336MHz, underclocked from 400MHz (MIPS architecture)
* RAM 32MB at 133MHz
* 2.8″ LCD Display

Also, a Linux distribution has been made for the Dingoo A320, called Dingux. It can be used to run better emulators (since some problems have been reported with the original emulators) and play homebrew games. TV output, however, is not yet supported in Dinugx as far as I know. Since you can actually choose whether to start the original firmware or Dingux when you power it on, that shouldn’t really be a problem.

Another very good thing about the Dingoo A320 is that Dingoo Digital actively encourages homebrew. They released a Software Development Kit, and did not implement any security measures regarding unofficial applications. A lot of homebrew has been developed for the Dingoo A320, including Dingux. A more complete list of homebrew applications and ports of arcade/PC games is below.

Homebrew Emulators
* Game Boy and Game Boy Color
* MSX (openMSX dingux)
* Neo Geo Pocket
* PC Engine (in progress)
* Picodrive Megadrive/MegaCD (dingux)
* Sega Master System and Sega Game Gear (in progress)
* WonderSwan and WonderSwan Color (in progress)
* Magnavox Odyssey 2
* ColecoVision

Arcade Game Ports
* Centipede and Millipede
* MAME
* Mikie (Konami arcade game)
* Pac-man en Ms. Pac-man
* FinalBurn Alpha

PC/Console Game Ports
* Prboom Engine (Doom, Hexen, Heretic, Duke3d)
* Quake
* Dodgin’ Diamonds 1 and 2
* Biniax 2
* Gnurobbo
* Super Transball 2
* Defendguin
* Waternet
* Sdlroids
* Spout
* Tyrian
* Rise of the Triads
* Open Liero
* REminiscence
* Blockrage

The one thing that is really missing on the Dingoo is a volume control button. This has to be done from the firmware/Dingux menu. Hacks for this exist, but it’s just one thing they could’ve improved. Since the processing power of a Dingoo A320 is pretty close to that of a PSP, I’m fairly impressed with this new console. I’ll test it when I receive it, and of course I will write a review for you all to read here

Now of course, you are wondering how much this beauty cost me. Including a protection case (that was actually meant for portable hard drives, but the Dingoo fits just right in there), a flat to round power plug converter (it comes with a flat plug), and a MicroSD to MiniSD converter (since MiniSD cards are very expensive, and MicroSD is a lot cheaper), our grand total is a whopping €61,41.

Now that’s cheap, isn’t it?

Ok, basically I’ve been deleting over 30 spam messages, and banning over 20 IPs in the past few minutes. *Someone* thinks it’s fun to spam my blog to pieces. Anyway, I just implemented reCAPTCHA, which means you will have to solve a so-called captcha code every time you post a comment. This shouldn’t be a problem for most users. If you have any issues with it, you can always contact me at info@sven-slootweg.nl.

Now let’s hope the spam bots stay away. And no, I don’t want Viagra.

A lot of people think a ‘hacker’ is either a cybercriminal that breaks in to computers, or a security expert that looks for vulnerabilities and holes in software, and tells the programmer about it. However, both of these are quite wrong. Not completely wrong, but a ‘hacker’ sure isn’t limited to those two.

As defined on http://catb.org/~esr/faqs/hacker-howto.html#what_is, a hacker builds things and a cracker breaks them. Therefore, a cybercriminal would be a cracker, because he breaks a certain piece of security. A virus writer, however, would be both a hacker and a cracker. At the same time he builds something (he writes a virus), and breaks something (he tries to circumvent a security mechanism).

Then a cybercriminal can still be a hacker?
Yes and no. Technically a virus writer would also be a hacker, but since his ultimate goal is to break something, it would be safer to call him a cracker, since writing a virus is only done in order to achieve the circumvention of a security mechanism (aside from criminal intentions). A better example of a hacker would be someone taking a trash can, and using it as a casing for his computer. He uses the trash can for something it’s not intended for, in order to invent (or build) something new: a trash can computer.

But why do all the newspapers, news sites, television channels, etc. say that a hacker breaks into computers?
Ever since the first people that tried to spread virii* became active, these people have been calling themselves hackers. Since a lot of people came to believe it, the media adapted this definition, to keep it simple. Media are nearly always simple. If you watch the news, and they tell someone has been murdered, they won’t tell you what type of gun was used, because there is fair chance you are not interested in any more information than what has happened. It’s the same with crackers. Since people are not interested in a definition (they want their news to be short and simple) the media just assume everyone understands what they mean when they say ‘hacker’ .

Are hackers always those nerdy IT guys?
Of course not! Anyone who invents something is a hacker: he builds something new. Thomas Edison was a hacker. Leonardo Da Vinci was a hacker. Painters and singers are, technically seen, hackers as well (provided they don’t use parts of other peoples work, of course). You can be hacker if you find a creative way to stop that annoying leaking drain.

A last tip: There is a very good video on the internet, that you can watch to get a better feeling of what a hacker is. Even though this video mainly focuses on IT hackers, it can be a very educative 43 minutes. You can watch the video at http://www.veryangrytoad.com/video/180/Hackers-Are-People-Too.

I’ve had the problem myself. Many people have had the problem. After uninstalling the great but oh so laggy Aston Shell, you suddenly can’t get your taskbar back after explorer.exe crashes. Or worse, you don’t get any taskbar at all. But there is a fix.

Using some information gathered from various forums, I compiled a tiny little registry patch that cures the problem. It simply resets the default shell to explorer.exe (something the Aston Shell Uninstall usually forgets). Apply the patch, reboot, and everything should be working again!

You can get the patch here: http://sven-slootweg.nl/downloads/download.php?id=9

If you have any problems, feel free to post a comment.

A new law has been accepted in the Netherlands. It states that any Dutch citizen that wants to renew his passport or identification card, will need to give his fingerprints upon request. While the European laws indicate that two fingerprints have to be made, and have to be stored on the proof of identification, the Dutch government has decided to not only take 4 fingerprints instead of the 2 fingerprints that will be stored on the chip, but also to store all four of them in a nation-wide database.

A video from privacymatters.nl illustrates really well why this is a serious threat. People will say “I don’t have anything to hide”. But how would it feel to be tracked 24/7? How would it feel to know that the government can check up on what you say to your wife over the phone, or even worse, how would it feel if you were put in with a group of suspects for a criminal act, based on your fingerprints?

As the margin for comparison mistakes of fingerprints will be about 3%, there is a huge risk of getting involved with cases you initially had nothing to do with. Imagine a database with 16 million people. 3% of 16 million is still 480.000 wrongly suspected victims.

There are some exceptions however. If, for some reason, you cannot give fingerprints (medical conditions and such) you will be granted a proof of identification that will have to be renewed after 5 years. If the medical condition is only temporary, you will be granted a proof of identification that is valid for one year, after which it will have to be re-evaluated.

The government is not allowed to use the fingerprints in the database to look for a suspect. At least, not according to current law. In the law, however, there is a loophole that might allow the government to do this later. Which means the exact scenario I just outlined is actually possible.

Vrijbit, a Dutch organization that fights the disappearing of privacy, filed a complaint with the European Court of Human Rights about the storage of all fingerprints in a central database. Maybe the court will take action, but I’m very afraid that we don’t actually have any say in this.

The worst thing is that you have to renew your identification in time. Which means you have to give your fingerprints, and you can’t complain. Simply because walking around without a valid ID can get you in trouble. And given the current level of security of the Dutch government’s IT business, I don’t trust this at all. Besides being watched by the government 24/7 (your fingerprints are stored on a remotely readable RFID chip), criminals might get access to the database and use it against you.

Technological advancements aren’t always a good thing.

Watch the privacymatters.nl video here with English subtitles: http://www.youtube.com/watch?v=fAq9ExbZFQQ

Sources used for this article:
The article on the new law by Wilmer Heck and Annemarie Kas in nrc.next, Friday September 18, 2009
http://www.onzeprivacy.nl/
http://www.privacymatters.nl/
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2009:142:0001:0004:EN:PDF

A few people that have been active in the P2P scene a few years ago might still remember it: WinMX.

A really old and officially unsupported program, and believed by many people to be dead. What a lot of people do not know, is that it’s still alive and kicking, thanks to a patch from the community.

The creation of WinMX, and it’s downfall
In october 2000, the people at Frontcode created a P2P client by the name of WinMX. Only an OpenNap client at that time (using the Napster protocol), it already became very popular at that time. Many people liked the stability of the program, and the no-nonsense interface, while still maintaining a quite amazing featureset. However, in  2001, the RIAA cracked down on many P2P providers, and the OpenNap network fell. WinMX evolved very quickly, and on May 2, 2001, WinMX 2.5 was released, supporting a brand new network called the WinMX Peer Network (WPNP). It featured a system of primary non-firewalled (pass-on-the-data) nodes, and secondary firewalled nodes, who used the primary nodes in order to connect to the network. This made it possible to connect to the network, even when you were firewalled. The new protocol supported multi-source downloads, which meant you could download the same file from several users at the same time, this way shortening the download time. Because of all the users already using WinMX for its OpenNap access, the WPNP protocol became very popular in a very short amount of time.
However, in 2005, shortly after several sites noticed that it was one of the largest and most active networks, it was shut down by the RIAA. Frontcode received a cease and desist letter, forcing them to shut down both the peer servers (that were used to let peers know where other peers could be found) and the WinMX website. WinMX went dead in an instant.

But it’s not dead yet.
Only days after the WinMX site and peer cache servers are shut down, a patch is released by some WinMX enthusiasts. It enables WinMX users to once again connect to the network, using alternative peer cache servers. In fact, two independent groups both released a patch shortly afterwards, modifying the DNS for the WinMX domain. The first one was the PIE Patch, while the second one was the patch by WinMXGroup.com. The latter eventually changed into a DLL patch, which enabled the blocking of fake files and viruses from the network, while the former was generally seen as more stable and safe, because everybody could see what it contained (it only being a hosts file modification, and not a replacement of a critical WinMX file). PIE Patch, however, did not offer fake file blocking.

And then it happened…
The WinMXGroup patch, which I had been using as well as the PIE Patch, suddenly ceased support. I switched back to PIE, and not very long afterwards, on September 20, 2008, there was an announcement of a collaborative “community patch”. This patch was a DLL patch, and replaced both the (obsolete) WinMXGroup patch, and the PIE Patch. It quickly became popular, and right now just about everyone is using the Community Patch, except for those that still only use WinMX for OpenNap connections.

So, what’s so great about it?
In fact, the fact that not everybody knows there is a patch for it, leads to a network with higher quality. To date, there are (close to) zero fake files and viruses on the network. Nada, nothing, zilch, zero. Even though it’s sometimes hard to find the more rare files (in which case torrents might be a better choice), the network is very stable now, and of a very high quality. It has a chat room feature, which greatly integrates with the rest of the WinMX application. In fact, the chat rooms are the best way to find a certain type of file. If you are looking for the newest movie that just came out (but you know that’s illegal, blah blah blah) you just join a specialized movie release room, and ask if anyone has got it. 99.99% they have. WinMX is, in my experience, one of the first networks where releases appear, before appearing in torrents, on Limewire, etc. In fact, WinMX can be used for pretty much every kind of file or download, especially since it doesn’t have any technical limit on the filetypes. Any file can be shared.

But there must be drawbacks.
Sure there are. One of the most annoying drawbacks is that WinMX will attempt to download the wrong file if you click ‘yes’ on a “are you sure you want to download this executable” window while still loading the list of files. Another annoying thing about WinMX, is that it makes use of queues. While this keeps your download speed high (yes, downloads on the WinMX network are usually VERY fast, especially movies), it might lead to an hour of waiting for only 1 MP3 file. The last thing some people complain about is that the interface looks horrible, and is complicated. The general rule of thumb is: don’t look at the graphics, and just don’t touch any buttons of which you don’t understand what they do. Then everything will work just fine.

So…
If you want to try WinMX, you can get it from http://patch.winmxconex.com/. If you have any questions about WinMX, just drop me a line or post a comment. I’ve been using WinMX for a long time – and I mean long – and I might be able to answer them for you. I really recommend you at least try the software. It’s really a lost gem in the P2P world, and it’s a pity that the network is slowly getting less active (despite the active patch development). Oh, and don’t forget to look in the chat rooms. They are really worth your time.

Sources used:
http://www.slyck.com/news.php?story=925
http://www.zeropaid.com/news/9768/exclusive_winmxworld_announces_the_winmx_community_patch/
http://en.wikipedia.org/wiki/Winmx
http://www.slyck.com/winmx.php

Disclaimer: I do not encourage using WinMX for illegally downloading files. I can’t prevent it either, though. Be wise and use your own judgement, as applies to all my blog posts and software.

Oh, my. Google just released another doodle. This time it’s featuring crop circles, the filename is goog_e.gif, which might refer to the “missing” L in the image, and clicking on it leads you to a search page for “crop circles”.

Also, Google posted a Twitter clue again. This time, it contains coordinates. Looking these up on Google Maps brings us here:

Some other sites have been referring to H.G. Wells’ anniversary being the reason for these doodles.

Twitter users point out that the birthday of Wells – also the author of The Time Machine, The Invisible Man and The Island of Doctor Moreau – is just six days away, on 21 September, and believe the logo could be a “lead-up” to the anniversary, when Wells would have been 143 years old.
Source: http://www.guardian.co.uk/books/2009/sep/15/google-crop-circle-hg-wells

I really don’t have a clue about the true meaning of these doodles. This doodle seems unrelated to the O Campaign Foundation, which makes it even less logical. The only real meaning I could find right now was indeed H.G. Wells’ anniversary, which seems unlikely for me to be basing multiple doodles upon. Also, unexplainedphenomenon.org seems to be exactly the same as before this new doodle, so I don’t really think they will have an awful lot to do with it either. I’ll keep you updated.