Tuesday, May 22, 2007

Remote access to an USB drive

I purchased recently a MV-4000 Mvix Media Center from newegg.com. This is Mvix’s lowest end product and the cheapest you can find. It lacks Ethernet connection in favor of USB connection. At the beginning it looked like a good deal, but the hassle of moving the device back and forth between the living room (where the TV) is and computer room became annoying.

So I start looking for ways to access this device remotely, without disconnecting it from my entertainment center. Until now I found the following solutions:

Regular USB Cable – available for a few dollars from various stores
Advantage: hi-speed connection
Disadvantage: maximum 16ft

USB 2.0 Active Extension Cable – available for $16.95 from sewelldirect.com
Advantage: hi-speed connection. 5 such cables can be linked together for a maximum of 80ft
Disadvantage: new wiring

Belkin Wireless USB Hub - available from newegg for $185.99
Advantage: Wireless
Disadvantage: bad performance (about 30% of the wired connection)

Silex SX-5000U2 10/100Mbps USB 2.0 Device Server - $199.95 from sewelldirect.com
Advantage: extend USB cable via CAT5
Disadvantage: price and slower than USB2.0

Black Box USB 2.0 to CAT5 Extender - $649.95 from sewelldirect.com
Advantage: extend USB cable via CAT5 without affecting USB2.0 speed.
Disadvantage: price

LINKSYS NSLU2 Network Storage Link for USB2.0 Disk Drives - $79.99 from newegg
Advantage: Turn an USB drive into a NAS available on local network
Disadvantage: Slower than USB 2.0

Any NAS with USB Host Port
Advantage: seamlessly integrate the USB drive with a NAS. Good performance if Gigabit available.
Disadvantage: should keep NAS near USB drive.

Friday, May 18, 2007

Online media protection

I recently came upon an online radio website with an impressive library of old rock. After the visitor selects the artist, the album and the song a popup opens with an embedded Windows Media Player and the song begins.



Since the website is the online presence of a well known public radio station, they took their time to protect all their hosted music, so only site visitors listen and comment the music and not allow illegal downloads.

I will now give here the web site address but instead I’ll present their protection mechanism, which I consider may be useful to other online radio webmasters to protect their hosted music. It may be also useful to online video hosting services to protect their video clips.

To ease the understanding let’s invent a virtual site called radio4.net, with a song archive located at: http://library.radio4.net/ (please remember that the address is not real and was invented for exemplification only). The key to this implementation is to have a server side technology that supports the concept of Session (see PHP or ASP.NET).

Let’s now examine step by step browser-server communication:

Step 1. The visitor browses the archive and selects a song. The browser makes an Http request like the following:

GET http://library.radio4.net/playme.php?songid=63 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)
...


Step 2. To the above request the server will send a response like this:

HTTP/1.1 200 OK
Date: Sat, 19 May 2007 01:08:20 GMT
Server: Apache/2.0.59 (Win32) PHP/4.4.4
X-Powered-By: PHP/4.4.4
Set-Cookie: SID=ff1a17742e953d21571baea03bfaab87; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 2213
Content-Type: text/html

...

[object classid="CLSID:22D6F312-B0F6-11D0-94AB-0080C74C7E95"
codebase="http:// activex.microsoft.com/nsmp2inf.cab"
type="application/x-oleobject" align="middle"]
[param name="FileName"
value="http:// library.radio4.net/song-ff1a17742e953d21571baea03bfaab87-63.wma"]
[embed type="application/x-mplayer2"
src="http:// library.radio4.net/song-ff1a17742e953d21571baea03bfaab87-63.wma"]
[/embed]
[/object]


...

Step 3. The embedded Windows Media Player will make the request to specified Url:

http:// library.radio4.net/song-ff1a17742e953d21571baea03bfaab87-63.wma

If you examine carefully the above steps you’ll notice that the song Url contains embedded 2 pieces of information: the actual song id and the session id. The session id information coded inside the url should match the web session id of the server otherwise the request will be denied.

If an attacker will copy the song url and try to download it using a download manager, or even try open it with an external Media Player the server will detect this and will not provide the song content.

The method can be further improved by checking on the server side the UserAgent string of the application that requests the song. In case of Windows Media Player this will be “NSPlayer”. Requests coming from other clients will again be denied.

Although not hacker proof, this method contains enough protections to discourage the majority of users to download the content. Almost all standard download tools will fail on such protection.

For other methods of protecting web pages and web content, see also Prevent content stealing by protecting web pages article. And don’t forget that your feedback is very important. If you feel the need to comment anything please go ahead and do it.

Thursday, May 03, 2007

Use Skype to call anywhere in the world for free on Mother’s Day

Skype will offer free calls on Mother’s Day (May 13th 2007, 5:00 am EST to May 14th 2007 4:59 am EST) to US and Canada residents.

During this interval calls originating from specified locations placed to both mobile and landline phones will be free. Skype advice to limit your phone calls to 200 minutes / computer during the offer period.

Wednesday, May 02, 2007

Virtual Appliances

Virtual Appliances are nothing more than preinstalled virtual machines. Due to obvious licensing limitations the majority of public virtual appliances are Linux based. While the concept is very nice and very useful for software demonstrations, due to the considerable overhead of guest OS until now it didn’t catch with home users.

At this moment all 3 major players in desktop virtualization are either offering virtual appliances or maintain an appliance marketplace.

VMware Virtual Appliances



Microsoft Virtual Appliances



Parallels Virtual Appliances

Build VMware player compatible virtual machines for free

If you have VMware Workstation then this post is not for you since the Workstation has all the bells and whistles to create and maintain virtual machines using visual tools.

So if you don’t have the above mention (and highly recommended) tool you can use alternative methods to create virtual machines for VMware Player:

Use VMware Server

This is also available for free from VMware. If you happen to use the VMware Server for server virtualization in your organization then you should have no problems at all to open a VMware Server virtual machine with VMware Player.

Use easyvmx.com

Using the online tools from easyvmx.com you can generate virtual machines startup files. Although pretty complex the tool doesn’t have the visual advantages of previous solution.

Use VMX Builder

This is a deskop application available from this web site. On the same page you’ll also find a couple of somehow useful utilities.

Edit .vmx files using notepad

Even .vmx files are text files do this only as a last resort or for minor and easy to do changes. You can even generate disk images using only Windows command line tools.

For an virtualization overview and available technologies check first this article.

Microsoft Silverlight – A Flash Killer?

Microsoft announced Silverlight, a XAML based platform with mini .NET CLR platform included. With this product it appears that Microsoft is targeting both web animations and rich experience web applications.

Microsoft affirmed that Silverlight will be cross platform framework available for IE, Firefox, Safari on both Windows and MAC OSX. Anyway, only the time will tell if this was only a marketing trick to help competing with Adobe Flash/Flex platform or Microsoft is indeed honoring its statements.

To find out more visit Silverlight site at http://www.silverlight.net/ and in case you are a developer don’t miss the getting started video.