69 reads per day and counting

Once again I really think I am helping/contributing to the community with this blog. Majority of the examples are done/notes for my own cause but it also serves as reference for beginners. I am helping.

Referenced once again. A forum has just bring on a reference on my blog: http://solucija.com/. I am so happy my blog is of service. Thanks Smoothie.
A promise. Been publishing and helping. Doing what I love to do plus charities being brought about, what else can I ask for? I will post more tutorials and notes in the following days/years to come.

Enjoy reading~!

why i hate drm (digital rights management)

I have come a long way to use and make my life an open source one. I mean the technical aspects of it, and the tools and equipment I am currently using. Free or open source softwares powers me and my pc but the release of the said law would just prevent/further limit the possible use of it.

DRM explained (wikipedia)

Digital Rights Management (generally abbreviated to DRM) is any of several technologies used by publishers (or copyright owners) to control access to and usage of digital data (such as software, music, movies) and hardware, handling usage restrictions associated with a specific instance of a digital work. The term often is confused with copy protection and technical protection measures (TPM). These two terms refer to technologies that control or restrict the use and access of digital media content on electronic devices with such technologies installed, acting as components of a DRM design.

Digital Rights Management is a controversial topic. Advocates argue DRM is necessary for copyright holders to prevent unauthorized duplication of their work to ensure continued revenue streams.^[1] Some critics of the technology, including the Free Software Foundation, suggest that the use of the word “Rights” is misleading and suggest that people instead use the term Digital Restrictions Management.^[2] The position put forth is that copyright holders are attempting to restrict use of copyrighted material in ways already granted by statutory or common law applying to copyright. Others, such as the Electronic Frontier Foundation consider some DRM schemes to be anti-competitive, citing the iTunes Store as an example.^[3]

Enterprise Digital Rights Management (E-DRM or ERM) refers to the use of DRM technology to control access to corporate documents (Word, PDF, TIFF, AutoCAD files, etc), rather than consumer playable media. The technology usually requires a Policy Server to authenticate users’ rights to access certain files. EDRM vendors include Microsoft, Adobe Systems, EMC Corporation/Authentica and several smaller companies. There are open source implementations as well. EDRM is generally intended to apply to trade secrets, which are much different from copyrighted material (though there is sometimes an overlap with material being both copyrighted and a trade secret — eg, software source code), and for whom the primary issue is industrial or corporate espionage or inadvertent release. In most jurisdictions, there is no notion of fair use of trade secrets as there is for copyrighted material. Trade secrecy confidentiality measures are less controversial than DRM applied to copyrighted material, which is commercially sold in many copies.

In simple words/example:

Suppose we have a router with a flasheable memory(let it be assumed wrt54g ) and it came with DRM with it. This would then not let us see the code that powers the router, check for flaws, and possibly flashing it with our own (improved) software.

It’ll also be shipped with anti-forge measures like content scrambling system i.e. cryptographic keys like the one’s incorporated with the proposed GPLv3 draft for one to really see the code.

Restrictions is also an added limiter to the DRM enforcement.

Other examples are(wikipedia):

• Digital imprimatur
• Inclusion of commercials on the “unskippable track” on DVDs reserved for the copyright notice;
• Using the DMCA to restrict access to items that do not qualify for copyright, such as garage door openers and printer ink cartridges;
• Adding restrictions on text-to-speech conversion in the EULA of e-books;
• BBC IMP trial for downloads of DRM-encrypted audio and video files; uses the Kontiki peer to peer file distribution system. Allows no user control of the background up and downloading, leading to considerable slowing of user PCs and potential exhaustion of allowed data transfers without warning due to the nature of peer to peer type operations, with only the option to shut down the user’s computer or disconnect from the Internet. BBC content is time-limited and will only play on the machine to which it was downloaded or an officially authenticated device participating in Microsoft’s DRM scheme.
• Sky’s ‘Sky By Broadband’ scheme also uses Kontiki with similar results.
• Using Copy Control schemes to thwart the existing statutory and common law exceptions to copyright holder control (such as fair use), as for instance in regional coding of media (such as in DVDs);
• The possibility of dominant DRM-inclusive recording and playback technology being used uncritically by users unaware of the dangers and consequences thereof, and potentially later locking them out of their own creations, as with SCMS in consumer-grade DAT equipment;
• Preventing academic publication and distribution of information relating to flaws in computer security in the absence of the permission of the creators of said technologies;
• Silencing individuals who have found serious flaws in software used in electronic voting.^[11]
• Restriction of medical records and personal financial information using DRM to protect consumer rights. Insurers, lawyers and loan companies have strongly objected to the use of these technologies to prevent patient, hospital and practitioner records being more freely accessible due to copy and forward restriction applied to patient or customer records.
• As of 2005, in American dental schools students are required to purchase textbooks on DVD. The DVDs are readable only on an authorized computer and only for a limited time, after which the DVD expires and the information in the “DVD book” becomes unreadable. Some of these books are not available on paper at all. The New York Association of Copyright Stakeholders have protested and documented this at http://fairuse.nylxs.com with the help of NYLXS.
• Stopping or making archival of the content, even allowed such like in libraries, hard or impossible to do due to practical and technical reasons – especially when considering that the content should still be accessible even if the publisher disappears (bankruptcies etc).
• TiVo 7.2 OS adds content access restrictions, blocks transfers, and auto-deletes some shows
• The 2005 Sony CD copy protection scandal
• Aesthetic objections to onscreen DRM threats interfering with relaxing and watching a movie.
• The Swedish Pirate Party wants to outlaw most forms of DRM.
• The legal inability to disable DRM restrictions, even if they “threaten critical infrastructure and potentially endanger lives” ^[12]
• Many DRM systems restrict playback to a single device and, to date, no provider has offered to renew this licence when the device is upgraded.
• Some WMDRM protected files will install spyware such as Zango when the user agrees to retrieve a license to play the file.^{[citation needed]}
• In Playstation 2 version of Ape Escape: Pumped & Primed, save game created in the memory card is copy-protected, and cannot be transferred to another memory card. This is the first known instance where a publisher has enforced DRM on private data, rather than just data copyrighted by publisher.
• The PlayStation 2 CD-ROM format games are protected and cannot be copied with normal copy software. Curiously, the DVD-ROM format games doesn’t have this type of protection.
• The Xbox 360 games has advanced security code which prevents copying of the games.
• The Museum of Just Not Getting It^[13] makes an attempt to tabulate the worst DRM-related decisions by media companies.

Conclusion:

I really don’t want the enforcement of DRM. It’ll only create monopoly with the previously written open source software or with the future products affected with it. With the advent of community creating and finding holes/exploits in the open source softwares and the “bayanihan” or contributions made by them to further enhance security will be lessened. If only money and copyright (who got the rights to a particular software/anything) are the factors driving DRM to enforcement, consider sugarcrm which creates an open source version and is powered by community but still releases the enterprise version for which they are earning from, also take a look at how MySQL, also Red Hat.

True to it’s nature it is driven by insecure companies who wants to monopolize their own business’ source of revenue. Who are insecure enough to have their own code be seen and scrutinized. Who are selfish enough to not let the people have the what they own.

Communism powers the open source community. It is then and therefore community who developed and creates codes/designs of our product. There are many companies who does have their own product copyrighted. Why then there is a need for DRM if they’ve got their copyright busted in the face of their products?

I rest my case, in my case it’s my palms.

yet another set of free software

http://www.econsultant.com/

Just when I thought I have fully loaded my arsenal of free software that i use here comes another link of free softwares. Enjoy~!

ipod for linux

I have this coming. Porting linux to iPod. But here we are now staring at the newest port know to linux community. iPodLinux. A port of linux to power an iPod Nano. Actually it’s dual booting with the default iPod firmware. Enjoy.

http://ipodlinux.org/forums/viewtopic.php?t=5281

restrict access to phpMyAdmin by authentication

Wondering how authentication/log-in form will be implemented in xampp? This edit in config.inc.php will handle the job.

The path for the configuration script is <your-xampp-installation-path>\phpMyAdmin\config.inc.php.

This line configures the authentication used by phpMyAdmin in accessing it:

$cfg['Servers'][$i]['auth_type'] = 'authentication method here'; // Authentication method (config, http or cookie based)?

Note:

If you replace the use authentication method here with:

config
- it will use the password and username from the configuration file. Remember the last tutorial? (read it here)

http
- will use the http authentication of Apache(secure/recommended settings)

cookie
- will use the database for username in authentication and will require browsers to allow cookie. (secure/recommended setting)

enabling phpMyAdmin once you change root password or permission or privileges on mysql database

This applies to xampp-1.5.3a:
(don’t know about other versions since I only have this one. It works also for xampplite)

Yes, after a fresh install of a xampp program you are welcomed with a xampp pseudo website which is located in <path of xampp installation>/htdocs/xampp/. Clicking security you are given some important points to secure your website. That includes changing the root password. But alas, after changing it you’ll not be given a chance to use the ever-friendly phpMyAdmin.

Find <path of xampp installation>/htdocs/xampp/phpmyadmin/config.inc.php

$cfg['Servers'][$i]['password'] = ”; // MySQL password

Change this so that it’ll reflect your current mysql password.

$cfg['Servers'][$i]['password'] = ‘your_password_here‘; // MySQL password

Don’t forget to save it aight?!

And if you read furthermore you can see that you can also restrict/assign a mysql user with just enough privilege to access the database. :)

apache 2 virtual directory the xampp approach

This tutorial is based on a solution to a problem encountered.

Operating environment: Windows XP

I always want to place my project on a separate directory under my documents for easy access. When I think of a solution I have come to this approach

• allow directory navigation since my sandbox(the folder/directory) I will use does not contain any php/html only folders
• create another pseudo domain for the sandbox for easy access

First I need to think of a directory to place my files/folders/directories d:\sandbox\ will be ideal since my documents are all in that directory.

All of my projects are placed on their particular folder under sandbox. I need to edit the following files:

httpd.conf
I have just copied this part to allow directory navigation. You don’t want this enabled in your enterprise application though.

<Directory “C:/x2/xampp/htdocs”>
#
# Possible values for the Options directive are “None”, “All”,
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that “MultiViews” must be named *explicitly* — “Options All”
# doesn’t give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks Includes ExecCGI
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be “All”, “None”, or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride All

#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all

</Directory>

Eliminated all of comments to simplify it and added the sandbox folder/directory. Note and a warning: also that use a forward slash rather than windows backslash to do this. Normal directory path in windows will be d:\sandbox.

<Directory “D:/sandbox”>

Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All

Order allow,deny
Allow from all

</Directory>

httpd-vhosts.conf
My http daemon or the apache program I’m using is listening on port 8080. Apache 2 has included this part in extras folder in the installation path. How to set up port in apache tutorial is in here.

<VirtualHost *:8080>
DocumentRoot D:/sandbox
ServerName sandbox
</VirtualHost>

hosts
The full path is C:\WINDOWS\system32\drivers\etc>hosts. You can see a tutorial on this one in here.

# have stripped off the comments

127.0.0.1 localhost
127.0.0.1 testground.com
127.0.0.1 sandbox.testground.com
127.0.0.1 sandbox

making your http daemon or apache listen on a particular port

In your Apache installation folder(it is called this way in windows. can’t do anything on it :D ), find the particular line. That is the default port http daemon is using.

When I have installed xampp 1.5.3a I have installed it in c:\x2\xampp directory. Apache configuration should be on <xampp install directory>\apache\conf in my case c:\x2\xampp\apache\conf

Listen 80

Just change the number 80 to whatever port you want.

# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
Listen 8080

Why would you want to do that.

• First I am using skype which in default is using port 80 for the call feature that it have.
• Second to get more acquainted with the Apache software ;D
• Third some security. Remember that any process that you can do to further deter an attacker can be helpful. It is somewhat security through obscurity.
• Etc.

free partition editor, hard disk tool, utilities

If using PC for regular typing and word processing and all work considered not too tedious, you probably don’t need this but this one should be on your list of arsenal.

Should look for Ultimate Boot CD it’s feature full. :)
http://www.thefreecountry.com/utilities/partitioneditors.shtml

top two php security practises

filter input
escape output

These two security patches has been devised by Chris Shiflett  and can be found here. Generally these are the basic security measures one can take to provide the most common attack a stop on php applications.