Author Archives: Loune

Pocket PC/Windows Mobile 2003 and new daylight savings

Leave a Reply

If you are living in an area which just had daylight saving changes (i.e. Australia), you may find that your Windows Mobile need updating to the new DST rules. Microsoft only seems to provide patches for WM 2005 and up, so unfortunately for those with 2003, you’re left with a confused clock which can’t properly tell when DST begins and ends. Me being an owner of one of these, I scoured the net looking for a way to manually correct this. If you are on normal Windows, there is a utility called tzedit.exe which allows you add change timezone and DST rules. However, it doesn’t look like it exists for the PPC.

In Windows, timezones are stored in the registry and sure enough, same applies to PPC, except it is in a different format. The default registry doesn’t store any timezones and it only reads the registry for overrides. The registry key in which the timezone overrides reside is HKLM\SOFTWARE\Microsoft\Timezones, under that you have put each timezones as a separate key named with a timezone id. Timezone ids are cryptic. 255 corresponds to Sydney for example. A full list is avaliable on the page. Creating a new registry key 255 (or another time zone number) and setting the TZI binary variable to the same value as TZI on a desktop Windows (with correct rules) should allow your PPC to understand the new time zone daylight saving rules.

A radical vision for Thunderbird

Leave a Reply

After hearing about the recent plans of Mozilla Co. spinning off Thunderbird into a new organisation, I can’t help but add my 2c. I see an opportunity for radical change in the direction of Thunderbird. I’ve personally used Thunderbird since the 1.0 days and it’s been an invaluable tool to manage of my email. However, there in lies the problem. With more and more people using online email these days, the role of Thunderbird is diminishing. If we step back and look at the fundamental problem which Thunderbird, which email, solves – It’s the communication between users. We now have many more forms of communication and interaction between users. More and more email is taking a backstage to more contemporary mediums such as IM and even social networking sites like MySpace and Facebook. So why are we still looking at email? There seems to be a general consensus that Thunderbird should grow into a PIM/Email client. A email/personal organiser is good, but why would you want to create something that’s already available? We shouldn’t be chasing the tail lights of Outlook and Evolution.

What I’m suggesting here I guess is to rethink Thinderbird – lose the focus on mail, in favour of more interesting communication mediums like IM, Facebook and MySpace. With the launch of OpenSocial from Google, connecting to social networks should be made much more easily. Thunderbird can utilise these APIs to bring users of social networks what it brought to email users in the past. There is a growing user base of social networks and it’s only getting larger. With many users part of several networks, managing their identities across these networks can become a painful and time-consuming. An application that manages multiple networks, a social network aggregator if you will, is something that we be desired of from these users. Thunderbird can handle multiple email accounts and it doesn’t take much to see that a natural evolution would be handling multiple social network accounts.

The new functionality, like managing social networks can’t be tacked on like an extra arm to the email functionality. There has to be a rethink from ground up. Right now the interface of Thunderbird is that of traditional email clients. You have accounts and folders and emails. This legacy model will be hard and awkward to reconcile with newer social networking models. Classification of messages/emails are no longer done with folders but with tags that allow them to he connected to multiple categories. Instead of the ‘address book’ you now have ‘friends’ and you certainly want to tag them.

Whether this new application, be it Thunderbird or a something brand new, there exists an opportunity to fill an enormous and growing void. Thunderbird is at crossroads and if there is a better time for a new direction, it would be now. In the post, I’ve mainly talked about one facet, which is social networking, but there are many other facets (IM/VoIP/Cal?) I believe should be part of the broader Thunderbird strategy. Aggregating all the different types of communication is surely a role that fits a next generation Thunderbird. This idea is not new and some members of the community share similar views.

Remember, as the /. meme goes, in Korea, only old people use email.

Simple lightweight NTLM in PHP

63 Replies

Many months ago I made a PHP script that could read NTLM authentication information from your browser. What’s NTLM? Basically, if you’re using Microsoft Windows, your browser can automatically send your windows login information to a website (if you agree to it). This means that without needing to enter additional username or passwords, you can be authenticated at the website you’re visiting. This is quite convenient especially for company intranets. NTLM should work with all major browsers (Internet Explorer, Firefox and Opera).

The PHP code I wrote is simple and can be inserted into the top of any PHP script. The key output is $user $domain $workstation, which is the information advertised by the user. Be warned though, the script does NOT authenticate the user and merely assumes that the user is who they say they are. This is akin to a user entering only a username with no password required. I plan to add password/hash verification possibly in conjuction with samba in the future.

A limitation is that the PHP script relies on apache_request_headers() which is only available if you run PHP as a apache module. (Update 2010, newer code doesn’t have this issue)

[php]
<?php

// loune 25/3/2006, updated 22/08/2009
// For more information see:
// http://siphon9.net/loune/2007/10/simple-lightweight-ntlm-in-php/
//
// This script is obsolete, you should see
// http://siphon9.net/loune/2009/09/ntlm-authentication-in-php-now-with-ntlmv2-hash-checking/
//

// NTLM specs http://davenport.sourceforge.net/ntlm.html

$headers = apache_request_headers();

if (!isset($headers[‘Authorization’])){
header(‘HTTP/1.1 401 Unauthorized’);
header(‘WWW-Authenticate: NTLM’);
exit;
}

$auth = $headers[‘Authorization’];

if (substr($auth,0,5) == ‘NTLM ‘) {
$msg = base64_decode(substr($auth, 5));
if (substr($msg, 0, 8) != "NTLMSSP\x00")
die(‘error header not recognised’);

if ($msg[8] == "\x01") {
$msg2 = "NTLMSSP\x00\x02\x00\x00\x00".
"\x00\x00\x00\x00". // target name len/alloc
"\x00\x00\x00\x00". // target name offset
"\x01\x02\x81\x00". // flags
"\x00\x00\x00\x00\x00\x00\x00\x00". // challenge
"\x00\x00\x00\x00\x00\x00\x00\x00". // context
"\x00\x00\x00\x00\x00\x00\x00\x00"; // target info len/alloc/offset

header(‘HTTP/1.1 401 Unauthorized’);
header(‘WWW-Authenticate: NTLM ‘.trim(base64_encode($msg2)));
exit;
}
else if ($msg[8] == "\x03") {
function get_msg_str($msg, $start, $unicode = true) {
$len = (ord($msg[$start+1]) * 256) + ord($msg[$start]);
$off = (ord($msg[$start+5]) * 256) + ord($msg[$start+4]);
if ($unicode)
return str_replace("\0", ”, substr($msg, $off, $len));
else
return substr($msg, $off, $len);
}
$user = get_msg_str($msg, 36);
$domain = get_msg_str($msg, 28);
$workstation = get_msg_str($msg, 44);

print "You are $user from $domain/$workstation";
}
}

?>
[/php]

If you try the script in Firefox (on windows), you will notice that you get prompted for a username and password when encountering an NTLM challenge. This is because sending your windows credentials to any unscrupulous website poses a real security risk. To make it automatically use your windows credentials for sites you trust, you can add the website to a whitelist.

The whitelist is located at Firefox’s about:config (type that into the address bar), which allows the editing of all of the browser’s preferences. Find the preference entry network.automatic-ntlm-auth.trusted-uris, double click on it and type the hostname of the site (ie http://www.abc.com) that you want in your whitelist. Multiple entries are seperated by commas. After doing that, Firefox should send your windows creds automatically.

Update 20/09/2009. The above script is outdated, anyone wishing to use NTLM should see the new post: Part 2 – Now with hash checking

The longest and shortest days of the year

Leave a Reply

You would think everyday of the year has twenty-four hours right? That’s what I thought while writing a typical function to calculate the time difference between two dates. As I found out, especially in this time of year, this is a horribly flawed assumption. In a lot of timezones, one day of the year has 23 hours while another day has 25 hours. Some of you might have gathered by now that I’m talking about Daylight Saving Time. The marvellous invention, epitome of temporal manipulation that makes it so that this Sunday, there would be only be one hour between 1AM and 3AM. In summary, 3-1 = 1. Those of you on northern hemisphere will find that you will experience 2AM twice.

Once upon a time, I used to a backup cron job that runs on 2AM. 2AM seems to be a nice time as everyone is asleep so that the server could use the spare processing power for the menial task. In one day of the year it ran twice. In one day of the year it never ran. Now all my backups run at 4AM.

As a programmer, I hate DST.

Multiple Cookie Containers for Firefox

5 Replies

A few weeks ago I began work on modifying the cookie system on Firefox to support multiple “containers”. Multiple Containers enables users to log in to many websites as multiple users on the same Firefox session. It is very useful for web developers who require this functionality to test their user account systems. Another use is for people who have multiple web mail accounts with the same provider that they want simultaneously logged on to. This is an oft-requested feature that Internet Explorer partially supports. (See bug #117222)

I’m happy to say that this is now ready for testing. Below is a working build for Windows. It is based on the latest Trunk plus the cookie patch and extension. Unfortunately for Mac and Linux users that wish to try the patch, they will have to manually compile Firefox with the patch below.

Continue reading

Mozilla in Scary Movie 3?

Leave a Reply

A couple of weeks ago, I went to the theatres with a couple of friends and we incidentally went and watched Scary Movie 3. The movie was mediocre, a few laughs here and there, but what surprised me was that I found traces of Mozilla in it!

I then took the time of compiling this page.

Laptop looks like it’s running Mozilla (Seamonkey), from the layout of the toolbar icons. (was clearer on the big screen :p)

The protagonist using Firebird, identified by the Qute theme icons and layout on what looks like a fusion of redhat’s bluecurve (window frames) and Mac OS X
(menu bar)?

The protagonist forgot to turn on popup-blocking: This was the unfortunate result…

Curious red dino in cody’s room… coincidence?

I might have missed some instances. If so, please tell me.