Monday, 25 October 2010

Auto Start Hulu and VPN from Windows 7 Media Center

The info below will give you the necessary information to add a button to Media Center to start Hulu, but do some other nice stuff along the way (like start a VPN and change the power scheme)

I run Windows 7 Media Center on my primary TV & enjoy using it to watch Hulu, but unfortunately every time I want to start Hulu I've got to reach for the keyboard because I'll typically want to run a VPN connection first, so I created a short batch file to perform the necessary tasks for me. My batch file looks like this:

taskkill /IM "ehshell.exe"
ping -n 20 -w 1000 > nul
powercfg -s 90729505-f061-4a2d-9304-adb0f3b267ab
rasdial "StrongVPN" username password
start /WAIT %LOCALAPPDATA%\HuluDesktop\instances\\HuluDesktop.exe
rasdial "StrongVPN" /disconnect
powercfg -s 381b4222-f694-41f0-9685-ff5bb260df2e
start C:\Windows\ehome\ehshell.exe

Stepping through the file, this is whats happening:

taskkill /IM "ehshell.exe"
This juts kills Windows 7 Media Center - I don't want it to run in the background or else it will steal focus.

ping -n 20 -w 1000 > nul
This pauses for 20 seconds (maybe there is a better way to add a wait command to a batch file, but this works) while Media Center shuts down.

powercfg -s 90729505-f061-4a2d-9304-adb0f3b267ab
This changes my power saving settings so that my screen doesn't turn off while I'm using Hulu (usually it will turn off after 15 minutes and Hulu doesn't stop it from doing so). To get the guids for your power saving settings for your computer use "powercfg -l" - create a new power saving profile that doesn't turn off the screen or computer first.

rasdial "VPN" username password
This starts the VPN connection.

start /WAIT %LOCALAPPDATA%\HuluDesktop\instances\\HuluDesktop.exe
This starts Hulu - I have to use the .exe in the instance folder rather than the one in the HuluDesktop folder as all the one in the HuluDesktop folder does is run the one in the instance folder (and then the start /wait part of the command doesn't wait properly). I think I will have to update this location in the batch file whenever Hulu updates. The "start /wait" part of the command means the batch file doesn't continue until Hulu closes.

rasdial "VPN" /disconnect
Disconnects the VPN.
powercfg -s 381b4222-f694-41f0-9685-ff5bb260df2e
Returns the power saving settings to my normal power setting.

start C:\Windows\ehome\ehshell.exe
Start Media Center again now that it's all finished!

All I did then was store that file somewhere and create a shortcut to it in the C:\Users\MY USERNAME\AppData\Roaming\Media Center Programs folder. A crude looking shortcut now appears in the Media Center's Extras folder!

Thursday, 19 August 2010

You think you'd get something for $43b

You'd think if you spent $43,000,000,000 on something you'd actually get something from your money, even if the project delivery wasn't really spot on - but ironically, the $43b the Australian Labour Government is proposing to spend on Australia's Internet will leave all Australian's with lower speed broadband with higher monthly costs.

Don't get me wrong - just like everyone else, I want the fastest Internet I can get & I know that the best way for me to get that is to have a piece of dedicated fiber running into my home serving me, in Stephen Conroy's words, data at the speed of light "and you can't get faster than that".

Two things could happen with NBN: (a) it is fabulously successful, is delivered under budget and achieves everything it sets out to achieve and (b) it stuffs around for several years, provides lightning-fast Internet to a few pockets of people (particularly in the second quarter of 2010 and a similar timeframe in 2013), but eventually dies in a burning heap of flames and is bought up by Telstra for far less than the $50b+ that was spent on it.

I really hope (b) happens and not (a).

You see if (a) happens then it means:
  • The Government will have paid Telstra $11,000,000,000 to switch off the copper network that practically all Australian's are currently using to access the Internet (yes, even if you're not with Telstra as your ISP) and make their home phone calls. Yes, this network that is serving 20Mbps+ Internet to many Australians, or around 2-5Mbps to a vast majority of Australians, meeting their needs quite adequately, will be turned off. We will not wring every last bit out of this network, we will not transition off of it through a gradual rollout of new technologies - instead we'll pay Telstra, a public company, $11 billion dollars to just turn it off!
  • You will have NBN fiber connected to your house. The Government will have legislated to require you to allow them to enter and install it. You see, they can't afford to roll it out according to demand - instead, they'll need to install it in each and every house as they make their way down your street, they can't come back and do your house next month or next year, it's too expensive to do that.
  • You'll be paying about $100/month for your Internet access, which you'll get from someone like iiNet or Internode. The price will be so high because they're paying NBN Co not much less than that for the wholesale service. This will be the base service available.
  • You won't be able to get Internet from anyone other than NBN Co because the copper network you used to get your modest Internet from will have been shut down.
  • Pensioners and other welfare recipients will get a subsidy as otherwise they won't be able to afford to have the Internet which is, of course, a basic entitlement just like electricity or a phone line.
  • You'll be stuck with this model for a long, long, long time. With a Government owned Monopoly delivering your Internet, any competitor who actually tries to innovate and deliver new, cost-effective services in medium and high-density city and suburban areas will be actively discouraged by the Government - after all, a return is required on those Infrastructure Bonds that were issued to pay for half of it! NO NEW SERVICES WILL BE ABLE TO COMPETE.
  • NEW SERVICES WILL COMPETE. Inevitably, new services will compete in this uncompetitive market. They will be wireless, they won't make use of fiber, as there's not enough subscribers left to warrant rolling it out, and they won't be on copper as they aren't allowed to use that, even though it's still in the ground. The wireless will be faster than we have now, not as fast as the NBN network, but it will be sufficient. Most importantly, this new, cost effective Internet will be WELL BELOW THE CURVE - much slower than users in other countries get on their commercially-delivered & demand-driven fiber networks & much slower than we could have had under a similar model. USERS IN REGIONAL AREAS WILL HAVE NO OPTIONS - just like in the days of Telecom, they'll get the expensive Government service.
Of course, eventually the NBN mess will be mopped up. The Liberal party will be running the country, they'll blame it on Labour, sell the NBN off to Telstra and we'll start building our real Internet.

So I guess we'll get the mess of (b) after all... I just wish we could have had it sooner.

Monday, 14 June 2010

Why paywalls makes free news better

Almost a year ago Rupert Murdoch started talking about how News Limited would start charging for news content online. It's interesting that he started doing this, not in a time of record profits for News Limited, but at a time when they were suffering record losses - this is the first hint that his idea may not be a good strategy, i.e. that it didn't come out of some noble concept of how to make news better, but rather out of a desperation in trying to turn a buck.

But the trouble with Murdoch's idea of paid news is that in simply setting up your business model, you help your competitors.

You see, at the moment, there are lots of free news services - and they're all competing for advertising dollars, which comes from eyeballs on websites. If Murdoch puts his quality content behind a paywall then that means more eyeballs for his competitors, who will then be able to offer better quality news.

Traditional media is struggling to turn a dollar in the online world, yet strangely enough new media companies seem to be quite comfortable with their online ventures - maybe the problem is not with the ability to turn a dollar in online news, but simply the expectations and preconceptions from old media moguls as to how online works.

Wednesday, 9 June 2010

Dropbox Security Problem - Data Leakage

Dropbox has an issue with the way it handles link sharing that could potentially lead to data leakage.

The problem is fourfold:
  • Files outside of the Public folder can be shared
  • Shared files leak data about the file structure
  • Deleting and replacing the shared file with another allows the new file to be leaked
  • Shared files can’t be revoked

This security problem is demonstrated below.

First of all I start by creating a file called ‘PrivateFiles’ in the ‘My Dropbox’ folder. I’m going to use this to store my most private of data.

Inside that folder I’ll store ‘MyPrivateFile.txt’:
As you can see, it has some very personal data in it:

I’ve got to use my iPad for the next step, because the PC or Mac client won’t let me share a file from anything other than the Public folder (in fact I’m not sure if allowing sharing from other than the Public folder on the iPad is an oversight or not – regardless, this is the first security concern – the sharing of files from outside of the Public folder on the iPad when other clients won’t let you).

So when I look at my iPad I see the PrivateFiles folder:

And inside that I can see MyPrivateFile.txt, including the correct contents of that file:

Next, I’ll share the file by emailing a link of it:

The link that is sent is actually a short link – in this case, which redirects to

This demonstrates the next data leakage problem – i.e. that I can see the path ‘PrivateFiles’ – I didn’t choose to share this, I only chose to share the file – this path may not be something you wish to reveal.'

The major problem happens for me after I create new file in the same directory, in this case ‘AnotherFile.txt’…

Then delete the original file…

And now rename the second file to have the same name as the original.

Note that copying a replacement file into the directory will also work, all that matters is there be a file there with the same name as the original. Now when I open the file using the link I was emailed before I get:

I get the replacement file!! Is that what anyone expects to happen? I guess I did share a link to the file, not a copy of the file, but it still doesn’t feel right – it’s not the original file!!

What makes this problem worse is that Dropbox won’t allow me to revoke shared links. That means that I’ve now published a permanent copy of whatever file ends up sitting in that folder with that name. What if it is something like resume.doc where I don’t want people to see me editing the file? Or what if it is Whatever it is – it is now permanently out there, permanently shared for anyone to access – no dropbox account required to access it!

Anyone want to try running through filename combinations for that domain? You don’t need to have had it shared with you as no authentication is required, you just need to hit the right URL!

Friday, 28 May 2010

Australian Internet Filtering - what we should be doing

There's so much spin and mis-information about the Internet Filtering debate in Australia, and unfortunately many of those debating the current issues don't understand what is being proposed and why it won't work.

Unfortunately one-size never fits all and even more so when it comes to Internet Filtering. The Internet presents us with many content and law-enforcement challenges, that require different solutions to solve - this is a fact that seems to escape the current Australian Government, with Stephen Conroy and Kevin Rudd wanting to plow ahead with a single, mandatory, ISP-based Internet filter.

What I've identified below are the problems that (some people think) we need to solve, why the currently proposed Conroy solution won't work, and what will work.


Why Conroy’s Solution Won’t Work

What Will Work

Children accidentally finding inappropriate content (porn)

Only the worst-of-the-worst pornography sites will be blocked by the filter

PC-based filtering. Government should pay the ISP $x per month, per client that has it installed – let the ISPs profit from it & it will get rolled out

Children deliberately finding inappropriate content (porn)

See above – under Conroy’s solution, children will still be able to browse porn sites

Voluntary ISP-based filtering that all ISPs must offer to their users. Funded by the Government, parents will be able to opt-in at no cost. Note: A determined, Internet-savy child, will still be able to bypass this, so an education campaign (for parents) is vital as well.

Child pornographers accessing child pornography

Child pornographers don’t visit normal websites to access and share material; they get it from peer-to-peer networks, private networks, or hacked websites. This material will not be able to be found or blocked by the Conroy filter.

Law enforcement. Undercover agents. Raids in the middle of the night. People smashing down doors.

People accessing refused-classification (RC) material

First of all – it isn’t illegal to create or to view RC material, you’ll only get in trouble from distributing it. But this material will only get classified as RC once its submitted to the classification board. The classification board doesn’t have enough reviewers to review the entire, dynamically changing Internet.

But the stuff they review and classify as RC will be blocked.

But bypassing the block will be as easy as buying a $50/year VPN connection to the United States, or visiting an anonymising site before you look at the RC material.

Nothing will work will well. The Conroy filter will be able to block RC material, but then all the provider of that material needs to do is change the content to to and the entire 3-month review cycle with the classification board will start again.

Of course, in the real world, RC material continues to get distributed anyway from friend-friend (i.e. peer-to-peer)

So my 3-step plan for cleaning-up the Internet in Australia is:

1. Net Alert: Continue to provide filtering software for people’s PCs. The Government pays the ISP enough to allow the ISP to make a profit & the ISP will then be incentivized to make people know about it.

2. Government funded ISP filters: ISPs will be required to implement them, but users can opt-in or opt-out to particular content.

3. Law enforcement: We’ll always need the police to bash down bad guy's doors

Friday, 21 May 2010

Auscert 2010 IBM USB Key Malware email message headers

Microsoft Mail Internet Headers Version 2.0
Received: from xxxxx ([xxxxx]) by xxxxx with Microsoft SMTPSVC(6.0.3790.4675);
Fri, 21 May 2010 16:31:28 +1000
Received: from xxxxx ([xxxxx]) by xxxxx with Microsoft SMTPSVC(6.0.3790.4675);
Fri, 21 May 2010 16:31:15 +1000
Received: from xxxxx (xxxxx [xxxxx])
by xxxxx (Postfix) with ESMTP id 9858F2120B2
for ; Fri, 21 May 2010 16:31:32 +1000 (EST)
Received: from ([])
by xxxxx with ESMTP; 21 May 2010 16:31:11 +1000
Received: from ( by
( with Microsoft SMTP Server (TLS) id 14.0.694.0; Fri, 21 May
2010 16:31:04 +1000
Received: from ([fe80::755b:17ce:21aa:a1e7]) by ([fe80::755b:17ce:21aa:a1e7%14]) with mapi; Fri, 21 May
2010 16:31:56 +1000
From: AusCERT
Subject: AusCERT Important Information - Malware on IBM USB
Thread-Topic: AusCERT Important Information - Malware on IBM USB
Thread-Index: Acr4rxjUKocJyYVwR1+gPZTcHpAWOg==
Importance: high
X-Priority: 1
Date: Fri, 21 May 2010 06:30:25 +0000
Accept-Language: en-AU, en-US
Content-Language: en-US
Content-Type: multipart/alternative;
MIME-Version: 1.0
X-OriginalArrivalTime: 21 May 2010 06:31:15.0495 (UTC) FILETIME=[36BF4370:01CAF8AF]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


Auscert 2010 IBM USB Key Malware letter

Dear AusCERT Delegate

At the AusCERT conference this week, you may have collected a complimentary USB key from the IBM booth. Unfortunately we have discovered that some of these USB keys contained malware and we suspect that all USB keys may be affected.

The malware is detected by the majority of current Anti Virus products [as at 20/05/2010] and been known since 2008.

The malware is known by a number of names and is contained in the setup.exe and autorun.ini files. It is spread when the infected USB device is inserted into a Microsoft Windows workstation or server whereby the setup.exe and autorun.ini files run automatically.

Please do not use the USB key, and we ask that you return it to IBM at Reply Paid 120, PO Box 400, West Pennant Hills 2120.

If you have inserted the USB device into your Microsoft Windows machine, we suggest that you contact your IT administrator for assessment, remediation and removal, or you may want to take the precaution of performing the steps below.

Steps to remove the malware:

1. Turn off System Restore

[StartProgramsAccessoriesSystem toolsSystem Restore]

Turning off System Restore will enable your anti virus software to clean the virus from both your current system and any restore points that may have become infected.

2. Update your antivirus tool with the latest antivirus definitions

[available from your anti virus vendor of choice].

3. Perform a full system scan with your AV tool to confirm the existence of the infection. If malware is detected allow your AV to complete a clean.

4. On completion of this process, complete a second scan using a different anti virus product. Free anti virus products are available from known companies such as AVG, Avira, Panda Software, or Trend Micro.

5. Once a second scan has been performed and it is determined that your workstation is free of any known malware, as a precautionary measure we recommended that you perform a back up of all vital files on your workstation and perform a full re-installation of the operating system. This process will remove the risk of other unknown or undetected malware that may be present on your machine.

If you experience difficulties with the above steps, please contact the IBM Security Operations Team at An IBM technical support person will contact you by phone to assist you.

We regret any inconvenience that may have been caused.

Glenn Wightwick

Chief Technologist

IBM Australia

Recent Geocaching Logs

Stuff I"ve read lately