To be more precise, the security hole is with the network (AT&T network) IPhone uses. I noticed this problem while working on a Voice-enabled application using Asterisk and surprised to see that my voicemail is wideopen to public. Then later found out that this has been reported earlier by various folks (here and here) but seems like it is not fixed yet. So if you own an IPhone (or any other phone for that matter) with AT&T network, please keep  reading and I show you how to fix the problem yourself.

So what is the problem?

Others can listen to your voice mail, change your personal greeting and other settings.   AT&T voicemail identifies user based on incoming caller ID, so if callerID matches the phone # you are calling from, it assumes that you are calling yourself to check voice mail then it simply goes to voice mail (if you don’t have password set).

Am I protected or Not?

 Call yourself with your phone (by dialing 1 or dialing your number).  If you are prompted for a password, then you are fine.  If it takes your directly to  voice mail menu, then you are NOT secured. See how to set password below.

How to protect my voice mail?

Dial 1 to call Voicemail from your phone

Press * to get to the voicemail Main Menu

  • Press 4 for Personal Options
  • Press 2 for Administrative Options
  • Press 1 for Passwords
  • Press 2 to turn password on
  • Select any random 4– to 14–digit password

 

Why I am blogging this?

 I don’t know if new AT&T users may be forced to set password or not, but when I got my phone couple of years back and my voicemail was setup without password.  It ended up that most of my friends with IPhone also don’t have password setup for voicemail because simply they are not aware of the security hole.   With easy access to Open source PBX like Asterisk or spoofing calling cards, its not hard to exploit this security hole.  So if this blog helps people to realize how important is to set password, then my job is done.

Disclaimer

The opinions expressed in this blog post are my own and not of any company. The usual standard disclaimer applies, especially the fact that I am not liable for any damages caused by direct or  indirect use of the information.  I bear NO responsibility for content or misuse of this information or any derivatives thereof.  This post is NO WAY intended  to blame anyone, especially  AT&T.  They may have already posted about this issue somewhere on their website. 

Nice and easy tool tip

July 16, 2009

I found this snippet of code from somewhere on internet which is simple yet elegant.  Idea here is pretty simple:  hide tooltip originally using CSS display property and show it when mouse hover over it.

Usage :

<a class=’tooltip’ href=’#’>link text goes here <span> tool tip text goes here….</span></a>

CSS needed:

<style type=”text/css”>

a:hover {background:#ffffff; text-decoration:none;}
a.tooltip span {display:none; padding:2px 3px; margin-left:8px; width:130px;}
a.tooltip:hover span{display:inline; position:absolute; background:#ffffff; border:1px solid #cccccc; color:#6c6c6c;}

</style>

“If it is fast and ugly, they will use it and curse you; if it is slow, they will not use it.”- David Cheriton,  The Art of Computer Systems Performance Analysis (From http://www.kriskrause.com/2009/04/mysql-connector-net-mysqlbulkloader.html)

Weighing cost versus reliability is always a difficult choice in systems administration. (From http://www.linuxhomenetworking.com/wiki/index.php)

I have noticed that people who hate George Bush also hate internet explorer and Windows in general. You people are mentally ill, sorry to say. (From http://sql-info.de/en/mysql/gotchas.html#1_5 )

If you download any Pre-Janauray Design template from http://www.asp.net/mvc/gallery/default.aspx?supportsjs=true and trying to test with latest MVC  Release (after following ReadMe.txt),  chances of you getting an ugly error like below are real high.

Error

So how to make these template with new version? You can with very few changes to site.master page (This following example is for Bluebubbles template but this may work for most of the templates)

Views/Shared/Site.Master

Page Directives BeforeDirectives before changes

Page Directives After Changes

capture34

Head Section Before

capture4

Head Section After Changes

capture5

I was looking at Peter Bromberg’s post “Build a dynamic progress page” which is about creating a “Loading” page for time-taking asp.net webpages. The problem with Peter’s solution is if your destination page has more than one query string params, then it wont work. Another small problem is non-standard DOM access which wont work in non-IE browsers (it was written almost five years back so it might not a big concern at that time)

Here is the modified code to make it work with query string AND non-IE browsers.

The basic idea is having a transient ‘Loading’ page which loads the time-taking page in the background and in meantime show a nice animated progress bar. Lets name our middle page ‘loading.aspx’

loading.aspx

Header section has javascript code to show, hide progress bar while loading the destination page

    capture1

Body has nothing but visual element for progress bar. Note that we are calling Begin() on body load and End() on unload.

 

capture2 

loading.aspx.cs

In the code-behind, destinal URL is generated.

 

capture31 

Finally, to use this page to call a time-consuming page (say  longloadingpage.aspx) which takes ID1 and ID2 as query params  simply call

/loading.aspx?destPage=longloadingpage.aspx?ID1=123&ID2=345

Houston Techfest

January 21, 2009

For folks in houston area, remember that this weekend we have wonderful Techfest at University of Houston. Visit http://www.houstontechfest.com and register.  It features lot of exciting sessions in .NET, Java and Rails. And best of all its free.

See you there!

I wrote a similar blog post last year if you are interested on setting up a production server on Linux( BTW which made lot simpler by Passenger now and recommended way to do it). But there are some cases, we have to deploy to MS servers. In the following article lets us look at doing the same on a Windows 2008 Server (I think it works for windows XP or 2003 too).

If you are like me, you usually develop RoR applications on linux (I am talking about non-mac people, anyway…).  My setup is usually looks like this : XUbuntu + Netbeans  + Mysql/Sqlite3 + Apache + Phusion Passanger.  Assuming you got all your development done andi it’s called  “MyApp”.

On Windows 2008 Box

Step 1:  Install Ruby, gems and rails

Get Ruby 1.8.6 One-Click Installer (from http://www.ruby-lang.org/en/downloads/) and make sure to install gems.

Then installing rails is a breeze. Open a command line window and type

gem install rails –include-dependencies

Step 2: Install mongrel & mongrel_service

gem install mongrel
gem install mongrel_service

Step 3 : Install Apache and enable required modules

A. Get Latest msi version for windows (currently apache_2.2.10-win32-x86-no_ssl.msi) from http://httpd.apache.org/download.cgi

B. Install as a service.

C. Enable required modules by uncommenting these following line in httpd.conf file (which can be found at C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\

if you followed the default installation)

LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_http_module modules/mod_proxy_http.so

D. Start the server to makesure it starts and runs OK. If there is a problem with config file you would see an error.

Step 4 : Install database drivers

This really depends on your database. Remember that for sqlite3, if you are having trouble installing latest

drivers, try giving a version no as follows.

gem install –version 1.2.3 sqlite3-ruby

Step 5 : Create a skeleton rails application

I am assuming we are keeping our rails application in C:\railsapps\

So create the new rails application by changing to that directory and running

rails Myapp

The reason for creating a skeleton instead of just copying our application from Linux, is that the way some files are created on windows may not be same as linux.  So let it create a dummy app and test it to make sure, its able to pullup the welcome page.

Step 6 : Copy your application Files over to windows

The directories usually copy are

app/      all directories below
public/   any static files you created,  directories  stylesheets, javascripts and images.
config/   routes.rb, database.yml
db/        schema.rb

(Again, this is highly dependent on your application. May be you didn’t have any custom javascripts or stylesheets in that case you could skip public/ folder all together)

Step 7:  Load Database Schema into production db

rake db:schema:load RAILS_ENV=production

Step 8 : Create Multiple Mongrel Server Instances and start them as automatic

I am creating 3 instances here

mongrel_rails service::install -N mongrel_Myapp1 -p 3001 -e production -c c:\railsapps\Myapp
mongrel_rails service::install -N mongrel_Myapp2 -p 3002 -e production -c c:\railsapps\Myapp
mongrel_rails service::install -N mongrel_Myapp3 -p 3003 -e production -c c:\railsapps\Myapp

which creates three services (you could see them Start>>Administrative Tools >> Services Panel). By default the services are created as  “Startup Type — Manual”. Set that to “Automatic” so that they will start back again if you reboot the server.

Step 9: Setup Apache

In the apache’s httpd.conf file make sure to have these following lines

# Virtual hosts
Include conf/extra/httpd-vhosts.conf

Then make your  conf/extra/httpd-vhosts.conf  File look like this

#——- Start of http-vhosts.conf file ———————————–

NameVirtualHost *:80
#Proxy balancer section (create one for each ruby app cluster)
<Proxy balancer://Myapp_cluster>
BalancerMember http://127.0.0.1:3001
BalancerMember http://127.0.0.1:3002
BalancerMember http://127.0.0.1:3003
</Proxy>
<VirtualHost *:80>
DocumentRoot “C:/railsapps/Myapp/public”
ErrorLog “logs/Myapp-error.log”
CustomLog “logs/Myapp-access.log” common
<Directory C:/railsapps/Myapp/public/ >
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
RewriteEngine On
# Rewrite index to check for static files
RewriteRule ^/$ /index.html [QSA]
# Rewrite to check for Rails cached pages
RewriteRule ^([^.]+)$ $1.html [QSA]
# Redirect all non-static requests to cluster
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule ^/(.*)$ balancer://Myapp_cluster%{REQUEST_URI} [P,QSA,L]
</VirtualHost>
#——- End of http-vhosts.conf file ———————————–

If you ever used apache’s mod_rewrite module then you dont need any explanation. If you don’t, then breif explanation wont make much sense to you either….

Becareful with name of Proxy balancer and make sure to use exact name in last RewriteRule (in the above case its Myapp_cluster), then you should be fine.

Step 10 :  Start the mongrel services and Restart Apache.

Now when you go to http://localhost/  you should be sent to one of the 3 servers of balancer and see the application.  If you see broken images or ugly layout, then it means you didnt copy my “http-vhosts.conf” file properly!  Have a careful look at <Directory> directive again. You would know.

Happy programming and happy holidays.  Ciao.

p.s.  If you want to run multiple rails applications on same server like MyApp1, MyApp2…., have a look at rails.conf I used in “Fedora production setup“. By adding another balancer and modifing RewriteRules littlebit, its not that tough.