Sunday, April 26, 2009
WebDAV, problems all around
It seems almost incomprehensible how many problems emerge with simple WebDAV file hosting. While apache DAV server, and clients built-in into both Windows Shell and GNOME have been available fr many years, I still can't make it to work properly.
Here is a brief list of problems:
Apache 2 Server. Its problem is that it is bit difficult to make server work with both "resular" and SSL modes. This typically emerges as failure to "copy", "move" or "rename" file in non-SSL mode, while everything else seems to work.
Good explanation is available here:
The main issue was that the production system runs on https and there was a reverse proxy setup for this system. So, all the "https" requests were converted to "http" at this proxy level and forwarded to the main system. This was the main culprit.
Here is an example of HTTP request for the MOVE resource request for a WebDAV resource. For brevity I removed all unnecessary details.
MOVE contentLocation //request line, some https location, URI of webDAV resource
Destination:destinationLocation // this is the HTTP request header, should be absolute URI according to specifications.
Overwrite: "F" // this is also a HTTP request header
So, when the reverse proxy sees the request line, it knows that it has to convert this to HTTP request but the header Destination also contains an HTTPS request which would be ignored by the proxy. So, when the request reached the server, we are moving the resource from an URI which begins with a http to a URI which begins with an https. Server treats this request as a request to move a WebDAV resource from one server location to another server location.(Refer RFC: http://greenbytes.de/tech/webdav/rfc2518.html#METHOD_MOVE). This was the source of the main problem.
Linux/GNOME GVFS driver: Seems to work most of the time,but
- Fails to handle paths with user name "davs://firstname.lastname@example.org/path". "Top listing" is shown correctly, but an attempt to change directory fails. Reason unknown;
- When using drag-and-drop, or "cut/paste" interface, it attempts to "copy" file and then "delete" the original. I could not find any way to invoke "MOVE" command.
Windows (old driver). This is "old" Windows-2000 implementation, which identifies itself as "Microsoft Data Access Internet Publishing Provider DAV". This seems almost the most reliable implementation, and it worked for me for a while, but now it shows directory "Temp" as "temp" (all other directories similarly named are OK), and obviously fails to chdir to it. Reason unknown.
Windows (new driver, XP and newer). Identifies itself as "Microsoft-WebDAV-MiniRedir/5.2.3790". Apparently only intended to work with Microsoft IIS, not compatible with Apache. This pages gives a consice overview:
For implementation of WebDAV on Windows XP and later , MSFT made it's own interpretation of the standard to work best with the Windows IIS servers. The problem due to this is three fold:
- Windows XP authenticates users using the format "domain\username" by the mechanism of "Microsoft-WebDAV-MiniRedir/5.1.2600". Whereas Windows 98SE/2000 authenticates users as "username" using the mechanism of "Microsoft Data Access Internet Publishing Provider DAV 1.1".
- The problem lies with the implementation of "Microsoft-WebDAV-MiniRedir/5.1.2600". If authentication is sent as "domain\username" then it would be received as "usernamedomain" or "usernamehostname" by the Web server and not as "username".
- Also as per "Microsoft Knowledge Base, Article ID: 841215" Windows XP disables "Basic Auth" in its "Microsoft-WebDAV-MiniRedir/5.1.2600" mechanism by default for security reasons. But WebDAV expects "Basic Auth".
There are hundreds pages how to trick it to invoke "old" implementation, including some on the same page mentioned above; there is also a separate discussion regarding Windows Vista, where "old" implementation has to be separately installed. Windows 7 status is unknown.
- SkunkDAV Java-based client is simple and reliable, but unfortunately I could not make it support SSL-based access;
- Cadaver is CLI-based tool. It seems to work fine.
Update (12-May-09). "Official" subversion book has a list of DAV clients. Among some known clients, some of them mentioned above, there is another Jaba-based client "DAV Explorer", it has been last updated in 2005 and looks a bit better than SkunkDAV, though I can't say there is a big difference.
Also, its help file says that in order to enable SSL in Java one has to run Java with -Dssl=true, and only from version 1.4 on; for earlier versions, one has to download special Java Secure Socket Extensions. It is likely with if run with these options, SkunkDAV will work ok with SSL DAV.
Wednesday, April 15, 2009
iPhone: jailbreaking and unlocking
OK, since it seems everyone will have to do that sooner or later, I am going to describe here brifly my understanding of the process and what specifically I did to "jailbreak" and "unlock" my phone; whether or not it is applicable to anyone else's situation I cannot say.
First, let's clarify some terminology.
Jailbreaking is the process of "freeing" iPhone from (artificial) restrictions imposed by Apple, in terms of which software it is allowed to run. "Freed", or "Jailbroken" iPhone becomes similar to any other WiFi device, completely open to any changes, run under special version of MacOS. Jailbreaking can be applied to any device working under "iPhone OS", such as (currently) iPhone 2G (older), iPhone 3G (newer), or iPod Touch (any of them).
Unlocking is, generally speaking, a process of making a cellular phone work with any SIM card, as opposed to being "locked" to a particular carrier. Speaking of Apple devices, "unlocking" can apply to (any) iPhone, but not iPod Touch which is not a phone.
These two notions are totally independent.
- There could be phones unlocked but not jailbroken. For examples, Apple cells such phones (officially) either for a premium, or because in certain foreign countries "locking" is illegal, or perhaps for some other practical reasons;
- Apple never officially sells "jailbroken" phones; process of "jailbreaking", while probably legal, is 100% unofficial, can void any warranty you might have, could damage the phone (though this never happened to anyone) and must always be carried at your own risk;
- There could be phones jailbroken but still locked. Someone might do that to be able to install some "unauthorized" software, while still using "official" authorized carrier under "official" plan, so there would not be any need for him to "unlock" the phone;
- To unlock the phone by your own, you must jailbreak it first. At least, I havn't heard of any other way;
- Reportedly, Apple's iTunes allows you to "restore" iPhone/iPod Touch to the "factory" condition no matter what you did to it, so in principle playing with jailbreaking and unlocking should be safe.
Another common source of confusion is when one needs to unlock the phone. Can I buy a phone from an online auction site or from a friend and still used it completely officially, without unlocking, if, let's say, I am already a Cingular customer?
The answer is, "it depends". For "newer" iPhone 3G, you probably can, though you might be forced to subscribe to additional services from AT&T like unlimited 3G internet, even if you don't want it.
For "older" iPhone's, this is a lot more involved. The reason is, Apple originally used a strange marketing maneuver when you were first buying a phone for $399 from any retailer or Internet, and then during activation were forced to subscribe to 2-year contract + additional services - or "unlock" it and use it any way you want. Later, with iPhone 3G Apple switched to more "standard" strategy when in order to buy iPhone you already had to subscribe (and commit), and thus any (new) iPhone no mаtter where from is considered "paid for".
Not so for iPhone 2, where AT&T has no obvious way of knowing if this specific phone has already been "paid for" by completing 2-year subscription or not, and obviously assumes the latter, forcing you to "commit", again. Reportedly, if you can bring a person from whom you got the phone and he could demonstrate that the phone has been fully paid for, AT&T representative might remove this commitment. But initially, you will need it anyway just to get behind iTunes "new service" page - there is no way around it. You can read some rather interesting discussion of the subject here.
OK, now going back to jailbreaking and unlocking. This is basically a 3-step process: Upgrading; Jailbreaking; Unlocking.
Upgrading. Make sure that the latest firmware version (2.2.1 at the time of this writing) has already been jailbroken. If not, you might find some tricks how to "upgrade" you phone to the version which is not the latest. The following however assumes that you are OK with upgrading the iPhone/iPod Touch to the latest firmware version from Apple.
- Install the latest iTunes software from Apple site. Make sure to reboot the computer as instructed;
- Attach iPhone to USB port, fire up iTines and see what it will tell you. It might want to upgrade right away, which is the best; but make sure first download upgrade, and only then install. After download, make sure there is a corresponding file *.ipsw in the diectory
%USERPROFILE%\Application Data\Apple Computer\iTunes\iPhone Software UpdatesIf your phone already has latest version, still try to force it somehow to "upgrade", there must be a way. Also, you can (optionally) "reset" the iPhone to remove any settings and files from a previous user. Whatever you do, make sure that you end up with *.ipsw file in aforementioned directory.
- Exit from iTines and kill all relevant processes. This is important! (or else QuickPWN will be crashing during the installation)
- Download the latest version of QuickPWN and also files bl39.bin, bl46.bin , unzip QuickPWN archive and start the executable (no installation required)
- QuickPWN will first detect your iPhone and will offer you to select *.ipsw file (see above). Make sure it is the right one and confirm.
- On the next screen, select what you want to do: install Cydia (recommended and required for unlock), Installer (recommended), Replace logos (not recommended), Unlock (required)
- You will have to identify locations of *.bin files mentioned above;
- Next screen is tricky. You'll need to play some games with your phone in order to switch it to special "upgrade" mode: hold Home button, then power, then both, etc. Program screen will tell you exactly what to do - just follow very carefully!
- At this moment program commences completely automated process of "Jailbreaking". You can relax and enjoy the show, just be patient and do not touch the phone (or the program) till it is all finished, and phone reboots into new "Jailbroken" mode.
Unlocking. For this to work, you must have an available WiFi network not separated by any NAT mapping or firewall from another computer (does not have to be Windows or Mac) you can use. The simplest approach is of course to use your home WiFi network.
- Remove any SIM card from iPhone (note: this could be tricky). Do NOT insert a new one.
- Make sure you can access Internet (e.g., via Safari browser) from the phone. Configure you WiFi using regular phone settings UI as required;
- Start Cydia, configure it as appropriate, and use it to install OpenSSH;
- Make sure you can access your iPhone from another computer through a SSH (with your favorite client), using it network IP address, user name "root", (default) password "alpine". Enjoy the beauty of accessing your phone with SSH command prompt! (Thanks to Unix-like kernel of MacOS, of course)
So far, we just made sure your iPhone performs well as SSH server, which could be useful to you in many ways; also, keep in mind, that it seems you could only use your phone this way till "power saving" feature kicks in, so either do everything really fast, or adjust power saving mode, or constantly touch the screen to keep it alive.
From this point on, we follow the instructions from here or here.
- Download tiny Lockdown.zip file from here; unzip it to get a few files in a directory named "Lockdown";
- Using your faivorite SSH-based file transfer program, replace iPhone directory /private/var/root/Library/Lockdown with new Lockdown directory you created in a previous step. It could be a good idea to backup "original" content of this directory someplace safe.
- Shut down the phone, insert your SIM card, and boot it up. Everything should work.
Saturday, April 11, 2009
Formatting new internal hard drive
It is painfully apparent that latest software still lags behind latest hardware.
I had to add another internal drive to my Linux system, and though this is by far not the first time I had to do something like that, I keep forgetting the right sequence of commands, especially since these command do differ somewhat between Linix and BSD-based systems.
That's why following suggestion from somewhere I installed and tried to use new Ubuntu front-end utility for disk management, "GParted".
Indeed, this utility does conveniently show list of available disks, mounted or not, and allows you to create "disk label" (which is a first step before new file system cam be created). The only thing is, there are different "types" of "disk label", and default type "msdos" seems a bit strange, and there is no help or any explanation what other types are for, but still, this was indeed a correct default, in my case (but see below).
Unfortunately, the program only goes this far. An attempt to create actual file system hit me with error message "A partition cannot have a length of -1 sectors". Quick Internet search revealed the following:
- This error only happens with disk sizes > 1TB (mine is 1.5TB);
- No one has a clue as to why;
- "msdos" disk label only supports disks < 2TB. There should be no problem with 1.5TB size though;
- Nevertheless, some suggest to use disk label type GPT, which is supposed to handle any disks.
OK, I tried using GPT as disk label type, but it didn't make any difference.
Therefore, I followed advice from this blog post and use these commands to create filesystem:
sudo cfdisk /dev/sdc sudo mke2fs -j /dev/sdc1 sudo vol_id /dev/sdc1
- "cfdisk" is ncurses-based utility which is more or less equivalent to "GParted", but it does seem to work. However, it refuses to do anything if you already created GPT disk label, seems like it only works with "msdos". You can always use "GParted" to create another disk label.
- Option "-j" ("journaling") essentially means "ext3" file system;
- vol_id prints volume "ID" which can then be used in fstab (it is considered to be more stable than device names like "/dev/sdc1"). Entry in /etc/fstab could then look like that:
UUID=c49f9c07-1025-4e6b-988a-276ac67a1b6e /ext ext3 defaults 0 0However, in order for "mount /ext" to succeed, there must be a sym link (automatically) created in /dev/disk/by-uuid/ , and apparently opinions differ as to what should trigger creation of new link after a new drive has been installed and formatted. For me, this command
sudo /etc/init.d/udev restartworked.