Transcribe Audio or Video through an offline standalone application (HTML5 based)

I use a Sony TX650 device for recording audio notes. It allows me to increase/decrease the playback speed and helps me in faster transcription. However, it is not always efficient because when doing a transcription on a machine, I need to juggle between the player’s controls as well as the keyboard.

Transcribe Audio or Video Offline

To alleviate that, I created an offline transcription software. It is a single page HTML file and using Javascript and HTML5 Local Storage you can do transcription of both your audio and video files – and export the content.

A demo is available at
https://exain.com/transcribe

and the source code is available on GitHub at
https://github.com/technotablet/transcribe

Advertisement

How To Securely Open Ports (SSH, RDP etc.) On-Demand For Dynamic IPs Through iptables

An encrypted SSH connection allows complete access to your machine. However, unless you diligently manage all security updates to your OS and SSH Server, there is a possibility that your SSH server gets compromised.

Typically, system administrators restrict access to the SSH Server (Port 22) to selected IPs. The limitation in opening the Port 22 to selected Static IPs is that you will not be able to connect to it when you are on the move, and need to access your machine from, say a mobile phone.

To overcome this limitation, I have written a script that uses a combination of a web server and iptables firewall, and grants access to Port 22 (or any other Port) on demand to an IP you prefer. It can also work equally well on an AWS EC2 machine where you open Port 22 for all IPs (0.0.0.0/0) using a Security Group, and then restrict access via iptables to that EC2 instance.

I will be using

• Ubuntu
• Apache with PHP
• iptables Firewall
• sudo Access

---

Step 1 – Grant Access to iptables to www-data user

On Ubuntu, Apache runs with www-data as a user. We will allow www-data user to execute iptables via sudo without a password

Edit the sudoers file

sudo visudo

At the end of the file, add the following

www-data ALL=NOPASSWD: /sbin/iptables

The line above allows www-data access to the command iptables, without a password.

Verify if sudo is indeed working for www-data user.

Run the following command to verify.

sudo -H -u www-data bash -c 'sudo iptables -L'

Note: It should not ask any password for www-data and show the data related to iptables as shown in the screenshot above.

Step 2 – Allow Authenticated Access to Ports via The Web

We will now create a file that we’ll put on a web server for easy access. Save the following in a file, and place it on a safe, https protected location on your web server.

1. Get the code at GitHub –https://github.com/technotablet/open-port-dynamically/blob/master/openport.php
2. Change the password and the port that you wish to open in openport.php

Now access the openport.php script from your browser.

Complete GitHub Repository at https://github.com/technotablet/open-port-dynamically

For example: https://yourdomain.com/openport.php (Replace the URL with your domain & script name)

Maintenance

1. The ports that you open via the script tend to remain open like forever. You should ideally setup a firewall script via iptables and reset the rules at a pre-defined interval.
2. Instead of using a fixed password, you can try out an OTP version (tutorial coming soon).
3. For RDP and other ports that are not on the same machine, but are within the same network, you can setup Port Forwarding based on iptables and do the relevant NAT based redirection.

Use Amazon’s AWS VPC, & Your VPN To Extend Your Server Infrastructure (using Static Routing)

With the invent of cloud computing, a much powerful addition to a corporate data centre was the ability to scale its infrastructure in a virtual private cloud. The setup thus becomes flexible enough to manage the resource demand and remains safe from the public eye.

Using AWS VPC with Corporate VPN is an excellent option to extend a corporate data centre.

• AWS offers multiple regions and extreme flexibility to tweak your infrastructure needs
• The data rides on a VPN Tunnel and is not publicly exposed, thus meeting information security & confidentiality needs of an organisation

In the following post, I will delve deeper into creating a prototype of how you can extend your business network and put it on the “cloud”.

What we will be doing:

1. Setup VPC & VPN on AWS
2. Configure an External Machine to act as Corporate IPsec VPN (using “racoon”)
3. Connect our External Machine to AWS and test

Note: We will use “Static” routing, which is simpler, and not “Dynamic (BGP)” routing, which requires many more steps.

Interconnecting AWS VPC & VPN with Corporate VPN through IPSec (racoon)

---

Our Base Setup

1. An External Machine to act as a Corporate VPN Appliance (referred as “CorpVPN”), running Ubuntu/Debian Linux variant with a public IP. I took a cloud server with Rackspace Cloud, but you can take it up on AWS in a different region too if you prefer.
2. Opening of UDP 500 & UDP 4500 on the CorpVPN Firewall (or AWS Security Group Inbound Rule if you’re using AWS EC2 machine as CorpVPN Appliance).
3. Since CorpVPN is an independent device, we don’t have a connecting internal network to it. So we will use the Link-local 169.254.x.x IP Addresses.
4. An AWS Account where we can create an EC2 machine and configure VPN Services

 

Part 1 – AWS Setup

1a) VPC Configuration

Create a New VPC

Select “VPC” option under Services

Go to “Your VPCs”, and “Create New” VPC

We will use the network as 172.28.0.0/16 for the EC2 Machines which will work as our extended network.

Create a Subnet for your EC2 Machines. We will select it when we configure our EC2 Machine. In this example, we use 172.28.16.0/24 as the subnet.

Add an Internet Gateway

Create an Internet Gateway and attach it with the new VPC that you created so that your EC2 machines can reach Internet & you can connect to them remotely. You can let go of this option if you don’t want any external connectivity.

Setup a Security Group

Create a Security Group that allows ping and SSH to your EC2 machines. As per your preference, open ICMP and SSH for everyone or only to limited IP addresses.

1b) VPN Configuration

Customer Gateway (CGW)

The Customer Gateway is primarily our CorpVPN gateway. We need to provide the IP Address of our CorpVPN server. If you have it readily available, then provide it, else add a random IP and change later once your CorpVPN server is setup.

We will use as an example 100.101.102.103 as the IP of the CorpVPN Server. Please note that “Static” routing is selected.

Virtual Private Gateway (VGW)

We create a Virtual Private Gateway that enables network connectivity to our VPC. It is a two step process

• We create the VGW
• We attach it to our VPC that we created

VPN Connection

It is a hardware VPN and is a paid service. Create a new VPN and select the following

• VGW that you created before
• CGW that you created before

Routing Option should be “Static”

 

Static IP Prefixes will be Link-local addresses 169.254.0.0/16. It means you will reach the AWS network through your Private IP Address in 169.254.x.x series.

Note: We are using the above configuration because we have an independent CorpVPN machine. If you do have a VPN appliance and a network behind it, please go ahead and use your internal IP range.

It takes a few minutes to get the VPN ready.

Once the VPN is available, you can download the “Generic” configuration. It is a text file with the VPN IP Addresses and other configuration details.

Example Tunnel #1 Configuration’s Text File

Enable Route Propagation

Open the “Route Table”, select the “Route Propagation” tab. For the CorpVPN VGW, enable “Propagate”.

It is a critical step. Without “Route Propagation”, you will not be able to reach the EC2 machines from the VPN.

1c) EC2 Machine Setup

In the same region where you have setup your VPN, create an EC2 machine. I used t2.nano with Ubuntu 16.04. This EC2 machine will act as our extended network hosted on AWS.

Please ensure that you select the VPC that we created when configuring the EC2 instance.

Also, ensure that you select the Security Group that we created for the Corporate VPC.

---

Part 2 – CorpVPN Setup (the CGW Setup)

Points to note:

• AWS VPN Setup by default provides 2 VPN Tunnels (for Failover). However, since we are just testing it out, we will only be using 1 Tunnel. It will help ease the setup.
• The CorpVPN setup is our Customer Gateway, and we had provided its IP address while configuring the VPN in AWS.
• Remember – we are using a separate server (hosted on Rackspace Cloud) to act as CorpVPN Appliance. You can use an AWS Setup also by setting up an Ubuntu based server in a different region. Don’t forget to open UDP 500 & UDP 4500 in the Security Group / Firewall.

2a) Base Installation for IPsec & Racoon VPN Server

Install ipsec-tools & racoon. On a Debian/Ubuntu machine, you can use

apt-get install ipsec-tools racoon

Racoon is the IPsec server that we will use to establish the VPN. We will also use ipsec-tools to setup the SPD (Security Policy Database) to allow connection to-and-from AWS.

2b) IPsec Tools Configuration

Modify the file /etc/ipsec-tools.conf and use the entries below. You will need to refer to the “Generic Configuration” that you downloaded in the steps above from AWS interface.

To be specific, the IP Addresses as mentioned in our downloaded configuration are:

• CGW Inside IP – 169.254.54.122/30 (At Customer/CorpVPN’s end)
• VGW Inside IP – 169.254.54.121/30 (At AWS End)

 

• CGW Outside IP – 100.101.102.103 (CorpVPN’s publicly exposed IP)
• VGW Outside IP – 35.154.122.65 (For Tunnel #1, it is AWS VPN IP)

 

/etc/ipsec-tools.conf

#!/usr/sbin/setkey -f

## Flush the SAD and SPD
flush;
spdflush;


# Tunnel 1
# -4 means use only IPv4. Can be omitted.
# a) Allow CGW Inside IP Address to VGW Inside IP Address "outbound" from CGW Outside IP Address to VGW Outside IP Address
spdadd -4 169.254.54.122/30 169.254.54.121/30 any -P out ipsec esp/tunnel/101.102.103.104-35.154.122.65/require;
# b) Allow VGW Inside IP Address to CGW Inside IP Address "inbound" from VGW Outside IP Address to CGW Outside IP Address
spdadd -4 169.254.54.121/30 169.254.54.122/30 any -P in ipsec esp/tunnel/35.154.122.65-101.102.103.104/require;


# c) Allow CGW Inside IP Address to VPC Network "outbound" from CGW Outside IP Address to VGW Outside IP Address
spdadd -4 169.254.54.122/30 172.28.0.0/16 any -P out ipsec esp/tunnel/101.102.103.104-35.154.122.65/require;
# d) Allow VPC Network to CGW Inside IP Address "inbound" from VGW Outside IP Address to CGW Outside IP Address
spdadd -4 172.28.0.0/16 169.254.54.122/30 any -P in ipsec esp/tunnel/35.154.122.65-101.102.103.104/require;

Now on the CorpVPN setup, we will add the CGW Inside IP

ip a a 169.254.54.122/30 dev eth0

Replace eth0 with the relevant network card, preferably the one on which you have configured the CorpVPN/CGW IP.
Later, if you need to delete it, you can use ip a d 169.254.54.122/30 dev eth0

Do a

route -n

To confirm if the IP is now available in the routing table.

Reset the ipsec-tools rules

/etc/init.d/setkey restart

2c) Racoon Configuration

We will now setup the IPsec Server – Racoon. The configuration is simple, and you can copy paste the following and replace the IPs with your relevant IP Address Ranges.

Modify the file /etc/racoon/racoon.conf

path pre_shared_key "/etc/racoon/psk.txt";

# Tunnel 1
# VGW Outside IP Address
remote 35.154.122.65
{
     exchange_mode main;
     # CGW Outside IP Address
     my_identifier address 101.102.103.104; 
     # VGW Outside IP Address
     peers_identifier address 35.154.122.65;
     ike_frag on;
     generate_policy = off;
     initial_contact = on;
     nat_traversal = on;

     dpd_delay = 10;
     dpd_maxfail = 3;
     support_proxy on;
     proposal_check claim;

     proposal
     {
          authentication_method pre_shared_key;
          encryption_algorithm aes 128;
          hash_algorithm sha1;
          dh_group 2;
          lifetime time 28800 secs;
     }
}


# CGW Inside IP Address & VGW Inside IP Address
sainfo address 169.254.54.122/30 any address 169.254.54.121/30 any
{
     encryption_algorithm aes 128;
     authentication_algorithm hmac_sha1;
     pfs_group 2;
     lifetime time 3600 secs;
     compression_algorithm deflate;
}

 

In /etc/racoon/psk.txt, enter the VGW Outside IP Address, and the Pre-Shared Key that is available in the configuration.

35.154.122.65    pjt61xwU3jRoNiUBXVli73aQs31awm4Gg

 

Restart Racoon.

• To begin with, you can do a debug mode ON racoon initialisation. For example:

racoon -Fvdd

• Later on, you can just manage it through init script.

/etc/init.d/racoon restart

---

Part 3 – Testing the setup

Now you need to ping your VGW Inside IP Address from your CorpVPN/CGW machine

ping 169.254.54.121

It should start pinging within a few seconds.

You should be able to see the status of the VPN Tunnel as up for your VGW Outside IP Address under VPN Connections on Amazon. It is important for this to happen.

If the above doesn’t work, please refer to the Troubleshooting section.

Now you need to add a route so that you can reach your 172.28.0.0/16 range of IP Addresses.

route add -net 172.28.0.0/16 gw 169.254.54.121 dev eth0

Do a

route -n

To check if your configuration is correct, and you have set the appropriate gateway.

Now ping your EC2 instance’s Private IP address.

ping 172.28.16.136

It should work.

Similarly, from your AWS EC2 instance, you can ping the CGW Inside IP Address

ping 169.254.54.122

If it works, then CONGRATULATIONS to you. You have successfully established the two way connection.

---

Part 4 – Maintenance & Troubleshooting

To make it permanent, you need to add the ip address addition (of CGW Inside IP Address), and routing rules (Using VGW Inside IP Address as Gateway for 172.28.0.0/16 range) in maybe /etc/rc.local or in your /etc/network/interfaces so that they apply automatically on a reboot.

Also, to keep the tunnel alive, traffic has to pass through it. You can setup a cron job with the following to ensure that the tunnel is always up

* * * * * (/bin/ping -c 10 169.254.54.121) > /dev/null 2>&1

You have to be able to ping the inside IP Address of VGW. If that is not happening, please make sure you have done ‘Route Propagation’ for that VGW under ‘Routing Tables’ -> ‘Route Propagation’ under AWS VPC Settings.

You should be able to ping your EC2 instance. If not, then

• Make sure you’ve allowed ICMP (ping packets) to pass through in the Firewall (Security Group for your EC2 Instance).
• You have added the route on your CGW, for reaching your EC2 Subnet (172.16.x.x series for example) through your VGW Inside IP Address (as mentioned in the tutorial above).
• Have you replaced the IP addresses with the ones provided in the Downloaded Configuration File as well as the ones of your Customer Gateway?

If the tunnel works but goes down intermittently, then to keep it active you need to ping the VGW Inside IP Address continuously. Use a cron job for that as explained in the tutorial above.

That’s all. There are instructions on AWS to setup through dedicated VPN Appliances. You can refer those to Extend Your Network and make it more scalable.

Fitbit Detailed Heart Rate Data Tracking – Intraday

I recently upgraded to Fitbit Alta HR. It is much better than Fitbit Flex that I had been using for past many years. And the best part is the heart rate tracking, which also helps in getting better Sleep Quality outputs.

Fitbit Alta HR captures Heart Rate periodically (at few second intervals)

What was missing?

However, one thing that I missed with Alta HR and the Fitbit App was the display of the Heart Rate data. For instance, below is my Heart Rate during an Emotionally Charged Up Environment at Workplace. Note, I was sitting with No Physical Activity!

Heart Rate Variation while sitting – but with Emotions Running High!

If you notice, the Fitbit App shows Heart Rate data in 5-minute intervals. And the self-quantification person that I am, that was not enough. I wanted the entire data that Alta HR recorded. Thus, I began working on getting that reliably.

 

The End Result, & How You Can Use It

I have created a web version where you can review your Heart Rate data quickly.

Get your Heart Rate Chart at https://exain.com/fitbit

Remember to see the Tutorial on how to retrieve your “Client ID” from the Fitbit website.

Note: The application I have created saves the heart rate data in a database. It means that I will have your heart rate data. However, I am not asking for or collecting any user information. So despite the fact that I have the heart rate data, I cannot link it with an individual.

I have open sourced the entire code, and it is available on GitHub.

https://github.com/technotablet/fitbit

How it works

• Fitbit allows developers to connect to its API after authentication through the OAuth2 Protocol.
• Since the heart rate data is personal to a user, Fitbit does not permit third party developers to access heart rate data of another user.
• You will need to authenticate yourself on the Fitbit Developer Portal and create an “App” on it. It is a relatively simple process, and if you are connecting to my service at https://exain.com/fitbit, then you can view the tutorial on YouTube.

Now Go – Track your HB!

Asterisk VOIP and pfSense IPSec VPN Clients

I had setup a pfSense 2.1 based IPSec VPN following the instructions at https://doc.pfsense.org/index.php/Mobile_IPsec_on_2.0 which worked well for my mobile devices and machines.

However, using a SIP based softphone over VPN connecting to my workplace’s Asterisk based VOIP setup never really worked properly. I dabbled in changing the subnet masks, changing asterisk settings, phone settings, NAT and many other things – all of which didn’t really work. The maximum I was able to achieve was calling up *43 which is the echo number and hear my own voice.

The reason for it to not work was that my VPN setup was having a different IP Address range (e.g. 192.168.10.x/24), and my LAN network was different (say 192.168.5.x/24). This is how the VPN is setup, but this allows one way communication – my VPN clients can reach the LAN, but LAN cannot reach the VPN clients. So, Asterisk server, while signaling worked, the media didn’t. So the ring was there, but no voice, since it was trying to send it back to 192.168.10.x series and my pfSense box wasn’t passing it through.

The simple solution was adding a firewall rule in LAN settings, and allowing the LAN subnet to pass traffic to the 192.168.10.x/24 network (Protocol: any, Ports: any). By default it is blocked. And THEN I could ping my VPN clients from LAN too which was the ideal setup, even for remote troubleshooting.

Tracking your Route through GPS – Getting Started

It was 14th February 2013, Valentine’s Day. Inspired by one Motorola commercial, I set out to walk in a ‘heart shaped’ route, as a Valentine Gift for my beloved wife. The commercial is available at http://youtu.be/iG2DRiQt1b0 and the end result was tracked on Sports Tracker, with me walking in a heart shaped route near Lotus Temple, Delhi, India.

I don’t have a good navigation sense, and rely mostly on GPS/Google Maps/Map My India for my everyday needs. Thus, to accomplish this task I’d specially bought a professional compass to track the directions, and had planned to cover at least 2 kilometers walking/running (though eventually it was restricted to 100 meters, reasons I’ll not delve into).

But, the biggest gain (apart from the delighted beloved, and learning how to use a compass) was that I came across various techniques that are used across the globe to track/plan a route. It’s more awesome than I ever imagined!

Continue reading →

Wireless on Ubuntu 11.10 and Lenovo Thinkpad E420

Unlike 11.04 and earlier, Ubuntu 11.10 runs much better on Lenovo Thinkpad E420. The only glitch is the wifi drivers which don’t run by default, and it could be corrected easily

Using LiveCD or a running system

• Press Super (Window) key, and open Terminal
• Type sudo modprobe -r acer_wmi

That’s all. You should be able to connect to the wireless till next reboot.

Making the change permanent

Edit the file /etc/modprobe.d/blacklist.conf and in the end type

blacklist acer_wmi

Reboot and you’re done. If you’re doing it entirely from the GUI, then editing the file could be done by pressing ALT+F2 (this would open a “Run” window) and typing there gksu gedit /etc/modprobe.d/blacklist.conf

Please note: This applies to wireless card having rtl8188ce chipset. You can view that by typing lspci in a terminal and searching for the entries respective to Network Controller.

Ubuntu 11.04 on Lenovo E420

Update: 16 October 2011 – Ubuntu 11.10 works better. http://wp.me/p9bZ0-1Q

I recently got a Lenovo E420 laptop, and I just went ahead and installed Ubuntu 11.04 on it. Few are some of the things that may help those who’re facing issues with it. I got 4 GB RAM on Core i5. It’s 64bit processor, so I preferred 64bit Ubuntu instead of 32bit pae kernel.

Wireless

The machine has rtl8188ce chipset, and the Realtek drivers available from Realtek’s website don’t work well. You just need to blacklist acer_wmi module

Edit /etc/modprobe.d/blacklist.conf and add

blacklist acer_wmi

Save and reboot. This won’t work if you’ve compiled Realtek drivers and installed them. It’ll work only in the default install. Here’s more detailed link –  http://askubuntu.com/questions/53625/wireless-on-thinkpad-edge-e420s

Random screen lockups

I am not sure why it occurred – due to the kernel or due to the compiz settings. I did both. Installed Kernel 2.6.39 from http://kernel.ubuntu.com/~kernel-ppa/mainline/v2.6.39-rc4-natty/

Also, I installed CompizConfig Settings Manager (ccsm) from Ubuntu Software Center, and then disabled this option

General -> OpenGL -> Sync to VBlank (uncheck this)

Reboot. The system may not hang. http://www.preshweb.co.uk/2011/05/ubuntu-11-04-x-freezing-after-screensaver-active-laptop-lid-closed/

Update 26 July 2011: There are still instances of system hanging 😦 Unable to identify the cause as yet. However, this time the system just hangs with no mouse movement at all. This behavior I experienced in 32bit-pae kernel too and usually happens when system has gone through more than a few standbys. Will diagnose and update further.

Update 2 – 30 July 2011 : I updated the BIOS to v1.16 (earlier it was 1.10), but it didn’t do any good. The system still got hung. It is not due to standby also as I disabled the “Suspend” option from Power Management section and rebooted the computer and used it for around 3 hours after which I got a Kernel Panic. Realtek has put a new version of their drivers for rtl8188ce chipset – I’ve just installed those and rebooted and it seems to be working. Will update later if it has cured the hanging problem.

Update 3 – 31 July 2011 : After installing the realtek rtl8188ce drivers as mentioned in the post above, I’ve not rebooted the machine since more than 24 hours. Had suspended it more than a few times, and did various experiments which earlier eventually led to a freeze. But I’m happy to report that till now all has been good and it has not yet hung. I’ll keep working on it for next few days and see if there has been a proper resolution.

Indicator icons for unsupported apps

I installed gnome-do and I was unable to see the indicator icon for that. Installed dconf-editor from Ubuntu Software Center.

Got the name of the application from .xsession-errors file (TrayChild). Opened dconf-editor and added ‘Do’ in there. Logged out and logged back in and all is well.

http://askubuntu.com/questions/36898/how-can-i-see-a-list-of-all-the-systray-icons-that-are-not-whitelisted/39750#39750

Don’t set systray-whitelist to “all” as that may lead to the icons in indicator being unclickable.

To be honest, it was horrendous to use Ubuntu 11.04 due to severe productivity issues for the first week. I installed 32bit pae kernel so that the 4GB RAM could be supported. But I couldn’t upgrade it to 2.6.39 as no pae kernel was available for 2.6.39. I rather installed 64bit Ubuntu, and updated it immediately and rest did what I mentioned above. No more hangs till now, and life has been happy.

Nokia E6 Symbian Anna IMAP with push mail

Nokia Symbian based phones have a terrible IMAP support. If you have IMAP server of your own, you only have two options

• Use “Nokia Messaging” which means you receive your emails via Nokia servers (similar to blackberry) and it’d not be your phone but nokia servers which would connect to your IMAP server and push mails to your phone. This works better, but then you’re giving your details to Nokia, and could be a privacy issue for some.
• Use the in-built IMAP client. This would mean you don’t have a ‘push’ email, but a check interval of 5 minutes. Not awesome.

Following is one more way to set to use IMAP via the Nokia Mail for Exchange client, and you don’t need to have any Microsoft Exchange setup.

 

Concept

1. You need to be running an IMAP server.
2. There’s an open source PHP based software called “z-push” which allows activesync connectivity and has IMAP backend, which means you can use it to ‘sync’ your phones using the Nokia Mail for Exchange client.
3. You need Apache web server with php5 and php5-imap support where z-push would be setup.
4. You download and configure z-push.
5. You configure your phone settings, and then use Nokia Mfe client to connect to your IMAP server and thus have “push” functionality.

 

Assumptions

1. An IMAP server is running with SSL support with self-signed certificates (I used dovecot), which has usernames as ‘user@domain.com‘ format.
2. You have Apache with PHP5 and php-imap support. On ubuntu/debian you can install it using apt-get install php5-imap.
3. Nokia Mail For Exchange supports only a single account on a phone. So if you have multiple email accounts to be synced, bad luck.
4. It was tested on a Nokia E6 running Symbian Anna. Your setup may vary or could be different.

 

Server side setup

1. Download z-push from Source Forge http://z-push.sf.net ; I used version z-push-1.5.4RC-705.tar.gz.
2. Extract it in a suitable location, for example, /var/www/z-push
3. You can refer to the INSTALL document too for more information inside the z-push extracted files.
4. Make the ‘state’ directory web server user writable. So do chown www-data.www-data state or chmod 777 state.
5. Configure z-push. We will modify the following

   $BACKEND_PROVIDER = "BackendIMAP";
   
   // ************************
   //  BackendIMAP settings
   // ************************
   
   define('IMAP_SERVER', 'localhost');
   define('IMAP_PORT', 993);
   define('IMAP_OPTIONS', '/ssl/novalidate-cert');
   define('IMAP_DEFAULTFROM', 'domain');
   define('IMAP_SENTFOLDER', 'Sent');
   define('IMAP_USE_IMAPMAIL', false);

6. So that the “Sender Name” when sending out email works well, there’s a IMAP_DEFAULTFROM setting, which didn’t work too well in my case, so I modified the backend file to display the “Sender’s Name” correctly in the format Firstname Lastname <user@domain.com>. The following changes were done in backend/imap.php

   # Added the following lines in the section below
   # $v = "$this->_domain <$this->_username>";
   # $envelopefrom = "-f$this->_username";
   
               if ($k == "from") {
                   if (trim($v)) {
                       $changedfrom = true;
                       $v = "$this->_domain <$this->_username>";
                       $envelopefrom = "-f$this->_username";
                   } elseif (! trim($v) && IMAP_DEFAULTFROM) {

7. In Apache configuration, I have SSL setup. So in the configuration file for the SSL, I specified an alias as under

           Alias /Microsoft-Server-ActiveSync "/var/www/z-push/index.php"

8. Restart Apache and your z-push is ready.

 

Client side/phone setup

1. Now that the server side setup is ready, we’ll configure the phone.
2. You can enter the settings as per the requirements while configuring the Mail For Exchange client.
3. The “domain” would be your full name (as you wish to display when you send someone an email).
4. That’s all. Sync it and you’re ready to go!

 

Troubleshooting

1. To enable debug logs, create a file debug.txt in the z-push directory and assign it web server user writeable privileges. For example:

   cd /var/www/z-push
   touch debug.txt
   chown www-data.www-data debug.txt # or; chmod 777 debug.txt

2. You may want to experiment with the IMAP_OPTIONS by referring to http://php.net/imap_open
3. Your ‘Sent’ items folder could be different. You may want to keep it blank (the default).

Making a WiFi Hotspot / Access Point using Linux & wifi lan card/USB adapter

If you have a wifi LAN card / USB adapter, then you can use it as an access point so that other machines can connect to the internet via your machine using Wifi. The process is fairly simple, but requires you to have a compatible set of drivers which allow a wifi lan card to come into “Master” mode.

It didn’t work well for

• Linksys WUSB54GC v3 USB adapter. Till Ubuntu 10.04, there were no good drivers for use with hostapd (supporting mac80211 / nl80211). In Ubuntu 10.10, though the drivers were working, but the connection was highly unstable – in fact unusable. The drivers that I tried were rt2800usb (which allowed the adapter to come into Master mode), and rt2870sta which didn’t allow the adapter to come into “Master” mode. It always remained “Auto” or “Managed” (checked via iwconfig). Need to test in 11.04 when it arrives.

What worked pretty well

• 02:00.0 Ethernet controller: Atheros Communications Inc. AR5001 Wireless Network Adapter (rev 01), using ath5k drivers. hostapd didn’t complain at all and all was smooth. This was in Ubuntu 10.04.

Concept

1. There’s an application called hostapd which allows converting a wifi adapter into an access point and provide privileges such as WPA authentication and ssid name definition etc. I used it and it worked well.
2. When a client connects to the access point, apart from authentication it’ll require IP addresses to be assigned. For that a DHCP server is used.
3. You need to have 2 interfaces, one which accesses the net (e.g. eth0), and other which provides the access point services (e.g. wlan0).
4. You start the wlan interface, assign it an IP address, start the dhcp server, setup firewall/nat and start hostapd. That’s all to it. Your devices would be able to use the wifi adapter as the access point.

Procedure

apt-get install dhcp3-server hostapd

Modify /etc/hostapd/hostapd.conf and put the following

interface=wlan0
driver=nl80211
ssid=MyAP
hw_mode=g
channel=11
wpa=1
wpa_passphrase=MyPasswordHere
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP CCMP
wpa_ptk_rekey=600

The dhcpd.conf section in /etc/dhcp3/dhcpd.conf would have something like the following

subnet 10.10.0.0 netmask 255.255.255.0 {
        range 10.10.0.25 10.10.0.50;
        option domain-name-servers 8.8.4.4, 208.67.222.222;
        option routers 10.10.0.1;
}

Modify /etc/default/dhcp3-server

INTERFACES="wlan0"

Check what name your adapter got via iwconfig. You can change the name also and make it persistent via /etc/udev/rules.d/70-persistent-net.rules so that it always gets a single type of name. In our example we’re assuming wlan0, but it could be changed. Make necessary changes in your configuration too.

Configure the new interface

ifconfig wlan0 10.10.0.1

The above could also be done in a better way via the /etc/network/interfaces file, but didn’t try it out. In any case if you shutdown hostapd, the network interface (wlan0) loses its address, so need to put a script which assigns it again before hostapd is started. An example could be

iface wlan0 inet static
 address 10.10.0.1
 netmask 255.255.255.0

Restart the dhcp3-server. It should now be ready to serve addresses and is also bound to the network interface too.

Allow ip masquerading

echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Now start hostapd and see the messages that it shows

hostapd -dd /etc/hostapd/hostapd.conf

Wait for a few seconds, it should show some probes being done by other wifi devices. If it shows, then probably you’re in good luck.

Now try to connect via your device to this access point. It should work.

To make this work on boot, can put the relevant config in /etc/default/hostapd

RUN_DAEMON="yes"
DAEMON_CONF="/etc/hostapd/hostapd.conf"
DAEMON_OPTS="-dd"

and also put the firewall rules in /etc/rc.local (make sure its executable).

Remember – if you shutdown your hostapd, the network card would lose its address. So you have to assign that again before starting hostapd. The usual practice would be

• Stop hostapd
• Stop dhcp server
• Restart network (or rather ifup wlan0 / ifconfig wlan0 10.10.0.1 would do)
• Restart dhcp server
• Start hostapd

Miscellaneous

1. You can check the wifi interfaces via

   iwconfig

2. To set a wifi adapter into master mode, try the following. If it doesn’t work and shows an error that it’s not possible or something, fret not – use hostapd as that’ll do that in any case.

   iwconfig wlan0 mode Master

3. Network Manager could create issues, though in my test environment – instead of using an ethernet interface, I used two wlan interfaces, one being controlled by Network Manager for internet access, and other for making it an access point.
4. modprobe -r ath5k / modprobe -r rt2800usb etc. is to be used for unloading the modules.
5. If you wish to proceed without using authentication so that you can test it easy, then put the following in /etc/hostapd/hostapd.conf

   interface=wlan0
   driver=nl80211
   ssid=MyAP
   hw_mode=g
   channel=11