The potential security issue in the previous post was found when I was messing with the web server component. In a thread found on Boxee forums there was basic command set from documentation but I wanted to take it further.. Boxee remote in pure basic 90s html.
While this works its not really practical and was more or less proof of concept messing around. Download the crudeamental remote below (You will have to change all the http://boxee:8800 to your boxes ip).
Download: Boxee-html-remote
After doing some research on how the Boxee remote system worked i found some urls for doing basic control/info retrieval from the older desktop software/ current software on Boxee box. One of which was now playing status. After messing with some of the others I went back to the now playing url and noticed something that didn’t seem right.
Boxee doesn’t store the smb (Windows file sharing) authentication in a secure data store and securely retrieve it like is done on modern systems. Instead it sends the username/password as part of EVERY request for media shared from a windows computer. That means every request for media sent out is done in this format “smb://<username>:<password>/path/to/media/file.<extension>”. Which is not a secure method especially since app developers can do remote apps that interact with the software even to the extent of requesting currently playing media. Further more anyone can run a packet sniffer on the network and capture the exact same info as media is played also if on wifi and not using any security (or on WEP) that could be a further issue.
While this isn’t a major issue on a single user network the issue really comes to focus on a muli-user shared network. Without a fix in the core of the Boxee software all you can do is setup your share security so a Boxee only user is exposed. For example make new user that is just for Boxee media shares or just setup your media shares to allow anyone to read but need authenticated user to write that way either a non important user is exposed or it can access the media without needing login.
I was given a copy of Bulkr Pro from ClipYourPhotos. The Application is a powerful cross platform (Windows,Mac , Linux) download & backup tool for Flickr users. The feature set varies depending on if you are authenticated to your account or using the public access.
When you first launch the app you are greeted with Connect to Flickr & Search Photos buttons. You can use the app without a account linked for downloading public photos from other users as long as the uploader has allowed downloads. After you link your account the home tab provides a backup option.
First off let’s get started with the features related to linked account. Starting with backup… you get to choose what size to backup as (All the usual Flickr file sizes), Destination for the backup, and how to handle the metadata (embed in EXIF and/or Save as text file). The backup seemed quite speedy on my collection of 1,706 photos. With photostream downloads you can search or pick from your most recent uploads. Selection is as simple as clicking on the pictures you want and a blue checkmark is added. The other options when you hover over the thumbnail for each picture are view larger image in application or view it on Flickr site. Downloading from your sets offers most of the same features as photostream other than search & viewing. The download from photos you have in your favorites falls under the public photo rules.
The search is feature rich and lets you choose the license, search type, and enable/disable save search and works quite well. Downloading from user’s photostream lets you choose from sets in addition to selecting from from the usual grid of thumbnails. Group downloads work as expected from the other download modes. Explore is a cool feature that shows the interesting photos for the day you choose.
Over all this is the best app of its class I’ve used yet but one nagging issue haunts me between all of the Flickr download tools I’ve used to date… The apps can’t tell videos from pictures leaving me to pick through photos and figure out what uploads are videos and which ones aren’t. Despite the minor video issue I’d fully recommend the app.
There is a free version with slightly less features but pro is fully worth it. Pro normally costs $40 but if you act fast you can get it for $29.95.
Grab your copy @ http://clipyourphotos.com/bulkr
Google + for iPhone has been released but it only works on the iPhone (3G,3GS, and 4) and leaves the iPod Touch and iPad familys in the dust. All over G+ there has been many complaints about this limitation… so I decided to see if i could get it working on the forbidden devices. If you don’t got the app yet you can download it on iTunes @ Google+ for iPhone 3G, iPhone 3GS.
First off i was able to install Google + by using i-FunBox from http://www.i-funbox.com/ the application has a option to install ipa files direct without iTunes. I was especting the app to just crash and not run but to my surprise the app ran fine on both iPod Touch and iPad.
Everything worked other than camera functions wich were greyed out on both iPod Touch and iPad (when in framed & 2x mode). I took it farther being my iPad was jailbroken and proceded to run the app using fullforce (force iPhone apps to run at iPad resolution) to see how well it would run. Now this is where it got interesting since it not many iPhone apps properly upscale to the higher resolution.
Here is how the fullforce’d results of running Google + on iPad:
What looks & functions proper
What doesn’t look or function proper
What crashes:
In playing my newly bought copy of Valve’s Portal 2 I spotted various IBM PS/2 386 machines. This goes perfectly with their DOS theme. It looks to be the IBM 8530–002 PS/2 30 8530 with Dual Floppy Drives to be exact.
