Saturday, December 30, 2006

U3

If you've been reading this blog for a while, you know I have a quest for an easy to use password tool. For a program/database, I've settled on KeePass from SourceForge. Then the challenge was how to make KeePass easy to use. I found a Hagiwara USB drive that faked being a CD-ROM drive. But, the honeymoon didn't last long. I gave an update here.

Then one night while working my RSS feeds on Bloglines, I came across a bargain from Dell. They had a 1 GB SanDisk Micro Cruzer U3 for $9 with free shipping. I bought 2!

I jumped on it because of the size and only realized that it was U3 after I had ordered it.

When it arrived, I started playing with the U3 capability. It is very similar to the capability of the Hagiwara but was "closed" (more on that later). Even with this "closed" architecture, it seemed like it was hackable in that all the control information was on the writable side in XML files.

A session with Google turned up loads of information. Here're several sources:

http://newmw.wordpress.com/2006/08/16/create-your-own-u3-applications/
http://www.elitenews.org/2006/05/installing-programs-on-u3-smart-drive.html
http://www.u3community.com/
http://www.eure.ca/
http://www.everythingusb.com/forums/forumdisplay.php?s=&forumid=142
http://usb.smithtech.us/u3/
But let me just net it out. I used the Shortcut Creator 4U3 from SmithTech above and it worked like a charm.

Actually, once I saw how easy it really was, I've built more just by hand. It seems to me like the U3 folks just make it look complicated.

Now briefly on the "hackable" angle of U3. Obviously there has to be a way to write to the CD-ROM side of the U3 drive. John Smith (and certainly others) has figured this out. Smith has AutoLauncher 4U3 that will let you run whatever you want via the CD-ROM's autorun.inf.

So far, I've found SanDisk's LaunchPad satisfactory.

Tuesday, December 26, 2006

Trusted Zone

I listen to Leo Laporte and Steve Gibson on the Security Now podcast. Sometimes (?) Steve Gibson is a little over the top but he certainly makes you think. In one episode, they talked about Steve's technique to use Internet Explorer more safely. Leo wrote this up here.

The net of this is to set your Internet Explorer Options so that the Internet Zone (Internet) is set to high security. This stops ActiveX, Java, and Javascript. Then add the sites you trust to use these capabilities to the Trusted Zone.

This sounds well and good but the impact has been pretty disruptive. For example, not running Javascript defeats Maxthon's Super Drag Drop.

But broader than this, I have found that these capabilities are required for a satisfactory experience at so many sites that you end up adding more and more sites to the Trusted Zone.

Here's a list that I started keeping as I had to add and then gave up on:

http://www.nytimes.com/ref/travel/20061210_wheretogo_map.html
http://www.sunbelt-software.com/documents/sunbelt_kerio_personal_firewall_user_guide.pdf (won't load or save)
https://www.yugma.com/index.php (won't load the Flash)
http://www.circuitcity.com
http://circuitcity.shoplocal.com
Oh, on the yugma.com, you have to add https separately from http. You can wildcard second level domains, e.g. http://*.shoplocal.com.

It's been an interesting experiment but I don't think I'm going to stick with it.

Sunday, December 17, 2006

Kerio Personal Firewall

I always try to keep a couple of things to "play" with. Currently, I'm running Sunbelt Kerio Personal Firewall on my X20. It reminds me of ZoneAlarm but less resource intensive. I admit it's been a while since I've used ZoneAlarm but I suspect it hasn't gotten smaller.

Kerio has 2 modes: a free mode and a full mode. I'm running the free mode, natch. In the free mode, you get all the features except Host-based Intrusion Prevention and Content Filtering. There are a couple of more full mode features related to administration. Host-based Intrusion Prevention (HIPS) will prevent buffer overflows and code execution from running on your system. I've lived without that so far. For Content Filtering, I use the capabilities of Maxthon.

Every now and then Kerio nags at you about "running restricted version" but a single click dismisses the dialog.

One thing that Kerio does that is similar to ZoneAlarm is it has the concept of a "Trusted (network) area." This is normally set to the address space that is presented to your NIC, in my case 192.168.0.0/255.255.255.0. You can tell Kerio that all access to this trusted area is Ok and minimize some of the prompts. I hadn't done that just so I could see what all was going on with the intention of eventually enabling that address space. However, once when I was on vacation, the hotel had a wireless network and they too were using 192.168.0.0/255.255.255.0!

So before I turn that on as "trusted" in Kerio, I want to readdress my home router to a different, unusual address space.

There are a bunch of screen shots on the Sunbelt page referenced above and a users' guide here.

Saturday, December 09, 2006

PortableApps.com

Recently, I was at work and looking for a copy of CamStudio. When I Googled it, I came across portableapps.com. PortableApps has a portable copy of CamStudio here. It's not in their index but I found it in the beta testing section.

So I nosed around PortableApps some and they have a nice collection of applications packaged to install and run on a USB drive. Examples are Firefox, 7-Zip, gaim, etc. If you don't find what you want, look around in the beta testing section mentioned above. I found a portable skype there.