Camera on SE X10i (Android 2.3)

This is a howto on a Sony Ericsson (SE) X10i with Android 2.3.3.

Photos can be captured with a 4 inch capacitive touch screen, and 8.1 megapixel camera. It also comes with digital zoom of up to 16x, image stabiliser (due to small hand shakiness) and a flash. The updated Android provide a default camera apps that meet most requirements.

Step 1. Starting the camera

Method 1

At the Home screen, tap the Application icon, then tap Camera icon.

Method 2

On the X10i, press the Camera quick button.

Step 2. Select Camera (optional if already selected)

Tap the Camera icon.

Step 3. Snap the photo

There are several methods to do this, but I will note down just the Touch and Normal.

Method Touch

• Select Camera mode icon, and tap Touch capture. (optional if already selected)
• Point the camera to the person or object, press on the screen where is the desired focus.
• Release finger, to take the photo.

Method Normal

• Point the camera to the person or object.
• Half press the Camera button, to focus.
• Press Camera button down fully to take the photo.

Step 4. Preview photo

Press on the last taken photo at bottom of the screen, or tap the Filmstrip icon

Other setting for the camera can be accessed by the on screen icons or by the Menu key.

Call handling on SE X10i (Android 2.3)

This is a Howto on a Sony Ericsson (SE) X10i updated with the latest Android (in this case to version 2.3.3). So you've got the smart phone, many do not have the time to experiment, so here is the first share on some of the solutions to common things you might need.

After the update, Sony Ericcson did not provide an easy to find help document for the Help option in Android. It is a bit disappointing considering its SE, and the help is in the phones menu, but empty. At SE website, there is a download to “restore your user guide in your phone” (instructions are not good at this moment)

Make a call (yes, the phone can make calls)

Step 1. You will need to start the dialer.

From the home screen, tap the Phone button.

Step 2. There 3 methods to dial a number;

Method 1:

Enter the number using the screen Keypad, and tap Call.

Method 2: Tap the Contacts button and choose the contact to call

Method 3: Tap the Favourites button and choose the contact to call

Step 3. During the call you have the options to

• Put call on loud speaker – tap the Speaker button
• Mute, so the other party cant hear you but you can listen – tap the Mute button
• Use the onscreen dialpad for automated transactions like Phone banking – tap the Dialpad

Step 4. When you want to end the call, tap End call button.

Decline a call (in a meeting and suddenly a call comes in, lets cancel that call)

Step 1. Drag the Decline button to the left.

Access to other applications during a call (Retrieve or to write a note. It is a smart phone)

You have 2 ways to do this;

1. Return to a previous running application (just before you were interrupted by the call)

Press the BACK key (left arrow sign)

2. Return to Home screen to select an application.

Press the HOME key (This is the key with a square sign) then tap on the application you wish to start

Clone a VirtualBox disk

Duplicating a disk for a new VirtualBox VM requires addressing the disk UUID conflict with same value. The following steps address this matter.

1. Start VirtualBox graphical interface (GUI), and edit settings for the VM using the disk we wish to clone. E.g VM name is centos and the virtual disk as centos_hdd.vdi

2. Remove (Do not delete) this disk from the VM.

3. At a command prompt
VBoxManage clonehd centos_hdd.vdi copy_centos_hdd.vdi
VBoxManage internalcommands setvdiuuid copy_centos_hdd.vdi

The first command duplicates the virtual disk. In the second command we assign a new UUID to the new disk (copy_centos_hdd.vdi)

4. Return to VirtualBox GUI and attach back the centos.vdi to the VM.

5. Create a new VM to attach the copy_centos_hdd.vdi

The new virtual machine is ready to use the cloned virtual disk. As a note, why not just make more copies of the disk with new UUIDs in case you need another image.

An Open source software antivirus called ClamAV

The ClamAV is the only OSS implemented on a large scale with a consistenly updated virus database.

It can be used in 3 different ways:

1. Installed on a PC. It can be scheduled to run at specific times or to scan all new storage medium and incoming files.
2. Installed on a server. It is used in conjunction with server services such as email servers, backup and file servers.
3. Application built with the ClamAV library. Customised applications can manage how and when the file scannings are done.

There are lots of cool features that is comparative to proprietary antivirus. As of June, it is rank as the top 10 antivirus in terms of virus detection.

I just ran an update, output as below:

daily.cvd updated (version: 13231, sigs: 130699, f-level: 60, builder: arnaud)
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Current functionality level = 58, recommended = 60
DON'T PANIC! Read http://www.clamav.net/support/faq
bytecode.cvd is up to date (version: 143, sigs: 40, f-level: 60, builder: edwin)
Database updated (976953 signatures) from db.local.clamav.net (IP: 222.124.18.201)

Configuration of the ClamAV installed can be inspected with the command clamconf, and the virus scanner GUI is simple to use.

Linux security checklist

The Anonymous is announcing an attack on www.malaysia.gov.my, which is a central portal to reach all other Malaysian Government portals. This is reported by F-Secure Corporation and theStar, 14 Jun 2011. Makes you wonder why Anonymous would want to do that.

Follow up from my previous post, I realise that many Linux Admins out there do not have a Security Checklist for their web application. I am sharing the following checklist here as it provides a standard security consideration for almost all web application on Linux or LAMP stack. It is by no means the only security guide, please apply all other security concerns specific to your needs and you can then sleep better at night.

Check List for Web Application (deployment)

Category	Item	Notes
Logins
A.1	Operating system -Administrator password is secured and recorded as only accessible by ONE administrator -All login's are done as normal user -Normal users with access to Administrator priviledges are recorded. Access should be via SUDO. -All logins are recorded
A.2	Application -All users to have secured logins -Administrator logins are assigned to specific individuals and listed -Web based self registered user must have email and spam prevention facilities -Lock down on Web server's user/application access -Default access and password for all administrator applications must be secured. This includes the main application, phpmyadmin, firewall.
A.3	Database -Each application to have a specific user and password access. This user cannot access other databases. -Administrator access is with secured password. Assignment to specific individuals must be recorded.
Services
B.1	Disable unnecassary services -Firewalls must be enabled to restrict external access to only the approved application (via port numbers). -Identify every services running. Disable those not in use. -Remote access must be via encrypted protocols -Disable local email server (e.g. sendmail) from runnin/listening continuously. Or use external email server. -Email servers controlled to allow access to specific application and directories. -Anti-virus if implemented, must have patches and pattern updates kept to the most recent.
B.2	Create a base point of security -A penetration test must be carried out. The type and complexity is based on the specific application. -Establish an integrity check point
B.3	Tell them you do not allow access -Place warning messages to all points of access. E.g. motd and issue.net
B.4	Logging -Log activities to separate files for operating system and application. -Make logs available to a centralised log server.
B.5	Backup -Establish a backup plan. -Implement a backup process
B.6	Create a boot disk and rescue of the Linux
B.7	System updates -Disable the automatic system updates. Updates should be installed only after it is verfied working with the application. -Periodically check with security issues, respective application security notices and update as needed.
Physical
C.1	Physical Access -Ensure only authorised personel can access to the server. -A record of physical access is maintained.
C.2	Storage Media -All storage media is tagged. -Storage location and transportation is secure and recorded.
C.3	Security Policy -Ensure the document is readily available to authorised users.

Checklist for Web Application (Deployment) by Nicholas A. Suppiah is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.
Permissions beyond the scope of this license may be available at http://www.blogger.com/profile/06749525177696246387.

Linux security for organisations

Linux provides a great solution for small and large organisations. Its scalability and reliability have been continuously promoted over the years as reputable organisations keep adopting them.

The recent spate of security breaches at Citibank, USA and Sony Online Entertainment (SOE), Sony Playstation tells us a lot about the amount of importance organisations put on security. In 2009, There were words that Citibank was robbed and in 2011, there was a breach to over 200,000 USA Citibank card holders in the Citigroup. ZDNet in 2011, "Sony security hole exposes another 24.6 million accounts" tells about how over 100 million users can be affected by failures on security. Maybe Sony Certified Security Professional needs to consider a systems security program for Sony (I am joking).

Other security compromised news (hacked) in 2011

• Vendor-sec email list was compromised and this was a discussion on linux vulnerabilities at openwall.com
• Wordpress.com root access was gained to their servers. Nothing else much on extend of damage to users or blogs at wordpress.com
  
• Mobile devices like Android could potentially have user data compromised when using public wifi, says University of Ulm, Germany
• International Monetary Fund (IMF), network break-in sounded like it was blamed to the staff use of internet and emails when read in ZDNET.
• Lockheed Martin, provider of defence technology breach in their remote access via use of tokens affected Pentagon.
• GMail major phishing was traced back to China and Google looks geared up for more changes as spear-phishing becomes a term many would see more often.
• In Malaysia, the newly launched 1Malaysia Pengguna Bijak's portal costing RM1.4 million wasn't built with safe guarding the users information at all. Here the only explaination (NO apology to the rakyat) was that the system was not built to cope with the 3 million hits it received within 2 days of its launching. Over 2,000 1Pengguna user account details were confirmed compromised. I took it as a government initiative but the name www.1pengguna.com made me wonder if its a Malaysian government effort or a private business.
  

Over the years of implementing Linux based solution, there are a few basic things I can share when deploying web applications and other similar systems.

1. Put a security policy in place. This includes security administrators reading emails from public who voluntarily lodge about security flaws.
   
2. Budget to implement these policies
3. Have security checklists (use it, audit with it)
   

If disaster happens, you just need to fix it. There are people's "life" at stake. At the same time get those culprits, if you can.

What are Perlis students going to do with Netbooks?

Its in NST that 700 students will receive netbooks.

Not reported how it will be usable to the students. Or if they have internet access.

Schools should prepare wifi so that these students can access education freely in school.