How to recover password after shortening

Writing secure software is hard. At the same time, some things are so fundamental that failing to implement them is just inexcusable. One of these is that you must not limit the password length. (At least below some crazy limit like a thousand characters. Long before that your password is no longer the weakest link in even the most secure systems in the world.) Enter my new router, ironically named the Orcon Genius. It’s a bog standard consumer router, and like most routers it came with an insecure admin password. I promptly replaced it with a long, generated password, but afterwards I could no longer log in. I suspected a shoddy implementation, so I cobbled together a script to try logging in using every substring of the password. After about half a second it spat out the correct password, verifying that this router only saves the first 15 characters of the password. The script is very simple:

 password='your_secure_password' # the line starts with a space
for start in $(seq 0 $password_length)
    for length in $(seq 1 $(($password_length - start)))
        if curl --basic --fail --silent --user "admin:${substring}" > /dev/null
            echo "$substring"
            break 2

The space before the variable assignment is to avoid storing the password in the shell history. Your shell may not support this feature, in which case you need to figure out how to securely erase the password from your history. Consider yourself warned.

I’ve reported this issue to Orcon. Hopefully they will fix the firmware.

HDMI audio output hell

This is a gigantic PITA. I can’t believe some people still think proprietary software has good support for proprietary hardware – Even with a relatively simple setup like this, many hours of searching forums, installing and reinstalling drivers, fiddling with the BIOS and sound settings still hasn’t produced any sound.

  1. Upgraded the A/V receiver firmware. This was easy since I’ve connected it to the Internet. It’s now got the latest firmware.
  2. Installed, removed and reinstalled the latest video driver – Catalyst Software Suite 12.8. I rebooted after each step.
  3. When I plug in the HDMI cable, a device called Generic PnP Monitor is added to the Devices list. I know it corresponds to the A/V receiver, because it is removed again if I unplug the cable. This messed up the dual-screen display the first time I plugged in the HDMI cable, making only the secondary display active until I managed to move the Catalyst Control Center window from the invisible desktop to the visible one.
  4. Tried to update the driver of the Generic PnP Monitor, but it just says the driver is up to date.
  5. In the Sound → Playback window the AMD HDMI Output playback device is enabled, but it shows simply Not plugged in, so I can’t configure it or set it to the default, as some forum posts instruct.
  6. In the BIOS menu there is a setting called SPDIF OUT Mode Setting [sic], with possible values SPDIF and HDMI. It’s set to SPDIF, according to this cryptic description: Select the [HDMI] option only if you have a video card with HDMI support and are using the SPDIF signal for the high-definition monitor’s speakers. I’m not using monitor speakers.
  7. In the Screen Resolution window there’s a TX-NR509 device. The resolution and orientation can’t be set, and I’ve set Multiple displays to Disconnect this display.
  8. The A/V receiver shows that it’s connected, but not receiving a signal.

In conclusion, both devices know about each other, but Windows 7 seems to think the A/V receiver is a monitor. Any ideas?

HOWTO: Synchronizing vCard address books with Nokia 6300 via Bluetooth on Ubuntu Linux

Edit: After learning a bit of sed magic, this is now a single script.

This Works For Me™, and I hope it works with other phones and on other distributions as well, but no guarantees.

Here’s how:

  1. Download
  2. chmod u+x
  3. sudo apt-get install gnokii
  4. Setup Gnokii (replace the phone name): echo -e "[global]\nmodel = 6510\nport = $(hcitool scan | grep 'phone name' | cut --fields=2)\nconnection = bluetooth" > ~/.gnokiirc
  5. Turn Bluetooth on on the computer and the phone.
  6. Pair the computer and phone. On Ubuntu, simply click the Bluetooth icon and follow the "Set up new device..." wizard.
  • If you want to copy your existing contacts to disk, you can run ./ -r > phone.vcf
  • To copy vCards to the phone, overwriting the existing contacts, run cat *.vcf | ./ -f
  • Note that works only with the internal phone memory. Address book entries stored in the SIM card, phone log or elsewhere will not be read or written.

    Some features of the script:

    • Works with plain /bin/sh, so it should work on any Linux / BSD distribution.
    • Has separate parameters to read, write and flush contacts.

    # NAME
    # - Synchronize contacts with Bluetooth device.
    # [options]
    #    -f,--flush       Flush entries on the phone before synchronization
    #    -r,--read        Read phonebook entries (no synchronization)
    #    ./ -r
    #        Read phone address book entries.
    #    cat *.vcf | ./ -fv
    #        Remove all phone address book entries and write new ones.
    #    Warning: Overwrites the existing entries on the phone if you give it any
    #    input.
    #    Some limitations:
    #    - Gnokii (or the phone) doesn't understand N, NICKNAME, ORG and URL
    #      parameters.
    #    - Conflicts have to be resolved manually.
    #    - Getting a "Data format is not valid" error for unknown reasons.
    #    - Needs so long as Gnokii / phone doesn't understand the full vCard
    #      spec.
    #    Tested on Nokia 6300 under Ubuntu (7.10-9.10). Instructions:
    #    <>
    # BUGS
    #    1: Not yet tested on other phones or operating systems.
    #    2: No automated comparison of computer and phone entries.
    #    3: Should use safe temporary directory creation - See web pages.
    #    4: Flushing doesn't always get rid of all address book entries.
    #    Email bugs to victor dot engmark at gmail dot com. Please include the
    #    output of running this script.
    #    Copyright (C) 2008-2010 Victor Engmark
    #    This program is free software: you can redistribute it and/or modify
    #    it under the terms of the GNU General Public License as published by
    #    the Free Software Foundation, either version 3 of the License, or
    #    (at your option) any later version.
    #    This program is distributed in the hope that it will be useful,
    #    but WITHOUT ANY WARRANTY; without even the implied warranty of
    #    GNU General Public License for more details.
    #    You should have received a copy of the GNU General Public License
    #    along with this program.  If not, see <>.
    # Init
    ifs_original="$IFS" # Reset when done
    cmdname=$(basename $0)
    directory=$(dirname $0)
    # Exit codes from /usr/include/sysexits.h, as recommended by
    # Output error message with optional error code
        test -t 1 && {
            tput setf 4
            echo "$1" >&2
            tput setf 7
        } || echo "$1" >&2
        if [ -z "$2" ]
            exit $EX_UNKNOWN
            exit $2
        # Print documentation until the first empty line
        while read line
            if [ ! "$line" ]
                exit $EX_USAGE
            echo "$line"
        done < $0
    # Process parameters
    params=$(getopt -o fr -l flush,read --name $cmdname -- "$@")
    if [ $? -ne 0 ]
    eval set -- "$params"
    while true
        case $1 in
            --) shift
    if [ $read ]
        gnokii --getphonebook ME 1 end --vcard \
            || error 'Failed to get phonebook.'
    if [ $flush ]
        gnokii --deletephonebook ME 1 end \
            || error 'Could not flush phone entries.'
    sleep 1
    # Is there anything on stdin?
    if [ -t 0 ]
    sed -n '1h;1!H;${;g;s/\r\n //g;p}' <&0 | \
    sed -E s/^ADR\;.*?\(home\|work\).*?:/ADR\;TYPE=\\1:/i\;s/^EMAIL\;.*?\(INTERNET\).*?:/EMAIL\;TYPE=\\1:/i\;s/^TEL\;.*?\(CELL\|FAX\|HOME\|WORK\).*?:/TEL\;TYPE=\\1:/i | \
    gnokii --writephonebook --overwrite --memory-type ME --vcard
    if [ $err_code -eq 20 ]
        echo 'Data format error, eh? Dunno what to do about that for now.'
    elif [ $err_code -ne 0 ]
        error 'Could not write to phone.' $err_code

    If you have problems sending the vCards to your phone, you may want to validate them first.

    How to switch keyboard layouts on the Windows XP login screen

    Do you use several keyboard layouts in Windows XP? Ever been annoyed that the layout at the login screen is locked to the installation default? Here’s how to fix it, with a simple registry hack.

    Disclaimer: Use at your own risk, yada yada yada…

    How to enable multiple keyboard layouts at login:

    1. Back up the registry!
    2. Start the registry editor: Press Windows+R, type regedit, and press Enter.
    3. Click on HKEY_USERS, and locate the key (the things which look like directories) which is your SID – It should be one of the longest. If you have problems finding the SID, you can try MS’ own getsid.
    4. Right-click the sub-key Control Panel\Input Method\Hot Keys and select Export.
    5. Save the file to disk.
    6. Open the file in a text editor.
    7. Leave the first line in the file, but remove all the keys (and their name/value pairs) which don’t end in 10X, where X is a number. These are the keyboard shortcuts for switching between the layouts (if you have set any).
    8. Replace the SIDs in the key names with .DEFAULT, so that they will be applied to the default user.
    9. Export the Keyboard Layout\Preload key to a file, and copy the contents (except the first line) into the file you worked with earlier. These are the layout settings.
    10. Now you should have a working registry file. Before proceeding, you should check that it’s at least similar to the one I ended up with, below.
    11. Save and double-click on the file to insert the data in the registry.

    Now you should be able to change the keyboard layout the same way you do it in Windows when logging in.


    Windows Registry Editor Version 5.00
    ; $Id: dvorak-keyboard-layout-at-login.reg 169 2007-09-25 09:31:02Z vengmark $
    ; Shortcut keys for layouts 1, 2, and 3
    [HKEY_USERS\.DEFAULT\Control Panel\Input Method\Hot Keys0000100]
    "Virtual Key"=hex:31,00,00,00
    "Key Modifiers"=hex:05,c0,00,00
    "Target IME"=hex:09,04,02,f0
    [HKEY_USERS\.DEFAULT\Control Panel\Input Method\Hot Keys0000101]
    "Virtual Key"=hex:32,00,00,00
    "Key Modifiers"=hex:05,c0,00,00
    "Target IME"=hex:09,04,09,04
    [HKEY_USERS\.DEFAULT\Control Panel\Input Method\Hot Keys0000102]
    "Virtual Key"=hex:33,00,00,00
    "Key Modifiers"=hex:05,c0,00,00
    "Target IME"=hex:14,04,14,04
    ; Remove old settings
    [-HKEY_USERS\.DEFAULT\Keyboard Layout]
    ; Set layouts
    [HKEY_USERS\.DEFAULT\Keyboard Layout\Preload]
    ; US-Dvorak (default)
    ; US-English
    ; Norwegian
    ; Fallback layouts
    [HKEY_USERS\.DEFAULT\Keyboard Layout\Substitutes]
    ; Use Alt-Shift-# (# is 1, 2, or 3) to change between layouts
    [HKEY_USERS\.DEFAULT\Keyboard Layout\Toggle]
    "Language Hotkey"="3"
    "Layout Hotkey"="3"

    How to be (almost) paperless

    The paperless office has become the poster child of a stagnated IT revolution. I won’t say “failed”, because there are ways to get rid of almost all your paper, and gain a lot of efficiency at the same time. It works—Virtually the only time I print is when someone requires a written signature.

    I believe there are two big reasons why people print: Comfort (you’ll be able to read it, bit by bit, anywhere and any time, without eye strain) and safety (it can’t disappear as easily as a file). What follows are paperless solutions for these and other issues.

    Read comfortably

    A good screen is paramount, but how to choose the best? LCD (aka. flat / TFT) screens are generally much more easy on the eyes than CRT screens. To get the proper “paper feeling”, you should get a big screen with a high resolution (don’t worry about the text being too small, that can be adjusted) and high contrast.

    Turn on proper anti-aliasing for a huge improvement in text readability—In Windows, go to Start ? Control Panel ? Display ? Appearance ? Effects, tick Use the following method to smooth edges of screen fonts, and select ClearType. You should also use the free ClearType Tuner to perfect the settings.

    Read anywhere, any time

    For this, the best solution is a laptop or PDA with a good screen. In addition to the attributes already mentioned, you should also make sure the screen has a high maximum brightness—This helps a lot in bright surroundings, such as daylight or a well lit office.

    Take quick notes

    For quick, small notes, you can use A Note. For more organized notes, you can use GTDTiddlyWiki. They are both free, open source, and easy to use.

    Keep control of what to read

    By using an online bookmarking service, you can dispense with paper copies of things you need to read. Here’s what works for me (using

    • Add the tag “toread” for anything that should be read.
    • Change it to “read” when finished.
    • To indicate that you broke off at chapter 4, just add the tag “at:4”.
    • You might also want to add priorities to the bookmarks, by adding tags like “important” or “pri:1”.
    • Install the Firefox extension – It’s indispensable.

    Add notes / corrections to documents

    It’s easy to annotate paper documents—Just add a scribble in the margin, an arrow here, some underlining there, and so on. But this method has several flaws (in addition to wasting paper): Hand-written notes are often hard to read, they are not part of the document, they can’t be distributed to several persons easily, and they are limited by the space available. Fortunately, modern word processors (like Word and support adding notes and corrections directly in the document. Just take a moment to learn how, and you’ll save a lot of time in the long run.

    Keep document versions separate

    The common method to do this is to have some manually updated version number in the document, and keeping printed versions of the document for each version. This is horribly inefficient, and can be completely avoided.

    First, you can insert a version number which updates automatically. In, press CTRL-F2, go to the DocInformation tab, and double-click Revision number. In Word, press CTRL-F9, select the field name RevNum, and press OK. AFAIK, these numbers should increase every time you save the document.

    Second, word processors can show you the difference between two files if you keep them separate, by using a version control system (explained below) or separate file names. In, go to Edit ? Compare Document. In Word, go to Tools ? Compare and Merge Documents.

    Third, using a version control system complements the other techniques nicely, while being a great way to handle plain text files and code. By using version control for collaborative documents, you can avoid concurrency issues: You and someone else copy the same document to your hard disk, edit it, and then upload it. If you’re unlucky, all the changes of one of you are overwritten by the other, without warning. Version control systems also keep track of who changed what, and why.

    The previous two points are also handled very nicely—Most version control systems support keyword substitution (like $Version$), and “diff” tools are plentiful and free (I recommend KDiff3 or WinMerge).

    Version control also enables you to keep separate copies of the same files on several machines without having to worry about files becoming obsolete. This is very useful for application settings which are not stored in the registry.

    If you work in IT, there’s probably a CVS or SVN server available. Setting up your own server can be a bit of work, but it’s probably best for your personal documents. In any case, I recommend using TortoiseCVS or TortoiseSVN (both Windows only) to work with the repositories.