Securing your WiFi network

How to Crack a Wi-Fi Network's WPA Password with Reaver via lifehacker.com

Your Wi-Fi network is your conveniently wireless gateway to the internet, and since you're not keen on sharing your connection with any old hooligan who happens to be walking past your home, you secure your network with a password, right? Knowing, as you might, how easy it is to crack a WEP password, you probably secure your network using the more bulletproof WPA security protocol.

Here's the bad news: A new, free, open-source tool called Reaver exploits a security hole in wireless routers and can crack most routers' current passwords with relative ease. Here's how to crack a WPA or WPA2 password, step by step, with Reaver—and how to protect your network against Reaver attacks.

In the first section of this post, I'll walk through the steps required to crack a WPA password using Reaver. You can follow along with either the video or the text below. After that, I'll explain how Reaver works, and what you can do to protect your network against Reaver attacks.

First, a quick note: As we remind often remind readers when we discuss topics that appear potentially malicious: Knowledge is power, but power doesn't mean you should be a jerk, or do anything illegal. Knowing how to pick a lock doesn't make you a thief. Consider this post educational, or a proof-of-concept intellectual exercise. The more you know, the better you can protect yourself.

What You'll Need

You don't have to be a networking wizard to use Reaver, the command-line tool that does the heavy lifting, and if you've got a blank DVD, a computer with compatible Wi-Fi, and a few hours on your hands, you've got basically all you'll need. There are a number of ways you could set up Reaver, but here are the specific requirements for this guide:

• 

  The BackTrack 5 Live DVD. BackTrack is a bootable Linux distribution that's filled to the brim with network testing tools, and while it's not strictly required to use Reaver, it's the easiest approach for most users. Download the Live DVD from BackTrack's download page and burn it to a DVD. You can alternately download a virtual machine image if you're using VMWare, but if you don't know what VMWare is, just stick with the Live DVD. As of this writing, that means you should select BackTrack 5 R1 from the Release drop-down, select Gnome, 32- or 64-bit depending on your CPU (if you don't know which you have, 32 is a safe bet), ISO for image, and then download the ISO.

• A computer with Wi-Fi and a DVD drive. BackTrack will work with the wireless card on most laptops, so chances are your laptop will work fine. However, BackTrack doesn't have a full compatibility list, so no guarantees. You'll also need a DVD drive, since that's how you'll boot into BackTrack. I used a six-year-old MacBook Pro.
• A nearby WPA-secured Wi-Fi network. Technically, it will need to be a network using WPA security with the WPS feature enabled. I'll explain in more detail in the "How Reaver Works" section how WPS creates the security hole that makes WPA cracking possible.
• A little patience. This is a 4-step process, and while it's not terribly difficult to crack a WPA password with Reaver, it's a brute-force attack, which means your computer will be testing a number of different combinations of cracks on your router before it finds the right one. When I tested it, Reaver took roughly 2.5 hours to successfully crack my password. The Reaver home page suggests it can take anywhere from 4-10 hours. Your mileage may vary.

Let's Get Crackin'

At this point you should have BackTrack burned to a DVD, and you should have your laptop handy.

Step 1: Boot into BackTrack

To boot into BackTrack, just put the DVD in your drive and boot your machine from the disc. (Google around if you don't know anything about live CDs/DVDs and need help with this part.) During the boot process, BackTrack will prompt you to to choose the boot mode. Select "BackTrack Text - Default Boot Text Mode" and press Enter.

Eventually BackTrack will boot to a command line prompt. When you've reached the prompt, type startx and press Enter. BackTrack will boot into its graphical interface.

Step 2: Install Reaver

Reaver has been added to the bleeding edge version of BackTrack, but it's not yet incorporated with the live DVD, so as of this writing, you need to install Reaver before proceeding. (Eventually, Reaver will simply be incorporated with BackTrack by default.) To install Reaver, you'll first need to connect to a Wi-Fi network that you have the password to.

1. Click Applications > Internet > Wicd Network Manager
2. Select your network and click Connect, enter your password if necessary, click OK, and then click Connect a second time.

Now that you're online, let's install Reaver. Click the Terminal button in the menu bar (or click Applications > Accessories > Terminal). At the prompt, type:

apt-get update

And then, after the update completes:

apt-get install reaver

If all went well, Reaver should now be installed. It may seem a little lame that you need to connect to a network to do this, but it will remain installed until you reboot your computer. At this point, go ahead and disconnect from the network by opening Wicd Network Manager again and clicking Disconnect. (You may not strictly need to do this. I did just because it felt like I was somehow cheating if I were already connected to a network.)

Step 3: Gather Your Device Information, Prep Your Crackin'

In order to use Reaver, you need to get your wireless card's interface name, the BSSID of the router you're attempting to crack (the BSSID is a unique series of letters and numbers that identifies a router), and you need to make sure your wireless card is in monitor mode. So let's do all that.

Find your wireless card: Inside Terminal, type:

iwconfig

Press Enter. You should see a wireless device in the subsequent list. Most likely, it'll be named wlan0, but if you have more than one wireless card, or a more unusual networking setup, it may be named something different.

Put your wireless card into monitor mode: Assuming your wireless card's interface name is wlan0, execute the following command to put your wireless card into monitor mode:

airmon-ng start wlan0

This command will output the name of monitor mode interface, which you'll also want to make note of. Most likely, it'll be mon0, like in the screenshot below. Make note of that.

Find the BSSID of the router you want to crack: Lastly, you need to get the unique identifier of the router you're attempting to crack so that you can point Reaver in the right direction. To do this, execute the following command:

airodump-ng wlan0

You'll see a list of the wireless networks in range—it'll look something like the screenshot below:

When you see the network you want, press Ctrl+C to stop the list from refreshing, then copy that network's BSSID (it's the series of letters, numbers, and colons on the far left). The network should have WPA or WPA2 listed under the ENC column. (If it's WEP, use our previous guide to cracking WEP passwords.)

Now, with the BSSID and monitor interface name in hand, you've got everything you need to start up Reaver.

Step 4: Crack a Network's WPA Password with Reaver

Now execute the following command in the Terminal, replacing bssid and moninterface with the BSSID and monitor interface and you copied down above:

reaver -i moninterface -b bssid -vv

For example, if your monitor interface was mon0 like mine, and your BSSID was 8D:AE:9D:65:1F:B2 (a BSSID I just made up), your command would look like:

reaver -i mon0 -b 8D:AE:9D:65:1F:B2 -vv

Press Enter, sit back, and let Reaver work its disturbing magic. Reaver will now try a series of PINs on the router in a brute force attack, one after another. This will take a while. In my successful test, Reaver took 2 hours and 30 minutes to crack the network and deliver me with the correct password. As mentioned above, the Reaver documentation says it can take between 4 and 10 hours, so it could take more or less time than I experienced, depending. When Reaver's cracking has completed, it'll look like this:

A few important factors to consider: Reaver worked exactly as advertised in my test, but it won't necessarily work on all routers (see more below). Also, the router your cracking needs to have a relatively strong signal, so if you're hardly in range of a router, you'll likely experience problems, and Reaver may not work. Throughout the process, Reaver would sometimes experience a timeout, sometimes get locked in a loop trying the same PIN repeatedly, and so on. I just let it keep on running, and kept it close to the router, and eventually it worked its way through.

Also of note, you can also pause your progress at any time by pressing Ctrl+C while Reaver is running. This will quit the process, but Reaver will save any progress so that next time you run the command, you can pick up where you left off-as long as you don't shut down your computer (which, if you're running off a live DVD, will reset everything).

How Reaver Works

Now that you've seen how to use Reaver, let's take a quick overview of how Reaver works. The tool takes advantage of a vulnerability in something called Wi-Fi Protected Setup, or WPS. It's a feature that exists on many routers, intended to provide an easy setup process, and it's tied to a PIN that's hard-coded into the device. Reaver exploits a flaw in these PINs; the result is that, with enough time, it can reveal your WPA or WPA2 password.

Read more details about the vulnerability at Sean Gallagher's excellent post on Ars Technica.

How to Protect Yourself Against Reaver Attacks

Since the vulnerability lies in the implementation of WPS, your network should be safe if you can simply turn off WPS (or, even better, if your router doesn't support it in the first place). Unfortunately, as Gallagher points out as Ars, even with WPS manually turned off through his router's settings, Reaver was still able to crack his password.

In a phone conversation, Craig Heffner said that the inability to shut this vulnerability down is widespread. He and others have found it to occur with every Linksys and Cisco Valet wireless access point they've tested. "On all of the Linksys routers, you cannot manually disable WPS," he said. While the Web interface has a radio button that allegedly turns off WPS configuration, "it's still on and still vulnerable.

So that's kind of a bummer. You may still want to try disabling WPS on your router if you can, and test it against Reaver to see if it helps.

You could also set up MAC address filtering on your router (which only allows specifically whitelisted devices to connect to your network), but a sufficiently savvy hacker could detect the MAC address of a whitelisted device and use MAC address spoofing to imitate that computer.

Double bummer. So what will work?

I have the open-source router firmware DD-WRT installed on my router and I was unable to use Reaver to crack its password. As it turns out, DD-WRT does not support WPS, so there's yet another reason to love the free router-booster. If that's got you interested in DD-WRT, check their supported devices list to see if your router's supported. It's a good security upgrade, and DD-WRT can also do cool things like monitor your internet usage, set up a network hard drive, act as a whole-house ad blocker, boost the range of your Wi-Fi network, and more. It essentially turns your $60 router into a $600 router.

Further Reading

Thanks to this post on Mauris Tech Blog for a very straightforward starting point for using Reaver. If you're interested in reading more, see:

• Ars Technia's hands on
• This Linux-centric guide from Null Byte
• The Reaver product page (it's also available in a point-and-click friendly commercial version.

Reddit user jagermo (who I also spoke with briefly while researching Reaver) has created a public spreadsheat intended to build a list of vulnerable devices so you can check to see if your router is susceptible to a Reaver crack.

Have any experience of your own using Reaver? Other comments or concerns? Let's har it in the comments.

via lifehacker.com

Posted via email from ://allthings-bare

How To Block Web Sites at the Router Level for Network Wide Filtering - How-To Geek

A comprehensive network filtering system is overkill if all you want to do is block a handful of web sites. Read on as we show you how—with nothing more than your router—you can selectively block and temporarily restrict individual websites.

For many people a massive commercial internet filter is overkill. What if you just want to block Facebook when your kids are supposed to be doing their homework or Reddit when you’re supposed to be getting work done? You don’t need a huge system for that, all you need is the access restrictions module in your router. Today we’re looking at how you can quickly and easily block traffic on your network using router-based access restrictions.

What You’ll Need

<p><img alt='' src='http://www.howtogeek.com/wp-content/uploads/2011/11/whatyouneedtomato.jpg'/></p>

For this tutorial you’ll won’t need much and you won’t have to spend a dime. Before proceed make sure you have the following things:

• A Tomato compatible router
• A copy of Tomato on the router
• Administrative access to the router

We’re going to go through the tutorial as using a Linksys router running Tomato custom firmware. The steps we’re taking are largely equivalent to the DD-WRT system (you can read about selective domain blocking for DD-WRT here). If you don’t have Tomato installed on your router check out our guide to installing Tomato here. If you have it installed and you have administrative access (you know the login password for the control panel) then you’re ready to proceed.

Setting Up URL Filters in Tomato

<p><img alt='' src='http://www.howtogeek.com/wp-content/uploads/2011/11/2011-11-22_131534.jpg'/></p>

For our example we’re going to setup both a total ban and a time-based ban on the social news site Reddit. Reddit fans among us will attest to the fact that the site, as fun as it can be, is an enormous time sink and a great productivity killer. First let’s take a look at the Access Restriction module in Tomato. Navigate to your router control panel, typically an address like http://192.168.1.1 and plug in your credentials. Once you’re in the main panel navigate to Access Restriction in the left hand menu—seen above. Click on it to enter the sub-menu. If you’ve never used the feature before all you’ll see in the Access Restriction Overview section is a disabled example entry like so:

<p><img alt='' src='http://www.howtogeek.com/wp-content/uploads/2011/11/2011-11-22_132959.jpg'/></p>

Just beneath the example entry, to the right, is the Add button. Click that now to create your first entry.

For our first entry we’re going to make a filter, called Reddit Killer, which blocks Reddit all day, every day. Change the description name from New Rule to Reddit Killer, check All Day and Everyday, leave Applies to as All Computers/Devices, and then uncheck Block All Internet Access—if you don’t check this part, you won’t be able to specify what exactly you want to block. It should look like this:

<p><img alt='' src='http://www.howtogeek.com/wp-content/uploads/2011/11/2011-11-22_133429.jpg'/></p>

When you unchecked Block All Internet Access, an entire new portion of the menu unfolded beneath the initial entry. Within this portion of the menu is where we’re going to specify the sites we want to block. 

 

Leave the Port/Applications section alone (these settings allow you to get more granular control over your filters such as filtering only BitTorrent or a specific port). In the HTTP Request section enter reddit.com and then, at the bottom right corner, click Save.

<p><img alt='' src='http://www.howtogeek.com/wp-content/uploads/2011/11/2011-11-22_140651.jpg'/></p>

Back at the main screen you should see the new filter, Reddit Killer, with it’s rather encompassing “Everyday” schedule. Let’s take a look at Reddit and see if our filter is active:

<p><img alt='' src='http://www.howtogeek.com/wp-content/uploads/2011/11/2011-11-22_144143.jpg'/></p>

Reddit is down? Well then. We’d better get back to work. Our filter is great success.

If you’re not quite ready for a full Reddit fast but you’d like to at least keep it shut off while you’re trying to focus on work, you can easily modify the scheduling component to, say, restrict access between 8AM and 5PM on the weekdays. Let’s click on Reddit Killer now so we can edit it.

<p><img alt='' src='http://www.howtogeek.com/wp-content/uploads/2011/11/2011-11-22_142424.jpg'/></p>

Uncheck All Day and Everyday, then in the new options which have appeared, select 08:00-17:00 and Monday through Friday. While we’re at it, let’s update the Description to better reflect the purpose of the filter. Since we’re restricting access to the evenings, we’ll call our new filter Reddit Tonight.

To register the changes, click save down in the lower right corner. If you wish to further massage the settings (such as applying the restrictions to only certain computers) you can pull down the Applies To menu and create white/black lists of computers that are restricted or unrestricted. You can also easily expand your filter by adding new lines into the HTTP request box. Instead of just a Reddit Killer it could be expanded to include all the web sites you routine kill time on (Reddit, Facebook, Fark, and so on). In addition to filtering web sites you can also set up keyword filters. In short, if it’s travelling through your network you can find a way to filter it in the Access Restrictions menu.

Have a clever technique for getting more out of Tomato and/or filtering time wasting web sites and other undesirable content? Let’s hear about it in the comments.

via howtogeek.com

Posted via email from ://allthings-bare

Firesheep Sniffs Out Facebook and Other User Credentials on Wi-Fi Hotspots via lifehacker.com

Firefox: Firesheep sniffs out and steals cookies—and the account and identity of the owner in the process—of popular web sites (like Facebook and Twitter) from the browsing sessions of other users on the Wi-Fi hotspot you're attached to.

Firesheep is a proof-of-concept Firefox extension created by Eric Butler to show how leaky the security many popular web sites (like Facebook, Flickr, Amazon.com, Dropbox, Evernote, and more) employ is. The problem, as Firesheep shockingly demonstrates, is that many web sites only encrypt your login. Once you are logged in they use an unsecured connection with a simple cookie check. Anyone from your IP address (that of the Wi-Fi hotspot) with that cookie can be you. When using Firesheep on a public hot spot any session it can intercept is displayed in the Firesheep pane with the user's name and photograph (when available). Simply click on their name to intercept the session and start browsing the website as though you are them.

What can you do to protect yourself against such a painfully easy attack against your privacy and security? You can set up an SSH SOCKS proxy to encrypt your traffic, effectively sending your site sessions and accompanying cookies through a sniff-proof tunnel. For a less involved alternative, however, you could use something like the previously mentioned HTTPS Everywhere Firefox extension or Force-TLS (highlighted by TechCrunch). Essentially, these extensions will force popular sites to send data via the more secure HTTPS protocol, which encrypts data as it's sent, and while it's slightly slower, it's definitely worth using HTTPS when available.

Firesheep is free, works wherever Firefox does, and requires a wireless card capable of operating in promiscuous mode.

Firesheep [Code Butler via TechCrunch]

via lifehacker.com

Posted via email from ://allthings-bare

How to Secure Your Torrent Downloads via maketecheasier.com

Internet security and privacy are two topics that are frequently in the news. Those Internet users who use the BitTorrent protocol to share files are perhaps more aware of these security and privacy issues than others. Many government agencies, special interest groups, corporations, and hackers with malicious intentions monitor torrent downloads and look for people to catch, sue, or attack.

Because of this reality, it is important for torrent file sharers to find ways to protect themselves from litigation, prosecution, bandwidth shaping, and malware. The following tips should help you make your torrent experience safer, private, and more secure.

Disclaimer: Downloading copyrighted media without the owner’s permission is illegal is some countries. Under no circumstances is this article intended to encourage illegal activity, and there are no guarantees that this information will protect you from any legal action.

1. Port Forwarding

Every modern router has some form of port forwarding that you can use for your bittorrent client. With it, you can circumvent ISPs that may block common torrent ports or limit their bandwidth usage. Using port forwarding, you could, for example, forward your BitTorrent traffic through the standard web port (80). Some torrent clients also support randomizing of ports so that they will use a different one every time you start them.

2. Limit Downloads and Uploads

Since many ISPs now limit the amount of bandwidth you can consume within a month (or even at certain times of the day), it is important to not let your torrent downloading and uploading go unchecked. Torrent clients like qBittorrent have features that allow you to limit the number, speed, and even time of day that downloads are allowed.

3. Encryption

Encryption is all about privacy. There is no reason for anyone, even your ISP to know exactly what sites you are visiting or what files you are downloading. Most torrent clients support some type of encryption for the data and/or header information. It is important to note that encryption will not mask your IP address, so anyone spying on the torrent (i.e. actively connected to the tracker) will still know you are downloading it, but anyone trying to spy on your Internet traffic in general will not be able to see what you are doing.

4. Filter Lists

There are plenty of organizations that are known for their snooping or malicious intent. With an IP filter list, you can completely block them from connecting to you as peers, thereby eliminating any chance of them monitoring you and catching you in the act of downloading something. This may also help reduce the chance that you will connect to a peer that sends out harmful data or malware.

5. Proxy or VPN

Of all of the security measures on the list, this is by far the most effective. By routing your torrent traffic through a proxy or VPN, you can completely hide yourself from the outside world. Used in combination with the other tools on this list, your torrent downloading will be virtually covert. Proxy providers usually charge a subscription fee, and they will require you to either download a specially configured bittorrent client or reconfigure yours to use their proxy (often utilizing a SOCKS5 protocol).

Your privacy, however, is only as secure as the company offering the service. If they are under investigation or are willing to sell your information, using their services may not help you at all. Therefore, it is a good idea to ask around and do your research before using a proxy or VPN service.

Privacy and Security

The media often associates BitTorrent with illegal file sharing, but there are numerous legitimate organizations, from Linux distribution developers to content delivery networks (CDN), that make use of bittorrent technology. Furthermore, many free media distributors who use open licenses, such as Creative Commons, use bittorrent to help reduce their bandwidth costs.

With a little effort, you can use the above-mentioned tools to help you take back your right to download and share legitimate content and software, while also maintaining your privacy and security.

via maketecheasier.com

Posted via email from ://allthings-bare

Beginner: How to Use LogMeIn Hamachi to Access Your Files Anywhere - How-To Geek

Whether you’re at work and forgot some file on your home computer, want to play some music on a train, or just want to move some files between your computers, accessing your files from anywhere is a life saver.

What we are going to do is download and install Hamachi, setup a network name and password and then join the network from another computer. Still think it’s hard? Here’s a detailed how-to, but first let’s get to know Hamachi.

Hamachi is a VPN client. It creates a Virtual Private Network over a public network like the Internet. When this client runs, it implements a virtual network adapter, and you’re given an additional IP address that identifies you on any virtual network you join. You then create a virtual network by name, assigning it a password. Now anyone running the Hamachi client can join your network by connecting to it by name, and supplying the password.

Note: LogMeIn Hamachi is not a remote control application so you don’t get control of the computers, you just access the network shares files.

We’ll start by downloading LogMeIn Hamachi from the link at the end of the article. Get it installed then fire it up. Once you start it, it will tell you to click the Power On button so press it.

When the dialog pops-up enter a name for this computer then click create.

Now Hamachi is up and running but we need a network to connect all the computers. Click on Create a new network to create one.

When this window pops-up enter the Network ID and a password

After entering the Network ID (name) and the password click create and the network will be created immediately. The network is created but there is only one computer in the network. To get other computers in the same network you’ll have to install Hamachi on them and set it up just like you did on the first computer but instead of creating a new network, click join an existing network and enter the network ID and the password.

Congratulations! You have got your own network and can access all the computers that are connected to it. Just right-click the computer that you want to access and select Browse. You will see the shared files just like you do with computers on you LAN network.Let’s try it, right-click and select Browse

These are the files, folders and printers that are shared on the target computer.

LogMeIn Hamachi has two great features. First, all connection are encrypted so you are safe. Second, it is transparent, meaning all technical stuff are done behind the scenes so no IP address, Gateway Address or DNS is required to be set. Awesome!

________________________________________________________________________

Download LogMeIn Hamachi

via howtogeek.com

Posted via email from ://allthings-bare

How to Sync Your Media Across Your Entire House with XBMC - How-To Geek

XBMC is an awesome media center solution but when you’re using it all over your house your library updates and watched-media lists get out of sync. Read on as we show how to keep all your media centers on the same page.

Why Should I Care and Who Is This Guide For?

XBMC has a built-in library system and it keeps track of media you’ve already watched. Unfortunately these things happen, in the default configuration, at the local level. If you have an XBMC unit in your living room and in your bedroom those two installations of XBMC don’t talk to each other. As a result if you watch some of your TV shows in the living room and some in the bedroom then the marked-as-watched function in XBMC will only show you what you watched on that specific television set. The pause/resume and bookmark functions are also local. If you pause a movie or set a bookmark to hold your place there is no way to access those things unless you’re sitting at the same media center you created them with.

Wouldn’t it be nice if you could stop watching a movie in the living room and resume watching it in the proper location somewhere else in the house? Wouldn’t it be awesome to not have to sit there and wait for each library to update but instead to have it load the library from a central location ensuring all your media is up to date and in sync? It sure would be pretty awesome and we’re going to show you how to do it with free tools.

Before we get to that, however, let’s clear up who will benefit from this the most and who can skip over it.

You should skip this project if…

• You only have one installation of XBMC in your house.
• You store your media on a local HDD attached to your XBMC installations and do not share that media across the network.
• You do not have an always-on (or nearly always on) desktop, HTPC, or server.
• You are running XBMC on the original Xbox hardware—only modern HTPC-based versions of XBMC are compatible with this technique.

You should take advantage of this project if…

• You have multiple installations of XBMC in your house.
• You store your media in a central location like a file server, always-on desktop, or a primary media center.
• You have a computer, such as the aforementioned media server, that is on whenever you’re watching media.

How Does It Work and What Do I Need?

The core of the synchronization magic we’re about to undertake is a MySQL database. Don’t panic if you’ve never used one before! While some of the HTG staff are old database pros I will confess to using MySQL for one thing and one thing alone—managing my media collection.

Follow along closely and you should have no problems. What we’re going to do is install a free version of MySQL database, create a database just for XBMC, and then instruct XBMC to start writing and reading all its library entries to the database. From that point forward when XBMC checks to see if you’ve seen a specific TV show episode or movie, paused media, or set a bookmark, it won’t just be answering for the specific media center you’re standing in front of but whether you’ve done those things anywhere in the house.

So what do you need for this project? You’ll need the following:

• More than one media center with XBMC installed (version 10.0 or above)
• A free copy of MySQL Community Server (version 5.5 as of this tutorial)
• An always on or nearly always on machine to run the MySQL server on.

You can install the MySQL server on any computer that will be consistently on while you’re using the media centers. In our case we’re going to install it directly to the media server itself as this means that anytime the media is available to our XBMC clients the database is too.

Installing and Configuring MySQL for XBMC

For this tutorial we will be installing MySQL on a media server running Windows Home Server. Our installation instructions should match for any version of Windows. For other operating systems please consult the MySQL 5.5 Manual.

The installation of MySQL is straight forward. Simply download the server installation app and run it. Accept the license agreement and, once it finishes installing, make sure “Launch the MySQL Instance Configuration Wizard” is checked before clicking Finish.

The MySQL configuration wizard will launch and present you with the option to select between Detailed and Standard Configuration. Select Standard Configuration and click Next.

On the next screen check Install As Windows Service, name it MySQL—or, if you’re running multiple MySQL servers for some purpose, give it a unique name—and check Launch the MySQL Server Automatically to ensure the MySQL server is always on when you need it.

On the next screen check Modify Security Settings, plug in a new root password, and check Enable root access from remote machines. Click through to the final screen and then click Execute to modify the database. Click finish to close the configuration wizard.

Now it’s time to create databases on the MySQL server for your media center. There’s one important note before we continue; XBMC does not store profile data in the library database and each profile has its own library. What this means in terms of this tutorial is that you need to create a MySQL database set for each specific profile you use. For example:

• If you use a single profile on each XBMC and/or are only concerned with syncing one library: Create one database set and use it for the single profile on every instance of XBMC. If every machine in your house automatically logs in or you enter the password for a single account, this is for you.
• If you use multiple profiles (one for you and one of your kids, for example): Create a database set for each profile you wish to sync across the network. If you

That said let’s get started creating the first profile (which will be your only if you’re a single profile user). Run the MySQL console; you should have an entry for it in your Start Menu if not look in the fire up the command prompt and paste in:

C:\Program Files\MySQL\MySQL Server 5.5\bin\mysql.exe” “–defaults-file=C:\Program Files\MySQL\MySQL Server 5.5\my.ini” “-uroot” “-p”

When the console opens enter the password you created in the previous step. You’ll then find yourself at the MySQL server prompt. Here’s where we roll up our sleeves and get busy creating users on the database servers and the actual databases. We’re going to create a pair of databases for each profile you want to synchronize—one for the video library and one for the music library. We’re going to start by creating a primary user and database set (which is as far as you’ll need to go if you’re a single profile user).

At the prompt type the following to create a user on the database server:

CREATE USER ‘xbmc’ IDENTIFIED BY ‘xbmc’;

The first quoted portion is the username and the second quoted portion is the password. While identical login/passwords are generally a huge security no-no in this case we’re comfortable using a matching pair for the sake of simplicity. A MySQL database, on a private server, that tracks which episodes of Dexter you’ve watched is hardly a high risk installation.

CREATE database xbmc_video CHARACTER SET latin1 COLLATE latin1_general_ci;
CREATE database xbmc_music CHARACTER SET latin1 COLLATE latin1_general_ci;

The above command set creates two new databases: one for the video library and one for the music library. We also indicated what character set we want the databases to use—latin1 is necessary for XBMC to properly write to the databases. If you make a mistake and need to remove a database simply use the command “DROP DATABASE databasename;”—sans the quotation marks.

GRANT ALL ON xbmc_video.* TO ‘xbmc’;
GRANT ALL ON xbmc_music.* TO ‘xbmc’;

In this step we’re granting the user ‘xbmc’ full access to both databases.

If you rely on XBMC for playback of your music collection there are a few additional tweaks you’ll want to make to the music database to improve performance.

ALTER TABLE xbmc_music.song ADD INDEX idx_idArtist(idArtist);
ALTER TABLE xbmc_music.song ADD INDEX idx_idGenre(idGenre);
ALTER TABLE xbmc_music.song ADD INDEX idx_idAlbum(idAlbum);

The above edits are only necessary if you want to speed up access for certain functions while using XBMC as a music player.

If you’re a single-profile household then you’re all done. If you need an additional profile for your roommate, kid, or other individual, simply repeat the above steps substituting all instances of xbmc with an appropriate alternative like roommate or kids to create databases for each entity.

Before we leave this step, let’s double check that the users and databases we created are in fact within the MySQL server. Type the following commands:

SELECT host,user from mysql.user;

SHOW DATABASES;

You should see something like the screenshot above, adjusted for the number of users and new databases you created. Single-profile users should see the user ‘xbmc’ and the matching music and video databases. If everything looks good, we have one final step before going to configure XBMC: Make sure that Port 3306 (the MySQL server port) is open on the firewall of the machine you’ve installed MySQL onto. By default the Windows installer should open the port automatically but you’re going to save yourself a headache later on by double checking that now.

Configuring XBMC to Communicate with the MySQL Database

By default XBMC uses an internal SQLite database. In order for XBMC to communicate effectively across your home network we need to instruct it to use an external MySQL database. Before we get to that step, however, you’ll need to make an executive decision regarding whether or not you’re going to scrap your library and start fresh or backup and restore it.

If this is a brand new installation of XBMC and you’re configuring everything fresh you can simply skip to the next step. If you wish to save your existing library data you will need to export your library. From within your XBMC installation You’ll need to go to System –> Settings –> Video and System –> Settings –> Video and, at the bottom of the menu, select Export to export your library file. You should only export the library files from one machine on your network. Pick the machine with the most up to date libraries. When you are done configuring XBMC to accept the MySQL databases you will then repeat the above steps and choose to Import the libraries. Everyone else will just run a new scan on their media directories to repopulate the library.

Once you’ve backed up the library (or opted to not worry about it and start from scratch) you’re ready to start configuring. The specific file we’re interested in the the advancedsettings.xml. By default this file does not exist (although it is possible that, during the installation process, XBMC created one for you to deal with specific configuration issues). If the advancedsettings.xml file exists it will be in the following location, based on your OS:

Windows XP – C:\Documents and Settings\[username]\Application Data\XBMC\
Windows 7/Vista – C:\Users\[username]\AppData\Roaming\XBMC\
Linux/XBMC Live – $HOME/.xbmc/userdata
Mac OS X – /Users/[username]/Library/Application Support/XBMC/userdata

Check in that folder. Is there an advancedsettings.xml file there? Yes? Open it up. No? You’ll need to open a text editor and create one. Regardless of whether you’re editing the existing one or create a new one, cut and paste the following text into the file (note: if there is already some entries in your advancedsettings.xml file, leave those in place!):

<advancedsettings>
<videodatabase>
<type>mysql</type>
<host>192.168.1.120</host>
<port>3306</port>
<user>xbmc</user>
<pass>xbmc</pass>
<name>xbmc_video</name>
</videodatabase>

<musicdatabase>
<type>mysql</type>
<host>192.168.1.120</host>
<port>3306</port>
<user>xbmc</user>
<pass>xbmc</pass>
<name>xbmc_music</name>
</musicdatabase>
</advancedsettings>

Edit the above text to reflect the IP address of your server on your LAN and the username/password of your MySQL database.

If you are using multiple profiles you need to create a unique advancedsettings.xml file for each profile. Edit advancedsettings.xml file separately and then place it in the /profiles/[profile name]/ folder—a subdirectory of the folder noted for your OS in the step above. The master profile’s advancedsettings.xml file goes in the root folder, the other profiles all go in /profiles/[profile name]/. Again, you must have a unique file for each profile.

Once you have created the file and placed it in the proper directory, it’s time to reboot your XBMC for the new file to load. Once you reboot, you’ll need to either import your library or rescan your sources to begin populating the MySQL database. Do that now.

When your libraries are imported and/or done scanning, you can do a simple check to see if XBMC is properly communicating with the database. Return to the MySQL command prompt and, to check on whether or not your movies and television shows are in the database, type the following commands:

SELECT COUNT(*) from xbmc_video.movie;

SELECT COUNT(*) from xbmc_video.tvshow;

Each query will return the total number of movies and television shows, respectively, contained in your library (according to the the MySQL database). See the screenshot above for an example of a query into the TV show count. If the number of entries is zero there is a problem somewhere along the line. Here’s is a quick trouble shooting checklist of common mistakes:

• Did you double check that a unique user and database pair were created for each profile?
• Did you use the GRANT ALL command to apply the proper permissions for each user and their database?
• Did you set the CHARACTER/COLLATION settings to Latin1 for all the databases?
• Are all your shares defined as Samba shares (//somehost/sharefolder) and not local shares (c:\media files\)? MySQL doesn’t play nice with the \ symbol found in local share names.
• Did you open port 3306 on the MySQL host machine?
• If you’re having problem with a sub-profile’s database, did you place the advancedsettings.xml file in /profiles/[profile name] ?
• Are your sources valid and scannable when you remove the advancedsettings.xml file and revert to the local database? If not, you’ll need to troubleshoot your sources independently of your MySQL problems.

If everything looks good and your SELECT COUNT query pans out, that means you’re ready to start taking advantage of the cross-media-center syncing. Let’s take a peek at what that looks like.

XBMC Syncing Across Multiple Machines

One of the first changes you’ll want to make, if you haven’t already toggled this setting to begin with, is to alter what XBMC does in response to you pressing play on a file. By default XBMC simply plays the file from the beginning. Since we now have an XBMC system that remembers our place across multiple machines, we want XBMC to prompt us.

Navigate to Settings –> Video –> File Lists and set the Default select action to Choose. We want XBMC to ask us what to do when we’re opening a file instead of automatically playing it from the start.

Now that we’ve flipped that toggle it’s time to play around with XBMC and see how we can resume play and check our watched files across the network at multiple XBMC consoles.

We’re going to navigate to our directory of HDTV demo reels and mark one as watched, set a bookmark in another, and watch and pause the third reel. Then we’re going to leave the office and go into the living room and check the three files to ensure XBMC has properly flagged the first, bookmarked the second, and can resume the third. Here are snapshots of each action:

Now, when we travel to another XBMC console, we can take a peek at what each one of these things looks like. Let’s check to see that our first file has been marked as watched:

Excellent, there it is with a check mark beside it. The remote XBMC console is aware the file has been watched.

What about bookmarks? Did the bookmarks carry across via the database too? Let’s check and see if the action our action packed scene with the fire breather and rugby player is still bookmarked:

Looking good so far. Finally let’s check to make sure that the video we paused in our office will resume in the correct location (1:13) when we select it in the living room:

Success! Simply pausing/stopping the movie file in the office was enough to mark it in the database and prompt us to resume from that location when we returned to the file at the remote location.

From this point forward you’ll be able to check what movie and TV shows you’ve watched, where you left off, and what bookmarks you set, from anywhere within your house. Your media and associated libraries will be up to date regardless of where you are—no more fussing with manually syncing your library contents again!

via howtogeek.com

Posted via email from ://allthings-bare

How To Access Your Machines Using DNS Names with DD-WRT - How-To Geek

We’ve shown you how to statically set the IPs on your network, now lets flip that DNS switch for added elegance and ease of use. Today’s guide will show you how to access your machines using DNS names on your DD-WRT enabled router.

Image by Henk L

Preface

On our How To Set Up Static DHCP on Your DD-WRT Router guide, we’ve talked about making sure that your clients will always get the same IP address from the router. So now if you want to access one of the machines on your network, as you know it’s IP, you can use that… but using IPs just doesn’t have the same elegance as using names. Also, with the usefulness of “static IP”s dwindling due to the rise of UPnP, and the inconvenience of setting up “static reservations“ (having to find the MACs and alike)… What if you don’t want to remember IPs at all?
That is where DNS comes in.

The Problem

Your trying to reach from one machine/device on your network to the other using its IP address (using ping for example) and it works. However, when trying to do the same using it’s hostname like “mydesktop” or “mylaptop”? it is a hit and miss… sometimes it works…. usually it doesn’t… :\

What is going on?

Your devices don’t know who and how they should ask for the “name” to “IP” translation, because they are missing a key configuration, the “DNS suffix”.

When a computer needs to translate a name to an IP address (called “resolve”) it has a couple of ways to do it, one of the ways is to ask a Domain Naming System (DNS) server. However, to be able to do so, the client must ask the question in the form of a “Fully Qualified Domain Name” (FQDN).

An FQDN consists of the hostname like “mydesktop” and the DNS zone it belongs to like “geek.lan”. So in our example, the FQDNs for the hosts would be “mydesktop.geek.lan” and ”mylaptop.geek.lan” respectively. When a client doesn’t have the “DNS zone” at hand, it is unable to ask the DNS about a  “flat” name (a name that doesn’t specify the “DNS zone”). That is, to actually reach your host by name, you would need to ping “mydesktop.geek.lan”.
However, if the DNS suffix was defined in some way (either manually or automatically), the client will automatically try to append it to the requested hostname and ask a DNS server if it can help with the resolve.
With that said, if the DNS suffix is not defined, the client does try to find out the name on its own, using a “DNS broadcast”. The problem with that is that not all clients are configured to answer, or are actually configured to deliberately not answer such a request. In contrast, it would simply be annoying to specify the FQDN every single time.

The solution

In order to have the full infrastructure that will fix this problem, one only needs to set the “DNS suffix” on the “DHCP scope” of the *router. Doing so will both make it so the router will now have a “dynamic DNS” server service that clients can register themselves to, make it so the DHCP service it self will do the same for none-self-registering hosts and deliver the “DNS suffix” as part of the “DHCP lease” given to the clients. Therefore making the entire solution a self sustaining, default behaving solution that solves all the problems in one fail swoop…. neat, A?

*When using DD-WRT… with other routers, your mileage may vary.

To do this, go into your router’s Administration page:

1. Go into –>  Services
2. Change, “Used Domain” to be “LAN & WLAN”
3. Choose a Domain name, we’ve used “geek.lan” for this example, but you can use *whatever you want.
4. While using Static DHCP reservations is optional for this procedure, if you chose to implement it, it is recommended that you set the hostname, to match the one that is set on the machine/device’s OS. Now if it just so happens that the devices OS, doesn’t register a name in DNS (like phones) this is a good way to force one on it.
5. Click “Save” –> “Apply Settings”.

*The one exception to that rule, is that if you use “.local”, while your windows machines will probably do just fine, your Linux machines will adhere to the mDNS (Multicast DNS) standard and will again ignore the DNS server. There is a workaround, but it’s beyond the scope of this guide.

Now to check that the settings have taken affect, go to the command line and issue an “ipconfig”.

You should see that your DNS suffix is currently none-existing as below:

Issue an “ipconfig /release” followed by an “ipconfig /renew”, and you should see something like:

Repeat the procedure on at least one more machine and try pinging, using only the hostname name.

You should see that the client has “auto-magically” understood that the full name of the device you’re pinging is “hostname.dns.zone”, and was able to translate (resolve) the FQDN to a ping-able IP:

Troubleshooting

As this guide is about using DNS like the How to Remove Advertisements with Pixelserv on DD-WRT guide was, If you run into problems there are a couple of things to do:

• Clear your personal machines DNS cache.
  This is because of a DNS cache, that may fool your computer into thinking it already knows the hostname, without consulting the DNS for it. On windows this would be “ipconfig /flushdns”.
• Make sure your client is using the router as the DNS and that it resolves the FQDN.
  Especially when using a VPN or a network that is more complex then the normal router to computer setup, it is possible that your client computer is simply not using the router as its DNS. It is very easy to see using the command “nslookup” below what is the DNS server the client is using. If the IP is not the same as the router, you have found the problem.
  

That’s it… you should be all set

Hurry, all I see is darkness.

via howtogeek.com

Posted via email from ://allthings-bare