Perimeterless Network

home | rss feed

Microsoft AD RMS goes mobile

To spread the rumor, there is a new solution for mobile devices on the horizon supporting Rights Management Services (RMS) from Microsoft:

http://www.rmsviewer.com/

It is said to support iPhone, iPad and RIM Blackberry devices. Looking forward to see it on the App store

Times Change

The iPhone Killer Pt.1

A couple of years ago the smartphone decission to take was: "Will I go with the iPhone 3G or do I choose a Windows Mobile 6 phone?". I remember well sitting next to my boss at our christmas party. When he heard about my thoughts he just slipped over the brand new Apple device and said: "If you have questions the answer is 'Only one button.'". I was so pissed at the time about the laggy Windows Mobile phones that I got convinced right away although I knew I would hate Apple for their "Do what we tell you to do" politics.

After two years most of my colleagues upgraded to the new iPhone 4, some switched to a Windows Phone 7 device, and others went the Android way. Mainly because I saw the need for improvements on the hardware side I felt the time is not ready for a change but I also felt it would be before another two years pass. I decided to stick with my iPhone 3G and luckily I got hold of an unused 3GS otherwise I might not have been able to wait that long. At that point I thought my next device would be Android driven.

Since then I tested every beta of iOS 5. Apple did some very necessary improvements (mainly OTA, WLAN Sync, and most of all Notifications) but it's iOS after all. It's just not sexy anoymore. I got so bored I went to a mobile store and played around with Windows Phone. If I wouldn't have found the device I am using now my next phone would have been from Redmond, that is for sure.

But what about the Android thing? Well, I had the chance to test the Samsung Galaxy S II aka i9100 for a couple of month. In terms of features it is even, sometimes better, sometimes worse than the iPhone. Otherwise, it is just ugly shit. Cheap and shitty hardware (they should also have used gorilla body and not only gorilla glass for the display), shitty UI and physical design, absolute shitty usability. While I can give the iPhone to my dad or my three year old son and be sure they get along I could never do this with an Android device. It is just crab. After four month of intensive day2day usage I am further away from Android as I ever was before. I am so glad I didn't have to buy this device.

So about a week ago I finally got my device of choice and since then I am always running around with a little smile in my face and a tickling at the ends of my underjaw. Ladies and gentlemen, let me present to you...

... more after the break ...

What Internet Explorer is still missing cntnd.

Remember my "What Internet Explorer is still missing" series? I think we're pretty far with IE9, right? Youtube w/o flash, isn't it something. Another feature users of other browsers are compassionately laughing about for years is integrated spell checking (yeah, I know I need it). Here we go...

http://www.zdnet.com/blog/microsoft/microsoft-internet-explorer-10-to-add-spell-checking-auto-correct/11186

Traverse Security Boundaries using Base64 Encoding

I often have the issue that I want to send binary code to a friend sitting behind filtering mechanisms that block a lot of content. In most cases I found a workaround base64 encoding the content and sending it either directly in the body of the mail or as simple text attachment. I even managed to get code onto a system that allowed read access to an USB stick but would not allow to copy to or from the stick. I just did cut'n'paste of the base64 content, decoded it and off it went.

Luckily, certutil.exe is part of Windows 7 and there is no need for more. I create a dead simple batch and put it on my desktop. I then simply drag'n'drop the file to be encoded onto the icon and have it saved right beside it. For convenience I also open it inside Notepad.

@ECHO OFF
certutil -f -encode "%1" "%~f1.enc"
notepad "%~f1.enc"

Stay tuned for the decodeing part...

...and here we go:

@ECHO OFF
certutil -f -decode "%1" "%~dpn1"

Map Sharepoint Permissions to RMS/IRM Rights

This link explains how Sharepoint permissions are mapped to Office IRM rights:

http://technet.microsoft.com/en-us/library/cc261728(office.12).aspx

Disable RMS/IRM in Outlook only

Microsoft Active Directory Rights Management Services (AD RMS) are supported by Microsoft Office since version 2003 out of the box. A whole bunch of Registry Keys allow you to configure the behaviour of the client application. If you do not want RMS to be used you can completely disable RMS inside MS Office. But what about only disabling it in Word and not in Excel?

Well, this is not possible out of the box but as a workaround you can disable GUI elements. This is done with IDs and since a new ID was added with Office 2010 here is what you need to set for Outlook 2010 (works for 2007, too - haven't checked 2003)

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Outlook\DisabledCmdBarItemsList]
"TCID1"="9925"
"TCID2"="14954"
"TCID3"="14955"
"TCID4"="15831"

[HKEY_CURRENT_USER\Software\Wow6432Node\Policies\Microsoft\Office\12.0\Outlook\DisabledCmdBarItemsList]
"TCID1"="9925"
"TCID2"="14954"
"TCID3"="14955"
"TCID4"="15831"

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\14.0\Outlook\DisabledCmdBarItemsList]
"TCID1"="9925"
"TCID2"="14954"
"TCID3"="14955"
"TCID4"="15831"
"TCID5"="20441"

[HKEY_CURRENT_USER\Software\Wow6432Node\Policies\Microsoft\Office\14.0\Outlook\DisabledCmdBarItemsList]
"TCID1"="9925"
"TCID2"="14954"
"TCID3"="14955"
"TCID4"="15831"
"TCID5"="20441"

12.0 is Office 2007
14.0 is Office 2010

TCID1-4 are Office 2007 and 2010,
TCID5 is Office 2010 only and the
Wow6432Node is for 32-bit applications (e.g. Office) running on a 64-bit OS

Hope this helps.

How to improve your quality of living in 15 minutes.

I heard about Club-Mate before but it was not until recently I had the chance to actually taste this wonderful beverage. A colleague from Berlin had a couple of crates stored in his office and so I grabed a bottle.

Within one second my quality of living rose many times over and since then I haven't been drinking anything else. Only drawback is that it isn′t really easy to get. You might have to check forum posts to find a local dealer.

Anway, the German CCC podcast Hackerbrause is a nice listening about hacker soft drinks in general and Club-Mate specifically.

Cross-Platform Open-Source Video Calls and Remote Support = Jitsi

I have been looking around for quite some time now to find a decent solution for cross-platform video calls. Main focus is Windows and Linux (Debian/Ubuntu flavor). I cannot really remember what the problems were in detail but something always sucked. Either video did not work at all or the client did support video on Windows but did not on Linux and so on.

I finally gave up my requirment for the solution to be open-source and decided to give evil Skype a chance. At least they got bought by Microsoft so running Skype on a M$ OS would not get any worse. But then the Skype Beta didn't really work as expected either. A workaround is required for it to detect the webcam on Linux. But once you have that configured streaming to Linux is really nice but the stream from Linux to Windows is somewhat shitty.

While researching some more on the web I stumbled upon Jitsi (formerly SIP-Communicator) again. It is a Java program that I checked out before but as described above did not really get it to work. Something abouth the ICE connection not working properly. In fact the project has its own implementation called ICE4J. One funny thing is that it seems to work much better when used with a SIP (I use iptel.org) than with a Jabber account (XMPP and Jingle). In fact, I had to disable ICE and UPnP on the Jabber account to get it working and writing these lines I just dicovered that SIP accounts do not have these settings.

Anway, this time I was surprised to have it detect my webcam right away no workaround required. I quickly set it up on Windows and wow... cross-platform video calling with acceptable quality. Tested it through double NAT, UMTS connection and it always worked.

I can now call back home when on the road (Windows OS) and have cool video sessions with my family (running Xubuntu). Again, things get better and better and better...

Wait a minute, did I mention that Jitsi also supports screen sharing? Well, If you read my last post you probably recognized that I am trying to support my dad remotely. When I did this UVNC setup I did not really think about sitting at home in front of a Linux machine. Now guess what? Right, UVNC is Windows only. Although you might be able to use another VNC viewer on the Linux box you will have a hard time to get the crypto plug-in to work.

I will now test if Jitsi is capabale to replace the UVNC approach and will report back at this very location...

Further reading: ZRTP (RTP encryption)

Update: Right after writing this post I got myself a UVC compliant webcam because I was wondering why the stream was very good in the direction to Linux but the stream to Windows was not. What can I say... this is definitely a recommendation. Even Skype now works without the workaround. Btw I got myself a Logitech Webcam C210 for around 18€

Remote Support with Ultra VNC

The TeamViewer thing is kinda supsicious so I looked for something else to support my dad remotely. I came across the UVNC approach before so I decided to give it y try.

One thing to keep in mind when you do this is that the documentation is not always very straight.

First of all, make sure if you're on 64-bit operating systems that you use the 32-bit UVNC binaries. Otherwise the crypto plugin will not work. Second, make sure you use the RC4 plugin and do not experiment with the new one that comes with the binaries. The MSRC4Plugin.dsm is a separate download. Last but not least, I think (not verified) that you have to name the plugin with the _NoReg postfix and not as said in the docs without it.i

So once you got it all set up my personal VNCViewer invoke string looks like this: vncviewer.exe -dsmplugin MSRC4Plugin_NoReg.dsm -listen 5500 -nocursorshape

Btw they currently have a beta website reachable on port 8080 which sometimes has addtional infos. But I'd go here first: UVNC Single Click

About

Originally this site was intended as a project site. The goal was to define standards for the perimeterless network using open-source software. To be honest I simply do not have the time for such a thing. So what is left is a blog with sporadic posts that are either helpful for myself or I think are helpful for others, too since I had a hard time finding information on the Internet. Think of it as a knowledge base.
Ehm yes, somtimes I write down my two cents on any topic that may go through my mind at that point in time ;-)

Categories

• creative commons (1)
• data privacy (2)
• erm (3)
• food (1)
• fun (3)
• hardware (5)
• irm (3)
• linux (7)
• mailing (1)
• microsoft (23)
• music (3)
• network (1)
• office (2)
• podcasts (1)
• programming (6)
• rms (3)
• security (4)
• smartphone (1)
• software (29)
• virtualization (1)

Archive

• January 2012 (2)
• November 2011 (2)
• August 2011 (1)
• July 2011 (1)
• June 2011 (2)
• May 2011 (1)
• March 2011 (1)
• January 2011 (1)
• October 2010 (1)
• September 2010 (1)
• August 2010 (1)
• May 2010 (1)
• April 2010 (2)
• December 2009 (1)
• October 2009 (2)
• July 2009 (4)
• February 2009 (3)
• January 2009 (2)
• December 2008 (2)
• September 2008 (1)
• August 2008 (2)
• May 2008 (3)
• March 2008 (2)
• October 2007 (1)
• September 2007 (3)
• July 2007 (2)
• March 2007 (1)
• February 2007 (3)

Links

• BlazeBlogger
• Styleshout

Recommended

• Anywhere Access
  Microsofts vision of the perimterless network
• De-Perimeterisation
  Explenation of the term de-perimterisation or anywhere-access
• Jericho Forum
  Open Group's point of view