Background Information
The Hero is the first smart phone I’ve ever owned. I was formally with Verizon Wireless and used a “normal” mobile phone. I liked Verizon’s great network coverage. However, their customer service left a lot to be desired and their data phone plans were more expensive than what I wanted to pay.

The majority of my co-owners and some of my family have been avid smart phone users for some time so I tinkered with a variety of devices ranging such as full keypad BlackBerries, the BlackBerry Storm, and iPhones. Based on using other people’s phones, I knew I wanted either the Hero or an iPhone. I’m not saying the BlackBerry isn’t a good device, it is just more business focused than I desired and has an unattractive yet mostly functional user interface (UI). I say this so you know that I at least have some prior exposure to smart phones to help me in my assessment of the Hero.

Why not iPhone?
Major Deciding Factors
So why did I decide to go with the Hero rather than the iPhone? Ultimately, it came down to two deciding factors.

• The quality of the Sprint network exceeded that of AT&T’s.
  • Faster 3G network with 4G network already being deployed; and
  • “Free” roaming to Verizon’s network when available*
• Sprint plans provided more features for less money
  • free text, picture, and video messages;
  • twice as many minutes;
  • free nights and weekends last longer; and
  • Any Mobile, Anytime

*Free roaming means you can use Verizon’s network without any fees from Sprint when you don’t have a Sprint signal. However, the usage time does use your minutes. The data speed is slower while roaming and there amount of bandwidth you can use while roaming is much lower than Sprint’s monthly bandwidth cap.

Other Factors
Openness
With the Android platform, I don’t have to worry if Apple/AT&T will approve an app I want or not. If I want a Google Voice application, I can go download it from the Android marketplace. I can also get apps from outside of the marketplace. Admittedly, the iPhone has more apps available.

Development
One of my personal goals is to become a better programmer. Android applications can be written in Java while iPhone applications must be written in Objective C. Java is more appealing for me to learn than Objective C is because Java is more widely deployed and isn’t Apple centric. One potential downside to the Android’s openness when it comes to development is the lack of standardization. With the iPhone Apple controls the OS and Hardware so developers know everything about the device.

Review Time
By now you’re probably saying enough already, get on with the review! In short, I like the Hero but recognize it has short-comings. So what I plan on doing is breaking this review down into different sections. Knowing most people like to hit the highlights, I will provide pros/cons for each section. Following the pros/cons, I will provide additional details for anyone who is interested.

Application Choices
Pros

• Great Google integration
• Ever increasing application selection

Cons

• Less Apps
• Lack of game selection

As we all know, Google makes some great applications. As the Android Operation System (OS) is backed by Google, Google naturally provides some very nice applications. The Gmail application works beautifully and has native push notification. Other great Google Apps include Google Maps and Google Sky Map. Outside of Google, there are other nice apps such as MyTracks, Astrid, AK Notepad, etc. Amazon even has an app that lets you scan a barcode at a bricks-and-mortar store and see if Amazon offers a better price. Because the marketplace is open and because more and more wireless providers are offering Android based phones, the application selection will continue to grow which helps mitigate the con of having fewer applications to choose from than the iPhone does. Another thing I’ve noticed is there is not a huge selection of high quality games, especially of the 3D nature.

The Android Market is not easy to browse online and doesn’t show the full list of available apps. You have to go to third party sites to find and search for applications. However, the Market place browser on the phone works great.

Hardware
Pros

• Solid build-construction
• Easy to hold
• Attractive design
• Removal storage
• User replaceable battery

Cons

• Underpowered processor
• Less memory (RAM) than desired
• Fewer screen colors than comparable devices
• Camera quality
• Online Market place

The Hero feels and looks to be a well built phone. The materials feel solid and the seams and gaps fit precisely together. The size of the phone comfortably fits in my hand and the buttons are easy to reach though sometimes it’s easy accidentally hit volume button while holding the phone in landscape mode. Moreover, I like the unobtrusive, simple design of the Hero. I also like the ability to easily replace the battery if need be or to simply a spare battery. Lastly, having removal storage allows me to expand storage on an as need basis.

Unfortunately, not everything on the hardware side is positive. Because Android allows multiple applications to run at once, having a state of the art mobile processor would be great to have but the Hero has a last generation processor rather than a Snapdragon processor. As with all electronics, more memory never hurts.

How bad is the slow processor? Not as bad as you would think but it is still noticeable. You can notice the slowness when booting the phone and performing processing intensive actions. Every now and then, the keyboard switch from portrait to landscape mode will hesitate.

I’ve heard the Hero has less screen colors than the iPhone but I couldn’t find the technical specs to back this up. Looking at the phone, this is something I would not have noticed if someone had not pointed it out to me. The only time I’ve really seen a difference is when someone showed me a non-stock image which contained a gradient. Lines of color in the fade from black to dark gray were visible rather than being completely smooth color transition.

Although the camera is 5 mega-pixels, it does not have a flash (for what it’s worth, the iPhone doesn’t either) so it doesn’t perform great in low light. The time from pressing the snapshot button to the time the picture takes is much slower than what I like (I’m used to using a DSLR). The video quality is also not as good as the iPhone (based on videos I’ve watched on YouTube). On a positive note and as far as I can tell, the videos are recorded in the more friendly MPEG-4 format than Apple’s .mov format.

One of the biggest cons is the battery life. I can usually make it all day on one charge. I always leave Bluetooth off, I rarely turn Wi-Fi on, and rarely turn GPS on. As the device is new to me, I do take quite a few pictures, shoot some video, and check and send a number of emails. I’ve also browsing the marketplace quite a bit. Recently, HTC provided a firmware update to fix a few bugs and from what I can tell, it has improved battery life a little.

Concluding Remarks
I’ve attempted to provide an honest, through review. The Sprint network has been fine though the coverage is not as good as Verizon’s was. Nonetheless, the free roaming to Verizon’s networks is a huge plus. All in all, I really like the phone and don’t regret the purchase. Thankfully, HTC has announced they will upgrade the Hero to Android 2.0 so I won’t be left behind wanting a 2.0 phone. For those of in the market, it might be worth waiting a bit longer because I expect newer, better Android phones to become available. If you’re tired of waiting like I was, I recommend the Hero. It’s a fun device.

This tutorial explains how I successfully re-flashed my Linksys WRT54GL version 1.1 to use the Tomato 1.22 firmware rather than dd-wrt version 23 SP2 VPN firmware (generic) I have been using for the past couple of years. I decided to write this tutorial because lots of sites have instructions on flashing from the default Linksys firmware to Tomato but far fewer sites offer lots of detail on how to flash from other firmware such as dd-wrt.

I have provided directions with enough detail for the non-technical user to feel comfortable with the procedure. To make things faster for the technical users, I have highlighted the major steps. At the bottom of the post, I’ve included links to related articles I’ve published if you’d like to learn more.

As a bit of background information, I’m used a fully patched (as of November, 2008) Windows Vista Ultimate 64-bit with Service Pack 1 (SP1) Operating System and up-to-date Firefox 3 during the firmware upgrade process. The OS and web browser shouldn’t matter that much, but I thought I share in case you were worried about such things.

Before you begin, download the latest version of the Tomato firmware that is suited for most routers. This tutorial walks through flashing to version 1.22. The files are zipped in the great, but uncommon, 7zip format so you’ll need 7zip or another program that supports the 7zip format to unzip the files. The zip package contains several files, you will only need the “WRT54G_WRT54GL.bin” file but it is a good idea to checkout the “readme.”

I recommend verifying the MD5SUM hash of the “WRT54G_WRT54GL.bin” file to ensure the download wasn’t corrupt or hasn’t been comprised. If you don’t already have a tool to calculate MD5SUMs, I recommend using HashCalc although you must manually compare the sums with this tool unlike some other tools. Unfortunately, Polarcloud does not provide the MD5SUM of the download on their site but luckily for you, I calculated the hash of my download. The signature of the file should be 866251021d42608c69bff558115f95f8.

I recommend printing (or at least saving, not bookmarking, to your hard drive) the following web pages for reference since you will not have Internet access during this process:

• How to Change Your WRT54GL Firmware from DD-WRT to Tomato
• Tomato FAQ
• Tomato Firmware Wikibook
• Reset and Reboot
• Recover from a Bad Flash

It is best to turn off your firewall and anti-virus during this process to ensure that nothing interrupts the firmware flash. An interruption could cause the flash to fail and brick your router. If something does go wrong you may be able to recover from a bad flash.

You should ONLY perform the flash through an Ethernet cable using standard http (not https). Do not do this wirelessly (its best to temporarily disable the wireless adapter on your computer). If your super paranoid or live in an area with unreliable electricity, you should plug your router an PC into an uninterruptible power supply because a power failure during a firmware flash could brick your router. Plug the blue Ethernet (Cat5/RJ45) cable that came with your router into the Network Interface Card (NIC) on the back of your computer and into one of the ports labeled 1, 2, 3, or 4. The “Internet” port on your router should be connected to your broadband source (e.g., cable or DSL modem). Please ignore the extra cable in the picture. It is not needed for the flash to work.

I recommend reviewing all of your dd-wrt settings so you can quickly configure the Tomato firmware to offer similar functionality. I took screenshots of all of the pages where I had non-default settings. I also used the same security settings, including WPA2 password, after I loaded Tomato so that all of my wireless devices would not have to be updated. However, if you have poor wireless security, after flashing to Tomato is the perfect time to implement stronger security. You can reference my Securing Your Wireless Network article if you want to learn how to have a really secure wireless network.

In addition to the screenshots of your settings, it is also a good idea to perform a backup of your dd-wrt configuration. Please note you can only restore this backup on the same model router and firmware with which the backup was made. To perform a backup, go to the “Administration” tab and then the “Backup” sub-tab. Once there, just click the “Backup” button and save the file.

The last item that needs to be completed before uploading the new firmware is to reset your dd-wrt firmware to the default settings. A few ways to do this exist. I chose to use the standard web interface because it is easy and should always work. Nonetheless, pressing and holding the reset button on the back of your router for 30 seconds should also work (assuming you have not disabled that feature in your custom firmware).

To reset the router to firmware defaults, go to the internal IP address of your router (most likely 192.168.1.1) and login with the user name and password you setup when you first installed the router (if you have trouble with the login use the reset button method). Once logged in, go to “Administration” tab and the “Factory Defaults” sub-tab. I forgot to write down the exact buttons and also forgot to take a screenshot of this step but I think you just select the “Yes” radio button next to “Restore Factory Defaults” then select “Save Settings.” If that’s not it exactly, you shouldn’t have any trouble determining what to select. Be patient and don’t touch anything because the reset could take a couple of minutes.

The Tomato FAQ recommends that you Telnet into your router before performing the flash and type the “nvram get http_passwd” command to obtain the password that will be used by Tomato after the flash. You cannot just use the dd-wrt password because of a change in the way dd-wrt uses the standard http_passwd variable. I must admit that I did this step but the password I obtained during the Telnet session did not allow me to login. However, as I was writing this tutorial, it occurred to me that I may have obtained the password via Telnet before I reset dd-wrt to the default settings which may explain why the password I obtained did not work.

In order to Telnet into your dd-wrt router, open up the run box by hitting the “Window” key and “R”. Next type “cmd” and hit “Ok.” In the command window, type “telnet 192.168.1.1″ where 192.168.1.1 represents the IP address of your router. You will be prompted for a user name and password. The telnet user name is always root even if you login to the web interface with a different user name. The password should be the default dd-wrt password of “admin” since you just performed a reset. If not, try your old web login password.

Just so you know, Telnet is not enabled in Windows Vista by default but is in XP. To enable Telnet in Vista follow the instructions at Tech-Recipes site. Alternatively, you could use a tool like Putty.

The screenshot above shows the password command being typed into a Telnet session; it does not show the output of the command (i.e., my password).

Write down the password provided because you will need it later.

The next few steps is where the magic starts to happen. Go back to the dd-wrt web interface. You may have to renew the DHCP lease and login again. Since you have reset the firmware to default settings, the user name and password is now “root” and “admin”, respectively. Once logged in, navigate to the “Administration” tab and the “Firmware Upgrade” sub-tab.

Next, select the “Browse” button and select the “WRT54G_WRT54GL.bin” file you downloaded early. Once located, hit open (no brainer). Then hit the “Upgrade” button. Please wait patiently for the upload to complete. Whatever you do, don’t interrupt it. If you’re going to be tempted, walk away for a few minutes and come back.

After a couple of minutes, you should see a screen that says “Upgrade successful. Unit is rebooting now. Please wait a moment…”

Once the reboot completes, you will be prompted to login to the Tomato firmware. This is where you use the “root” user name and the password you obtained via Telnet. Don’t freak out if you can’t login…the same thing happened to me. The next paragraph has a solution for you.

Since the Tomato interface did not accept the password I obtained through the Telnet session before the flash, I had to perform a hard reset. To do this you need to hold the reset button on the back of the router while unplugging the router. Continue to hold the reset button as you re-plug in the router. Once the router is plugged in you should continue holding the reset button for 30 seconds to complete the hard reset.

After the hard reset is complete, go back to Firefox and navigate to http://192.168.1.1. At the prompt enter in “root” for the user name and “admin” as the password. The Tomato web interface should come up.

Once you’ve logged in, you should see the new Tomato firmware. Since you are upgrading from dd-wrt, the Tomato FAQ recommends performing a full reset by navigating to the “Administration” section and then the “Configuration” sub-section. From there, select “Erase all data in NVRAM memory (thorough)” from under the “Restore Default Configuration” menu and then hit “OK.” If you had to do a hard reset in order to get your login to work, you’re probably could skip this step but it won’t hurt to do an additional reset just to be safe.

After restoring the default configuration, you need to log back in using with the user name of “root” and password of “admin”. Once logged in, hit the “Renew” button that is on the “Overview” page.

After renewing you may need to reboot your computer to get Internet access. Alternatively, in Vista you may type “Network and Sharing Center” in the Start Search box. Within the Network and Sharing Center select the red “X” between the network on Internet on the map. The Windows Network Diagnostics menu should appear. On that menu select “Reset the network adapter…” option at the bottom. Windows will repair the network and you should see a message that says “the problem has been resolved.”

Now that everything is working, don’t forget to turn your anti-virus and firewall back on. Also, be sure to check out my Securing Your Wireless Network article if you want to learn how to have a really secure wireless network.

Congratulations, you’ve successfully flashed your router! Since you’ve successfully flashed your WRT54G, you should checkout the Linksys WRT54G Ultimate Hacking Guideto make the most out of your new found knowledge of router firmware.

Further Reading

• Tomato Firmware Option for WRT54GL
• Tomato Firmware Upgrade and Demo Video
• How to Flash the WRT54GL with DD-WRT Firmware
• Securing Your Wireless Network

If you liked this post, consider subscribing to my feed and/or sending me something from my wish list. Thanks in advance for your support of this guide & site!

One such challenge was getting my HD-TV to play sound while connected via a HDMI cable to my HIS HD 4850 IceQ4 Turbo. After a fair amount of searching and configuration changes, I got it to work.

Since the solution I found was spread across a couple of different forum posting that were not directly related to my problem, I thought I’d write a short tutorial for others who may run into the same situation as I did.

Install ATI HD 4850 Catalyst Drivers
Before I begin explaining the sound settings, I should also explain the process I used to install the ATI Catalyst drivers. I can’t remember all the pages I referenced to learn how to install the drivers, so I won’t be able to give credit to the websites that helped my like I’d like to.

To install the ATI HD 4850 Catalyst drivers, you need to go to System > Administration > Synaptic Package Monitor and install the envyng-core package. EnvyNG is an application written in Python which will download the latest ATI or NVIDIA driver or the Legacy driver (for older cards) (according to the model of your card) from ATI or Nvidia’s website and set it up for you handling dependencies (compilers, OpenGL, etc.) which are required in order to build and use the driver. If you don’t find the envyng-core package when you search, check to make sure that “Proprietary drivers for devices (restricted) is checked on the software sources menu.

Once this package is installed, you should restart you computer. Once you’ve restarted, the Hardware Drivers application located under System > Administration should find the ATI/AMD proprietary FGLRX graphics driver. This driver should be installed and activated. The driver is required to fully utilize the 3D potential of some ATI graphics cards, as well as provide 2D acceleration of newer cards. Once installed, it’s probably a good idea to restart you PC once more.

With the ATI Catalyst driver installed, you should be able to fully enjoy the Compiz-Fusion effects in Ubuntu 8.10. The driver version I’m using is 8.54.3 with Catalyst Control Center Version 2.1.

Update System Sound Settings
For your system to play sounds through your graphics card’s HDMI port, you need to tell Ubuntu to use the graphics card sound system VS your motherboard’s. This is the intuitive change. Go to System > Preferences > Sound. On the Devices tab, change all of the options excluding sound capture (e.g., Sound Events, Music and Movies, Audio Conferencing, and Default Mixer Tracks) to HDA ATI HDMI ATI HDMI (ALSA).

The next sound change is less intuitive; it requires you to double click on the speaker icon in your top panel to bring up the Volume Control menu. On this menu, change the Device drop down list option to “HDA ATI HDMI (Alsa mixer) and then select the Preferences button near the bottom right. On the preferences menu, check the IEC958 Switches track to be visible and then close the preferences screen. Back on the Volume Control screen, you should now have an IEC958 option on a Switches tab. Check this option and close the Volume Control menu.

The sound tests available on the System > Preferences > Sound should now play sounds. If it works, you’ll be hearing the tests sounds on your TV using only the HDMI out cable on the HD 4850.

I owe a big thank you to the MediaBox Blog posting titled “HOWTO: Audio over HDMI with the HD3200 \ RS780 in Ubuntu” for these sound setting tips.

VLC Sound Settings
I prefer the VLC media player over Ibex’s default Totem movie player. However, in this particular case, Totem played the sounds through my video card without requiring any additional changes while VLC did not.

Finding the appropriate audio settings in VLC proved a bit more challenging than I expected. To save you the time, I’ll outline exactly what you need to change. Open up VLC preferences by selection preferences from the tools menu. Near the bottom left of the preferences screen, be sure to select all as the show settings option.

Expand the Audio menu and then the Output modules option. On the Output Modules option, select ALSA audio output form the drop down menu.

Then go to the ALSA option under the expanded Output modules section. Here you need to refresh the ALSA Device Name list. Once the list has refreshed, select HDA ATI HDMI: ATI HDMI (hw:1,3) and save all your settings.

VLC should now also play sounds through an HDMI cable.

For this VLC tip, I owe a big thank you to tie_dyed_sox on the Ubuntu forums.

With Comcast’s new 250 GB bandwidth limit and Tomato’s impressive bandwidth monitor, I’m getting even closer to taking the time to make the switch from dd-wrt to Tomato. I believe the v24 of dd-wrt does support bandwidth monitoring but I like the looks and basic features of Tomato.

The Systm episode 71 by Revision3 recently covered the process to flash a Linksys WRT54G with Tomato firmware and also showed off some of the application’s coolest features. If you’re debating on upgrading your very basic Linksys router to something much better for free, I highly recommend you watch this video. It’ll make you want to do it right away.

Now, if I can just determine the best process to switch from dd-wrt to Tomato, I’d be good…

Also should also mention that if you’re interested in hacking your Linksys router, you should checkout the Linksys WRT54G Ultimate Hackingbook.

As far as I know, this vulnerability is unpatched by Linksys which means there is update to fix this problem if you want to keep running the standard Linksys firmware. However, you can fix this vulnerability and gain additional features by upgrading to an open source firmware such as DD-WRT or Tomato. I happen to own a Linksys WRT54GL version 1.1 and have flashed it with the DD-WRT firmware. Because flashing a router’s firmware is not for the faint of heart, I have composed very detailed how-to instructions for those who are interested.

Another mitigation method I almost forgot to mention is to actually quite simple. Do not visit other websites while logged in to administer the Linksys WRT54GL. [via Secunia]

I wish I had the time/patience to re-flash my Linksys WRT54GL with Tomato just to try it out. Its very unlikely that I will because I don’t want to risk bricking my perfectly functioning dd-wrt enabled router. I also really like dd-wrt. Too bad flashing a router is a lot more complex than just installing software.

Also, the Lifehacker article doesn’t mention OpenWRT (a couple of commenters do) but OpenWRT seems to be the hard-core geek’s choice. I’ve thought about making the switch to it but it is probably more complex than I want to deal with. I really considered OpenWRT over DD-WRT but DD-WRT’s site looked better maintained and easier to read. Plus, until recently all OpenWRT management seemed like it when through a Linux shell (i.e., command line). Now though x-wrt seems to address what some would call a short coming of OpenWRT.

If anyone wants to send me a Linksys WRT54GL so I can experiment with it and write more tutorials on firmware flashing, let me know and I can add it to my Amazon Wish List so you can send it to me easily. Also, don’t forget to check out my ever-popular “How to Flash the WRT54GL with DD-WRT Firmware” tutorial.

Like all things with computer security, OpenID is not without its fair share of problems. One of the biggest problems is a result of OpenID’s main benefit, single sign-on. Single sign-on is great as long as no one is able to compromise your user name and password. However, if someone manages to compromise your user name and password then they’ve compromised every site for which that single sign-on is used. Therefore, it is imperative that your OpenID account has a very strong (read long, random, mixed case, numbers, and special characters) password.

It is also important that you don’t fall victim to a phishing attack that tricks you into thinking your logging in to your OpenID account when you’re not. Otherwise, it doesn’t matter how strong your password is if you simply give it away to a fake site. In order to ensure the OpenID provider site you’re logging into is legitimate you should examine the SSL certificate to make sure it belongs to your OpenID provider and has been signed by a trustworthy certificate authority (e.g., Verisign, Thawte, etc.).

Another concern with OpenID that I won’t cover in this article because its out of scope is privacy. The jest of the issue is that your OpenID provider can basically track every site you use your OpenID account with. A few other concerns with OpenID exist. I recommend that you checkout Security Now episode 111 if your interested in learning more about OpenID concerns.

Wouldn’t it be great if there was a way to easily and effectively reduce some of the risk with OpenID? Two-factor authentication provides the solution. For those of you who are not familiar with what two-factor authentication is, I’ll give a brief explanation. Two-factor authentication is when you provide more than one form of evidence that you are who you say you are. Generally, people just provide a password which is something you know. However, two other common factors of authentication exist—something you are (biometrics) and something you have (security token/fob, smart card, etc.).

Two-factor authentication is a great solution because it ensures someone can’t easily steal your account by guessing, cracking, or stealing your OpenID password. The second factor means that would need to possess your security token as well. Security tokens work by providing a random string of typically six digits periodically (most tokens do so every thirty seconds). The current six digits being displayed by the token (which only you have) must be appended to the password (which hopefully only you know). Additionally, a two-factor authentication mitigates the risk of falling victim to a phishing site because the password the phisher stole is only good for thirty seconds.

Luckily for all of us Verisign is a free OpenID provider which offers support for two-factor authentication. They call their service Personal Identity Provider (PIP). To take advantage of their service you need to have a supported security token (i.e., a little key-chain device which provides a random number every thirty seconds). Luckily, you can buy one of these devices through PayPal for only $5. As an added benefit, this security token works not only with PIP but also with PayPal and eBay.

A Firefox extension, SeatBelt, automatically fills in your OpenID URL in websites with the appropriate form field. The extension also provides some useful security and OpenID management capabilities.

In conclusion, OpenID is a great solution for trivial sites like blogs and forums as long as you are aware of the dangerous that exist and take the necessary precautions. I still wouldn’t recommend OpenID for financial and medical sites but for pretty much everything else it is great. I know I can’t wait till more of the sites I use start to take advantage of it.

In case your wondering, I’m not getting paid anything to write this post nor do I make any money if you sign up for an account or buy a security key. I just think Verisign is offering a really good, secure OpenID solution that not many people know about. I just wanted my readers to know that this is an available solution. Plus, if enough people start using OpenID more sites are likely to offer it is an login option. Before I forget, you can find a list of OpenID enabled sites at the OpenID directory.

However, as recently reported by security researches from SPI Dynamics at the Blackhat USA 2007 security conference, the benefits of AJAX don’t come without significant security risks.

One of the main problems with AJAX is that a lot of traditional server side code is now executed on the client side. This provides would be hackers with a ton of insight on how your application functions. Once equipped with these details it is much easier for hackers to trick web applications into doing things they’re not designed to do.

The presenters at Blackhat showed the audience how a mock AJAX travel site could be tricked into selling tickets cheaper and also tricked into blocking ticket sales for the same airplane. I think these two examples show exactly how important it is for web developers to secure AJAX.

My recommendation on this subject is to not stop developing with AJAX but to take the time and effort to learn about the security problems associated with this web development technique and the ways to avoid the common pitfalls–doing so will make the web a safer place for each of us.

Just so you know where to start more about AJAX security, Darknet offers some good insight on securing AJAX by explaining some of the common ways to attack AJAX applications.

[via Ars Technica]