Meebo and Ping.fm 140 counter for GreaseMonkey

I'm a Meebo.com and Ping.fm fan. I use Meebo specially while roaming around where open Wifi speeds are not so good such that regular IM clients will keep on disconnecting. However I find it hard to use Meebo with Ping.fm IM bot since Meebo doesn't have 140 character counter. If you post a status more than 140 characters long, it will be truncated by Twitter or Ping.fm IM bot will totally ignore it.

So I created the Meebo 140 Counter for Greasemonkey. I have tested it to work with FireFox 3.5 but it should have no problem with lower FF3.0+ users.

If you are new Greasemonkey here is a quick how-to from UserScripts:

Greasemonkey is an extension for Mozilla Firefox, an open source Web Browser. Most userscripts are written for Firefox & Greasemonkey (although some work in Opera, Safari and even Internet Explorer).

For this guide I will assume you are using Firefox, if not you should install Firefox first.

Userscripts run via Greasemonkey

Now that you have Firefox, you need to install Greasemonkey. After installation (which requires restarting your browser), you are now ready to install userscripts.

Now clicking on a .user.js link triggers Greasemonkey to pop up the script installation panel. Greasemonkey shows you a list of what sites the script will run on and ask if you want to install the script.

Now loading a web page results in additional code (the userscript) being run.

Finally if you encounter problems with the script not working, please file it at the UserScript Issue Page or drop me a comment here.

Globe & Google Developer Workshop

I’m reposting this invite to interested parties to join the workshop on June 20, 2009. I’ll be attending the workshop and will be glad to hold a BOF session for those interested with creating Facebook Apps with Google Apps Engine (GAE). This includes a step by step configuration on the Facebook developer page and setup of GAE SDK using Eclipse.

From Aileen Apolo:

Hi Guys,

Google, along with Globe and Ayala Foundation, will be hosting a developer
event in Manila on Saturday, June 20th, 2009. Globe engineers and Google
Developer Advocate Patrick Chanezon will go over Globe and Google APIs --
including Globe's Voice & LBS APIs, the OpenSocial and Friend Connect APIs,
as well as Google App Engine.

Mashup the APIs you've learned to make some interesting applications. Ask
questions and get started while the experts are on hand.

Why you should come:
The best and most promising apps will be will commercialized on Globe's
platform. Make your great idea into a real app, then get monetize it!

Who should come:
Developers who are interested in Google and/or Globe's developer tools and
platforms, who want to get hands on and work on a new idea.

We'll provide space, power, and refreshments. You just need to bring your
own laptop, ideas and enthusiasm to complete the mix.

Summary
-------------

When:
Saturday, June 20th, 2008
1:00PM-5:00PM (registration starts at 12 noon)

Where:
Ayala TechnoHub, Commonwealth Avenue, Diliman, Quezon City

View Larger Map

>>> Sign-up here <<<

Manny Pacquiao VS Ricky Hatton (LIVE) May 2, 2009 Las Vegas, Nevada

Manny Pacquiao VS Ricky Hatton (LIVE) May 2, 2009 Las Vegas, Nevada

I just ripped this off YouTube for my friends' viewing pleasure; one of the best KO fights pacman had that I like.

Eraserheads Concert Streamed Live - The death of commercial media begins

While everyone else is writing about the Eraserheads: The Final Set concert post-mortem, I'd like to draw some attention to some technology trends that's competing commercial media.

Did you know that around 700+ people watched the concert streamed live for free?

Sites like UstreamTV allows anyone to broadcast an event with as little as using a Phone. Now this is a trend and lots of tech savvy people are doing this already on small events but the E-Heads is probably the biggest event streamed online up to this point in Philippine history. This trend also basically says some media business models such as TV broadcast rights have its days numbered.

Secondly a complementary technology was also used to provide narrative report using Twitter. I was tracking entire event from different people's perspective by searching hashtags #eheads at search.twitter.com.

What's so good about this technology is the instant viewer to host interaction allowing not only to broadcast the host's narration but allows real-time aggregation of other event witnesses' narrations and viewer comments. Again this is already a norm in small events but the E-Heads concert being twittered is the first instance such technology trend is racing head-on with traditional media.

So what does this means to all of us? We are seeing a glimpse of the future where we won't rely anymore on commercial media to deliver us not just information but entertainment as well. This tell us a of an inevitable paradigm-shifts in business models that will challenge and break large media corporations from broadcasting, licensing and all the way to production.

I Will Hack Food - J0L1BU6 G0t H4X0R3D! (Jollibee got hacked)

I got home early today so I could attend the meeting tomorrow and as usual I got bored... and when I get bored something phun gets posted here. Hehe.

So I recently found out about this promo-game in Facebook called "Jollibee Sulit Sarap Challenge" wherein the top scorer for the week gets a P500 Gift Certificate from Jollibee (fastfood)... and it just hits me. I will hack for food! LOL

So I visited the application page and added it to my Facebook account then figured out the kung-fu behind it. As it turns out, its so bloody easy to hack -- less than a minute!

OK First of all this is just harmless fun, I did not break any security scheme doing this.

Now I feel like a lowly script kiddy for doing this and its LAME so I won't even bother to redeem my hacked fast food. LOL.

But seriously, the guys who pitched this to Jollibee clearly wasn't thinking straight.

Guys IF I were seriously going to P4wN you I could have made my score just always above the rest and not put 73337 as a score. So take this as a free advice and better pull that game out until you fix the boboo -- but better make its good because IF I get bored again, I will come back and play to see IF you have learned the kung-fu.

Neo: I know kung fu.
Morpheus: [eyeing him, hand on chin] Show me.

PEACE. HTH.

UPDATE 2/26 - 1:33 PM

I got an email from the devs:

FROM: Jay Anthony Chiu

Good morning Mr. Filomeno!

We've read about your blog about the Jollibee Hack (link: http://corruptedpartition.blogspot.com/2009/02/i-will-hack-food-j0l1bu6-g0t-h4x0r3d.html), and we appreciate your concern. We actually have seen this when we had our internal tester hack into it, and we are currently working on a resolution for this.

But for the meantime, I hope you would be able to put down your blog entry about this matter.

We hope for your cooperation.

Thanks!

Take it down? Seriously its too late, here is my reply:

Hi Jay,

Is teamyehey = Yehey!?

I didn't realize that and would have contacted you guys straight regarding the matter, i guess i was too sleepy at 4AM in the morning to dig more about it. I could take down the post but its aggregated to 2 dozen other splogs and bots out there and it wouldn't make a difference anymore by this time. As you guys work with SEO you do realize that when the source link is taken out the, aggregating site takes the highest authority on the subject thus updates (when you guys fixed it) to the original article wont be reciprocated anymore. Such that searches to "Jollibee Hack" would show the aggregating sites as top result and not the original post with updates with the fix .

Anyway I have made sure not to disclose the exploit vector on the post and only that its possible and its just easy for my level.

Finally, im sure it would only take 15-30 mins to fix the exploit vector, let me give you guys tips.

1. Never trust user input - hash the submitted data so that if tampered the hash will invalidate it. A hash with salt plus arbitrary padding data makes it almost impossible to figure out and crack the hash.

2. Use AMF - its a native Flash communication transport, by itself its not very effective but will protect the data from prying eyes like proxies.

3. Encrypt the entire data sent - SHA1 will be good enough and very simple to implement.

Did I make sense on the reply? What do you think guys? Will a take down really help fix it or just hide the fact that it has problems without giving users warning that the system is being gamed. Surely I'm not a hypocrite enough to say I'm the only one who can do this. Send feed backs on the comment and I'll decide later this day if take a down is necessary.

Finally, my hi-score has already been taken out from the database (thank God), but I do hope they really fix it soon coz I'm getting hungry :D

Fix for Elastix on VirtualBox for Windows with SIP Having No Sound

Recently I installed Elastix VOIP server which is an Asterisk + CentOs linux distribution specially made for VOIP. Now, as if running VOIP isn’t enough of a challenge, I’m forced to install this on a Windows 2003 RC2 Server because we don’t have a spare box – It’s OK since the machine is an IBM Blade server with a very high spec.

The installation is pretty straightforward; just install VirtualBox, create a 10Gig virtual-disk and allocate around 1Gig RAM which is good for the 4 PSTN lines we have. The server has 2 gigabit NICs with static IPs so I assigned one to VirtualBox and named it Virtualization. Next, boot the virtual disk up with the Elastix ISO mounted and proceed with the installation.

Now after all the installation is completed, I tested SIP calls using Zoiper soft-phone and guess what – NO FUCKING SOUND!

So I fiddled with sip.conf, sip_nat.conf and sip_additional.conf which are the usual suspects when SIP goes awry. However this didn’t solve my problems!

Now there is only one way to solve this, TAKE A CIGARETTE BREAK :))

So after the puffs, I came back from the smoking lounge and did a network-engineer’s worst nightmare:

Configured Windows’ network card assigned to VirtualBox named Virtualization to disabled everything except “VirtualBox Host Interface Networking Driver”. This should not work right? The NIC must have an IP either via DHCP or Static configuration for it to work. Right?

Well, you’re wrong!

After doing this SIP works flawlessly!

So there you go, I just saved you months of tearing out your hair, crying without sleep and spending hours and hours wasting your time in Google search!

The heat is on: The Google Summer of Code 2009

Thanks to Adriano Monteiro Marques for the video!

This year I’m going to be mentoring under the Drupal organization again for the second time since last-year’s project Embed Widgets module was a great success. So we would like to invite students to participate again this year too for another awesome SoC.

uLink ups the ante for free SMS

 

Miguel sent me this buzz regarding uLink with a tag-line “Be unique with uLink”. It turns out to be site for sending Free SMS to Philippine networks! Yes bring free SMS more.

On Join Mobile Freedom

According to the review from PinoyTeens.net, the service is totally free but with an inclusion of advertising link from uLink. To quote:

“The only con that I can think about this Free Philippine SMS Service is that the message that your friend receives is quiet long, containing advertisement from uLink, but, hey, it’s better than paying for a simple text, am I right? And besides, the advertisement that is included in the text you send is for the promotion of their website and probably to get the Free SMS Service better as the demand grows.”

Hey its FREE, I don’t careless if you add up the entire news paper front page.

On Protecting Your Freedom to Communicate.

What does this mean? Dear telco, your monopoly for control on communication is dwindling. Evolve or be left behind. What I’m trying to point out is; telcos should be agnostic and neutral just like how internet ISP works which only provides the means of communication but does not control the content. Some might react - “are you serious? How about spam and scams?”

Hell, let NTC do the policing because they don’t do anything useful anyway! Spams and Scams are natural path of evolution, just like when Internet started there was a lot of scams and spams (the entire dot net boom was a scam if you ask me). However people learn and there’s not much spam and scams floating on the net compared before.

So its your choice; let telcos say what’s good for you and stay ignorant or be free to create what’s good!

Note: Again people, this is not a service endorsement, I don’t work anymore in telecoms nor this is related to my current work. Just read the disclosure below already!

Stupidest application in Facebook: My College Friends

WARNING: This app poses as a Friend Invite, the name and description was crafted to confuse the user unless you check the application page.

See the screen shot I've annotated using FireShot, it explains everything.

Philippine mobile users can send SMS TO (almost) ANYWHERE IN THE WORLD FOR FREE* and telcos don't want you to know about it.

I'm bored! So I'm going to show you a hack on how to send SMS (and soon MMS too) for FREE* and piss off the telcos :D

This hack is based on exploiting the current business models of telcos here in the Philippines (that is my night work; I hack not just servers and codes but also find exploits on business models). This is not new, its been possible since 6 years ago and the telcos didn't want you to know about it.

So don't worry, this hack is valid and will not put you at any risk. There is however a cons to this, only the first 3 160-character message is free, there is a P2.50 charge on the 4th message but the next 3 message will be free again. Somehow it works like this:

• 1st 160 character message - free
• 2nd 160 character message - free
• 3rd 160 character message - free
• 4th 160 character message - P2.50 charge
• 5th 160 character message - free
• 6th 160 character message - free
• and so on...

You may also need to check if there is any additional cost on the recipient but in US its mostly bundled already with their service plan.

Now I know you are eager now to start so here goes (you bastards :D), just follow these steps (UPDATED on 02/04/09):

1. First you must know what is the carrier of your friend at US (check the long list below).
2. Create an email filtering and forwarding scheme using your email provider, you can use free email provider such as GMail:
   
   
   (View Full Size Video)
   
3. Compose an SMS message "M2M <your@email.com> <to-mobile-number> <your message>".
4. Send it 2948
5. If your US friend replies you will get a message from 2948XXXXXXXX (12-digit: access number + post-fix alias)
6. Save this number, this is the permanent number you can use to send him/her an SMS for free by just sending "<to-mobile-number> <message>". Note the M2M and is no longer needed when using this alias.
7. You have to repeat these steps for every new number you wish to send to.
   
   *START RANT*
   
   Telcos has caught-up to the previous trick on sending directly using the <US-mobile-number>@<provider gateway> by restricting the format, but sorry telcos -- my hack will still work simply because you are ignorant about  how technology works... So you better send packing who told you otherwise -- just kidding, its good for us you keep them :))
   
   Anyway, you are still stuck on the stone-age by thinking that you can still control the  technology in the industry for profit and by doing so; restricts our right to fair use and right to communicate (a major violation of our right to free speech and expression!).
   
   *END RANT*

Now check out the list below on how to find the <gateway> per telco worldwide. Take note that MMS doesn't work yet and <to-mobile-number> is usually the 10-digit number unless specified in the list below.

Finally the message might arrive a bit slower because carriers outside US impose a QOS for non-local inbound messages.

That's it, Kung Hei Fat Choi!! Going to sleep now :D

 

List of Carrier Gateways

• 7-11 Speakout (USA GSM): <number>@cingularme.com
• Airtel (Andhra Pradesh, India): <number>@airtelap.com
• Airtel (Karnataka, India): <number>@airtelkk.com
• Airtel Wireless (Montana, USA): <number>@sms.airtelmontana.com
• Alaska Communications Systems" <number>@msg.acsalaska.com
• Alltel Wireless: <number>@message.alltel.com
• aql: <number>@text.aql.com
• AT&T Wireless: <number>@txt.att.net
• AT&T: <number>@mmode.com
  (formerly AT&T, then Cingular, now AT&T Wireless - Original grandfathered rateplan customers)
• AT&T Mobility: <number>@mms.att.net / <number>@txt.att.net / <number>@cingularme.com
  (formerly Cingular)
• AT&T Enterprise Paging: <number>@page.att.net
• BigRedGiant Mobile Solutions: <number>@tachyonsms.co.uk
• Bell Mobility & Solo Mobile (Canada): <number>@txt.bell.ca / <number>@txt.bellmobility.ca
• Boost Mobile: <number>@myboostmobile.com
• BPL Mobile (Mumbai, India): <number>@bplmobile.com
• Cellular One (Dobson): <number>@mobile.celloneusa.com
• Cingular (Postpaid): <number>@cingularme.com
• Centennial Wireless: <number>@cwemail.com
• Cingular (GoPhone prepaid): <number>@cingularme.com (SMS)
• Claro (Brasil): <number>@clarotorpedo.com.br
• Claro (Nicaragua): <number>@ideasclaro-ca.com
• Comcel: <number>@comcel.com.co
• Cricket: <number>@mms.mycricket.com (MMS) / <number>@sms.mycricket.com (SMS)
• CTI: <number>@sms.ctimovil.com.ar
• Emtel (Mauritius): <number>@emtelworld.net
• Esendex: <number>@esendex.net
• Fido(Canada): <number>@fido.ca
• General Communications Inc: <number>@msg.gci.net
• Globalstar (satellite): <number>@msg.globalstarusa.com
• Helio: <number>@myhelio.com
• Illinois Valley Cellular: <number>@ivctext.com
• Iridium (satellite): <number>@msg.iridium.com
• i wireless: <number>.iws@iwspcs.net
• Koodo Mobile (Canada): <number>@msg.koodomobile.com
• Meteor (Ireland): <number>@sms.mymeteor.ie
• Mero Mobile (Nepal): 977<number>@sms.spicenepal.com
• MetroPCS: <number>@mymetropcs.com
• Movicom: <number>@movimensaje.com.ar
• Mobitel (Sri Lanka): <number>@sms.mobitel.lk
• Movistar (Colombia): <number>@movistar.com.co
• MTN (South Africa): <number>@sms.co.za
• MTS (Canada): <number>@text.mtsmobility.com
• Nextel (United States): <number>@messaging.nextel.com
• Nextel (México): <number>@msgnextel.com.mx
• Nextel (Argentina): TwoWay.11<number>@nextel.net.ar
• Personal (Argentina): <number>@alertas.personal.com.ar (call for activation)
• Plateau Wireless (United States): 11digit<number>@smsx.plateaugsm.com
• Plus GSM (Poland): +48<number>@text.plusgsm.pl
• President's Choice (Canada): <number>@mobiletxt.ca
• Qwest: <number>@qwestmp.com
• Rogers (Canada): <number>@pcs.rogers.com
• SL Interactive (Australia): <number>@slinteractive.com.au
• Sasktel (Canada): <number>@sms.sasktel.com
• Setar Mobile email (Aruba): 297+<number>@mas.aw
• Sprint (PCS): <number>@messaging.sprintpcs.com (SMS) / <number>@pm.sprint.com (MMS)
• Sprint (Nextel): <number>@page.nextel.com (SMS) / <number>@messaging.nextel.com (MMS)
• Suncom: <number>@tms.suncom.com
• Sunrise (Switzerland): <number>@gsm.sunrise.ch
• T-Mobile: <number>@tmomail.net
• T-Mobile (Austria): <number>@sms.t-mobile.at
• T-Mobile (UK): <number>@t-mobile.uk.net
• Telus Mobility (Canada): <number>@msg.telus.com
• Thumb Cellular: <number>@sms.thumbcellular.com
• Tigo (Formerly Ola): <number>@sms.tigo.com.co
• Tracfone (prepaid - direct): <number>@mmst5.tracfone.com
• Tracfone (prepaid - indirect): <number>@cingularme.com / <number>@tmomail.net / <number>@vtext.com / <number>@email.uscc.net / <number>@message.alltel.com
• Unicel: <number>@utext.com
• US Cellular: <number>@email.uscc.net (SMS) / <number>@mms.uscc.net (MMS)
• Verizon: <number>@vtext.com (SMS) / <number>@vzwpix.com (MMS)
• Vivo (Brasil): <number>@torpedoemail.com.br
• Virgin Mobile (Canada): <number>@vmobile.ca
• Virgin Mobile (USA): <number>@vmobl.com
• Vodacom(South Africa): <number>@voda.co.za
• YCC: <number>@sms.ycc.ru
• MobiPCS (Hawaii only): <number>@mobipcs.net