DLNA with subtitles in D-Link DNS-320

D-Link DNS-320 is a network storage enclosure that supports DLNA. Unfortunately, the built-in DLNA server does not support subtitles. Nevertheless, this can be overcome by installing miniDLNA. miniDLNA can stream movies and subtitles, providing that the subtitles file has the same name as the movie file (minus the extension). The following has been tested successfully with UTF-8 encoded .srt files in Samsung  UE46ES6340 smart tv.

DNS-320 is a linux based device. Moreover, it's firmware can execute scripts, located in the root directory, every time the system boots. Fonz fun plug (ffp), its such a script that adds support for telnet, as well as, for installing additional software. In this post, we will use ffp ton install miniDLNA in our NAS.

Step 0 preparation

Make sure you have disabled the built-in DLNA server

Step 1 install ffp

Installing ffp is as trivial as copy pasting a file. Follow the instructions here https://nas-tweaks.net/371/hdd-installation-of-the-fun_plug-0-7-on-nas-devices/

Step 2 install miniDLNA

The web page included in step 2 has instructions about how to connect to your NAS using telnet. Follow these instructions and connect to your NAS. ffp includes a package manager for installing software.  Initially, the package manages has to be configured with download sites. This can be done using  uwsiteloader. uwsiteloader can be installed by following the instructions here https://nas-tweaks.net/371/hdd-installation-of-the-fun_plug-0-7-on-nas-devices/#Now_what.3F After downloading it and making it executable, run it. In the step when it requests to select download sites, select all of them. You can then install miniDLNA and configure following the steps here: http://forum.nas-central.org/viewtopic.php?f=249&t=5841&start=45#p56567  section "INSTALL INSTRUCTIONS". Make sure you edit /ffp/etc/minidlna.conf accordingly (vi can be used for the editing).

You are ready to go! A useful command that forces miniDLNA to rebuilt its database is /ffp/start/minidlna.sh rescan

Create self-singed certificate with extentions

For testing reasons I wanted to create a self-signed certificate that includes the subject alternative name extension, using openssl. Most guides require the creation of an openssl configuration file. I found out that this can be done without any configuration file, using only two openssl commands and a file that contains the subject alternative name extension parameters.

The first command is the following:

openssl req -newkey rsa:1024 -keyout server.key -out server.csr -subj '/C=GR/ST=Attiki/L=Athens/O=Fotiou Corp/OU=Security Department/CN=localhost/emailAddress=my@email.address' -nodes

This command creates a new private key and a new certificate signing request. Let's see the command parameters:

-newkey rsa:1024      It creates an RSA 1024 bits key
-keyout server.key  This is the file where the private key is stored
-out server.csr        This the file where the certificate signing request is stored
-subj ...                   This is the information included in the certificate
-nodes                          This command parameter instructs openssl to not encrypt the private key

Now create a file and insert the subject alternative name extension parameters. In this example, I have created a file named extentions.cnf which contains the following text:

subjectAltName=DNS:example.com, DNS:localhost

This line indicates that this certificate is valid for two DNS names, namely example.com and localhost. You may notice that the CN name included in the -subj command line parameter is also included here; the reason for that is because most browsers ignore the CN field when the subject alternative name extension is used. Finally the following command creates the desired certificate

openssl x509 -req -days 365 -signkey server.key -in server.csr -out server.crt -extfile extentions.cnf


Where:
-days 3650                          It is the number of days for which the certificate is valid
-signkey server.key         It is the private key generated previously and it used to sign the certificate
-in server.csr                   The certificate signing request we created with the previous command
-out server.crt                 The file in which the certificate will be stored
-extfile extentions.cnf The file we created with the subject alternative name extension parameters

Handling C#, MVC entity validation errors in a meaningful way

MVC's entity framework is a convenient tool for abstracting databases. However, when something goes wrong the debug messages are not very meaningful. Especially when an entity validation exception occurs.

The following try, catch block catches an entity validation exception and concatenates all validation error messages into a single string. Then this string can be displayed in a debug message.

try
{
   entities.SaveChanges();
}
catch (System.Data.Entity.Validation.DbEntityValidationException ex)
{
   var errorMessages = ex.EntityValidationErrors.SelectMany(x => x.ValidationErrors).Select(x => x.ErrorMessage);
   //Join the list to a single string. 
   var fullErrorMessage = string.Join("; ", errorMessages);
   throw new Exception(fullErrorMessage);
}

The unfortunate cookies

Cookies sent over plain HTTP to Google websites can reveal information about a user

Disclaimer

The following has been reported to Google and is considered not an issue

Recently while visiting Google scholar I noticed that on the top right corner my Google username was displayed.

This appeared to me very strange, since I was not accessing this service using HTTPs. I fired up Wireshark and I revisited scholar once again. From the captured traffic it was obvious that my browser was sending a bunch of cookies over plain HTTP. I stored these cookies to a file, I imported them to a Firefox private browsing window and I visited Google scholar once again. To my surprise my username was still there. Moreover I was able to see my citations and my updates just like if I was signed in. By observing the cookies I noticed that most of them were for the domain *.google.gr, so as next step I visited http://www.google.gr/ig  in the same private session: all gadgets that do not require authentication (like weather) were there!

But the surprises continued. I edited the cookies file and I replaced the domain *.google.gr with *.youtube.com, I loaded the new file in a new Firefox private browsing window and I visited http://www.youtube.com. As it can be observed from the screenshot, my username, my subscriptions, as well as posts of my friends in google+, all were there!

It is astonishing how much information about a user can be gained simple by monitoring a mere HTTP session. 

Edit 1:

Even if the user logs out, the captured cookies continue to reveal the same information

Convert video files and embed subtitles using VLC

VLC player, by VideoLAN, is a handy media player with many features. VLC, among other things, enables the conversion of video files, from one format to another, enabling the same time the incorporation of subtitles.

Suppose that  we want to convert an h.254 video file to DivX with embedded subtitles. Suppose also that subtitles are stored in a separate (.srt) file with the same name as the video file.  Here are the steps that should be followed:

Run VLC and from the Media menu, select Convert/Save (Ctrl + R).

Select Convert/Save

In the file selection area, press Add, and choose the video file to be converted. Moreover, on the button-left menu press the arrow and select  Convert.

Select the Convert optionn

In the Destination area, press Browse, and select where your file should be saved (Note that you have to add the filename as well the extension). In the Settings area, select the Convertion profile and press the Edit selected profile button.

Press the button marked with the black square

In the new window select the Subtitles tab, check the Subtitles check box, select DVB subtitle on the listbox on the left, and check the Overlay subtitles on the video check box. Then press Save.

Subtitle options

Now by pressing Start, your video will be converted to desired format and the subtitles will be embedded in the output video file. 

Send a facebook message using php

Facebook API does not provide any method for sending a message to the inbox of a user. Fortunately, messages can also be sent using XMPP, which is used by facebook chat, but can also be used for sending a message to a user that is offline (i.e., the message will appear in the user's inbox).

In this link you can find a php class that utilizes facebook's XMPP functionality and sends a message to a facebook user.

In order to use this class you need to obtain an API key, by registering your application here. In order to use this class you should provide, your API key, your user id, the current authorization token, and the user id of the user to which you wish to send a message.

In order to get your user id, you can user the facebook php sdk and use the getUser() method of the Facebook class. In order to get the authorization token you can invoke the getAccessToken() of the Facebook class

A proxy re-encryption implementation

Proxy re-encryption is scheme that allows a proxy to re-encrypt a ciphertext, encrypted with the public key of a user A, into a ciphertext that can be decrypted with a private key of a user B, without having access to the private key of A or B, as well as to the plaintext.

Green and Ateniese describe an Identity-based proxy re-encryption scheme in their paper and prove its security. An implementation of their solution can be found in my github repository. This is a python implementation using the Charm Crypto tool