Elliott C. Back: Internet & Technology

According to an informal engadet poll, 40% of iPhones aren’t working properly, and another 12% had problems with activation. Those numbers are right, almost 50% of iPhones have activation problems! For those of you still waiting, the activation screen of glory looks just like this:

Here’s a few activation tips for you guys:

Activate with two iPhones

You’ll need two iPhones. Plug one into iTunes and select “I am a new AT&T Customer” and choose to activate “2 or more phones on an individual or FamilyTalk plan.” After you get the activation complete email, plug in the second iPhone and select “I am an existing customer” then “replace a phone on my account with this iPhone.” Reuse the earlier number and activate your second iPhone. When you plug in your second iPhone it will unlock for use but without an assigned number or account.

DVD-Jon’s Hacked Activation Server

You’ll need to install UltraEdit-32 and iPhoneActivationServer 1.0. Open iTunes.exe with UltraEdit and change the following offsets and values:

Offset 2048912, value 33C0C3
Offset 257074, value 28
Offset 257013, value 33C9B1

Open c:\windows\system32\drivers\etc\hosts and add the line “127.0.0.1 albert.apple.com.” Then run DVD Jon’s activation server, open itunes, and plug in your iPhone, which will activate automatically in about 60 seconds.

The Prepay Method

Buy an iPhone but don’t sign up with AT&T for any of their plans as of yet. Plug it into iTunes with 999-99-9999 as your SSN, and you’ll fail the credit check. At this point you can pick a GoPhone prepayed plan, and zip over to the AT&T GoPhone funding page to add some money to your card. Don’t fund it over the phone or set it up with actual AT&T employees, or it won’t work and you will be sad.

Calling AT&T

Call the customer support at 1-800-331-0500. If you’re coming from an old number or account try getting in contact with an AT&T state Number Porting office (1-888-898-7685). The number 1-877-800-3701 is supposed to be good, if not overwhelmed. The after hours number is 1-866-801-3600.

Reboot!

Turn off your iPhone and remove the SIM card. Cycle it, put the SIM back in, and turn it on again.

Ping like mad

You might think plugging in your iPhone to sync it with iTunes is good enough, but actually according to rc3, you should leave it plugged in until it activates. A support tech with AT&T told him that the activation system works by pinging the queue of unactivated iPhones. If your phone is not connected, you’ll lose your place and have to start over!

According to a Reuters story, the activation issues are solved, but I don’t believe them:

About 2 percent of those who bought iPhones since they went on sale Friday faced delays in activation with AT&T, the exclusive U.S. service provider for the widely anticipated cell phone, according to a source familiar with the matter. By Monday, those issues were mostly resolved, AT&T spokesman Mark Siegel said. “We have resolved nearly all of the issues and we feel confident this is behind us now,” Siegel said. “One by one, we worked to resolve (the problems) and now nearly all of them have been resolved.”

Yeah right… well, hope these tips help! Feel free to leave your complaints / sucess stories in the comments.

Wow! A blog of mine running Wordpress 2.0.4 just got hacked. The attacker, without logging in, was able to inject a bunch of spam links into three of my posts. I caught the attack because I read my own Wordpress feeds, and noticed the update. The IP address the attacker used was 64.252.168.207. Here is the timeline of his penetration into my poor, but out of date, Wordpress installation:

1) Visit Video Games Blog pretending to be Googlebot
2) Visit random pages just to confuse me
3) Visit the three target pages (1, 2, 3)
4) Grab the nonces from wp-admin/post.php?action=edit
5) Use the nonces to do something weird to /wp-admin/inline-uploading.php?action=view
6) Post to the regular edit page

If you don’t want to be hacked, here’s what you need to do:

• Upgrade to the latest version of Wordpress (2.0.10 in my case)
• Remove crap you don’t need. If you’re not using comments, remove wp-comments-post.php. If you don’t know what xmlrpc is, remove wp-xmlrpc.php as well.
• Permission your files. If you are on a shared host, it’s especially important that you don’t make your wp-config world read/writable, or anyone can steal your database login information, or just overwrite it with their own.

If you’re interested, here’s the full server log, as a text file: wordpress-hack-log.txt. The attacker didn’t compromise or access any other services, just used the web interface to insert his spam into my post.

I came across the following code in a Mint installation today, and was pretty shocked. I’d never really considered that someone would want to pirate a $30 php product, but apparently I was quite wrong:

/* Code removed at the request of Shaun Inman, although technically it’s not his code anymore, just something someone (who knows who) hacked up around it… */

*the usual bypass authorization by modifying the function to always validate hack*

Mint Piracy is a well-known problem to Shaun Inman, so I emailed him a potential solution to the problem of having to release his source code to users, but still needing some control. Hopefully in the future, we can work to bring piracy of Mint to a quick end.

Update: Inman isn’t a fan of the technique (which I think is perfect):

There is a simple way for you to track the origin of Mint pirate releases, and that is to add information to downloads in a way that looks normal, but actually can be later used to authenticate the source.

Person x buys mint, and you assign them id 123456. In base 2 you have 011110001001000000. So, the trick is, you now need to find 18 places in the code where you can choose one thing over another. So for every person x, you generate a unique download, choosing different adjectives in the comments in different places, etc, depending on the id you want to steganografically encrypt. The key to this is that you don’t tell anyone you’re doing it, and they probably won’t notice.

What do you think? Would this cause more grief?