SSLv2 for Ubuntu 12.04

So Ubuntu figured it would be best if they disabled SSLv2 support from the OpenSSL library and it appears that this has been happening since 10.04. I didn't really notice because I had been using some other distros, but with some new changes in my professional life, I now need to be on Ubuntu. Now I understand doing this for the safety of users, but not having the ability to enable it again is quite the issue for say someone who is in the security profession and needs to be able to test for SSLv2 so that clients can be told to disable it. Now to go about building SSLv2 support back in and having a tools like sslscan work again when checking for SSLv2.

If you are currently running some recent version of Ubuntu, you can check for yourself by attempting to use openssl or you can run sslscan (assuming you have that installed) like here:

$ sslscan --ssl2 www.google.com

And in the results you will see it come up blank like here:

What we need to do is rebuild the OpenSSL libraries and enable SSLv2 support. Don't do this if you have no need for this support. The below series of commands come from the main post and the comments here: http://security.sunera.com/2011_02_01_archive.html
I'm not taking credit for this, I'm just putting it all together for Ubuntu 12.04 and really just having this as record for myself since I will have to redo this work everytime OpenSSL gets updated -> meaning watch out for those Ubuntu updates that might undo your work with a new version of OpenSSL or re-install your tools that you rebuild to take advantage of your changes.

Commands to run:

$ sudo apt-get install build-essential devscripts m4 quilt debhelper # There might be more depending on your system - check for error messages
$ apt-get source openssl
$ cd openssl-*
$ quilt pop -a # This removes updates
$ vi debian/patches/series
Remove 'no-ssl2.patch' (or whatever it is called now since it has changed before)
$ vi debian/rules
Remove 'no-ssl2' in args
$ quilt push -a # This re-applies the updates, minus the no-ssl2 patch
$ dch -n 'Allow dangerous v2 protocol'
$ dpkg-source --commit
$ debuild -uc -us
$ ls ../*ssl*.deb
$ cd ../
$ sudo dpkg -i *ssl*.deb

Now you need to do similar activity to get your tools to work again. Here is getting sslscan to work:
$ apt-get source sslscan
$ cd sslscan*
$ debuild -uc -us
$ cd ../
$ sudo dpkg -i *sslscan*.deb

Lets run sslscan with the same arguments as before:

And we have SSLv2 support back. Thank you to others who have posted this information before so that I could get it to work.

Not Sure About Verizon's Rating System

I few months ago I came across a post about a pair of wired headphones from HTC that were tangle free and included a mic (RC-E190). They are more easily bought in the UK, but I keep checking around for a black pair in the U.S. and today I came across Verizon's store because they sell them as an accessory for HTC Rhyme. And no, I wasn't looking for them in purple or plum or whatever that color is, I wanted black and I thought Verizon might have different colors. However, the funny part to me is that Verizon shows the headphones as being rated as 5 stars based on 2 reviews, but when you look at the reviews each person only gave it 1 star. So somehow, Verizon's averaging algorithm has (1 star + 1star) / 2 = 5 stars. Just made me laugh today.

Link: Verizon site

Screen capture:

Woe is me, the Sprint customer

I have been through most major carriers in the past 18 years so I know that none of them are perfect. I usually go with best coverage for the area I live and move on. When I moved to my current house about 2 years ago, I had Verizon and it worked decent except for the one spot in my house where my wife made all her calls from and that spot had zero coverage. So we switched and ended up with Sprint because they had great coverage for our area. Then about six months ago, the service started getting slower and my signal strength started dropping. I kept on with it thinking that it would get better and that maybe all the new devices on Sprint was hurting them.

Then in the past few weeks, the service in my Chicago area became worse than I expected. Between my phone and my wife's phone we had dropped calls, missed calls, no voicemail notifications (well she didn't, I use GV so I was good), and lost text messages. When this happened it became a real problem because my wife is a NICU nurse and she and her hospital rely on her phone working in case she has to be called in. BTW - she did miss three calls from the hospital over this issue. I hit up the Sprint forums and my wife went to a local store to complain and then ended up also calling into support. It turns out that Sprint is upgrading the service here as part of their enhanced 3G and 4G LTE rollout.

This sounds great, except for two things. First, it won't be completed until some time in June and that is the earliest it can be done. That means it could easily go on past that. Secondly, they didn't warn us that this upgrade would actually kill off our service during the 3 month upgrade. Now, their customer service was friendly and ended up sending us an Airave for free. That is the whole mini cell tower in your home that uses your broadband for connectivity. This is nice that it has resolved our issues when we are at home, but leave the house and it is all downhill again. I am also still not very comfortable with this tower thing since I had to put it about three feet from my face.

This has made me decide that it is better for my wife and I to be on separate networks so that we have a better chance of at least one of our phones working. I will most likely move over to AT&T because they have good coverage in my area, a decent phone selection (come on Samsung Galaxy SIII), and I like the GSM idea for traveling. Not sure what my wife will do, but will probably wait and see how Sprint's network is after the upgrade. During all this, I also found out that it is cheaper for her and I to be on separate plans instead of a family plan because we only have two lines and use barely any minutes.

In the end, this is mainly just my rant, but also a heads up to other Sprint customers about what happens during the network upgrade. Maybe this downtime doesn't always happen and Sprint is just rushing it in my area to get LTE out ahead of the next iPhone, but for what it is worth, this is my experience.

Now for something completely different...I'm pretty pumped about the upcoming phone from Samsung. My pipe dream wish is to see them support the s-pen/digitizer in all their phones, especially this one. I would love to be able to buy the s-pen as an option and have it work on the new phone. I would love the Note, but it is just too big for my small hands (and no, no woman has ever said that to you).

Give me a tablet that lets me rid myself of paper and pen

Go ahead and laugh, I want a tablet with a stylus. I want to be able to use it for actual work and I don't mean Microsoft Office. I don't spend my life in the Office suite and what I really need is a tablet that uses a stylus and has a notepad application that lets me hand write notes. It doesn't even need to do character recognition that well, because I really don't care about that feature. Yes, character recognition is nice since it can allow for easy searching of notes, but my notes get filled up with arrows, drawings, code, side notes, etc and I just want those notes in raw format.

I'm picturing an application that makes my screen look just like a piece of lined notebook paper. I can write on it, type using the keyboard, paste pictures, draw, etc. I also want those notes to sink to something like Evernote. I currently use LiveScribe, but I want to be done with paper and ink and having to use cables to sync. The Samsung Note sounds like a good device, but I want it in tablet form and the reviews say the note taking isn't the best with it.

For the stylus, it needs to be fine tipped. I don't want one that causes me to write in huge block letters because then it will just look like I used my fingers again and I'm not finger painting.I want the stylus to be about the size of a ballpoint pen.

Wish List:
Full tablet size - the 10" seems fine (too small and I don't get the writing surface I want)
Stylus fits in tablet - I don't want to carry it separately
Stylus with a fine tip
Note taking application (palm rejection, online sync, free flow notes, keyboard input, cut and paste)
ICS (I would even buy it from Apple, but that is never going to happen)
Standard ports for charging and data transfers

My hope is that Samsung releases a 10" Note, which has been rumored. I hope they update the handwriting application to be better. If you are including a stylus, make sure that bad boy works perfectly. If they can nail that stuff down, count me in for one.

Non-tech rant about my frozen lunches

I'm a geek so that means that I spend a lot of time sitting in front of a computer. It is well known that sitting for as long as I do isn't the most healthful. However, I do workout most days and I watch what I eat and track my calories. I have enjoyed eating a certain frozen meal that has pretty low calories for some time now. I won't mention the exact product, but it is a frozen meal that uses a steaming action and could make you feel like you are eating in a cafe (if you picture a cafe to have desks instead of tables and for each table to have 3 monitors).

I have been enjoying these for awhile when they changed their packaging for some new marketing gimmick and to associate themselves with a TV show. I didn't think much about it because what do I really care about the marketing of it, I just want to eat. However, about the fourth time I'm eating this meal, I discover that they added 40 calories (about 14% increase) to it with the change. I know 40 calories isn't much, but I need all the help I can get. Plus, I obviously couldn't even tell that anything had changed flavor-wise. I contacted the company and mentioned I wasn't happy about a company labeling themselves as healthy and then adding on 40 calories to a meal with no notice. They wrote me back stating that they thought they made it better and gave me some coupons. With or without the coupons, I wasn't going to quit eating their meals since I do like them and find them to be a good compromise as I watch what I eat, it was just disappointing to me and my geek body.