Windows Live Mail API Version 3.0.1 *(with Windows 8 support & Contacts Support)

Nektra announces the release of the new version of WLMailApi, the most used SDK designed to develop plugins in Windows Live Mail Desktop email client.

Windows 8 Support
Full Contacts Support
Online (IMAP) Folder support

Request trial version here! http://www.nektra.com/products/wlmailapi-windows-live-mail-api-plugin/request-trial License: Some changes were introduced to the license for WLMailApi. Now, it is necessary to purchase a license for each developer that will use the library or by each product that will be developed using the library, taking into account whichever number is greater. For more details visit license page. http://www.nektra.com/products/wlmailapi-windows-live-mail-api-plugin/license Contact us to ask any commercial question or use the technical inquiries. http://www.nektra.com/contact

Change Log:

Fixes

Fixed issue in which the function IToolbarButton::IsEnabled would always return true.
Fixed issue in which account information would be lost when commiting a message.
Fixed issue in which WLM would sometimes crash on startup.
Fixed issue in which WLM would hang or crash when the main window or the Find dialog were closed during a search process.
Fixed issue in which WLM would hang if the last window closed was a compose window and a draft was saved.
Fixed issue in which WLM would crash if the last window closed was a compose window and a draft was saved.
Fixed issue in which emails moved automatically by WLM did not trigger OnNewMessageInFolder events.
Fixed issue in which the split button’s OnClick event would be triggered when one of its subbuttons was clicked.
Fixed issue in which WLM v15.4.3508.1109 would not close if the last window closed was a compose window.
Fixed issue in which WLM would crash if WLMailApi was compiled using C++ optimizations in Visual Studio 2005.
Fixed issue in which the Find dialog would randomly fail finding messages by content.
Fixed issue in which WLM would crash when its main window is closed with a search in progress.
Fixed issue in which WLM would randomly crash while interacting with the Find dialog.
Fixed issue in which WLM would crash or wlmail.exe process would not end when the last WLM window closed is a compose window.
Fixed issue in which WLM would show an unknown error when deleting more than 7000 emails from the Deleted items folder.
Fixed issue in which WLM would hang when trying to delete a message in the Outbox folder during an OnNewMessageInOutbox event.
Fixed issue in which FolderManager::OnNewMessage event would not be triggered when a message is moved by a WLM rule to a folder created by the user.
Fixed issue in which the Send and Receive window would get unresponsive when receiving messages.
Fixed issue in which WLM would crash if closed while receiving more than 5000 emails at once.
Fixed issue in which a deadlock would occur when ALL plugins listed in the registry fail to load.
Fixed issue in which IMessage::Send() function would send emails from an invalid account.
Fixed NktWLMailStore::IMessage::DeleteBody and NktWLMailStore::IMessage::InsertBody functions.
Fixed issue in which undesired characters would appear in plain text emails after sending, receiving and moving operations.
Fixed issue in which the UI would be unresponsive when moving big amounts of emails between folders.
Fixed issue in which WLM 2009 would freeze after using the “Find” function.
Fixed issue in which ribbons would randomly appear as a black bar when launching WLM 2011.
Fixed issue in which WLM 2009 would crash when a “Compose” window is opened.
Fixed issue in which WLMApi would not work if WLM was closed and quickly reopened.
Fixed issue in which emails were received twice if WLM was closed quickly after the receiving procedure.
Fixed issue in which duplicated “new message in outbox” notifications were fired to client plugins.
Fixed issue where WLM crashed after removing an API object instance (e.g: TMAS Disable toolbar crashing).
Fixed issue in which WLM showed emails that were not accessible.
Fixed issue in which UI showed inconsistent data (unread email counts).
Fixed issue in which WLM would receive an unexpected OnNewMessage event on startup.
Fixed issue in which having an outer process would freeze the UI.
Fixed issue in which OnNewMessage event would not be received in “Sent Items” folder.
Fixed GetState and SetState malfunction concerning UNREAD flag.
Fixed SaveBodyToFile function.
Fixed bug in which the Send/Receive button would not work if the Outbox folder is not empty.
Fixed TMessage::GetState, TMessage::SetState for states NKT_MSG_UNREAD, NKT_MSG_SUBMITTED, NKT_MSG_UNSENT, NKT_MSG_RECEIVED, NKT_MSG_REPLIED, NKT_MSG_FORWARDED, NKT_MSG_FLAGGED
Fixed issue in which WLM would crash when using the “Reply to Sender” function in Inbox
Fixed issue in which the Outbox folder would be inaccessible after using the “Reply To Sender” function.
Fixed issue in which UI would sometimes hang when calling Commit() on a message.
Fixed issue in which UI would lockup when receiving emails and processing them on new message event.
Fixed issue in which FolderSelectionChange event would not be fired in some contexts.
Fixed issue in which UI would hang when using Search function or opening other folders (e.g: RSS).
Fixed issue in which WLM would sometimes crash when opening folders.
Fixed object cleanup at WLM window close.
Fixed issue in which WLM would crash on close.

Added API functions

TMsgWnd
- Close
- SendDraft
IMessage
- SetAccount
- SaveToStream
- LoadFromStream
- AddAttachmentFromStream
- SetSubject
- SaveDraft
- GetFirstBodyHeader
- GetNextBodyHeader
- GetAccount
- SendAs
- GetFilename
IMsgWnd
- SetTo
- SetCc
- SetBcc
- SetSubject
  IWLMailApi
  *GetLastSelectedMailFolderID
IToolbarButton
- SetName
- GetName
- SetName
- SetImageNormal

Added API events

IFolderManagerEvents
- OnFolderCreated
IFolderManager
- OnFolderDeleted
- OnFolderMoved
IWLMailApi
- OnMessageDownloadStarted
- OnMessageDownloadFinished

Added features

Contacts API.
ComposeMail ribbon customization.
Support for Toggle buttons.
Contact support (except contact removal)
Builds on VS2005.

Demos

New demo button icons.
Fixed, reorganized and improved C# demo buttons.

Performance

Improved ribbon buttons response time.
Improved “Send & Receive” procedure speed.
Improved performance when receiving and processing emails.

Windows Live Mail 2011 API

With our API you will be able to do amazing things and now we offer the opportunity of
purchasing the Source Code at a fraction of the cost. This guaranties that we are the owners of this source code and have years in this industry. We offer integration to Windows Live Mail 2011, including ribbon customization, adding new tabs and individual buttons, button groups. Access to Windows Live Mail 2011 message store, as well as account data, folders and email messages. Interaction with user, including change notifications on folder selection, folder creation and removing, new message selection. Integration to compose email window, sophisticated ribbon customization, access to text fields and body editor. You can use all of these features and many more via the outer process feature or by coding DLL plug-ins.

Best Regards,

Business Development

.net, api, api monitor, c#, com, cookiepie, cookies, detours, deviare, firefox, google, hook, hooking, instrumentation, lgpl, Messages, mozilla, nektra, oeapi, opensource, opinion, outlook, outlook express, outlook express api, perl, release, reverse engineering, system internals, thunderbird, win32, windows, windows address book, windows live mail plugin api

How to migrate NK2 Auto complete cache “suggested contacts” from Microsoft Outlook 2003 or 2007 to Microsoft Outlook 2010

How to migrate NK2 Recipient AutoComplete cache lists “suggested contacts” from Microsoft Outlook 2003 or 2007 to Microsoft Outlook 2010

Note You must exit Outlook 2003, 2007, 2010 before starting the following procedure. The names will be included in AutoComplete when you restart Outlook.

1. On the computer (Office 2003 or 2007) with the saved AutoComplete names, go to “drive: Documents and Settingsuser nameApplication DataMicrosoftOutlook”.
Note Depending on your operating system (Windows 7, Windows Vista, Windows XP, and Windows 2000) or the folder options, the folder might be hidden. To view the files in this folder, do one of the following:
Windows 7
1. Click Start, and then click My Computer.
2. On the Tools menu, click Folder Options.
3. Click the View tab, and then, under Advanced settings, under Hidden files and folders, click Show hidden files and folders.
4. Uncheck hide extensions for known file types.
Windows Vista
5. Click Start, and then click My Computer.
6. On the Tools menu, click Folder Options.
7. Click the View tab, and then, under Advanced settings, under Hidden files and folders, click Show hidden files and folders.
8. Uncheck hide extensions for known file types.
Microsoft Windows XP
9. Click Start, and then click My Computer.
10. On the Tools menu, click Folder Options.
11. Click the View tab, and then, under Advanced settings, under Hidden files and folders, click Show hidden files and folders.
Microsoft Windows 2000
12. Double-click My Computer on your desktop.
13. On the Tools menu, click Folder Options.
14. Click the View tab, and then click Show hidden files and folders.
2. Right-click profile name.nk2, and then click Copy.
Tip You can copy the file to removable media, such as a USB key (Pen drive) or a CD (DVD), and then copy the file to the correct location on the other computer. Or you can attach the file to an e-mail message and send the message to yourself. On the new computer, open the attachment, and then save it to the correct location.
Note You must exit Outlook before starting the following procedure. The names will be included in AutoComplete when you restart Outlook.
3. On the Office 2010 where you want to migrate the AutoComplete feature too, Paste the NK2 file to drive:%user name%%appdata%MicrosoftOutlook
4. If prompted about replacing the existing file, click “yes”.

1. Note that the .nk2 file must have the same name as your current Outlook 2010 profile. By default, the profile name is “Outlook.” To check the profile name, follow these steps:

2. Click Start, and then click Control Panel.
3. Double-click Mail.
4. In the Mail Setup dialog box, click Show Profiles.
5. Click Start, and then click Run.
6. In the Open box, type outlook.exe /importnk2, and then click OK. This will import the .nk2 file into the Outlook 2010 profile.

Nektra Advanced Computing is developing a tool that will auto create an .NK2 file from Outlook Express (using OEAPI), Windows Mail (using OEAPI), Windows Live Mail (Using WLMAPI), an the export to Outlook 2003, Outlook 2007 & Outlook 2010. We also offer a solution service from any legacy environment/platform to any new environment/platform. For information about pricing or demos please call 1-(310)237-6506.

Outlook Plugin Development

We have a team of experts developing plugins for Outlook. We have a wide experience using Outlook API and we are able to go beyond Outlook API when you need something that cannot be developed using the startdard API.
Our team works in US time, that’s what makes Nektra the best decision for US companies.
Our sales team can be contacted any time in our office in Callifornia (310) 237-6506.
For more information visit Outlook plugin development

Migration and Reverse Engineer Services

Nektra has a wide experience building ad-hoc migrations for applications that doesn’t provide importing and exporting mechanism. We have researched a large number of applications looking for undocumented interfaces to use for this purpose. A prove of these skills are our products and a big amount of articles researching different technologies.
We have a team of professionals that can help so Just ask.

Top Areas:

Complete list of Nektra Services

cache, oeapi, opensource, outlook, outlook express, outlook express api, release, reverse engineering, system internals, thunderbird, win32, windows, windows address book

Nektra Contact Manager for WinMobile

We are glad to announce a new version of our Nektra Contact Manager for Windows Mobile. This version has a lot of improvements in performance and lots of details were fixed. It can be downloaded here

Screenshots:


Group by Company	Display Call History	Applying filter

Nektra Panorama: Windows Mobile Development Toolkit

We are glad to announce our first demo version of our new product Nektra Panorama. This toolkit allows developers to build applications in WM using controls built over the native API.

Nektra Panorama expands the platform with a fast-response user-experience and a very simple programming interface.

The grid view control is versatile, it can be filled with almost any thing. Here you can find a screenshot:

For a bigger example of the possibilities you can take a look our Nektra Contact Manager

Transitions

A high point of Nektra Panorama is the powerful transition interface. Using a single OS window for the entire application let developers create smooth transitions. Here you can see a ‘move’ transition to switch between menu window and Animation window in Nektra Panorama demo

The code to write this transition:

NktTransition* actionNew = new NktMoveToTransition(final, 600);

NktTransition* actionCurrent = new NktMoveToTransition(finalCurrent, 600);

wnd->MoveTo(origNew);

wnd->BringToFront(false);

actionNew->SetTarget(wnd);

actionCurrent->SetTarget(_current);

_scheduler.Add(actionNew);

_scheduler.Add(actionCurrent);

In this transition the origNew contains a rectangle out of the screen on the right. The rectangle finalCurrent is out of the screen on the left side. This code moves the control ‘_current’ out to the left and the control ‘wnd’ to enter the screen from the right side.

You can see a complete description of your product here

How Apple could have avoided fraud in iTunes with our Secure Code Generator

April 28th, 2009 | Posted by Pablo Yabo in opinion | Secure Code Generator | security - (0 Comments)

Now everybody has heard about the Chinese hackers who cracked the codes used for the iTunes Store vouchers. Using key-generators they have created millions of voucher codes and they are now selling $200 vouchers for as little as $2.60 online.

Following a report on the blog of Chinese music industry consultancy Outdustry.

It occurred to us that this is one of the main reasons many different companies approach us for advice.

Our secure code generator software is used by many large companies, throughout the world, such as British American Tobacco. It has been used in a wide range of applications such as database marketing, phone card pin generating and scratch card games. It allows you to minimise the liability and exposure your company faces with problems associated in secure code generation, and most importantly reducing your costs.

Generating secure codes creates a huge wealth of problems that many companies don’t realise, it is a complex conundrum.

In most cases developers decide, knowing time is constrained, that using a standard pseudo random generator that is included in a standard library is the way to go.

This may work for Monte Carlo Simulations but when money is involved it is not the correct way to solve the problem.

A straightforward solution is to use a strong pseudo random generator or… a real random source. This is a convenient way but it is necessary to store all the numbers generated and then verify each one to see if they are duplicates of a previously generated number.

The most desirable solution is to have a function f(<index>) and to change the index so it generates non-repeatable pseudo random numbers. It would be even more desirable to customize the function with a secret key <key> so that you can change the function easily.

For business campaigns it would be better to add some configuration so that you can customise the alphabet and the length of the codes used. With this solution you only need to remember the key and the upmost index to check if the codes were indeed generated by you.

Remember that the chance of guessing a correct code depends of the number of codes generated, the length of the code and the alphabet used by the code.

Function f must not just be any function, it must also obied by some strong security properties.

This is exactly what we deliver with our secure code generator software. A very simple library to generate custom codes in the most popular programming languages and different operating systems.

It’s time for Apple and other companies to take coupon, codes and pin generation seriously otherwise i suspect we shall see similar stories of people hacking vouchers in the future.

You can use Secure Code Generator in many applications…

M-Coupons for consumer focused marketing campaigns.
E-Coupons for product discounts.
Event tickets with verifiable security.
Authentication codes for service/prepaid cards.
Special businesses offerings.
PIN & TAN (Transaction Authentication Number) generation.
Obfuscation of internal codes.
Mobile Phone 1D & 2D Barcodes campaigns.
E-banking token authentication.
Firmware for devices like Digipass®.

Secure Code Generator is also indispensable for scratchcard (e.g: a scratch off, scratch ticket, scratcher, scratchie, scratch-it, scratch game, scratch-and-win or instant game) games.

Secure Code Generator also provides these essential features.

Non-predictable and Non-deducible codes.
Codes with variable lengths.
Numeric & Alphanumeric code generation.
Codes can be verified in real time without requiring the massive storage of generated data.
Secure Code Generator can be integrated with almost all programming languages (i.e. C/C++, .NET, Java, PHP, Python, Ruby & Perl).

More information about our secure code generator is available at:

http://www.nektra.com/products/secure-code-generator/index.php

china, chinese, codes, crack, database-marketing, hack, itunes, security, tokens, vouchers

DirectSound Capture Using Deviare

Download Deviare Download Sourcecode Download PDF

Introduction
Research
- Direct Sound Capturing
- Monitoring Skype Conversations
Implementation
Running Sound Capture
- Easy Steps
- Registration
What’s next

Introduction

Today we are going to see how easy it can be to capture audio with Deviare. From players like Windows Media Player, instant messaging applications like Skype & Windows Live Messenger, to any application using DirectSound. The wave output will get captured by us. Deviare is indeed a powerful framework. Built to resolve most complex tasks in the simplest way. With a few lines of python, all our hooking is done and running. Today performance is extremely important, yet Deviare proves itself as the best. It allows you to also take advantage of the full power of Python Python

Research

Direct Sound Capturing

I must be honest, I’ve never used the DirectX API in my life, so I was a bit uncertain of how difficult this could be. I started by looking at MSDN documentation on IDirectSound and IDirectSoundBuffer. The first goal was to find a safe place to read its sound buffers. I found out that IDirectSoundBuffer::Unlock could serve my intentions well. At this point, the user is telling DirectSound that he has finished writing his wave output and the locks may be released. So, if we step in between, we can safely read the buffer. The user is no longer writing to it, and DirectSound has not yet taken control of it. I tested it on many applications and it turned to be the right choice. It works perfectly for WMP, Windows Live Messenger, and many others. No problems showed up until I stepped with Skype…

Monitoring Skype Conversations

This might be the way many applications handle their sound output, but it was the first application I have seen and I named the case after it. Later, I found a few articles describing it in detail. Skype So, to my surprise, I was not seeing any data being written to the sound buffers after the unlock was called. How the hell is it writing its wave, and how am I supposed to read it?!. It kept me thinking for a while, until I noticed an interesting and constant call to IDirectSoundBuffer::GetCurrentPosition. Then I realized that this writing method depends on constant reading of the play and write buffer pointers. That’s because DirectSound, as most stream based implementations, works with a Circular buffer. Capturing its wave output requires that we keep track of changes in the write pointer. Once we know it has moved forward in the buffer, we can read its steps. Since here we don’t know how much the user has actually written to it, we must know the full size and location of the buffer. Unless we want to read garbage, but I’m sure that’s not the case .

Implementation

Deviare Python wrappers

Before we get our hands dirty, let me introduce you to something new in Deviare: Python Wrappers. As you already know Deviare is exposed through a series of COM interfaces. To save ourselves from the work of writing a whole new set of bindings, we used the well known project PyWin32. It’s very friendly to be used directly, as you may see in py_deviare_objects.py, just not enough to me. So I built these wrappers on top of it and made them as transparent as possible. You’ll find the use of the interface very similar to the way it’s done in our C# examples and in compliance with the python way of life, of course. Python Code

Wave Tools

I wrote these tools to help me write down the captured wave data. This may be obvious to people working in audio projects, but for me I cannot believe there is no native support in Windows to read-write Wav files! Yes, there is native support to write RICH content but come on! Luckily for me, I found a small sample C++ class inside the DirectX SDK. This was good enough for me to write my own in Python. As you may see, my WaveFile class only supports the write operation. Though, adding a read member should be easy enough for you . I have also added a lock to it, to ensure our data does not get corrupted by multiple thread operations. You may use it safely. The structures used were defined exactly as found in DirectSound and WinMM headers. Some of them are used by DirectX to specify the format of the wave content.

COM Type Libraries

By default, DirectX installations do not register their library types. Since we need that information, so Deviare can hook them, I created my own definitions with the interfaces we are interested in. To prevent any collision with previous installations, I used a different GUID. There is a python script that takes care of its registration and it’s automatically ran on demand by our example. Again, definitions are exactly as found on DirectX SDK. Directsound

Virtual Table Finder

To obtain the virtual tables for the interfaces, we basically have two options. Either we wait for its instantiation by the target process, or we find them ourselves on our own. Our first option is known to work for sure, yet we delay our installations until these events rise. This may also place us in a race and we may not capture all the output. The second one allows us to hook our targets immediately. Yet, in this case, we depend on the library (dsound.dll) being loaded in the same address space of our target. I have placed the two options in our example. If the current one is not working for you, uncomment the other at py_deviare_directsound.py

Hooking Direct Sound

The first thing we need, is to know every time a sound buffer is created. For that we are going to intercept calls to IDirectSound::CreateSoundBuffer. If the calls succeed, we look-up the table location inside the returned instance. From there we are going to hook four members of IDirectSoundBuffer:Initialize, SetFormat, Unlock and GetCurrentPosition. The first two, are used to obtain the wave format that the user is writing to the buffer. We also need to watch details from the call that creates the sound buffer, in case it is specified there. The Unlock member, as our research told us, is used in most applications to notify DirectX that the buffer is written and ready to be played. So we read the buffer pointers and size, to use Deviare’s memory interface to copy all content. We need to be careful, and see if the call actually succeeded. Only then can we save the wave data, else we must discard our buffers. With applications that keep track of the play and write cursors, we are going to monitor their calls to GetCurrentPosition. As explained earlier, with this method, I need to know the full size of the buffer and its location. So I save it from the first call to Unlock. Then I virtually divided my buffer in N segments, and filled it with the wave data as the write cursor moves forward in the buffer. Once my buffer contains enough data, I write it down to the wave file. To prevent false positives, in the creation of sound buffers, I delay the creation of my file until I have real data stored. In case we are monitoring the creation of IDirectSound in the target process, we also need to hook DirectSoundCreate and DirectSoundCreate8 from dsound.dll. There we can obtain the virtual table for IDirectSound, and follow our quest.

Running Sound Capture

Easy Steps

Execute the run_me.py located among the deployed files, and you’ll be prompted with a window to type the complete name of the process you want to start monitoring. For example: Skype.exe. Once the program starts capturing, the wave files will be written in the same folder. Once you are done, click OK on the dialog box to stop recording. Now you can open the .wav files generated, and listen the capture. Do not open them before closing the example as the data may not be readable by then.

Registration

The first execution of our example, will automatically register its interfaces and data types. It will also generate a file labeled .deviare_types_registered to prevent registration on the following executions. You can safely remove the file at any time you want the registration to be run again.

What’s Next

Optimizations

At any point of our handling, performance is essential. Any delay is highly punished by the sound output. So we must be careful about any operation we do inside the function call. This example tries to cache enough data before doing a write operation to disk. In case you need to improve its performance, you should read the data and release the call as soon as possible. Then in a different thread, or in a non punitive call, flush our data to the wave file.

Wave API hooking

This example could be very easily adapted to capture wave data from applications using WinMM API. Most browsers, Flash, and Google Talk use it to throw their sound output.

Hook DirectSoundCapture And Listen To Full Conversations

You should have noticed, when capturing from Skype, that your own voice is not heard. That’s because the application is not echoing its capture from the microphone. To get that too, it is necessary to hook IDirectSoundCaptureBuffer and proceed the same way to read its buffer.

Inspect More COM Interfaces

If you want to discover a lot more about the internals of DirectSound, then Deviare will be very valuable for you. Inspecting COM object is very easy indeed. Simply define one of its interfaces (if its not already registered in the system) and hook them the simpler way. If you are wondering what other interfaces may be useful for you, try our Deviare COM Console to discover them. It comes with source code, and you are free to adapt it to your needs! And That’s All Folks, hope you find it useful, enjoy!

Audio Recorder SDK

We did a large number of solutions around this code. We added support to other applications like GoogleTalk, latests versions of Skype and MSN Messenger.

We know how to lead with frequency conversion when mixing the microphone and the audio. Mixing inputs with different sample rate is complex. Nektra can solve this issues for you.

Using all this knowledge together we have developed a complete Audio Recorder SDK that provides a simple API to record full conversations (both microphone and audio together).

Any doubt just ask and we will provide a fast quote for your project.
More information in Nektra Services

A comparison of Deviare and EasyHook

December 16th, 2008 | Posted by Pablo Yabo in Deviare | opinion | products - (3 Comments)

We are comparing our hooking engine Deviare with some of the other products available, so that you can get an idea of what each engine can provide.
Here is a comparison of Deviare against Easy Hook.

Functionality	Deviare	EasyHook
Database with Functions and Data Types	Yes	No
Intercept multiple functions with a single handler	Yes	No
Selective Handler for each Function	Yes	Yes
Relocation of Relative ASM Instructions (RIP)	Yes	No
Save & access Call Function Context	Yes	No
Access registers & flags	Yes	No
Access return address	Yes	Yes
Get/Set win32 last error	Yes	Yes
Monitor COM Objects creations	Yes	Partially
Hook COM Objects	Yes	No
Provides COM Interfaces accessible from any language	Yes	No
Enumerate process’ modules	Yes	Yes
Enumerate module’s exported functions	Yes	No
Get module path and info	Yes	Yes
Automated call of original function	Yes	No
Thread Deadlock Block	Yes	Yes
64 bits support	No	Yes
Thread Safe Hook Install	Yes	No
Native Support	Yes	Partially
Inter-Process Communication	Yes	Partially
Custom Library Injection	Yes	Yes
Stealth Support	No	Yes
Kernel Mode Hook	No	Yes
Driver Installation	No	Yes
Relocation of Instruction Pointer	Yes	No
Requires .Net Framework	No	Yes
Use System Runtimes (CRT)	Yes	No
Hook Terminal Sessions	No	Yes
Full unload before target termination.	Yes	No
Execute As Service	No	Yes
Prevent execution inside OS Loader	No	Yes
Thread selection filter	No	Yes
StackTrace	Yes	Yes
User-mode Wide Hook	Yes	No

against, api, compare, comparison, deviare, easy, easy hook, hook, hooking, vs, windows

Open source software

November 11th, 2008 | Posted by Pablo Yabo in firefox | opensource | opinion - (2 Comments)

Everyone likes something for free, but open source is free as in freedom not as in beer.

Lots of companies use open source software and many put a lot back into the open source world but just how much do they put back?

It is impossible to find a definitive answer to this so we are just pointing out some ethical issues, when a “leecher” takes the work of others without giving back its detrimental to the open source movement.

In 1993 Apple’s Operating System was seriously in need of an upgrade. Their internal development of a new OS was not going well, so they looked externally for an OS. BeOS and NeXTSTEP were the main candidates, BeOS was a completely new OS developed from scratch and NextSTEP was an OS built on top of BSD. They went with NextStep and acquired the company behind it NeXT for $429 million. BeOS was later bought by Palm, inc after which they discontinued BeOS. BeOS users without a viable upgrade path and BeOS developers with programs stranded on an unsupported platform then decided to develop Haiku, an Open Sourced operating system.

NeXTSTEP then went on to become MacOS X. Apple released the Open Sourced Darwin, The core components of MacOS X, in 2000 under the Apple Public Source License. This release spawned OpenDarwin, a project designed to create a stand alone Darwin operating system. This failed with the developers stating OpenDarwin had “become a mere hosting facility for Mac OS X related projects. Availability of sources, interaction with Apple representatives, difficulty building and tracking sources, and a lack of interest from the community have all contributed to this.” There is a new project called PureDarwin which is currently trying to complete a release based on Darwin 9.

Apple used to distributed a binary release of Darwin themselves but stopped in 2005. Currently they only release the source code of Darwin, Although within this they include proprietary drivers of their AirPort wireless cards. They also exclude Carbon, Cocoa, Quartz Compositor and the Aqua user interface. This prevents users from running MacOS X software. There were good reasons for Apple to go via the closed source route for these but when taking so much from the Open Sourced Community surely it would be nice to give more back? Although some people say Apple have saved BSD.

Microsoft is a company well known for their closed source software. Originally network protocols were an add on to their operating systems and it wasn’t until windows 95 that the TCP/IP Stack became part of the operating system.

Originally they tried their own protocol Netbeui and then reverse engineered Novell’s IPX protocol but finally they adopted the BSD’d TCP/IP (you can see the BSD license within their source here.) There is nothing ilegal in Microsoft using the BSD code for their implementation of TCP/IP but because the code was under the BSD license any changes they made were not released for the benefit of the rest of us. If the code had been under the GPL license would they have used it? Who knows but it would have forced them to release any updates they made. Maybe they would have developed an alternative protocol and the internet would not be as it is today!

Flock is an interesting case of a company using open source for the basis of their product. Flock itself is an open sourced project where

“Yes, Flock will be open source. We may incorporate some proprietary technologies into our browser and releases some features under a commercial license, but all of our initial code, and the vast majority of our code going forward, will be open source.”

We know the Flock developers want to keep Flock compatible with Firefox and it may be based on Firefox, but they are two separate projects. Code will increasingly change and although extensions currently work on both browsers as the code develops we’ll see extensions working with either Firefox or Flock. What will happen if Firefox decide to implement some of Flock’s ideas differently? Will Flock go to their source and follow the way Firefox have implemented the idea?

Would it have been possible for the Flock developers to have just released an extension that just adds the tools that Flock adds? With the creation of a new browser they have potentially forked the developers of extensions for Firefox. Flock has investors to keep happy, is it possible for them to do that whilst keeping extension compatible with Firefox?

What about Google’s File system? This is a customized file system that writes LARGE chunks of data and sits above a standard Linux file system. What changes have Google made to the “standard” Linux file system? Are they going to give the open source community their code? As the software is running on a server and not being distributed they don’t need to share the code but should they?

We all know Google also uses a stripped down optimized version of the Linux Kernel for high performance without which they couldn’t possibly exist. What changes have they made that they’re not sharing with the rest of us? The hiring of Andrew Morton does help though.

For example there are a number of companies that use dmoz.org data the most well known being Google Directories which combines the dmoz data with its own pagerank. Does this make dmoz irrelevant? How are they contributing to the dmoz project?

When money becomes involved it isn’t uncommon for a project to move from open source to closed source. Activecollab was one such project, originally released under an open source license, it has since moved to a closed source commercial project.
“When it was first released, activeCollab came with an open source license and that was what attracted me to the project. I thought it held promise of being a very powerful and useful project management application if developed by an active community of users.
But the developer has decided to stop open source development on the project. Development will now be closed source, at least on the core features. The next release, version 1.0 due out next week, will also not have a free version. Your only options for activeCollab 1.0 are SmallBiz ($199) and Corporate ($399).”

Although a fork has been started the move to closed source will have alienated a lot of developers and users.

It is interesting to watch Mozilla to see how their creation of a “for profit” corporation which supports the popular Firefox Web browser and Thunderbird E-mail client as well as developing custom software based on open sourced products. This happened in 2005 now 3 years later has much changed?

“the Mozilla Corporation is not a typical commercial entity and will only pursue revenue-generating activities that are consistent with offering end-users with the best experience possible.”

Mozilla did ask the public for money in a 2 page advert on December the 16th 2004. This was before the creation of their commercial wing but with reports of as much as $72 million being poured into Mozilla Corporate from Google for carrying Google advertisements why are they still asking for donations?

Should the people who donated before the corporate side was formed be considered shareholders of Mozilla corporate? What about new donators? Why should you donate to an organization that has a very wealthy corporate company behind it?

Will all the contributors to Firefox and Thunderbird be given shares or money for their work that the Mozilla corporation are profiting off?

We can see that Firefox and Thunderbird are both still available for free from the Mozilla website, Both currently supported by Google’s Ad money and donations, but for how long? With Firefox being the cashcow for Mozilla Corporate will Thunderbird fall by the wayside? There are rumors that it will find itself under a different company with Mozilla Corporate becoming Firefox Corporate.

One companies solution is the advent of dual licenses. They release their software as both open source under the GPL and as a commercial product. This allows them to employ staff full time to work on the product, It also allows companies that wish to use the software and modify it but not share their code with others that opportunity.

In the Games Market id Software also license their older game engines under the GPL as well as offering the opportunity to use their engines under a commercial license. Other companies such as 3d Realms and Parallax Software have released the source code for some of their games but without a commercial option for their engines. The dual license here obviously benefits companies wishing to add to the source code to the detriment of being forced to release possible upgrades to the original open source engines.

Another place where Open Source software has taken off is in Web services. Many companies are taking advantage of Open Source software on the Web but they’re not obligated to publish their code if they make any changes because they are not redistributing the software in a package as either a download or a physical medium. The web is a new distribution medium for them.

A License has been developed to apply to the software that is in this loophole, The Affero GPL. This licenses software that is ran on a server. One such project is in the UK where petitions to the Prime Minister is ran on Open Sourced AGPL v3 software.

What is the fair value of return to the open source if you earn a lot of money?

“IBM says to a customer, ‘Do you want proprietary or open software?’ Then if they want open source they say ‘OK, you want IBM open source.’ It is always IBM or Sun or HP open source,”

“Companies are using the potential of communities as subcontractors — the open source community today is a subcontractor of American multinational” said Jesús Villasante, head of software technologies at the European Commission

in reply James Baty, a vice-president at Sun, said that companies such as his have a responsibility to contribute to the open source community. Sun itself contributes to a number of open source projects, including the open source productivity application OpenOffice.org.

“There are companies that are takers from the open source community, other companies are taking the attitude that they have to contribute, Open source should be seen as an opportunity, not as something to capture and abuse.”

We know major corporations have made valuable contributions to open source software, as well as persuading businesses and IT professionals that it is a credible alternative to proprietary options, but do they take more than they provide?

We here at Nektra Believe Open Source will always have an important place in the world and provide CookiePie under GPL, NKT WAB under LGPL and Trappola under LGPL, but it is essential that the Open Source community is not taken advantage off and valuable contributions are put back into the community.

3d realms, activecollab, affero, AGPL, apple, BeOS, cookiepie, corporate, dmoz, dual, firefox, Flock, fork, google, GPL, ibm, id, lgpl, license, licenses, linux, MacOSX, Microsoft, mozilla, nektra, NeXTSTEP, nkt wab, nktwab, open office, Open Source, openoffice, opensource, opinion, OSX, software, sun, TCP/IP, thunderbird, Trappola

The truth about Google Chrome using Spy Studio

Everyone has a lot of questions about Chrome. Some people say that it is spyware because each and every character you enter is sent to Google. Hundreds of comments like this can be found on the web, like this one that says “Chrome spends nearly as much time phoning home to Google as it does talking to other Web servers.” On the other hand, you can also find on the web the opposite opinion that claims “If you do not wish this data to be sent to your search provider, you have a number of options: Use incognito mode, turn off search suggestions permanently or change your search provider.”

Who is correct? What kind of information is really traveling between Chrome and Google? What data about you is being sent to the web? Is it true that Google’s browser sends details about everything you do? Is it an unsafe browser? What happens behind Incognito mode?

The first thing we want to know is “What information does Chrome send about visited sites to Google”? Many different opinions can be found on the web, and some are really alarming. One person says that toolbarqueries.google.com collects everything the browser sends to it. This is indeed true, and you can see in metrics_service.cc [chromium.org], what information about visited websites is being sent. Although this only happens if you selected it in Chromes ‘Under the Hood’ (Options -> “Help make Google Chrome better by automatically sending usage statistics and crash reports to Google”) this option is not selected by default, you have to specifically select it during the Chrome installation. Using SpyStudio you can be 100% certain about this by checking and un-checking the option, and watching all the ‘send’ function calls. So, does Google Chrome send information about every website you visit to toolbarqueries.google.com? The answer is no, it does it only if you request it to. This doesn’t mean that other information, like the one send to google-analytics, is not being sent anymore.

However it is interesting to notice that this behavior is exactly the same under Incognito mode. This means that if the option of sending usage statistics is checked, it doesn’t matter what mode Chrome is running, the statistics are sent anyway. We know that the only differences between normal and Incognito modes are the logging of websites visited, files downloaded, download histories and cookies. So this feature is local to the machine, and nobody has said that statistics are not sent under this mode. Although I think for many of us, we implicitly assume to be anonymous while running Chrome under Incognito mode. So we better keep the limitations of this feature in mind! Again, this only applies when sending statistics option is selected.

The other feature we want to inspect is the suggestion made by the address bar: “When you type URLs or queries in the address bar, the letters you type are sent to Google so the Suggest feature can automatically recommend terms or URLs you may be looking for.” This is highly controversial, we want to know about this feature when using Incognito mode (in which the suggest feature seems to be automatically disabled). Again we can use SpyStudio to make sure. You can see that Chrome does not send any information to Google about your key strokes when using Incognito mode. You can also watch calls to GetAddrInfoW function, which provides protocol-independent translation from a Unicode host name to an address.
When you are not running on Incognito, you can turn this off by right clicking on the address bar and selecting “Edit search engines…” Then uncheck the check box at the bottom labeled “Use a suggestion service to help complete searches and URLs typed in the address bar”.

We can now safely stop all the paranoia about Chrome. We can see the information that Google Chrome sends to Google using SpyStudio and we know that this depends on the options you choose. So Chrome is not spyware that sends everything you do to Google. I also believe it is important to understand what features the Incognito mode provides and not assume things about it.

Watch Google Chrome

See for yourself the information that Google Chrome sends to Google. Use Nektra’s SpyStudio to monitor Chrome’s behavior. It is very easy:

Download SpyStudio from Nektra’s website free of charge and install it.
Replace the database ‘deviare.fdb‘ with a new version. You will find ‘deviare.fdb’ in the path you installed SpyStudio: SpyStudiobin
Download the script chromewatcher and then add the path where you saved it to SpyStudio. Edit -> Preferences -> Python
Run SpyStudio and import the module chromeWatcher by typing “import chromeWatcher” in the Python console. Then start monitoring by calling the Begin() function by typing “chromeWatcher.Begin()”.
Now watch SpyStudio while using Google Chrome to find out what information is sent by Chrome.

What does the ChromeWatcher script do?

The ChromeWatcher module was specially made to capture calls to the Winsock functions ‘send‘ and ‘WSASend‘. To know where the information is going, a socket connections track must be kept. So it is necessary to hook ‘connect’ and ‘select’ functions too. The idea behind ChromeWatcher is to hook ‘send’ and ‘WSASend’ calls that are made to Google and show them to you.
To understand better this script you can see SpyStudio documentation on: SpyStudiodoc

chrome, deviare, paranoia, security, SpyStudio, spyware

Google Treasure Hunt puzzles are too easy?

May 23rd, 2008 | Posted by Pablo Yabo in Java | opinion | PHP | programming - (0 Comments)

Seems that the Google guys are getting softy. The last two questions of the Google Treasure Hunt 2008 were easily solved.

The Question #1 is about paths. We have a robot that can move down or right, in a n x m grid. So how many possible paths exists, from the top left to the top right?

It gets solved just searching in Google for “grid path right down” from there you will get the equation that you must run on any language that has Big Integer implementations, since involves the calculations factorial.

Example of our solution for the first puzzle in Java:

BigInteger dividend = factorial( (rows-1)+(columns-1) );
BigInteger divisor = factorial(rows-1).multiply(factorial(columns -1));
System.out.println(dividend.divide(divisor));

The Question #2 seems to be even easier. It involves to transverse a directory tree, filtering the files that verifies 2 conditions based on the path string and the extension string (like .txt or .xml). Then reading some specific line. All files are text files this simplifies then things even more. Nothing hard to any programmer.

Snippet of our solution for the second puzzle in PHP:

// Setting where's the Google Treasure Hunt Directory
$dirbase = 'GoogleTreasureHunt08_11336769377172459175';

// Creating and loading the directory Tree
$tree = new Mytree($dirbase);
$tree->load();

// Getting the leaf Files
$leafs = $tree->get_leafs();

// Filtering to files that satisfies the conditions
$cond1 = array_filter ($leafs, filter_bycond1);
$cond2 = array_filter ($leafs, filter_bycond2);

// Doing the sums at the right line number
$sum1 = array_reduce($cond1, create_function('$v, $node',
             '$v = ($v == null) ? 0 : $v;'.
             '$v += (int)read_line($node->data, 5);'.
            'return $v;'));
$sum2 = array_reduce($cond2, create_function('$v, $node',
            '$v = ($v == null) ? 0 : $v;'.
            '$v += (int)read_line($node->data, 5);'.
            'return $v;'));

echo $sum1, '<br>';
echo $sum2, '<br>';

// Obtaining result
echo $sum1 * $sum2;

So as you see, there’s no complication at all. I would expect some challenge when Google uses the “Puzzle” word. Maybe they aren’t what they were? I don’t know, but I will be expecting some real challenge to solve .

Robot solution: GTH Q1 Java solution

File transeversing solutino: GTH Q2 PHP solution