Friday, July 13, 2012

How to easily upgrade your Galaxy Nexus to Android 4.1 Jelly Bean



This tutorial is mainly dedicated to Canadian owner of Galaxy Nexus phones or any owner of a GSM/HSDPA+ version of this phone (I9250) who wants to upgrade to Jelly Bean without waiting for monthes.
Update: you can use this proces to update other versions of Google devices like the Nexus S to any version of Android available from Google website.

It is a very simple process which uses only official Google tools, Firmware and tutorials.

DISCLAIMER: The following process will erase all data on your phone, and may void your warranty. So backup your data and do it at your own risk. I'm not responsible for anything.

The tutorial works with Linux and Windows.

First you have to update your USB config on your Linux box (even if adb already worked). Just create the file has described in “Configuring USB Access” in this page: https://source.android.com/source/initializing.html#configuring-usb-access
Follow only instructions from the “Configuring USB Access” section. All other instructions in this page have nothing to do with what we are doing here.
For windows, using USB drivers provided by Android SDK (often call adb driver) will be good. To download the USB driver, go to http://developer.android.com/sdk/win-usb.html, and go to http://developer.android.com/tools/extras/oem-usb.html#InstallingDriver to see how to install it. When you have the list of the 3 available drivers, instal the "bootloader" one.

Then, you need fastboot and adb software. Fastboot and  adb are available and already compiled in Android SDK ( download it http://developer.android.com/sdk/index.html ). Note that fastbook and adb programs must be in your path. You will find it in platform-tools folder in the sdk. To do that, unzip the SDK somewhere, but avoid spaces in the path to the SDK (a simple solution may be to put the SDK in your home directory), and add "platform-tools" to your path (here is how to add a directory to your path for Linux and windows)

Now we have to download the full firmware for Android 4.0.4 from Google server. We need the “yakju” version of android 4.0.4 available here: https://developers.google.com/android/nexus/images#yakju
Since Android 4.1.1 image is now available, you can directly download the 4.1.1 version, follow the same process to install it and avoid the upgrade process at the end.

Everything is now ready to start upgrading

First thing first, you have to unlock your phone. It's really easy, and Google describe how to do on this page : https://source.android.com/source/building-devices.html.
Since you already have fastboot and adb from Android SDK in your path, jump directly to “Booting into fastboot mode” section. Use the key combination described in the table, for “maguro”: Press and hold both Volume Up and Volume Down, then press and hold Power.
When a screen with some information is displayed, plug your phone on your computer using your USB cable and run this command:
fastboot oem unlock
If the process goes well it should say so. If it hangs saying it is waiting for the device, you may not have the good USB configuration/driver.

Once your phone is unlocked, unzip the “yakju” image you downloaded anywhere you want. From a command prompt, go in the created folder, and run flash-all.sh . This is a script for Linux (or cygwin). If you use Windows, can run the script from a cygwin terminal. Just download Cygwin installer at http://cygwin.com/install.html install it, and then, open a Cygwin terminal.
Wait until the installation is completed. It took 100 seconds for me.

Then you can reboot… and voila, you have Android 4.0.4 running.


Now you have to upgrade to 4.1.1. The first times you will check, it will say it’s up to date and no update is available.
You may have to make the following operations a few times to see the update for 4.1.1:

  • go in:/settings/apps/all/google services framework/
  • once it opens clear data and force stop
  • run "/settings/about phone/check for updates" to see if the update is available.

When it says an update is available, just accept it and the installation of Android 4.1.1 Jelly Bean will start.

That’s that simple. The good thing is that starting now, you will receive all Android upgrades as soon as Google will release them. Isn't it fantastic?

If you have any question, leave a comment.

Wednesday, November 2, 2011

Connect to Windows 8 Remote Desktop / Terminal service from Linux



UPDATE: Since Ubuntu 12.04, Remmina, which is a native remote desktop client, is able to connect to Windows 8. Maybe, you will have to setup your remote desktop server (Windows 8) to allow connection from old clients in your Windows 8 box.
Important thing: When you will connect to your Windows 8 box, you may have only a black window. Don't worry, leave it like that, and open a second connection. The second connection will display your Windows 8 desktop. Now you can close the first connection with the black screen. Don't ask me why it happens this way, I don't know.




Actually, it seems that none of the Remote Desktop / Terminal server clients available for linux are compatible with the new Windows 8 Remote Desktop server / Terminal Server.

However, there is a simple way to connect to Windows 8 Remote Desktop server / Terminal Service from your linux box. Here is the process tested on Ubuntu 11.10 with the default Wine version.

  • Install wine by executing the following command:
    • For ubuntu: sudo apt-get install wine
    • For RHEL/Fedora, as root: yum install wine
    • For last version of wine and other distributions you can go here: http://www.winehq.org/site/download
  • Now download Windows Terminal Service Client from Microsoft website: http://www.microsoft.com/download/en/confirmation.aspx?id=20609
  • When it is donwloaded, double-click on the file to launch it, like for a normal software. 
  • If the installer doesn't launch, open a terminal, go in the folder of the file and launch it with: wine WindowsXP-KB969084-x86-enu.exe
  • Follow the normal install process, like for a standard Windows install. Keep all default options.
  • The install process will not add a launch icon in your application menu, so you will have to create the launcher by yourself. However, at this time, for the purpose of the test, we will launch it from a terminal with the following command: wine ~/.wine/drive_c/windows/system32/mstsc.exe
  • And voila, Remote Desktop Connection is Running, as you can see below. However, having the remote desktop displayed on your screen may need some more settings, as you will see below.

  • Configuring some settings is required. For example, on Ubuntu 11.10, the following configuration is required:
    • In "Wine configuration", disable Direct 3D Pixel Shader:
      • Open "Wine Configuration" interface from your application menu or using this command: wine winecfg.exe
      • Go in "Grpahics" Tab
      • In "Direct 3D" area, un-check "Allow Pixel Shader (if supported by hardware)".
      • You can set "Vertex Shader Support" to "None" if you want, but it's not sure it has an effect.
    • In remote desktop client, Disable Audio streaming to local computer: 
      • Go in "Local Resources tab"
      • Click on "Settings..." in "Remote audio" area
      • Select "Do not Play" in "Remote audio playback" area
  • Now you should be able to have the login screen working and the desktop displayed. Note that it may have some errors or crash.



Friday, April 15, 2011

Set a simple SMTP relay with TLS and authentication

The goal of this post is to show how to configure quickly a SMTP relay for a postfix server. This may allow for example a local postfix server to use a remote SMTP to send emails. It is very useful if your ISP block port 25 and you want to use secure SMTP connection to send email from your local server using a remote server.

The system described here is:
  • a local postfix server
  • a remote SMTP server ( smtp.myserver.com) with TLS secure connection and which require authentication (login + password)

All the configuration is done in  /etc/postfix/main.cf. To edit this file, use this command:
gksudo gedit /etc/postfix/main.cf

First we will set the relay host. Add the following line and replace www.myserver.com:587 with your server information
relayhost = smtp.myserver.com:587
By default, your port may be 25. Set it according to your remote server configuration.

Next, we will set authentication parameters with the following lines:
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
smtp_sasl_security_options = noanonymous
 /etc/postfix/sasl/sasl_passwd is the path to the hash file containing login and password information. You need to create this file and insure only root will have read and write capability. The edit the file and write:
smtp.myserver.com username:password
Replace  smtp.myserver.com, username and password with your SMTP server address, the username and password you want to use to login. Then execute the following command:
sudo postmap /etc/postfix/sasl/sasl_passwd

Now, we have to configure the TLS parameters. Add the following lines to /etc/postfix/main.cf:
smtp_use_tls = yes
smtp_enforce_tls = yes
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
In this configuration, we will force TLS use and enforce ssl certificate verification.
If the ssl key used for your server is valid, you may not require more configuration. However, since postfix may try to connect to myserver.com and not smtp.myserver.com, it may not work correctly. Same thing if you uses a self signed ssl key. To fix that, we will use a fingerprint digest verification. To do that, add the following lines:
smtp_tls_security_level = fingerprint
smtp_tls_fingerprint_digest = sha1
smtp_tls_fingerprint_cert_match = 00:11:22:33:44:55:66:77:88:99:00:11:22:33:44:55:66:77:88:99
 Replace 00:11:22:33:44:55:66:77:88:99:00:11:22:33:44:55:66:77:88:99 with the sha1 fingerprint of your ssl key. You can use md5 instead of sha1, but sha1 is better.
To find the sha1 or md5 fingerprint, you can connect with firefox on your server (if you uses the same ssl key for the web) and just check ssl certificate information where md5 and sha1 info are displayed.

Now, restart postfix and it should work.
sudo /etc/init.d/postfix restart

Now you can test if everything work by sending email with this command:
echo "test" | mail -s "Test subject" youremail@youremail.com
Replace  youremail@youremail.com with your email address.

You should receive this email.

This configuration allow to relay email, but do not configure your postfix server to allow you to  use the SMTP fonctionnality of your local postfix server ton send email outside. It may need more configuration to give the right to relay email outside. By default postfix prevents it to avoid the server to be used for spam. Setting the following parameters may allow you to send email to email addresses hosted on the remote server (myserver.com), but not to all email addresses.
relay_domains = myserver.com
local_recipient_maps =
smtpd_recipient_restrictions = permit_auth_destination permit_mynetworks reject_unauth_destination
To allow relaying to all addresses, check required configuration in postfix documentation.

Thursday, March 24, 2011

Linux conspiracy against Microsoft Windows and against you

Everybody knows now that Linux and open source community are in a war against Microsoft and its operating system Windows.
What is impressive is to see the amount of energy and ingenuity spent by Linux fans to hurt Microsoft Windows. Recently, the Linux community has found a way nobody may thought possible to prevent Windows 7 Service Pack 1  to install and, in this way, hurt Microsoft Windows 7 security and credibility.
Indeed, they were able to prevent Win 7 SP1 to install as soon as a hard drive with a Linux partition is present in the computer.
Since the reason of the installation error is not understandable for standard humans like you and me, everybody will think that Win 7 SP1 can't install because of a bug in Windows 7 when the source of the issue is in fact Linux.

This is cheap, but this is the way Linux tries to discredit Microsoft Windows.

So, be warn, Linux community is here and is fighting against you....





Ok, I confess, I should have enclosed this post with <troll></troll> or <sarcasm></sarcasm> tags. However you must agree that with such nice, well documented and well thought article I should have been published on slate.com.


Last thing: the issue reported here with Win 7 SP1 installation is real. Crazy, stupid, unbelievable,... but real. This is a very bad issue from Windows 7, not Linux fault.