Christopher
Stoll

iPhone: Jailbreaking and Hacking

Earlier this week Ars Technica reported that Apple is claiming that jailbreaking iPhones could crash cell phone towers. Then, yesterday, security researchers reported that they could take control of iPhones via special SMS text messages. And, these two stories connected for me.

I haven't been able to find any details of the iPhone hack, but from what I gather the special SMS messages cannot be sent from a factory iPhone only from a jail broken one (or presumably a PC with an air card)

Maybe the reason that Apple has not patched this bug is that they are looking for this intersection. I would assume that though it might be technically possible to take out all iPhones in the world, the probability is low. I would imagine that if a carrier saw a patterned flood of text messages they would intervene. Assuming the real impact of this security hole is marginal, it might make it easier for Apple to convince the government that people should not be jail breaking the iPhone. The fear of hackers hijacking phones could also steer public opinion on jail breaking, making it easier to steer government. Most people don't know or care about baseband hacking, but no one wants their cell phone hacked into.

SAP Printed Label Sizes

Working for an international company may require setting a printer to print labels (or other types of paper) in multiple standard sizes (e.g. A4 and LETTER). This can be accomplished through SPAD in the tray configuration screen.

Because of limitations in SmartForms we have to take several steps when designing labels to allow output of multiple label sizes. All labels are initially designed in A4 format since it is longer than LETTER. In SPAD the alternate paper size, in our case LETTER, should be assigned to the first paper tray.

If the transaction SPAD is not available, due to security restrictions, then the tray assignments can be viewed using SE16. The table TSP03T shows the output device's tray assignments.

Creating a SAP Transport

SAP uses a three stage development cycle (at least where I work) which requires developers to make changes in the development system and then users to test the changes in the test system before they can be released into production. In order for changes to get from one system to the next a transport must be made. This post will detail the steps required to create a SAP transport.

The first step is opening the transport manager, which is transaction SE09, in the development system. On the selection screen enter the desired user name and click display. Then, you click on the new request button and choose either customizing or workbench. On the next screen we have special format that we use for the short description:

aannnnnnnn_bb_d_wwyy_description
  • aa -- SR for helpdesk service request or CR for a project generated request 
  • nnnnnnnn -- The request number 
  • bb -- the system, LE for logistics execution, MM for material management, etc. 
  • d -- C for customizing or W for workbench 
  • ww -- the calendar week 
  • yy -- the year

Now we have a request number that can be entered after we save a change using SPRO (for customizing) or after we active an ABAP program or SmartForm.

After the change is assigned to the transport number we go back into SE09, click on the customizing or workbench task click the "Release directly" button (or hit F9). This will prompt to document you change. Once documenting is complete it must be saved. Next, click the request and click "Release directly" again. For programming changes a code review will be necessary, otherwise you will be taken directly to the project selection screen. There is a folder for each of the different SAP areas, and underneath those folders are more folders for the type of change, select the appropriate change type.

Now the transport is nearly ready. At our company we use the RealTech transport manager (transaction code /RTC/TM). Once in the transport manager the author name must be filled in, then hitting enter will open the transport workflow monitor. Items show up here every half hour. Once it shows up, highlighting the line and clicking the "Next status" button (down arrow) will move it to the signature queue. For our company we must now send an email to one of the people who are authorized to sign off on the change and they will release it.

The system will then transport the changes.

Comments (newest first)

SAP Program Manager
If you are using Solution Manager and CHARM then I recommend creating transports using CHARM. But nevertheless you can still create transports in STMS.

For regular traditional approach, I recommend that appropriate technical architects and Sr developers review tasks and objects under each transport, group the requests and approve to maintain a better integrity of your RICEF and config objects.

Which SmartForm is Used for a Message Type

It is possible to use SE16 to determine the name of a SmartForm form used by a specific message type. In SE16, view the table TNAPR and make your selection criteria. I normally pick my output type (KSCHL = ZLnn), and my application (KAPPL = V2 for Shipping or V6 for Handling Units). Once you hit F8, you will see the list of results. Under the column "Form name" (SFORM), you will see the name of the SmartForm used for the desired label or output type.

Comments (newest first)

Anonymous
Thanks, was very useful!

SAP Data Browser Field Text

In SE16, by default, the selection screen displays the database field names. This may be good if you are a developer who is familiar with all the database column names, but it makes selection difficult for most people. It is nice to see the description of each of these fields, and there is a simple setting to allow this. From the "Settings" menu select "User parameters...", then on the "Data Browser" tab in the "Keyword" area, select "Filed text" rather than "Field Name".

Analysis: Consumerization of Blackberry

While reading through the news today two articles caught my attention: "Businesses Need Smartphones, Especially BlackBerry" (paid subscription) and "Blackberry success with consumers defies recession". I can't read the first article because it is behind a pay wall, but it seems to suggest that Blackberry is doing well with businesses in spite of the recession. The second article speaks of how well RIM is doing with consumers despite the recession. Together it would seem that RIM is doing great in this recession, but I have my opinion of what is going on.

I wrote a post back in December of 2008 hypothesizing that iPhone sales would be somewhat driven by the recession. I should have said consumer smart phone sales would be driven, but I must have been too enamored with my iPhone. In any case, I feel that a large portion of the force behind increased consumer smart phone sales is that businesses are reducing costs.

Prior to the recession my company handed out Blackberrys to anyone with the slightest justification. Now, however, we are pulling those back for anyone without stringent justification. These people have become accustomed to having the capabilities of a smart phone in their pocket, and those who can afford the luxury are purchasing their own. My company is also pulling back regular cell phones, and this is putting more consumers in the market for phones in general. And, naturally, a certain percentage of these consumers will opt for a smart phone.

I think that Blackberry is catching more of this segment than Apple for a couple reasons. First, former business users know Blackberry and are comfortable with them. And secondly, Verizon doesn't carry the iPhone. I have spoken to numerous people who will not get an iPhone simply because they would have to switch to AT&T. If they are concerned about not getting a signal in rural America, then they are on to something. My wife had to go to Coshocton Ohio, and I went with her. Nowhere in the area did I have any sort of signal, not even a WiFi hotspot. She was fine on her Verizon phone. We were even able to get directions on her phone.

You will notice that I did not mention RIM as being a reason for it's own late success. The company had a great innovation that helped change the cellular landscape, but I don't think that they have done anything truly innovate since introducing the BlackBerry. They are now introducing phones that appear to just be re-branded copies of other successful products. They have a flip style phone, and of course the click-screen Storm.

In my eyes the Storm is a terrible knock off of the iPhone, it doesn't even have WiFi. No WiFi is a deal breaker for me. In fact, if a phone lacks WLAN capabilities, then I don't consider it a smart phone. It ties a person into using a cellular network. For anyone who has traveled outside of the United States and knows what international usage fees are should immediately understand this. My iPhone is more than a cell phone, it is a home Internet device that works off of my home wireless network. I am not certain that RIM understands my perspective on this, even though they do have some phones that offer WiFi.

Blackberry seems to be turning what they have into a sort of commodity, or they are at least competing with other commodity phones. As an investor I don't like to invest in companies that have a commodity type product, especially in the technology sector where a lot of a company's profits must go into developing the next product. From my perspective, Blackberry is heading for a long tail. Motorola and Nokia were once great cellular innovators, but they became complacent and others took them over in the market. I see a parallel with Blackbery.

So, as some are cheering the recent successes of Blackberry, I see the beginning of a long downward trend. I could be wrong, and that is alright with me, but you won't see me investing in RIM anytime soon.

Alternating with Direct Current

If only Thomas Edison would have joined forces with George Westinghouse, I think that we would be using electricity more efficiently today. From what I understand, Westinghouse's alternating current (AC) is best over long distances, while Edison's direct current (DC) is best over short distances. Alternating current seems to have won out due to the need to transmit electricity over long distances from the power plants to the consumers. And, when that battle was being fought a hundred years ago, either of the technologies worked to accomplish the goals of lighting homes. Now, with the widespread use of direct current consuming devices such as computers and other home electronics, it would seem that using direct current inside a home could be a better idea.

In the modern home there are so many AC/DC converters, those are the small boxes on the end of the power cables that take up so much room in the outlet and frequently get separated from the device it is meant to power. The conversion of alternating current to direct current is decentralized at each of the devices, and each device wastes energy to operate. It would seem more efficient to transmit power from the electric company using alternating current, and then perform a central conversion to direct current. Alternating current is still required for many household devices, so actually both forms would be required.

To me, the present system just seems very inefficient. Consider the example of a home PC. Electricity is generated and then transmitted all the way down to the outlet as alternating current. (Or, if solar panels are being used for power generation, the power is generated in direct current and then converted to alternating current.) Then, the battery backup converts it to direct current to charge the batter. The battery backup has to convert it back to alternating current since that is what the computer expects. Finally, the computer converts the alternating current back to direct current again because that is what the internal electronics require. Each power converts step wastes energy, if nothing else in the form of heat.

Of course not only are homes not designed for this, but neither are electronic devices. A new standard for home wiring would have to be defined to accommodate some form of direct current, possibly in different voltages (5V, 9V, 12V, 24V). There would have to be some sort of standard outlet or receptacle. And, the device manufacturers would have to use new standard plugs. All of these requirements make me believe that changing the system at this point would be nearly impossible. Which is why I wish that Mr. Westinghouse and Mr. Edison would have enjoined their technologies to define a better overall system.

Firefox Beats Chrome in an Enterprise Environment

I recently wrote an article explaining how I made Google Chrome portable so that I could use it for web development testing at work. But, I have come to the conclusion that I cannot really use it in our corporate environment, it just causes frustration.

The first problem that I had was when accessing our IIS based intranet servers. Our intranet servers require domain authentication, which Internet Explorer handles seamlessly. None of the other popular browsers perform integrated authentication, which is not a problem since they will simply prompt for a username and password. This works very nicely in Firefox. However, Chrome gives the error message "Bad Request (Request Header Too Long)". This message is generated by the server and not by Chrome, but Firefox does not trigger a response like this.

When I inspect the http traffic I can see where the problem is. When the browser makes the first request, the server sends a HTTP 401 Unauthorized response. After that the browser prompts for a username and password, all of which is normal. Next, Chrome requests authorization information via Kerberos and sends that data in the authorization section of the subsequent http header. All of this should work fine in theory. The problem is that I work for a huge global company, and I am a member of many active directory groups. So, the negotiate string is very long, too long for the IIS server to handle. Firefox works because it sends a much shorter NTLM authorization string. I could request that the server team increase the maximum header size on the IIS server, but it would be hard to justify. Interestingly, if I wait a few minutes and refresh the page it will refresh properly, which I have not quite figured out.

(update, 2009-11-25: The problem above was solved a while ago, and now Chrome works well with the corporate intranet sites.)

The second problem appears when I access secure sites on the Internet. We use a proxy and web content filter, and that is configured through a proxy configuration script. Firefox automatically negotiates with the proxy and does not prompt for a username and password to access the internet, but Chrome does. Again, this is not that big of a deal, it's only needed once per session and then I can access the internet. It is interesting to note that Chrome does seem to send NTLM proxy authorization.

However, when I go to secure login sites I experience problems. I can get to the login screen, but once I enter my username and password and click submit Chrome responds with "Error 104 (net::ERR_CONNECTION_FAILED): The attempt to connect to the server failed." After I get that message I am not able to navigate to any page, even a regular insecure connection. The only option is to close the browser and start over. From a technical perspective, I can see that Chrome is requesting DNS information, and the response seems to be normal, but it never actually makes a web request.

(update, 2009-11-25: The problem above was solved a while ago, and now Chrome works well with the corporate intranet sites.)


I have been using Chrome at home, and I have had some minor issues. On problem that struck me was that Gmail reports errors periodically, but I usually click OK and continue working without problems. In spite of the minor issues I plan on continuing to use Google Chrome at home, though I am not going to remove Firefox anytime soon.

I don't think the enterprise problems I explained are strictly Chrome's fault, but the combination of Chrome and our computing environment appears to be a bad mix. I also had problems in the past with Safari, so it might be the WebKit foundations that they are both built upon. It is also possible that I have caused these problems by making Chrome portable, and I intend to run the same tests from an actual installation when time permits.

I would assume that the enterprise market is not Chrome's target audience a, but I have left the team some feedback on the problems I have experienced.

From my perspective, Firefox is the only viable option for developing web-based applications in the enterprise at this point.