MilliLock is an application for the cellphone and personal computer, for carrying around passwords, lists and notes, and addresses and for synchronizing them between the two (or more) systems.

On the phone, MilliLock is a J2ME midlet (applet) that can import and export via TCP/IP if you have a cellular data plan. On the P.C., MilliLock is a full-featured desktop application written in Java, so it should run equally well under Windows, Linux and the Macintosh.

Why Use MilliLock

In the beginning, there was paper. And it was good. But the Palm Pilot came along, and it was better. And then the Sony UX-50, a Palm-compatible PDA with Bluetooth, WiFi, camera, audio/video playback and even a qwerty keyboard! And that was fantastic.

But eventually along came the Motorola RAZR, which was not only pretty cool, but had some PC synchronization software for appointments and phone lists, as well as (for the time) decent web connectivity. The built-in web browser could handle Microsoft Web Outlook! The built-in email client could handle most email servers, but only accepted text or near-text emails. It could play back audio and video clips, constrained of course by lack of stereo and lack of a large screen. Within limitations, a rather powerful tiny platform.

And then came Opera Mini. Opera is a fantastic web browser, one I've been using for many years. Opera Mini is a J2ME client for Opera servers which pre-digest a web page and spit out a simplified (and shrunken) version for the cell phone. Now my RAZR worked with SquirrelMail too!

Very quickly after that, I realized that I was not even carrying my UX-50 anymore. Any notes I needed, I would SMS myself via email or the Cingular website. There were only a few things I really missed:

Passwords
I used my UX50 with SplashData to store passwords securely and to synchronize to the P.C. Having them with me at all times is essential in my line of work.
Notes/Lists
I used the Palm Notes area and Natura Banzai quite a bit for to do lists and notes. Having the ability to make a distinct list of items, each with notes and a checkbox, was very nice.
Addresses
Most cell phones have address books that include, well, addresses. Not the RAZR. The phone book has phone numbers and email addresses, but not physical addresses. Those are important when driving to a destination, mailing off a package, or ordering a gift online to be sent to someone.

I didn't miss the audio/video capabilities; I have MP3 players, including an iPod 5G 60GB for that. I didn't miss the games; I'm not much of a gamer.

Unfortunately, the RAZR is pretty weak as a J2ME device, even though it's fantastic for the size and was groundbreaking when it came out. It also lacks any convenient direct-transfer of files that can be used as J2ME data. Part of this process was discovering and working around those issues.

So I decided to solve those problems. MilliLock is my answer.

What Does MilliLock Do?

MilliLock does only a few things. The goal is to do them well.

Passwords

MilliLock stores/edits passwords, encrypted via blowfish.

Addresses and Note Lists

MilliLock stores/edits Addresses and sets of Notes with checkboxes. These are not encrypted, both for speed and because your phone has a SIM password.

Desktop Program

MilliLockDesk allows the importation of data from various CSV formats, including the Palm CSV exports and SplashData. It also allows editing on the P.C. and full or selective exporting to an encrypted file. MilliLockDesk can even automatically upload the resulting file to a website, for subsequent download by the phone.

Import/Export with the P.C.

MilliLock can download files that are stored on a web server or on a MilliLock Server. The typical use scenario is:

Create or edit your data in MilliLockDesk on your P.C.
Configure MilliLockDesk for your web host. (e.g. to upload to a GoDaddy-hosted domain or your own web server, via ftp)
or
Configure MilliLock Desk for your MilliLock Server
Select the records (or just use the default for all) and Export, choosing a password.
On the phone in MilliLock, configure in the http URL corresponding to the upload ftp point
or
On the phone in MilliLock, configure the MilliLock Server data.
Go to the correct list and select "TCP/IP Sync" from the MilliLock menu.
Input the password for the imported data. This may not be the same as your Password-list password on the phone.
The data appears!

Exporting back from the Phone is also supported.

Installation

Cell Phone

Installing MillilLock is as simple as pointing at the JAD file in your web-browser. This can generally be had either from the MilliLock website or on GetJar.com. The browser should then ask if you wish to download, followed by installing and running.

Desktop

MilliLock Desktop requires a recent Java runtime. Your system may already have it; if MilliLock doesn’t run as expected, you may download Java 5.0 (1.5) at http://java.sun.com/j2se/1.5.0/jre/install.html

Installing the Desktop program is as simple as copying it from http://www.millilock.com/MilliBinaries/MilliLockDesk.jar to your desired installation directory and running it. If your system is configured correctly, Java should launch it automatically.

Server

New to MilliLock Version 2.0 is a MilliLock Server. This allows authorized users to upload and download their own MilliLock data files, with the MilliLock program listing available files for their synchronization. Note that the Server is not required for copying files from the Desktop application to the phone; users may use the Desktop FTP functionality to upload to a web site and the midlet’s http functionality to download the same file to the phone. However that is significantly more complex for the user since very few systems provide the same directory-tree structure and rights under FTP as under HTTP.

MilliLock Server has been tested under both Apache and IIS. Configuring of web servers is a bit beyond this manual, especially for IIS which, with version 6 and the newest service patches, now actually contradicts its own online help.

Apache

One simple way to get MilliLock Server running under Apache is to create a phantom script, e.g. “ms.ms”, and add a type for it in the Apache/conf/httpd.conf file or a MIME type in the registry (if under Windows.) Useful directives include:

Options +ExecCGI
AddType
Action
AddHandler

MilliServer Notes

The rest of this document will assume MilliLock Server has been configured and the user has been authorized on it. The Appendix contains a section on MilliLock Server with more detailed documentation.

Using MilliLock on the Phone

Main Menu

Phone Configuration

From the Config menu item, the MIDLet provides the following form:

Sync URL

The server to synchronize (upload and download) with. This is either a website or a web server running the MilliServer.

Sync Server Mode:

The modes are:

HTTP
MilliServer

MilliLock can only upload to a MilliServer. But uploading is only needed if you wish to send records from the phone to your P.C.

Downloads can be of either type: Either a file from a website (uploaded via FTP from the application) or a MilliServer.

Database Operations

MilliLock contains three kinds of database: Notes, Addresses and Passwords. Much of the program functionality is common between all three of these. Differences are covered in their individual sections below this section.

From a list of database records, the “Menu” key will pull up a menu similar to this:

On some phones, the first option (Select) will be mapped to either the fire button in the D-pad or to a soft-key in the actual item-listing. The second option (Top) may also be mapped off-menu. This would leave just the other options remaining on the “Menu” screen.

These perform the following functions:

Select a Record

Displays/Edits the record. The list typically only shows a portion of the record – for example, no description on Notes, no city in Addresses and no password on the Password screens. By selecting, the entire record becomes visible.

Top/Middle/Bottom

Quickly jump to the first, middle or last record in the list. This is useful on very long lists if you wish to scroll around.

Jump

Allows navigating to a specified starting string in the list. For example, to “Na”. This is not quite a “search”; it only looks at the primary indexed string. There is currently no “search” built into the midlet version of MilliLock.

Add a Record

“Add” creates a new item record and selects it for edit. If it is left empty, the record is not saved.

Delete a Record

Removes the record from the list. This may also be done in record-zoom mode.

Import/Export Records

Retrieves records from an HTTP website or MilliLock Server, or writes them to a MilliLock Server. See the section on Import/Export for more.

Note Sets

The MilliLock Notes functionality consists of Note Sets, each of which may hold multiple Notes. Each Note consists of a Title, checkbox and Description. The Title is limited to a rather short amount of text on the phone, around 50 characters. Notes may be 500. The checkbox is merely a convenience, for using Note Sets as To Do lists or Grocery Lists, for example.

A Note Set is just a collection of Notes. Notes are created inside a NoteSet, which may be the default one (cunningly named "(default)".)

Selecting a Note Set displays a list of notes for that Set. Note cannot be moved between sets.

Selecting a specific note and clicking on it (in the Desktop) zooms to it, just as if Add were chosen from the menu:

Except when being exported for transfer to the phone, Note files are not encrypted. This is for faster performance on the phone. Use the SIM protection built into your phone to protect MilliLock notes.

Notes are stored in Note Sets. In the Desktop, a Note Set is a distinct file, prefaced with "Notes" and suffixed with ".ssd". To change the name of a Note Set from, for example, "Cats" to "Pets", simply exit MilliLock Desktop, navigate to the configured data directory in Explorer and rename "NotesCats.ssd" to "NotesPets.ssd".

There is no rename functionality on the phone application, but this is solved by deleting the entire list, creating a new list with the desired name, exporting the full list from the Desktop and importing it to the phone.

The quantity of Notes and NoteSets is limited only by the data total for the application of about 150KB. This can easily be changed and raised. It has been set at this level to work-around a bug in the J2ME on Motorola phones.

Passwords

Only one password file is supported in MilliLock, so there’s no need to select which one you’re using. The first time you enter it, you will have to choose a password. Subsequent times merely require you to enter the password.

If you get it wrong, corrupted and completely unrecognizable data will be displayed. This does not damage the data in the phone, as long as you don’t add or edit a record.

Password Tips

Because all passwords are encrypted and cellphones are not particularly fast computers, password operations on the cellphone can be slow. It may take 30 seconds to open and display the password list or update it after a Sync or edit.
Use your phone's Data Entry Mode switch to adjust for your password. If you use a numeric password, you will find it easier to enter the password by switching to that mode. If you have symbols such as = or *, the symbol mode is faster than scrolling through all fourty or so options.
Consider using a numeric or easy-to-type password. Even though this reduces theoretical security, the practical impact is very small and the convenience gain may be significant.

Addresses

Addresses are like Passwords in that there is only one file for them.

In the Desktop application, they have additional sorting options. Those are not implemented on the phone.

Importing Data from the Desktop

MilliLock can import records via TCP/IP in one of two modes, as determined by the Sync Server Mode. These are either HTTP File or MilliServer.

In HTTP File mode, the user is asked for the server file name.

In Sync Server Mode, there are two transactions:

Retrieve the list of files. This is done using the configured User ID, password and Server URL.
Display the settings options.

Using MilliLock on a P.C.

MilliLock Desktop is written in Java and should be pretty cross-platform. This means you should be able to run it, after installing the appropriate Java runtime, under Windows, Linux or Macintosh.

Interface

The Desktop application interface has been designed to be consistent with the interface on the cellphone applet. That in turn means that, for a P.C. application, it has a very odd interface.

The above screen shot covers most of the interface elements in the desktop program. Items in the “Main Menu” (upper left) are static; that menu never changes. Items in the “Contextual Commands” menu are very dynamic; the list for each item in the Main Menu will be different.

The “Recipes” in the blue circle tells us that we are looking at the Note Set called “Recipes”. The pop-up context menu allows us to copy or delete records easily. (Copied records may be pasted into another Note Set, or in text form into any text-clipboard enabled program.)

Double-clicking on the highlighted item, “Corned Beef”, provided the Note Editing form:

Note that the Password and Address forms will look different.

Selecting Note Sets on the Desktop

Much as with the cell phone version, the Desktop will display a list of Note Sets when the “Notes” item is double-clicked:

Obviously your list of Note Sets will be specific to what you have on your system.

New sets can be created with “Create”; old sets deleted with “Delete”. Selecting (“Open” or double-click) results in the interface elements covered at the top of this section.

Passwords on the Desktop

When “Passwords” is selected from the main menu, the user is asked for their master password. Just as on the phone, all passwords are Blowfish-encrypted in the Desktop application.

Addresses

Addresses are just like Notes and Passwords, with the exception of additional sorting options.

While Notes and Passwords may only be sorted by title (Name/Key) or by last modification date, Contacts may be sorted by First Name, Last Name or Company Name. These are performed on the fly, which allows for some powerful combinations:

To sort by Modification Date inside a Company, sort first by Modification and then by Company
To sort by Last Name inside a Company, sort first by Last Name and then by Company.
etc.

Keyboard Shortcuts

<Ctrl-Enter>	Saves the current form
<Ctrl-Tab> <Ctrl-Shift-Tab>	Tabs to next (or previous) U.I. element in a form. (Because <tab> will insert a tab in the text.)
<Ctrl-F>	Start a text search across records. If found, the record will be highlighted, but the list may not be scrolled to it.
<Ctrl-G> F3	Continue the previous find. (AKA “Find Next”.)
<Del> <Ctrl-X>	(From main list) Delete the current record. Depending on configuration settings, may ask for verification.
<Enter>	Edit current record; same as double-clicking it.
<Ctrl-C>	Copy currently-highlighted record to the clipboard. If used inside a form, copies the selected text instead.
<Ctrl-V>	Paste last copied record to the list. This only works if an actual record was inserted in the clipboard and the type is the same. A note cannot be pasted into a password list. If used inside a form, a text paste of the current clipboard contents are performed.
<Ctrl-N>	Create a new record.

Importing Data from other programs

MilliDesk can import from csv files. Several pre-built CSV format filters are provided, primarily for importing from SplashData and from the Palm personal information manager. Others may very easily be built - they consist solely of a set of field mapping numbers equating the incoming field to the MilliLock field - but at the moment they must be hard-coded into the program.

A future-enhancement project is to allow a list of mappings to be easily created and appended to, such that imports can be created without recompiling the program.

Appendix/Special Topics

MilliServer

MilliDesk can upload files to a web server using FTP, which can then be downloaded to MilliLock on the phone using HTTP. But this requires you know the filename that was uploaded, and it limits data to going from the application to the MIDlet. It also means the (encrypted) data is available to anyone that knows the filename. This isn’t a big risk because it is encrypted, but it isn’t as elegant as we might like.

To circumvent this, MilliServer was created. This is a small CGI (server) program with the sole purpose of authorizing, sending, accepting and listing files. Many users may be served by the same MilliServer executable, as long as each has a distinct User ID.

Technical Details

The code for MilliServer is extremely simple and is in C++. (MilliLock is in J2ME, which is a tiny version of Java, and MilliDesk is in full Java.) Having MilliServer in C++ allows it to be compiled for and run on smaller web servers than if it were written in Java.

MilliLock Server stores data in a file, MilliUsers.txt. This consists solely of a list of user names, passwords and rights (what type of user it is.) This file must be readable. For debugging and tracking purposes, a log file and debug_data file may also be created. These can help determine why a user does not seem to be able to get in.

User files are named with a mask including the user’s user-id. This is a simple mechanism for limiting which files users may retrieve; they can only retrieve filenames with their own user-id, because that portion is created on-the-fly.

Command Line Arguments

Most of the time, MilliLock Server will be called by the web server, without any command-line arguments. The following exist for the purpose of configuration and management, especially since no web-based management is yet implemented.

Do note that no security is implemented on the command line parameters. Physical and login security should be used.

Command Line Add User

/add /user=<user id> /password=<new password> /type={user | admin}

This adds a new user, with the name “<user id>” and the password and type specified. Administrators can do everything regular users can plus can add or delete users. Except that this isn’t yet implemented.

The other types of users are “None” (meaning “not found”) and “Banned”.

Command Line Delete User

/delete /user=<user id>

deletes the specified user.

Command Line View User

/display /user=<user id>

Displays data about the user. The results will be of the form:

User username, password password, Type type

Files:

Command Line List Users

/displayall, not currently implemented.

Authentication

All TCP/IP access is authenticated against the simple table mentioned above, which means the user first must have been manually configured by an administrator. This is not a fancy high-security system. It simply verifies the user id and password, much as FTP does. But then again, data is typically heavily encrypted and very few operations are allowed, so a high security system would possibly be overkill.

Operations Overview

MilliLock Server only supports the following operations via TCP/IP:

GetFile
Put File
Delete File
List File
Change Password

Each is discussed in greater detail below. All require the user first pass the Authentication mentioned above.