So, I wanted to give everyone a thorough update on why I’m in Missouri all of a sudden. My dad has been diagnosed with a disease and was put in the hospital about half a year ago. Ever since that time, I’ve been trying to visit my family as much as possible over the holidays and everything so that I can see him and possibly help him recover. His disease isn’t life threatening, just very long term. As much as I didn’t want to be one of those ‘always comes back to Waynesville’ people, I thought it was the right thing to do given my dad’s condition. Who know? Perhaps my being able to visit him more often will help him! I’ll be in Missouri as long as I have to stay here. This move is temporary. I don’t plan on picking up a job here or anything, since I will be doing Hak5 and being paid for that. Also, so I don’t get bored, I’m thinking about selling Lia Sophia jewelry. Yeh, I’m a girl. Don’t judge me.

A few months ago I was looking around my town of Williamsburg, VA and thought “wow, there really aren’t any places for 20-somethings to hang out around here…” I had already seen everything and done everything in the city, and knew that Hak5 wasn’t going to go anywhere being stuck in that small town. This is where CES 2010 came in and Darren and I were seriously considering moving to a big city… like, San Francisco. Well, given the family situation I’ve been having, I’m staying in Missouri TEMPORARILY. Darren is going to be moving to San Francisco. Luckily, he already has a place lined up and friends to show him around town. Since moving to another city and trying to sell an owned house takes some time, it’ll probably be a few months til everything has been moved to the west coast. In the meantime, Darren is in the UK throwing a few big meetups (search: Hak5 Meetup on Facebook), and then he is taking his bike cross country to SF!

Hak5! What about Hak5 until he moves? Well, there will be a UK show and some shows somewhere in the states. As far as my segments- I have a camera, a light, and a stand for my netbook, so I can still do segments and transfer the files to Darren.

Whats up with the site? We’ve been in the process of moving the site to a new host and updating a lot of the information. Until the site is restored, which will probably be a week (since the host is in another country atm!) you can get your technolust at http://www.revision3.com/hak5. Also, Revision3 has forums if you’ve never checked those out.

And Kerby? Kerby is staying with me. With the host moving to SF and selling the house, the car is also going to be sold. Although Kerby would look adorable with a pair of goggles and a scarf and helmet for the motorcycle, we thought it less traumatic to just take her in my car to Missouri. Kerby has adopted me and luckily my family loves her already.

I think that pretty much covers it. I’m looking forward to new beginnings!

Create a BackTrack 4 persistent USB drive

BackTrack is widely considered the complete hacker boot disc. Born out of WHAX this security sharp linux distro has been years in the making, and finally version 4 final is out.

One of the best ways to experience BackTrack 4 (BT4) is by creating a USB boot drive. Simply download the ISO and “burn” it to a USB drive with a tool like unetbootin.

BackTrack even offers a VMDK if you’re interested in playing around in VMware or VirtualBox.

In this episode Darren guides you through partitioning, formatting and installing BackTrack 4 to a USB drive and configuring persistence.

A ZipIt Userland image for the average user

How to Connect your Zipit Z2 to an encrypted WPA network.
With Aliosa’s OS:

Turn on the wireless radio by opening the termina and issuing “ifconfig eth1 up”
Create a WPA supplicant configuration file for your router and password by issuing “Wpa_passphrase youraccesspoint yourpassphrase > nameoffile.wpa”
Connect to the WPA network using the configuration file you just created with “Wpa_supplicant –Dwext –i eth1 –c nameoffile.wpa –B”
Get an IP address from your router’s DHCP by typing “Dhclient eth1″.
Installing RootNexus’s ‘Average User’ userland image.

Plug in your miniSD
Open PhysDiscWrite GUI
Right-click miniSD, choose Oofnen, choose Image Laden
Choose the average user image file
Click yes, and wait 10 minutes.
Eject your miniSD safely and restart your Zipit Z2 with the miniSD card in it
Zipit Z2 “Average User” userland image: http://zipit.rootnexus.org/
Getting WPA to work: http://www.christopherkois.com/?p=53

Brandy Simpson explains the different multi-touch methods

Aaron Bitler gives us a tour of the x19 multitouch tables construction

Brady explains the software used to power the x19 lcdmultitouch table, including the nuigroup CCV application.

Aaron wraps up by explaining to us how he got involved in multitouch. He shares with us some sites where others can get started in their own homebrew projects, as well as his own multitouch company 3M8s at LCDMultiTouch.com.

Lenovo Skylight smartbook

Boasting a 10.1-inch screen, built-in 3G and 10 hour battery life the Lenovo Skylight is a welcome companion to our all-day connected aresnal. Powered by a Qualcomm Snapdragon processor and running a completely homebrew Linux platform we see first hand how a little ARM device can handle rich media playback and 90% including Flash. The apps leave a bit to be desired but the point of this Smartbook is web, web, web. Firefox included. SDK coming soon

Creative Vado HD 3rd Gen: More features & accessories

We caught up with the folks at Creative to find out what’s new with the Vado line of HD pocket camcorders. Darren will attest to their quality and ease of use in the moto-vlogging department but with no mic-in options like the Kodak Zi8 can Creative keep up the pace? We think so. The latest generation Vado HD sports 4GB of built-in memory capable of recording 2 hours of 720P video, real HDMI out, and a flexible USB plug. More importantly it offers a mic-in / headphone / video-out jack and there is talk of accessories. Accessories? We’re hearing about magnetic lenses and audio kits. Two words: Game Changer. I’ve preordered the $180 gadget and can’t wait for delivery in the second half of February. At which time I’ll be sure to submit some videos to their newly introduced VadoTV.com site.

Peregrine Gaming Glove

The Peregrine Gaming Glove by Iron Will Innovations has over 30 touch points for user programmable actions for PC games. All you have to do is touch your thumb to your fingertip and watch your character move on screen. The software to create your key bindings is easy to use and customizable. The touch points are durable and user-adjustable to your hand size. The glove itself is hand washable with soap and water, has ventilation, a magnetic break away USB port pod, and gold plated connectors. Soon, the pods will be available with customizable LED modes and colors. The Peregrine is available now for preorder at $129.99 until the end of January, then the price raises to $150.

Kodak Playsport waterproof HD Pocket Camera

Kodak introduced a waterproof companion to their already popular Zi8 pocket camcorder. The Playsport features full 1080p30 HD capture and a 2″ LCD display housed inside a rugged package that’s capable of submersion up to 10 feet. It sets itself apart from the crowd with it’s SDHC card expansion up to 32GB for a whopping 10 hours of HD recording time. You’ll of course need to swap out the Li-Ion battery which is thankfully removable. A remote control is sold seperately for those times when you’ve got it setup on your tripod in the deep-end…..err something. It’s available in March for $150. Sadly, no mic-in options.

Parrot AR.Drone

The Parrot AR.Drone is a wifi helicopter with 2 cameras that can be controlled by your iphone. The quadricopter is made of high resistance plastic and carbon fiber, with Wi-Fi and two small cameras installed. Software is included to process images for augmented reality. The Drone moves when you move, and can reach about 15 yards away from you at one time. Developers will be able to create their own games to be played on the iphone with the Drone, so you will be able to shoot down enemies in your living room with the augmented reality. No price yet, but word is we’ll be seeing this in the summer ’10.

Lego Universe MMO

Let your inner eleven year old play Lego! On your computer. Online. Because, well, every successful franchise needs an MMO. Details are rather limited on Lego Universe but what we do know is it’s a family friendly (moderated) MMO with your standard fare quest dispensing NPCs, themed worlds and and currency (bricks). It’s open ended in that you can use gathered bricks to build establishments, and if we heard correctly even vehicles. Supposedly there is a plot that the PR folks didn’t want to get into but feel free to geek out on the wikipedia article’s details.

Alienware M11x – Full FPS at 11 inches

Sporting a Core2Duo SU7300 and hybrid GMA & nVidia g335m graphics in a 11″ 4lbs package, the Alienware M11x has us squirming in our seats. Just in time for Darren’s birthday too *hint* *hint* this sub-$1000 rig will be available in mid-February. With 6.5 hours of battery life (3 hours gaming), a 720p display and custom lighting it’s no wonder Shannon wants one in pink.

The Boxee box, remote, beta and more

We catch up with Boxee, our favorite homebrew media center gone Internet sensation, to find out the latest. Reinforcing their previously announced Boxee Box from D-Link we check out the Boxee Remote. Designed by the same studio that brought us the xbox 360, this little couch companion feels fantastic in hand. Boxee is also excited to announce their bookmarklet and beta. And most exciting to us is the pledge to homebrew and hacking. Rock on Boxee.

The Pla$tic Logic Que

Plastic Logic announced their ebook reader, the Que. Aimed at industry, this 10″ touch sensitive eink tablet sports 4GB storage and WiFi connectivity on the base model, or 8GB storage added AT&T 3G on the pricier edition. Clearly aimed at the business professional the Que supports Microsoft office file formats and syncing with Outlook. They’ve partnered with Barnes and Noble so you can get DRM infested paid content, if you have any moola left over after plunking down $650 or $800 in mid-April. Thankfully the 3G is rolled into the price of the content downloads.

Hybrid MIDI / Gaming guitar

We got a chance to play with some prototypes of the Gambridge Z-1. These MIDI guitars gone game controllers sport individual fret buttons and strings for a more realistic playing experience. They’re working on emulating cords to match up with the falling notes found in Rock Band or Guitar Hero, but no word yet on custom integration. With the look and feel of a real instrument and full MIDI functionality we can invision gamers going rock star with this little device. No word on price but we’re told it’ll be hitting the market in time for the holidays.

jetBook-Lite, the double-A driven $150 ebook reader

No lie we love inexpensive gadgets. Even better when they do one thing and do it well. That’s exactly what we found when we picked up Ectaco’s jetBook-Lite. Supporting ePub, Mobi, PDF, the DRM-laden PDB from Barnes & Noble and more this 5″ ebook reader sports some unique features.

First of all it doesn’t use eink. Remember TFT displays? With the jetBook they’re making a come back, which means instant page-turns. It’s got your standard SD card slot for expension and portrait & landscape modes with 23 hours of battery life on, get this, standard AA batteries. So when it dies in the airport you’ll be back up and running with four fresh cells. The battery compartment on the back has a nice grip to it, perfectly balancing the reader in your hand.

Seeing as Ectaco is an electronic dictionary company it also features multi-language dictionaries and comes pre-loaded with the CIA World Factbook and a plethora of free books.

We’re told it runs Linux. Hopefully we’ll get one in soon for some happy hacking.

Nokia’s n900 — the “N” stands for nerdphone

While it’s been on the market since November, it was good to finally get the Nokia N900 in my hands. The specs are what you’d expect from the company that creams everything but the kitchen sink into their products. 600 MHz ARM, 800×480 3.5″ touchscreen, 5 MPX camera, etc, etc. This of course gives the nerdphone some girth, weighing in at nearly a half-pound and 0.7 inches thick. Still, if you’re looking for a true Linux phone this featureful fatty delivers. Maemo 5 Linux is based on Debian. That means apt-get install prboom will result in some open source Doom action. The best news we gleaned from their booth was their commitment to the platform. We had heard some rumors of the N900 being the last Maemo based device, but we’re assured the platform will continue to grow. We’re looking forward to their Ovi app store to launch but until then there are plenty of apps and SDK options in the Maemo community. Pony tail and neckbeard optional.

Cross Platform Encryption

Mahmoud, as well as many others, wrote in to ask about the cross-platform compatability of the encryption set setup on Hak5 episode 620 using cryptsetup.

The short answer is, no, it’s just for Linux. If you’re looking for something both open source and cross platform look no further than Truecrypt

Spotify in the United States without a proxy

Following up on last week’s question about IP spoofing so users in the US can try out Spotify, we’ve got just the trick without a proxy. Ok, well sorta. If you happen to have a beta invite and a friend, perhapse on IRC, in an allowed country it’s just a matter of having them sign up for you. The only limitation is that you’ll need to have your account signed into from your “home country” every 14 days. On the other hand if you decide to spring for the €9,99/mo premium account you, supposedly, don’t have such limitations. Thanks to Jouni in Finland for hooking me up. I’ll be sad when its game over in two weeks. Or will it?

Virtual Appliances for VirtualBox

If you’re a fan of VirtualBox then you’ll love VirtualBoxImages.com. They’ve got pre-packaged VirtualBox VDI’s ready for your enjoyment.

Javascript Keylogger via Man-in-the-Middle Attack

When it comes to man-in-the-middle attacks just about anything is possible. In this segment Darren explores InGuardians tool the Middler. Using a plugin architecture for manipulating (among others) http traffic, we attempt to get the infamous javascript onKeyPress keylogger going. Without much success in that department Darren goes on to demonstrate iframe injection and ponders ways to make the borked plugin behave.

Social Engineering Toolkit

Hacking isn’t just about remote code execution. Well, I mean, that’s fun and all but rather than exploiting the server, how about exploiting the Human OS. In this segment Mubix demonstrates David Kennedy (aka Rel1k)’s tool, The Social Engineering Toolkit. Despite some challenges with clients that werent setup with Java, Mubix successfully demonstrates meterpreter in conjunction with a cloned site.

Mac Address Spoofing

@Bluesmanchukk writes in to ask about Mac Address Spoofing. Darren and Rob discuss their favorite tools for the job: ifconfig (Linux), GNU MAC Changer (Linux), MadMACs (Windows), Mac Randomizer (Linux).

Multi-Player Notepad

Stoned33 wrote in to ask for our picks for simple online collaboration. Aside from the obvious Google Wave, Rob recommends the recently Google-Acquired yet still operating Etherpad. This real-time document editor is like multi-player notepad on crack. Give it a shot.

Tethering TOS and IP Spoofing

Brice writes “Thanks for showing how to tether Droid with Ubuntu. I use them both quite often.
I was wondering if tethering the Droid is against the TOS/Verizon contract.”

Well Brice, technically it may be a violation of your carriers terms of service. I know at least with Verizon’s Wireless business accounts there is an additional fee, around $30/mo I believe, for tethering with a smartphone like a blackberry.

I can also say from personal experience having tethered since 2001 on both Sprint and Verizon, that as long as you stay under the 5-gig cap you should be ok. Programs like June Fabrics PDAnet allow one to tether on most platforms and, from what I hear from my telco buddies, the carrier can’t tell the difference between the traffic originating from the phone or your laptop. I haven’t heard any horror stories of penalties for using such application however I’d be curious to hear from our audience if such a thing has happened in the past.

Kuroha write “I want to use Spotify, the new music service, but I keep getting this error:
Unfortunately, due to licensing restrictions we are not yet available in your country. We understand that you are currently in United States. How do I spoof my IP so it looks like I’m in Finland?”

Kuroha, there is a misconception about IP Spoofing that’s simply summed up by saying this. The source address of your computer is part of the IP packet header. There are plenty of programs out there that will let you spoof this source port, including our favorite tool nmap. However, like a return address on postage, unless you’re in a position to listen to the replies to your spoofed packets (such as on a local network) you aren’t going to get anything useful back from the server.

What you’re more likely referrencing isn’t IP Spoofing as much as it is simply bouncing your traffic off a server in another country — typically done to anonymize Internet traffic or for secure tunneling on untrusted networks. The SSH tunneling with dynamic SOCKS proxies we’ve been talking about recently will do the trick. It’s just a matter of finding a cheap shell, VPS or other server that allows tunneling in the country of your choosing.

Don’t forget this month’s LAN Party is Left 4 Dead 2. We’ll be playing at game.hak5.org Saturday and Sunday, January 2nd and 3rd. Hope to see you there!

World of Goo Mods

Recently I’ve been playing a lot of World of Goo. It’s an amazingly simple and fun game. I’ve been playing on the Wii but soon after arriving in Toronto Jenn Cutter picked up the title for her tablet and has been dabbling with the mods.

If you’re interested in making your own levels, or downloading fan-created levels and other mods be sure to check out GooFans.com — they also have a great forum on modding.

This week’s trivia question is: “World of Goo developers shares the same open source physics engine as what 2007 first-person shooter?” Answer at hak5.org/trivia and be entered to win Pronobozo’s album Zero=One=Everything.

Easy Linux drive encryption with Cryptsetup

When it comes to Linux, I love super user friendly and powerful utilities. This is one such tool. Since the 2.6.4 kernel drive encryption has been built in, and this tool cryptsetup makes setting it up a breeze. Follow along in this tutorial as I keep my secret thumb drive free from prying eyes.

I’ve gotta give props to Peter Savage for sending this my way. Check out his SciFi fantasy novel Emblem Divide — it’s wicked good.

Wallpaper Contest: Best 2010 “New Years” Hak5 Wallpaper! Get creative and submit your wallpaper to Hak5.org/forums under the Community Images board.

Ultralight Notebooks

Chris writes: “I was wandering if you could suggest a laptop that is lightweight, long battery life, 13.3 inch screen, with Win 7. Budget of $1000″

Chris, I recently did just this research. I was looking for a notebook to edit the show on the go — which isn’t easy considering the heaft and hunger of those AVCHD video files. If you’ve been watching the show for a while you also know I’m the netbook boy. First with the 7″ eeePC, then the 9″ Aspire One, and more recently the 10″ Nokia Booklet 3g. The next step up to get a “real CPU” is 13.3″ — a sweet spot of performance and portability.

What I found was that ultra-light, ultra-long battery life is in. These sweet new Consumer-Ultra-Low-Voltage (culv) chips from Intel and AMD are sexy. I thought I would need a 35 watt Core i7, or at least a 25 watt 2.2GHz or faster Core2Duo to edit on the go — but I lucked out with the 10 watt 1.3ghz SU7300 Core2Duo chip from Intel.

The video editing performance of the ASUS UL-series notebook I ended up with is aided by hardware accellerated video processing in the GMA 4500 M HD. AVC, VC1 and h.264 decoding are offloaded to the graphics chip. In Windows 7 Home Premium I’m able to playback 17mbps AVCHD in WMP using only 20% CPU. Not bad at all.

So if you’re willing to live without an optical drive an ultralight notebook may be the best choice for you. The performance seems enough and the battery life is steller. I’ve seen prices in the $650 – 900 range so take a look at the ASUS UL, Acer Timeline, Dell Inspiron Z, Samsing X and Lenovo U series notebooks. Just be sure to get a Core 2 Duo — I’m not reading great things about the Core 2 Solo part. SU7xxx and SU9xxx seem to be where it’s at. For now. We’ll likely see a lot more of these slim buggers at CES.

I want to give a special thanks to our crew for being so supportive while I was in hospital. Shannon did a wonderful job of taking care of the hakshop and mailing out all the orders while I was away. Thanks Revision3 for understanding about the late episode, Sentara for their open wifi and hot nurses, and a big thanks to our loyal fans. All of well wishes on twitter, facebook and youtube, the forums and IRC brightened my day every day. And DigiPirate, thanks for the awesome USB Dalek Webcam. Exterminate!! Exterminate!!

A Great Week for Hacking

Our pal Mubix, while sad about the demise of MDD, is excited about Fastdump Community Edition
Decaf defeats Microsoft’s Cofee
People, this is why encryption is important. Predator drones hacked.
Darren is excited about Wordpress 2.9’s oEmbed Feature
It was only a matter of time^H^H^H^Hseconds before the Nook was rooted
Shannon is eager for some free in-flight WiFi.
Build wordpress, joomla, droopal themes without code

While it’s no Geocities page creator, Shannon reviews (and mostly likes) last week’s CMS theme generator recommendation Artisteer. Shannon reviews it’s basic operation and gripes about the trial limitations. Worth $50? Maybe if you’re looking to build a dozen Wordpress themes. Just looking for a one-off? You’re probably better off with a free, or even paid theme.

Droid tethering without root access

While we’re likely mere moments away from WiFi Droid Tethering [Edit: Well would you look at that], Darren has just the trick for tethering the Droid with Ubuntu without root access. Ok, actually root on Ubuntu is required but not on the droid. Easy enough Eh?

Mad props to Shannon VanWagner for putting together a simple 15-step process for tethering via USB with Ubuntu and the Droid.

And mad props again to bigmack83 for turning these 15 steps into a basic shell script. Actually a wizard would be more apt, as this script guides you through the process of installing packages, creating rules, setting up your droid and finally connecting.

You’ll need a debian based Linux like Ubuntu (but I’m fairly certain you’ll be able to adapt for the apt-less), the tether script and the Android SDK.

Read on for details from the author

Hacking the Motorola Droid: Root Access!

As expected the Motorola Droid has been rooted. That is to say there’s a hack that’ll unlock SU, or super user privileges on the phone. The hack is essentially su bundled in an unsigned update that can be run from the SD card. The unlocking process, which has changed since introduction, is outlined at this AllDroid.org forum thread.

At time of writing the process is to download this zip, rename it to update.zip and copy it to the root of your Droid’s SD card. Shutdown the Droid and start it by holding Power and X. Once greeted by an exclamation point on your screen hold the camera and volume+ buttons. From the menu choose the update.zip with the D-Pad, and once updated choose reboot.

Keep in mind that when it comes to unlocking moving targets like this it’s best to check with droid forums beforehand.

A Linux Doom Source Port

It was only a matter of time before we put Doom on The Zipit Z2. The recently unlocked linux-based wireless device is a prime candidate for fragging, what with it’s QVGA color display, WiFi and all. After unlocking, installing Doom is simply a matter or launching Fluxbox with startx and downloading PrBoom, a cross-platform Doom Source Port, with apt-get install prboom. The trick in launching PrBoom from /usr/games/ is to add the -width 320 -height 240 parameters. While PrBoom comes included with Freedoom, a free and open source Doom compatible IWAD, you may provide your own doom or Doom2-iwad parameter.

It is also worth noting that PrBoom comes with it’s own tcp game server for deathmatch. If anyone wants to try a little Zipit Z2 deathmatching hit us up. Or if you’re looking for some Doom goodness on the PC check out my favorite port, Skulltag.

Boot Chromium OS from USB

While still early in it’s development stages, Google’s upcoming Chrome OS is a neat OS to play with — especially on a netbook. While the Virtual Machine images floating around are nice for a glimpse, if you really want to immerse yourself in the Chrome OS experience it’s best to boot it from the metal. This can be achieved by “burning” this Chromium OS image to 3GB or greater USB or SD media. Here’s a torrent.

If you’re familiar with dd it’s simply a matter of downloading the torrent, unzipping and imaging the included chrome_os.img to your media. For example, dd if=’chrome_os.img’ of=/dev/sdb where /dev/sdb is the path of your removable media.

If you’re in Windows you’ll be delighted to find that the linked zip contains a copy of WinDD, as well as writing instructions. More information can be found at this makeuseof.com article. Important tidbits include the fact that the default user and password are chronos / password and that a terminal can be accessed by CTRL+ALT+T. Oh, and the xrandr command is available if your desired resolution isn’t detected automatically. The syntax is typically xrandr -s 1024×768 or similar.

SSH Feedback

After bantering about our upcoming travels to Waynesville, Missouri and Toronto, Ontario and a little griping about zipit segmentation faults, we get into your feedback on recent SSH segments.

Dzaztur recommends Gnome SSH Tunnel Manager. It’s a sleek front-end for managing SSH tunnels, port redirects and more. Tunnel configuration is stored in a simple XML formal, great for portability, and the tunnels can be managed individually through one simple GUI. Thanks for the tip Dzaztur

Lozo points out that Mac OS-X has SSH built into the terminal, much like Linux. So true. We banter with Paul-the-camera-guy about the Mac OS-X kernel, which turns out is XNU — an accronym for X is Not Unix. So there ya go!

Sp4m says if you’re running Firefox over SSH you might want to look into remote DNS lookups. By default DNS lookups aren’t done through the proxy. This can be resolved by typing about:config in the address bar, and enabling the network.proxy.socks_remote_dns setting. Thanks Sp4m.

And Finally Post_Break from < a href="http://iamthekiller.net/" target="_blank">IamTheKiller.net points us to Secret Socks — a SSH Socks Proxy GUI front-end for Mac OS-X that he likes a ton more than SSHTunnel 1.6. [Edit: We made a mistake and called it Secure Socks in the segment]

And finally we go kitteh before moving on…

Certificate Authentication for SSH

In this segment Darren explains why certificate authentcation is a bajillion times better than password authentcation and demonstrates the configuration using Ubuntu 9.10 and an Interceptor running OpenWRT Kamikaze. This forum thread details setting up authorized_keys with Dropbear — the SSH daemon that comes standard on OpenWRT.

Next week we’ll be breaking this down with a little Man-in-the-middle action. Until then send your feedback to darren@hak5.org

Build a free Linux Live USB Key in minutes

when it comes to finding the right Linux distribution for you it’s best to try a bunch out. And what better way then to make some bootable Live Linux USB keys? Shannon demonstrates Linux Live USB — a Windows tool that makes it super simple to build a Linux USB key in minutes. It features automatic distribution downloading AND Persistence!

Questions on Wordpress Theme Hacking

Ricky writes:

I just recently started using wordpress, and I am having alot of trouble trying to design a layout for it, I was wondering if you had any references or anything to help me learn how to do this, I understand HTML and only know a little of PHP. Any help would be greatly Appreciated.

Darren recommends setting up a local LAMP stack, that is to say the web server, database and scripting language to support a Wordpress install. The easiest way to get started is with either WAMP on Windows or XAMPP on just about any platform.

The Wordpress install is dead simple.

Mostly I use PHP.net as my go to resource, but we’ll also be hooking you up with a copy of Mario Lurig’s PHP Reference: Beginner to Intermediate PHP5. Hope that helps.

The Wordpress Codex is also an invaluable resource when you really get your hands dirty when theme code. Things like the loop and trim_excerpt are well detailed. Once you start learning the Wordpress functions you’ll realize what a powerful content management platform it really is.

And finally we recommend Wordpress.org/Support for their forums. If you know of a better forum for Wordpress Theme Hacking please let us know!