Categories
Computers Windows

Exchange 2007 certificate problem with Symbian phones

Earlier this year we (or rather, myself) migrated to Exchange 2007 at work. We are not a big company but even so (or perhaps because of it) we have a rather heterogeneous set of client devices. People connect using Outlook 2003, Outlook 2007, Entourage 2008, Evolution, Apple Mail, Thunderbird and all kinds of mobile phones for both standard IMAP/SMTP (with encryption of course) or Microsoft licensed ActiveSync.

Before the migration we had a frontend Exchange server and three backend servers but after the switch we have just one Exchange 2007 server. Immediately after the switch, people started complaining that non-Microsoft mobile phones could not sync against the server using ActiveSync.

Since we are rather literate when it comes to computers we had set up an internal public-key infrastructure with a root certificate authority under SSL. The Windows domain included a certificate authority running as a subordinate authority which, in turn, had signed the SSL certificate for the Exchange 2007 server. All was done according to step-by-step guides from Microsoft. When accessing the web mail or using ActiveSync from Microsoft based mobile phones it worked. But it just wouldn’t work from Symbian phones – despite the fact that they had licensed the ActiveSync technology from Microsoft.

We tried all kind of settings before we eventually found the problem. It turns out that Exchange 2007 uses a relatively new (but still quite old) feature in SSL certificates called “Subject Alternative Name”. It is a feature that allows the certificate to be used for multiple host names and not just a single Common Name. The combination of Exchange 2007 and the subordinate Windows certification authority caused this extension to be set as “Critical” in the certificate which makes the certification check fail for any client that does not understand the Subject Alternative Name – which is exactly the case for Symbian phones.

The solution was simply to create a certificate by using OpenSSL alone and flag the extension as non-critical. The common name used in the certificate is still the only name used by ActiveSync clients so they have no problem with this change. The new host names in the certificate are to my understanding only used by Outlook 2007.

Categories
Computers Linux

Making a movie out of a set of images

Images captured at a certain interval (e.g. from a network camera in your home) can easily be converted into a movie. The simplest way to do this is to use the Linux package mencoder available as a package for most standard distributions.

For Ubuntu 8.04, mencoder can be installed just by typing

sudo apt-get install mencoder

Some tutorials on mencoder are based on an old version of the software and following them will not work. Instead the errors from mencoder will appear to indicate that some codecs are missing on the system. Installing them may solve the issue (it didn’t in my case) but will probably just waste your time.

The correct command to convert all JPEG images in a folder into a movie is

mencoder "mf://*.jpg" -mf fps=30 -o output.avi

Adjust the frame rate according to the frequency the images were taken or to make the movie go faster or slower. It is also possible to use the -speed parameter.

Categories
Computers Mac

Rails boilerplate project

After doing a couple of Rails projects I found myself doing the same setup for each project. On top of the template project I wanted user authentication support with mail activation. Whenever it was time to implement a new project I didn’t quite remember the exact process and ended up spending too much time searching for how-to-articles. This article is a summary of the steps required to create a project with support for user authentication based on restful_authentication.

To be able to implement this you will need to have a sufficiently new installation of Rails. I am using 2.1.1 but it may work on later or earlier versions. In addition, you will need to have support for git since the restful_authentication plugin has moved to a git repository.

The name “myproject” should be replaced with whatever project name you want to use.

Create project folder

$ rails myproject
$ cd myproject

Categories
Computers Mac

Install git on Mac OS X 10.5

Git is the version control system initially developed for the Linux kernel. Nowadays it is used in many other areas and recently the Rails community has migrated from svn to git. This means that a working git client is required to install many plugins when developing a Rails application.

Git install screenshot

The best way to install git on Mac OS X is to build it from sources. The script below makes this process effortless. This script has been verified on Mac OS X 10.5.4 (Leopard) but may work on other OS X versions as well. Your mileage may vary.

Download script

Categories
Computers Gadgets Linux

No wireless on Acer Aspire One using OneLinux

Acer Aspire One is a cool little device but out of the box it is somewhat crippled. I have tried to install the standard Ubuntu and Xubuntu 8.4.1 distributions with the help from the information on the Ubuntu community pages. For some reason, the system started behaving erratically – the trackpad worked only intermittently, the computer could sometimes appear to hang for a few seconds etc. I then restored the system using the CD that came with it and noticed that everything was working as normal. Clearly, all my problems were software related.

I started looking for an alternative OS and found OneLinux, a distribution based on Ubuntu specifically targeted for the Acer Aspire One. Perfect! Only problem is that the wireless network doesn’t work. The hardware driver dialog shows the following (my AAO model is 110-Ab, using an Atheros AR5BXB63):

OneLinux beta 1 wireless hardware issue

While I am writing this I am downloading (all too slowly) the updated beta of OneLinux. Hopefully it will correct the wireless issue. Stay tuned.

Categories
Computers Linux

File permission error with bind on Ubuntu 8.04

Starting with Ubuntu 8.04 slave zones under bind9 may not work as well as you may think – depending on where you believe you should save your zone files. The syslog shows permission error when bind tries to write to any folder under /etc/bind. That is where I had kept such files before – I realise now that this was a mistake – or at least not in line with common best practice.

This is the error you may see:


dumping master file: /etc/bind/slave/tmp-31s25Singg: open: permission denied
transfer of 'example.com/IN' from 192.168.16.10#53: failed while receiving responses: permission denied
transfer of 'example.com/IN' from 192.168.16.10#53: end of transfer

Starting with Ubuntu 8.04, apparmor is included by default in the installation. This was a new feature for me. In short, apparmor prevents unauthorised file activities and the reason for my file permission problem with bind was that I tried to write slave zone files to /etc/bind/slave. But, by definition, the local host does not hold the master copy of a slave zone. Such data should instead be saved in /var/cache/bind. Once I changed my zone definition and restarted bind it went well.

Categories
Computers Linux

Re-disabling the root password

Sometimes it doesn’t help to think twice. The other night I was changing my password on an Ubuntu system and realised too late that I was right then root after having run ‘sudo su’. So, instead of changing my own password I changed the password of the root account. By default it is not possible to log onto the system by using the root account but by changing the password I immediately lowered that bar.

So how to fix this?

Some sources say that ‘sudo passwd -l root’ is the way to go but this just locks the account. Others point to ‘sudo passwd -d root’ but that just removes the password completely. While this means that it will not be possible to log onto the system remotely since ssh prevents logons using blank passwords, it does mean that the system is wide open to anyone who can gain access to a console.

The correct method is ‘sudo usermod -p ! root’. This inserts an exclamation point in the password hash for the root account. This means that no entered password will ever match the stored hash.

Categories
Computers Linux Mac Windows

Clearing the local DNS cache

On Mac OS X
Type “sudo nslookupd -flushcache”

On Linux
DNS records are not cached locally unless you have installed a local DNS server. Intead DNS records are cached in the upstream DNS servers.

On Windows
Type “ipconfig /flushdns”

Categories
Computers Linux Mac Windows

Getting out of Sharepoint

I have been using Sharepoint at work for a number of years now. In theory, it is a good product that takes away some of the anarchy that usually is the result of a just using a file share to exchange documents. In practice the benefits are less stellar, especially in a mixed environment.

Since starting to use a Mac in what is otherwise a Windows shop, it has become painfully obvious how much one ties oneself into the Microsoft world by using Sharepoint. People might be concerned about being locked in to Office but that is nothing to Sharepoint. Unless you run the combination of Windows, Office and Internet Explorer you are in for a rocky ride indeed.

So, trying to get out of Sharepoint, what do you do? You may still have a lot of documents saved there that you don’t want to lose.

I tried using wget but it wouldn’t download everything. I then tried httrack but it wouldn’t follow links into subfolders in document libraries (I did keep a copy downloaded by httrack though since it managed to keep most of the contents). I also tried to map UNC paths to the document libraries to be able to copy the documents that way. Didn’t work. I tried various freewares that were supposedly able to archive documents from Sharepoint. Not so.

Then I tried Sharepoint Documents Exporter by Brennan Stehling and that did the trick. Finally, I got a complete set of files directly from the MSSQL server, including files saved on the users’ private pages.

Thanks Brennan!

Now the big question remains: Should I head back to the file share or is there some open source Sharepoint wannabee solution with support for multiple client platforms, full browser compatibility and support for both Office and OpenOffice? Drop a comment if you have a suggestion.

Categories
Computers Linux

Fix for APT on Voyage Linux

When running apt-get on a system with Voyage Linux you may get the following error:

debconf: unable to initialize frontend: Dialog
debconf: (No usable dialog-like program is installed, so the dialog based frontend cannot be used. at /usr/share/perl5/Debconf/FrontEnd/Dialog.pm line 75.)
debconf: falling back to frontend: Readline
debconf: unable to initialize frontend: Readline
debconf: (Can't locate Term/ReadLine.pm in @INC (@INC contains: /etc/perl /usr/local/lib/perl/5.8.8 /usr/local/share/perl/5.8.8 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.8 /usr/share/perl/5.8 /usr/local/lib/site_perl .) at /usr/share/perl5/Debconf/FrontEnd/Readline.pm line 7.)
debconf: falling back to frontend: Teletype

To fix this just install a fix by running the following:

apt-get install dialog apt-utils

css.php