Month: March 2009

At work we run the WebCT Vista course management system by Blackboard.

Recently I was requested to figure out how to import the security certificate from the command line so that we could add this to the login script used for our campus computers. The main reason behind this was to eliminate the need for the user to have to manually agree to the security certificate when browsing to the CMS.

Normally when you want to create a Java keystore, you would use the keytool program located in $JAVA_HOME/bin. If you run this program to import a certificate without specifying a location for the keystore it tries to create one named .keystore in the user profile home directory.

However, when the JRE actually imports a certificate it doesn’t put it in this file. After some investigation, it turns out that the JRE imports certificates into a file named trusted.certs which is located in the following directory

C:\Documents and Settings\USERNAME\Application Data\Sun\Java\Deployment\security\

In order to import a certificate into a keystore you need to vital pieces of information:

1. the keystore name
2. the keystore password

The problem here is that this keystore is being automatically created by the JRE. It turns out that this keystore has a password that is an empty string. What this means is that when you import a certificate you have to specify the password by using the storepass parameter with a value “”.

For example if the certificate that you want to import has a name and path of

c:\Blackboard.cer

the command to import the certificate for the user jdoe would be

keytool.exe -import -noprompt -keystore C:\Documents and Settings\jdoe\Application Data\Sun\Java\Deployment\security\trusted.certs -storepass "" -file c:\Blackboard.cer

Update 2008-04-09:

I have also found how to do this on Mac OS X. According to the developer documents, the JVM on Mac OS X uses the user’s default keychain to store this type of certificate instead of using a file-based keystore like the other OS.

In order to store the certificate in the user’s login keychain you can import it via the command line tool certtool that is installed on the OS.

The command to import this certificate from the command line is

certtool i path/to/cert/file k=~/Library/Keychains/login.keychain

If you want to have this happen at login for each user who might login, then you could implement this via a login hook. For more on this, take a gander at the article 301446 in the Apple knowledgebase.

Like many people, I went out into the great choas known as Black Friday after a deal.

In my case I was focused on obtaining an Olevia 237T 37″ LCD television being sold at Target for the low, low price of $549.00.

After getting it home and plugging it all into my MythTV system, I ran into problems. First of all, since the tv had a vga input, I used the vga output of my video card instead of the svideo output. Initially I got no video, but then I realized I needed to undo some of my xorg.conf changes since I had changed the output.

After fixing the xorg.conf problem to not use the svideo port (thank you SSH!), I ran into other small problems.

Getting the resolution output right

The 237T has a native resolution of 1366×768, which according to an article at CNET.com is the most common resolution, yielding an output of 768p.

It turns out that I needed a particular video modeline in order to make the tv work properly. This required a great deal of research since manually calculating a modeline is not something that I really wanted to undertake. After finding a few online calculators, I found that I could not use them since the Dot Clock Frequency was not something that was included in the manual for the tv. So I diligently searched on the Internet to see if I could run across someone else who had this model tv (or the slightly improved 537 series) that had solved the problem. On the MythTV wiki, I ran across two entries for the 537h. I tried them both, but unfortunately the source display on the tv still reported a resolution of 1024×768. After trolling the xorg.conf logs, this turned out to be due to a failure of either modeline to be validated.

Digging ever deeper into the realms of HDTV screen resolutions and the xorg.conf options, I found that the binary, proprietary Nvidia drivers give you something that can help out a lot here, Appendix J. Programming Modes. This enables one to specify a series of validated modes and the driver will automatically validate them and use the correct output settings for the first mode that is found to be valid.

Here is what I ended up using in my xorg.conf file:
Section "Screen" Identifier "Screen0" Device "Videocard0" Monitor "OleviaHDTV" DefaultDepth 24 SubSection "Display" Viewport 0 0 Depth 24 Modes "1360x768_60" "1280x720_60" EndSubSection EndSection

Getting the right TV output

The next hurdle was to make sure that I got the right output of each of the MythTV applications.

Xine

In the configuration of the DVD player or the Video player, make sure that you launch xine with the following command:

xine -pfhq -D -r anamorphic

In theory xine should automatically display the video output exactly as is on the media, but using the command above will ensure that your get a fullscreen display. (Thanks to a posting in the Freevo-users list by John Molohan for this)

Mplayer

In the DVD or Video playback configuration you can use the following command to launch mplayer to use the correct aspect ratio (Thanks to Jarod Wilson for this tip):

mplayer -fs -zoom -quiet -monitoraspect 16:9 -vo xv %s

You can also set these same configuration options in your mplayer configuration file (~/.mplayer/config):

## Audio Output ao="alsa"

ac="hwac3,"

## Verbosity
really-quiet="1"

## Video Out
vo="xv"

## Scaling fs="yes" zoom="yes" monitoraspect="4:3"

double="yes"

## Misc
nojoystick="yes"

Internal DVD player

The MythTV built-in dvd player should display the video correctly by default.

Live TV output

When watching live television, you have a few options:

1. Leave the aspect ratio alone
2. Change the aspect ratio to be 4:3 or 16:9
3. To set the aspect ration to be Fill
4. To set the aspect ratio to be 4:3 with zoom or 16:9 with zoom

Each of these has it’s own drawbacks, but I have gotten the best results using 16:9. This setting is in the Playback options of the TV section of the MythTV setup.

References

In order to get the updates for Ubuntu to take MythTV to 0.20.2 you need to add the following to your /etc/apt/sources.list file:

deb http://us.archive.ubuntu.com/ubuntu/ edgy-proposed main restricted universe multiverse

deb-src http://us.archive.ubuntu.com/ubuntu/ edgy-proposed main restricted universe multiverse

After doing this run the following commands:

sudo apt-get update

sudo apt-get upgrade

In addition to the MythTV updates a few other things should be available. I went ahead and just got everything and have suffered no ill effects.

After updating, make sure to shutdown the backend before running mythtv-setup to change the data provider.

sudo /etc/init.d/mythtv-backend stop

After running mythtv-setup, make sure that you start the backend back up, then run mythfilldatabase.

For those who don’t know, Zap2It Labs stopped offering free channel data for the community.

A paid for solution Schedules Direct has stepped up to the plate with a fairly inexpensive solution. In order to use it you need to update your MythTV installation.

The 0.20.2 release of MythTV supports SD.

Gentlemen, start your updates, because at 12:00 a.m., 08-01-07 Zap2It Labs goes dark.

One of the annoyances I have discovered with MythTV and Fedora Core is the inability to eject the optical drive in a default install of MythTV.

Apparently the function EJECT that is called in the menu file for the Optical Disk doesn’t work in Fedora Core.

To fix this, edit the file optical_menu.xml. Look for the line:

EJECT

Remove the text EJECT and replace it with:

EXEC eject -T

This will tell the system to send the optical drive a close tray command if the tray is open and a open tray command if the tray is closed.

After recently upgrading my MythTV system, I set to editing the metadata for my video collection.

Everything worked fine when editing through the regular interface, but when attempting to edit the data through the MythWeb interface, I noticed that entries where the title started with double-quotes, the field in the edit screen was empty.

The data would be stored in the database, if entered in quotes, yet the edit screen would not retrieve it.

The solution is to add the usage of PHP function htmlentities in the edit.php file of the video module of MythWeb.

The problem is in line 102 where the value attribute contains the following snippet of PHP code:

The corrected version would look like this:

This is built off the latest version of the stable MythWeb module. Download the corrected version.

This is part one of a short series of articles detailing the process I went through to restore a friend’s table pc after her hard drive dies due to a head crash.

Background

My friend has a Gateway CX210X Convertible Notebook. This model uses a SATA internal drive. Her drive died sometime last Friday afternoon while working in Windows. You got the standard click of the drive arm against the platter that wouldn’t stop.

I tried some basic restoration techniques to see if I could at least see the drive:

Nothing worked. So I went out and bought a new hard drive for her from one of the local computer places in Valdosta, Belson’s pcXchange.

Installation Problems

At this point I thought I was going to be homefree, boy was I wrong. The first hurdle was getting the Windows install cd to even see the hard drive. Apparently the bios for the CX210X does not have a legacy option to allow the SATA controller to be seen as a standard IDE controller. No problem, I can just use a USB floppy drive to load the drivers before the install, right? Wrong.

Read more

One of the small annoyances I have with Firefox is the default URL used for the Google search plug-in.  While I generally just type in a search term and hit enter, I do sometimes just hit enter without a corresponding search term just to get sent to the main Google page.  Why do I do this?  Mainly so that I can view the updated Google logos when they change for holidays.

With a default installation of Firefox the default Google page is the Mozilla Firefox Start Page.  While this is nice from a corporate branding sense, this special page does not have the links to either iGoogle or the Google Accounts login page, nor does is feature the often customized Google logo.  Also, none of the other search plug-ins that I have tested in Firefox exhibit a similar “feature”, they all dump you at the default page for that particular service.
Here’s how to change all of that.

Firefox 2.x for Mac OS X

1. Quit Firefox.
2. In the Finder, navigate to /Applications
3. Right-click (or control-click) on Firefox.app and select Show Package Contents from the context menu
4. In the window that comes navigate to Contents -> MacOS -> searchplugins
5. Open the file named google.xml in your favorite text editor
6. Change the value for the XML attribute named SearchForm as follows:
   

   Default:  http://www.google.com/firefox
   Changed: http://www.google.com

7. Save the file and start Firefox.

Firefox 2.x for Windows

1. Quit Firefox.
2. In Windows Explorer open the following directory C:\ -> Program Files -> Mozilla Firefox -> searchplugins
3. Open the file named google.xml in your favorite text editor
4. Change the value for the XML attribute named SearchForm as follows:
   

   Default:  http://www.google.com/firefox
   Changed: http://www.google.com

Voila!  Now you have what many of my friends would have logically concluded as the expected action for the Google search plugin for Firefox.

Note that this mod will have to be changed for each successive update of the Firefox application, so it may not be to your taste.

Those of you out there who are running an installation of SCT Luminis 3 may have noticed that the browser check always comes up warning you that the browser is unsupported when using Firefox 2, even though all the features seem to be completely supported.

This is due to the fact that the browsercheck javascript does not know about the new agent string that was introduced with Firefox 2. Generally a new release, or service pack to Luminis fixes this for newer browsers.

In order to change this you will need to alter a couple of files in you Luminis install.

The two files that need to be altered are:

1. webapps/luminis/js/clientsniffer.js
2. /webapps/luminis/WEB-INF/templates/portal/browserchk.thtml

clientsniffer.js

In this file you will need to alter the conditional of the big if-statement that follows the assignment for the variable is_nav5.

The problem is that the if checks for the existence of a revision number of 1.8. What you need to do is add an additional check for a revision number of 1.8.1.6. So the if-statement conditional becomes:

if (is_nav5 || agt.indexOf(”rv:1.7.12″) != -1 || agt.indexOf(”rv:1.8″) != -1 || agt.indexOf(”rv:1.8.1.6″) != -1)

The next thing to do is to add an additional Firefox variable that is set to true if the major number is 2. I added this after the existing variable is_fox1_5.

var is_fox2 = (is_fox && (is_major == 2));

browserchk.thtml

In the browsercheck file you need to alter if-statement that sets the variable supported to have a true value. This if-statement should follow immediately after the one that checks for whether java is enabled in your browser.

What you need to add is an additional OR check, so that the if-statement conditional looks like the following:

if ((is_nav8) || (is_nav7) || (is_moz1_7) || (is_win && is_ie5up) || (is_win && is_ie6) || (is_saf1_3) || (is_fox1_5) || (is_fox2) || (is_win && is_fox1))

I have tested this change with Firefox 2.0.0.6 on the following browsers:

• Mac OS X 10.4.10
• Windows XP SP2
• Windows Vista
• Ubuntu 6.10

Resources

Well, over the weekend some of the other sysadmins of the world provided the solution to the Office 2007 file download problems.

It’s all about the mime types. For those of you not in the know, a MIME type is an Internet Standard that is used to help webservers and e-mail servers know what kind of files are being served up and sent out. Check out the Wikipedia article for more.

So on an Apache webserver you need to add the following to your mime types file:

application/vnd.openxmlformats docx pptx xlsx

Thanks goes out to Vlad Mazek and his post on this one.

Now if only it was so easy for a Windows webserver running IIS. For the process on updating IIS, surf on over to the entry on David Oberton’s blog at a href=”http://uksbsguy.com/”>UK SBS Guy.

So with the impending roll out of Microsoft Office 2007 here at work, we have discovered something interesting. Apparently IE 6 and IE 7 don’t understand how to deal with the new file types that were introduced with Office 2007.

For those of you who aren’t aware, with the introduction of Office 2007, Microsoft has moved to new new file format for Word, Excel, and PowerPoint called Open XML. The new extensions for the files have an x added to the end of the familiar Office file extensions. For more on the file types check out the Wikipedia entry Microsoft Office 2007 file extensions.

The behavior when attempting to download the files using IE is that the browser treats them as zip files and displays the familiar “Run, Save, Cancel” box after starting the download. The fun part is that Firefox 2.0.0.3 and Netscape 8.1.3 both check the file extension against the file types list of the OS and if the new file types are listed appropriately, they tell you the correct type of Office document that you are attempting to download. (Note: you only get the new file type definitions if you have installed Office 2007 or the Office 2007 File Compatibility Pack for Office 2003).

Good game, Microsoft. I really hope that you produce a fix soon.

For those searching for more information on this, here’s a couple of links I found on the problem:

http://www.tutorials-xe.com/ERRORS/docx-becomes/
http://www2.nau.edu/~d-elearn/faculty_support/tutorials/office2007/office2007.php

From the Ars Technica story:

A Michigan man is being prosecuted for using a cafe’s free WiFi… from his car.

The Michigan law apparently bars you from accessing someone else’s network without their explicit authorization.

Seems to me that this is really getting out of hand. Where’s the law that says that the owner of the network has to secure it to prevent unauthorized access? Given the ease with which you can secure a network and still allow your customers access when they wish, I would think that this is a no-brainer.

Also, is there a law that says I can’t stand on the street corner, on the public sidewalk mind you (because I would hate to get arrested for loitering), and use the street lamp that the store is paying for to read a newspaper or book? Isn’t that unauthorized use of their electricity?

So I ran across a story on Slashdot about how ABC/Disney had a blog shutdown over the posting of some audio clips from a radio-station affiliate in conjunction with the blogger’s letters to the radio station advertisers over their tacit support of the comments and views of the talk radio hosts on the station.

The Slashdot post linked to a blog posting on the Daily Kos: State of the Nation that had more details.

While I don’t exactly like the idea of corporate America picking on the little guy when their pocketbook is being affected, I wonder at the hoopla that gets kicked up in the liberal ‘Net community everytime something like this happens.

One of the comments on the Daily Kos post stated that this was

this is a really big First Amdendment and Blogger Rights issue

I think that the author of the comment would have had a good point if they had stopped after “First Amendment”.

What is it that makes speech in a blog any different than speech in any other medium? If there are legitimate freedom of speech issues in this particular case, beyond the often confusing interpretation of what constitutes fair use, then that is a valid point. However, just because the post was made on a blog shouldn’t impart any special protection beyond what has been granted in the caselaw surrounding the first amendment protections.

For years, people that have an issue with a particular view expressed through a commercial entity, be it radio, television, or print, have been writing letters to newspaper editors and advertisers. How is this any different now that we have another medium to voice our opinions? Just because the ease of getting the opinion across has been increased with the advent of Internet forums and blogs, does not mean that the same laws concerning freedom of speech or copyright are more or less applicable.

Do we really need a whole raft of new legislation when the medium is digital instead of analog?

The only thing that can save the world is the reclaiming of the awareness of the world. That’s what poetry does. — Allen Ginsberg

So according to a study commissioned by Mayor Bloomberg, the greenhouse gas emissions of New York City in 2005 was on par with all of Ireland or Portugal.

You have to love it when a city produces as much environmentally destructive elements as an entire country.

The most interesting part was the fact that it’s mostly from the buildings and not the average citizen. The claim that the mass transit system is what make the citizens less polluting.

I wonder how much less the entire U.S. would produce if we took mass transit more seriously?

Ref: Greenhouse Gas Study: 1 Percent From NYC

This is the first post using the WordPress app for the iPhone.

It’s a pretty nice application, but it would be better if it supported the rotation feature to get the horizontal keyboard.

I do like the fact that you can add photos.

As I keep browsing the App Store to find more interesting applications, I find my self wondering exactly what criteria Apple is using to place the various applications in each category.

It’s not the actual application category or sub-category that I find strange, but the generic categories:

1. All iPhone Applications
2. All iPod Touch Applications
3. All Free Applications
4. New

Read more

This morning, as I have for the couple of days, I checked the App Store in iTunes for new applications for my 8GB iPhone 3G.  I noticed that when I sorted the new applications by release date that the NYTimes application showed a release date of July 16, 2008.  I thought that it was odd since I know I got that application on the first day of the 3G release.

Turns out that it is an updated version, however when clicking the Check for Updates link in Applications section of my iTunes library I got the following dialog box:

So apparently the update check mechanism in iTunes doesn’t work.  I hope that they get this fixed soon.  Even better would be an e-mail notification that a new version of the application is available.

So I just finished Prince of Persia on my PS3.  I decided that I would go and purchase the $9.99 Prince of Persia: Epilogue DLC from the PSN (PlayStation Network) store so that I could have some more PoP game time.

Turns out that I can’t purchase anything using my Bank of America debit card, because Sony’s billing and account system is seriously messed up.

First I tried just entering in my account information in the PSN store interface as a direct purchase.  I put in the card information and billing information.  I get an error back that says “Credit card is invalid. Check your entries.”  Thinking that I may have punched something in wrong when relying on my memory, I go get the physical card and verify that all the data was correct.  Hit continue.  Same error.

I then tried to just enter the billing information into the account management thinking that maybe that would work.  Same error.

I tried logging into my PSN account over the web on my laptop and entering the information there.  Same error.

Having now exhausted all the possible avenues for entering in my information, I search the Google to find out if others have had this problem and what the fix might or might not be.  Turns out there have been numerous people with the same problem.

The first thread I listed had the most information.  They were discussing the possible values necessary in the address fields, etc.  I checked all my information.  Here’s what you need to double-check:

1. Make sure your console has been activated using the System Activation item in the dashboard
2. Make sure that if your billing address is a post office box that you are not adding in punctuation
3. Make sure that your zip code is matching exactly with the bank records, especially if your bank uses an address verification system
4. Make sure that your phone number, if listed, matches the bank records

The problem is that I checked all of this and none of it helped.  So I called the Sony Computer Entertainment America support number (800-345-7669) and waded through the menu system to get a support representative.  I have to give kudos to the support representative, because she was very calm and nice, and she didn’t even have a problem with the fact that I had already checked everything that she had on her checklist for me to check.

Unfortunately, she said “Sometimes the PO Box addresses just don’t work.  The only suggestion I can make is that you use a different credit card or go buy a PlayStation Network Card.”  She was very sorry that it wasn’t working, but there was nothing she could do to help.

I am not blaming the support folks, but that kind of answer is really pretty unacceptable.  I use my BoA card online, in stores, and over the phone all the time with no problems at all.  To make matters worse, when I logged in to my BoA account over the web I had a $1 pending transaction for each of my attempts to connect my card to the PSN store.  The customer service representative did assure me that they would drop off since a complete account transaction had never occured.

This is unexcusable.  Why even bother creating an online store for your game console if it doesn’t reliably work to purchase things?  Someone at Sony really needs to get this ironed out.

In my process of tranferring my DVD collection to a digital media server I discovered that the Apple TV software is smarter than I thought.

I have been ripping my DVD collection using Handbrake on my Mac and transferring them to a Windows box which is shared out via my internal only network to the Apple TV using iTunes.  I use the built-in Apple TV profile to do this.  The profile sets the frame rate option on the encoder to be “Same As Source”.  It turns out that if your rip has a final fps (frames per second) that is greater than 30 then the resulting movie will not be available in the list of Shared Movies on the Apple TV.

So in the process of applying the new SSL cert here at work, I discovered an issue with the reCAPTCHA service.

The problem was that I was getting errors saying that my forms were only partially encrypted.  This was due to my use of the reCAPTCHA library, which by default doesn’t use an SSL connection to grab the challenge HTML.

The documentation at the reCaptcha site has a section on this.  Specifically it says:

In order to avoid getting browser warnings, if you use reCAPTCHA on an SSL site, you should replace http://api.recaptcha.net with https://api-secure.recaptcha.net.

Ref: http://recaptcha.net/apidocs/captcha/client.html

The example it uses shows how to change the Javascript itself.  While this was nice to know it really didn’t help too much in my particular case. To solve this when using the reCAPTCHA PHP library, all you need to do is change the value of a single variable.  In the file recaptchalib.php look for the function recaptcha_get_html then change the declaration to read as follows:

function recaptcha_get_html ($pubkey, $error = null, $use_ssl = true)

This will force all calls to be transmitted over an SSL connection, thus eliminating the dialog box in Internet Explorer and the slashed-lock in Firefox.

However since I am not encrypting the entire site by default, yet due to an issue with our website editing/management system, Adobe Contribute, I had to do a bit more than just updating the boolean variable.  Since some of my forms are encrypted and some are not, I added the following code to the function referenced above:

if ($_SERVER['SERVER_PORT'] = 443) { $use_ssl = true;

}

This needs to be added just above the check for the value of the variable use_ssl in the function recaptcha_get_html.  Once you do this you can use the same copy of the recpatchalib.php file for both secure and non-secure forms.

This next week the Senate is expected to vote on legislation to delay the transition of broadcast television in the United States from analog signals to digital signals.

The initial deadline was to have been February 17, 2009, however some in Congress as well as President Obama claim that more time is needed due to the fact that evidence has shown that consumers are not prepared. The new legislation sets a deadline for the switch to June 12, 2009, however broadcasters can switch over to digital prior to that deadline if they so choose.

Read more

Over Thanksgiving break I bought an Apple TV.  Like any good geek I wanted to expand the capability of the unit beyond the default setup.

After installing Firefox and getting USB keyboard and mouse support going, I realized that it would be tremendously cool if I could control it from my iPhone instead of using a wired keyboard.

To begin with I installed OSXvnc.  The only problem was that I needed to store a password.  After reading a the VNC post on the aTV Flash forum, I successfully conquered that.  However, I had the same problem that iMattUK had: you had to use an ssh connection to start it.

To conquer this I wrote a launchd plist to launch OSXvnc for me at system startup.  Read on for the process I used to get it all working.

Read more

Next Page »

Over the weekend I setup a Ubuntu 8.04 installation in my apartment.  The main purpose was to have a box to use to connect to my Tivo, but I am also going to use it to play with Java servlet and jsp development.

Of course none of this is any fun without Internet access.  So I started configuring my Linksys pci wireless adapter.  Turns out that the longstanding bug that affects the WPA2 passphrase store in Gnome Network Manager is still not fixed.

Read more

Those of you out there who are running an installation of SCT Luminis 3 may have noticed that the browser check always comes up warning you that the browser is unsupported when using Firefox 2, even though all the features seem to be completely supported.

This is due to the fact that the browsercheck javascript does not know about the new agent string that was introduced with Firefox 2. Generally a new release, or service pack to Luminis fixes this for newer browsers.

In order to change this you will need to alter a couple of files in you Luminis install.

The two files that need to be altered are:

1. webapps/luminis/js/clientsniffer.js
2. /webapps/luminis/WEB-INF/templates/portal/browserchk.thtml

clientsniffer.js

In this file you will need to alter the conditional of the big if-statement that follows the assignment for the variable is_nav5.

The problem is that the if checks for the existence of a revision number of 1.8. What you need to do is add an additional check for a revision number of 1.8.1.6. So the if-statement conditional becomes:

if (is_nav5 || agt.indexOf(”rv:1.7.12″) != -1 || agt.indexOf(”rv:1.8″) != -1 || agt.indexOf(”rv:1.8.1.6″) != -1)

The next thing to do is to add an additional Firefox variable that is set to true if the major number is 2. I added this after the existing variable is_fox1_5.

var is_fox2 = (is_fox && (is_major == 2));

browserchk.thtml

In the browsercheck file you need to alter if-statement that sets the variable supported to have a true value. This if-statement should follow immediately after the one that checks for whether java is enabled in your browser.

What you need to add is an additional OR check, so that the if-statement conditional looks like the following:

if ((is_nav8) || (is_nav7) || (is_moz1_7) || (is_win && is_ie5up) || (is_win && is_ie6) || (is_saf1_3) || (is_fox1_5) || (is_fox2) || (is_win && is_fox1))

I have tested this change with Firefox 2.0.0.6 on the following browsers:

• Mac OS X 10.4.10
• Windows XP SP2
• Windows Vista
• Ubuntu 6.10

Resources

Well, over the weekend some of the other sysadmins of the world provided the solution to the Office 2007 file download problems.

It’s all about the mime types. For those of you not in the know, a MIME type is an Internet Standard that is used to help webservers and e-mail servers know what kind of files are being served up and sent out. Check out the Wikipedia article for more.

So on an Apache webserver you need to add the following to your mime types file:

application/vnd.openxmlformats docx pptx xlsx

Thanks goes out to Vlad Mazek and his post on this one.

Now if only it was so easy for a Windows webserver running IIS. For the process on updating IIS, surf on over to the entry on David Oberton’s blog at a href=”http://uksbsguy.com/”>UK SBS Guy.

In the process of rebuilding my MythTV box with Gentoo, I found a bug in the 2.6.19 kernel when it comes to using wireless and ndiswrapper for my Linksys WMP54G v.4 PCI card.

When you configure the kernel you normally have to only select CONFIG_NET_RADIO=y and CONFIG_NET_WIRELESS=y.

But with the 2.6.19 kernel I discovered via post on a board that you also need to select one of the wireless chipsets as a module, even if you don’t plan on using it. If you don’t do this then CONFIG_NET_RADIO will still be marked as “n” when the kernel is built even though that isn’t what you selected at config time.

To check the required values you can use the following command:

zgrep CONFIG_NET_RADIO /proc/config.gz
zgrep CONFIG_NET_WIRELESS /proc/config.gz

I you have read my previous post, GPG Best Practices, you will know that I am a fan of setting expiration dates on my GPG keys.

This has not always been the case. As with many computer users I tend towards the lazy, and if I can keep from having to re-learn a password by never changing it, then I have been guilty of doing so.

Recently, however, I have decided that this is not the best thing to do when it comes to computer security. So while restoring my computer this weekend after a rebuild of the OS to get rid of some cruft that had built up, I decided I needed to add expiration dates to all of my GPG keys.

Now I had already established one for my work e-mail at the time I created the key, but now I needed to go back and add ones to my personal keys. After reading the man page on GPG, it looked pretty easy. Just go into edit mode for the key I wanted to change, the add an expiration date. Simple enough, right? Wrong.

Turns out the what I wanted to do was feasible, just not readily apparent. I didn’t just want to set a date relative to the current date in day, months, weeks, or years. What I wanted to do was use a specific date.

Well, after some diligent searching on Google, I found the following in a post on the gnupg-users list:

>>Is it possible to set an explicit date (e.g. 31 Dec) rather than a >>duration? I suppose I could compute the number of days, but that’s

>>annoying.

Problem solved, mission accomplished.

Like many people who have some concerns over security on the Internet, I have started to use digital signatures for all of my mail sent from my regular e-mail client on my Mac.

While there are several avenues for this, I chose to use GPG. While I know that this means jumping through a couple of extra hoops in configuring my mail client, I decided that it was worth it, because unlike the Thawte Freemail certs, using GPG on my computer also means that I can encrypt files in addition to my mail messages, should I choose to do so.

I am wondering what the thoughts are on best practices when it comes to using GPG.

Here are a couple that I have come up with (learned through hard experience):

1. Backup your keys.

I cannot stress this strongly enough. If for some reason you have a catostrophic computer failure, you will need those backups in order to decrypt your e-mail once you restore your data backup. (You do back your data up, right?)

And when you make those backups, do not rely on just a digital backup. Backup both your public and secret keys in an ASCII-armor file and print the darned thing out. Digital backups are subject to data rot and any number of other technological snafu’s, but I have printed material that is perfectly readable after more than 20 years.

2. Make a revocation certificate.

The GPG mini-howto gives a couple of excellent reasons for doing this:

For instance: the secret key has been stolen or became available to the wrong people, the UID has been changed, the key is not large enough anymore, etc.

Just remember that revoking a key is not reversible.

3. Set an expiration date for your keys.

Just like changing passwords, you should regularly change your GPG keys. Don’t worry about losing track of the data that was encrypted with a key that has expired. You’ll still be able to open that data, it just means that someone won’t be able to encrypt with the old key unless they ignore the warnings about it being expired.

What this also means is that you should hang on to the expired keys, since you might need them to access some older encrypted files. (See best practice number 1)

4. Add commentary to your keys.

If you are like most heavy computer users, you have more than one e-mail address. And if you create a GPG key for each one of those, it would help to keep things orderly if you commented on the individual keys.

For example, the key I use for my work e-mail has a comment of:

Work Address

So, do you have anymore best practices?

Everyone wanted DRM-free music and EMI partnered with Apple to make it happen.

Now apparently it’s not being done right. Of course, we all knew that the account holder name and associated e-mail address was being stored in the DRM encrypted tracks. But somehow everyone seems to think that Apple was going to just cease to embed that because the song was DRM-free.

Ars Technica has a story up on this.

I wouldn’t be surprised if some data was being analyzed in aggregate, although Apple’s current privacy policy does not appear to allow for this. As with the dust-up over the mini-store, Apple should clarify what this embedded data is used for.

Give me a break. Sure, if the privacy policy states that Apple isn’t going to use the data for purchase analyization, then fine. But I would be willing to bet that the author of the story has at least one of those grocery store cards, or a gas station card, or even a driver’s license, that contains some sort of barcode or mag stripe on it. What exactly do you think the stores do with all that data on your purchasing habits? They analyze it for trends of course.

Chicken Little, the sky is not falling.

So I ran across a story on Slashdot about how ABC/Disney had a blog shutdown over the posting of some audio clips from a radio-station affiliate in conjunction with the blogger’s letters to the radio station advertisers over their tacit support of the comments and views of the talk radio hosts on the station.

The Slashdot post linked to a blog posting on the Daily Kos: State of the Nation that had more details.

While I don’t exactly like the idea of corporate America picking on the little guy when their pocketbook is being affected, I wonder at the hoopla that gets kicked up in the liberal ‘Net community everytime something like this happens.

One of the comments on the Daily Kos post stated that this was

this is a really big First Amdendment and Blogger Rights issue

I think that the author of the comment would have had a good point if they had stopped after “First Amendment”.

What is it that makes speech in a blog any different than speech in any other medium? If there are legitimate freedom of speech issues in this particular case, beyond the often confusing interpretation of what constitutes fair use, then that is a valid point. However, just because the post was made on a blog shouldn’t impart any special protection beyond what has been granted in the caselaw surrounding the first amendment protections.

For years, people that have an issue with a particular view expressed through a commercial entity, be it radio, television, or print, have been writing letters to newspaper editors and advertisers. How is this any different now that we have another medium to voice our opinions? Just because the ease of getting the opinion across has been increased with the advent of Internet forums and blogs, does not mean that the same laws concerning freedom of speech or copyright are more or less applicable.

Do we really need a whole raft of new legislation when the medium is digital instead of analog?

col – o – phon an inscription placed at the end of a book or manuscript usually with facts relative to its production. – from Merriam-Webster’s Online Dictionary

what powers the site?

This site is running on a server hosted by the folks at Media Temple.

The site is powered by WordPress. Those of you have followed my site any have noticed a tendency towards fluctuation. Originally I had a hand-coded site. Then I switched to MoveableType, then WordPress. After a while, my brother convinced my to try Drupal, but finally I went back to WordPress.

The site currently runs the Whitespace theme by Brian Gardner.

Other than the default plugins, right now I am running the following: