Month: July 2012

After my recent iPad acquisition, I realized that now I need a new bag to carry it in. Normally I use a large Healthy Back Bag, produced and sold by AmeriBag. Unfortunately, the iPad’s shape doesn’t lend itself to being carried in the teardrop-shaped bag.  I have narrowed down my choices, and there are oh so many of them, but now I need some help from you, gentle reader.  Each of the images below are linked to the product information page on the bag.

Ristretto for iPad by Tom Bihn	The Imago – A Laptop Messenger by Tom Bihn	The Australian Vertical Messenger by Bellino
Scout Extra Small by STM Bags	Distressed Leather Unisex Bag by David King and Co.

In Outlook Live browser cookie issues, I discussed the issues surrounding cookie usage and the Outlook Live service.  As you may remember, one of the problems surrounding turning off the blind support of third-party cookies is the check that is performed at logout.  If the check doesn’t pass then you will get a warning message.

The fix for this from the MS perspective is to enable third-party cookies.  One of the main reasons to not follow this is for better privacy while browsing the Internet.  As with most computer security, web browser security is often a trade-off between usability and security.  You have to know what to set things to to achieve a balance between good security and acceptable annoyance.  Many users install ad-blockers, flash blockers, disable Javascript, etc.  These are good tactics, but they also introduce browsing annoyances since the very technologies these plug-ins disable are what makes the web experience interesting and fun.  For more on browser security check out Securing Your Web Browser at CERT.

Fortunately, in this particular case the solution is relatively easy.  Since Mozilla gives us the ability to configure the browser directly, we can change how Firefox handles cookies.

First you will need to open Firefox and go to the site about:config to edit the settings.  This is not really a website, but a method provided to directly configure some browser settings.  You will be presented with a warning box, just click the button.

Next, in the filter box type network.cookie, this will narrow the list displayed down to only the ones dealing with cookies.  One of the settings to be changed already exists, the other will have to be added.

The setting that you want to change is:

• network.cookie.cookieBehavior

Change network.cookie.cookieBehavior to have a setting of 3, enabling the change, by double clicking on the number in the Value column and entering the new value in the dialog box.

To add the new preference, right click in the window and select Integer from the New submenu.

Enter network.cookie.p3plevel in the dialog box that appears. Set the value to be 3 in the second dialog box.  There is no save function, the changes take effect immediately, just close you browser tab/window.

After making these changes you will now be able to successfully navigate the Outlook Live site and logout without getting the warning message.  You will also be better protected from nefarious third-party cookies.

If you want to change the preferences back to the defaults, simply open the preferences for Firefox and click the checkbox next to Accept third-party cookies.

Apparently this functionality was part of Firefox 2 but was subsequently removed after someone complained about the size of the code required to implement it (a total of 60k in what is now a 56.9MB, at least that’s the size of the application on Mac OS X).  In reading through the comments in the Bugzilla post, I fail to see where anyone makes a decent argument for reducing end-user security.  For more on all of this, check out the references section of this post.

These changes were implemented on Mac OS X 10.6.4 using Firefox 3.6.11, but it should be pertinent to Windows and Linux as well.

References

In June of 2010, Valdosta State University transitioned to using Microsoft’s Live@EDU service for our e-mail.  This is Microsoft’s competing product line with Google’s Apps for Education service.  There were many reasons why we chose the Microsoft service which I won’t get into here, suffice it to say, that was the decision that was made.

While I don’t use the web interface all that much, when I do use it on Safari 5 for the Mac, I have noticed an oddity.  After you login to the system and do whatever you plan to do that session, to logout you should click the “Sign Out” link.  Seems standard enough, right?  Well, not exactly.  On Safari on the Mac I have noticed that I get an error when the signout process is attempted.  When testing Firefox 3.6.11, I found I wasn’t receiving the error screen and the signout process completed successfully.

After delving more into this it turns out that the problem is third-party cookies.  The default settings in Safari are very restrictive.  They are also all or none.  There is no exception list to the privacy settings for browser cookies in Safari, unlike Firefox. Also, it turns out that if you change the settings in Firefox to match the restrictive settings in Safari you get the same error screen.

In order to find out what site was causing the problem I cleared all the cookies for Safari, then enable the setting to always allow cookies.  After comparing the list of cookies that were set, I found one listed for the domain passport.com that did not show up in the cookie list when Safari is set to accept cookies only from sites that I visited.

Further investigation using the Live HTTP Headers add-on in Firefox revealed the following for that domain:

http://loginnet.passport.com/ThirdPartyCookieCheck.srf?ct=1287943985
 
GET /ThirdPartyCookieCheck.srf?ct=1287943985 HTTP/1.1
Host: loginnet.passport.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://login.live.com/logout.srf?lc=1033&nossl=1&lc=1033&ru=https://login.microsoftonline.com/login.srf%3Flc%3D1033%26ct%3D1287943985%26rver%3D6.1.6206.0%26id%3D260563%26wa%3Dwsignoutcleanup1.0%26nossl%3D1%26wreply%3Dhttps:%252F%252Foutlook.com%252Fowa%252F%253Frealm%253Dvaldosta.edu&id=12&wa=wsignout1.0
 
HTTP/1.1 302 Found
Connection: close
Date: Sun, 24 Oct 2010 18:13:05 GMT
Server: Microsoft-IIS/6.0
PPServer: PPV: 30 H: BAYIDSLGN1F57 V: 0
Content-Type: text/html; charset=utf-8
Expires: Sun, 24 Oct 2010 18:12:05 GMT
Cache-Control: no-cache
Pragma: no-cache
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Set-Cookie: MSPP3RD=2832116359; domain=.passport.com;path=/;HTTPOnly= ;version=1
Content-Length: 0
Location: http://loginnet.passport.com/ThirdPartyCookieCheck.srf?tpc=2832116359&lc=1033
----------------------------------------------------------
http://loginnet.passport.com/ThirdPartyCookieCheck.srf?tpc=2832116359&lc=1033
 
GET /ThirdPartyCookieCheck.srf?tpc=2832116359&lc=1033 HTTP/1.1
Host: loginnet.passport.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://login.live.com/logout.srf?lc=1033&nossl=1&lc=1033&ru=https://login.microsoftonline.com/login.srf%3Flc%3D1033%26ct%3D1287943985%26rver%3D6.1.6206.0%26id%3D260563%26wa%3Dwsignoutcleanup1.0%26nossl%3D1%26wreply%3Dhttps:%252F%252Foutlook.com%252Fowa%252F%253Frealm%253Dvaldosta.edu&id=12&wa=wsignout1.0
Cookie: MSPP3RD=2832116359
 
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Sun, 24 Oct 2010 18:13:06 GMT
Pragma: no-cache
Content-Type: image/gif
Expires: Sun, 24 Oct 2010 18:12:06 GMT
Server: Microsoft-IIS/6.0
PPServer: PPV: 30 H: BAYIDSLGN1F50 V: 0
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Content-Encoding: gzip
Vary: Accept-Encoding
Transfer-Encoding: chunked

Continuing the investigation, I decided to force Firefox to ask me about each cookie that was going to be set.  This makes a dialog show up for each cookie attempt giving me the option to deny it, allow it only for the current session, or always allow.  After walking through the tortorous process of a complete login/logout session, it turns out that two cookies are being set for the domain passport.com with each of them set to expire at the end of the session.  More detail on the cookie can be seen in the screen shot of the cookie detail (provided by the plugin Add N Edit Cookies) shown below:

So, the next step was to fire up my VM and see how all this worked on the Windows side of things.  I figured that since we had not been deluged with user requests concerning this that the browsers on the Windows side of the equation were handling it all differently. Firefox on Windows is configured out of the box just like Firefox on Mac OS X.  So, as I expected the operation was the same as well. If you allow for third-party cookies, then it works fine, if you don’t then you get the error screen.

The interesting development is the settings for Internet Explorer.  Bear in mind that I am using Windows 7 and Internet Explorer 8, but the settings should be fairly similar on Windows XP and between versions 7 and 8.  The default setting in IE8 is to all third-party cookies, but (and this is the key) only if they have a compact privacy policy (P3P).  This is the setting that makes the big difference.

It turns out that neither Firefox nor Safari support P3P headers by default.  In fact there doesn’t appear to be any support for them in Safari at all.  Configuring Firefox to support them requires some advanced editing of the main configuration file.

I haven’t found any adverse effects to the workings of Outlook Live when using Safari, but it is rather annoying that this occurs.

References

In Outlook Live browser cookie issues, I discussed the issues surrounding cookie usage and the Outlook Live service.  As you may remember, one of the problems surrounding turning off the blind support of third-party cookies is the check that is performed at logout.  If the check doesn’t pass then you will get a warning message.

The fix for this from the MS perspective is to enable third-party cookies.  One of the main reasons to not follow this is for better privacy while browsing the Internet.  As with most computer security, web browser security is often a trade-off between usability and security.  You have to know what to set things to to achieve a balance between good security and acceptable annoyance.  Many users install ad-blockers, flash blockers, disable Javascript, etc.  These are good tactics, but they also introduce browsing annoyances since the very technologies these plug-ins disable are what makes the web experience interesting and fun.  For more on browser security check out Securing Your Web Browser at CERT.

Fortunately, in this particular case the solution is relatively easy.  Since Mozilla gives us the ability to configure the browser directly, we can change how Firefox handles cookies.

First you will need to open Firefox and go to the site about:config to edit the settings.  This is not really a website, but a method provided to directly configure some browser settings.  You will be presented with a warning box, just click the button.

Next, in the filter box type network.cookie, this will narrow the list displayed down to only the ones dealing with cookies.  One of the settings to be changed already exists, the other will have to be added.

The setting that you want to change is:

• network.cookie.cookieBehavior

Change network.cookie.cookieBehavior to have a setting of 3, enabling the change, by double clicking on the number in the Value column and entering the new value in the dialog box.

To add the new preference, right click in the window and select Integer from the New submenu.

Enter network.cookie.p3plevel in the dialog box that appears. Set the value to be 3 in the second dialog box.  There is no save function, the changes take effect immediately, just close you browser tab/window.

After making these changes you will now be able to successfully navigate the Outlook Live site and logout without getting the warning message.  You will also be better protected from nefarious third-party cookies.

If you want to change the preferences back to the defaults, simply open the preferences for Firefox and click the checkbox next to Accept third-party cookies.

Apparently this functionality was part of Firefox 2 but was subsequently removed after someone complained about the size of the code required to implement it (a total of 60k in what is now a 56.9MB, at least that’s the size of the application on Mac OS X).  In reading through the comments in the Bugzilla post, I fail to see where anyone makes a decent argument for reducing end-user security.  For more on all of this, check out the references section of this post.

These changes were implemented on Mac OS X 10.6.4 using Firefox 3.6.11, but it should be pertinent to Windows and Linux as well.

References

In June of 2010, Valdosta State University transitioned to using Microsoft’s Live@EDU service for our e-mail.  This is Microsoft’s competing product line with Google’s Apps for Education service.  There were many reasons why we chose the Microsoft service which I won’t get into here, suffice it to say, that was the decision that was made.

While I don’t use the web interface all that much, when I do use it on Safari 5 for the Mac, I have noticed an oddity.  After you login to the system and do whatever you plan to do that session, to logout you should click the “Sign Out” link.  Seems standard enough, right?  Well, not exactly.  On Safari on the Mac I have noticed that I get an error when the signout process is attempted.  When testing Firefox 3.6.11, I found I wasn’t receiving the error screen and the signout process completed successfully.

After delving more into this it turns out that the problem is third-party cookies.  The default settings in Safari are very restrictive.  They are also all or none.  There is no exception list to the privacy settings for browser cookies in Safari, unlike Firefox. Also, it turns out that if you change the settings in Firefox to match the restrictive settings in Safari you get the same error screen.

In order to find out what site was causing the problem I cleared all the cookies for Safari, then enable the setting to always allow cookies.  After comparing the list of cookies that were set, I found one listed for the domain passport.com that did not show up in the cookie list when Safari is set to accept cookies only from sites that I visited.

Further investigation using the Live HTTP Headers add-on in Firefox revealed the following for that domain:

http://loginnet.passport.com/ThirdPartyCookieCheck.srf?ct=1287943985
 
GET /ThirdPartyCookieCheck.srf?ct=1287943985 HTTP/1.1
Host: loginnet.passport.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://login.live.com/logout.srf?lc=1033&nossl=1&lc=1033&ru=https://login.microsoftonline.com/login.srf%3Flc%3D1033%26ct%3D1287943985%26rver%3D6.1.6206.0%26id%3D260563%26wa%3Dwsignoutcleanup1.0%26nossl%3D1%26wreply%3Dhttps:%252F%252Foutlook.com%252Fowa%252F%253Frealm%253Dvaldosta.edu&id=12&wa=wsignout1.0
 
HTTP/1.1 302 Found
Connection: close
Date: Sun, 24 Oct 2010 18:13:05 GMT
Server: Microsoft-IIS/6.0
PPServer: PPV: 30 H: BAYIDSLGN1F57 V: 0
Content-Type: text/html; charset=utf-8
Expires: Sun, 24 Oct 2010 18:12:05 GMT
Cache-Control: no-cache
Pragma: no-cache
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Set-Cookie: MSPP3RD=2832116359; domain=.passport.com;path=/;HTTPOnly= ;version=1
Content-Length: 0
Location: http://loginnet.passport.com/ThirdPartyCookieCheck.srf?tpc=2832116359&lc=1033
----------------------------------------------------------
http://loginnet.passport.com/ThirdPartyCookieCheck.srf?tpc=2832116359&lc=1033
 
GET /ThirdPartyCookieCheck.srf?tpc=2832116359&lc=1033 HTTP/1.1
Host: loginnet.passport.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://login.live.com/logout.srf?lc=1033&nossl=1&lc=1033&ru=https://login.microsoftonline.com/login.srf%3Flc%3D1033%26ct%3D1287943985%26rver%3D6.1.6206.0%26id%3D260563%26wa%3Dwsignoutcleanup1.0%26nossl%3D1%26wreply%3Dhttps:%252F%252Foutlook.com%252Fowa%252F%253Frealm%253Dvaldosta.edu&id=12&wa=wsignout1.0
Cookie: MSPP3RD=2832116359
 
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Sun, 24 Oct 2010 18:13:06 GMT
Pragma: no-cache
Content-Type: image/gif
Expires: Sun, 24 Oct 2010 18:12:06 GMT
Server: Microsoft-IIS/6.0
PPServer: PPV: 30 H: BAYIDSLGN1F50 V: 0
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Content-Encoding: gzip
Vary: Accept-Encoding
Transfer-Encoding: chunked

Continuing the investigation, I decided to force Firefox to ask me about each cookie that was going to be set.  This makes a dialog show up for each cookie attempt giving me the option to deny it, allow it only for the current session, or always allow.  After walking through the tortorous process of a complete login/logout session, it turns out that two cookies are being set for the domain passport.com with each of them set to expire at the end of the session.  More detail on the cookie can be seen in the screen shot of the cookie detail (provided by the plugin Add N Edit Cookies) shown below:

So, the next step was to fire up my VM and see how all this worked on the Windows side of things.  I figured that since we had not been deluged with user requests concerning this that the browsers on the Windows side of the equation were handling it all differently. Firefox on Windows is configured out of the box just like Firefox on Mac OS X.  So, as I expected the operation was the same as well. If you allow for third-party cookies, then it works fine, if you don’t then you get the error screen.

The interesting development is the settings for Internet Explorer.  Bear in mind that I am using Windows 7 and Internet Explorer 8, but the settings should be fairly similar on Windows XP and between versions 7 and 8.  The default setting in IE8 is to all third-party cookies, but (and this is the key) only if they have a compact privacy policy (P3P).  This is the setting that makes the big difference.

It turns out that neither Firefox nor Safari support P3P headers by default.  In fact there doesn’t appear to be any support for them in Safari at all.  Configuring Firefox to support them requires some advanced editing of the main configuration file.

I haven’t found any adverse effects to the workings of Outlook Live when using Safari, but it is rather annoying that this occurs.

References

In June of 2010, Valdosta State University transitioned to using Microsoft’s Live@EDU service for our e-mail.  This is Microsoft’s competing product line with Google’s Apps for Education service.  There were many reasons why we chose the Microsoft service which I won’t get into here, suffice it to say, that was the decision that was made.

While I don’t use the web interface all that much, when I do use it on Safari 5 for the Mac, I have noticed an oddity.  After you login to the system and do whatever you plan to do that session, to logout you should click the “Sign Out” link.  Seems standard enough, right?  Well, not exactly.  On Safari on the Mac I have noticed that I get an error when the signout process is attempted.  When testing Firefox 3.6.11, I found I wasn’t receiving the error screen and the signout process completed successfully.

After delving more into this it turns out that the problem is third-party cookies.  The default settings in Safari are very restrictive.  They are also all or none.  There is no exception list to the privacy settings for browser cookies in Safari, unlike Firefox. Also, it turns out that if you change the settings in Firefox to match the restrictive settings in Safari you get the same error screen.

In order to find out what site was causing the problem I cleared all the cookies for Safari, then enable the setting to always allow cookies.  After comparing the list of cookies that were set, I found one listed for the domain passport.com that did not show up in the cookie list when Safari is set to accept cookies only from sites that I visited.

Further investigation using the Live HTTP Headers add-on in Firefox revealed the following for that domain:

http://loginnet.passport.com/ThirdPartyCookieCheck.srf?ct=1287943985
 
GET /ThirdPartyCookieCheck.srf?ct=1287943985 HTTP/1.1
Host: loginnet.passport.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://login.live.com/logout.srf?lc=1033&nossl=1&lc=1033&ru=https://login.microsoftonline.com/login.srf%3Flc%3D1033%26ct%3D1287943985%26rver%3D6.1.6206.0%26id%3D260563%26wa%3Dwsignoutcleanup1.0%26nossl%3D1%26wreply%3Dhttps:%252F%252Foutlook.com%252Fowa%252F%253Frealm%253Dvaldosta.edu&id=12&wa=wsignout1.0
 
HTTP/1.1 302 Found
Connection: close
Date: Sun, 24 Oct 2010 18:13:05 GMT
Server: Microsoft-IIS/6.0
PPServer: PPV: 30 H: BAYIDSLGN1F57 V: 0
Content-Type: text/html; charset=utf-8
Expires: Sun, 24 Oct 2010 18:12:05 GMT
Cache-Control: no-cache
Pragma: no-cache
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Set-Cookie: MSPP3RD=2832116359; domain=.passport.com;path=/;HTTPOnly= ;version=1
Content-Length: 0
Location: http://loginnet.passport.com/ThirdPartyCookieCheck.srf?tpc=2832116359&lc=1033
----------------------------------------------------------
http://loginnet.passport.com/ThirdPartyCookieCheck.srf?tpc=2832116359&lc=1033
 
GET /ThirdPartyCookieCheck.srf?tpc=2832116359&lc=1033 HTTP/1.1
Host: loginnet.passport.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://login.live.com/logout.srf?lc=1033&nossl=1&lc=1033&ru=https://login.microsoftonline.com/login.srf%3Flc%3D1033%26ct%3D1287943985%26rver%3D6.1.6206.0%26id%3D260563%26wa%3Dwsignoutcleanup1.0%26nossl%3D1%26wreply%3Dhttps:%252F%252Foutlook.com%252Fowa%252F%253Frealm%253Dvaldosta.edu&id=12&wa=wsignout1.0
Cookie: MSPP3RD=2832116359
 
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Sun, 24 Oct 2010 18:13:06 GMT
Pragma: no-cache
Content-Type: image/gif
Expires: Sun, 24 Oct 2010 18:12:06 GMT
Server: Microsoft-IIS/6.0
PPServer: PPV: 30 H: BAYIDSLGN1F50 V: 0
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Content-Encoding: gzip
Vary: Accept-Encoding
Transfer-Encoding: chunked

Continuing the investigation, I decided to force Firefox to ask me about each cookie that was going to be set.  This makes a dialog show up for each cookie attempt giving me the option to deny it, allow it only for the current session, or always allow.  After walking through the tortorous process of a complete login/logout session, it turns out that two cookies are being set for the domain passport.com with each of them set to expire at the end of the session.  More detail on the cookie can be seen in the screen shot of the cookie detail (provided by the plugin Add N Edit Cookies) shown below:

So, the next step was to fire up my VM and see how all this worked on the Windows side of things.  I figured that since we had not been deluged with user requests concerning this that the browsers on the Windows side of the equation were handling it all differently. Firefox on Windows is configured out of the box just like Firefox on Mac OS X.  So, as I expected the operation was the same as well. If you allow for third-party cookies, then it works fine, if you don’t then you get the error screen.

The interesting development is the settings for Internet Explorer.  Bear in mind that I am using Windows 7 and Internet Explorer 8, but the settings should be fairly similar on Windows XP and between versions 7 and 8.  The default setting in IE8 is to all third-party cookies, but (and this is the key) only if they have a compact privacy policy (P3P).  This is the setting that makes the big difference.

It turns out that neither Firefox nor Safari support P3P headers by default.  In fact there doesn’t appear to be any support for them in Safari at all.  Configuring Firefox to support them requires some advanced editing of the main configuration file.

I haven’t found any adverse effects to the workings of Outlook Live when using Safari, but it is rather annoying that this occurs.

References

While working on a method to allow the VSU Communications Unit to add or change the stories in the rotation on the main VSU webpage, I ran into a problem that involved a known Safari issue involving file uploads.

I don’t regularly create forms that allow for an upload of a file, however I don’t like to store binary data in the MySQL database either. Allowing the files to be uploaded makes creating pages that use them a whole lot easier, since I don’t have to “create” the image from the binary data, just pass off a file location and let the browser do the rest.

The symptoms exhibited were that when submitting the form, Safari would hang about 30-40% of the time. No error messages or timeout messages were displayed. Zip, zilch, nada!
Continue reading

While re-loading the OS and apps on my iMac at work, I ran into major issues whilst updating MS Office 2008.  When running the first update, Office 2008 SP1 (12.1.0) I had no problems, however none of the other updates would run.  I kept getting the error “You cannot install Office 2008 Updates on this volume. A version of the software required to install this update was not found on this volume.”

At first I thought that this might be due to some permissions shenanigans revolving around my AD/OD setup, since the logged in user was not a local admin, but had been granted administrator privileges through a nested group trick.

After more searching I ran across a post on the forums MacRumors.com pointing out problems when running updates on an Office 2008 install that had been altered by using Monolingual or XSlimmer.

Both of these programs were developed to slim down the sizes of binary applications on OS X.  Monolingual strips the “additional languages” from OS X programs and operating system files, while XSlimmer is designed to remove both the extra language information and the unused binary code in a fat binary.  I have never used either of these programs, since I was not concerned about the amount of disk space they utilize.

After more searching, I ran across a post in the Entourage Help Pages discussing troubleshooting Office 2008 installations.  While this page also mentioned issues with installations being altered by Monolingual and XSlimmer, it also pointed out an issue with a workaround created to handle a bug in how Safari deals with the docx file extension.  While the automator workflow mentioned does not appear to actually affect anything other than the names of files, it did jog my memory about something else Safari related that occured when installing Adobe CS 4 earlier the same day.

While installing CS 4 and the available updates, I was prompted to not only quit Safari, but also to quit XMarks for Safari.  For those that don’t know, XMarks is a great service for synchronizing your browser bookmarks between multiple machines, platforms, and browsers.

On a hunch I quit XMarks for Safari, as well as the browser itself.  No dice, I still got the error.  Knowing how easy it would be to reinstall the helper application, I uninstalled XMarks.  Eureka!  The Office updaters now ran without a hitch.  So, if you are having this problem, try deactivating or removing anything plugins that effect the default nature of Safari.

Lately I have noticed that when browsing the web my external hard drive would spin up when there seemed no need.  I had just given into the mysterious and not concerned myself with this until yesterday.

After a few searches, I turned up a post on Apple’s discussion boards entitled Safari pauses & spins up ext HDs with ATS Autoactivation errors.  While I have not found the errors in my logs refered to by the OP, I have noticed the exact same symptoms.

Using the symptoms and discoveries by W. Raideer and strangebirds as a guideline, I found a solution to the issue.  While this may in fact be a bug, it turns out that if you disable Spotlight on the external drive this activity ceases, at least in my case.

To quote the Help documentation for Font Book on the Automatic Activation feature:

Note that if you turn off Spotlight searching for any folder or disk connected to your computer, Font Book can’t find and enable fonts in those locations.

After listing my external drive in the Spotlight preference pane section labeled Privacy, I have ceased to have this particular issue.  While this may not be advisable or desirable, depending on the content of the external drive, I have noticed no detrimental effect by disabling Spotlight on the drive.

UPDATE (2009-04-26 7:06PM EDT): Apparently I was mistaken.  When poking through the preferences of ClamXav in order to restructure my watch folders, I noticed a checkbox that I had overlooked.  Apparently you can add the login item from within the main application.  However, it still doesn’t start the Sentry app when adding the item.  You have to manually click the “Save settings & Launch Sentry” button.

Recently I have bowed to the necessity of installing antivirus software on my Mac, both at work and at home.

In investigating the possibilities I decided to try out the open source antivirus solution ClamAV.  While I tend to gravitate towards commercially supported security products when possible, I currently don’t have the extra money to spend on the Intego VirusBarrier product, and the budget at work is quite strained, as are budgets for most people.

I like the ClamXav frontend for the ClamAV engine.  I know that I can do all the scanning functions from the command line, but I am fan of gui frontends do to the fact that they are often more user-friendly.

The ClamXav is a nice frontend.  The only problem I have with it is that there is inherent mechanism to launch the sentry program at user login.  The ClamXav Sentry application is contained in the Resources section of the Contents of the ClamXav application bundle. Below are the steps to add the application as a login item.

Adding ClamXav Sentry as Login Item

1. Open System Preferences from the Apple Menu

Open System Preferences

2. Open Accounts Preference Pane

System Prefences

3. Select Login Items

Login Items

4. Click the Plus sign button at the button of the Login Items list.

5. When the dialog window comes up, hit the Command + Shift + G keyboard combo.

6. In the window type the following:

/Applications/ClamXav.app/Contents/Resources/”

then click the Go button.

Enter the file path to the Resources of the ClamXav bundle

7. Select ClamXavSentry.app from the list and click the Add button.

Select the Sentry app

8. Congratulations, you have successfully added the ClamXav Sentry as a login item.

Login Item Added

I also wrote an Applescript application that will add the login item for you.  The benefit of using my utility is that it launches ClamXav Sentry after adding the login item.  You download a zipfile containing both the application and script file.

Today I picked up one of the new dual-band AirPort Extreme base stations at Best Buy. The reason behind the purchase was so that I could use 802.11n for my iMac and Apple TV while using 802.11g for my iPhone, since this should give me the best wireless throughput for my shared files to the Apple TV.

After getting the DHCP, PPPoE, WiFi and network security configured to mimic the settings of the Linksys router that I replaced, I thought I was through, but then I realized that I still needed to configure an ACL to implement MAC filtering. For those who don’t know, a MAC filter on a typical router lets the admin control which devices will be allowed to talk to the router.

While there are some people who say that having both WPA2 encyrption as well as MAC filtering is unnecessary, I decided that I wanted to do both, since I am allowing the SSID to be broadcast for the convenience of visitors.

On my last two Linksys routers (a WRT54G and a WRT160N) this was simply a matter of checking a box and entering the allowed MAC addresses into a table. On the AEBS it require a little more work.

Necessary items

• an Apple AirPort Extreme base station that is properly configured for your network
• AirPort Utility
• a list of the MAC addresses for the allowed devices

Step 1

Open AirPort Utility. On the main screen, double-click on the connected AEBS listed in the column on the left side of the window.

Main screen for AirPort Utility

Step 2

In the configuration screen that comes up, click on the Access options.

Airport utility access configuration screen defaults

Step 3

Change the default setting for MAC Address Access Control from the default to say Timed Access.

Airport utility access configuration set to Timed Access

Step 4

In the configuration pane click on the default entry, then click the Edit button. This will bring up the Timed Access Control Setup Assistant window.

In the Timed Access Control Setup Assistant window click in the drop down menu that currently reads Everday and select No Access from the list. This will make sure that any computer or device with a MAC address that is not in the list will be denied access to your network. Then click the Done button to save your changes.

Timed Access Control Setup Assistant for default rule

Step 5

Back in the access configuration screen, click on the plus sign in the left below the list of devices. This will bring up the Timed Access Control Setup Assistant window that allows you to add new devices.

In the MAC Address field you will need to enter the MAC address (aka ethernet address, hardware address, ethernet id, etc.) for your device. (Hint: If you are doing this for the computer you are currently using just click the This Computer button.) If you want, you can add a description for each device as well. I use the devices hostname when appropriate.

Then change the time frame that the device is allowed to connect if you need to restrict it to something other than the default of Everday/all day.

When you are finished just click the Done button to save your changes. Repeat this step for each device.

Timed Access Control Setup Assistant add device dialog

Step 6

After adding all your devices you should have a screen that looks similar to the below. (Note: I have obscured my MAC addresses to protect the innocent.)

Airport access configuration screen completed

Step 7

If you have added all your devices and you are sure you are finished, just click the Update button. This will save your configuration changes and restart the AEBS.

Final Notes

Understand that like the Linksys MAC filter, this only affects devices that are connecting over the wireless network. This is useful since it gives you an avenue for fixing any problems that you have run into. Also, if you run into a problem so extreme (pardon the pun) that you need to perform a hardware reset of the AEBS, follow the instructions in the Apple knowledgebase article Resetting the AirPort Extreme Base Station (Article No. HT1406).

Due to a problem with the grid-cluster at MediaTemple, the site was down for well over a day.  They still don’t have everything up and running 100% yet, so their are at least two posts that are missing images.

Hopefully they will get everything finished today.  According to the latest update on the status entry for Incident 754, they have approximately 155 sites to restore out of the almost 2500 that were hosted on gs cluster 2.  Fortunately this didn not affect the database cluster, so none of my actually posts, pages or comments were lost.

The affected content at the moment is:

I just got finished reading Stealing MySpace by Julia Angwin.  In it there was this great conversation about the firing of Ross Levinshohn by Peter Chernin, the soon-to-be former COO of News Corps.  Here it is:

“You’re not happy, are you?” Chernin said. “No, I’m not,” Levinsohn agreed. “This isn’t working out, is it?” Chernin said. “No, it’s not,” Levinsohn replied. “We should probably part ways,” Chernin said.

“Yes,” Levinsohn replied.

Today I picked up one of the new dual-band AirPort Extreme base stations at Best Buy. The reason behind the purchase was so that I could use 802.11n for my iMac and Apple TV while using 802.11g for my iPhone, since this should give me the best wireless throughput for my shared files to the Apple TV.

After getting the DHCP, PPPoE, WiFi and network security configured to mimic the settings of the Linksys router that I replaced, I thought I was through, but then I realized that I still needed to configure an ACL to implement MAC filtering. For those who don’t know, a MAC filter on a typical router lets the admin control which devices will be allowed to talk to the router.

While there are some people who say that having both WPA2 encyrption as well as MAC filtering is unnecessary, I decided that I wanted to do both, since I am allowing the SSID to be broadcast for the convenience of visitors.

On my last two Linksys routers (a WRT54G and a WRT160N) this was simply a matter of checking a box and entering the allowed MAC addresses into a table. On the AEBS it require a little more work.

Necessary items

• an Apple AirPort Extreme base station that is properly configured for your network
• AirPort Utility
• a list of the MAC addresses for the allowed devices

Step 1

Open AirPort Utility. On the main screen, double-click on the connected AEBS listed in the column on the left side of the window.

Main screen for AirPort Utility

Step 2

In the configuration screen that comes up, click on the Access options.

Airport utility access configuration screen defaults

Step 3

Change the default setting for MAC Address Access Control from the default to say Timed Access.

Airport utility access configuration set to Timed Access

Step 4

In the configuration pane click on the default entry, then click the Edit button. This will bring up the Timed Access Control Setup Assistant window.

In the Timed Access Control Setup Assistant window click in the drop down menu that currently reads Everday and select No Access from the list. This will make sure that any computer or device with a MAC address that is not in the list will be denied access to your network. Then click the Done button to save your changes.

Timed Access Control Setup Assistant for default rule

Step 5

Back in the access configuration screen, click on the plus sign in the left below the list of devices. This will bring up the Timed Access Control Setup Assistant window that allows you to add new devices.

In the MAC Address field you will need to enter the MAC address (aka ethernet address, hardware address, ethernet id, etc.) for your device. (Hint: If you are doing this for the computer you are currently using just click the This Computer button.) If you want, you can add a description for each device as well. I use the devices hostname when appropriate.

Then change the time frame that the device is allowed to connect if you need to restrict it to something other than the default of Everday/all day.

When you are finished just click the Done button to save your changes. Repeat this step for each device.

Timed Access Control Setup Assistant add device dialog

Step 6

After adding all your devices you should have a screen that looks similar to the below. (Note: I have obscured my MAC addresses to protect the innocent.)

Airport access configuration screen completed

Step 7

If you have added all your devices and you are sure you are finished, just click the Update button. This will save your configuration changes and restart the AEBS.

Final Notes

Understand that like the Linksys MAC filter, this only affects devices that are connecting over the wireless network. This is useful since it gives you an avenue for fixing any problems that you have run into. Also, if you run into a problem so extreme (pardon the pun) that you need to perform a hardware reset of the AEBS, follow the instructions in the Apple knowledgebase article Resetting the AirPort Extreme Base Station (Article No. HT1406).