fun | arfore dot com

After my recent iPad acquisition, I realized that now I need a new bag to carry it in. Normally I use a large Healthy Back Bag, produced and sold by AmeriBag. Unfortunately, the iPad’s shape doesn’t lend itself to being carried in the teardrop-shaped bag.  I have narrowed down my choices, and there are oh so many of them, but now I need some help from you, gentle reader.  Each of the images below are linked to the product information page on the bag.

Ristretto for iPad
by Tom Bihn

The Imago – A Laptop Messenger
by Tom Bihn

The Australian Vertical Messenger
by Bellino

Scout Extra Small
by STM Bags

Distressed Leather Unisex Bag
by David King and Co.

Tonight’s feature is a video of one of my favorite artists, Diana Krall.  This particular performance is from the live concert at the Paris Olympia Theatre in 2002.

Julie London’s performance of this Arthur Hamilton torch song was my favorite until I heard the sultry tones of Diana Krall performing it.

Quite some time ago I used to do a fairly regular Friday post of music videos.  It’s time to start that over, but this time I going to post one every Monday night.

Tonight’s video is She Talks to Angels by The Black Crowes.  The song was released in 1990 on the album Shake Your Money Maker.

Last week my friend Lindsay and I were making the rounds of the various thrift stores and used furniture stores in Valdosta.  It is quite interesting to see what people get rid of and to think of ways to use some of it.

At one of the thrift shops we found three VSU glasses.  One of them is a glass that was given out to the VSU student employees at the Student Awards banquet last year.  Another one was from the Faculty and Staff Campaign from 2002.  There were tons of promo glassware from all kinds of companies, restaurants and schools.  I wonder just how much of that kind of stuff is bought and given out only to end up in some landfill or thrift shop.

Fringe, a new series on the Fox network that is using a new format Fox dubs Remote-Free TV.

The episodes are longer than your average sitcom.  The Wikipedia entry on the show states that this series will have less commercials and promos.

While this is true, one of the interesting bits is that before each commercial they tell you how many seconds should pass before the next segment starts.

Another interesting aspect of the series is how they identify each location during the episode.  Often shows just print plain text on the screen, however in Fringe they use 3D text on the screen and it is oriented differently depending on the scene.

Music | arfore dot com

Music
by Walter de la Mare

When music sounds, gone is the earth I know, And all her lovely things even lovelier grow; Her flowers in vision flame, her forest trees

Lift burdened branches, stilled with ecstasies.

Happy Birthday, Lord Byron | arfore dot com

Today is the birthday of Lord Byron, an English poet born in 1788 in Scotland. He was born George Gordon Noel.

His first success was the poem Childe Harold’s Pilgrimage written in 1812, which is based around his journeys from England to the eastern Mediterranean.

Check out today’s daily poem for another of his more recognizable poems, She Walks in Beauty.

This particular poem is one of my favorites, and it was featured in the television series Beauty and the Beast that ran on the CBS network in the US from 1987 until 1990. The first season of this show has recently been released on DVD.

adobe contribute publishing server | arfore dot com

When trying to sort my cthub XML file recently I found out that my code from the post on sorting the role listing had stopped working.

Turns out that there was an error introduced into the format of this file when upgrading from Contribute 3.11.

As you are no doubt aware, when at least one admin upgrades to Contribute 4 or Contribute CS3 (aka 4.1) all the admins have to since there are upgrades made to the XML files that control the site. Well it appears that this upgrade makes the cthub file non-valid XML.

Take a look at this file and look for the tag font_use_css inside the group_list_item child node of the group_list node. In a copy of the cthub file that was upgraded you will find that this standalone tag is missing the appropriate closing slash. If you compare this against a copy of the cthub file from before the upgrade, assuming you made a backup, you will find that the tag is properly closed.

Since this file is the master file with all of the role information for the site, I wonder if this XML error is causing unknown instability in the system somewhere.

While this is an easy fix, I will be posting some code that you can run to fix this, since editing a file like this by hand can be a real pain.

When you setup a website to be managed by Contribute, the name that shows up in the client for the connection description is generated from the text of the title tag of the index page of the website.

For setups where you are only managing a single site, this may not matter, but if you have a system where you use a development server and a production server, you may want the connection string to depict which server the user is editing and publishing to.

In order to change the text of the description you have to alter some text in a few files on the CPS management server.

In the installation directory of CPS, there is a database directory. This is the location of the files that are specific to the individual websites that are being managed.

The files in each site being managed are in a directory that is “numbered”, the number relates to the numerical order in which they were set up. If you remove a particular site, the numbers are not reused.

In each of the site directories there is a file named: connection_key.stc

This file, in XML format, contains a localinfo tag. The attribute sitename is the text that shows up in the Contribute client on the start page.

Once this is updated and a user logs into the Contribute server, the client connections are updated.

While this may be enough on it’s own to effect the change desired, the original name is still referenced in the cthub file for each individual site. I changed the name in both locations for completeness.

At VSU, we are implementing the Adobe (formerly Macromedia) Contribute Publishing Server and CMS.

This is a two-piece system that involves a client-side component (Contribute) and a server-side component (CPS).

We are running this on a Linux server, so we needed an easy way to start the service up should a system reboot occur.

Now Macromedia included a very simple shell script that made a call the included OEM Jrun binary to start the server. The only problem is that it had no facility to plugin to the chkconfig tool that can be used to manage services in the various runlevels.

So I wrote a very simple one:

#!/bin/bash # # CPS Startup script for the Macromedia Contribute Publishing Server # # chkconfig: 2345 80 20 # description: The CPS is the backend to manage the Macromedia Contribute CMS. # processname: jrun -nohup -start contribute-wps # pidfile: none noticed # Source function library. . /etc/rc.d/init.d/functions jrun=${JRUN-/usr/Macromedia_CPS/jrun4/bin/jrun} prog=CPS lockfile=${LOCKFILE-/var/lock/subsys/macromedia_cps} RETVAL=0 start() { echo -n $"Starting $prog: " $jrun -nohup -start contribute-wps RETVAL=$? echo [ $RETVAL = 0 ] && touch ${lockfile} return $RETVAL } stop() { echo -n $"Stopping $prog: " $jrun -stop contribute-wps RETVAL=$? echo [ $RETVAL = 0 ] && rm -f ${lockfile} } # See how we were called. case "$1" in start) start ;; stop) stop ;; status) $jrun status ;; restart) stop start ;; *) echo $"Usage: $prog {start|stop|restart|status|}" exit 1 esac exit $RETVAL

Note that the lockfile referenced was an invention on my part, since the standard startup of jrun included with CPS doesn’t appear to create either a standard lockfile or pidfile.

After creating the file in /etc/init.d directory, you will need to run the following command: chkconfig --add CPS

This will add your new script to the service list maintained for use with chkconfig. At this point all the standard chkconfig commands can be used to manage this.

For more on chkconfig check out the chkconfig online man page at LinuxCommand .

In the process of troubleshooting the LDAP user problems I was experiencing I found that by default the logging of info and debug messages is turned off by default for the OEM jrun install that is part of Contribute Publishing Server 3.11.

In order to enable these logging levels you have to edit the sevrer configuration xml file. This file should be located in the configuration directory of your jrun4 server’s WEB-INF folder.

The name of the file is: ckm.xml

Open this file in your favorite editor and look for the following section:

/usr/Macromedia_CPS/logs/out.log /usr/Macromedia_CPS/logs/err.log true true true

By default the logger is only set to show error messages. This section also shows the location of the error logs and the output logs.

Note, that enabling this you will get larger log files, since this will log all connections to the LDAP server by the Contribute client(s) that you have installed. You may find it necessary to open the admin console and set a max log file size to control this.

One of the annoyances I have found with the Contribute Client is that in the Administration interface section, when adding a user, the menu of roles is not sorted for you. The list that appears when you reassign a user or when you create a new role, is sorted for you.

Each time that a new role is added, the client updates the hub file, adding the new role to the end of the list.

In investigating this I found that the hub file is just an XML file. This file is stored in the root _mm folder of the website that you are managing. Note that this file is connection specific, so if you are managing multiple websites, the location of this control file will vary. And if you are managing a large deployment by having multiple sites with a single directory structure, you will have a different _mm folder and hub file for each site, even though they are physically on the same server they are treated differently by the logic of the software.

Olevia 237T and MythTV | arfore dot com

Like many people, I went out into the great choas known as Black Friday after a deal.

In my case I was focused on obtaining an Olevia 237T 37″ LCD television being sold at Target for the low, low price of $549.00.

After getting it home and plugging it all into my MythTV system, I ran into problems. First of all, since the tv had a vga input, I used the vga output of my video card instead of the svideo output. Initially I got no video, but then I realized I needed to undo some of my xorg.conf changes since I had changed the output.

After fixing the xorg.conf problem to not use the svideo port (thank you SSH!), I ran into other small problems.

Getting the resolution output right

The 237T has a native resolution of 1366×768, which according to an article at CNET.com is the most common resolution, yielding an output of 768p.

It turns out that I needed a particular video modeline in order to make the tv work properly. This required a great deal of research since manually calculating a modeline is not something that I really wanted to undertake. After finding a few online calculators, I found that I could not use them since the Dot Clock Frequency was not something that was included in the manual for the tv. So I diligently searched on the Internet to see if I could run across someone else who had this model tv (or the slightly improved 537 series) that had solved the problem. On the MythTV wiki, I ran across two entries for the 537h. I tried them both, but unfortunately the source display on the tv still reported a resolution of 1024×768. After trolling the xorg.conf logs, this turned out to be due to a failure of either modeline to be validated.

Digging ever deeper into the realms of HDTV screen resolutions and the xorg.conf options, I found that the binary, proprietary Nvidia drivers give you something that can help out a lot here, Appendix J. Programming Modes. This enables one to specify a series of validated modes and the driver will automatically validate them and use the correct output settings for the first mode that is found to be valid.

Here is what I ended up using in my xorg.conf file:
Section "Screen" Identifier "Screen0" Device "Videocard0" Monitor "OleviaHDTV" DefaultDepth 24 SubSection "Display" Viewport 0 0 Depth 24 Modes "1360x768_60" "1280x720_60" EndSubSection EndSection

Getting the right TV output

The next hurdle was to make sure that I got the right output of each of the MythTV applications.

Xine

In the configuration of the DVD player or the Video player, make sure that you launch xine with the following command:

xine -pfhq -D -r anamorphic

In theory xine should automatically display the video output exactly as is on the media, but using the command above will ensure that your get a fullscreen display. (Thanks to a posting in the Freevo-users list by John Molohan for this)

Mplayer

In the DVD or Video playback configuration you can use the following command to launch mplayer to use the correct aspect ratio (Thanks to Jarod Wilson for this tip):

mplayer -fs -zoom -quiet -monitoraspect 16:9 -vo xv %s

You can also set these same configuration options in your mplayer configuration file (~/.mplayer/config):

## Audio Output ao="alsa"

ac="hwac3,"

## Verbosity
really-quiet="1"

## Video Out
vo="xv"

## Scaling fs="yes" zoom="yes" monitoraspect="4:3"

double="yes"

## Misc
nojoystick="yes"

Internal DVD player

The MythTV built-in dvd player should display the video correctly by default.

Live TV output

When watching live television, you have a few options:

  1. Leave the aspect ratio alone
  2. Change the aspect ratio to be 4:3 or 16:9
  3. To set the aspect ration to be Fill
  4. To set the aspect ratio to be 4:3 with zoom or 16:9 with zoom

Each of these has it’s own drawbacks, but I have gotten the best results using 16:9. This setting is in the Playback options of the TV section of the MythTV setup.

References

Crowdsource: Help me buy a bag | arfore dot com

After my recent iPad acquisition, I realized that now I need a new bag to carry it in. Normally I use a large Healthy Back Bag, produced and sold by AmeriBag. Unfortunately, the iPad’s shape doesn’t lend itself to being carried in the teardrop-shaped bag.  I have narrowed down my choices, and there are oh so many of them, but now I need some help from you, gentle reader.  Each of the images below are linked to the product information page on the bag.

Ristretto for iPad
by Tom Bihn

The Imago – A Laptop Messenger
by Tom Bihn

The Australian Vertical Messenger
by Bellino

Scout Extra Small
by STM Bags

Distressed Leather Unisex Bag
by David King and Co.

firefox | arfore dot com

In Outlook Live browser cookie issues, I discussed the issues surrounding cookie usage and the Outlook Live service.  As you may remember, one of the problems surrounding turning off the blind support of third-party cookies is the check that is performed at logout.  If the check doesn’t pass then you will get a warning message.

The fix for this from the MS perspective is to enable third-party cookies.  One of the main reasons to not follow this is for better privacy while browsing the Internet.  As with most computer security, web browser security is often a trade-off between usability and security.  You have to know what to set things to to achieve a balance between good security and acceptable annoyance.  Many users install ad-blockers, flash blockers, disable Javascript, etc.  These are good tactics, but they also introduce browsing annoyances since the very technologies these plug-ins disable are what makes the web experience interesting and fun.  For more on browser security check out Securing Your Web Browser at CERT.

Fortunately, in this particular case the solution is relatively easy.  Since Mozilla gives us the ability to configure the browser directly, we can change how Firefox handles cookies.

First you will need to open Firefox and go to the site about:config to edit the settings.  This is not really a website, but a method provided to directly configure some browser settings.  You will be presented with a warning box, just click the button.

Next, in the filter box type network.cookie, this will narrow the list displayed down to only the ones dealing with cookies.  One of the settings to be changed already exists, the other will have to be added.

The setting that you want to change is:

  • network.cookie.cookieBehavior

Change network.cookie.cookieBehavior to have a setting of 3, enabling the change, by double clicking on the number in the Value column and entering the new value in the dialog box.

To add the new preference, right click in the window and select Integer from the New submenu.

Enter network.cookie.p3plevel in the dialog box that appears. Set the value to be 3 in the second dialog box.  There is no save function, the changes take effect immediately, just close you browser tab/window.

After making these changes you will now be able to successfully navigate the Outlook Live site and logout without getting the warning message.  You will also be better protected from nefarious third-party cookies.

If you want to change the preferences back to the defaults, simply open the preferences for Firefox and click the checkbox next to Accept third-party cookies.

Apparently this functionality was part of Firefox 2 but was subsequently removed after someone complained about the size of the code required to implement it (a total of 60k in what is now a 56.9MB, at least that’s the size of the application on Mac OS X).  In reading through the comments in the Bugzilla post, I fail to see where anyone makes a decent argument for reducing end-user security.  For more on all of this, check out the references section of this post.

These changes were implemented on Mac OS X 10.6.4 using Firefox 3.6.11, but it should be pertinent to Windows and Linux as well.

References

In June of 2010, Valdosta State University transitioned to using Microsoft’s Live@EDU service for our e-mail.  This is Microsoft’s competing product line with Google’s Apps for Education service.  There were many reasons why we chose the Microsoft service which I won’t get into here, suffice it to say, that was the decision that was made.

While I don’t use the web interface all that much, when I do use it on Safari 5 for the Mac, I have noticed an oddity.  After you login to the system and do whatever you plan to do that session, to logout you should click the “Sign Out” link.  Seems standard enough, right?  Well, not exactly.  On Safari on the Mac I have noticed that I get an error when the signout process is attempted.  When testing Firefox 3.6.11, I found I wasn’t receiving the error screen and the signout process completed successfully.

After delving more into this it turns out that the problem is third-party cookies.  The default settings in Safari are very restrictive.  They are also all or none.  There is no exception list to the privacy settings for browser cookies in Safari, unlike Firefox. Also, it turns out that if you change the settings in Firefox to match the restrictive settings in Safari you get the same error screen.

In order to find out what site was causing the problem I cleared all the cookies for Safari, then enable the setting to always allow cookies.  After comparing the list of cookies that were set, I found one listed for the domain passport.com that did not show up in the cookie list when Safari is set to accept cookies only from sites that I visited.

Further investigation using the Live HTTP Headers add-on in Firefox revealed the following for that domain:

http://loginnet.passport.com/ThirdPartyCookieCheck.srf?ct=1287943985
 
GET /ThirdPartyCookieCheck.srf?ct=1287943985 HTTP/1.1
Host: loginnet.passport.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://login.live.com/logout.srf?lc=1033&nossl=1&lc=1033&ru=https://login.microsoftonline.com/login.srf%3Flc%3D1033%26ct%3D1287943985%26rver%3D6.1.6206.0%26id%3D260563%26wa%3Dwsignoutcleanup1.0%26nossl%3D1%26wreply%3Dhttps:%252F%252Foutlook.com%252Fowa%252F%253Frealm%253Dvaldosta.edu&id=12&wa=wsignout1.0
 
HTTP/1.1 302 Found
Connection: close
Date: Sun, 24 Oct 2010 18:13:05 GMT
Server: Microsoft-IIS/6.0
PPServer: PPV: 30 H: BAYIDSLGN1F57 V: 0
Content-Type: text/html; charset=utf-8
Expires: Sun, 24 Oct 2010 18:12:05 GMT
Cache-Control: no-cache
Pragma: no-cache
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Set-Cookie: MSPP3RD=2832116359; domain=.passport.com;path=/;HTTPOnly= ;version=1
Content-Length: 0
Location: http://loginnet.passport.com/ThirdPartyCookieCheck.srf?tpc=2832116359&lc=1033
----------------------------------------------------------
http://loginnet.passport.com/ThirdPartyCookieCheck.srf?tpc=2832116359&lc=1033
 
GET /ThirdPartyCookieCheck.srf?tpc=2832116359&lc=1033 HTTP/1.1
Host: loginnet.passport.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://login.live.com/logout.srf?lc=1033&nossl=1&lc=1033&ru=https://login.microsoftonline.com/login.srf%3Flc%3D1033%26ct%3D1287943985%26rver%3D6.1.6206.0%26id%3D260563%26wa%3Dwsignoutcleanup1.0%26nossl%3D1%26wreply%3Dhttps:%252F%252Foutlook.com%252Fowa%252F%253Frealm%253Dvaldosta.edu&id=12&wa=wsignout1.0
Cookie: MSPP3RD=2832116359
 
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Sun, 24 Oct 2010 18:13:06 GMT
Pragma: no-cache
Content-Type: image/gif
Expires: Sun, 24 Oct 2010 18:12:06 GMT
Server: Microsoft-IIS/6.0
PPServer: PPV: 30 H: BAYIDSLGN1F50 V: 0
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Content-Encoding: gzip
Vary: Accept-Encoding
Transfer-Encoding: chunked

Continuing the investigation, I decided to force Firefox to ask me about each cookie that was going to be set.  This makes a dialog show up for each cookie attempt giving me the option to deny it, allow it only for the current session, or always allow.  After walking through the tortorous process of a complete login/logout session, it turns out that two cookies are being set for the domain passport.com with each of them set to expire at the end of the session.  More detail on the cookie can be seen in the screen shot of the cookie detail (provided by the plugin Add N Edit Cookies) shown below:

So, the next step was to fire up my VM and see how all this worked on the Windows side of things.  I figured that since we had not been deluged with user requests concerning this that the browsers on the Windows side of the equation were handling it all differently. Firefox on Windows is configured out of the box just like Firefox on Mac OS X.  So, as I expected the operation was the same as well. If you allow for third-party cookies, then it works fine, if you don’t then you get the error screen.

The interesting development is the settings for Internet Explorer.  Bear in mind that I am using Windows 7 and Internet Explorer 8, but the settings should be fairly similar on Windows XP and between versions 7 and 8.  The default setting in IE8 is to all third-party cookies, but (and this is the key) only if they have a compact privacy policy (P3P).  This is the setting that makes the big difference.

It turns out that neither Firefox nor Safari support P3P headers by default.  In fact there doesn’t appear to be any support for them in Safari at all.  Configuring Firefox to support them requires some advanced editing of the main configuration file.

I haven’t found any adverse effects to the workings of Outlook Live when using Safari, but it is rather annoying that this occurs.

References

outlook live | arfore dot com

In Outlook Live browser cookie issues, I discussed the issues surrounding cookie usage and the Outlook Live service.  As you may remember, one of the problems surrounding turning off the blind support of third-party cookies is the check that is performed at logout.  If the check doesn’t pass then you will get a warning message.

The fix for this from the MS perspective is to enable third-party cookies.  One of the main reasons to not follow this is for better privacy while browsing the Internet.  As with most computer security, web browser security is often a trade-off between usability and security.  You have to know what to set things to to achieve a balance between good security and acceptable annoyance.  Many users install ad-blockers, flash blockers, disable Javascript, etc.  These are good tactics, but they also introduce browsing annoyances since the very technologies these plug-ins disable are what makes the web experience interesting and fun.  For more on browser security check out Securing Your Web Browser at CERT.

Fortunately, in this particular case the solution is relatively easy.  Since Mozilla gives us the ability to configure the browser directly, we can change how Firefox handles cookies.

First you will need to open Firefox and go to the site about:config to edit the settings.  This is not really a website, but a method provided to directly configure some browser settings.  You will be presented with a warning box, just click the button.

Next, in the filter box type network.cookie, this will narrow the list displayed down to only the ones dealing with cookies.  One of the settings to be changed already exists, the other will have to be added.

The setting that you want to change is:

  • network.cookie.cookieBehavior

Change network.cookie.cookieBehavior to have a setting of 3, enabling the change, by double clicking on the number in the Value column and entering the new value in the dialog box.

To add the new preference, right click in the window and select Integer from the New submenu.

Enter network.cookie.p3plevel in the dialog box that appears. Set the value to be 3 in the second dialog box.  There is no save function, the changes take effect immediately, just close you browser tab/window.

After making these changes you will now be able to successfully navigate the Outlook Live site and logout without getting the warning message.  You will also be better protected from nefarious third-party cookies.

If you want to change the preferences back to the defaults, simply open the preferences for Firefox and click the checkbox next to Accept third-party cookies.

Apparently this functionality was part of Firefox 2 but was subsequently removed after someone complained about the size of the code required to implement it (a total of 60k in what is now a 56.9MB, at least that’s the size of the application on Mac OS X).  In reading through the comments in the Bugzilla post, I fail to see where anyone makes a decent argument for reducing end-user security.  For more on all of this, check out the references section of this post.

These changes were implemented on Mac OS X 10.6.4 using Firefox 3.6.11, but it should be pertinent to Windows and Linux as well.

References

In June of 2010, Valdosta State University transitioned to using Microsoft’s Live@EDU service for our e-mail.  This is Microsoft’s competing product line with Google’s Apps for Education service.  There were many reasons why we chose the Microsoft service which I won’t get into here, suffice it to say, that was the decision that was made.

While I don’t use the web interface all that much, when I do use it on Safari 5 for the Mac, I have noticed an oddity.  After you login to the system and do whatever you plan to do that session, to logout you should click the “Sign Out” link.  Seems standard enough, right?  Well, not exactly.  On Safari on the Mac I have noticed that I get an error when the signout process is attempted.  When testing Firefox 3.6.11, I found I wasn’t receiving the error screen and the signout process completed successfully.

After delving more into this it turns out that the problem is third-party cookies.  The default settings in Safari are very restrictive.  They are also all or none.  There is no exception list to the privacy settings for browser cookies in Safari, unlike Firefox. Also, it turns out that if you change the settings in Firefox to match the restrictive settings in Safari you get the same error screen.

In order to find out what site was causing the problem I cleared all the cookies for Safari, then enable the setting to always allow cookies.  After comparing the list of cookies that were set, I found one listed for the domain passport.com that did not show up in the cookie list when Safari is set to accept cookies only from sites that I visited.

Further investigation using the Live HTTP Headers add-on in Firefox revealed the following for that domain:

http://loginnet.passport.com/ThirdPartyCookieCheck.srf?ct=1287943985
 
GET /ThirdPartyCookieCheck.srf?ct=1287943985 HTTP/1.1
Host: loginnet.passport.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://login.live.com/logout.srf?lc=1033&nossl=1&lc=1033&ru=https://login.microsoftonline.com/login.srf%3Flc%3D1033%26ct%3D1287943985%26rver%3D6.1.6206.0%26id%3D260563%26wa%3Dwsignoutcleanup1.0%26nossl%3D1%26wreply%3Dhttps:%252F%252Foutlook.com%252Fowa%252F%253Frealm%253Dvaldosta.edu&id=12&wa=wsignout1.0
 
HTTP/1.1 302 Found
Connection: close
Date: Sun, 24 Oct 2010 18:13:05 GMT
Server: Microsoft-IIS/6.0
PPServer: PPV: 30 H: BAYIDSLGN1F57 V: 0
Content-Type: text/html; charset=utf-8
Expires: Sun, 24 Oct 2010 18:12:05 GMT
Cache-Control: no-cache
Pragma: no-cache
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Set-Cookie: MSPP3RD=2832116359; domain=.passport.com;path=/;HTTPOnly= ;version=1
Content-Length: 0
Location: http://loginnet.passport.com/ThirdPartyCookieCheck.srf?tpc=2832116359&lc=1033
----------------------------------------------------------
http://loginnet.passport.com/ThirdPartyCookieCheck.srf?tpc=2832116359&lc=1033
 
GET /ThirdPartyCookieCheck.srf?tpc=2832116359&lc=1033 HTTP/1.1
Host: loginnet.passport.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://login.live.com/logout.srf?lc=1033&nossl=1&lc=1033&ru=https://login.microsoftonline.com/login.srf%3Flc%3D1033%26ct%3D1287943985%26rver%3D6.1.6206.0%26id%3D260563%26wa%3Dwsignoutcleanup1.0%26nossl%3D1%26wreply%3Dhttps:%252F%252Foutlook.com%252Fowa%252F%253Frealm%253Dvaldosta.edu&id=12&wa=wsignout1.0
Cookie: MSPP3RD=2832116359
 
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Sun, 24 Oct 2010 18:13:06 GMT
Pragma: no-cache
Content-Type: image/gif
Expires: Sun, 24 Oct 2010 18:12:06 GMT
Server: Microsoft-IIS/6.0
PPServer: PPV: 30 H: BAYIDSLGN1F50 V: 0
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Content-Encoding: gzip
Vary: Accept-Encoding
Transfer-Encoding: chunked

Continuing the investigation, I decided to force Firefox to ask me about each cookie that was going to be set.  This makes a dialog show up for each cookie attempt giving me the option to deny it, allow it only for the current session, or always allow.  After walking through the tortorous process of a complete login/logout session, it turns out that two cookies are being set for the domain passport.com with each of them set to expire at the end of the session.  More detail on the cookie can be seen in the screen shot of the cookie detail (provided by the plugin Add N Edit Cookies) shown below:

So, the next step was to fire up my VM and see how all this worked on the Windows side of things.  I figured that since we had not been deluged with user requests concerning this that the browsers on the Windows side of the equation were handling it all differently. Firefox on Windows is configured out of the box just like Firefox on Mac OS X.  So, as I expected the operation was the same as well. If you allow for third-party cookies, then it works fine, if you don’t then you get the error screen.

The interesting development is the settings for Internet Explorer.  Bear in mind that I am using Windows 7 and Internet Explorer 8, but the settings should be fairly similar on Windows XP and between versions 7 and 8.  The default setting in IE8 is to all third-party cookies, but (and this is the key) only if they have a compact privacy policy (P3P).  This is the setting that makes the big difference.

It turns out that neither Firefox nor Safari support P3P headers by default.  In fact there doesn’t appear to be any support for them in Safari at all.  Configuring Firefox to support them requires some advanced editing of the main configuration file.

I haven’t found any adverse effects to the workings of Outlook Live when using Safari, but it is rather annoying that this occurs.

References

safari | arfore dot com

In June of 2010, Valdosta State University transitioned to using Microsoft’s Live@EDU service for our e-mail.  This is Microsoft’s competing product line with Google’s Apps for Education service.  There were many reasons why we chose the Microsoft service which I won’t get into here, suffice it to say, that was the decision that was made.

While I don’t use the web interface all that much, when I do use it on Safari 5 for the Mac, I have noticed an oddity.  After you login to the system and do whatever you plan to do that session, to logout you should click the “Sign Out” link.  Seems standard enough, right?  Well, not exactly.  On Safari on the Mac I have noticed that I get an error when the signout process is attempted.  When testing Firefox 3.6.11, I found I wasn’t receiving the error screen and the signout process completed successfully.

After delving more into this it turns out that the problem is third-party cookies.  The default settings in Safari are very restrictive.  They are also all or none.  There is no exception list to the privacy settings for browser cookies in Safari, unlike Firefox. Also, it turns out that if you change the settings in Firefox to match the restrictive settings in Safari you get the same error screen.

In order to find out what site was causing the problem I cleared all the cookies for Safari, then enable the setting to always allow cookies.  After comparing the list of cookies that were set, I found one listed for the domain passport.com that did not show up in the cookie list when Safari is set to accept cookies only from sites that I visited.

Further investigation using the Live HTTP Headers add-on in Firefox revealed the following for that domain:

http://loginnet.passport.com/ThirdPartyCookieCheck.srf?ct=1287943985
 
GET /ThirdPartyCookieCheck.srf?ct=1287943985 HTTP/1.1
Host: loginnet.passport.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://login.live.com/logout.srf?lc=1033&nossl=1&lc=1033&ru=https://login.microsoftonline.com/login.srf%3Flc%3D1033%26ct%3D1287943985%26rver%3D6.1.6206.0%26id%3D260563%26wa%3Dwsignoutcleanup1.0%26nossl%3D1%26wreply%3Dhttps:%252F%252Foutlook.com%252Fowa%252F%253Frealm%253Dvaldosta.edu&id=12&wa=wsignout1.0
 
HTTP/1.1 302 Found
Connection: close
Date: Sun, 24 Oct 2010 18:13:05 GMT
Server: Microsoft-IIS/6.0
PPServer: PPV: 30 H: BAYIDSLGN1F57 V: 0
Content-Type: text/html; charset=utf-8
Expires: Sun, 24 Oct 2010 18:12:05 GMT
Cache-Control: no-cache
Pragma: no-cache
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Set-Cookie: MSPP3RD=2832116359; domain=.passport.com;path=/;HTTPOnly= ;version=1
Content-Length: 0
Location: http://loginnet.passport.com/ThirdPartyCookieCheck.srf?tpc=2832116359&lc=1033
----------------------------------------------------------
http://loginnet.passport.com/ThirdPartyCookieCheck.srf?tpc=2832116359&lc=1033
 
GET /ThirdPartyCookieCheck.srf?tpc=2832116359&lc=1033 HTTP/1.1
Host: loginnet.passport.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://login.live.com/logout.srf?lc=1033&nossl=1&lc=1033&ru=https://login.microsoftonline.com/login.srf%3Flc%3D1033%26ct%3D1287943985%26rver%3D6.1.6206.0%26id%3D260563%26wa%3Dwsignoutcleanup1.0%26nossl%3D1%26wreply%3Dhttps:%252F%252Foutlook.com%252Fowa%252F%253Frealm%253Dvaldosta.edu&id=12&wa=wsignout1.0
Cookie: MSPP3RD=2832116359
 
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Sun, 24 Oct 2010 18:13:06 GMT
Pragma: no-cache
Content-Type: image/gif
Expires: Sun, 24 Oct 2010 18:12:06 GMT
Server: Microsoft-IIS/6.0
PPServer: PPV: 30 H: BAYIDSLGN1F50 V: 0
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Content-Encoding: gzip
Vary: Accept-Encoding
Transfer-Encoding: chunked

Continuing the investigation, I decided to force Firefox to ask me about each cookie that was going to be set.  This makes a dialog show up for each cookie attempt giving me the option to deny it, allow it only for the current session, or always allow.  After walking through the tortorous process of a complete login/logout session, it turns out that two cookies are being set for the domain passport.com with each of them set to expire at the end of the session.  More detail on the cookie can be seen in the screen shot of the cookie detail (provided by the plugin Add N Edit Cookies) shown below:

So, the next step was to fire up my VM and see how all this worked on the Windows side of things.  I figured that since we had not been deluged with user requests concerning this that the browsers on the Windows side of the equation were handling it all differently. Firefox on Windows is configured out of the box just like Firefox on Mac OS X.  So, as I expected the operation was the same as well. If you allow for third-party cookies, then it works fine, if you don’t then you get the error screen.

The interesting development is the settings for Internet Explorer.  Bear in mind that I am using Windows 7 and Internet Explorer 8, but the settings should be fairly similar on Windows XP and between versions 7 and 8.  The default setting in IE8 is to all third-party cookies, but (and this is the key) only if they have a compact privacy policy (P3P).  This is the setting that makes the big difference.

It turns out that neither Firefox nor Safari support P3P headers by default.  In fact there doesn’t appear to be any support for them in Safari at all.  Configuring Firefox to support them requires some advanced editing of the main configuration file.

I haven’t found any adverse effects to the workings of Outlook Live when using Safari, but it is rather annoying that this occurs.

References

While working on a method to allow the VSU Communications Unit to add or change the stories in the rotation on the main VSU webpage, I ran into a problem that involved a known Safari issue involving file uploads.

I don’t regularly create forms that allow for an upload of a file, however I don’t like to store binary data in the MySQL database either. Allowing the files to be uploaded makes creating pages that use them a whole lot easier, since I don’t have to “create” the image from the binary data, just pass off a file location and let the browser do the rest.

The symptoms exhibited were that when submitting the form, Safari would hang about 30-40% of the time. No error messages or timeout messages were displayed. Zip, zilch, nada!
Continue reading

While re-loading the OS and apps on my iMac at work, I ran into major issues whilst updating MS Office 2008.  When running the first update, Office 2008 SP1 (12.1.0) I had no problems, however none of the other updates would run.  I kept getting the error “You cannot install Office 2008 Updates on this volume. A version of the software required to install this update was not found on this volume.”

At first I thought that this might be due to some permissions shenanigans revolving around my AD/OD setup, since the logged in user was not a local admin, but had been granted administrator privileges through a nested group trick.

After more searching I ran across a post on the forums MacRumors.com pointing out problems when running updates on an Office 2008 install that had been altered by using Monolingual or XSlimmer.

Both of these programs were developed to slim down the sizes of binary applications on OS X.  Monolingual strips the “additional languages” from OS X programs and operating system files, while XSlimmer is designed to remove both the extra language information and the unused binary code in a fat binary.  I have never used either of these programs, since I was not concerned about the amount of disk space they utilize.

After more searching, I ran across a post in the Entourage Help Pages discussing troubleshooting Office 2008 installations.  While this page also mentioned issues with installations being altered by Monolingual and XSlimmer, it also pointed out an issue with a workaround created to handle a bug in how Safari deals with the docx file extension.  While the automator workflow mentioned does not appear to actually affect anything other than the names of files, it did jog my memory about something else Safari related that occured when installing Adobe CS 4 earlier the same day.

While installing CS 4 and the available updates, I was prompted to not only quit Safari, but also to quit XMarks for Safari.  For those that don’t know, XMarks is a great service for synchronizing your browser bookmarks between multiple machines, platforms, and browsers.

On a hunch I quit XMarks for Safari, as well as the browser itself.  No dice, I still got the error.  Knowing how easy it would be to reinstall the helper application, I uninstalled XMarks.  Eureka!  The Office updaters now ran without a hitch.  So, if you are having this problem, try deactivating or removing anything plugins that effect the default nature of Safari.

Lately I have noticed that when browsing the web my external hard drive would spin up when there seemed no need.  I had just given into the mysterious and not concerned myself with this until yesterday.

After a few searches, I turned up a post on Apple’s discussion boards entitled Safari pauses & spins up ext HDs with ATS Autoactivation errors.  While I have not found the errors in my logs refered to by the OP, I have noticed the exact same symptoms.

Using the symptoms and discoveries by W. Raideer and strangebirds as a guideline, I found a solution to the issue.  While this may in fact be a bug, it turns out that if you disable Spotlight on the external drive this activity ceases, at least in my case.

To quote the Help documentation for Font Book on the Automatic Activation feature:

Note that if you turn off Spotlight searching for any folder or disk connected to your computer, Font Book can’t find and enable fonts in those locations.

After listing my external drive in the Spotlight preference pane section labeled Privacy, I have ceased to have this particular issue.  While this may not be advisable or desirable, depending on the content of the external drive, I have noticed no detrimental effect by disabling Spotlight on the drive.

mac | arfore dot com

UPDATE (2009-04-26 7:06PM EDT): Apparently I was mistaken.  When poking through the preferences of ClamXav in order to restructure my watch folders, I noticed a checkbox that I had overlooked.  Apparently you can add the login item from within the main application.  However, it still doesn’t start the Sentry app when adding the item.  You have to manually click the “Save settings & Launch Sentry” button.

Recently I have bowed to the necessity of installing antivirus software on my Mac, both at work and at home.

In investigating the possibilities I decided to try out the open source antivirus solution ClamAV.  While I tend to gravitate towards commercially supported security products when possible, I currently don’t have the extra money to spend on the Intego VirusBarrier product, and the budget at work is quite strained, as are budgets for most people.

I like the ClamXav frontend for the ClamAV engine.  I know that I can do all the scanning functions from the command line, but I am fan of gui frontends do to the fact that they are often more user-friendly.

The ClamXav is a nice frontend.  The only problem I have with it is that there is inherent mechanism to launch the sentry program at user login.  The ClamXav Sentry application is contained in the Resources section of the Contents of the ClamXav application bundle. Below are the steps to add the application as a login item.

Adding ClamXav Sentry as Login Item

1. Open System Preferences from the Apple Menu

Open System Preferences

2. Open Accounts Preference Pane

System Prefences

3. Select Login Items

Login Items

4. Click the Plus sign button at the button of the Login Items list.

5. When the dialog window comes up, hit the Command + Shift + G keyboard combo.

6. In the window type the following:

/Applications/ClamXav.app/Contents/Resources/”

then click the Go button.

Enter the file path to the Resources of the ClamXav bundle

7. Select ClamXavSentry.app from the list and click the Add button.

Select the Sentry app

8. Congratulations, you have successfully added the ClamXav Sentry as a login item.

Login Item Added

I also wrote an Applescript application that will add the login item for you.  The benefit of using my utility is that it launches ClamXav Sentry after adding the login item.  You download a zipfile containing both the application and script file.

Today I picked up one of the new dual-band AirPort Extreme base stations at Best Buy. The reason behind the purchase was so that I could use 802.11n for my iMac and Apple TV while using 802.11g for my iPhone, since this should give me the best wireless throughput for my shared files to the Apple TV.

After getting the DHCP, PPPoE, WiFi and network security configured to mimic the settings of the Linksys router that I replaced, I thought I was through, but then I realized that I still needed to configure an ACL to implement MAC filtering. For those who don’t know, a MAC filter on a typical router lets the admin control which devices will be allowed to talk to the router.

While there are some people who say that having both WPA2 encyrption as well as MAC filtering is unnecessary, I decided that I wanted to do both, since I am allowing the SSID to be broadcast for the convenience of visitors.

On my last two Linksys routers (a WRT54G and a WRT160N) this was simply a matter of checking a box and entering the allowed MAC addresses into a table. On the AEBS it require a little more work.

Necessary items

  • an Apple AirPort Extreme base station that is properly configured for your network
  • AirPort Utility
  • a list of the MAC addresses for the allowed devices

Step 1

Open AirPort Utility. On the main screen, double-click on the connected AEBS listed in the column on the left side of the window.

Main screen for AirPort Utility

Step 2

In the configuration screen that comes up, click on the Access options.

Airport utility access configuration screen defaults

Step 3

Change the default setting for MAC Address Access Control from the default to say Timed Access.

Airport utility access configuration set to Timed Access

Step 4

In the configuration pane click on the default entry, then click the Edit button. This will bring up the Timed Access Control Setup Assistant window.

In the Timed Access Control Setup Assistant window click in the drop down menu that currently reads Everday and select No Access from the list. This will make sure that any computer or device with a MAC address that is not in the list will be denied access to your network. Then click the Done button to save your changes.

Timed Access Control Setup Assistant for default rule

Step 5

Back in the access configuration screen, click on the plus sign in the left below the list of devices. This will bring up the Timed Access Control Setup Assistant window that allows you to add new devices.

In the MAC Address field you will need to enter the MAC address (aka ethernet address, hardware address, ethernet id, etc.) for your device. (Hint: If you are doing this for the computer you are currently using just click the This Computer button.) If you want, you can add a description for each device as well. I use the devices hostname when appropriate.

Then change the time frame that the device is allowed to connect if you need to restrict it to something other than the default of Everday/all day.

When you are finished just click the Done button to save your changes. Repeat this step for each device.

Timed Access Control Setup Assistant add device dialog

Step 6

After adding all your devices you should have a screen that looks similar to the below. (Note: I have obscured my MAC addresses to protect the innocent.)

Airport access configuration screen completed

Step 7

If you have added all your devices and you are sure you are finished, just click the Update button. This will save your configuration changes and restart the AEBS.

Final Notes

Understand that like the Linksys MAC filter, this only affects devices that are connecting over the wireless network. This is useful since it gives you an avenue for fixing any problems that you have run into. Also, if you run into a problem so extreme (pardon the pun) that you need to perform a hardware reset of the AEBS, follow the instructions in the Apple knowledgebase article Resetting the AirPort Extreme Base Station (Article No. HT1406).