Andrew Fore

At work we are in the process of sorting through some old books, documents and equipment in the run-up to moving into a new building.

During this process I ran across an old Mac iBook.  The model I found was a stock configuration iBook G3/800, model number A1005.  After turning it on I discovered that it was running Mac OS X 10.2.8.  My manager suggested that we just discard it since it was not upgradeable to the latest OS level and since the hardware specs were so low.  Given my penchant for playing with old, sometimes admittedly obsolete hardware, I decided to see what I could do to resurrect the little guy with Linux.

After investigating the various options available, I settled on Linux MintPPC.  This particular distribution is a port of the Linux Mint LXDE project to Debian/PPC.  The reasons behind this choice were:

1. Use of lightweight X11 window manager, which is important given the paucity of memory and hardware resources in the iBook
2. This distro is based on the Linux Mint project and Debian/PPC Linux

Installation

The installation couldn’t be much easier.  I downloaded the latest Debian/PPC net install iso image, then started up the laptop from the CDROM.  At the boot prompt enter the following:

auto url=mintppc.org

After this it’s a simple matter of walking through the standard installation process for Debian then letting the network install complete on it’s own.  After approximately an hour, I had a fully functional Linux install working on the iBook!

Post-Install Niceties

Right Mouse Click

After the installation was completed and the laptop had rebooted I began a few post-installation configuration changes.  This model iBook didn’t have the multi-touch capabilities that Apple introduced in later models, so it was limited to left-button only operations unless you add in keyboard modifiers.  The default configuration for the left and middle button operation is to use the F11 and F12 keys to operate the buttons.  Since MintPPC includes the mouseemu daemon, I wanted to configure the system to use the Mac OS X configuration of control-click to operate the right mouse button since this was the mode I was used to.  Here’s how to accomplish that:

1. Open the terminal and become root
2. cd /etc/default
3. vi mouseemu (you did backup the original right?)
4. Add the following to the end of the file:

   RIGHT_CLICK="-right 29 272"

5. Restart the mouseemu daemon:

   kill -HUP `cat /var/run/mouseemu.pid`

6. Enjoy the new configuration!

Turn Off Login Ready Beep

By default the system is configured to beep when the system is ready for login.  Since I work in a cube farm, I wanted to observe better cube etiquette by disabling this.

1. Open up the Login Window preferences: Menu -> Preferences -> Login Window
2. Enter the admin password into the authentication dialog (this is root, not your sudo password!)
3. Click on the Accessibility tab
4. Uncheck the box next to Login screen ready

Openbox Configuration Tweaks

There are a number of configuration tweaks that can be made to the default Openbox setup to improve rendering performance on machines at the low-end of the spectrum.  Here are a few that I have made.

1. Menu -> Preferences -> Openbox Configuration Manager
2. Appearance
   1. Uncheck Animate iconify and restore
3. Move & Resize
   1. Uncheck Update the window contents while resizing
4. Desktops (very subjective change with negligible performance benefit)
   1. Set Number of desktops to 2

I am still working on the final configuration to fit the hardware footprint on the iBook G3, so there will be more updates along these lines soon.

Last week I posted on how to setup NRPE on Mac OS X Server.  Here is what you need to do to make it start up at system boot.

On a Linux or Solaris machine you can just include the call to the daemon in an init script like rc.local and it will be started when the OS boots.  Unfortunately, Apple has made this a little more difficult on Mac OS X with Tiger and Leopard.  The standard startup processes (cron, inetd, xinetd, etc.) have been rolled into a single process known as launchd.

The first step is to create a symbolic link to the NRPE config file from the default location to the root of the NRPE directory.

1. cd /usr/local/nagios/
2. ln -s etc/nrpe.cfg nrpe.cfg

The next setp is to ensure that the NRPE daemon will be able to connect with Nagios server.  There are two ways to do this.  One way is to add a line to the

file to allow for an open port for NRPE.  The second way is to open the port as part of the launchd process.

Method One – edit the /etc/services file

1. cd /etc/
2. sudo vi /etc/services
3. add the following line to the end of the file:
   5666/tcp # Nagios NRPE client

Method Two – use the launchd process

This method involves including a dictionary key into the launchd plist file that sets the socket type and port number for the NRPE service to use for listening.  The plist code is shown below:

Sockets Listeners SockServiceName 5666 SockType stream SockFamily IPv4

Image Credit: Ohio State University

I was recently handed a baseline policy that was to implemented for all users on the Solaris 10 systems that I support.  After a small amount of research I was able to find the various pieces that needed to be altered.

Desired Policy

After discussion between the security officer and the other management level staff, the following policy was decided upon:

Normal User Password Requirements

• at least 8 characters in length
• no more than 20 characters in length
• contain at least on letter
• contain at least one number
• forced to change at least every 180 days
• 15 minute lockout after 5 unsuccessful attempts

Most of the restrictions were fairly basic and could be easily accomplished.  The only one that I could find no mechanism for control of in Solaris 10 is the automatic unlock of an account after the specified 15 minute lockout.  While it is possible to determine when an account has been locked by looking at the timestamp in the syslog, there is no automated method for unlocking the account after a certain amount of time has elapsed.  I suppose it would be possible to write a script to check the entries in the shadow file then grep the syslog then do some math on the timestamp, but honestly I am not worried about it.

Implementation

The implementation process involves editing two files that are key to the functionality of user login security.  As always when altering system files it is a good idea to make backups of the originals in case things go wrong.  The files involved are:

1. /etc/default/login
2. /etc/default/passwd

Setting the account lockout (aka Three Strikes)

Generally the default on a Solaris 10 system is to set the account lockout to three password retries before an account is locked.  We decided to relax this a little and allow for five retries.

1. Open /etc/default/login in your favorite editor
2. Search for the line reading RETRIES=3
3. Change the line to read RETRIES=5

Configuring the complexity rules

The password complexity ruleset for Solaris 10 is fairly understandable.  The rules are defined in /etc/default/passwd and the values to be tweaked are:

• MINDIFF
• MINALPHA
• MINNONALPHA
• MINUPPER
• MINLOWER
• MAXREPEATS
• MINSPECIAL
• MINDIGIT
• WHITESPACE

The desired policy decided upon was to require at least one number and one letter.  There was some discussion about special characters, but it was decided to not require any special characters for normal user accounts.  Given these requirements the following process is used to implement the complexity ruleset:

1. Open the file /etc/default/passwd in your favorite editor
2. Set the password complexity tunables to look as follows

MINDIFF=3
MINALPHA=1
#MINNONALPHA=1
#MINUPPER=1
#MINLOWER=1
MAXREPEATS=0
#MINSPECIAL=0
MINDIGIT=1
WHITESPACE=YES

Setting the password expiration and length rules

Configuring account lockouts and password complexity is a great start, however it is not the complete picture.  While reasonable complexity rules will allow users to set passwords that they can readily remember, and a flexible lockout value will give some room for fumble fingers, if users are not required to change their passwords every so often then the security of the system can suffer as well.

You also should consider password length.  A shorter password, regardless of complexity, is going to be easier to crack from an algorithmic standpoint.  This is simply due to the mathematical requirements.  The problem is that user’s tend to not like long passwords.  As you increase the password length, you increase the likelihood the passwords will use dictionary words (we can account for that as well).

The agreed upon setting for normal users on our systems was 180 days.  Unfortunately Solaris 10 uses a setting measured in weeks and not days.  What this means is that the setting will have to be slightly longer.  The password length was decided to be at least 8 characters and no longer than 20 characters.  Also, Solaris 10 has no setting to enable a maximum password length.

1. Open /etc/default/passwd in your favorite editor
2. Set the value for MAXWEEKS to be the value of number of days divided by 7, rounding up
3. Set the value for PASSLENGTH to be the value of the minimum number of characters

Important Notes and Considerations

Password Length

The default algorithm used for passwords under Solaris 10 is crypt_unix.  This algorithm is not considered sufficiently secure, even by Oracle.  You should investigate using a different algorithm such as MD5 or Blowfish instead.  The default will not allow for passwords that are longer than 8 characters.  You can set the password to be longer, but all characters after the eighth position will be discarded during the authentication check process.

Retroactive Usage

Changes to the password expiration policy is not immediately retroactive.  For the expiration requirements to take effect on existing accounts you will need to initiate a manual password change for the shadow file entry to be updated.

Dictionary Words

When Solaris 10 was introduced one of the changes made to PAM was the ability to use a comma-delimited list of dictionary files to avoid usage of common words during password selection.  This can be configured with the DICTIONLIST variable in the /etc/default/passwd file.

Applying lockout to the root user

While this is not the default, you can apply the lockout rule to the root user account by editing the /etc/user_attr file and changing the lock_after_retries value for this user to yes.  Be warned this is not recommended since a locked account can only be unlocked by the root user.  If your root level account becomes locked then you will need to have an account that allows sudo access or you will end up going to some extreme lengths to re-enable access to the system.

References

Of course, none of this information is really unique.  Here is the list of resources I used to put all of this together:

For more commentary on password length, complexity, etc., see a few of these sites:

So I just finished Prince of Persia on my PS3.  I decided that I would go and purchase the $9.99 Prince of Persia: Epilogue DLC from the PSN (PlayStation Network) store so that I could have some more PoP game time.

Turns out that I can’t purchase anything using my Bank of America debit card, because Sony’s billing and account system is seriously messed up.

First I tried just entering in my account information in the PSN store interface as a direct purchase.  I put in the card information and billing information.  I get an error back that says “Credit card is invalid. Check your entries.”  Thinking that I may have punched something in wrong when relying on my memory, I go get the physical card and verify that all the data was correct.  Hit continue.  Same error.

I then tried to just enter the billing information into the account management thinking that maybe that would work.  Same error.

I tried logging into my PSN account over the web on my laptop and entering the information there.  Same error.

Having now exhausted all the possible avenues for entering in my information, I search the Google to find out if others have had this problem and what the fix might or might not be.  Turns out there have been numerous people with the same problem.

The first thread I listed had the most information.  They were discussing the possible values necessary in the address fields, etc.  I checked all my information.  Here’s what you need to double-check:

1. Make sure your console has been activated using the System Activation item in the dashboard
2. Make sure that if your billing address is a post office box that you are not adding in punctuation
3. Make sure that your zip code is matching exactly with the bank records, especially if your bank uses an address verification system
4. Make sure that your phone number, if listed, matches the bank records

The problem is that I checked all of this and none of it helped.  So I called the Sony Computer Entertainment America support number (800-345-7669) and waded through the menu system to get a support representative.  I have to give kudos to the support representative, because she was very calm and nice, and she didn’t even have a problem with the fact that I had already checked everything that she had on her checklist for me to check.

Unfortunately, she said “Sometimes the PO Box addresses just don’t work.  The only suggestion I can make is that you use a different credit card or go buy a PlayStation Network Card.”  She was very sorry that it wasn’t working, but there was nothing she could do to help.

I am not blaming the support folks, but that kind of answer is really pretty unacceptable.  I use my BoA card online, in stores, and over the phone all the time with no problems at all.  To make matters worse, when I logged in to my BoA account over the web I had a $1 pending transaction for each of my attempts to connect my card to the PSN store.  The customer service representative did assure me that they would drop off since a complete account transaction had never occured.

This is unexcusable.  Why even bother creating an online store for your game console if it doesn’t reliably work to purchase things?  Someone at Sony really needs to get this ironed out.

One of the things that many system administrators encounter in the quest for maintaining up-to-date servers is the need to apply regular maintenance releases.  With some operating systems, Mac OS X for instance, the patches are released in two forms:

• a delta update, which contains only the changes necessary to bring the system up-to-date from the current running release level
• a combo (cumulative, full, etc.) update, which contains all changes for the current release branch

If you are lucky enough to be using an OS that gives you delta updates then you may not ever run into an issue where you don’t have enough internal drive space to update the OS.  However, if you are running an OS, like Solaris, that uses cumulative clusters then this becomes more interesting.

One situation I recently encountered was a need to patch a Solaris 10 Sparc system that did not have sufficient internal drive space to store the unzipped patch cluster for patching the system in single-user mode.  (You are patching in single-user mode right?)

The most obvious question would be: why not add another drive?  Another obvious question might be: why not patch from cd/dvd?  Well, adding a new drive to this system was not a viable solution since there were no available drives to install.  Installing from DVD would have been a possible solution, if the patches had been unzipped and burned to disc prior to the maintenance window.

The next available option was to install the patches over the network.  When patching a machine in single-user mode this becomes a little more problematic, since network resources and services are not generally available unless the server has been brought up in a multi-user mode.

After bringing the server up in single-user mode the next step was to start SSH and NFS so that the patch cluster could be installed over the NFS share.  Generally with Solaris 10 all you would need to do is execute the following command for both SSH and NFS client:

svcadm enable 

Unfortunately with single-user mode this will fail to work, since the dependent services are not auto-started.  To accomplish this in single-user mode you need to add the -r flag which instructs svcadm to start the service and recursively start the dependent services.  If you want a little more checking, also add the -s flag which tells svcadm to wait for each service to enter an online or degraded state before returning.  Below are the commands for starting SSH and NFS along with the output of a service check to show the state after the command was executed.

SSH

# svcadm enable -rs svc:/network/ssh:default
Reading ZFS config: done.
# svcs -a | grep ssh
online         15:49:26 svc:/network/ssh:default

NFS

# svcadm enable -rs svc:/network/nfs/client:default
# svcs -a | grep nfs
disabled       15:11:34 svc:/network/nfs/cbd:default
disabled       15:11:34 svc:/network/nfs/mapid:default
disabled       15:11:35 svc:/network/nfs/server:default
online         15:50:35 svc:/network/nfs/status:default
online         15:50:35 svc:/network/nfs/nlockmgr:default
online         15:50:35 svc:/network/nfs/client:default
uninitialized  15:11:37 svc:/network/nfs/rquota:default

After this was done all that was left was to mount the exported file system and run the patch cluster installation script.  Since the cluster was not local to the system it took a little longer to install the cluster, but other than that everything went smoothly.

My last two posts, Starting NRPE via launchd and Nagios NRPE on OS X Server 10.5, concerned getting NRPE to run on OS X Server 10.5 and having it startup at system boot.

However, this is only part of the battle.  Once you have Nagios monitoring setup on your server you also need to have some nice options for checking the availability of your running services.

Tim Wilson from the Savvy Technologist, wrote an NRPE plugin that helps out with this.  The plugin check_osx_services does an excellent job of checking on the status for many services running on 10.5 Server.

The documentation on the plugin at the NagiosExchange site is pretty thorough.  One thing that is not mentioned is that you will need to run the check_osx_services script as superuser since it calls the system level command serveradmin which must be run as root.

As with any project, there are always users that want a particular feature that either doesn’t exist or the feature exists but doesn’t meet their needs.

In the deployment of the Adobe Contribute Publishing system at my current job this was the case. The library staff desired a way to insert Dublin Core Metadata Initiative tags into their documents.

The Adobe Contribute client already gives the user the ability to insert keyword and description metatags, but this was not sufficient for their needs.

Turns out that the Contribute client is extensible through the same sort of command files that you can build to create custom commands and behaviors for Dreamweaver. After reading through the relevant sections of the Macromedia manual Extending Dreamweaver MX (publication number ZDW60M200) that I had gotten with my Studio MX purchase some time ago, I began to develop a custom plugin to do what the library staff wanted.

The result is my Dublin Core Metadata Plugin.

To-Do

1. Change it so that the values are stored separately with regards to content and format.
2. Add drop-down menus for the selection of the scheme (a.k.a. format).
3. Add mechanism for multiple authors and contributors.
4. Add mechanism for handling date.modified tags.
5. Build a Windows Installer
6. Test the installer on Mac OS X 10.5.

Downloads

Today when I needed to copy some text on my CentOS server, I ended up grabbing a bunch of whitespace at the end of each line.  Normally this wouldn’t be a problem, since I would have copied from a regular browser.  In this case I was copying from with eLinks since I don’t have a graphical browser installed yet.

Sure, I could have just navigated to the end of each line and then used shift + C to delete, but I this was a 25 line block of text and that would have been too tedious.

Here’s the quick search and replace syntax to handle this for you:

So the other night when I got home I found a sad situation.  My LCD television wouldn’t display a picture. The backlight would come on when the power button was pressed (on the tv or the remote), but nothing else was happening.

The first fix I tried was what some forums were calling an EEPROM reset. To do this follow these steps:

1. Turn on the tv (blue led should go off)
2. Unplug the tv from the main power
3. Leave unplugged for 5-10 minutes (varies on exact model)
4. Turn off the main power supply switch (located next to the power port)
5. Plug the tv back in to main power
6. Turn the main switch back on

In my case this procedure elicited no change to the problem, so I continued looking for other answers.  In one forum I found a reference to replacing the backlight, mainboard, or power supply. In my case the backlight was working fine and the power supply was as well.  After looking in the service manual for the 237-T11, I did find that the mainboard was fairly accessible, so if I had to get a new board it wouldn’t be that difficult to replace it.

Before taking the hardware fix route I decided to see if my problem could be resolved by a firmware update.  Olevia helpfully included a USB port on the back panel of the unit to allow for a firmware upgrade.  Since my purchase of the unit in November of 2007 at Target’s Black Friday sale, I had not applied any of the firmware updates.

Unfortunately in 2008, Syntax-Brillian, the manufacturer of the Olevia brand, filed for bankruptcy.  This made getting my hands on the firmware files, update software and instructions a little difficult.  After some diligent research I found a thread on AVSForum that had the files I needed.

The driver files didn’t work properly for my Windows 7 laptop, however they are easily obtained from the Prolific USA website (there are also drivers for Linux and MacOS X).

After following the instructions for updating I powered off the unit, waited a minute or two then powered it back on.  Success!  I was greeted with the familiar white and blue Olevia logo screen.

As an additional backup for the benefit of any other user’s, here are links to the necessary files:

Editor’s Note: This article is part of the Tales of A Linux Switcher series.

As part of my on-going switch to Ubuntu 12.04 from Mac OS X, I ran into an issue where my cdrom device was not being mapped properly in the OS.

Everything works as desired except for one little thing: the eject key on the Apple Aluminum USB keyboard was not triggering the eject sequence of the built-in slot loading SuperDrive.

I assumed that there would be a device mapped to the actual drive using a link to /dev/cdrom.  This didn’t turn out to be the case.  When using the eject command from a terminal I received the following:

$ eject
eject: unable to find or open device for: `cdrom'

When I did a directory list to find any applicable cdrom device entries in the udev root (/dev) I got the following:

$ udevadm info --root
/dev
root@foreandy-iMac:~# ls -l /dev/*cd*
ls: cannot access /dev/*cd*: No such file or directory

In order to determine exactly which device was being used for the optical drive, I looked at the output from system’s cdrom device entry:

$ cat /proc/sys/dev/cdrom/info
CD-ROM information, Id: cdrom.c 3.20 2003/12/17

drive name: sr0
drive speed: 24
drive # of slots: 1
Can close tray: 1
Can open tray: 1
Can lock tray: 1
Can change speed: 1
Can select disk: 0
Can read multisession: 1
Can read MCN: 1
Reports media changed: 1
Can play audio: 1
Can write CD-R: 1
Can write CD-RW: 1
Can read DVD: 1
Can write DVD-R: 1
Can write DVD-RAM: 0
Can read MRW: 0
Can write MRW: 0
Can write RAM: 1

The next step was to create the symbolic link in the device root to map cdrom to the appropriate device as listed in the above output:

$ sudo ln -s /dev/sr0 /dev/cdrom
$ ls -l /dev/*cd*
lrwxrwxrwx 1 root root 8 Jul 30 09:58 /dev/cdrom -> /dev/sr0

Now I can use both command line utilities to work with the optical drive as well as the built-in eject key on my keyboard.

If you want a lot more detail on this issue check out this bug comment.  While not specifically dealing with a Mac, the issues and solution are the same.

Editor’s Note: This article is part of the Tales of A Linux Switcher series.

If you are a graphic designer or developer, or you just have a need to edit images, a mainstay of your Linux toolbox is likely to be the Gimp.

If you are coming from the Mac or Windows world, it is probable that you have used Adobe’s Photoshop program to achieve your image editing needs in the past.  Having used Photoshop and Gimp extensively over the past decade, I can tell you that one of the features I liked about the Photoshop environment on Windows has been the unified window.  All the palettes, toolbars and editing windows exist inside a single, unified window.

I always missed this when using Gimp on Linux (or the other OS as well, since Gimp is available for all three ).  One of the main feature draws for me to the latest Gimp release, version 2.8, was this single line in the release notes:

GIMP 2.8 introduces an optional single-window mode.

Awesome! Of course, Gimp 2.8 is not in the current Ubuntu 12.04 repository (Note: Ubuntu 12.10 has version 2.8 listed in the repository!) :

$ apt-cache policy gimp
gimp:
 Installed: (none)
 Candidate: 2.6.12-1ubuntu1
 Version table:
 2.6.12-1ubuntu1 0
 500 http://us.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages

Not to fear! Using the following set of commands you can successfully obtain the Gimp 2.8 software as well as a compatible version of the plugin registry:

sudo add-apt-repository ppa:otto-kesselgulasch/gimp
sudo apt-get update

As you see from a policy check, after adding the repository and updating the cache, you will now be receiving the Gimp package and the updated plugin-registry from the new PPA:

$ apt-cache policy gimp
gimp:
 Installed: (none)
 Candidate: 2.8.0-1ubuntu0ppa6~precise
 Version table:
 2.8.0-1ubuntu0ppa6~precise 0
 500 http://ppa.launchpad.net/otto-kesselgulasch/gimp/ubuntu/ precise/main amd64 Packages
 2.6.12-1ubuntu1 0
 500 http://us.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages

$ apt-cache policy gimp-plugin-registry
gimp-plugin-registry:
 Installed: (none)
 Candidate: 5.20120523-2ubuntu0ppa9~precise
 Version table:
 5.20120523-2ubuntu0ppa9~precise 0
 500 http://ppa.launchpad.net/otto-kesselgulasch/gimp/ubuntu/ precise/main amd64 Packages
 3.5.4-1 0
 500 http://us.archive.ubuntu.com/ubuntu/ precise/universe amd64 Packages

To install it now enter the following:

sudo apt-get install gimp gimp-plugin-registry

Now you have the most recent release!

Editor’s Note: This article is part of the Tales of A Linux Switcher series.

One of the things I have always hated about using Linux is the difference in the base font collection.  Many web designers still use the defaults of Arial, Verdana and Georgia.  The reasons for this are that these fonts are available on the two main commercial operating systems, Mac OS and Microsoft Windows.

Until the majority of websites support webfonts like Google Web Fonts or Monotype’s fonts.com service, we still need access to the standard MS fonts. For more on this situation, check out the article A Web Designer’s Guide to Linux Fonts by Six Revisions.

Fortunately, these fonts are available for installation on Linux.  You can download them directly from the Sourceforge repository or look for the package in your particular distribution.

In Ubuntu you can install them from the Ubuntu Software Center by searching for the package named ttf-mscorefonts-installer or by using the following on the command line (Note: if you install from the command line then you will be prompted to accept the license aggreement in an ncurses interface.):

sudo apt-get install ttf-mscorefonts-installer

Either way, you will end up with the following additional fonts:

• Andale Mono
• Arial Black
• Arial (bold, italic, bold italic)
• Comic Sans MS (bold)
• Courier New (bold, italic, bold italic)
• Georgia (bold, italic, bold italic)
• Impact
• Times New Roman (bold, italic, bold italic)
• Trebuchet (bold, italic, bold italic)
• Verdana (bold, italic, bold italic)
• Webdings

To see the difference in the display of websites after the installation, check out the following screenshots from this website.

As you can see the use of these fonts definitely make a difference.  Happy surfing!

On January 1, 2014, the new health benefits plan that was approved by the Georgia Department of Community Health, took effect for many State of Georgia employees.

The previous health benefits were contracted to United Health Care (UHC) and Cigna, whereas the new plan is being solely administered by Blue Cross Blue Shield of Georgia (BCBSGa).

According to both the DCH and the Governor’s Office, the new plan is expected to save the State $200 million per year over the cost of the previous contracts.  The claim is that this will allow the employees to have lower premiums instead of suffering a “double-whammy” of higher premiums with no accompanying raises or cost of living adjustments.

Unfortunately, all the new contract and tiers appear to do is to transfer the costs from the State to the consumers, since the new plans, with admittedly lower premiums, offer lower co-pays, higher prescription prices and less overall coverage in terms of doctors offices that are in-network providers.  One anecdotal report I have heard is that there are 32 counties that have no doctors available in the coverage network at all, forcing patients to either pay exorbitant out-of-network costs or to drive to other towns in search of doctors.

A new Facebook group has been created by several employees looking to bring more focus on the drawbacks and problems with the new insurance plan.  The group is named Teachers Rally Against Georgia Insurance Changes (T.R.A.G.I.C.).  There are numerous posts concerning the changes to various prescription costs under the new regime as well as changes to the co-pays and medications that are simply no longer covered.

I encourage you, as the spouse of an educator covered under this plan, to check out the group and join to share your experiences so far.

For more information on the whole issue so far, check out the following sites:

News Coverage

SHBP Documentation

Plan Provider Websites

• BCBSGa SHBP Portal
• Find a Doctor on the new BCBSGa Plan
• Express Scripts

I would like to welcome my grandson, Riley James Dowling, to this wide, wide world!

Riley was born to my step-daughter, Caitlin Elise Vickers, on May 21, 2013 at about 7pm.  He came into the world weighing 6lbs and 7oz.

I wish all my love and the best of life to both Riley and his mom!!

Let me preface this post by saying that satellite radio is a great service.  You get access to a whole lot of content that you might not otherwise be able to access.  When I got my new 2012 Ford F150 XLT SuperCrew, I got a trial subscription for the first six (6) months to a subset of the SiriusXM stations.  I thoroughly enjoyed listening to the selections on the Electronic and Dance stations, the BBC content, stations from Canada, and a wide variety of news outlets, not too mention the comedy channels.

On September 3rd, my trial subscription expired.  I knew that it was going to expire.  In fact, I put a reminder in my personal calendar to warn me that the trial expiration date was arriving.  I liked the service enough that I was going to subscribe so that I could continue enjoying the service.

However when the renewal date approached, I determined that it was not financially smart to sign myself up for yet one more monthly payment at this time.  No big deal, I would just use Pandora, Spotify, Google Music and standard terrestrial radio until I was where I could pay for the subscription.

That’s where it all gets painful.  When the SiriusXM customer service representative called me to make sure that I knew my trial expiration was coming up I explained that I was not currently interested in signing up to pay for it.  When he helpfully (at least in his mind it was helpful) informed me that the monthly payment was only $16 a month, I ensured him that I had actually read the mailing they sent out and knew what the prices were and I just didn’t want to continue.

Now despite the belligerent tone of voice he continued to use to try and bully me into a subscription, I finally managed to get off the call without losing my temper (which was a major feat, let me tell you).  In a logical universe, they would mark my account as having declined service and to try again in a few months (but hopefully never since I did mention that I didn’t want them to call me again) and that would end the matter.

This is where SiriusXM has failed to gain a customer.  Almost every day so far this month I have received at least one call from the SiriusXM folks (866-903-7474) trying to suck me back into the fold.  This constant bombardment is a real pain in the rear.  I can understand one or two attempts, but at some point you have to realize that continued calls are not going to get the customer.

So here’s the email I sent to the SiriusXM Customer Service folks today after yet one more call:

I realize that my trial subscription has expired. In fact I even talked to your customer representatives at least once concerning this prior to the expiration.

I happily informed the customer service representative that I knew my subscription was going to expire and that I was not interested in converting my trial at that time due to the cost, and yes that I knew it wasn’t a lot each month if I subscribed for a year. After he kept trying to get me to convert, rather insistently to the point of belligerence, I finally was able to get him to hang up.

Recently I have been receiving calls from your company (866-903-7474) at least once a day (sometimes twice).

I realize that you would like to retain customers and to gain new ones, however when a current/former customer informs you that they no longer wish to continue the subscription, it doesn’t engender good customer relations to bombard them on a daily basis with calls.

For this reason it is unlikely that I or anyone in my household will ever subscribe to your services at any point in the future. I appreciate that you have made it even easier for me to embrace the free and/or ad-supported streaming services like Pandora Radio, Spotify, Live365, Google Music, and Amazon Music.

Thanks,
Andy Fore

So instead of caring about subscribing to SiriusXM, I will just use my mobile data plan to get the most out of Internet-based streaming services that I can.  I would rather give my money to my mobile provider for data usage than to SiriusXM, since Verizon doesn’t deem it necessary to spam me with phone calls about their services.

So the other night when I got home I found a sad situation.  My LCD television wouldn’t display a picture. The backlight would come on when the power button was pressed (on the tv or the remote), but nothing else was happening.

The first fix I tried was what some forums were calling an EEPROM reset. To do this follow these steps:

1. Turn on the tv (blue led should go off)
2. Unplug the tv from the main power
3. Leave unplugged for 5-10 minutes (varies on exact model)
4. Turn off the main power supply switch (located next to the power port)
5. Plug the tv back in to main power
6. Turn the main switch back on

In my case this procedure elicited no change to the problem, so I continued looking for other answers.  In one forum I found a reference to replacing the backlight, mainboard, or power supply. In my case the backlight was working fine and the power supply was as well.  After looking in the service manual for the 237-T11, I did find that the mainboard was fairly accessible, so if I had to get a new board it wouldn’t be that difficult to replace it.

Before taking the hardware fix route I decided to see if my problem could be resolved by a firmware update.  Olevia helpfully included a USB port on the back panel of the unit to allow for a firmware upgrade.  Since my purchase of the unit in November of 2007 at Target’s Black Friday sale, I had not applied any of the firmware updates.

Unfortunately in 2008, Syntax-Brillian, the manufacturer of the Olevia brand, filed for bankruptcy.  This made getting my hands on the firmware files, update software and instructions a little difficult.  After some diligent research I found a thread on AVSForum that had the files I needed.

The driver files didn’t work properly for my Windows 7 laptop, however they are easily obtained from the Prolific USA website (there are also drivers for Linux and MacOS X).

After following the instructions for updating I powered off the unit, waited a minute or two then powered it back on.  Success!  I was greeted with the familiar white and blue Olevia logo screen.

As an additional backup for the benefit of any other user’s, here are links to the necessary files:

Editor’s Note: This article is part of the Tales of A Linux Switcher series.

In my search to make the complete switch from the Mac OS (see Tales of a Linux Switcher – Part 1), the biggest research effort has been finding applications that accomplish the same tasks in Linux.  Some of these tasks are pretty obvious, e.g., web browsing or email, while others are not quite so ordinary, e.g., filesystem encryption or software development.

So, with all of that in mind, the subject of this particular post is going to be a discussion of some of the common tasks that I set out to handle and the application I chose to fit the bill.

When everything is said and done, the important part of using any desktop (or server really) OS is getting what you need to do accomplished.  The tasks can be office productivity or software development or just casual web surfing.

The arguments about which OS is better, more secure, more extensible, or more “free” are all great and wonderful, but in the end what matters is getting it done.  There are some people that believe that software being free is top priority, while others (like myself) are not as concerned over whether the software is free, cheap, open source, or proprietary, as long as it works to get from point a to point b.

Don’t get me wrong, I like open source software, and it’s even better when it’s FOSS (free, open source software), but when it all shakes out I want a computer setup that I can rely on from day-to-day to do what I need it to do.

So in my quest to get to point b, I have found that there are generally any number of application choices to accomplish my tasks in Linux that I did in the Mac OS ecosystem.

Some of the application choices were easy options, like LibreOffice in place of MS Office 2011, while others required more research to replace, e.g., iTunes, 1Password, etc.  With each choice I have tried to find an alternative that gave me the closest experience in terms of usability and feature set of the application being replaced.

When looking for alternatives I used Google for basic searching, but I also found the following sites to be of use:

Using those sites in combination with various forum posts and basic searches, I have been able to find software to do most everything I was doing on Mac OS X.  Bear in mind that sometimes it’s not quite as easy to set everything up, but I took that as a challenge.  There are some instances that presented particular challenges.  I will be posting on those individually as time permits.

To see the list I have personally come up, have a gander at my Linux Switcher Software Choices spreadsheet.

While working on a method to allow the VSU Communications Unit to add or change the stories in the rotation on the main VSU webpage, I ran into a problem that involved a known Safari issue involving file uploads.

I don’t regularly create forms that allow for an upload of a file, however I don’t like to store binary data in the MySQL database either. Allowing the files to be uploaded makes creating pages that use them a whole lot easier, since I don’t have to “create” the image from the binary data, just pass off a file location and let the browser do the rest.

The symptoms exhibited were that when submitting the form, Safari would hang about 30-40% of the time. No error messages or timeout messages were displayed. Zip, zilch, nada!
Continue reading

Recently I had to build a custom form for VSU’s implementation of R25 by CollegeNet.  The form was designed to allow individuals to schedule an event at VSU using our facilities and equipment.  The form is a multi-part form that branches off at the third page based on prior answers.

One of the hurdles in the form creation was the necessity of validating the form input on a page before proceeding to the next part of the form.  While this fairly routine process can be accomplished by using a self-referencing form and validating the contents of the $_POST superglobal, the number of form elements made it somewhat cumbersome.

Enter the PHP Form Validation Script.  While searching for some ways to make the validation more painless to code, I ran across a nifty PHP script at the HTML Form Guide website.  It is a object-oriented PHP script that make it much easier to do the validation on html form elements.  There are quite a few pre-defined validation descriptors, plus a method that allows for overriding the DoValidate function to create your own custom descriptor.

There is one thing that I would like the script to handle natively:

1. use of a “pretty” or “friendly” name in the validation error messages, currently it displays the element name

There is also an undocumented validation descriptor in the script.  The pre-defined selone is used for a select/option element.  According to the code the default error message is “Please select an option for %s” and it check to ensure that the value for the element is set and that the value is less than or equal to zero.  If either of those check fail then the error message is displayed.

So in the process of applying the new SSL cert here at work, I discovered an issue with the reCAPTCHA service.

The problem was that I was getting errors saying that my forms were only partially encrypted.  This was due to my use of the reCAPTCHA library, which by default doesn’t use an SSL connection to grab the challenge HTML.

The documentation at the reCaptcha site has a section on this.  Specifically it says:

In order to avoid getting browser warnings, if you use reCAPTCHA on an SSL site, you should replace http://api.recaptcha.net with https://api-secure.recaptcha.net.

Ref: http://recaptcha.net/apidocs/captcha/client.html

The example it uses shows how to change the Javascript itself.  While this was nice to know it really didn’t help too much in my particular case. To solve this when using the reCAPTCHA PHP library, all you need to do is change the value of a single variable.  In the file recaptchalib.php look for the function recaptcha_get_html then change the declaration to read as follows:

function recaptcha_get_html ($pubkey, $error = null, $use_ssl = true)

This will force all calls to be transmitted over an SSL connection, thus eliminating the dialog box in Internet Explorer and the slashed-lock in Firefox.

However since I am not encrypting the entire site by default, yet due to an issue with our website editing/management system, Adobe Contribute, I had to do a bit more than just updating the boolean variable.  Since some of my forms are encrypted and some are not, I added the following code to the function referenced above:

if ($_SERVER[‘SERVER_PORT’] == 443) { $use_ssl = true;

}

This needs to be added just above the check for the value of the variable use_ssl in the function recaptcha_get_html.  Once you do this you can use the same copy of the recpatchalib.php file for both secure and non-secure forms.