the foremind

A few weekends ago I had the privilege of being assigned to evaluate an iPad for use as a support tool by my boss. (thanks Ike!)

The first order of business was to figure out some basic tasks that we would need to accomplish as sysadmins that we could realistically use the iPad for.

Remote control via ssh for a unix server

For ssh I already had the iSSH application by Zinger-Soft [iTunes]. Fortunately they updated the application to be a universal application for both the iPhone and the iPad. I had used it with a fair amount of success on my iPhone in the past to reboot several servers over both WiFi and 3G data, most notably when I needed to reboot a MySQL server will on the way to Atlanta on I-75.

I was pleased with the changes that they made for the expanded screen real estate of the iPad. The split screen function when in portrait mode is quite useful when you need to juggle two connections at the same time, even if it can be a bit confusing at first.

The ability to handle X11 forwarding is also a nice touch, because there are some administration activities that require the GUI even on a unix system (think that favorite Oracle installer that we all know and love).

Remote access via RDP to Windows servers and desktops

Generally this is actually an easier task to sort out, due to the number of RDP clients that exist of the iPad. There are more clients out to handle this than you can shake a stick at, however they don’t all have the same features. The fly in the ointment with RDP support is the ability to work with the widest variety of server and desktop os installations, with encryption, etc. The large majority of them did state that they supported Server 2003, 2008 as well as Windows XP, Vista and 7.

What took some doing to was to find a client that would work in our security environment. Currently we require that all off-site RDP connections be tunneled through SSH. It turns out that none of the RDP clients out there support this yet. One of the most promising from this standpoint looks like iTap RDP by Honeder Lacher Wallner Softwareentwicklung OEG [iTunes]. This client supports FIPS and NLA. They have a nice compression algorithm that makes the connection work well even on a 3G network. While they don’t currently support RDP over SSH tunnels this is a planned feature in a future release.

Another possibility, depending on where we go with our VDI initiative is Wyse PocketCloud by Wyse Technology [iTunes]. PocketCloud for iPad supports both VMWare View connections and standard RDP connections.  This is the application I ended up testing, and I must say, I was pretty happy with it.  The manner in which it handles the mouse functionality is superb.  The support for the application seems a little subpar, but there is a fairly active forum.

Currently the only solution that I was able to find was to use iSSH for a tunneled VNC connection, since iSSH supports this. Of course, this means that you will need to install a VNC server on your desktop or server, but in my testing it did seem to work fairly well if a little sluggishly. One advantage to this is the fact that Mac OS X includes a VNC server by default, making connections to Mac servers and clients a fairly easy thing to accomplish. With WIndows 2008, it was a little more challenging due to the changes in security that were added by the UAC system from MS. I was unsuccessful in getting RealVNC Enterprise trial to work properly, however the beta of TightVNC worked nicely.  The latest version of iSSH does support ssh tunnels.  When you combine this with multitasking support on iOS 4 you then have ability to access a remote machine through a perimeter firewall without the need for VNC server. Unfortunately, this support is useless on the iPad until we get iOS 4, but it is nice to know that it is there.

Access to various web-based support services

This is not really much of a challenge, however it is worth mentioning that there are a number of web-based systems that don’t cooperate easily with Mobile Safari for various reasons. Some of them are Flash-based, which obviously won’t work, others are just not designed to work properly on a touchscreen device. Your mileage may vary.

Password storage

As is the case with most system admins, I have way too many passwords to keep up with than I can easily remember. When you combine that with the necessity of locking accounts after a certain number of failed attempts, it becomes rapidly necessary that I have a secure method of carrying passwords with me.

On my iPhone I have been using Lockbox Pro by GEE! Technologies [iTunes] for a while now, however in investigating an app for the iPad I spent a fair amount of time playing around with SplashID by SplashData [iTunes]. (Also, it looks like GEE! Technologies is having issues, since the company website link for their app in the AppStore doesn’t work and the support website looks fairly similar to the myriad of web-squatter websites that are out there.) Now if you use password managers, you most likely have run into SplashID before. One of the major points in it’s favor is the use of both 256-bit Blowfish encryption. New for the iPad version is the ability to use a swipe pattern to unlock the application, similar to the process that you can use to unlock some Android-based devices. It also supports numeric and alpha passwords for unlocking the database.

One of my favorite features of Lockbox Pro is the ability to have a large number of additional fields for an entry, not just a username and password. SplashID also has this feature. Also, another great advantage to SplashID is the ability to have a desktop application (both Mac and Windows) that you can sync your mobile device to. Not only does SplashID support the iPhone, iPad and iPod Touch, they also have clients for Android, WebOS, PalmOS, Blackberry and Series 60. The simple fact that I can sync my password data between multiple devices as well as my desktop makes this an ideal application. SplashID also supports auto-fill for websites, if that is your thing.  Of course, if you want it all on your the iPhone, iPad and the desktop your are going to have to fork out a lot of money, since each application is a separate charge.

Access to notes, procedures and documentation

As an admin, one of the most useful applications is one that allows me to have notes, procedures and documentation available when I need it. It can be difficult the juggle a keyboard, serial cable and a big fat, dead tree manual when in a datacenter, so having the essential docs on hand in a mobile environment is a must.

I think there are actually more possibilities in this particular category than any other I researched for this post. I have been a big fan of Evernote by Evernote Corp [iTunes] since it was released. It syncs to both the iPhone and iPad, as well as to the client on my desktop. Combine those abilities with web-clipping functionality in both Safari and Firefox on the desktop and you have a great tool for support.

Of course, sometimes you will need to store large documents, and unless you feel like paying for storage with Evernote, it might not work to upload the entire Solaris 10 reference, or the latest edition of the PHP function reference. To begin with I started searching for the perfect sysadmin application in the App Store, then I realized that I already had it, iBooks [iTunes]. With iBooks 1.1, Apple made PDF storage easy. Just drag the PDF into your Books section in iTunes and sync. Voila! Of course to make the docs more useful, they need to be converted into eBook format so that you can use the highlighting and search features, but in a pinch a raw PDF is quite handy.

I wish I could do that

There are still somethings that I wish I could do with the iPad, however I doubt I will get them.  One item on my wishlist would be a mechanism to allow me to use the iPad as a serial terminal.  Frequently I have to use a laptop with a serial port (or USB-to-serial adapter) to connect to a server in order to access the console.  It would be really nice to be able to do this from the iPad.  Another feature that would be nice would be something along the lines of the certificate management that you have in the Keychain Access application on the Mac.  I can see where it could come in handy to be able to import and export SSL certs from the device.

When doing system administration it is often more convenient to connect to a server through some sort of remote connection setup rather than having to sit at a console in a datacenter.  The comfort of one’s office (or living-room) is often far superior in terms of noise and temperature than the environs of the datacenter itself.

When setting up the RHEL5 server this week here at VSU, I was forced to use the Sun iLOM connection to do the initial install of the server.  While I generally use command-line only tools, the ease of use one gains from the GUI tools can often make some tasks much simpler.  Towards this end I decided to setup the server and my client to allow XDMCP sessions so that I could have full access to the GUI when necessary.

On the server there are a couple of things that you need to configure in order to make this workFirew:

1. Firewall ports
2. GDM configuration options

On the client you will need to configure the OS X firewall, as well as use the correct Xephyr connection syntax.
Continue reading

While re-loading the OS and apps on my iMac at work, I ran into major issues whilst updating MS Office 2008.  When running the first update, Office 2008 SP1 (12.1.0) I had no problems, however none of the other updates would run.  I kept getting the error “You cannot install Office 2008 Updates on this volume. A version of the software required to install this update was not found on this volume.”

At first I thought that this might be due to some permissions shenanigans revolving around my AD/OD setup, since the logged in user was not a local admin, but had been granted administrator privileges through a nested group trick.

After more searching I ran across a post on the forums MacRumors.com pointing out problems when running updates on an Office 2008 install that had been altered by using Monolingual or XSlimmer.

Both of these programs were developed to slim down the sizes of binary applications on OS X.  Monolingual strips the “additional languages” from OS X programs and operating system files, while XSlimmer is designed to remove both the extra language information and the unused binary code in a fat binary.  I have never used either of these programs, since I was not concerned about the amount of disk space they utilize.

After more searching, I ran across a post in the Entourage Help Pages discussing troubleshooting Office 2008 installations.  While this page also mentioned issues with installations being altered by Monolingual and XSlimmer, it also pointed out an issue with a workaround created to handle a bug in how Safari deals with the docx file extension.  While the automator workflow mentioned does not appear to actually affect anything other than the names of files, it did jog my memory about something else Safari related that occured when installing Adobe CS 4 earlier the same day.

While installing CS 4 and the available updates, I was prompted to not only quit Safari, but also to quit XMarks for Safari.  For those that don’t know, XMarks is a great service for synchronizing your browser bookmarks between multiple machines, platforms, and browsers.

On a hunch I quit XMarks for Safari, as well as the browser itself.  No dice, I still got the error.  Knowing how easy it would be to reinstall the helper application, I uninstalled XMarks.  Eureka!  The Office updaters now ran without a hitch.  So, if you are having this problem, try deactivating or removing anything plugins that effect the default nature of Safari.

Lately I have noticed that when browsing the web my external hard drive would spin up when there seemed no need.  I had just given into the mysterious and not concerned myself with this until yesterday.

After a few searches, I turned up a post on Apple’s discussion boards entitled Safari pauses & spins up ext HDs with ATS Autoactivation errors.  While I have not found the errors in my logs refered to by the OP, I have noticed the exact same symptoms.

Using the symptoms and discoveries by W. Raideer and strangebirds as a guideline, I found a solution to the issue.  While this may in fact be a bug, it turns out that if you disable Spotlight on the external drive this activity ceases, at least in my case.

To quote the Help documentation for Font Book on the Automatic Activation feature:

Note that if you turn off Spotlight searching for any folder or disk connected to your computer, Font Book can’t find and enable fonts in those locations.

After listing my external drive in the Spotlight preference pane section labeled Privacy, I have ceased to have this particular issue.  While this may not be advisable or desirable, depending on the content of the external drive, I have noticed no detrimental effect by disabling Spotlight on the drive.

I noticed something today in the new iTunes Store interface.  When you hover over a song in the store you are presented with a nifty play icon that replaces the track number in the album listing.  This is quite similar to the iTunes Store interface functionality on the iPhone/iPod Touch OS.  Clicking on the play icon or double-clicking on the song title starts the 30-sec preview of the track.

Just like the iPhone version, the new iTunes Store desktop interface then displays a round blue icon with the ubiquitous stop square with the progress of the 30-sec preview rotating in a contrasting blue color.

Clicking on the stop square does not always stop the playback of the preview.  What should happen when you click on the stop icon is that the preview ceases to play and the icon goes away to be replaced once again by the track number.  On some albums in the store this function works.  On other albums it does revert back to the track number, however the preview continues to play until it finishes or until you hit the pause button in the iTunes window.  Also when you let the preview play out to the end, the stop icon does not disappear either, to release the icon you must click the stop button even though the preview has completed.

This definitely seems like a bug in the interface.  I have confirmed this in both the Mac OS X and Windows versions of iTunes 9 running on Snow Leopard and Windows Vista, respectively.

Finding the right case for you iPhone can be a challenging and somewhat frustrating process.  Not only do you have to contend with the sheer number of case types, but you also have to balance the needs of your particular listening and working environments.  If you are like me you may have found that you actually need more than one type of case.  While it would be nice to have the ultimate iPhone case that I could comfortably and easily use in any situation, I have yet to discover it.

Recently I purchased an Otterbox iPhone 3G Defender case for use with my iPhone 3GS.  The main motivation behind this particular purchase was the ruggedness of the case.  Next summer I am going to be riding a self-supported bike tour with a couple of friends in Pittsburgh, so I was in the market for a case that could handle the shocks, drops and dust that I would encounter both on the tour and while training for it (man, do I ever need to start the training).

My daily driver of a case to this point has been a red and black (Goooo Dawgs!) iFrogz Luxe.  This is a very nice case that adds minimal bulk to the iPhone design while providing a basic level of protection from scuffs and bumps that can occur during average daily use.

While the iFrogz Luxe turned out to be great for a daily case, it became rapidly apparent that it was not going to withstand the rigors of an extended bike tour and training process.  After determining this, I turned to the Otterbox.  Otterbox is known for making very rugged cases, waterproof cases, and water proof equipment boxes.

Otterbox states that the iPhone 3G Defender is not intended for protection against water intrusion, due to it’s openings for the microphones and speakers of the iPhone 3G design.  This being said a friend that also has one said that it will protect your phone from an occasional spill, like when someone knocks over a coke on the table at a meeting.  I can personally attest to the drop and bump protection, having purposefully dropped my phone while incased onto a concrete sidewalk from a height of three feet.  (Not recommended for the faint of heart!)

I really liked the additional grip that the case provides.  Sometimes the slick plastic back of the iPhone 3G and 3GS can be a little hazardous.  The buttons are fairly easy to operate even while incased in the poly-carbonate shell and silicon rubber cushioning.  All of the ports with the exception of the speakers and microphone are firmly covered with silicon rubber flaps that interlock into the plastic shell when not in use.  This is great, since the water sensors on the 3G and 3GS are located in the headphone jack and inside the dock connecter port.  With the openings firmly covered and protected it is possible to fudge a little on reporting water damage when attempting to get a warranty or AppleCare replacement.

If you want to dock your phone while in the 3G Defender, however, you maybe out of luck depending on the dock connector design.  Due to the nature of the case design, there is a fairly deep recession that has to be navigated in order to connect anything to the dock connector.  A cable or two won’t be a problem, but if you use a device like the iHome or a car mount then you will most likely be out of luck, unless you buy something like the iStubz from CableJive.

Another problem you may run into has to do with the sheer extra bulk added by the case.  I frequently use my iPhone while in my 2007 Toyota Tundra, both for music and for navigation.  I mounted my iPhone on the console in place of the ashtray using a mount and device holder combination from ProClip.  While the combination is a bit pricey, I like their product choices.  Fortunately my device holder is adjustable enough to hold the 3G Defender case, but unfortunately the dock connector plug does not extend high enough to connect with the iPhone while in the case.

Beyond those two issues, which are fairly easy to overcome, I am still having trouble getting used to the confinement of the screen itself.  The 3G Defender enclosure leaves all of the screen itself usable, but some functionality is tricky when using the onscreen keyboard and sliders.  This will be especially noticeable by those of us that don’t trim our fingernails all the way to the quick.  I know that many of my female friends, as well as some males, will find the edges of the case get in the way.  The one application feature I am having the most trouble with is the address bar in mobile Safari.  When using Safari and trying to get the browser to re-display the address bar, I find myself having to use the side of my finger tips instead of end of the finger.

I would judge that the 3G Defender is a great case for use in a physically demanding environment.  I am not completely sold on its use in an average daily environment that doesn’t involve lots of physical abuse.

Pros

• shock protection
• dust protection
• better overall grip (especially for individuals with larger hands)

Cons

• dock connector recessed farther than desired
• added bulk may make accessories unusable without additional cabling
• some on-screen functionality can be impaired due to the side of the case surrounding the screen

Overall I would say this is an excellent case and well worth the price being charged for it.  Paying $50 to protect your $400 investment is a no-brainer.

I have been updating my wallpaper to a new monthly desktop wallpaper from the Smashing Magazine site for several months.

With earlier versions of Mac OS X it was easy to update all spaces at once because the default change action affected all the spaces. With the advent of Mac OS X 10.7 (aka Lion) each space is capable of having a unique wallpaper. While this is a neat feature, there is no option to apply the change to all the spaces. One workaround is to manually change each space.  Another workaround is remove all your spaces, make the change then add the spaces back.

Neither of these options is suitable to me. The first option is fairly cumbersome, and the second will undo my application-to-space bindings. To solve this problem I have written a script than handles it.

Here’s the script:

#!/bin/bash
 
# Simple Script to update the desktop wallpaper
# background for all desktop spaces in Mac OS X 10.7
#
# Usage: update_desktop_wallpaper.sh old_wallpaper_path new_wallpaper_path
#
# Andy Fore
# http://arfore.com
 
# Check for command line arguments
if [ -z "$1" ]; then
    echo "Usage: update_desktop_wallpaper.sh old_wallpaper_path new_wallpaper_path"
    exit 1;
else
    # Change location to the active user preferences directory
    cd ~/Library/Preferences
 
    # Backup the original plist file
    echo "Making a backup of the original plist file..."
    cp com.apple.desktop.plist com.apple.desktop.plist_backup
 
    # Convert the desktop plist from binary to xml
    echo "Converting plist file to text format..."
    plutil -convert xml1 com.apple.desktop.plist
 
    # Update the desktop wallpaper file location/name
    echo "Editing the file..."
    sed -i "" "s/$1/${2}/g" com.apple.desktop.plist
 
    # Convert the desktop plist back to binary format
    echo "Converting plist file back to binary format..."
    plutil -convert binary1 com.apple.desktop.plist
 
    # Killing Dock process
    echo "Sending the kill signal to the Dock process to force reload of plist"
    killall -HUP Dock
 
    # Display completion message
    echo "Operation now complete."
fi

Example

$ ./update_desktop_wallpaper.sh June2012_Calendar.jpg July2012_Calendar.jpg

Note that I only used a filename in the example. This is because all of my calendar wallpapers are saved in the same directory path, making the unique part just the filename itself.

While setting up the cronjob for auto archiving data on my Piwik installation, I found that the default editor for Dreamhost shell accounts is set to use joe (Joe’s Own Editor). While this is a nice editor for many users, it is not as familiar to me as using vim, the opensource vi clone.

Combing through the Dreamhost wiki, I found the line in the crontab wiki article talking about exporting the editor setting by adding an entry in the .bashrc file in the root of your account.  This information may have been accurate at one point, but now the shell accounts are configured to use .bashrc for the non-interactive logins and to use .bash_profile for the interactive logins.

So to update you editor on your shell account you need to add the following line to the .bash_profile file:

export editor="/usr/bin/vim"

or

export editor="/usr/bin/vi"

If you prefer to use emacs, you can change the line to be:

export editor="/usr/bin/emacs"

I have been updating my wallpaper to a new monthly desktop wallpaper from the Smashing Magazine site for several months.

With earlier versions of Mac OS X it was easy to update all spaces at once because the default change action affected all the spaces. With the advent of Mac OS X 10.7 (aka Lion) each space is capable of having a unique wallpaper. While this is a neat feature, there is no option to apply the change to all the spaces. One workaround is to manually change each space.  Another workaround is remove all your spaces, make the change then add the spaces back.

Neither of these options is suitable to me. The first option is fairly cumbersome, and the second will undo my application-to-space bindings. To solve this problem I have written a script than handles it.

Here’s the script:

#!/bin/bash
 
# Simple Script to update the desktop wallpaper
# background for all desktop spaces in Mac OS X 10.7
#
# Usage: update_desktop_wallpaper.sh old_wallpaper_path new_wallpaper_path
#
# Andy Fore
# http://arfore.com
 
# Check for command line arguments
if [ -z "$1" ]; then
    echo "Usage: update_desktop_wallpaper.sh old_wallpaper_path new_wallpaper_path"
    exit 1;
else
    # Change location to the active user preferences directory
    cd ~/Library/Preferences
 
    # Backup the original plist file
    echo "Making a backup of the original plist file..."
    cp com.apple.desktop.plist com.apple.desktop.plist_backup
 
    # Convert the desktop plist from binary to xml
    echo "Converting plist file to text format..."
    plutil -convert xml1 com.apple.desktop.plist
 
    # Update the desktop wallpaper file location/name
    echo "Editing the file..."
    sed -i "" "s/$1/${2}/g" com.apple.desktop.plist
 
    # Convert the desktop plist back to binary format
    echo "Converting plist file back to binary format..."
    plutil -convert binary1 com.apple.desktop.plist
 
    # Killing Dock process
    echo "Sending the kill signal to the Dock process to force reload of plist"
    killall -HUP Dock
 
    # Display completion message
    echo "Operation now complete."
fi

Example

$ ./update_desktop_wallpaper.sh June2012_Calendar.jpg July2012_Calendar.jpg

Note that I only used a filename in the example. This is because all of my calendar wallpapers are saved in the same directory path, making the unique part just the filename itself.

Editor’s Note: This article is part of the Tales of A Linux Switcher series.

In my search to make the complete switch from the Mac OS (see Tales of a Linux Switcher – Part 1), the biggest research effort has been finding applications that accomplish the same tasks in Linux.  Some of these tasks are pretty obvious, e.g., web browsing or email, while others are not quite so ordinary, e.g., filesystem encryption or software development.

So, with all of that in mind, the subject of this particular post is going to be a discussion of some of the common tasks that I set out to handle and the application I chose to fit the bill.

When everything is said and done, the important part of using any desktop (or server really) OS is getting what you need to do accomplished.  The tasks can be office productivity or software development or just casual web surfing.

The arguments about which OS is better, more secure, more extensible, or more “free” are all great and wonderful, but in the end what matters is getting it done.  There are some people that believe that software being free is top priority, while others (like myself) are not as concerned over whether the software is free, cheap, open source, or proprietary, as long as it works to get from point a to point b.

Don’t get me wrong, I like open source software, and it’s even better when it’s FOSS (free, open source software), but when it all shakes out I want a computer setup that I can rely on from day-to-day to do what I need it to do.

So in my quest to get to point b, I have found that there are generally any number of application choices to accomplish my tasks in Linux that I did in the Mac OS ecosystem.

Some of the application choices were easy options, like LibreOffice in place of MS Office 2011, while others required more research to replace, e.g., iTunes, 1Password, etc.  With each choice I have tried to find an alternative that gave me the closest experience in terms of usability and feature set of the application being replaced.

When looking for alternatives I used Google for basic searching, but I also found the following sites to be of use:

Using those sites in combination with various forum posts and basic searches, I have been able to find software to do most everything I was doing on Mac OS X.  Bear in mind that sometimes it’s not quite as easy to set everything up, but I took that as a challenge.  There are some instances that presented particular challenges.  I will be posting on those individually as time permits.

To see the list I have personally come up, have a gander at my Linux Switcher Software Choices spreadsheet.

In Outlook Live browser cookie issues, I discussed the issues surrounding cookie usage and the Outlook Live service.  As you may remember, one of the problems surrounding turning off the blind support of third-party cookies is the check that is performed at logout.  If the check doesn’t pass then you will get a warning message.

The fix for this from the MS perspective is to enable third-party cookies.  One of the main reasons to not follow this is for better privacy while browsing the Internet.  As with most computer security, web browser security is often a trade-off between usability and security.  You have to know what to set things to to achieve a balance between good security and acceptable annoyance.  Many users install ad-blockers, flash blockers, disable Javascript, etc.  These are good tactics, but they also introduce browsing annoyances since the very technologies these plug-ins disable are what makes the web experience interesting and fun.  For more on browser security check out Securing Your Web Browser at CERT.

Fortunately, in this particular case the solution is relatively easy.  Since Mozilla gives us the ability to configure the browser directly, we can change how Firefox handles cookies.

First you will need to open Firefox and go to the site about:config to edit the settings.  This is not really a website, but a method provided to directly configure some browser settings.  You will be presented with a warning box, just click the button.

Next, in the filter box type network.cookie, this will narrow the list displayed down to only the ones dealing with cookies.  One of the settings to be changed already exists, the other will have to be added.

The setting that you want to change is:

• network.cookie.cookieBehavior

Change network.cookie.cookieBehavior to have a setting of 3, enabling the change, by double clicking on the number in the Value column and entering the new value in the dialog box.

To add the new preference, right click in the window and select Integer from the New submenu.

Enter network.cookie.p3plevel in the dialog box that appears. Set the value to be 3 in the second dialog box.  There is no save function, the changes take effect immediately, just close you browser tab/window.

After making these changes you will now be able to successfully navigate the Outlook Live site and logout without getting the warning message.  You will also be better protected from nefarious third-party cookies.

If you want to change the preferences back to the defaults, simply open the preferences for Firefox and click the checkbox next to Accept third-party cookies.

Apparently this functionality was part of Firefox 2 but was subsequently removed after someone complained about the size of the code required to implement it (a total of 60k in what is now a 56.9MB, at least that’s the size of the application on Mac OS X).  In reading through the comments in the Bugzilla post, I fail to see where anyone makes a decent argument for reducing end-user security.  For more on all of this, check out the references section of this post.

These changes were implemented on Mac OS X 10.6.4 using Firefox 3.6.11, but it should be pertinent to Windows and Linux as well.

References

Recently I ran into an issue with several websites and their functionality, or lack thereof, on Mobile Safari in iOS 4.3.3 on the iPad.

Mobile Safari doesn’t give you much in the way of native debug tools.  There is a debug console, which will display, at least in theory, any CSS, HTML or Javascript errors.

The only problem is that it won’t actually display all HTML errors.  For instance the problem I ran into was an HTML tag mismatch between an opening H2 and a closing H3.  Mobile Safari on iOS 5.1 displayed the page as designed, however on iOS 4.3.3 the bad closing tag was omitted which meant that all the children of that H2 had the CSS style “hidden” applied to them due to a class assignment.

You would think that this might trigger an error code in the debug console, however no such error occurred, and using the Safari iOS 4.3.3 – iPad user agent in desktop Safari on Mac OS X did not exhibit the error.

In searching for a tool to assist with debugging this problem natively on the iPad I ran across a great bookmarklet by Mark Perkins, called Snoopy.

This bookmarklet gives you all kinds of nifty information about the page you are looking at, including a view of the generated source.  Thanks to this tool I was able to find out exactly what was breaking the display on the iPad.

In June of 2010, Valdosta State University transitioned to using Microsoft’s Live@EDU service for our e-mail.  This is Microsoft’s competing product line with Google’s Apps for Education service.  There were many reasons why we chose the Microsoft service which I won’t get into here, suffice it to say, that was the decision that was made.

While I don’t use the web interface all that much, when I do use it on Safari 5 for the Mac, I have noticed an oddity.  After you login to the system and do whatever you plan to do that session, to logout you should click the “Sign Out” link.  Seems standard enough, right?  Well, not exactly.  On Safari on the Mac I have noticed that I get an error when the signout process is attempted.  When testing Firefox 3.6.11, I found I wasn’t receiving the error screen and the signout process completed successfully.

After delving more into this it turns out that the problem is third-party cookies.  The default settings in Safari are very restrictive.  They are also all or none.  There is no exception list to the privacy settings for browser cookies in Safari, unlike Firefox. Also, it turns out that if you change the settings in Firefox to match the restrictive settings in Safari you get the same error screen.

In order to find out what site was causing the problem I cleared all the cookies for Safari, then enable the setting to always allow cookies.  After comparing the list of cookies that were set, I found one listed for the domain passport.com that did not show up in the cookie list when Safari is set to accept cookies only from sites that I visited.

Further investigation using the Live HTTP Headers add-on in Firefox revealed the following for that domain:

http://loginnet.passport.com/ThirdPartyCookieCheck.srf?ct=1287943985
 
GET /ThirdPartyCookieCheck.srf?ct=1287943985 HTTP/1.1
Host: loginnet.passport.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://login.live.com/logout.srf?lc=1033&nossl=1&lc=1033&ru=https://login.microsoftonline.com/login.srf%3Flc%3D1033%26ct%3D1287943985%26rver%3D6.1.6206.0%26id%3D260563%26wa%3Dwsignoutcleanup1.0%26nossl%3D1%26wreply%3Dhttps:%252F%252Foutlook.com%252Fowa%252F%253Frealm%253Dvaldosta.edu&id=12&wa=wsignout1.0
 
HTTP/1.1 302 Found
Connection: close
Date: Sun, 24 Oct 2010 18:13:05 GMT
Server: Microsoft-IIS/6.0
PPServer: PPV: 30 H: BAYIDSLGN1F57 V: 0
Content-Type: text/html; charset=utf-8
Expires: Sun, 24 Oct 2010 18:12:05 GMT
Cache-Control: no-cache
Pragma: no-cache
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Set-Cookie: MSPP3RD=2832116359; domain=.passport.com;path=/;HTTPOnly= ;version=1
Content-Length: 0
Location: http://loginnet.passport.com/ThirdPartyCookieCheck.srf?tpc=2832116359&lc=1033
----------------------------------------------------------
http://loginnet.passport.com/ThirdPartyCookieCheck.srf?tpc=2832116359&lc=1033
 
GET /ThirdPartyCookieCheck.srf?tpc=2832116359&lc=1033 HTTP/1.1
Host: loginnet.passport.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://login.live.com/logout.srf?lc=1033&nossl=1&lc=1033&ru=https://login.microsoftonline.com/login.srf%3Flc%3D1033%26ct%3D1287943985%26rver%3D6.1.6206.0%26id%3D260563%26wa%3Dwsignoutcleanup1.0%26nossl%3D1%26wreply%3Dhttps:%252F%252Foutlook.com%252Fowa%252F%253Frealm%253Dvaldosta.edu&id=12&wa=wsignout1.0
Cookie: MSPP3RD=2832116359
 
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Sun, 24 Oct 2010 18:13:06 GMT
Pragma: no-cache
Content-Type: image/gif
Expires: Sun, 24 Oct 2010 18:12:06 GMT
Server: Microsoft-IIS/6.0
PPServer: PPV: 30 H: BAYIDSLGN1F50 V: 0
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Content-Encoding: gzip
Vary: Accept-Encoding
Transfer-Encoding: chunked

Continuing the investigation, I decided to force Firefox to ask me about each cookie that was going to be set.  This makes a dialog show up for each cookie attempt giving me the option to deny it, allow it only for the current session, or always allow.  After walking through the tortorous process of a complete login/logout session, it turns out that two cookies are being set for the domain passport.com with each of them set to expire at the end of the session.  More detail on the cookie can be seen in the screen shot of the cookie detail (provided by the plugin Add N Edit Cookies) shown below:

So, the next step was to fire up my VM and see how all this worked on the Windows side of things.  I figured that since we had not been deluged with user requests concerning this that the browsers on the Windows side of the equation were handling it all differently. Firefox on Windows is configured out of the box just like Firefox on Mac OS X.  So, as I expected the operation was the same as well. If you allow for third-party cookies, then it works fine, if you don’t then you get the error screen.

The interesting development is the settings for Internet Explorer.  Bear in mind that I am using Windows 7 and Internet Explorer 8, but the settings should be fairly similar on Windows XP and between versions 7 and 8.  The default setting in IE8 is to all third-party cookies, but (and this is the key) only if they have a compact privacy policy (P3P).  This is the setting that makes the big difference.

It turns out that neither Firefox nor Safari support P3P headers by default.  In fact there doesn’t appear to be any support for them in Safari at all.  Configuring Firefox to support them requires some advanced editing of the main configuration file.

I haven’t found any adverse effects to the workings of Outlook Live when using Safari, but it is rather annoying that this occurs.

References

I found this really cool moon photo at the AstroMeeting.

I love all the detail that he goes into about taking the photo.

A nice post on Amazing Filtered Things shows a whole bunch of photos of nuclear blasts.

My favorite is the one with the observers in the foreground.

Google Maps has a cool shot of an SR-71 Blackbird on the deck of the USS Intrepid at the Intrepid Sea, Air & Space Museum in New York City.