Feb. 4, 2009, 1:49 p.m.
If you can't browse to your CUCM instance, login to the command-line interface (using the VMWare Console if it's a VM instance...I have also been able to ssh to CUCM when I can't browse to ccmadmin). Run "show network eth0". Write down the current gateway, then run "set network gateway <ip>" where <ip> is the IP you just wrote down. I <i>think</i> this has the same effect as running /etc/rc.d/init/network restart, as all of a sudden I could ping and browse to the CUCM instance, even though I didn't change anything.
Jan. 30, 2009, 1 p.m.
Upgrading slowed my VM and my Mac to a crawl. I found a post somewhere that recommended the following, which helped a ton (for the record, I have one CPU and 512M allocated for this VM): <ul> <li>Uncheck "Allow your Mac to open applications in the virtual machine"<li> <li>Change to "Optimize for Mac"</li> </ul>
Jan. 30, 2009, 10:22 a.m.
If a datasheet view of your list looks the same in SharePoint 2007, you need to install Access 2007 on your client. It looks like the datasheet view is an "Access Web Datasheet."
Jan. 16, 2009, 9:31 p.m.
If you want to use Tinyscheme on OS X, you'll need to visit this page: <a href="http://homepage.mac.com/rdadolf/tinyscheme.html">http://homepage.mac.com/rdadolf/tinyscheme.html</a>
Dec. 20, 2008, 10:11 p.m.
Disclaimer: I'm definitely not somebody who keeps up with this sort of thing. But I have noticed a couple things recently: <ul> <li>The steady trickle of non-techie people joining Facebook continues.</li> <li>Sites like FriendFeed and Gnip are providing a great aggregation of social networks, while Ping.Fm provides a publishing mechanism (although perhaps I could just as easily post to Twitter, which also shows up on Facebook).</li> <li>Most interesting to me: apps like <a href="http://www.tweetdeck.com">TweetDeck</a> provide a richer interface for existing apps, like Twitter.</li> </ul> Aggregation sites like FriendFeed make sense to me. But a richer experience like the one TweetDeck provides, I hadn't really thought of. On a whim, I downloaded it and it is pretty nice. But what's next? We've been here before, in 2000/2001. A few major players (eBay/Amazon, Facebook/Twitter) win the fight for users. What's interesting now is we have companies like Gnip making it easier for people to use multiple services. I'm not sure that will have an impact on Facebook's success, though. I have no idea where I'm going with this. I'll just keep it ongoing.
Dec. 19, 2008, 10:24 a.m.
This is the first in a series of posts about getting around certificate issues. It is now common for organizations to create their own root CA cert and self-sign everything. The cert chain is then installed on all PCs belonging to the organization and everything validates correctly. This makes a lot of sense. Unfortunately, there are other scenarios where a cert is self-signed and the cert chain will never be valid. In these cases, we are forced to figure out how to make a HTTPS request that basically accepts any SSL cert, no matter the validity. To be honest, I am somewhat embarrassed to admit the level of cert hackery I have resorted to, but sometimes Getting Things Done trumps the necessity for a tool to validate the cert chain against a third-party appliance that has a self-signed cert. Such is life. If you are using OpenLDAP and you want to use TLS but you don't have the proper CA certs, or there is some other issue with the certificate chain, you can bypass it altogether: <ul> <li>Create a directory C:\OpenLDAP\sysconf (this is Windows, if you're using Unix you probably have the skills to figure out where ldap.conf should live).</li> <li>Create a file there named ldap.conf that contains a single line that reads: TLS_REQCERT never </li> </ul> Rock on. I hope to follow up later with a post on where to store your cert chain to make this work.
Dec. 16, 2008, 11:18 a.m.
I needed to switch from basic authentication to something better that wouldn't pass the credentials back with every request. I decided to use adLDAP, which uses the LDAP functions built-in to PHP. The built-in LDAP implementation uses OpenLDAP. What I found was this: <ul> <li>adLDAP calls ldap_bind to authenticate</li> <li>ldap_bind uses the common name (cn). I was passing the sAMAccount name.</li> <li>This works in my development environment, because AD can figure out that is the same user via a referral.</li> <li>You can configure AD to deny anonymous referrals.</li> <li>OpenLDAP does not support non-anonymous referrals.</li> </ul> Sad times. LDAP geeks will now laugh at me and my lack of LDAP-fu. I finally realized all I had to to was search on sAMAccount name, then ldap_bind to the distinguished name (dn) that is returned.
Oct. 6, 2008, 8:57 p.m.
You finally figured out the cert chain for the self-signed certs and got your server configured. You browse to your page using HTTPS with Firefox, looks good! Lock icon and all. Then you try in IE and get the "This page has both secure and nonsecure items." <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;261188">Learn it</a>. Love it. Live it. Note that, while the various JavaScript frameworks (YUI, etc.) have had issues with this, it was my own dunderheadedness that tripped me up.
Oct. 6, 2008, 9:17 a.m.
More of placeholder to hold my thoughts than a real howto...here's some sample config: <pre> <IfModule mod_alias.c> Alias /path "c:/svn/trunk/path" <Directory "c:/svn/trunk/path"> Order allow,deny Allow from all AuthName "My Windows Authentication" AuthType SSPI SSPIAuth On SSPIAuthoritative On SSPIDomain domain.to.authenticate.against SSPIOmitDomain On SSPIOfferBasic On SSPIBasicPreferred Off SSPIUsernameCase lower require valid-user </Directory> </IfModule> </pre>
Oct. 4, 2008, 8:15 a.m.
I needed to be able to encrypt/decrypt in PHP and decrypt in C# using the same key. So I put the key and initialization vector in a XML file and use it in the PHP and C#. A few quick notes: <ul> <li>PHP's MD5 implementation returns the hash in a 32 character string. C#'s MD5 implementation produces a 16 byte binary array. This is why I convert the byte array to a string in C#.</li> <li>The code assumes you are storing the encrypted data in a base 64 encoded string.</li> </ul> <pre> $td = mcrypt_module_open('rijndael-256', '', 'cbc', ''); if ($td !== FALSE) { $expected_key_size = mcrypt_enc_get_key_size($td); $key = substr(md5($key), 0, $expected_key_size); $rc = mcrypt_generic_init($td, $key, $iv); } </pre> So now <code>$td</code> is an object that can encrypt/decrypt, like this: Encrypt: <pre> base64_encode(mcrypt_generic($td, $plaintext)); </pre> Decrypt: <pre> mdecrypt_generic($td, base64_decode($str)); </pre> Now for the C#. Initialization: <pre> byte[] keyBytes = Encoding.ASCII.GetBytes(key.value); byte[] hash = MD5.Create().ComputeHash(keyBytes); string ret = ""; foreach (byte a in hash) { if (a < 16) ret += "0" + a.ToString("x"); else ret += a.ToString("x"); } byte[] ivBytes = Convert.FromBase64String(key.iv); r = Rijndael.Create(); r.Padding = PaddingMode.Zeros; r.BlockSize = 256; r.Key = Encoding.ASCII.GetBytes(ret); r.IV = ivBytes; </pre> Encrypt/decrypt: <pre> public string decrypt(string str) { byte[] encryptedBytes = Convert.FromBase64String(str); byte[] decryptedBytes = transformBytes( r.CreateDecryptor(), encryptedBytes); string plaintext = Encoding.ASCII.GetString(decryptedBytes); int idx = plaintext.IndexOf("\0"); if (idx > -1) plaintext = plaintext.Substring(0, idx); return plaintext; } public string encrypt(string plaintext) { byte[] plainBytes = Encoding.ASCII.GetBytes(plaintext); byte[] encryptedBytes = transformBytes( r.CreateEncryptor(), plainBytes); return Convert.ToBase64String(encryptedBytes); } private byte[] transformBytes(ICryptoTransform transform, byte[] plainBytes) { MemoryStream memStream = new MemoryStream(); CryptoStream cryptStream = new CryptoStream(memStream, transform, CryptoStreamMode.Write); cryptStream.Write(plainBytes, 0, plainBytes.Length); cryptStream.Close(); byte[] encryptedBytes = memStream.ToArray(); memStream.Close(); return encryptedBytes; } </pre>