marcelk.org

Recently my VPN client was giving me fits when logged in from home. DNS resolution to my VPN hosts stopped working. After some poking around, I discovered that a workaround was to change my Windows network configuration to hardcode a VPN DNS server, instead of letting it go with the default as it had done successfully for quite a while before.

Some co-workers pointed out what the cause of the problem was. DNS requests were being incorrectly returned by my router. So when my laptop sent a DNS query for a VPN host, which my router should have responded “no such hostname on the Internet”, instead my router responded with a dlinksearch.com web page saying “Couldn’t find that hostname, did you want one of the following search terms?” So my router, instead of leaving things alone, was trying to be helpful (in the intrusive sense, not the helpful sense) which in turned confused my VPN client. The VPN client expected that a VPN hostname would not get resolved by an Internet DNS server, but here was my router trying to be helpful and breaking the rules.

This was a DLink DIR-825, which otherwise has been great. Some Google searches point me to disabling the “Advanced DNS” (cough cough) setting. Make sure you reboot the router so the change takes effect. Let’s try again.

Wait, it’s still not working? Now what is going on? Oh, now my ISP (Time Warner) is doing the same thing, trying to be helpful (in the intrusive sense) and instead of responding “no such hostname on the Internet” it is sending a web page with a list of search suggestions. Would you please stop helping and just stick to the standards?

Repeat after me: standards are for predictability in interoperability.

So back to my router configuration. Instead of accepting the DNS servers as given to me by my ISP, I hardcode my router to use the Google Public DNS servers, because they don’t try to be helpful. Reboot the router and try again.

Ah, now it works. Hey router manufacturers and ISPs, do you now see how beneficial your help has been?

I just helped my dad upgrade to a new PC. We built it from components purchased from Newegg. So now he has an old computer, which although very slow, still works. He’d like to give it to a school or other charitable organization instead of it being trashed. But of course before doing so he’d like to erase all his personal data and return it back to a factory state. After using TurboTax and Quicken and automatic email logins, you don’t want personal info left behind. Here is how to do that:

1) locate your manufacturer’s CDs for reinstalling. Assuming you bought a complete PC from a manufacturer like Dell or similar, when you first got the computer it should have come with a number of CDs for reinstalling the hard drive. You did keep those, right? If not, contact the manufacturer and they should be able to send you replacements, probably for a cost. Less-old computers may have those CD images hidden on the hard disk, with a utility to burn these CDs at home.

The most important CD is to reinstall the operating system. There may be other CDs for utilities and drivers, but with most of that newer software can be downloaded. So find the operating system CD before you do anything else. If you use Windows, you’re not going to want to plunk down $100-$200 for a replacement copy of Windows, especially for an old PC that’s worth less than that.

2) download a copy of dban: Darik’s Boot-and-Nuke. You’ll get an iso file from the web site. Then you’ll need to burn that iso into a bootable CD. Make sure that when you do that burn, you create a CD from the iso image, not a CD that has the iso file in it. Most burning software will label this something like “Create a CD from an image”, and the file selection dialog for the image file will include “*.iso”.

3) make real sure you have copied everything you need from the old computer. Since new computers typically have a way bigger hard drive than the old ones, you may just want to share the C drive on the old computer, and copy the entire old drive to the new computer over the network. (Don’t copy it into the root of the new hard drive, instead copy it to someplace like c:\Documents and Settings\myuserid\My Documents\old drive.) Yeah, 90% of that is stuff you won’t need and can delete later, but it’s safer to lazily delete unneeded content rather than explicitly copy just the needed content. It may be best to wait a month or more before erasing the old disk with dban, to give yourself time to remember everything you need.

4) put the dban CD into the old computer and boot from it. It contains it’s own stripped-down operating system that will bring you to a menu. You can wipe the old computer’s hard drive using a technique that approaches what the government considers secure. Note that simply booting into Windows and deleting files using Windows Explorer does not really remove the file data from the hard disk, it just removes the file entry from the index. This is like removing an entry from a searchable catalog in a library, but leaving the book on the shelf. If you go wandering you can stumble into the book even though it’s not listed in the catalog. Dban wipes all the shelves multiple times. It may take a couple hours to run.

5) use the manufacturer’s reinstallation CD’s on the old computer, as if you just installed a replacement blank hard drive. Your hard drive is blank, really blank. There may be multiple CD’s you need to get the OS back up and running.

6) install a free anti-virus such as Microsoft Security Essentials

7) make sure Windows Update is enabled. Look in My Computer -> Properties -> Automatic Updates. Run an update check now by opening up Internet Explorer and going to http://update.microsoft.com. Install the ActiveX plugin and download all the critical updates. This may take a while, especially if a Service Pack is included in the updates.

8 ) put on new copies of the standard stuff. If you use Firefox, download the latest instead of using whatever ancient version is on the old manufacturer’s CD. Same thing for utilities, especially Adobe Acrobat.

9) when you give the old computer away, make sure you include all the manufacturer’s CDs, so the new recipient can upgrade the hard drive if they run out of space or if the disk crashes.

10) sleep well knowing that your old computer is helping someone instead of making a landfill larger.

In our lab at work, we needed a way to schedule access to some dev/test machines, since we have more people than machines. A trivial Google search and I find phpScheduleIt. So on an existing Linux server in the lab I install an http server, MySQL, php, some Pear libraries, and the phpScheduleIt application. Follow the setup instructions, and we have a web-based scheduling application that fits our needs perfectly. It even deals with the timezone differences of our team members in Asia.

If I get time to create the LDAP authentication modifications I need, I’ll donate those back to the phpScheduleIt project.

Man, I love open source. Remember how hard this would have been 15 years ago?

From a security perspective, autoplay is just a really horrible idea. You don’t want programs to automatically launch when you insert a CDROM or USB thumb drive. You should disable autoplay on all your Windows systems. All the software I install is either downloaded from trusted sites, or in the case where I do have a CDROM I just find the setup.exe file and double-click it.

Here are some simplified general instructions, and here are the official Microsoft instructions. I was able to use the general instructions for XP Pro, but needed the Microsoft instructions for XP Home.

I just installed a server to test Red Hat Enterprise Linux, and of course I want to pull the latest updates from the network, since the DVD I have is obviously out of date. So I run yum (this is RHEL5), and after the updates are downloaded but before they get installed I get the following error:

warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 37017186
Public key for gnutls-devel-1.4.1-3.el5_4.8.x86_64.rpm is not installed

Hmm. Some hunting around on Google and it’s not immediately obvious what the problem is. But here are a couple hints: (1) the first line is a warning, and isn’t where yum dies at. (2) the second line is one of the packages I’m trying to upgrade.

It turns out that the warning really is the key to the problem. A read through “man rpm” indicates that the RPMs I’m trying to install are signed, but the key to validate the signature isn’t present. (I would think of these as similar to x509 CA certificates, but GPG calls them public keys.) So OK, where do I get the key from? It’s already on my server in the /etc/pki/rpm-gpg directory, but the rpm command it hasn’t yet been told that it can use that key. To do that, run the command “rpm –import /etc/pki/rpm/gpg/RPM*” to import all the keys in that directory into the RPM database. Note that the “import” flag has two leading dashes, which is typically for an option with a long name. You probably need only the file “RPM-GPG-KEY-release”, so you can be more selective with the import if you wish. The rest of this article assumes you weren’t selective.

Keep reading “man rpm” in the section titled “Digital signature and digest verification”, and you’ll see that the key you just imported can be managed like an regular RPM. Do a “rpm -qa gpg-pubkey*” and you can see ones like the following:

gpg-pubkey-2fa658e0-45700c69
gpg-pubkey-37017186-45761324
gpg-pubkey-db42a60e-37ea5438
gpg-pubkey-897da07a-3c979a7f
gpg-pubkey-42193e6b-4624eff2

And do you see that one of these, “gpg-pubkey-37017186-45761324″, matches the “37017186″ back in the first warning at the top? Run yum again, and the updated RPMs get installed. Success!

Want to verify you got the right key installed? Treat it like an RPM.

$ rpm -qi gpg-pubkey-37017186-45761324
Name        : gpg-pubkey                   Relocations: (not relocatable)
Version     : 37017186                          Vendor: (none)
Release     : 45761324                      Build Date: Mon 10 May 2010 01:49:25 PM EDT
Install Date: Mon 10 May 2010 01:49:25 PM EDT      Build Host: localhost
Group       : Public Keys                   Source RPM: (none)
Size        : 0                                License: pubkey
Signature   : (none)
Summary     : gpg(Red Hat, Inc. (release key) )

Note that the version says “37017186″ (per the first warning above) and the summary says it is the release key (which comes from the filename /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release).

Want to clean up the other keys you probably don’t need? With names like “auxilary”, “beta”, and “former”, you probably don’t need them. Just keep the release key. So again, treat them like an RPM item:

# rpm -e gpg-pubkey-2fa658e0-45700c69
# rpm -e gpg-pubkey-db42a60e-37ea5438
# rpm -e gpg-pubkey-897da07a-3c979a7f
# rpm -e gpg-pubkey-42193e6b-4624eff2
# rpm -qa gpg-pubkey*
gpg-pubkey-37017186-45761324

Now you can cleanly accept signed release updates.

For my x86 machines at work, I’m all Linux. Frankly, I just don’t understand Windows Server. Yes, my laptop runs Windows because I have business apps that need Windows. But all the real work gets done by Linux or its Unix friends or mainframes. (I’m sure there are people who will disagree, but I digress). So when I got some surplus hardware that was a bit old, I wanted to put a 64-bit Linux OS on it, but wasn’t sure if the CPU was 64-bit capable. So how to tell? Some search results focused mostly on running Windows and looking at the Computer properties, but I’m not running Windows. Thankfully, there is an easy way. (Some people complain Unix is user-hostile. I think it is expert-friendly. But I digress again).

Get yourself a Live CD of your favorite distro. My current favorite is Fedora. A Live CD is a bootable CD that will let you run the OS without installing it on your hard drive. Yeah, when you shut down all the data is gone, and the Live CD does run slow, but it is a great tool for doing tasks like the following. Most Live CDs are 32-bit, but that is OK – you need the OS just to probe the hardware.

Get to a shell prompt and run the command “cat /proc/cpuinfo”. The proc filesystem is something I have come to love as I’ve learned more about Linux, but I digress yet again. The output of that command should look something like this:

[marcelk@alma ~]$ cat /proc/cpuinfo
processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 15
model name      : Intel(R) Core(TM)2 Duo CPU     E6750  @ 2.66GHz
stepping        : 11
cpu MHz         : 2000.000
cache size      : 4096 KB
physical id     : 0
siblings        : 2
core id         : 0
cpu cores       : 2
fpu             : yes
fpu_exception   : yes
cpuid level     : 10
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi
mmx fxsr sse sse2 ss ht tm syscall nx lm constant_tsc pni monitor ds_cpl vmx smx est tm2 cx16 xtpr lahf_lm
bogomips        : 5323.55
clflush size    : 64
cache_alignment : 64
address sizes   : 36 bits physical, 48 bits virtual
power management:

So out of all those lines, take a look at the one that says “flags:”. There are a bunch of codes there, the meaning for those codes is described in the file /usr/include/asm/cpufeature.h. The flag you want to see is “lm”. It’s an abbreviation for “long mode”, which basically means your CPU is x86_64 capable. So you can run 64-bit Linux, 64-bit Windows, or 64-bit whatever, even though you currently aren’t running it at the moment. If the “lm” flag doesn’t appear, then you have only a 32-bit CPU that can run only a 32-bit OS.

So yes, I can run 64-bit Linux on the computer above. And so… squirrel! … but I digress again.

I do admit that the headline of Google providing 1Gbps ISP service did catch my eye. Even though it is a “test” in selected markets, here are some thoughts:

1) Ooh! Pick my market! I have cable modem service from my local carrier. It’s $55/month for 3Mbs downstream and 300kbps upstream. It’s been pretty reliable. The downstream hasn’t been bandwidth to burn, but has been sufficient for most tasks. (I strongly confess that it is a miracle compared to narrowband). On the other hand, the upstream has been paltry. I can do only one VoIP call at a time, and any uploads to Flickr or similar grind everyone else in the home to a virtual halt. There definitely is a limit on how much I can backup to Mozy. I would love to have just 1Mbps upstream – it would make a huge difference. And even 10Mbps downstream would give me some buffer space. I don’t think anyone will be using 1Gbps anytime soon (remember the “640k is enough RAM for anyone” comment from Bill Gates?), but an honest 100Mbps I think is really the sweet spot. I’d be willing to pay $100/month for 100Mbps symmetric.

On a related note, the limited upstream bandwidth is a thorn in my side. I would love to see some competition come in and challenge the incumbent providers to rethink their bandwidth asymmetry. I do not engage in the transfer of bootleg content. I use Flickr and Mozy. Why must your upstream policy make that painful?

2) We are being seduced into a monopoly. Back in circa 1999 when we were experiencing Google Search for the first time and saying “ooh, aah”, I remember someone saying “Google will become the next Microsoft”. (Remember the lock Microsoft had back then.) I was thinking, “Are you serious?” Fast forward 10 years. They were right. It scares me that Google could potentially own everything from end to end. The OS (Chrome/Android). The servers. The applications. The content. The network. It reminds me of what IBM was pitching during that same period: one throat to choke: PCs, operating system (OS/2), network (IBM Global Network), servers, middleware. Except that IBM ended up selling off the resources that became commodity. And they were geared toward enterprise customers, not consumers. But things are a bit different this time around. The network is much improved. Interoperability has made great strides. Google has a chance to own it all. Unlikely, but possible.

I don’t think Google ultimately has the guts nor the palate to deal with supporting end consumers, whether it is a cell phone or an ISP or anything else that requires more than online help, such as driving a service truck to your house with a backhoe and a ladder. I expect they’ll take a few dips in the water and end up not liking it. But maybe they’ll take persistence lessons from Microsoft.

3) The network is the computer (ref). The technology has matured to a point where it starts to become possible to leave your data and your app in the cloud instead of on your local hard disk. Cloud computing will mature to the point where you can secure your data in a public infrastructure. And virtualization will become so commonplace that you’ll look back and say “I can’t believe we didn’t do this before now.”

So 5 years from now, the current major players will still be there, but in different positions, with different upward/downward trends. There will still be competition, great progress, new up-and-comers, a couple players gone, and great expectations for the following 5 years.

I received a new laptop recently. I was bothered when it would show a Windows blue-screen-of-death (BSOD) about once a day with a message about ati2dvag. This was a Lenovo Thinkpad W500, which has an ATI Mobility FireGL V5700 driver. And it seemed to occur when I was doing scrolling or window resizing.

Unfortunately, updating the video driver from Lenovo didn’t fix it. Even reloading the OS from a factory image didn’t fix it. As was pointed out by a friend, here is what to do: open the Catalyst Control Center program, go to the PowerPlay tab and disable PowerPlay. That’s it. It hasn’t had a BSOD since. Thank you Mike!

IBM Rational Application Developer (RAD) is an Eclipse-based IDE. I love using Eclipse and its derivatives. I recently got a new laptop, installed RAD 7.5 (I had been using RAD 7.0), and wanted to connect to our team’s svn repository. But RAD doesn’t have a native svn client. But not to worry, it’s Eclipse-based, we can get something working.

I settled on Subclipse, as it is relatively easy to get working. It would be nice if an svn client was natively included, but we can work around that.

First, versioning. From what I can tell by looking at the plugin version numbers, it appears that RAD 7.5 is based on Eclipse 3.4 which maps to the Eclipse version name Ganymede. So when you are looking at the subclipse web site, get the version of subclipse that can work in the Ganymede (3.4) version of Eclipse.

First, start up RAD and go to the menu “Help” -> “Software Updates” and click on the “Available Software” tab. Then click on the “Manage Sites” button. If you scroll towards the bottom of the list, you should see one titled “http://subclipse.tigris.org/update_1.2.x”. As of this writing, subclipse has version 1.6, which is what I use, check the subclipse site for more info. There isn’t a way to edit the 1.2 software site URL to make it a later version, so you’ll need to click “Add” to make a new one. Use the URL for the update site for the latest version of subclipse that runs on Eclipse 3.4, which as of this writing is “http://subclipse.tigris.org/update_1.6.x”. After you’ve added this URL to the list, check the box on its left, then click OK to get back to the “Available Software” dialog.

Now click on the plus sign next to the subclipse 1.6 entry and after a moment of “Pending” it should show you some entries. I got 3 and selected all 3 checkboxes. Then I clicked the “Install” button on the top right corner of the dialog. The screen capture below shows the plugins that those 3 selections installed. Give it a few minutes to install and restart.

Our svn server has only an ssh interface, so I have to use a repository URL in the form of “svn+ssh://”.

Martin Woodward provided some good help. What got me working the rest of the way was the following: go to the menu “Window” -> “Preferences” -> “Team” -> “SVN” and set the SVN interface client to “SVNKit (Pure Java)”. I didn’t need to install TortoiseSVN and set the environment variable for tortoisePlink as Martin describes, but TortoiseSVN is good to have around anyway.

Now go to the menu “File” -> “New” -> “Other” -> “SVN” -> “Checkout Projects from SVN” and enter your repository URL (mine is in the “svn+ssh://” format). If you don’t want to set up ssh keys, you will be prompted for your ssh password and that can be saved in RAD so you don’t need to enter it each time. And compared to the setup on my old laptop, I didn’t get a popup MS-DOS window for each svn transaction.

I originally had been using JavaHL instead of SVNKit as the interface client, and had been getting errors such as “Folder ” does not exist” and “can’t create tunnel”, which went away when I started using SVNKit. Perhaps if I used tortoisePlink with JavaHL it would work, but I didn’t try that. As always, it’s a community of us that helps us work through all of it.

Here is the IBM statement on software supported with RAD. Scroll down to the bottom to “Source Configuration Management”.

A friend showed me the following video, and I was laughing and nodding my head. Perhaps it’s because I’m in my 40′s and have seen change, and sometime find myself with the same whacked expectations that he talks about while forgetting what life used to be like. I hope you’ll laugh too.

My take on this is let’s not forget where we came from, not be self-centered, step back more to realize what an amazing world we live in, and recognize technology as an enabler and not as an end in itself. Lastly, let’s not make technology a requisite to make us happy. We can find happiness no matter where we are.