Crumpled Thoughts

Normally I’m an early adopter of new Windows operating systems, but with Vista I’ve been slow to take the plunge. After running various beta releases and release candidates I was hesitant to use it on my ‘production’ computers. Well, I finally took the plunge last weekend and my work laptop is now running Vista business edition.

I’ve been getting really annoyed at how slow the Vista start menu is, navigating “All Programs”. I discovered a way to speed it up drastically. Customize the start menu and un-check “Highlight newly installed programs”.

The navigation will get much faster. Now if I can just figure out how to get the program folders to expand outside of the start menu, like Windows XP did by default.

I’m driving up to Portland, Oregon tomorrow to do an install for work on Friday. Oliver Russell & Associates is doing a major technology upgrade and we’re rolling out over eight terrabytes of storage in new servers at the Boise and Portland offices. This project has kind of been my baby, and the Portland piece is the final part. We’re implementing some cool new replication technology and linking the sites via a point to point T1. Exciting Stuff . Friday I get to set up the server in Portland and configure the Cisco routers between the sites. I’m hoping I don’t hit any major storms on the drive… I’ll be picking up some chains just in case before I head out of town. The forcast is a bit borderline… my route is the little red squiggle in the upper left.

A couple of months ago I started having some serious issues with my cable modem. The modem would randomly disconnect and reconnect throughout the day. I called my ISP, and they would tell me everything seemed fine. Then sent a guy to the house who redid some of the connectors on the outside of the house, but it did not help at all.

In a fit of frustration, after it had done this ten times in a 30 minute period, I ran off to Walmart and bought a new modem. Things seemed to be better for a couple weeks, then it started again. When the cable company was of little help, I found that Motorola modems provide some data through a web interface at http://192.168.100.1. I started plotting graphs of Power Level, and Signal/Noise ratio using rrdtool. I was hoping to find a correlation between the disconnects and these values. Today I was looking at the graphs and noticed a strange boost in the upstream power level:

I’m not sure what these values mean, but I would think that higher is better. I didn’t notice any disconnects during the period of improved upstream power level. Anyone know what these values mean?

Well, I’m waiting for the folks at Jiffy Lube to change my oil, and the Treo is really helping pass the time. I’ve caught up on unread email, read Jason’s latest blog post, and checked Slashdot headlines.

I really like this device. It’s not nearly as bad as a phone as I was afraid it would be. I’ve been able to be much more reponsive to email than I was without it.

Now, all of the little breaks in my day I can use productively. Filling up the car with gas, bathroom breaks, smoke breaks, and waiting rooms are all productive. Now, when I get back to the office I don’t have to spend 30 minutes catching up on email… I can get right to work.

One of the clients I work for has a Mac OS X server which handles most of the file shares on the network. They have two internet connections, one on their T1, and a secondary DSL connection for redundancy. The Mac OS X server has two network interfaces; one with an internet IP (behind a BSD firewall) and another on the private network. The default gateway on the Mac server is on the internet interface, and a seperate router on the internal network routes traffic to 5 local IP subnets for remote offices, and co-located servers.

Since the default gateway points to the internet, routes have to be added for the four other local subnets to send traffic for those subnets to the router on the internal network. These routes need to survive a reboot— they need to be persistent.

On a Windows box it is simple to add a persistent IP route. Along with your ‘route add’ command, you add a ‘-p’ to make it persistent. Easy enough. Not so simple on Mac OS X. On Linux you could just add the ‘route add’ statements to the /etc/rc.local file and they would be executed at startup, effectively making them persistent. Easy enough. This is not so easy on Mac OS X… but I found a way to do it.

Let me add my standard disclaimer that you do this at your own risk. I won’t be held responsible for any trouble you experience trying to do this. It is working great for me though

Open up terminal, and switch to the root user:

sudo su -

You’ll have to type in your password, and have ‘Administer the Server’ rights.

Change to the /Library/StartupItems directory

cd /Library/StartupItems/

The way I created my script was by copying one that was created by a MySQL 4 installer. You should be able to copy any of the directories in /Library/StartupItems to give you a starting point. Just substitute the one you’re using where you see me use ‘MySQLCOM’.

cp -rp MySQLCOM PersistentRoutes

Now change to the PersistentRoutes directory.

cd PersistentRoutes

If you list the contents of this directory you should see two files, one named for the service you copied, and StartupParameters.plist. We need to rename the service you copied to ‘PersistentRoutes’

mv MySQLCOM PersistentRoutes

Now we edit PersistentRoutes with your favorite text editor… mine’s vi.

vi PersistentRoutes

Go ahead and empty the file. If you’re using vi type ‘1000dd’ (no quotes) and it will delete 1000 lines. That should empty it . This is the contents of my PersistentRoutes file:

#!/bin/sh
. /etc/rc.common
ConsoleMessage "Adding Persistent IP Routes"
/sbin/route add 10.0.0.0/24 10.1.2.1 #Route to Boise Colo Facility
/sbin/route add 10.1.3.0/24 10.1.2.1 #Route for SonicWall L2TP Group VPN
/sbin/route add 10.1.4.0/24 10.1.2.1 #Route to Portland Office
/sbin/route add 192.168.69.0/24 10.1.2.1 #Route to Chris' House 

Save, and exit your text editor. ‘:wq’ in vi (write, quit)

Now we need to edit the StartupParameters.plist. Mine looks like this:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC “-//Apple Computer//DTD PLIST 1.0//EN” 
“http://www.apple.com/DTDs/PropertyList-1.0.dtd”>
<plist version=”1.0″>
<dict>
        <key>Description</key>
        <string>Persistent Routes for VPN Tunnels</string>
        <key>OrderPreference</key>
        <string>Last</string>
        <key>Provides</key>
        <array>
                <string>PersistentRoutes</string>
        </array>
        <key>Uses</key>
        <array>
                <string>Network</string>
                <string>NetworkExtensions</string>
        </array>
        </dict>
</plist>

That’s it! Now your routes will be added when you reboot. Need to add a new route?.. manually add it from the terminal using ‘/sbin/route add…’ then update the /Library/StartupItems/PersistentRoutes/PersistentRoutes file. Easy!

Hope this helps someone. It was causing me a bit of aggravation. Perhaps someday Apple will make this a bit easier. Use ‘netstat -r’ to display your routing table.

Cheers,
Chris

Today I had to set up a Treo 650 to access a user’s Exchange mailbox over the web. I did not imagine it would be as difficult as it turned out to be.

At this site we run a Linux router/firewall that handles all traffic coming into, and leaving the network. We use Apache’s mod_proxy to proxy web connections from the internet to IIS servers on the private network. Having had more than a couple 36+ hour days cleaning up viruses due to exploited IIS servers, I feel much more comfortable having Apache handle the web requests.

One of the “Gotcha’s” to using mod_proxy is that you have to disable “Integrated Windows Authentication” on any sites you proxy with Apache. Apache doesn’t understand the headers involved. No big deal, because these requests are typically coming from the internet over SSL.

I started the setup at about 12:00 noon today. The first thing I did was add the following bits of code to the Apache configuration file to Proxy the ActiveSync connections:

#ActiveSync
ProxyPass /Microsoft-Server-ActiveSync https://webmail.example.com/Microsoft-Server-ActiveSync
ProxyPassReverse /Microsoft-Server-ActiveSync https://webmail.example.com/Microsoft-Server-ActiveSync

I then put the appropriate settings into the Treo, and tested connectivity. This is where things started to piss me off.

The software on the Treo has terrible, non-intuitive error codes. The documentation is even worse. This is what I discovered (over about 4 hours of trying to get it to work):

• For the ProxyPass directives to work, you can not use Integrated Windows Authentication on the IIS site.
• For the Treo VersaMail app to use Exchange ActiveSync it must use kerberos authentication, which requires enabling Integrated Windows Authentication.
• Palm’s software engineers don’t really give a shit whether the error message you get is in any way helpful, just as long as you understand it’s not working.

So the thing that sucks about this is that we run “stuff” on the gateway which requires us to use Apache on Linux. It provides remote access for employees through a web interface, and dynamically modifies iptables firewall rules when folks need access.

This was my fix, which I think is as good of a fix as is possible.

• Exported the IIS web site that handled OWA, OMA, and ActiveSync to a file.
• Created a new web site from the exported file.
• Changed the TCP ports for HTTP and HTTPS to obscure, high ports.
• Modified the document root on the IIS site, as all the magic happens in Virtual Directories.
• Requested/Installed a new SSL certificate from an internal enterprise CA with a common name matching the internet FQDN.
• Enabled “Integrated Windows Authentication” on the “Exchange” virtual directory in this new web site.
• Forwarded the obscure, high SSL port from the firewall into the Exchange server.

Now the Treo works… just had to set the obscure high port in the advanced settings on the Treo. I didn’t want to go down the forwarded port road, because it seems like a compromise in security. All too often I see people bypass security measures in order to get things to work, and I hate it. This seems like a small compromise I’ll have to settle for.

Got a better solution? Let me know.

-Chris

It’s Sunday night and we’re back in Boise. McCall was really nice, even though it was a bit chilly at times. Paula & Kairi went up to McCall with Paula’s parents last Monday… and I joined them Wednesday afternoon. I took three days of vacation from work and it felt really nice. My boss insisted that I leave my cell phone and laptop in Boise to make sure I had a true vacation. Last year at this time I kept my laptop on a constant VPN connection to the office to monitor email and stay in touch. This year I cheated once and checked my email Thursday night.

It’s funny… I need an internet connection to stay sane. If I’m without internet access it feels like being without electricity. I use the internet for everything. I haven’t opened a phone book in probably 4 years, when my cable internet access was down and I needed the number to call the cable company. I order pizza online, bank online, shop online, pay bills online, get movies, books, and software online. For better or worse I need internet access, and it has to be fast.

I saw a job posting for an IT position at the Tamarack Resort in Donnelly Idaho and just about sent a resume over. Then I thought about how internet access in Donnelly would probably be. I’m thinking slow, with frequent outages. I couldn’t handle that. It would kill me.

So, we’re back in Boise. As much as I’m not looking forward to going in to the office in the morning, it was great to get home to my cable modem. Downloaded a movie to watch tonight… transferred a full DVD in 4 hours. If you haven’t seen Failure to Launch, I recommend it. It wasn’t the typical Matthew McConaughey chick flick. It got terrible reviews, but I really enjoyed it.

Anyhow… I guess I’m rambling at this point, better go unpack

I’ve got a few upcoming web projects that I need to get cranking on. My PHP skills are a little rusty right now (as typically happens when I don’t touch PHP for several months). I watched a super cool demo of Ruby on Rails about 6 months ago and got really excited. Ruby on Rails makes the claim of cutting development time by a factor of 10 for web applications.

The problem is that I don’t feel like learning an entirely new language (Ruby). I’ve gone through some tutorials and kept thinking “I wish I could do this with PHP.” Well, it turns out you can.

CakePHP is an open-source web framework written in PHP. It uses the same MVC framework that Ruby on Rails uses, and does it all in PHP. I’ve watched some of the demos, gone through some of the tutorials, and feel much more at home with it. The biggest challenge I am having is wrapping my head around the whole MVC thing. I can see how it really simplifies things, but it is taking some getting used to.

By this time next month I hope to have two projects completed; one for my Mom, and one for Paula. Then there’s a bigger project (for myself) I’ve been dying to get underway once I’m more comfortable with CakePHP.

“Broken” is a harsh word, but it is the only way I can describe how Apple’s iTunes handles m3u playlists. My music library is over 108 gigabytes. 21,192 songs, a play length of 61 days, 16 hours, and 47 minutes. That is a lot of music to manage. I use gnump3d as the interface to listen to my music from any internet connected computer, and at home. It works swell.

I’m a long time winamp user. On Windows, Winamp + gnump3d is great. When I’m running on Linux, XMMS + gnump3d is great. Even running it on a friend’s computer with IE & Windows Media Player it works great. So why do I care about iTunes?

Apple has a really cool device™ — The Airport Express. You can plug the airport express into your stereo an send music to it over the lan (using a wired or wireless connection) using iTunes. It is so much more elegant than hooking your stereo to your computer’s audio port because only the music is sent to your stereo. Other sounds such as new mail notifications or annoying web page audio remains on your local speakers— rather than disrupting your tunes.

Now, with the 6.3 firmware update for the Airport Express (released on January 3rd) and iTunes 6.0.2, you can send music to multiple basestations. You could have 3 Airport Express basestations connected to 3 different stereos thoughout your house and send the same stream to all of them. Not only would your music distribution rock— you would have one kick-ass wireless network.

Now, back to the “broken m3u support” in iTunes. m3u is an audio playlist format, which originated with winamp for mp3 files, and is now widely adopted in many programs. It is basically a file which contains a list of audio files to play in sequence. gnump3d sends m3u playlists of albums, or custom playlists to the browser, which then hands them off to the default application for handling m3u files so you can rock. Pretty much every other application that supports m3u playlists will then parse the lists, and play the files in sequence. Apple’s iTunes takes the m3u playlist separates all of the entries in it, and adds them to the music libabry independantly. This behavior sucks. It makes it a huge pain in the ass to listen to a playlist in iTunes.

I had almost given up on using iTunes, until I came across this. The folks over at iTweaks.com have released a utility called M3U2iTunes, which is a helper application which overcomes the problems iTunes has with m3u playlists. It is available for both Mac & PC. Thank God for independent hackers who come up with easy solutions to serious problems.

-Chris