Feeds:
Posts
Comments

Archive for the ‘Pointers’ Category

Mail Coloring

I deal with a lot of email in a day, and I’ve always been a huge believer in using the power of a computer to make life easier by automating the prioritization and triage of material to my attention. Surprisingly to most people though, I don’t have that many mail client rules that automatically folder messages based on the subject or what not. I proactively make sure that I’m only subscribed to lists that actively deliver information I’m interested in and that are time-sensitive. If a message is of low-enough importance that I can automatically file out of my inbox then its low-importance enough to ignore completely.

The one type of mail filter I do use actively is the (I believe) little-used capability in most mail clients to automatically apply colors/labels to messages matching certain criteria. Receiving well north of a hundred or more real emails a day, automatically highlighting messages that are specifically to me is a very effective way to triage things that probably need a more urgent response than the latest “There’s a car with its lights on” message.

I use Green to symbolize messages where I’m in the To: field, Blue for messages where I’m Cc’d, and Purple (a new one) for messages to mail aliases where I am the primary responder. Anything in black was to a group list and is (likely) of lower priority.

Enabling this feature is different on each mail client, but I know its easy to do on OSX Mail.app and Entourage, and I even originally learned this trick on Unix Pine (actually using a + and a – next to messages to annotate if I was on the To: or Cc: list.

Read Full Post »

Movies To Go

When I go through these long travel periods for work, I like to be able to take some brainless entertainment with me on the road. Not having Tivo to go, and not willing to pay $8-$12 blood money for a pay-per-view movie. My friend aaron had the good idea of taking ripped DivX-encoded movies on his laptop when he was out of town for a long time. I figured that this would be a perfect way to work through a lot of the Netflix queue (I’m not in to the whole .torrent piracy aspect).

So I downloaded mplayer and mencoder for my PowerBook and started ripping. At about 600 megs per movie I’m able to fit 6 or so full-length features in the normal amount of extra space that I have (I carry around a lot of music as well). The biggest problem I had those was with the playback, that mplayer very often couldn’t keep up with the video and the sound/motion would always get out of sync. So badly sometimes that if I was using my laptop at the same time I was watching a movie I’d just give up on watching anything and listen to the audio only.

Along comes VLC (Versiontracker page), a fantastic playback device that so far has been rock-solid for my on whatever I watch. So now I’m totally happy with this setup and thought it would be a worthwhile suggestion to make.

Read Full Post »

(I had this buried in a pile of electronic notes I was cleaning up…I think it’s originally from our Resomp days. Anyways, it has been useful to us in the past, so I thought maybe it would be useful to others in the future. Updates to me.)

These are rough and ready notes on how to create your own cert-signing CA for use with OpenSSL so you can do limited generation of site-specific certs:

Why?

Basically, to save yourself some cash. While there are many
real certificate authorites (Verisign and Thawte being two
common ones… check your browsers certificate signer list for
more), they all charge you money in order to sign your SSL
certificate. While it is important to have your site
certificate signed by a trusted authority if you are running an
online business, it is less important if you are simply
concerned about password and account security and would like to
have services such as imaps (SSL secured IMAP) and https (SSL
secured HTTP). It is for these people that this HOWTO is
written.

Software

I used the OpenSSL package, available from
http://www.openssl.org. Be aware that if you use this package
in the USA, you need to obtain and install the RSAREF toolkit,
in order to be complient with silly US patent laws. The rest of
this HOWTO assumes that you are using this package.

Configuring OpenSSL

We use a homerolled packaging system called /opt. It works
pretty well with apps that use Autoconf, but OpenSSL doesn’t,
so here’s what you have to do:
./Configure --openssldir=/opt/openssl-0.9.3a
linux-elf

will configure it properly. the --prefix flag
doesn’t do the Right Thing. After installing, move all programs
in the misc subdir into bin, and make a symlink from the
openssl binary to ssleay for backwards compatability.

Now, you have to configure the openssl.cnf file, and setup
your CA. Make the following changes to the openssl.cnf,
replacing CA_rescomp.berkeley.edu with your own CA name.

    set default_ca to CA_rescomp.berkeley.edu
        change [ CA_default ] to [ CA_rescomp.berkeley.edu ]
        set dir to /opt/openssl/CA_rescomp.berkeley.edu
    set countryName_default = US
    set stateOrProvinceName_default = California
    set localityName_default = Berkeley
    set 0.organizationName_default = Office of Residential Computing, UC Berkeley
    uncommented keyUsage
    uncommented subjectAltName
    uncommented issuerAltName
    uncommented keyUsage under [ v3_ca ]
    uncommented [ v3_ca ] subjectAltName and issuerAltName
    uncommented [ crl_ext ] issuerAltName

mkdir /opt/openssl/CA_rescomp.berkeley.edu, and chmod 700.
Then, edit the CA.pl and change the $CATOP variable to point to
./CA_rescomp.berkeley.edu”

Setting up your very own CA

Run CA.pl -newca. Hit Enter to create a new CA,
and enter a signing passphrase. THIS IS VERY IMPORTANT! If this
signing keypair is lost or compromised, then all of the keys
that you have signed are also compromised. Accept all of the
defaults (which you setup in your openssl.cnf), and use
ca@yourdomain.com as your email addr. (Be sure that
ca@yourdomain.com actually points to someone useful, as this is
where certificate requests will go). It is
very
important to protect the CA_rescomp.berkeley.edu
directory. Ideally, it should be stashed on a floppy somewhere
safe, and only taken out when needed to sign new certificates.
If this directory is compromised, you’ll need to start all
over, and invalidate all of your certs that have been signed
with your CA. This sucks, so don’t let it happen to you.

Now, you need to put your CA’s public key in your SSL key
database. For example, I setup all of my SSL enabled tools
(stunnel and mod_ssl) to use /opt/openssl/ca-certs. The odd
looking symlink is the x509 hash, which is a unique identifier
stored in the client certificate, which allows the server to
locate the proper signing authorities key.

mkdir /opt/openssl/ca-certs
cp CA_rescomp.berkeley.edu/cacerts.pem ca-certs/rescomp.berkeley.edu.pem
cp -a src/certs/* /opt/openssl/ca-certs
cd ca-certs
ln -s rescomp.berkeley.edu.pem $(openssl x509 -noout -hash < rescomp.berkeley.edu.pem).0

Now your’ve got your Certificate Authority up and running.

Stunnel Certificates

openssl req -new -keyout imapd.pem -out imapd.pem -nodes
openssl ca -policy policy_anything -out imapd.cert.pem -infiles imapd.pem
cat these files together (cert then key)

mod_ssl Certificates

generate as above
common name is the FQDN of the webserver
cat them together (cert then key)

To add the CA to Netscape

add to the httpd.conf
    AddType application/x-x509-ca-cert cacert
cp CA_rescomp.berkeley.edu/cacert.pem to a web accessible place

To create client certificates for Netscape

openssl req -new -keyout username.key.pem -out username.pem
openssl ca -policy policy_anything -out username.cert.pem -infiles username.pem
openssl pkcs12 -export -in username.pem -inkey username.key.pem -certfile /opt/openssl/ca-certs/rescomp.berkeley.edu.pem -name "username@rescomp.berkeley.edu certificate" -out username.p12
Import into Netscape

To create client certificates in Netscape

setup html and cgi files
get cert request in /opt/apache/data/cert-reqs/filename.random
openssl ca -policy policy_anything -spkac clireq1234.1234565773 -out signed1.cert
Added to httpd.conf
    AddType application/x-x509-user-cert cert
cp signed cert to filename.cert and download in Netscape

Read Full Post »

Maybe I’m lame and behind the curve, but I’ve just discovered that as I’m Cmd-Tabing through apps on OSX I can hit Q or H to quit or hide things that don’t have the focus. Nice for brow-beating things like Meeting Maker in to disappearing since it doesn’t support the standard Cmd-H when it has the focus.

Read Full Post »

A couple of weeks ago I picked up a couple of Western Digital 2000JB drives at Fry’s for about $80 after rebate (200GB, 7200 RPM, 8MB cache). I already encased one into an external housing for various purposes. The second I set aside for putting in my home firewall/server machine, which I’m rebuilding out of my old DEC/Compaq dual-PII/233 desktop workstation; getting rid of the old P90, switching from FreeBSD to Debian Linux, trying to clean some old cruft up in general.

After cleaning out a few colonies of dust bunnies from the case and installing the new drives, I booted from CD and installed Debian woody. Created an ext3 filesystem across the entire big drive, mounted it, and started copying 60 gigs of MP3s over…only to realize that the total space on the drive was 137GB.

Numerous web searches revealed that there is an IDE limitation where older drives used 28-bit(!?!) addressing. It appeared that I might have to buy a new motherboard, an Ultra133 IDE controller, or possibly write off the last 63 gigs of space. Due to my desire not to spend much money on this project I think number three was my preferred option, but I there was some hope in more recent Linux kernels that had support for the new 48-bit(!?!) addressing standard for REALLY BIG IDE DRIVES.

Yay, it works! Turns out that Debian woody ships with kernel 2.4.18, and the patches didn’t go in until 2.4.19. I installed an SMP 2.4.26 image from backports.org, rebooted, and it recognized the full drive capacity right off the bat.

So, in short, don’t run out and buy new hardware if you can’t fully read your new drive. It might just take a simple kernel upgrade.

Read Full Post »

I had no idea how dependant I’d become on my Mac until I was without it for more than a week. I can get day-to-day email done using X on my Linux desktop, and I can run Windows under VMware when I have to access an Office file. But I can’t be really productive without things like OmniGraffle and the interface that JUST MAKES SENSE. So, since we don’t really have any spare Macs around the office and Alexis would kill me if I took over her machine for nefarious work purposes, I had to think of something a little more workable.

Last week I got a good-quality Western Digital 200GB hard drive from Fry’s (for like eighty bucks!), then I ordered a USB 2.0/Firewire enclosure from DigiSuperStore.com to put it in. Right now I’m installing Panther across the whole drive and a few of the can’t-live-without applications that I need. I’ll use the disk as a backup target when I (finally) get my Powerbook back so that if something goes wrong again I’ll be able to boot the disk off of any old Mac, restore from the latest backup, and continue working as before…without disturbing whomever is kind enough to loan me their machine (right now I’m borrowing a five year old G3 iMac from one of my co-workers.

Hopefully the plan works well. At least I’ll have a massive disk to organize some of my data, and create offline backups of important items. One hint I noticed though was that since I installed on a very barebones iMac the OS didn’t have drivers for more modern parts in the iBook/PowerBook line like Airport cards. I’m sure there’s something I could have done to upgrade the drivers, but since I had little invested I just decided to re-install the disk connected to my wife’s iBook.

Big external firewire drives are useful, let’s hope this plan works.

Read Full Post »

I’ve got a lot of pictures from the wedding that I want to get real prints of. I’ve tried a few of the different online printing services in the past but I’ve never compared them side-by-side, and I couldn’t find a review that covered the services I was interested in. I picked a handful of different images and sent them off a few days ago. I wanted to test to following services:

  • Apple – The default out of iPhoto
  • Shutterfly – Direct printing from Gallery
  • Ofoto – The rumored quality leader, and a fellow E-ville company (I’ve got a few acquaintances there)

For this test I selected a number of pictures from the shots that our friends took with their digital cameras, a mix of outdoor and indoor pictures, and sent a similar combination to each service.

A note on Costco digital printing: I loaded a set of images on to a CF card and took them in to print at Costco since they could very well be the dark horse of the race with the lowest prices overall. However, even after I asked the people behind the counter if there was anything else to do I apparently missed an undocumented last step of filling out a photo envelope and pre-paying for your prints. Since the people behind the counter when I tried to pick them up were real assholes when I suggested they might want to PUT UP SIGNS OR SOMETHING. Costco gets disqualified on two counts.

Ease of Use

Apple’s option is of course the easiest service to use since you can print directly from iPhoto. The web-based services Ofoto and Shutterfly had comparably easy web sites to navigate. For the rare cases when you need to do a bulk upload, the Ofoto client is quite useful.

Print Quality

The final results were surprisingly varied. Hands down, Ofoto had the best quality; I’ve always been a fan of Kodak film now I’m a fan of Kodak paper. Apple had close quality, but the exposure was a little off. It appears that they are using the same Kodak equipment as Ofoto, but maybe not calibrated as well. Shutterfly had some noticable color problems. Fields of lawn looked a little bit like green slime. They were also not quite as sharp as the Ofoto prints.

Price/Performance

Service 4×6 Price Shipping Quality Notes
Ofoto 0.29 1.49 Best 10 free photos for sign-up, numerous specials
Apple 0.39 2.99 Better
Shutterfly 0.25 1.49 OK 15 free photos for sign-up, cheap prices require purchasing in bulk

Clearly, Ofoto is the winner in this round-up, the best quality with pretty much the lowest price. They also run a number of specials (10 free prints here, 20% off there, etc), so it’s worth clicking around on their site.

After spending three hours at Aaron Brothers yesterday getting frames and albums, it’s time to get a pile of prints made and start laying out some memories!

Read Full Post »

Older Posts »