Mostly about my amusement

Year: 2011 (page 2 of 6)

Getting carried away!/cynthiaboaz/status/139599128601706496

This sort of statement is inflammatory and is just another false equivalency. Yes, UC Davis and other militarization of American Police is awful and frightening.

But OWS is not a revolution and people really aren’t dying here. Not liking the outcome of elections or how the democracy played out isn’t what’s happening in Egypt.

Occupy Wall Street is an valid and legitimate protest but it’s important to remember that it’s just a protest and nothing more. Wishing otherwise doesn’t make it so and getting past a fad is a tough thing to do.

I don’t like the Tea Party. I think that they simplify politics to the absolute lowest common denominator and their complaints can be summed up as “It’s all YOUR fault!” with the YOUR being whoever is the flavor of the week. And despite words to the contrary, they do bring out racist behavior.

That said, as an American I am immensely proud of the Tea Party method. They organize and they vote. I don’t like their intentions but they are using the system and are achieving their goal of changing what the elected officials do and say.

The Tea Party drives the Republican Party. Just look at the endless GOP debates. With the possible exception of Jon Huntsman, each one of those candidates is pandering to the radical right. Mitt Romney is struggling because he’s compromised in the past as any good leader should do.

If Occupy Wall Street wants to change the way the 99% are being used by the 1%, then they have to work within that system. We’re not Egypt and comparing the situation to Tahrir Square is disrespectful of those efforts. The OWS protests have shown that they can get lots of people together but can they accomplish change like the Tea Party does? That remains to be seen.

Another Olympus Trip 35 for me

Camera 360

Back in March 2011 I started taking photos with my newly acquired Olympus Trip 35 cameras. Since then I’ve taken hundreds of photos with them and even went to China with them.

In China I gave one of them to my wife’s cousin and he takes excellent photos with it. I kept the Tripman one and the oldest one is safely put away in the basement.

I broke the Tripman one. I had it in my bag last week and put the bag down hard. As soon as I did it I thought that’s it and I was right. The shutter is no longer working and the inside has something rattling around that I can’t locate. Taking it apart didn’t help and after a while I gave up.

So I went to plan B and ordered a replacement from Tripman and another one from an eBay seller. I’m back to having three functional cameras. The new Tripman arrived today and I’m planning on taking lots of photos this afternoon.

The eBay one came Wednesday and I’ve already shot a roll with it. If there are no light leaks and the photos are okay, then I plan to strip the leatherette and put on a different one. I’ll let the kids decide which color.

Once again, anyone considering a film camera should take a chance with eBay and get one. Thanks to eBay sellers I now have two working ones and each one cost me less that $40 each including shipping. The Tripman version is more money, but I got that one because it just works, has a warranty, and is really in great condition.

If you don’t mind spending a little more then you just can’t go wrong with Tripman. They’re great reconditioned models and they ship quickly.

As for the broken one, I’ve sent an email to Streetshooter in the UK to see what the backlog on his services are. Just because I can’t fix it doesn’t mean I want to leave it broken.

Google is my co-pilot

Google’s car navigation for Android phones is pretty good.

The majority of my work is 9 to 5 weekdays but when I need to make (fully approved, vetted, it’s-not-my-fault-and-I-won’t-do-it-again) production changes I have to wait for after 5 PM. Depending on the potential impact, I have to wait until Saturday. This weekend the group I work in was doing Big and Potentially Terrible Things™ and I was part of that.

Yesterday I left the house at 5 AM, drove to Queens and Chinatown to pick up 2 co-workers, and drove 2 and a half hours to Princeton, NJ. I got home after 8 PM. And I used the Google Maps Navigation for Mobile Beta (GMNMB?) as my tool to get there. I turned on Bluetooth (I was in the car), Wi-fi, and GPS and plugged my phone into the car charger. The cup holder doubled as my GPS mount.

My phone has GPS, Verizon assisted, and Google assisted location services and I turned it all on. I did not expect wi-fi to work exactly but I wanted to use that to narrow down my position. It worked fantastically and suggested routes that I would never have thought of. Before 8 AM the drive was uneventful and except for my pal who knew better, the navigation worked well.

When I drove home, instead of suggesting the painful Holland Tunnel to BQE which it did on the way there, it lead me to Staten Island and eventually to the Belt Parkway. It took me just 2 and a half hours to get home about 100 miles away.

Yes, that doesn’t sound breathtakingly fast but I drove through New Jersey, Staten Island, and Brooklyn on a Saturday evening. Fellow New Yorkers who drive will know what I’m taking about.

The map data does not live on my phone and it’s all downloaded and cached from off of the Internet. This entire solution is dependent upon good connectivity. If I were driving to a desert in Arizona then I would use a Garmin or TomTom. But for driving in a metropolitan area this solution can’t be beat.

Tabs and spaces

Self? Remember this:

tr 't' ' ' | sed -e 's/  */ /gp'

You’ll need it later.

At work I use bash, sed, [e]grep, cut, tr, and occasionally awk if I can’t get out what I need from the others. These aren’t used as scripts per se, just some tools I use to massage data.

Need that formatted, irregular, multi-line text file broken up and ripped into another format for processing? Sure, not a problem. Most people would (correctly) use PERL but I never got into it that much. I hardly ever get the same situation twice and deal with new data all the time.

But I do need to remove tabs and multiple spaces almost every time. While I always remember the tr part, I always need to rethink the sed regular expression. So here I am, writing a post to myself to keep it in my mind.

OK then, I can use Google+ now

That was quick. I’m now able to turn on Google+ on my Google App domain. If your Google Apps then try logging into your “Manage this domain” link, select “Organization & Users”, then Services. If the option is available you will be able to scroll down, find it, and turn it on. It’s that simple.

There caveats is that this looks like a work in progress. I’m not able to get Google+ working via my Android phone or either my wife’s iPhone or iPad. But the web page works fine and I’m able to login using my Google Apps account.

Now does anyone know how to get all their FaceBook friends to migrate to Google Plus? That’ll be a fun social engieering effort.

SNI on CentOS 5.6[7] with mod_gnutls

Edit: Geez. Since I set up this post, I noticed that the compaq8000.conf example was missing small bits like oh, the mod_gnutls parts. This update now contains the missing portion.

I’d read Ipstenu’s blog post “Request: Multiple Domains, One IP SSL Certificates” and thought that that shouldn’t be too hard. Simply put, this is a request for the configuration of an Apache web server to be able to distinguish between requested SSL sites but with only one IP address being used.

Virtual hosts on Apache is a real resource saver. With just one server you can have as many different websites and on this server I have at least 4 running. But in order to get it working Apache must support Server Name Indication. You can read up on SNI at Wikipedia for more details.

I use Ubuntu LTS because it’s got long term support and has features that I like. But I had previously been a RedHat user from RedHat 4.0 and on. Using RPM I would roll my own packages for work and hobby. How hard can it be to setup CentOS 5.6 on one of my spare PCs?

It turned out that that was sort of true for me and after some trial and error I got it working with gnutls. I’ve been using Ubuntu LTS for so long that my RHEL (CentOS) experience is dated. I was able to get multiple SSL based virtual hosts working on a CentOS 5.6 but that involved unwittingly updating to CentOS 5.7 without realizing it, and I also had to enable the CentOS testing repo.

Installing CentOS and add the testing repo

First get CentOS 5.6 installed. I have an old Compaq Presario 8000 in the basement for playing around so I torrented the CentOS 5.6 DVD and did a plain server install.

Once installed, I ran the following commands to bring the fresh installation up to speed.

yum update
chkconfig --add httpd
chkconfig --del iptables

That upgraded about 120 RPMs and took longer than the initial install but I was updated unknowingly to CentOS 5.7! The next 2 commands added Apache2 to be started up automatically and shut off iptables. I didn’t want to play with firewall rules and I set SELINUX=disabled in /etc/sysconfig/selinux.

My basement server is and I put in 2 names into my internal DNS server jan-basement and compaq8000. I created two new self-signed certificates for those two names and put the new files into the /etc/pki/tls/certs and /etc/pki/tls/private directories.

I could have rolled my own mod_gnutls RPM but I prefer to use packages created by CentOS. To do that I had to edit the /etc/yum.repos.d/CentOS-Testing.repo file and change enable=0 to enable=1.

[ c5-testing]
name=CentOS-5 Testing
# CentOS-Testing:
# !!!! CAUTION !!!!
# This repository is a proving grounds for packages on their way to CentOSPlus and CentOS Extras.
# They may or may not replace core CentOS packages, and are not guaranteed to function properly.
# These packages build and install, but are waiting for feedback from testers as to
# functionality and stability. Packages in this repository will come and go during the
# development period, so it should not be left enabled or used on production systems without due
# consideration.

See that caution? That’s the part that worries me because the c5-testing repo is where I found the mod_gnutls RPM. I believe using that RPM should be fine but check with CentOS support forums.

Install the mod_gnutls RPM and create configs

Once you enable that repo, perform the following commands as root:

# Install the mod_gnutls RPM via yum
yum install mod_gnutls
# Create the sym-link for the module
ln -s /usr/lib/httpd/modules/ /etc/httpd/modules/
# Rename the ssl.conf to ssl.conf-old. This will disable mod_ssl from loading.
mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf-old

Next up, create the configuration files and directories for your vhosts. I like to place my vhosts into /var/www/vhosts.

mkdir -p /var/www/vhosts/jan-basement
mkdir /var/www/vhosts/compaq8000

Create a conf file for each vhost and put these lines into them:


        ServerName compaq8000
        ServerAdmin webmaster@localhost

        DocumentRoot /var/www/vhosts/compaq8000/
        <Directory />
                Options FollowSymLinks -Indexes
                AllowOverride All

        ErrorLog /var/log/httpd/compaq8000-error.log

        LogLevel warn

        CustomLog /var/log/httpd/compaq8000-access.log combined
        ServerSignature On


	GnuTLSEnable on
	GnuTLSCertificateFile /etc/pki/tls/certs/compaq8000.crt
	GnuTLSKeyFile /etc/pki/tls/private/compaq8000.key

        ServerName compaq8000:443
        ServerAdmin webmaster@localhost

        DocumentRoot /var/www/vhosts/compaq8000/
        <Directory />
                Options FollowSymLinks -Indexes
                AllowOverride All

        ErrorLog /var/log/httpd/compaq8000-ssl_error.log

        LogLevel warn

        CustomLog /var/log/httpd/compaq8000-ssl_access.log combined
        ServerSignature On


I repeated the same with the other vhost but replaced the compaq8000 with jan-basement.

The RPM puts /etc/httpd/conf.d/mod_gnutls.conf with all the lines commented out. Rather than play with that file, I just created a small new file /etc/httpd/conf.d/fix-up.conf with these lines in it.

ServerName jan-basement
LoadModule gnutls_module modules/
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
Listen 443

You can probably leave out the ServerName and the NameVirtualHost on port 80. My home DNS is not a robust as it could be…

Now re-start httpd with a simple “service httpd restart”. If all goes well, and your DNS is setup correctly, then you should now have two virtual hosts that serve out the correct different SSL certs for each one,

You couldn’t get it working with mod_ssl?

I couldn’t get it working reliably. With initial installation of CentOS I was able to get Apache2 to reply back with the correct SSL certs. But after I tore it all down and re-did it again, I got inconsistent results. On my Ubuntu LTS servers (which this blog runs on) I had a similar issue and I think that’s why I use mod_gnutls today. It works reliably and I’ve had no issues with multiple SSL certificates on one IP address.


This worked out on my unused basement server but there are several concerns I have.

1. CentOS 5.6 updates to 5.7 (final) when I did yum update

That was a shock to me. I get that CentOS wants to keep things current but I had thought that I would be updating within the 5.6 branch. On my PC going to 5.6 may not be a big deal but if you run a VPS make sure you can restore you backup and check with your host provider. It should be fine but gotchas on production servers is a huge no-no.

2. Adding the CentOS Testing repository

The nice thing about using pre-made packages is that you don’t personally have to maintain them. If Apache2 gets an update will this RPM work continue to work? It depends on how the module is compiled. It might be safer to find a good mod_gnutls SRPM and keep that ready to be built a a just in case.

3. Backups are your friend

CentOS stores it’s Apache2 configs in /etc/httpd and before anyone tries this at a minimum they should keep fresh copies of that directory somewhere safe.

That seemed like a lot of work for your curiosity

Nah! While solving problems like this is part of my day to day work routine, this has always been my hobby. Some people work in their wood shop, I work on my software  configs and these sorts of problems are fun. And now I’m more up to date with CentOS as a result.

Doing this with Ubuntu LTS is much easier because the software is supported right out of the box. SNI on Ubuntu is just a matter of configuration and all the necessary software is part of the distribution. But if you are going to use CentOS and want SNI to work, then this could work out for you.

I want to use Google+ but can’t justify doing so

Like many people in my age group *cough* 40+ *COUGH!!* I rely on social websites such as Facebook and Twitter. Facebook lets me maintain a way to keep in touch with friends that I’ve not seen in years and Twitter permits me to follow the daily minutia of some really interesting people.

For me it’s a social phenomenon and totally kills the art of writing letters to friends. We’re all addicted to it on one form of another and technology has improved where our smart phones provides us easy two way access to this data.

I am a confirmed fan of Google. I want them to be successful and like that they try to compete in so many technological arenas. I migrated my email system to Google Apps because it provides such an easy way to manage my users. And I don’t have to stay up nights adapting strategies for combating SPAM.

All that said, I have no use for Google+. I’m a Google Apps user and have successfully migrated my Google access to the apps platform using my domain name. Google+ doesn’t permit that yet so I can either use a different account or pass on Google+.

I went through the exercise of using my apps account for all Google access. My Android phone is setup for it, my email, search history, Google Chrome, etc. In order to use the new social site I use another browser such as Internet Explorer. That’s not too cumbersome but someday they’ll sort out the access for people like me. I don’t want to maintain both accounts so here I am.

When Google+ supports app users, I’ll give it a serious look. But for now I’ll stick with Facebook.

See? Life does imitate art

I’m playing with the basement wireless AP when I saw this popup on Twitter.!/gothamist/status/123033078770835457

Which of course made me think about Support Your Local Sheriff.

Pa Danby: If that gun had gone off, it’d of blowed right up in my face.
Jason McCullough: Now it wouldn’t have done my finger a hell of a lot of good either, would it? What can I do for you, Mr. Danby?

Officer William Reddin blocked the hammer with his finger (good thing too!) and I am sure the real life situation was more intense than James Garner’s version, but still I got a giggle out of the headline.

We are your typical American consumers

Sometimes you plan on buying one thing and end up getting something slightly different.

As part of my job responsibility, I provide support after hours. It’s not something that happens frequently because the first and second level support is really good. If a problem is escalated to me during my personal time, I don’t question it because I am treated as a last resort.

Last month I had a problem that started at Sunday 5 PM-ish and lasted till just after midnight. My home office line is a pair of cordless phones with old batteries and they kept dying on me. The rotten phones only had speakerphone on the handsets and not on the base station!

That was last month. This past week Lily had all day meetings and was working from home. The same thing happened to her so today we got a replacement at Costco.

Her: That model has a base speakerphone and a total of 4 cordless phones.

Me: Yes, that’s true, but we’re looking for just one cordless phone and speakerphone base station.

Her: It’s $65.

Me: Yes, but it’s got three more phones. What are we going to do with the other three?

Her: It’s $65. On sale. Best Buy’s would probably be more expensive and this one is normally $80.

So we got this unit. it’s a discontinued AT&T phone but it works well. I’ve put the three spares in the kids bed rooms and the guest room. I haven’t said a word to the kids, I wonder how long it will be before they notice?

It’s a neat phone. I kept getting “Messages available” even though there was none on the base station. It was from Vonage; the phone got the message notification that I had messages and was letting me know. Cool! The old ones never did that.