Mostly about my amusement

Category: Cool (page 5 of 11)

(Was) Microsoft Touch Mouse

For years I’ve been using the Logitech MX Revolution mouse and it’s gotten long in the tooth. The pointer would stutter, the mouse buttons wouldn’t click, the click would release at the worst time, etc.

I could read the signs and it was time for it to go.

I was leaning towards getting the Performance Mouse MX but I figured I’d give Microsoft a shot and picked up the Touch Mouse. Naturally I got the “artistic” version. Both versions are expensive.

The Touch Mouse is supposed to be the Microsoft version of the Magic Mouse. The materials are nowhere near Apple standards but it’s a good plastic attempt. The ergonomics are acceptable and it’s comfortable to use. I prefer to be able to rest my hand on the mouse and it’s just the right size.

There is just one little drawback. It really only has one physical button so mouse button combinations are not doable. When you want to right mouse click you need to lift your finger off of the left side and there is no middle button. This is not really a problem and I’ve been using the Apple Magic Mouse like this for a long time. By installing AutoHotkey I’ve already started making macros for Apple like mouse-keyboard combinations.

I’m bringing this up for one reason. In FPS games, I frequently press and hold down the right mouse button to zoom into my target while pressing the left button to fire. This is a good strategy while hiding behind cover.

. . .

Okay, that will take some getting used to. I’ve already mapped the right mouse button to the left control in one game and with a little practice I’ll be back to normal. It’s a good thing I haven’t purchased MW3 yet.

Update the very next day: I returned the Microsoft Touch Mouse to Best Buy and picked up the Performance Mouse MX. It’s on sale and the price now matches the Touch Mouse. It was the buttons or lack of buttons that made me do it; this is not a mouse for anyone who plays games.

Now validated with StartSSL

So while I was putzing around with my SSL sites and getting some grief with mod_gnutls, I realized that my life really would be much easier with a valid wildcard SSL cert.

So naturally I went to StartSSL and went through the process for a Class 2 Validation. I had meant to do it for a long time and have been using their free Class 1 certificates for ages.

The process was easy and once I logged in, I uploaded some documentation and waited for the administrative work to complete. I used PayPal and shortly afterwards I received a phone call from Startcom. It was Eddy Nigg personally calling me to ask me the control questions.

I couldn’t help myself and I laughed out loud. I have been long admiring what he and his company have been doing with affordable SSL certs. I regard what other CAs charge as quite a successful scam and StartSSL’s efforts have been well on par with the other “Big names”.

So now I’m successfully validated, using a wildcard SSL cert for my entire domain, and I am officially a satisfied customer. I can’t recommend them enough.

OK then, I can use Google+ now

That was quick. I’m now able to turn on Google+ on my Google App domain. If your Google Apps then try logging into your “Manage this domain” link, select “Organization & Users”, then Services. If the option is available you will be able to scroll down, find it, and turn it on. It’s that simple.

There caveats is that this looks like a work in progress. I’m not able to get Google+ working via my Android phone or either my wife’s iPhone or iPad. But the web page works fine and I’m able to login using my Google Apps account.

Now does anyone know how to get all their FaceBook friends to migrate to Google Plus? That’ll be a fun social engieering effort.

SNI on CentOS 5.6[7] with mod_gnutls

Edit: Geez. Since I set up this post, I noticed that the compaq8000.conf example was missing small bits like oh, the mod_gnutls parts. This update now contains the missing portion.

I’d read Ipstenu’s blog post “Request: Multiple Domains, One IP SSL Certificates” and thought that that shouldn’t be too hard. Simply put, this is a request for the configuration of an Apache web server to be able to distinguish between requested SSL sites but with only one IP address being used.

Virtual hosts on Apache is a real resource saver. With just one server you can have as many different websites and on this server I have at least 4 running. But in order to get it working Apache must support Server Name Indication. You can read up on SNI at Wikipedia for more details.

I use Ubuntu LTS because it’s got long term support and has features that I like. But I had previously been a RedHat user from RedHat 4.0 and on. Using RPM I would roll my own packages for work and hobby. How hard can it be to setup CentOS 5.6 on one of my spare PCs?

It turned out that that was sort of true for me and after some trial and error I got it working with gnutls. I’ve been using Ubuntu LTS for so long that my RHEL (CentOS) experience is dated. I was able to get multiple SSL based virtual hosts working on a CentOS 5.6 but that involved unwittingly updating to CentOS 5.7 without realizing it, and I also had to enable the CentOS testing repo.

Installing CentOS and add the testing repo

First get CentOS 5.6 installed. I have an old Compaq Presario 8000 in the basement for playing around so I torrented the CentOS 5.6 DVD and did a plain server install.

Once installed, I ran the following commands to bring the fresh installation up to speed.

yum update
chkconfig --add httpd
chkconfig --del iptables
reboot

That upgraded about 120 RPMs and took longer than the initial install but I was updated unknowingly to CentOS 5.7! The next 2 commands added Apache2 to be started up automatically and shut off iptables. I didn’t want to play with firewall rules and I set SELINUX=disabled in /etc/sysconfig/selinux.

My basement server is 192.168.1.9 and I put in 2 names into my internal DNS server jan-basement and compaq8000. I created two new self-signed certificates for those two names and put the new files into the /etc/pki/tls/certs and /etc/pki/tls/private directories.

I could have rolled my own mod_gnutls RPM but I prefer to use packages created by CentOS. To do that I had to edit the /etc/yum.repos.d/CentOS-Testing.repo file and change enable=0 to enable=1.

[ c5-testing]
name=CentOS-5 Testing
baseurl=http://dev.centos.org/centos/$releasever/testing/$basearch/
enabled=1
gpgcheck=1
gpgkey=http://dev.centos.org/centos/RPM-GPG-KEY-CentOS-testing
# CentOS-Testing:
# !!!! CAUTION !!!!
# This repository is a proving grounds for packages on their way to CentOSPlus and CentOS Extras.
# They may or may not replace core CentOS packages, and are not guaranteed to function properly.
# These packages build and install, but are waiting for feedback from testers as to
# functionality and stability. Packages in this repository will come and go during the
# development period, so it should not be left enabled or used on production systems without due
# consideration.

See that caution? That’s the part that worries me because the c5-testing repo is where I found the mod_gnutls RPM. I believe using that RPM should be fine but check with CentOS support forums.

Install the mod_gnutls RPM and create configs

Once you enable that repo, perform the following commands as root:

# Install the mod_gnutls RPM via yum
yum install mod_gnutls
# Create the sym-link for the module
ln -s /usr/lib/httpd/modules/libmod_gnutls.so /etc/httpd/modules/mod_gnutls.so
# Rename the ssl.conf to ssl.conf-old. This will disable mod_ssl from loading.
mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf-old

Next up, create the configuration files and directories for your vhosts. I like to place my vhosts into /var/www/vhosts.

mkdir -p /var/www/vhosts/jan-basement
mkdir /var/www/vhosts/compaq8000

Create a conf file for each vhost and put these lines into them:

<VirtualHost 192.168.1.9:80>

        ServerName compaq8000
        ServerAdmin webmaster@localhost

        DocumentRoot /var/www/vhosts/compaq8000/
        <Directory />
                Options FollowSymLinks -Indexes
                AllowOverride All
        </Directory>

        ErrorLog /var/log/httpd/compaq8000-error.log

        LogLevel warn

        CustomLog /var/log/httpd/compaq8000-access.log combined
        ServerSignature On

</VirtualHost>

<VirtualHost 192.168.1.9:443>
	GnuTLSEnable on
	GnuTLSCertificateFile /etc/pki/tls/certs/compaq8000.crt
	GnuTLSKeyFile /etc/pki/tls/private/compaq8000.key

        ServerName compaq8000:443
        ServerAdmin webmaster@localhost

        DocumentRoot /var/www/vhosts/compaq8000/
        <Directory />
                Options FollowSymLinks -Indexes
                AllowOverride All
        </Directory>

        ErrorLog /var/log/httpd/compaq8000-ssl_error.log

        LogLevel warn

        CustomLog /var/log/httpd/compaq8000-ssl_access.log combined
        ServerSignature On

</VirtualHost>

I repeated the same with the other vhost but replaced the compaq8000 with jan-basement.

The RPM puts /etc/httpd/conf.d/mod_gnutls.conf with all the lines commented out. Rather than play with that file, I just created a small new file /etc/httpd/conf.d/fix-up.conf with these lines in it.

ServerName jan-basement
NameVirtualHost 192.168.1.9:80
NameVirtualHost 192.168.1.9:443
LoadModule gnutls_module modules/mod_gnutls.so
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
Listen 443

You can probably leave out the ServerName and the NameVirtualHost on port 80. My home DNS is not a robust as it could be…

Now re-start httpd with a simple “service httpd restart”. If all goes well, and your DNS is setup correctly, then you should now have two virtual hosts that serve out the correct different SSL certs for each one,

You couldn’t get it working with mod_ssl?

I couldn’t get it working reliably. With initial installation of CentOS I was able to get Apache2 to reply back with the correct SSL certs. But after I tore it all down and re-did it again, I got inconsistent results. On my Ubuntu LTS servers (which this blog runs on) I had a similar issue and I think that’s why I use mod_gnutls today. It works reliably and I’ve had no issues with multiple SSL certificates on one IP address.

Caveats

This worked out on my unused basement server but there are several concerns I have.

1. CentOS 5.6 updates to 5.7 (final) when I did yum update

That was a shock to me. I get that CentOS wants to keep things current but I had thought that I would be updating within the 5.6 branch. On my PC going to 5.6 may not be a big deal but if you run a VPS make sure you can restore you backup and check with your host provider. It should be fine but gotchas on production servers is a huge no-no.

2. Adding the CentOS Testing repository

The nice thing about using pre-made packages is that you don’t personally have to maintain them. If Apache2 gets an update will this RPM work continue to work? It depends on how the module is compiled. It might be safer to find a good mod_gnutls SRPM and keep that ready to be built a a just in case.

3. Backups are your friend

CentOS stores it’s Apache2 configs in /etc/httpd and before anyone tries this at a minimum they should keep fresh copies of that directory somewhere safe.

That seemed like a lot of work for your curiosity

Nah! While solving problems like this is part of my day to day work routine, this has always been my hobby. Some people work in their wood shop, I work on my software  configs and these sorts of problems are fun. And now I’m more up to date with CentOS as a result.

Doing this with Ubuntu LTS is much easier because the software is supported right out of the box. SNI on Ubuntu is just a matter of configuration and all the necessary software is part of the distribution. But if you are going to use CentOS and want SNI to work, then this could work out for you.

The Gakkenflex is a cool kit camera

My son received a camera from his uncle, a cool Fuji STX-2 SLR with a 50mm lens. The girl wanted to have a camera too. So rather than get another film camera from eBay, I went to Makershed and ordered a Gakkenflex kit.

I mean, fair is fair right?

This is a TLR camera meaning it has two lenses. The top one is a viewfinder and the two lenses focus together. The kit took less than an hour to assemble and the results have been fun. If you’ve ever assembled a Gundam MG kit then you will have no problems with the instructions or the assembly. Just in case Makershed provides a link to the English PDF version of the instructions.

This camera takes 35mm film and I’ve already shot 2 rolls of 200 Fuji SO film. It’s light and small but not too much so. It’s not tough, my girl already cracked the viewfinder gear when she had a er, disagreement with her brother.

I’m still getting the girl to take photos but she’s learning and having fun. Someday I may get a real TLR with 120 film, but for now this will work nicely.

2011 Trip to China

It’s amazing what can happen in a few months.

The whole family and I went to China for 21 days and it was a great trip. In order we flew from JFK -> HKG -> PEK/BJS -> XIY ->PVG -> CAN -> Zhaoqing -> HKG -> TSA -> HKG -> JFK.

In plain English we went to Beijing, Xi’an, Shanghai, Guanzho (briefly), Zhaoqing, took a bus to Hong Kong (NEVER EVER AGAIN!) flew to Taiwain, toured the country by car and then came back to Hong Kong.

All that in 21 days. I took over 4,500 photos with my Nikon D300s and 6 rolls of film with the Olympus Trip 35. We met Lily’s family and everyone had a good time. But the tour was intense and we’re all still decompressing 3 weeks later.

You can see the photos I took at my Flickr page.

Using IPv6

When IPv6 day came around, I installed Squid3 and a IPv6 tunnel setup on my in-house Linux server. I used the instructions from Ubuntu’s Wiki and made some minor configuration changes to Squid3 and that was it. You need to use version 3; version 2 of Squid lacks the right support.

The tunnel broker I am using is Hurricane Electric’s excellent Tunnel Broker. Just create an account, provide some information and you are good to go.

Easy! Now using Squid3 I can browse to Google and CNN’s IPv6 pages without any hiccup. I preferred to do it this way because setting up my Linux server as an IPv6 gateway would have required more (not much) work from me. This was quick to do and I had no problems.

Moving on, I created another HE tunnel on this web server. Using Apache 2 virtual hosts, I just added to the config file these lines.

<VirtualHost [2001:470:1f10:f10::2]:80>

 ServerAdmin webmaster@localhost
 ServerName blog.dembowski.net
 ServerAlias *.blog.dembowski.net
 ServerAlias photo.dembowski.net
 ServerAlias blog.epyon-1.com

 DocumentRoot /var/www/vhosts/blog.dembowski.net/
 #DocumentRoot /home/jan/public_html/

 <Directory />
 Options FollowSymLinks -Indexes
 AllowOverride All
 </Directory>

 ErrorLog /var/log/apache2/blog.dembowski.net-error.log

 # Possible values include: debug, info, notice, warn, error, crit,
 # alert, emerg.
 LogLevel warn

 CustomLog /var/log/apache2/blog.dembowski.net-access.log combined
 ServerSignature On

</VirtualHost>

The lines are duplicated from the existing vhost entry. I substituted the A record address of 209.20.89.108 with the AAAA record address of 2001:470:1f10:f10::2. This address was provided by Hurricane Electric.

Next up was to update my dembowski.net DNS zone by adding the AAAA record. This is the IPv6 address record and now my DNS name blog.dembowski.net has two entries.

blog.dembowski.net. 900 IN A 209.20.89.108
blog.dembowski.net. 900 IN AAAA 2001:470:1f10:f10::2

I restarted Apache and now when a IPv4 or v6 request comes in, it gets handled by correct IP address and all is well. My server and proxy logs show which address I am hitting, and the site validates.

So what did this get me? Nothing really, except to show how easy it is to add IPv6 to your site and web connection. A buddy of mine almost exclusively uses IPv6 only at home. The old address space is or has ran out (depending on how and who you ask). Migrating to anything new can be a challenge but really, there is no reason for ISPs or hosting providers to not support IPv6.

Waiting for my new toy

The film camera bug has hit me pretty hard. I’ve been using one of my Olympus Trip 35 cameras (see above taken last weekend) and have purchased an Olympus Stylus Epic DLX from someone on eBay. The new one is it’s way and should be here next week.

You can read up on the Olympus Stylus Epic here and for here is a copy of Popular Photograhy’s review here. The DLX version is the same but adds Quartz date and a panoramic mode. This model was introduced in 1997 and like many older cameras is available on eBay.

I’m getting this one because it’s compact, opens wide (f/2.8), and has a reputation for taking sharp photos. It’s also weather resistant (splash proof) and is fully automatic.

Unlike the Trip 35, it’s very electrical and has no manual features. It should be perfect for the kids to use and I’ll give it a try as a walk about camera for street photography.