I’ve been in Shanghai for three days now and a combination of tiredness (on Monday) and laziness (yesterday) has led to the wholly unacceptable situation whereby I have eaten dinner exclusively at the hotel. If this were not bad enough, the hotel restaurant leaves much to be desired. Things had to change.

So it was that I strode out of the lobby and resolved to keep on going until I found a place I wanted to eat at, which in this thoroughly depressing foreigner ghetto part of Pudong wasn’t necessarily going to be easy.

(more…)

Logitech’s G13 is their much-hyped answer to the Nostromo SpeedPad and competitors. It was released in December to great fanfare so although I have been very happy with my SpeedPad n52 for many years now I was intrigued enough by the G13’s feature list that I decided I was prepared to pay the not-inconsiderable asking price to check it out.

The G13 is certainly not cheap. With an RRP of £79.99 it is unlikely to appeal much to people who don’t already own a similar device. In order to justify the expense it needed to be a significant improvement over the n52 and really deliver on its promised features.

Instead I found it to be a spectacular disappointment.

(more…)

The iPhone 2.2 firmware has been available for a while now but I’d thus far resisted the urge to upgrade because I’d heavily customised my jailbroken phone with my own sound effects, ringtones and Winterboard settings.

Official Apple stuff is backed up and restored after an upgrade but I knew I’d lose the personalised changes.

I decided to use Subversion to archive my tweaks and restore them after the upgrade. The exact steps I used aren’t precisely the same as I’ll describe here. I’ll change the description to be easier to follow along for people with no experience using Subversion before.

(more…)

Everyone in the office is doing it and I didn’t want to be left out so I downloaded VMware ESXi, intending to run it on a machine with an ASUS M2N-SLI motherboard.

As that machine was in use, I tested out ESXi on an older ASUS A8N-SLI board. In many ways the M2N-SLI is an evolution of the A8N-SLI so when ESXi installed and ran on the older hardware I was confident that it would work on the newer board too.

Not so.

Although ESXi worked when booted from a USB stick, the installer refused to run because it couldn’t find any supported disks. Clearly my SATA controller must be supported or the USB version wouldn’t be able to see the disks and create datastores, which it could.

The solution? I installed ESXi and created datastores on the A8N-SLI and simply unplugged the disks and plugged them in the M2N-SLI. Pleasingly the system booted first time and apart from telling it to use the (different) NIC on the new machine I didn’t have to do anything to get it working.

There I was minding my own business when my iMac suddenly complained that it had lost my home directory. At about the same time I began to hear an ominous clicking sound from the direction of my QNAP. After a few minutes this went away and was replaced by a loud beep. At that point the Mac popped back to life and I was able to ssh to the QNAP.

Rut roh! Looks like one of the disks in my RAID1 has croaked.

    SCSI error : <0 0 0 0> return code = 0x8000002
    sda: Current: sense key=0x3
        ASC=0x0 ASCQ=0x0
    Info fld=0xcbd60ed
    end_request: I/O error, dev sda, sector 213737708

    md: unbind
    md: export_rdev(sda1)
    raid1: Disk failure on sda4, disabling device.
    	Operation continuing on 1 devices
    RAID1 conf printout:
     --- wd:1 rd:2
     disk 0, wo:0, o:1, dev:sdb4
     disk 1, wo:1, o:0, dev:sda4

QNAP’s website says they will replace faulty kit free of charge so I hope to be back up and running properly again soon.

Rebecca and I have a curious ritual whenever we leave the flat. Unless she’s taking (one of) her handbag(s) with her she will proudly announce that she isn’t carrying any money or her keys, presumably as a reminder to me that I need to make sure that I am. Of course she always waits until after we’ve left before saying this.

For my part, usually I say nothing. Sometimes I remark that it might be more helpful if she told me while we were still indoors. This time I was halfway through allowing the door to slam shut when I remembered that I had put my keys and wallet on my desk while changing trousers and had clean forgotten to pick them back up.

Luckily the flat is not entirely secure and has a backdoor. Or more precisely a back window. I was able to raise it high enough for Rebecca to clamber inside and safely retrieve the keys. And all without attracting the attention of the police.

/var/ldap/ldap_client_file needs to contain:

    NS_LDAP_AUTH= tls:simple
    NS_LDAP_CREDENTIAL_LEVEL= proxy

/var/ldap/ldap_client_cred needs to contain:

    NS_LDAP_BINDDN= 
    NS_LDAP_BINDPASSWD= 
    NS_LDAP_HOST_CERTPATH=

And here’s the non-obvious (and most important) step. You need to set up the above-referenced certificate store. Assuming your CA certificate is in /etc/sfw/openssl/certs/ca.crt and you set NS_LDAP_HOST_CERTPATH= /var/ldap (which is actually the default location), you need to do this:

    # certutil -A -a -i /etc/sfw/openssl/certs/ca.crt -n RootCA -t CT -d /var/ldap

The Solaris 10 LDAP client stores its credentials in the file /var/ldap/ldap_client_cred. The password is hashed using NS1 format. The correct hash for your password is created for you when you use ldapclient to generate the configuration but if you simply wish to change the credentials without running that tool you have to jump through a few hoops.

One suggested solution is to find a Solaris 8 system and use the LDAP configuration tools from there, as one option allows you to dump a profile to stdout without applying it. This is a bit of a hassle if you have a Solaris 8 system and not much use if you don’t.

Now that Solaris is Open Source it’s much easier to create an NS1 hash. We can build our own tool straight form the horse’s mouth.

libsldap has the code we need. At time of writing it’s available from the OpenSolaris project. Download the three files ns_internal.h, ns_sldap.h and ns_crypt.c. On a Solaris 10 system the ns_crypt.c file can be compiled without any changes.

    $ gcc -I . -c ns_crypt.c

On Linux we can make a few tweaks to the code in order to compile it.

• In ns_crypt.c:
  • Comment out all lines referring to ns_crypt_lock.
• In ns_internal.h:
  • Comment out the line #include <thread.h>.
  • Comment out all lines referring to thread_t.
  • Comment out all lines referring to mutex_t.
• In ns_sldap.h:
  • Add the following lines above #include <stdio.h>:

      typedef unsigned int uint_t;
      typedef unsigned char boolean_t;
      #define B_TRUE 1
      #define B_FALSE 0

Now save the following as main.c.

    #include "ns_sldap.h"
    #include "ns_internal.h"

    static int is_cleartext(const char *pwd) {
        return strncmp(pwd, CRYPTMARK, strlen(CRYPTMARK));
    }

    int main(int argc, char **argv) {
      if (argc == 1) {
        fprintf(stderr, "Usage: ns1 <hash>\n");
        fprintf(stderr, "Usage: ns1 <plaintext>\n");
        exit(1);
      }

      if (is_cleartext(argv[1])) printf("%s\n", evalue(argv[1]));
      else printf("%s\n", dvalue(argv[1]));
      exit(0);
    }

Compile ns1.c:

    $ gcc -I . -c ns1.c

And finally link the two object files.

    $ gcc -o ns1 ns1.o ns_crypt.o

You may need to add -lcrypt to the above on Linux.

With the tool we just compiled we can make some NS1 hashes.

    $ ./ns1 my_secret_password
    {NS1}c2ab9ff37b69c4b5a665a2b15d003bba0779
    $ ./ns1 {NS1}c2ab9ff37b69c4b5a665a2b15d003bba0779
    my_secret_password

Rebecca and I were on our way along the river bank when I pointed to a patch of vegetation and asked "Do you know what those are?"

She said "No."

"Those are nettles. We call them stinging nettles. If you touch them you will hurt your hand."

She nodded. I carried on walking.

A few seconds later I heard a high pitched squeal from behind me. Sure enough there she was nursing her hand and complaining that she "won’t try that again."

Monday: Cycled to work. Sunny.

Tuesday: Cycled to work. Sunny.

Wednesday: Cycled to work. Sunny.

Thursday: Drove to work with the roof down. Rain.

Friday: Cycled to work. Sunny.