Getting OpenID Connect, Microsoft Accounts and Azure AD working with mod_auth_openidc

I've been very busy lately working on lots of very geeky things.  I've been doing quite a bit of work with Hans Zandbelts Apache mod_auth_openidc getting it to work with various and sundry Open ID Connect providers or OP's.  In this post, I'll be describing the steps I used to get the new preview version of Microsoft consolidated Open ID Connect implementation for single signon or SSO.

I won't go into how to configure Open ID Connect in detail, this post assumes you either have or have the knowledge to set up a basic mod_auth_openidc deployment.

The first thing you need to do is to register your app at  https://apps.dev.microsoft.com.

Use the "Application ID" for your client_id in the mod_auth_openidc configuration, then click on "Generate New Password" and save this off to use as your client_secret.

If you want the nitty gritty of Microsoft's implementation, have a look at: https://azure.microsoft.com/en-us/documentation/articles/active-directory-appmodel-v2-overview/

Everything should be configured per the normal mod_auth_openidc documentation.  I'm using the OIDCMetaDataDir directive so that I can specify multiple open ID connect providers as described in the README file for mod_auth_openidc.

If you want to see the configuration directives that map to the Apache Conf file, look in  the auth_openidc.conf file in the source tree.

There are 3 files included in a meta setup for each OP.  xxx.provider, xxx.conf and xxx.client.

The contents of the .provider file can be gleaned from the following URL:

https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration

The Microsoft documentation is incorrect and has .well-known/configuration, which returns a 404 error.

Now here's where the secret sauce comes in.  When you name your xxx.provider, .conf and .client files, name them like the following with the following contents:



login.microsoftonline.com%2F%7Btenantid%7D%2Fv2.0.client

{
        "client_id" : "app/client id from apps.dev.microsoft.com",
        "client_secret" : "generated password from apps.dev.microsoft.com"
}

login.microsoftonline.com%2F%7Btenantid%7D%2Fv2.0.conf

{
        "scope" : "openid",
        "response_type" : "id_token",
        "response_mode" : "form_post"
}

login.microsoftonline.com%2F%7Btenantid%7D%2Fv2.0.provider

Copy and paste from https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration

Now restart your Apache server.  Load a protected URL, on said server, so that you get the discovery page that shows links to your configured OP's.  You should see one for login.microsoftonline.com%2F%7Btenantid%7D%2Fv2.0.

Click on the link from your discover page and login with a Microsoft Online account.

At this point your Web Server will throw an error.  If you look in your Apache error log you should see something like the following, if everything else is configured correctly:

oidc_proto_validate_jwt: requested issuer (login.microsoftonline.com/{tenantid}/v2.0/) does not match received "iss" value in id_token (login.microsoftonline.com/xxxxyyyyzzzz/v2.0)


The problem is that {tenantid} is a placeholder and will not work to authenticate. xxxxyyyyzzzz above should be your valid tenantid. This to appears to be a bug/missing documentation on Microsofts part.  To finish making this work do the following:

1. Edit login.microsoftonline.com%2F%7Btenantid%7D%2Fv2.0.provider and change login.microsoftonline.com/{tenantid}/v2.0/ to be login.microsoftonline.com/xxxxyyyyzzzz/v2.0
2. Now change the names of your meta files to be:
   
   login.microsoftonline.com%2Fxxxxyyyyzzzz%2Fv2.0.client
   login.microsoftonline.com%2Fxxxxyyyyzzzz%2Fv2.0.conf
   login.microsoftonline.com%2Fxxxxyyyyzzzz%2Fv2.0.

Now the big caveat to all of this is that this is a preview version, and is not meant for production.  Microsoft may make changes to the above and break any implementation you might care to deploy, according to the Microsoft documentation.  That being said, the above seems to work great for logging in to your web app using Microsoft as an OP and mod_auth_openidc as the Relying Party (RP).

Minecraft Exploding Sheep Java Bukkit Server Mod

Among other various and sundry things I've been working on, Java has been one.  If you haven't learned, it you should probably pick it up at some point.  Along with Python, C, Perl, C++, C#, PHP and other flavors of the day.

I picked this particular language as it's been very popular, has lots of community support and lots of plugins, and tools available to help you write code.  I use some of the Eclipse Java Development tools and it almost feels like my program gets written for me.  That's a post for another day.

This is just a short shameless promotion for my Minecraft Bukkit Server mod, Exploding Sheep.  Currently, it just makes sheep explode when you shear them.  I'll be adding explosion adjustment configuration and and sheep wool color configuration.  I've also had Feature request include exploding pigs, when shot with arrows.

The main point was to start an open source project in Java and using the Bukkit API seemed like a fun way to do a real Java project.  It's a dipping my toe in the water of open source so to speak.  Source is available on github, it's pretty simple so far, an event handler and some initialization.  I'll be accepting patches and updates and exploring some of the more esoteric features of github.

Be the envy of all the other servers, install the Exploding Sheep Mod today!

Agile Project Development Best Practices with Pivotal Tracker.

Pivotal Tracker and Project Management

I've been through quite a few live updates recently, and haven't dropped in with any posts for awhile, but I hope to get some updates soon.  I'm still working on the book, and maybe it will even be out before the technology described in it becomes obsolete.  That's a story for another day.

So I'm just about done with the 30 day free trial of Pivotal Tracker and I thought I'd share some of my opinions an insights into getting the best use out of this project management/issue tracking tool.  I'll start by saying that this tool might not be for everyone.  If your still stuck in the old MS project days of Gantt charts and project items that take two weeks or more, then this might be a steep transition.  You have to think in smaller pieces to get a more realistic picture of what's actually going on, and how much work a given team of people can accomplish over the course of a week, month, or quarter.

Points

The first thing you must decide, when using Pivotal Tracker, is how are you going to assign points.  You have multiple ways that points can be assigned, the default is 1, 2 or 3 points for small, medium and large.  The idea being that you decouple the number of hours that are associated with a given task, and the people doing the work can scope projects without worrying about nit-picking over hours.  Being as little old school, I prefer to have some linkage to hours, so I use the Fibonacci numbers 0,1,3,5 and 8.  I figure a point at roughly two hours, and if a task will take more than 16 hours, it probably needs to be split into multiple tasks, or stories.

Velocity

The overall goal of a good project manager is given X amount of work and Y amount of resources how long will it take to get X done?  In pivotal this is accomplished with Velocity.  Velocity is generated by averaging the number of points the Team/Project has completed over the last 3 weeks.  Pivotal Tracker assumes that the team will be consistent, taking into account strength in a given week and it will show what can be accomplished by that team week by week.

Stories

The idea behind a story is that it is a task that can be started and completed within the same week.  The key here is to keep the stories small.  Stories can have sub-tasks, but be careful of putting too much in a story.  Being consistent in sizing stories will help in getting to the goal of figuring out what, can realistically be accomplished by when.

Story Types

There are 4 different types of stories.  Bugs, Features, Chores, and Releases.  In the default configuration, only the points in Features count towards velocity.  The idea being that it is features that drive the product forward and bug fixes and chores are overhead.  Releases are milestones that show up in the overall schedule and do not have points associated with them.  Releases are the only types of stories that can have dates associated with them.  A release will show up in Red when there are too many stories that have to be finished (are higher in the list than) the Release story.  I use Pivotal in more of a support environment so fixing bugs and chores are considered moving the product forward.  Allowing points on all story types can be changed in the project settings.

Epics

If you have multiple stories and want to track them from a higher level, you can create what is called an "Epic".  Epic's give you a way to group multiple stories together into a higher level project.  An epic is like a tag for grouping, but additional reporting features are available when stories are linked together with an Epic.

Project = Team

This is probably one of the most important things I discovered about using Pivotal Tracker.  I didn't see the ability to see a roll-up of Stories and Epics across multiple Projects.  For usability, tracking purposes, reporting and overall sanity, Project should be synonymous with Team.  If you assign your people to tasks across multiple projects, you won't be able to use the milestone scheduling features.

Current, Backlock and Icebox

When work is started, by clicking the "Start" button in a story, it's moved over to the "Current" column.  I used back-log for stories that have been estimated and prioritized.  Things that need to be done, but haven't been prioritized are put into the Icebox.  Priority can be adjusted by clicking and dragging items.

3rd Party Applications

I like to use Eclipse and there is a Mylyn - Pivotal Plugin for Eclipse to allow integration with Pivotal Tracking and Eclipse Team .  There are also quite a few third party programs that allow tracking and reporting on the Web, and a variety of mobile devices.

How to Generate a Public Key With ssh

Useful ssh tricks

I don't like to let people log in to sensitive servers with passwords.  I generally disable this feature on servers I maintain.  I will explain.  ssh is used for many things.  I use the openssh flavor of ssh, but there are many other flavors.  For Windows, Putty is a popular ssh client.

 There are many things that you can do with ssh besides just establish a login session on a remote server.  scp and sftp are programs that allow you to connect to a server and copy files securely.  When you use plain old ftp to copy files, you are sending your passwords across the Internet in clear text, bad, mmkay.

One of the more useful things about a good ssh client is that it takes advantage of the features of a good ssh server (sshd).  A good ssh client will allow you do tunneling.  An example would be using ssh to connect securely into a Virtual Private Network, then using the tunnel created to secure a Windows Remote Desktop connection between the client and another machine on the VPN. A good ssh client can be used by other programs to connect to the ssh server, like in the case of svn, where you can include svn+ssh://yourhost/yourrepo instead of just svn://yourhost/yourrepo, which will also use the same ssh client.

There are lots of cool things you can do with ssh, but it all depends on getting the username and password set up properly so that authorized user (A), well call him "Joe",  can get into the server and copy files and check out things with subversion and tunnel remote desktop connections.  In a default kind of setup, you would create a user account on the server for Joe, then assign Joe a password.  Joe would then connect to the server, it would ask for his password, and he would enter it.  That's all good, unless, someone else had Joe's password.

Brute Force and Dictionary Attacks

When you use only usernames and passwords to protect your server, you are vulnerable to these types of attacks.  This type of attack involves attacker (X), well call him "Snidely", gaining access to your system by trying as many passwords as he can until one lets him in.  Snidely doesn't have to type these passwords in, he can just get passwords from the dictionary, or from a cracker library, and have an automated program keep trying until one works.   Your only protection against this type of attack, when you are using passwords, is to assign a "Login Limit".  This causes the account to be locked after a pre-defined number of unsuccessful login attempts, and shuts Snidely's little game down.

Public and Private Keys

Lucky for us, there is an even more secure method, Public/Private key exchange.  First I should explain what a public and private key is.  If Joe wants to send user (B), well call her "Sally", a secret  message, Sally can receive this message secretly by generating a public and private key.  Sally generates her public and private key, then she gives her public key to Joe.  Joe then writes the message and locks it up with Sally's public key.  Once the message is locked with Sally's public key, only Sally, with her private key can unlock it.  For an added level of Security ,  Sally was smart, and she also locked up her private key with a password, known only to Sally, when she generate the "Key Pair".

How to generate ssh  Public/Private Keys

Now let's say that Joe is the System administrator, and Sally wants in to the server.  What needs to happen is sally first needs to generate a public/private key pair.  If Sally has openssh, either in Cygwin (Under Windows), or openssh in Linux/Mac OS X, the ssh-keygen utility can be used as follows:

$ ssh-keygen -t dsa

If you do not add the "-t dsa" part, it will generate an rsa key.  Either will work, but I like DSA as RSA keys are not exportable outside the US, DSA keys are.  Also the default length of the key is 1024.  The length of the key determines how secure the key is.  The longer the key the more secure it is.  Theoretically nothing is "secure", when you talk about key lengths and whether or not it's secure you get into the whole argument about, is there enough computing power available to Snidely so that he can easily crack your key and gain access.  The longer the key, the more computing power Snidely will have to use to crack the key.  You can also specify a longer key (Up to 2048) if you use type RSA with "-t rsa".

After you hit enter, it will prompt you for where you want to store your files, it will look something like:


Generating public/private dsa key pair.
Enter file in which to save the key (/home/scott/.ssh/id_dsa):

You can enter a different filename, but I usually press enter, as the default is usually sufficient.  After you hit enter here, you will be prompted for a password.  This is important, you can choose to have no password (not recommended), or you can pick a password that locks up use of your private key.   As explained before, secret message locked up with this public key, will only be able to be read by using the private key.  Anyone in possession of the private key can de-crypt Sally's secret messages.  Any time you use this private key you will have to re-type this password.  This is important to note because when Sally tries to connect to the server, after Joe has installed her public key there, Sally will enter the same password she used to lock up her private key, NOT a password that is stored on the server.

Enter passphrase (empty for no passphrase):

After Sally has entered her passphrase, she will be prompted again:

Enter same passphrase again:

Then A nice little message with some additional randomart will display


Your identification has been saved in /home/scott/.ssh/id_dsa
Your public key has been saved in /home/scott/.ssh/id_dsa.pub
The key fingerprint is:
66:27:fc:27:8e:1d:43:ab:25:2b:3c:b7:8f:7b:16:69

If you look inside the id_dsa.pub file, you will see your public key.  It will look something like:

ssh-dss AAAAB3NzaC1kc3MAAACBAO2A0f//TUz1cx/23vRk7kfqEt81pQz6s0qbbjBaKPAn1eIbe7xHVogZNPdVhqWBMJ4xAWH5Fldayy4tJp5oDY0QqxsBVEvx81PUkmTD3cWMtysTaKqS6jjSNrGimRvL+xZf2jt4FvN1LQhFfeKI0Q1+MkoJ8GWD7ggmWC4/2GWhAAAAFQCJ2DgZMyN6AUTt+rW9Me2TZf4JhQAAAIAy2ehqfts19c+SNqKiIpII8kFI/u8N1tjKAV9sw2BDC5aJinqcoGGFXCI8J43ni4g/GPu+vAxWi2MPiGbw6MFnFvQRWdOPAjM5FJFU3mKqM3Vhk+29Qr25x/0cdDKh7hSPcmRRPTPTHwVEZwTErp8hG8JqFRlc0iSx/kMmLL6HCAAAAIEAiXy69U6zdYQitJfIMrc6dG61l/R7Rs+7Z9zsGpW5MmgyMMzAXU3gKO+0NEpUv9lMyDOqEYwEviU/0lyeesFmIl0T1/c/TOTtlgqpv9S5KAparVfkVXL3U4Gq7tNyzeGncbOd5u1tYdLh8dKgLPMtgmoHNzw+5m/Mc70TpVwLzZA= scott@monstro

All Sally needs to do is to e-mail the above text to Joe, and he'll know what to do.

What's a Joe to do? - Installing the public key on the server.

Now for Joe's part, he needs to take Sally's key, and if the /etc/ssh/ssh_client file has things in the standard place, and assuming home directories are in the standard place, and assuming that Sally's username is "sally".  Joe will put the above key (without any line-feeds or carriage returns) into:

/home/sally/.ssh/authorized_keys2

or

/home/sally/.ssh/authorized_keys

(Depending on how old your server installation is.  NOTE: I've seen both filenames needed in certain instances)

It is important that the ".ssh" directory in /home/sally be readable and writable, only by Sally.  In addition the authorized_keys file can only be readable and writable by Sally.  Just to be sure you can do the following commands as root.

$ sudo chmod 700 /home/sally/.ssh
$ sudo chown sally /home/sally/.ssh

$ sudo chmod 600 /home/sally/.ssh/authorized_keys2
$ sudo chown sally /home/sally/.ssh/authorized_keys2

If you leave out the above and the permissions are not correct, then Sally will not be able to log in, and Joe's authorized_keys file will be ignored.

How the ssh Authentication Handshake Works

I like this story, because it's the same way that Friend or Foe identification works in fighter aircraft.  So Sally want's to connect to the server.  Joe has done his part as administrator, and put Sally's public key into her authorized_keys2 file and Joe has also updated permissions on said files, using chmod and chown.  Sally can now use the command

$ ssh sally@joeserver.com

What happens next is that the ssh server, generates some random data.  It then uses Sally's public key, put on the server by Joe earlier, to lock up that random data.  It then sends the data to Sally.  Sally is prompted for a password, and she puts in the password she used to lock up her private key, when she generated the keypair.  Sally then unlocks the random data sent by the server, and sends it back, unlocked.  The server compare the unlocked version with it's pre-locked version and if they match, the server let's Sally in.

I get asked about the above quite a bit, and there is always consternation from the users when they have to generate keys, but it's a necessary evil.  Security, or convenience, pick one :)

Is the stock market a dinosaur?

Yes, yes and yes.  I was reading an article about a recent incursion into the US stock market.  And it occurred to me that the stock market has, for years just been Las Vegas for rich people.  With High Frequency Trading coming on the scene over the last several years, it has turned the stock market into a ticking time bomb.

It is quite possible, and most likely occurring daily, that automated programs could/have been written on the scale that directly effects our economy.  Think about that for a minute.  Some random, single person, on the Internet, that has access to the on-line trading system has the potential to affect and impact the economy of an entire country.   Just like the recording industry, the stock markets of the world are realizing the impact of taking out of date systems and marrying them with technology.

Even if you take technology out of the picture, the stock market is a dinosaur.  The stock market was intended as a place where companies could raise capital to expand their business, what it actually does is hurt business.  I will tell you a story of a company that I once worked for.  The company was privately held, about 2000 employees or so, worldwide footprint, up and coming.  Then they went public.

What happened afterwards was a long spiral downward of moral killing layoffs and decisions made by the executives which hurt the company, but helped the stock price.  After going public, we had one of the best years ever, sold more product and made more revenue than ever.  We had shipped the best product we had ever shipped, things were looking great.  Then the layoffs came.  We were all scratching our heads, wait a minute, what just happened?

What happened was Marketing.  The way it works is,  a few wonks from marketing get together.  They project what they think the company will make, over the next quarter and next year, in other words, they pull numbers out of their arse.  The rub here is that, the Marketing people projected that we would make more than we actually did.  When the revenue numbers came in and they were less than the projections, it drove the stock price down.  In order to bring the stock price back up, the company has to reduce their expenses to bring the stock back up, which in turn results in people losing their jobs.

At the end of the day, good qualified people are losing their jobs because marketing people want to play poker with computer programs in a rigged game, which is also referred to as "The Stock Market".

Excerpt from New Mr. Tech Book on Telecommuting

As I promised, more techiness for your geeking enjoyment.   I've been head down in a book for some time.  Hoping to release it by the end of this year, early next year.  I'll be talking about how to be a telecommuter.  There are so many great tools out there that are free or inexpensive that enable the average person working in an office to work from home, full or part time.

According to one survey, 62% of firms have remote workers and 34% of employees surveyed, work away from the office.  For those job seekers, being telecommute prepared can allow you to save money and time in commute and gas.  Following is a short excerpt from Mr. Tech's, upcoming,  book on telecommuting. 

How to work from Home - Introduction

I work from home, set my own schedule, except for meetings during the daytime.  Us telecommuters have to make some concessions to those that still have to work in flourescent light jail.  Sorry guys, but there is a better way, and you don’t have to get on the freeway every day, and you don’t have to go siteat a boring desk under flourescent lights like some bad nightmare from a comedy about working in such a place.

People ask me all the time, “How do you do it”?  I got tired of telling everyone, so I decided to write a book.  That way, next time someone asks, how I did it, I can hand them a business card with my number and a link to the website where they can purchase my book.  If it works for them, it only cost the price of a book.  If it doesn’t, they bought me  a couple of martini’s at a decent establishment, and someday maybe I can return the favor.

I have been doing this for around 20 years now and salaries have varied, but I make a decent living, live where I want the only requirement being decent Internet access.  Other than that, the beach, the mountains, another country, all are fair game.  As long as your work gets done, you are available when needed, and you can do it consistently, you’re in.  All you need is a few tips a plan and some elbow grease.

This is not a get rich quick manual, this plan will involve hard work.  I will also say this type of work is not for everyone.  You have to be a “motivated self starter”.  You have to be able to work on your own with little direction, and most importantly, you have to put in your time.  It’s very easy to fall into the trap of not putting in a full work week.  The flexibility to be able to take a day off when you want, and a long weekend every once in awhile, can quickly turn into a job-ruining slack fest.

This book will delve into all of those issues.  From humble beginnings to a full fledged telecommuting machine.  This book will give you the tools to succeed as a telecommuter and point you in the right direction in the types of training you will need, and the types of jobs that are available to telecommuters.

The future is now, throw away your commuter mug, and get one of those nice fat cups that takes up a large area of your desk, and prepare to join the growing ranks of the remote workforce.


I'll post more juicy tidbits soon.  The following is from the Introduction and gives a bit of background on the author and his qualifications on the topic of telecommuting.

My Worlds on Fire How about yours?

That's the way I like it and I'll never get bored. Words from a slightly overplayed song a few years ago, but truer words were never spoken. With everything going on, good and bad, and the challenges we face and rewards we are reaping, it's a very exciting time. In my personal life there is much to talk talk about, and soon there will be much to show. I've been working on several artistic pursuits including, some musical, some visual and some technology. For you my faithful readers, I will soon be posting more how-to's and technology information and opinions, as it's my bread and butter. This post will be a bit of a digression from that, as I feel there are important topics at hand that need to be considered by all in this country.

 I recently watched Rumble 2012 with John Steward and Bill O'Reilly. I understand that both of these men are performers, and there was most likely a, not un-substantial, amount of money paid to each of them from appearing. There were a couple of big take-aways from that video. Opinions, if you will, but ones that I share.  They are:

1. This nations problems are complex
2. There is a lot of "fear mongering" going on as it relates to said problems.
3. Simple answers are being offered as solutions to these complex problems.

The above would say that, as John Steward put "Our problem solving mechanism is broken".   We are asking the wrong questions.  It's not whether or not Democrat is better than republican.  The question we should be asking ourselves, is how do we fundamentally change our government so that it represents the 99%, not the 1%.

Let's look at the recent "real" debate of the issues between Mitt Romney and President Obama.  Mitt Romney was declared the winner by using a debate tactic known as the "Gish Gallop".  The tactic is that you spew so much BS at your opponent, so fast, and so furiously that there just isn't any sane response that doesn't make you look aggressive and/or contradictory.

Mitt Romney was declared the winner of that debate by using an underhanded debate tactic.  If we choose our leader based on theatrical performance, rather than facts and information, we are in sad shape indeed.  This election is our opportunity, in the US, to make a statement that we are concerned about real issues and not overblown hype and theatrics.  We don't have a good track record on this one, but maybe the tide is changing.  I have to agree with John Stewart's comments about this generation, that there has never been a better prepared generation to face the challenges that lay ahead.  We as the older generation need to remember, we just rent this place from our children.  Let's leave it at least as livable as we found it.

Mr. Tech Reviews the iPad

I've always been kind of a sideways fan of Apple. Ever since they adopted Berkely Unix as part of their Base Operating System, I thought it was a good alternative to Windows. I'm pretty much a died in the wool Open Source guy, I run Linux on my desktops and have been even know to run a copy of FreeBSD now and then.

The reason I've chosen this route, is twofold. One I get every ounce or CPU and Memory I paid for. It uses all of it. Second, I don't have to worry about constant upates to protect me from malware and other nasty threats. I update every once in awhile, but most updates are not "life threatening"

It's always been my opinion that Mac's are nice, if you have wads of cash to waste on looks. There is no performance advantage in buying a Mac. There are some security advantages in using an *nix based operating system over Windows, so Mac's score points there.

But I digress a bit. The iPad is not a Berkely Unix based operating system, it's Apples iOS 5. So it loses a few points there.

No Flash Support

One of the biggest glaring gaps are It doesn't support Flash. Now I've never been a big fan of Flash, but but there are a lot of sites that use it. I'm not a big fan of Javascript either, but since so many sites use it, browsers have to support it. Steve Jobs was pretty smug when he said "iPad users aren’t missing much video", in April of 2010. Here my short list of things I can't do on the iPad, because of lack of support for flash.

• Daily Show with John Stewart Full Episodes
  
• Grooveshark
  
• South Park
  
• Colbert Report
  
• Any Flash Games
  

I'm not a big Facebook fan, but lots of people like to play those games and there's just lots and lots of Flash content out there and it's quite a big hole in the iPad to not support Flash. Almost every other manufaturer of tablets has Flash pre-installed. The iPad not only doesn't have it pre-installed, you cannot install it. If you go to the Adobe website it says it's not available "because of restrictions that Apple has put in place." So what I'm gathering is that even if Adobe had a version of Flash that would install on my iPad Apple won't let them do it? Why?

Music is a hassle

Next up on the list. My music. I've got lots and lots of MP3's, OGG's, WAV's and other audio formats, and I would like to be able to copy said files from the desktop of my choice to my tablet. Not so with the iPad. To get music into your iPad you have to install a 300mb applications, (The iTune store), then load all of your music into iTunes, which now makes another copy of your music, taking up twice the disk space, in Apples proprietary format. It was the same thing with the iPods, just a lot of back bending to get a music file from point A to point B. I've had a G1 phone for years and all I've ever had to do, to move music, video, or other files to and from my device is plug it in to any machine, Mac, Windows or Linux and drag and drop. It looks like a thumb drive to whatever machine I plug it into, no additional software is required. iPads on the other hand force you to install a large application and sign up for an account, verify your e-mail address, etc. Just to put your music files into your device. I'm sorry I just don't feel it's necessary for me to have to reveal my personal information to Apple, just so I can put my music on my device. I also now get regular spam from the iTunes store, and I assume I can opt out, but I'll have to log into their site to do it.

No Java

There are a lot of mobile devices that don't support Java. But the iPad is not a phone. It touts itself as being a crossover device between a phone and a desktop. I kind of expect that it will run my desktop applications. I've got quite a few applications that depend on Java applets loaded on the web, and my favorite IDE Eclipse

What it does well

So let's talk for a minute about what it does well. I have to say it looks very nice. It's a very sexy piece of technology. The included E-mail application is nice and the Safari Web browser seems to work well. The UI is snappy and has a nice feel to it. And I have been able to find a couple of useful free applications.

iPad Applications

Here's a short list of free iPad apps that I've really liked so far.

• ABC Player - Since iPad doesn't support Flash, you'll need this if you want to watch streaming video from ABC. There's an NBC player and a PBS player as well. You'll need these extra apps if you want streaming video. Comedy central has a player, but you have to pay for it. If you have flash, watching full episodes is Free.
  
• Flipboard - a cool way to read the news, allows you to change pages like flipping the pages of a book.
  
• PivotalTracker - I've been using this Agile task management system in Eclipse and on the Web, I've very stoked that there's an iPad client because Safari seems to have problems with the Pivotal web interface.
  
• MetalStorm - A fun, free basic flying a jet and shooting down other planes game. I've been laying off the games as of late (much too much work), but this one is a fun quick distraction.
  
• UYH - Use Your Hand, a very cool little notepad app, that lets you use your finger to write like a pen. It doesn't to OCR, which would be ultra cool, but it's works pretty well if you want to write instead of type.
  
• Skype - This has been a very cool app for a long time and the iPad app is no different, it made me fall in love with tablet computing. With the front and back camera's in the iPad you can do "see what I see types of calls"
  

For every cool application there are probably about 1000 that are just junk, much like the Android app ecosystem. Either they are a rip off of the original that doesn't work quite as well, or they are just overpriced for what they offer. For example having to pay for an application to watch streaming video that will also have commercials inserted. I can see paying money for a really robust application, but most of the things that are being charged for just aren't worth it. That being said, iPads, and Macs in general have always been targeted at those who don't mind spending a few extra bucks on something that looks sexy and stylish. If you don't really care about the looks, these are all things I was doing years ago with my G1 phone. The tablet glued a bigger screen to the whole affair, and voila!, a Tablet. So really what I have here, is a nice big sexy smart phone that won't do Flash, won't easily store my music and won't make phone calls, although there is a Skype client and several other VOIP clients. That being said, this was given to me as a gift. Because of that fact alone, I love it dearly. There are quite a few things that it does well, but I'm rather reticent to support a company that mucks around with likes of patent trolls. This type of behavior has seriously tarnished my impression of a company that at least had the 'nads to put a Unix based OS on their desktops. DISCLAIMER: My opinions are strictly my own and do not reflect the opinions of anyone I have worked for, currently work for or may work for in the future. They also do not reflect the opinion of my cat, my next door neighbor, or the guy that hangs out down at the beach and talks to himself. My final opinion is to follow my geeky heart and gravitate towards, Open Source and Android. If I'm going to do a tablet. It's just got to be Android. The main reason, is that if I chose a set of applications and I get to like them. If I stop liking the hardware. Or the hardware vendor starts providing crappy customer service, or I stop liking the hardware vendor for any other reason. I can buy hardware from any other number of vendors that my application will run on. Locking yourself into a single hardware/software solution has never been a good idea, no matter how many dancing monkeys, or dolphins jumping through flaming hoops you get along with the deal, being able to choose is always a good thing.

All that being said, at the end of the day, I have to support a company that is going to further my chosen profession, as a creator of technology solutions, and I have to avoid supporting companies that indirectly hurt my profession, in the blind pursuit of profit, no matter how cool it would be to have a dolphin, ride a flaming monkey shot from a cannon, through a big letter A.

The day I met Dennis Ritchie

I know I haven't posted in awhile, and I'm sorry, but you know I've been real busy, working on new projects and finishing old ones. I just had to post a little something though as a tribute to our fearless leader and geek of all geeks. I only met him once but I got to speak with him for a full hour and ask him all the questions I ever wanted, well maybe not all, but most of them.

First I have to say that Jeong Kim, president of Alcatel-Lucent Bell Labs, described him best as a "humble and gracious man". In the tech industry, when people get to a certain level of knowledge, they tend to go one of two ways. Either they share the wealth and are happy to tell you what they know, or the get all "Ivory Tower" and become aloof and uncaring. Dennis Ritchie definitely went the "share the wealth route". Most people have no idea how much this man contributed to computing, and how what we do is only possible because we stand squarely on his shoulders.

I met Dennis Ritchie over 10 years ago. I have to qualify my story, with, it was 10 years ago, and I may not get every detail right (In case the story police happen by :p). At the time, I was producing and hosting a talk radio show called RadioNet. We broadcast on the AM radio on KSCO in Santa Cruz, California and we also streamed our show on the Internet using RealAudio and TrueSpeech. We interviewed the stars of technology and talked about this great "new" thing the Internet. The RadioNet crew, packed up the show and took it to Networld/Interop, which was THE big networking show of the day. Dennis Ritchie was there with his new operating system he called "Plan 9", named after the science fiction movie.

Of course I asked him about C and Unix. First came C. The need there I was told was a result of the old programmers adage, "Laziness is a virtue". They had some code on a PDP-11 that they wanted to run on a different piece of hardware, maybe it was the other way around, but back then, if you wanted to write a program that did X on one machine, you'd have to write a whole new program to to X on a machine from a different hardware vendor.

The Answer was C. You could write one program, and with a "quick" compile you could run the same set of code on multiple machines, Brilliant!!! Lazy :) C is still the language of choice if you want something ultra fast and tight, and a large number of Internet Servers out there are written in C. It's not the easiest programming language to write in, but it's certainly one of the fastest and most widely used.

I also asked him about Unix. I was told by the master, that there were 3 main things they did with Unix. First was the whole idea of files and directories in a hierarchical structure. It wasn't until Windoze, that the whole drive letter thing and backslash got introduced to confuse things.

The second idea behind Unix was no matter where you read and write from whether it be a file on the disk, a screen or a printer, you do it the same. Everything you could ever want to read or write to is represented by a file you can open and read and write. Want to write a text file, open and write, want to print something on the screen, open the file that represents the screen and write to it.

The last thing and in my opinion the most brilliant thing was the ability to take the output of one program and make it the input of another program. This functionality allows me to do really groovy things like "find . -print | xargs grep foo". I won't explain what that means here, that's fodder for another article, suffice to say, I use input/output redirection at least once a day and have done so for the last 20 or so years.

No offense to Mr. Jobs, it sucks that anyone should die, but it saddens me to think that Steve is lauded as a hero an a pioneer, when all he really did was take existing technology and made it really slick and sexy. All this, while a titan, who invented the operating system that Apples run on today (BSD Unix), goes largely unsung.

You will be missed by all who knew you and all who know who your are. Fare the well my gentle giant.

LulzSec, Anonymous, who will it be next?

LulzSec and Anonymous are on everyones lips these days. They've practically become a household word. It never ceases to amaze me how the media can sensationalize something to the point of making people believe something is totally new. They never came right out and said it, but from reading the articles about these guys, it would make one think that organized groups breaking into peoples systems is totally unbelievable and unheard of. The reality is, that as long as the Internet has been around, there have been organized groups of "hackers" on both sides of this battle.

Now I first have to digress about the work "hacker". Just because someone is a "hacker" does not mean they break into computers. A "hacker" is someone who likes to take things apart and see how they work. Hacking does not imply malicious intent, it describes the action of pulling something apart to see how it works, then putting it back together in a new way that changes the way the original thing worked. For example, someone who takes the engine out of a car and puts a new engine in the car and modifies the car to fit the engine is a car hacker. Mostlty the term is applied to computers, as in, "I just hacked my Playstation and got it to run Linux".

"Cracking" on the other hand is the act of breaking into something by avoiding or breaking, the security mechanisms put in place, to protect computers from unwanted intruders. There are many "Cracker" programs that are easily downloadable on the Internet, that will unencrtypt files and recover passwords. There are programs avaialble to crack the passwords on anything from the spreadsheet you password protected, to your wireless network.

Encryption is entirely dependent on the assumption that there isn't enough computing power available to try all the possible combinations in a reasonable amount of time and break the encryption. The amount of computing power over the last 10 years has increased so much, that encryption that was used 10 years ago can easily be broken by the computers of today. The problem is, that many programs still in use today use those old encryption methods that are easily breakable.

The only real way to protect yourself, from cracking type attacks, is to use the strongest encryption methods available and employ things like public and private keys. Biometrics, Key fobs and other security devices can also be employed to reduce the likliehood that your network or computer will be compromised by a cracking attack.

"Exploiting" is another method that is used in breaking into someones system. An exploit is usually a bug in the software that allows an outside attacker to run programs on the machine that has the bug. A hole for an exploit can also be caused by a mis-configuration, or more commonly lack of configuration. There are many things you can do to protect yourself from these types of attacks. First make sure your software is always up to date and configured properly, out of the box, default configurations are seldom the most secure. Second, Firewalls and Intrusion Detection software are a must if you have a network that has computers that allow connections from the outside world. I could write many articles on the different ways to secure your network, and even more articles about the different ways people can get into your network, in short, make sure you hire a computer professional, that knows more about security than anti-virus programs, but I'll get back to my main rant.

The number one reason networks are broken into, is because the people making the decisions, don't listen to the people they hire to be their experts. Being secure on the Internet is expensive and takes time. For most companies, security is an afterthought and is often overlooked for the sake of cost or time savings. In the computer business, there's an old saying: "Good, Fast, Cheap.... Pick any two".

It's kind of like taking your car to a sports stadium. Do you leave your car unlocked when you park it there? Well imagine that this parking lot has some of the most sophisticated car thiefs with all of the latest in locksmith technology and that given enough time they can break into almost any car in the lot. In this parking lot, even if you lock your car, the only thing that's protecting you is the fact that there are more cars than car thiefs. That's how it is on the Internet. When you plug your computer into the Internet, it's like parking your car in that giant parking lot and if you don't have the latest in alarms and protection, eventually, they will get around to you.

LulzSec and Anonymous are just the ones that made it in the news. There are literally thousands more like them all over the world, and anything that you have, that's plugged into the Internet is available to them to have a go at. Once in, they can get at anything that you have stored on your computer and record anything that you type. You have to remember, the Internet is a public network and as such, anyone is allowed.

So as long as people "cheap out" on security and ignore the warnings of their technology people groups like LulzSec and Anonymous will have it easy. With more and more people getting "wired", pickings for these guys are pretty fat these days. The only reason a larger numbers of people have not been broken in to, is because the bad guys just haven't got around to them yet. Thar be monsters out there, are you travelling the jungle in a rickshaw or an armored tank? If you want to continue to navigate the jungle in a rickshaw, eventually, you will become the lions dinner.

Aren't you ready for Linux Yet?

"A Classic Drive By Attack" is what this article says.

So Microsoft Outlook has another bug that allows machines to be infected and taken over without the users clicking on an attachment or anything.

Plus many other security holes, in Office, and other security holes that have to be patched manually. I always hear much gnashing of teeth and wailing over the high cost of hiring the staff to administer Linux or Unix boxes, but once you install a Linux box, and once it's configured and running, administration is minimal.

I used to fix the Windoze boxes of family and friends when they got infected with a virus or malware, or crippled by spyware. Not anymore, now when someone brings me an infected box, I give them two options. Let me install Linux, or take it to someone else. So far nobody has turned me down. And of the 10 friends/family I have installed Linux for over the last two years, none of them have had a single virus or blue screen of death or other system issue. I also haven't received a single phone call about how does this work or that work, or this broke or that broke.

This has been typical of the Windoze environment ever since Windoze for Workgroups when they added networking and allowed the rest of the world in. I just don't get why people continue to buy the marketing hype of Redmond and continue to throw money at this swiss cheese platform.

And if you haven't worked with Windoze 2008 Server yet, let me tell you, you are in for big administration headaches and backwards compatability issues. In order to try to fill the holes in their swiss cheese, so many security "features" have been added, it pretty much rewrites the book on configuration of security on one of these machines. Things like authentication and networked filesystems and file permissions are very much fubar'd and require a whole new level of expertise to configure and maintain.

So to close, I'll relate a story. A friend of mine asks me about why their machines are running so slow in their office. This friend tells me they are going to buy new machines because everything is so slow now. I tell them, they probably have some kind of virus or malware, or something slowing the machines down and they don't need new hardware.

I speak with the business owner, and she tells me that everything runs great, it's just the slow machines. She also tells me Windoze if fine for their office (she forgets the compatability issues they had last month where people couldn't read each others documents).

The next day, this same business owner is reading e-mail and all of a sudden, a picture of a woman lacking clothing, doing the spread eagle appears on her screen. Needless to say, I went by their office and ran malware and anti-virus scan's on all the machine in the office. Turns out only one of the machines wasn't infected with multiple virus'

The moral to the story here is get off of the Redmond crack. Take the needle out and put something in your business that isn't prone to getting attacked every month from some new threat. It's great that there are security patches available, but before there is a patch, someone has to find the bug, and by the time you get the patch, it's already probably too late. Kinda like the old saying of "Closing the barn door after the horse is already gone".

Google Analytics Custom Variables - How To Trim Properly

Well I've been geeking out with Google Analytics as of late, and I've got to say, why would anyone pay for it anymore? Awesome tool that satisfies most Analytics needs.

That being said, recently Google launched a new feature called Custom Variables. This new feature is very powerful, but it has some limitations. One of these is that during a single page load request, if you total up all the keys and all the values for your request, they can only equal 64 bytes in total.

Other limitation are that you are limited to setting 5 key value pairs at a time, and the other limitation I have run up against is that you cannot send multiple values for a single key in a single page load.

But wait there's more.... The 64 character limit is URIEncoded, that is to say if you have a string with a character that gets URIEncoded, say like a semi-colon, this single byte will be expanded to 3 bytes when it gets URIEncoded.

So AB;

Becomes

AB%3D

If you are using the code on the net I found that URIEncodes, then trims the string, then URIDecodes before passing to _setCustomVar, you can run into an error where you wind up with a partial string on the end, that when URIDecoded will generate an error. To solve this problem I wrote the following function that allows the setting of custom variables and will trim them to an arbitrary length and will also get rid of any partially URIEncoded strings at the end.

Enjoy:

  function gaTrimCustomVar(vstr,vlen) {
       // URI encode and truncate to vlen
       var tstr = encodeURIComponent(vstr).substr(0,vlen);

       // If the first character is URL encoded and length is not at least 3
       // we'll return untrimmed and let the upper level deal otherwise we would clear
           // the value completely and return an empty string.
       if( tstr.indexOf('%') == 0 && vlen < 3) {
        return vstr;
       }

           // load a pointer to any partial URI encoded characters at the end

           var uptr = tstr.substr(tstr.length - 2,2).indexOf('%');

       // If there aren't any partial URI encoded characters at the end, return
       if(uptr == -1) {
        return decodeURIComponent(tstr);
       }
     
       // return only up to the last partially URI encoded character.
       return decodeURIComponent(tstr.substr(0,(tstr.length - 2) + 1));

       }

Conficker - Still paying for the mistakes of the past

I've been specializing in Analytics lately and I use Linux on all my desktop machines, so I haven't really paying that much attention to the Windoze arena other than the nicely manicured, maintained by a team of overseas engineers Windoze machines. I was reading this article from The Atlantic the other day, and I think the time has finally come to migrate off of Redmond Swiss Cheese once and for all.

The Conficker worm is one MF, for sure. The problem is this. You don't have to get infected by it directly. If there's a machine that's on the same network you're on, and it has the Conficker worm. That machine will actively attack your machine. It will try new security holes, and it will even try password cracks to try and guess your passwords.

First detected back in 2008, this thing has just gotten bigger and badder ever since. Sure there are patches, and apparently only some unreleased Beta of Windows 7 was vulnerable, but most of the other release before it were at one point vulnerable.

So let's say that you have one of these Windows systems and you are installing it fresh. It's probably vulnerable out of the box and will need an update. Well guess what, you have to connect to the Internet, to get the patch to close the hole. If you are on a network and there are machines that are infected, they will be actively attacking your machine. It's a race against time to see if you can patch your system before the nasties get in.

I just don't get it, I'm talking with my significant other's employer, they have seem to be having the same problems every network with Windows has, things work, then don't work, machines get infected with virus' and other nasty stuff, compatibility issues with older version and when I tell them they need to get off Windows and onto Mac's or Linux, they say "Well Windows has been working fine for us". When in fact they have all of the problems I just described. It's funny how people computers can run slow, crash and have all kinds of other issues that keep them from working and things are "working fine for us". The very next day, this same person I had the conversation with has the nastiest picture she has ever seen, spread eagle on her screen with the message "Watch Me Masturbate!". I think their ready for Linux now :)

Windows vs. Linux the candy bar analogy

So I was trying to explain to my significant other, this morning, about why, having worked with both *nix systems and Windows systems, do I dislike working with the OS from Redmond so much? Do I have something personal against Bill Gates? I mean come on man what's the deal yo? I really should like Windows, many of the things I do take much longer in Windows than just about any other OS, so there are more billable hours to be had. As an ethical consultant though, I really do want what's best for the customer. Also billable hours where the customer is in a panic because they are trying to recover important files that were lost because of some weakness in their operating system is not a fun call. I kind of summed up my dilemma in analogy that went something like this.

It would be like being a great chef, able to create any dish that tasted like anything in the world. But all people wanted to order from you, or have you prepare. were deep fried candy bars. They taste yummy to the customers, but the problem is, the customers keep keeling over dead. But it doesn't stop there, because you fed them the candy bar in the first place, you have to round up the Pope, the Local Witch Doctor and a guy from India named Bob to have a lengthly ceremony, where small animals are sacrificed to resurrect the now lifeless customer.

The customers is alive again, they are missing some fingers off of their left hand. Not to worry though, "Give me another candy bar!" the customer cries, "I'll pay anything, I love it!,and besides, it's what everyone is eating, I get a side of deep fried candy bar with almost every meal I order from any restaurant, why not? Oh and do I get a discount on you sewing my spare fingers back on?"

So I send the Pope, the Witch Doctor and Bob home with a healthy donation to the church, a goat and a support contract, or did I send the goat to the Pope? Well, regardless, the very next thing the customer does is order another deep fried candy bar. I say to the customer, "Look man, if you eat that you will just die again, and I'll have to call the Pope and things will get ugly, but you know, I can make you something that will taste just like that other candy bar, it will have the chocolate, the nougat, the caramel, everything the other candy bar has, and it won't kill you, except it's totally magical and organic, made by little elves in a far away land with chocolate rivers and houses made out of gingerbread, at least that's what I might as well be saying when I start to talk to the customer about the advantages of Open Source and the protected memory architecture of a *nix system vs. other operating systems that don't have these nifty features, not to mention the savings in time and money in maintenance, performance, downtime, etc.

You just can't beat a LAMP system (Linux, Apache, Mysql, PHP) for small to medium sized deployments. I just set up a small store owner with Ubuntu and Zoneminder on an 8 year old PC that would no longer run Windows, and now it's a low cost security camera server replacement for her 3 Axis Video cams in her store. Whenever my friends or family come to me with their Windows machines infected, again, I have just started to wipe them and put Ubuntu on them. If they want to keep their Windows, fine, but I'm not going to try to unravel their messes anymore. Oh and if you want to know what kind of new computer to buy, get a blue one :p

If you've got the dough, nothing will give you that low end torque like a Solaris Risc box running a well tuned Oracle database, oh baby! I put in a Sun box at a large deployment to process credit cards on the Internet a few years back, and it's still running without a reboot, chugging away. The Windows server that was processing credit cards for only a few local machines, had to be rebooted every night or the machine would hang, requiring someone to go down to the server room and hit the reset buttton in the middle of the day while cash registers were pumping and plastic was sliding. The problem was because of a poorly written application, but therein lies the big difference between most *nix systems and Windows based systems. In *nix land, it's much more difficult to write a program that will completely hang or crash the machine. Because of protected memory, which I won't go into detail about in this article, it makes it harder for a regular user to run a program that will cause the system and other users grief, it also makes it harder for virus' and other malicious programs to do extensive damage should they happen to get in.

All that being said, maybe one day, people will start to use an Operating system that is crafted by tiny elves in a far away magical land and forsake the evil king who rules from atop his green mountain of cash, with his armies of briefcase wielding stormtroopers, but then again, to quote a phrase "and maybe monkeys will fly out of my butt". Until then though, I guess I'll just shut up, put a few bills from the mountain in my pocket and go home :p

Mozilla 3.6 and VMWare

I went there, and I went back. Some kinda issues on that baby. Chrome doesn't work at all (yet) with VMWare, but oooohhh what a Sexy browser, I just love Chrome, and now that it's on Linux, it makes it all better.

Anyway, after going down the long dark upgrade hole of Mozilla 3.6 pre2, Well actually the Upgrade was easy, it was what happened afterwards that was a long dark hole.

Firstly, my My VMWare did not work. Wouldn't even let me log into the console. This problem is easy enough to fix. Turns out that in 3.6 (And 3.7) SSL2 is disabled by default. I'm not sure what the story is, but I assume it has something to do with SSL2 being easily cracked. Anyway, the solution to getting it to actually log in, is to enable SSL2.

To enable SSL2, in the address bar at the top of your browser type in:
_
about:config

Scroll down to

security.enable_ssl2

Then click on whre it says false and click "Toggle", it should then say True.

Stop and start the browser (Actually I don't know if that's 100% necessary), and you'll get a login screen.

The next problem I ran into was that I couldn't get the console started, but It may not have been all 3.6's fault. Part of the problem was that because I couldn't get VMWare running, I decided to try to get to my VMWare server w/out Mozilla. Wrongo!!, I try to install the VMWare player and the installation process removed VMWare server, Doh!

After re-installing the VMWare Server and Downgrading my Mozilla to 3.5.9, I was ready to go, or so I thought. My VMWare instance would boot to 95%, then just stop. A poke around the log files found some errors about bad links in /var/run. To solve this, I did the following:

1. Stop the VMWare services by doing:

sudo /etc/init.d/vmware stop

2. Check to make sure no vmware process are running

ps -ax | grep vmware

There may be stuck vmware process' running, you have to kill by hand with kill or kill -9, make sure to kill the vmware-watchdog process first, or it will keep starting up process' you are trying to kill.

3. After everything is stopped, go to the /var/run directory(ies) from your /var/log/vmware log entries and remove any .lck file in the .lck directories.

4. Run vmware-config.pl and select the defaults all the way through.

You installation _SHOULD_ work now, if it doesn't, hey it worked for me :p

Star Trek Online, How to NOT get it working in Linux (Ubuntu)

Well, I wanted to make a short post as I thought I had it working using the method below. When the screen came up to the initial game after I installed, logged in, updated, etc. The Video was scrambled.

Since then I have been hopelessly lost down a road of re-installs and Wine Internet Explorer madness. I won't bore you with details, but just wanted to follow up to my last article and let anyone know that, the guy in the Video made it look, Sooooo.... Easy, nothing about the extra bits and bobs that you might need or that he was using, anyway, suffice to say, I'm still dual booting to get my Kling-On, but I did manage to get Team Fortress 2 working on Ubuntu, but that's another story, I'm going to hit the waves for a bit while I wait for the Excel, Visual Basic, ODBC Macro monstrosity I have written is finished before it's off to the world of Cut, Paste and Glue!

I also saw someone comment about how my later articles were better than my earlier ones, and you know, it's because I'm better too, but that's REALLY, another story, until then Geek on, and I'll see you in space you squishy Federation types :p

Star Trek Online, How to get it working in Linux (Ubuntu)

OK I haven't posted in awhile, but this will be my geekiest post to date. Not only do I talk about Star Trek, I talk about a Star Trek game, not only is it a game, it's an online game, a massively multi-player, online game (MMO). Now if that weren't geeky enough, at the end of this post I'm going to provide links that will allow you to install Star Trek Online under Linux. So if you are not already having spasms of geek joy just thinking about playing your geeky game about your geeky TV show with other geeks on the Internet on the geekiest (and most user friendly, ahem!) operating system on the planet, then read on.

I've really been enjoying this game, it's very cool to get my Kling-On :p. So far PvP as a Klingon is the best part of the game. There's a mission called "A Good Day To Die" where the object is to be killed 50 times in PvP. The only drawback with PvP'ing is that PvP is the primary way for a Klingon to level, Federation types have all types of missions they can run to level up and get good loot. It also means Federation types are soft and squishy. They don't PvP much, whereas the Klingons pretty much have to PvP to level or get any good loot. The alternative for Klingons is to grind exploration missions. I think once more content is added for Klingons, they will become less the PvP elite that they are now and it will balance out a bit. Still though, Klingon vs. Federation at the moment is pretty much a game of burn down the noob, hehe.

So on with how to get this sucker installed on Linux (Ubuntu Hardy Heron w/ Upgrades was what I installed on). First I tried to install this under VMWare. Even with the latest release and much gnashing of Teeth, no go. Next I tried VirtualBox. I really liked VirtualBox and I think I will move to it for my personal use of things like GotoMeeting, etc. Things I have to run I have to have Windoze for. Anyway, VirtualBox had a problem, even though I had read people had gotten it to work. Of those who reported it to to work it worked very slow.

In comes Wine, yeah Wine. The difference between Wine and VMWare or VirtualBox, is that VMWare and VirtualBox, at their base are hardware emulators. They emulate a virtual piece of hardware, that any operating system can be installed on. Wine on the other hand is an API that interfaces Windows applications to the Linux OS. It's more of a bridge than an emulator. That being said. I found this nifty YouTube Video where this clever chap shows step by step how to install it.

The application he's using is PlayOnLinux, which helps you install your Windoze games on Linux. It can be downloaded from http://www.playonlinux.com

You'll also want to install the PlayOnLinux plugin POL Helper (Also in the video)

Instructions for that can be found in the following thread:

http://www.playonlinux.com/en/topic-2415-Plugin_POL_Helper.html

So my friends, sit back, relax, and geek out!

IPOD Nano 8gb 5g review

So the thing looks and feels really, really cool, it felt good to have in my hand. The cool metal feeling made me feel like I was almost gripping something erotic. Then I plugged it into my computer, and the feeling changed from one of bliss, to kind of feeling like waking up in the morning after a drunken binge, next to a fat hairy guy, and you can't really remember what happened but your but kinda hurts.

I'll make no bones about loving Linux and abhoring the piece of Junk Redmond feigns to call an operating system. So all of my other devices just plug in and look like USB drives, my girlfriends freaking Palm does that and you already know what I think of that deprecated has been. To be fair, the IPOD does show up as a USB drive and you can copy music files to it, but then when you unplug it, it does not show that you have any Music on your IPOD.

So I embarked on a Journey of trying to get one of the many programs that can load music onto IPODS from Linux, most of them depend on a library called libgpod. This library is used by many of the Linux applications that manage your music library to easily sync your music with your IPOD.

The problem is that instead of the IPOD seeing that there is new files on it's drive and figuring out how to index them in it's database, the IPOD depends on an external application to update their little SQL database with artists and titles, etc. That's where libgpod comes in. Problem is Apple has changed the format, (once again), so none of the program that work with the previous versions of IPOD's work with the 5g (5th generation) IPODS.

After trying to download and compile libgpod from source and applying patches from the net. I finally admitted defeat and downloaded iTunes. Are you kidding me?!? 300mb and a half hour installation, just to get some MP3 files copied to my music player?? Apple can put it in a sexy package and make it simple, but they are as bad as the evil that lurks in Redmond when it comes to being closed and proprietary.

So my advice, unless you want to look cool, but fail in the tech department, get one of these. If you want a simple to use, low profile music player, there are many out there. Make sure you get a player that doesn't need additional software installed on your machine, that's really the key. You should just be able to plug the player into a USB port, then drag and drop supported format files onto it and be done. The player should figure out from what you load on it, what to do with it and should not require additional software be installed.

That's my Music Player design lesson for the day, class dismissed :p

April Fools, Geek Style

Every year on April 1 the IETF publishes a Joke RFC.

Here is a link to this years RFC 5241

Here's a classic from 2001 RFC 3092 The Etymology of Foo

Happy April Fools

Confuse-A-Cat

I was cruising around one of my favorite sites fark.com, and found this gem in the video section. This video leaves no doubt in my mind that these guys are, in fact, completely insane.