What's Up with All These Re-Posts?

Posted by Johnny Fuery on Tuesday, January 26, 2010 , under | comments (0)



As part of my company's efforts to live the dream of becoming completely based in the cloud, I went ahead and moved my personal blog (this one) to blogger.

To do this, I used the GData API and wrote a quick Wordpress plugin that queried wp_posts and submitted them as new blog articles to Blogger via Google's API.

Couple of things I found out:

  • The GData Blogger API has an upper limit of 50 posts within any single rolling 24 hour period.

  • It's a pain to submit comments via the API.

  • No one else has ever tried to do this. Most people want to get their data out of Blogger and into Wordpress.

  • Customizing Blogger's UI is a pain also, but mostly because I can't use standard web tools and have to do it all without server-side scripting and jump through hoops to use JavaScript.


For my almost-dead personal blog, however, I think this will suit me just fine. My income from blogging never topped $100 a month anyway, and it was an awful lot of work to keep up with.

The world needs Jot conversion tools

Posted by Johnny Fuery on Friday, January 15, 2010 , under | comments (0)



Originally Published 2003-09-16 15:40:37

I might just have to write some. No one but AvantGo could find a use for a jpeg-to-jot conversion tool. But, hey, where there's a need, eh?



I'm thinking... parse through the jpeg pixel by pixel and create a jot "stroke" for each pixel, monochrome only. Kind of an inefficent approach, but it's the simplest algorithm in terms of development time. I can't believe some linux geek hasn't already done this, but then again, no one else on the planet uses the scribble input tag, now do they? :-)



Kind of a geeky project... When I get finished with the 20 conference calls I have this week, anyway. Oh yeah, and my billable on-project work.



Sigh. How do people with real responsibilities do it? Oh yeah... they don't work out, they don't have second jobs, and they don't date hot chicks.



I definitely have nothing to complain about.

It never ends

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2004-07-28 11:54:13

Are you talking about the deductions you made because the credit card statement didn't match the expense report on some of the meals?



I pay tips in cash an awful lot of the time. Is there any allowance for that? No, I don't have a receipt, yes, I paid them out, and no I'm not risking my job and integrity over $20-$30.



I don't want to fight about this and I don't want to delay $1200 in reimbursements over such a small amount, but you know how I feel about this. It's extremely lame. You spend all this time pouring over my report and verifiying literally pennies (which certainly costs more than $20-$30 in labor), then cause me all kinds of frustration... the business sense of this eludes me.



If there's anything you can do to make this right, I'd be very appreciative. If not, it's fine, I'll just make sure I don't pay out tips in cash any more. And roll my eyes after selling all my SY stock.



Johnny



--

May S.

07/26/2004 03:10 PM



To:

cc:

Subject: Expense Report ER00150465 - Meals





Johnny,



There has been a change made to your expense report. Please go to eTrip and open the above document. Double click on the line that is zero out. Click on the "notes" button to view the comments made. You can use the scroll bars on the side to navigate around the "notes" section.



Please feel free to let me know if I can help you in any way.



Regards,

May




Undocumented AvantGo client JS objects

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2004-06-28 15:47:36

In 5.3 and 5.5:



avantgo.currentServer.user

avantgo.currentServer.password (readonly)

avantgo.currentServer.serverAddress (host/ip)

avantgo.currentServer.port

avantgo.currentServer.secure (boolean)



These were all avantgo.preference.xxx pre 5.3.

revisiting ancient history

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2004-06-11 15:26:18

- what is the high-level technical design



Um... ok, I'll do my best. I didn't develop the channel. The channel has a form or forms on it that hit a forms processor running on the server. These are then compiled into a text file based on a customer-defined spec. I don't know anything about the guts of this. These files are then dropped into a folder designated to be processed. Under the old system, this folder was read once a day by a perl script that uploaded it to a server GM (or their SI) specified. About a year ago, they insisted that we make the upload secure, using something like SFTP. Great, just add an 's' to the script at the connect time, right?



Well, in actuality, the secure ftp protocol req'd another library. 15 levels of requisite libraries later, one of the requirements was upgrading perl from 5.6 to 5.8.x. Easy enough, except that other stuff on the box is using perl (i.e., everything), and ops told me that if I break other stuff I'd be strung up on a pole and they'd sick accounting on me with various forms of torture. They were pretty confident that bad things would happen if perl was messed with.



They also said, at the time, a year ago, that the server in question was being phased out ASAP anyway, and that anything I did to automate the process would be re-evaluated and either thrown away or migrated "shortly".



Which is a nice segue into the next topic...



- what is the current manual process that you run to forward leads



Ok, so I wrote a little command line batch file that automates the send process. Easy enough, right? Just launch an sftp session, pause for a few seconds, and feed the app the files.



Except it pretty much never works. I get an alert every day that says it failed, and I log on to the server, check the upload log, figure out what wasn't sent, retrieve those from the archive, and send them up by hand. 5 minutes of work. Last time I was in Europe, about a month went by before the upload was processed. Part of the problem was just that I was in hell. The other part was that the root password was changed and I had to hit up DanH for the new password. I hadn't been home in so long by that point that the dude thought I'd been fired. Go figure.



- what do you think needs to be done to automate the process



Well, I just logged on to look at the code, and it's so incredibly simple that there are a lot of things that could be done. I'm not a linux shell coder by training, and I put this together in two days -- the batch file creation making up only a couple of hours on the 2nd day.



The best solution would be to use the old code written in perl that never ever failed. There's like 500 lines of error checking in there, and all that needs to be done is an upgrade of perl. If I knew the other channels better, I'd probably have just done it anyway a year ago, but I have never had a clear understanding of everything that server is doing.



Unfortunately, I don't think anyone else does either, so the best bet is to move the GM channel off of that server altogether.



I considered, at one point, just downloading the files to my windows desktop at the office and writing my own tool using whatever libraries I wanted to perform the upload. I could actually still do that... it would be less than a day's work, but it's not a very pretty solution. We get power outages and have lurking IT staff in Dublin. Plus, well, it's my desktop for godsakes.



So there you have it.



:-)



Enjoy.

.NET permissions

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2004-06-10 09:52:59

This is a pain in the ass everytime I install mpharma. We really should automate this stuff into the installer executable.



http://www.dotnet247.com/247reference/a.aspx?u=http://msdn.microsoft.com/webservices/building/security/default.aspx?pull=/library/en-us/dnnetsec/html/thcmch19.asp#c19618429_025

A1 Law issues

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2004-04-27 17:49:11

I'm having a problem on across all workstations when using the external MS Word Spell Checker. The error reads "winword.exe has generated errors and will be closed by windows. You will need to restart the program. A error log is being generated."



A brief search on msdn with the error message text produced several hits indicating that updating to the latest office service pack would fix the problem. Interestingly enough, after updating from Office 2K sans any SPs to SR-3, the spell check appeared to complete, but crashed rather than returning to A1 correctly. Prior to updating Office, the spell check typically crashed after only progressing through a portion of a given document.



Disabling virus protection had no effect on the error. Nor did logging in as a Windows administrator. The issue occurs on all workstations, regardless of the A1 user login credentials.



I also lowered macro security settings in MS Word from "high" to "medium" on the possibility that A1 is running a macro. (It would appear that no macros are present, but it was worth a shot.) No success there either.



At any rate, the error appears to be document-specific, not workstation specific. A given document in A1 crashes winword on all systems. I can probably send you an email with a sample of the document contents from one of the offending docs if it will help. I see nothing obviously problematic about the document I've been testing with such as international characters or control codes. I have not, however, examined the content in any level of detail.



The user who first noticed the issue claims that the error rate is 50% or more, but based on the number of users reporting the issue and my own observations, I'd place the error rate at about 15-20%. Again, I have not tried to determine any patterns within the document contents, although I can do this if it will help facilitate resolution.



About our standard setup:



+ Client PCs are all well-equipped P4s

+ A1 v5.00d

+ Office 2K SR-3

+ Symantec AV Corporate Edition v8.1.0.825

+ Windows 2K SP-4 with the latest security patches per windows update



Let me know if I can provide additional data. Looking forward to your suggestions.



Cheers,



Johnny Fuery

IT Consultant

925.997.3878

whine, whine, whine

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2004-04-26 13:50:42

[from TonyP]



I've thought of a great analogy for [our project manager] during this period of time - remember he likes to refer to sailing, well........



okay, imagine you are in a rowing boat, floating across a lake and the boat has a hole in it and you need to find it or you're going to sync.(pun intended)



okay, our PM is on the boat rocking it from side to side, so when you're trying to find the hole, the water keeps splashing over the edges of the boat making it very difficult to identify where the water is coming in from! After a while the hole is submerged under the amount of water now in the boat, so the boat is very quickly starting to sync and may possibly be beyond recovery, so it looks like the ship is going to do a titanic!!!

the only positive of this analogy is that now the hole is covered by water, air bubbles should identify the hole in the water, so should be able to find the hole quicker!!!! if you remember to bring a container you could start bailing out the excess water and you just might recover and be able to get to the other-side of the lake! hee!hee!hee!



btw - it looks like MBiz server issue was a red-herring, the reason it was taking so long to save the updated web pages, is because each of those web pages was a huge .NET exception error web page....

[end]



Or, you make it across the lake, but one the first mate got drowned along the way trying to fix the hole from the outside. :-)

Customer Feedback on mPharma

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2004-04-08 03:21:35

mPharma pros:

+ (most emphatically and repeatedly conveyed) platform independence. They have an old PDA app operating in Italy that they cannot continue using because their PDAs are dying and the app doesn't work on PPC 2003. They won't have that problem with us. He even mentioned that he liked having Palm as an option, even given my disclaimer that I couldn't guarantee good performance of our custom code on Palm. (he asked how long it would take to clean it up, I said I didn't know, but that the other pros he mentioned -- outlined below -- would still of course apply. I guesstimated a few weeks. I don't think they're planning on supporting palm in their corp IT anyway)



+ Performance. "Your on device performance is PHENOMENAL." He went on to point out that the device performance was better than the laptop, noting things like searching, sorting, and page transitions. Several of the users said this in passing as well, even given some of the speed bumps we encountered (which centered around sync times because the siebel guys forgot to tell us they were doing a data backup in the middle of the day during a demo/training session -- Argh)



+ Flexibility. This centered around ease of deployment and the quick turnaround on changes, so some of this is because Tony and I rock . Still, the automated updates of new code on the fly was absolutely key here. For the past two weeks, we've lived (however informal the process) extreme programming -- dev/deploy/qa/demo/train nearly simultaneously -- all against a moving server (siebel) system undergoing the same treatment. It hurt a lot, but it wouldn't have been possible at all without our flexible platform.



mPharma cons:

+ Lack of internationalisation. He actually was ambivalent about this one, because we're so flexible. We were doing language translations on the fly, literally, as we went -- switch windows, search for "less", change to "menos", etc. He pointed out that in Siebel's mobile solution, the language widgets are all centralized, allowing a single translator to change everything en masse once. We, on the other had, require multiple instances of the app to handle this. This was a double edged sword for the client, however, because the de-centralized approach combined with our flexibility means that each country can has the ability to customize the ui. He didn't even mention the limitation on internal AG client english alerts. In short, Siebel manages internationalisation better, but our flexibility pretty much negates that advantage. Combined with the other pros, this was a footnote.



+ Our salespeople shouldn't quote 64mb as a minimum PPC memory requirement. Or, if they do, note, with emphasis, that they can't run ANYTHING ELSE with that amount of memory. Sounds fair.



+ He mentioned that he didn't like the AvantGo interface. I wanted to probe him more on this, but we were busy at the time and it just never came up again. Not sure if he meant mPharma or AG client.

That was my project

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2004-03-23 02:33:10

Hot damn. That six weeks in the UK last summer was actually worthwhile.



http://biz.yahoo.com/prnews/040322/nem005_1.html



DUBLIN, Calif, March 22 /PRNewswire-FirstCall/ -- iAnywhere Solutions, Inc., a subsidiary of Sybase, Inc. (NYSE: SY - News), and Eli Lilly, a top ten global pharmaceutical company, today announced the completion of a pilot project in Italy to provide a PDA-based sales force automation solution to Eli Lilly's cancer specialist sales team. The solution leverages Mobile Pharma from iAnywhere to improve the quality and quantity of sales data, while eliminating time spent on paper administration. The iAnywhere® technology provided Eli Lilly with flexibility in the choice of mobile device while enabling it to mobilize its Siebel ePharma (6.x) system, business pages from the company intranet and information from other applications.



iAnywhere configured its Mobile Pharma solution specifically for Eli Lilly, allowing the sales team to capture call report information immediately following meetings with physicians, thereby enabling Lilly sales executives to build stronger relationships with physicians more quickly. The solution will also enable Eli Lilly to get more accurate, timely and pertinent drug information out to its sales force in order to boost productivity.



"Previously, our pharmaceutical sales executives spent a significant amount of time filling out data on paper, which then needed to be transferred to laptops. Eli Lilly realized that this system was not only time consuming, but also affected the quantity and quality of information from remote staff," said Geoff Kretzschmar, European CRM implementation manager for Eli Lilly. "We looked at various mobile options when considering the pilot trial in Italy and iAnywhere's Mobile Pharma was chosen as it offered the most flexible solution. The iAnywhere Professional Services team not only adapted Mobile Pharma to suit Eli Lilly's requirements, it also provided training to the IT administrators."



"Pharmaceutical companies operate in one of the most fiercely competitive industries, and it is becoming increasingly difficult to build strong relationships with physicians in order to enhance sales. Mobile applications offer a means to significantly improve the effectiveness of the sales executive, while increasing productivity and lowering costs throughout the sales process," said Alan Mair, new business development manager at iAnywhere. "The Mobile Pharma trial has given the Italian team of sales executives a more strategic view of the company/physician relationship, as well as easier access to the information they need to be more knowledgeable for the sales calls, such as key product messaging and data vital to the physician. In the future, Eli Lilly can also extend the mobile application to encompass more enterprise information so that sales executives can get all of the information they need anytime, anywhere."



Eli Lilly conducted a user survey with the participating sales executives three months into project. The feedback revealed that there has been excellent adoption among users with a marked increase in the number of updates made to its Siebel system, coinciding with an improvement in quantity and quality of data. Based on the increase in the motivation and effectiveness of the Italian sales force following the pilot project, Eli Lilly is now looking at other implementations of the Mobile Pharma solution across its European businesses.


pLog

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2004-03-18 07:32:33

Successfully determined the problematic Siebel objects today.



1000 Problems retrieving Siebel objects. need to determine which one is failing. Begin troubleshooting with TonyP

1100 Shove Tony off to work on developement/internationalisation tasks. Need to focus, approach scientifically, not trial-and-error

1100 Begin by turning off all objects EXCEPT Pharma Professional Call. Works in IE. Data stream is too large to enable PDA sync, but object is working. Also write some scripts to speed troubleshooting process (automated log flushing, etc)

1130 Turn on Action, (company name) Core Action for Calendar, Account Leave remaining three objects off

1137 Test successful. I have a hunch that the problematic object is actually the last one, so I turn on Pharma Personal Products & samples and Contact, leaving only the last one, Pharma Meeting disabled.

1142 Test successful. Just to be sure I haven't missed something, I turn the last object, Pharma Meeting, back on to recreate the error state.

1144 Error state confirmed. Leaving Pharma Meeting enabled, I begin refining the search on the components.

1145 Disable (company name)coreemployeeinvitee, (company name)coreotherinvitee, pharmameetingpharmameeting, leaving only the pharmameeting component enabled.

1151 Test successful. Re-enable (company name)coreotherinvitee and (company name)coreemployeeinvitee. I have a hunch that pharmameetingpharmameeting is the culprit, so skipping right to it.

1155 Test successful. Pharmameetingpharmameeting object confirmed as the problem. Begin filtering fields. Disabling all except contactFirstName and contactLastName.

1157 Test successful. Re-enabling (company name)CoreClassification, (company name)CorePhoneNumber, address, (company name)CoreCity, Comment, associatedCost.

1200 Test successful. Re-enabling (company name)CoreSpeakerFlag, leaving only callStatus, primarySpecialty and (company name)CoreClassification.

1204 Test failed. Disabling (company name)CoreSpeakerFlag, re-enabling callStatus, primarySpecialty and (company name)CoreClassification.

1206 Test failed. Disabling callStatus.

1209 Test failed. Dang! Is the schema changing as I work? Disabling primarySpecialty.

1211 Test failed. Disabling (company name)CoreClassification. This should work again...

1212 Test failed. Hmm. Resetting back to 1155 test. Seems to be a discrepancy in my own log. Either I've made a mistake or the schema is changing behind the scenes while I've been testing.

1216 Test successful. TonyP looks over my shoulder and suggests that primarySpecialty is the problem. disabling primarySpecialty only accordingly.

1220 Test failed. Disabling ONLY (company name)CoreSpeakerFlag, callStatus,primarySpecialty,(company name)CoreClassification -- half of the remaining questionable fields. These were also among the questionable fields in my previous tests above.

1224 Test failed. Leaving those fields disabled, additionally disable (company name)CorePhoneNumber. The remaining fields worked in previous testing.

1228 Test failed. Disabling all except FirstName, LastName, and associatedCost. I expect this to work.

1230 Test successful. Enabling comment ONLY. 1-by-1 field testing. The 50/50 narrowing is causing me to overlook something.

1233 Test successful. Breaking for discussiong with Dave Thomas and TonyP.

1253 Enabling (company name)CoreCity.

1254 Test successful. Enabling address.

1257 Test failed. Disabling address -- address is definitely a problem. Enabling callStatus.

0100 Test failed. Disabling callStatus -- another definite problem. Enabling (company name)CoreSpeakerFlag.

0104 Test successful. Enabling primarySpecialty

0108 Test successful. Enabling (company name)CorePhoneNumber.

0112 Test successful. Going to lunch.

0217 Logged in, reloaded required files/components/scripts.

0221 Enabling (company name)CoreClassification.

0225 Test successful. Problematic fields determined: callStatus and address. Leaving these disabled.

UK

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2004-03-16 06:41:08

Just arrived in Warwick, UK, at the IBM Data Centre for the mPharma project (company unnamed). Working with TP.



This place is totally locked down. We're terminal serviced to one box, then TS'ing from there to the actual mbiz and mpharma servers. Unbelievable. The actual real-world connections from device to Siebel/Oracle is unreal... we're talking like 6 hops, a VPN connection, and a firewall between the two.



Having access rights issues with c:\winnt\microsoft.NET\ from the mpharma application. Tried adding localhost\everyone and localhost\aspusr with full control rights; no dice.



Will keep playing...

Net::SSH::Perl

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2003-10-06 01:46:26

...is required for Net::SFTP and has dependencies on everything known to man. Looks like net-ssh-perl-1.23 requires a later version than 5.6.1. Joy.



Here's my list of dependencies:



Package Dependencies

dev-perl/Math-GMP dev-perl/string-crc32 dev-perl/math-pari dev-perl/Digest-MD5 dev-perl/Digest-SHA1 dev-perl/Digest-HMAC dev-perl/crypt-dh dev-perl/crypt-dsa dev-perl/math-pari dev-perl/MIME-Base64 dev-perl/convert-pem dev-perl/Crypt-Blowfish dev-perl/Crypt-DES dev-perl/crypt-idea dev-perl/Crypt-OpenSSL-RSA dev-perl/crypt-rsa dev-perl/digest-bubblebabble >=dev-lang/perl-5.8.0-r12



Run-Time Dependencies

dev-perl/Math-GMP dev-perl/string-crc32 dev-perl/math-pari dev-perl/Digest-MD5 dev-perl/Digest-SHA1 dev-perl/Digest-HMAC dev-perl/crypt-dh dev-perl/crypt-dsa dev-perl/math-pari dev-perl/MIME-Base64 dev-perl/convert-pem dev-perl/Crypt-Blowfish dev-perl/Crypt-DES dev-perl/crypt-idea dev-perl/Crypt-OpenSSL-RSA dev-perl/crypt-rsa dev-perl/digest-bubblebabble



Dear god have mercy. And, of course, I have 5.6.1 on avanthost.com. Fuck me. Upgrading perl with all of those modules on a production web server?



I'm so screwed. Fuck!

Wi-Fi SSIDs

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2003-10-03 12:50:49

We were having problems connecting an iPAQ h5550 and a Tungsten C to our Sybase Wi-Fi network. Other iPAQs and our laptops could connect without any problem. It turns out that these PDA devices can only support an SSID of 31 characters and the Sybase SSID is 32 characters. When the SSID is shortened on the APs to 31 characters, things work fine.

more domain issues

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2003-10-03 08:08:05

From: Alison Stone

To: fuery

Sent: Thursday, October 02, 2003 12:27 PM

Subject: Continuing website problems





Dear Johnny,



I'm writing on behalf of Lisa. It appears the mncabinet.com is once again linked to the porno site. Any suggestions?



Thank,

Alison



---



Hello Allison,



The problem hasn't changed. Since your company doesn't own the domain mncabinet.com, the new owner can (and has) post anything there he or she wishes.



What we were able to do was get it removed for awhile and update the search engines databases so that a search for your company name no longer sends potential customers to mncabinet.com.



In my last correspondence with Lisa, I touched on this:



[snip]

Date: Thu, 28 Aug 2003 11:55:39 -0700 (PDT)

From: "Johnny Fuery"

Subject: RE: mncabinet.com questions

To: "Lisa F

CC: "Stephen N



> 1) If the site is now being redirected to

> mnbuild.com, do we need to do

> anything else??



Well, it's not being redirected. Links directly to

mncabinet.com are simply going nowhere -- your browser

displays a "Page Not Found" error. The domain is

effectively dead.



> 2) Do we have to buy back the site from

> Slutnames.whatever or will the

> redirect stand? And do we know whether or not they

> actually "own" it or

> stole it.?



I'm pretty sure they own the lease to mncabinet.com

fair and square. Unethically, perhaps, but not

illegally.



If you actually want a redirect, i.e., typing in

"http://mncabinet.com" yields your site located at

mnbuild.com, then yes, control of the domain must be

reobtained from Smutnames.



Please note that much of the damage has been done,

however. The prominence of mncabinet in the google

search results went away when we asked google to

remove it from it's directory and cache (remember, it

was linking to the smutnames obscenities). I'm not sure

if you agree, but it seems to me that the largest

value of that domain was in it's prominence in the

google engine. Even if it were recovered, I'm

unfortunately not confident that the google placement

would return. It very well may, but it's difficult to

guarantee that behavior.

[end snip]



In terms of options, there are only two choices at this point are:



+ continue the efforts to phase out mncabinet.com. Since the search engines have been updated already, this means making sure that all of the sites you control do not refer to it. It also means keeping your eyes open for links to mncabinet.com in "the wild", i.e., on the internet at large that you do not control and contacting the webmasters of those sites asking them to update their sites. This actually tends to happen on its own (webmasters don't appreciate linking to smut either), but you should nonetheless make certain your own sites are completely updated. This effort is largely complete already; I had thought based on the lack of response from my last message to Lisa (quoted above) that this course of action was the decision.



+ buy control of mncabinet.com from the new legitimate owner. He quoted me $500 in my initial correspondence with him. I can handle this or I can simply forward you his contact information.



Let me know what I can do for you.



btw, thanks for the opportunity to work with you.



Johnny Fuery

925.997.3878

DOM, da-DOM, DOM, DOM

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2003-10-02 16:23:19

tinyJS can traverse the DOM when using a 5.3 enterprise client!



(Syncing AvantGo Client 5.3, Enterprise, against the MyAvantGo/AMI service... I'm assigning an option value held in a select pull-down list to the window.location object for navigation purposes.)

IT Certifications (article)

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2003-09-29 22:55:27

http://story.news.yahoo.com/news?tmpl=story&cid=620&e=2&u=/nf/20030929/bs_nf/22380



I should get some of these with Sybase's education reimbursement program -- especially if my St. Mary's classes won't be covered.

Can't get perl to attach to ASA

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2003-09-29 01:54:53

I'm having a heck of a time attaching to ASA from perl. Here's what I did (on win32):



+ installed Apache 1.3.x

+ installed ActiveState perl

+ installed ASA 8.0x

+ installed DBI and ASA::DBD using PPM



I can log into ASA from the query manager (i've loaded the data correctly now, btw). I've copied the credentials verbatim from what I'm using in the query manager GUI and I have the following connect string, which I lifted from the ianywhere website ASA DBD documentation:



use DBI;



my $database = "INTEL_MSI_CONFERENCE_DATABASE";

my $data_source = "DBI:ASAny:$database";

my $username = "UID=DBA;PWD=sql;ENG=intel_msi_conference_database";

my $dbh = DBI->connect( $data_source, $username, 'na' );



I have played with the case of $database, uid, pwd, and eng. I also tried replacing 'na' with 'sql' in the last statement -- in connect strings I've used in the past, this third argument has been the password.



There are a couple of add'l combinations I can try...

Loading an ASA database

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2003-09-25 11:46:31

Pretty easy. The toolkit is not as straightforward or feature rich as MS SQL, however.



Loading data for the intel conference wi-fi project... Developing from two screen shot mockups and a data model. Yay.

Cancelled my blackberry service today

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2003-09-23 15:29:13

May another badge of geekdom rest in peace.

pods for ami?

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2003-09-19 01:35:08

Ugh! So I'm supposed to build this app launcher piece of shit, which should take me a whopping hour to do, and I can't because I don't have the right pods.h -- the app has to run on the service.



Fuck me!



One day, we'll be big enough so that the damn thing is included with Embedded Visual Tools. NOT!

gobcl.com does PDF conversion now, too

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2003-09-16 15:42:19

Used to be just conversion to html. That rocks... send off a doc to pdf@gobcl.com, and voila! PDF of your doc in your mailbox.

Bridging two wireless networks

Posted by Johnny Fuery on Thursday, January 14, 2010 , under | comments (0)



Originally Published 2004-03-02 12:24:45

Found on comp.os.ms-windows.networking.windows via google groups. Poster was anonymous ("Jim"). The most complete discussion on the topic that I've seen.

--Ok, hold on...

So you each have and will continue to maintain your own broadband access.You just want to "bridge" these otherwise disparate networks for some filesharing. Each of you has a 24/7 PC for Internet routing purposes (which youintend to maintain), but no hardware routers are currently in use, justswitches.

Solution # 1:

Peer-to-peer. This is by far the simplest and cheapest solution, theconstraints are range and antenna placement. What you can do is installwireless network adapters (I prefer USB-based, one w/ a 6' cable is ideal)on each network (config'd for adhoc mode, not infrastructure). NO AP (accesspoint) is involved. I would place them on your respective 24/7 PCs, sincethese already provide routing services to your respective Internetconnections. It should be a trival matter to ADD the remote networks tothese routers. Of course, you could use ANY PC, the 24/7 PCs just make sensesince they're always available and already have routing software. I can'tspeak to the flexibility of ICS in this matter (you didn't mention yourcurrent software), I don't use it myself, I typically use a hardware router,or when software-based, WinGate, WinRoute, etc.

Again, it's a matter of range. I find that even a few inches in theplacement of my antenna can be the difference between connecting and NOT, soI tend to stay away from PCI card and PCMCIA solutions. IMO, USB-based w/cable works best, I have the flexibility of working on almost any PC orlaptop w/ freedom of movement.

SPECIAL NOTE: On a peer-to-peer setup, you might want to be especiallycareful in comparing products. Some brands are notoriously BETTER in termsof range than others, so it might be worth a few extra $$$ to get a pair ofthese HIGH-END wireless adapters. Check the specs and visit some hardwarereview sites for comments (which you should be doing for ALL the equipmentmentioned here anyway!).

Solution # 2

Infrastructure (AP-based). In this case, you use two APs (access points),each patched into an available LAN port (wired) on your respective LANs. Inturn, the APs are bridged to each other wirelessly. The advantage of thissolution is RANGE and SIMPLICITY. It's the functional equivalent of using acrossover cable. The APs simply move traffic back and forth between theswitches. For all intents and purposes, you have a SINGLE, LOGICAL network.It can get more complicated, depends on what you want. For example,depending on the AP purchased and features, it may come w/ its own DHCPservice, firewalls, etc., thus you could each maintain some isolation, somecontrol over your respective networks, even use different IP addressingschemes. You would have to resolve the issue of whether you have a shared IPpool, which may have to be negotiated w/ the DHCP services provide by theAPs (if featured), or subnet your networks to avoid potential IP conflicts.None of this any different than if you were connecting "wired" networks, sono point in elaborating here. Sometimes people want separate networks andthus "route", other want ONE network, thus "switch". The wireless issues arebasically the same as wired once bridged. Depending on AP product, youroptions may be limited, so check carefully (of course, more features == more$$$).

In general, an AP-based solution is more likely to give you greater rangesince that's it's primary function. Since it's patched to your switch, youcan also have a VERY long lead, anything within the Ethernet spec (~300 ft,as I recall). In other words, you don't become BOUNDED to the placement ofyour PC as in solution #1, instead, it's a function of where your switch isPLUS the distance of the CAT5 cable. You can stick the AP up high, out awindow, whatever makes sense. Considering that BOTH of you could do this,you can potentially deminish the PHYSICAL distance between the APssubstantially, thus increasing the EFFECTIVE range. And you can add as manyAPs as you need to extend the range even further, creating a "chain" of APs.A very powerful solution. However, they can get expensive for thefull-featured models. That's why I suggested the peer-to-peer solutionfirst, it may work just fine, especially given the distances mentioned,line-of-sight, no other 2.4GHz interference (assuming you go 802.11b), andnot many obstacles. It's worth trying anyway, esp. since you have all theother necessary elements established (24/7 PC, routing software, etc.). Acouple of D-Link DWL-120 wireless adapters here in the U.S.A. might run$20-40 USD, either after rebate if new, or used off eBay. An AP, incontrast, could run from $80-200 (or more) USD depending on features.

Btw, the peer-to-peer solution's range can be extended considerably (haveheard of 3-5 miles in cases!) using after market antenna, concentrators(ideal for line-of-sight), etc. There are even websites dedicated to the"pringles can" solution (search Google). But don't underestimate the rangeof basic 802.11b wireless (esp. w/ line-of-sight), there's a reason hackersare continually invading unsecure corporate networks from basic, unenhanced802.11b wireless laptops on park benches ;)

Solution # 3

APs (infrastructure mode) + wireless adapters. In this example, you maintaincompletely separate networks and allow each other access via your respectiveAPs like any other wireless clients, such as laptop roamers. This config isclearly the most expensive so far (just more equipment), but highlyflexible. You could isolate access to the other's network to a single PC,i.e., wherever you wish the wireless adapter to be installed. Why might youconsider this? Because I'm not sure that your APs in solution # 2 wouldallow bridging *AND* local wireless access (roamers via infrastructure mode)AT THE SAME TIME. Maybe most APs do, maybe not, again APs vary widely as tofeatures, you need to check. But if you went w/ solution #2 and bridged,roaming might not be supported. Using the solution proposed here, you arecapable of supporting BOTH your neighbor and roaming clients because BOTHAPs are running in infrastructure mode, NOT bridged, so EVERYONE is happy.But of course, roaming may not be of concern to you, it's your call. Youcould always replace your switches w/ wireless routers sometime later toresolve that limitation. Just something to think about.

Solution # 4

Wireless Routers + AP. You could replace your existing switches w/ wirelessrouters (w/ integrated switch). Or, just supplement each of your currentswitches with a wireless router (simple crossover cable will do). Then useONE (possibly TWO or more if range is insufficient) APs to bridge them. Mostconsumer oriented wireless routers (e.g., D-Link DI-614+, Netgear MR814) doNOT support bridging, a requirement for your purposes. But they DO support abasic, simple AP for roaming wireless clients. The fact that these deviceshave LIMITED AP functionality is what keeps the prices down! But they'restill great products, they give a small, local networkswitching+routing+wireless in ONE, neat little package. Frankly, I stronglyrecommend hardware-based routers over your current software-based router.You created a dependency that has many negatives, like time-to-boot, heat,power usage, probably security vulnerabilities, cost of licensing, amongothers. In the end, it's usually cheaper and easier to buy a hardwarerouter, at least here in the U.S.A. (running $40-50 USD). If you can believeit, I recently picked up a Netgear MR814 for a measly $20 USD.

The only remaining issue is, how to bridge them. That's why you need atleast ONE AP (note how solution #2 required TWO APs, because you didn't havethe wireless routers as in this solution to BOOT the process). So a singleAP may be sufficient to bridge the wireless routers (if not, add more), andcould EVEN be placed mid-way (which may be ideal, depends on conditions),like at a third (otherwise not-involved) neighbor (or maybe the pole youspoke of, just kidding)! Or you can simply patch it to one of the twonetworks over a LAN port, and your neighbor's AP can reach it in bridgingmode. Your choice.

The nice part here is that you've greatly improved your local LANconfiguration (IMO) with the wireless routers, irrespective of anythingelse. So even if at some point, this relationship breaks down, neighbormoves, etc., you still have use of your investment, just add wirelessadapters and your off. The additional costs comes in the way of that AP,something you could probably agree to split, and you're done(equipment-wise).

Solution # 5

Wireless Routers + wireless adapters. Essentially, this is a hybrid ofsolution # 1 and #5. It assumes the range is sufficent with wirelessadapters as in solution #1 but drops the APs of solution # 4 (to save $$$),for the less expensive wireless routers (as you recall, switches w/ low-endAPs).

By now, I hope you're getting some of this. You're just allowing access toeach other's networks as roamers, hopefully in range like anyone visitingyour home w/ a wireless laptop. Actually a very simple config, probablyeasier to understand and configure than any other solution here. No APs, nobridging, no reconfig of software routers (no routing at all frankly, you'rejust PURE wireless clients to each other networks). It does limit you to aSINGLE client machine, however, unless you are willing to introduce routingon the machine w/ that wireless adapter! In that case, you're back tomanaging a software router again (maybe ICS, or maybe a simple bridgeconnection under WinXP will do, not sure), which sort of defeats the purposeof having invested in wireless routers. This solution works best IF youreally only need access to the other network from a single machine. It'ssimple, effective, but limited.

Summary

That's basically it (as I see it), there are lots of nuances, of course. I'mgiving a BROAD picture, there are even competing wireless standards, withvarying range and capabilities. For this discussion, I've assumed 802.11b(2.4GHz) wireless since it is cheapest and readily available. It's limitedto 11mbps (by spec), but actual is closer to ~2-4mbps (btw, SHARED,HALF-DUPLEX), under good conditions. Under stress, (extended range, other2.4GHz devices, other wireless networks, even weather), range may drop to1mbps or less. I've already outlined possible workarounds, from third-partyantenna to APs. Then there's 802.11a, its theorectical throughput issubstantially higher >50mbps (actual, probably ~20-25mbps under ideal conditions), but it achieves that at the expense of range. It may notfulfill your needs UNLESS you supplement it w/ range extending solutionssimilar to 802.11b. And then there's 802.11g (not even a standard as yet),which is backward compatible w/ 802.11b (note, 802.11a is NOT backwardcompatible w/ 802.11b, one of the reasons it's faultering in the marketright now). Confused yet? We're now seeing dual-mode (802.11a/b) and eventri-mode (802.11.a/b/g) APs, wireless adapters, and routers!!! Even moreexpensive, but these provide LOTS of options, esp. if you're not sure whatwill work best for your circumstances.

In the end, YOU will have to decide what makes sense for your circustances,and you may make a mistake or two along the way, be daring and at least tryit. A little experience and you'll probably come up w/ your own uniquesolution. But almost ANYTHING will be better than trying to lay down CAT5between your homes, that solution is problematic.

corrupt fonts

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2004-03-01 16:46:42

Ran across a box that didn't display the basic system fonte correctly anywhere... it was like Arial had disappeared. Then when adding fonts, the font folder immediately showed nothing (even though the font obviuously loaded).



I blitzed the entire fonts directory and reloaded it from a ghost image. No dice.



What worked was reloading all of the font related regkeys in HKLM\software\microsoft\WindowsNT\CurrentControlSet\



FONT*

and

GXE_init



What a pain in my ass. This took way too long to resolve.

Sync still Rules.

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2004-02-11 16:07:21

Some positive publicity despite my low morale:



http://techupdate.zdnet.com/techupdate/stories/main/Sybase_and_iAnywhere_for_database_synch.html?tag=tu.arch.link



"In the interest of mobilizing database applications--particularly ones that require some form of synchronization--few solution providers give you the freedom and flexibility that Sybase and iAnyWhere do."

tidbits

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2004-01-30 15:54:12

Stored Procedures in MS SQL come with the schema file in mssql/data. Just cut my deployment time in half. Wee! No query analyzer for me today...

unicode defined

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2003-11-17 16:25:42

Good shit.



http://www.joelonsoftware.com/articles/Unicode.html

Corporate IT sucks

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2003-11-12 10:57:17

So here I am with two machines -- a laptop and a desktop -- and I can't install Visual Studio for .NET on either of them.



My desktop was Kuwaited by my corporate IT cops and my administrator privileges were removed, so my developer platform just became a friggin' email and web client. Um, excuse me? I'm a developer? I might need to install, oh, I dunno, WINZIP? F'k me.



My laptop was delivered to me with local administrator privileges (which I used to promptly disable EVERYTHING... Remote admin, Terminal Services, Timbuktu... hahaha! If you want to eavesdrop on me you'll have to do it the old fashioned way: monitoring my network traffic!) so I can install to my heart's content, only I don't happen to have the XP Pro installer, so I can't install IIS. AhhhhH! My grassroots sources failed, and IT tells me that they can't loan me an XP CD (even though they have 400 of them lying around) because it's not supported.



Um, excuse me? It's not like I put XP on this mother f'ker myself here! I'd have been perfectly happy with Windows 2000, but you guys gave it to me like this!



F'k me. I mean, seriously. The logic of all of this escapes me completely.



Oh well. At least I have WiFi.

ActiveSync, Pylon, and AvantGo not playing nice

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2003-11-06 10:49:23

11/06/2003 07:14 AM

Subject: ActiveSync error





Hi,

Error just started occuring.

ppc2002 device with avgo 3.3 in rom.

activesync 3.7

installed avgo 5.1.60



everything was fine yesterday and this morning, but now im getting the following error when syncing via activesync...



"device components missing or out of date".



modem sync works fine (device connected to computer via sync cable)

uninstalling and reinstalling avgo client doesn't fix the problem.



anyone seen this?



--



11/06/03 09:42 AM

Re: ActiveSync error



Yeah, I've seen it. The good news is that it's Microsoft's problem. The better news is that you can get around it by closing all the other apps on the device, then syncing.



Look out for the gators.



--



You can also fix it by getting the latest AvantGo client and the latest Pylon Anywhere client. The problem is that Pocket PC 2002 has a fixed VM size of 32mb, and so if you are running a few things, whoever comes last doesn't have room to load their dll's. Remind you of windows in the old days?



At any rate, Synchrologic did a lot of work in the 5.2 client specifically to work better with our client (you could have argued that it was our problem as much as theirs, but you know how easy it is for us to blame things on other software). They did more work in 5.3. If you have either of these versions, your problems should go away. However, I would recommend getting at least our 5.2 AG client as well.

Services vs. Sales

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2003-10-27 13:50:02

Courtesy of a chain mail letter rec'd from Kerry:



> A man in a hot air balloon realized he was lost. He reduced his altitude and spotted a woman below. He descended a bit more and shouted, "Excuse me... can you help me? I promised a friend I would meet him an hour ago, but I don't know where I am."

> The woman replied, "You are in a hot air balloon approximately 30 feet above the ground. You are between 40 and 41 degrees North latitude and between 59 and 60 degrees west longitude."

> "You must be in Professional Services," said the balloonist.

> "I am," said the woman, "How did you know?"

> "Well", answered the balloonist, "everything you told me is technically correct, but I have no idea what to make of your information, which means I'm still lost. Frankly, you've not been much help so far."

> The woman below responded. "You must be in sales."

> "I am," replied the balloonist, "but how did you know?"

> "You don't know where you are or where you're going," replied the woman. "You have risen to your present height due to nothing more than the buoyancy of hot air. You made a promise which you have no idea how to keep, and you expect me to solve your problem."

> She continued after a moment: "Moreover, you are in exactly the same position you were in before we met, but now, somehow, it's my fault."

Sendmail vs. Qmail

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2003-10-15 22:16:10

Sendmail vs Qmail

Extracted from askslashdot

Tip provided by ?

ChiChiCuervo asks: "I've been wrestling with Sendmail for the past few months

because it's configuration system is a nightmare. So I was wondering what the

differences between/benefits of each (sendmail and qmail) mailer were, and what

everyone thinks of each."



Differences :

Well, there are some. At first, sendmail is an old dog - it's being hacked on for

long, much code was removed and much new was added. That's why it is at 8.9.2 now.

Of course, this gives you some kind of "guarantee" that is portable, stable and bug

free - however, there were posted many attacks against sendmail in the past which

is a nightmare from the PR standpoint. However, it really has matured and you are

on the safe side, if you use a modern version. qmail was written "with security in

mind", if you need a quick solution for e.g. a secure gateway, you should use qmail

instead of sendmail.

The configuration of both is fundamentally different. If you want to try sendmail,

you should really consider to get the sendmail book from O'Reilly, I would not have

been able to do anything useful with sendmail without that book. The documentation

on sendmail is rather non-existing, at least I have not found anything on the net

which describes sendmail comparable to the book. Once you understand, how sendmail

works, it is really easy to setup and maintain. You can do about everything you can

think of using sendmail's configuration file. You don't need to hack the source

code to use e.g. a new mapping for domains.

On the other side is qmail: It has its control files, a simple directory with 5 to

30 different files containing one special configuration (e.g. virtual domains or

host infos). These are explained nicely in their respective man page (man

qmail-control). However, I feel uncomfortable doing anything extended with qmail. I

don't like the structure of the source code, you have to dig far into it before you

understand how the things work.

Over the past, I've converted my personal boxes to run qmail. Why? There is no

special reason. Perhaps, because sendmail is updated every once in a while, while

qmail is at 1.03 since months (years?).

I'd recommened to try both - set up a personal system and play a little bit with

each MTA. Learning to administer a system is the most fun sport in the world :-)



Sendmail vs. Qmail :

Qmail is a much smaller mail server, and it lacks many of the features that most

mail servers have today. It has no spam filtering whatsoever. For example, unlike

sendmail, it does not verify the domain of the envelope sender, to make sure that

it resolves in DNS. It has no support for the RBL, the current sendmail supports

the RBL natively. Also, unlike sendmail, Qmail can't reject E-mail addressed a

mailbox that doesn't exist. Qmail will accept the E-mail message, and then it will

generate a "no such user" bounce internally.



But that's just the standard feature set. If you want extras like that, you'll be

able to find a patch or an add-on, somewhere, because chances are that someone has

already done it. Qmail's author has a reputation of being very inflexible, and over

the last couple of years people have come up with a plethora of patches and hacks.



Qmail's biggest problem is sending E-mail to many recipients. If you have a large

message with many addresses in the same domain, sendmail will connect to the

receiving mail server once, and it will send one copy of the message. Qmail will

connect multiple times, in parallel, and transmit a separate copy for each

recipient. If you routinely send large messages to many addresses, you'll waste a

lot of bandwidth. You can think of it this way: sendmail is optimized for saving

bandwidth, Qmail is optimized for saving time. If you have good bandwidth

available, Qmail will be faster. If you have limited bandwidth, and generate a lot

of mailing list traffic, sendmail will be faster.



Don't overlook the security aspect. Sendmail is bloatware. It's been hacked,

revised, and patched for years. There's so much bloat in there, Bill Gates is

envious. If it weren't for sendmail's existing large user base, Eric Allman would

be laughed off the Internet. On the other hand, Qmail is smaller and leaner, but it

still provides the basic SMTP functionality. Although the source code is not very

well commented, you'll be able to figure out how to get things done, if you need to

patch it.



One of the nice features of Qmail is that it supports an alternate mail storage

format, that's directory-based, instead of one huge file containing all your

messages. If you do a lot of POP3 serving, you can save a lot of CPU cycles and

disk activity with Qmail. Unfortunately, Pine does not natively support this

storage format. But, again, there are patches for that out there.



There, that should give you a rough idea of the strengths and weaknesses of Qmail.



Advantages of Qmail (mailing lists) :

Qmail had the advantage of having each user be able to set up a mailing list

without root permission. Thus, the "foo" account could create mailing lists called

foo-slashdot, foo-linux, foo-chickens, and foo-spam all without root permission.

For better functionality, there's ezmlm (EZ Mailing List Maker) which adds things

like auto-subscribe and unsubscribe, indexing, and all the other fun stuff you'd

see in Majordomo, but all CLI driven - few files to edit.

I've found that Qmail works great for small machines, and installed them for

domains where I have only a few accounts (or have to manage mailing lists). Larger

sites may want the vast configurability of Sendmail instead.



Postfix :

If you're gonna be looking at alternatives to sendmail, you should also check out

PostFix. (Used to be called Vmailer.) It was written by the same guy who wrote

TCPWrappers.

I've never configured it myself, so I don't know how easy or hard it is, but you

should have a look for yourself. We're running it at work, now, and it outperforms

sendmail by a fairly large margin.

http://www.postfix.org/

If you do stay with sendmail, I stronly urge you to use M4.

Here's how to do it on a RedHat system:

First, create your mc file:



# cd /usr/lib/sendmail-cf/cf

# cp redhat.mc myconfig.mc

# vi myconfig.mc





Customize it using information found on the links from http://www.sendmail.org . Pray for

divine inspiration.

Now build a cf file:



# cp -p /etc/sendmail.cf /etc/sendmail.cf.orig

# m4 ../m4/cf.m4 myconfig.mc > /etc/sendmail.cf

# /etc/rc.d/init.d/sendmail restart



Good luck!



Sendmail configuration nightmare-> SOLUTION :

Check this site



http://www.harker.com/webgencf



Also check out Exim :

Open source, very easy to configure, quite secure. Big installations would probably

prefer Postfix but I like exim and run it at home and so (now) do all my friends -

I also hacked up a mailing list manager for it.

http://www.exim.org/



Easy Sendmail Configuration w/ Linuxconf :

I use sendmail because linuxconf will generate all your configuration files for

you. It even does virtual hosts. So grab sendmail and linuxconf:

http://www.solucorp.qc.ca/linuxconf/



Use postfix :

I've never actually used sendmail, but I've looked at the config files, and they

look nasty. sendmail also is a big suid root, sgid bin binary which scares me to

death.



qmail is easier to configure, a whole lot more secure (from a design standpoint, I

neither know nor care how many holes are actually left in sendmail), and allows

users to admin their own lists (which is quite useful). It, however, is not a

sendmail replacement. It doesn't use .forward (which all of your users probably

use), it doesn't use /var/spool/mail (or the incorrect /usr/mail, /var/mail or

/var/spool/mail) but instead insists on putting mail in the users home directory.

It also lacks some of the more obscure features of sendmail (such as mail to news

gateways). I would say that qmail is just fine if you're the only user of your

system or if you have all very educated users. qmail's license prohibits

redistribution differing from the original package unless said distribution is

approved by the DJB (the author)



Postfix (www.postfix.org) is a new mailer by Wietse Venema co-author of SATAN and

author of TCP Wrappers and it's very cool. It was designed from the ground up to be

secure. It has an extremely easy to use configuration syntax allows for mail to be

places either under the users name in a specified directory (/var/spool/mail) or

under a specified name in the users directory, and allows for mbox or maildir

formatted mailboxes (most people use mbox, but maildir has better integrity). It

also is extremely flexible and can (I believe) do everything that sendmail can at

this point. It also allows for users to maintain their own lists. Basically the

only reason I would suggest you choose something other than postfix is that postfix

is currently in Beta and still under development. (Note that I'm not saying it's

not stable. I've been running it and it appears quite stable and secure to me, but

it is beta software) postfix is licensed by IBM and the license is sort of odd: it

tries to guarantee that the source will be available but makes if very clear that

all changes are to be available.



In summary:

* If you absolutely demand truly open software, use sendmail. Though the other

two licenses aren't awful, they leave much to be desired.

* If you're running a large server and demand high security (i.e. Hotmail, pobox,

Yahoo), do a lot of research and write your own so that it's optimized to your

system.

* If you have a bunch of lusers; you don't demand much security, and don't have

time to keep up with updates to a beta daemon go with sendmail.

* If you are the only user on your system, or it's just you and your Linux hacker

buddies and you don't want to bother with keeping up with updates to beta

software go with qmail

* If you want a really cool MTA and don't mind tracking updates (about one a

month) go with postfix



Qmail is quick and simple :

Qmail is the best if you want something secure and easy to configure. I was able to

set it up in about an 2 hours compared to 2 days with sendmail, and I still didn't

have sendmail working how I wanted it.

It will do many of the things that sendmail does - you just need to download some

additional packages. Qmail will do .forward with the dot-forward package, you can

use procmail or what ever one you want. You can use the /var/spool/mail setup all

you have to do is change a setting in the /var/qmail/rc file. It contains great

documentation.

It has some spam filtering abilities with add-on packages. I am using it on a

dial-up connection and masquerading as another user and machine. It will work with

pine, just just need to set some env variables and use /v/s/m



Qmail runs very well :

I've been using qmail for a couple years and it works great. It does feature SPAM

filtering and prevention techniques, though some of them aren't distributed with

the man package. However from being on the qmail mailing list for a while I can

tell you SPAM prevention was a big focus.

Additionally when paired with serialmail qmail runs really well over modem links.

You can setup a virtualdomain to hold mail in a queue until a user connects and

then flush the mail to the users personal linux box for delivery into user's

mailboxes. I realize this can be done with other tools, but qmail does this easily

and it works great.

Also regarding a POP server, personally I use a patched version of the University

of Washington's POP/IMAP server and it runs really well. I know a large ISP who

does this as well.

Finally you may be interested to know that there are some very large sites on the

net using qmail, or at least they appear to be (you never know for sure). I believe

Rocketmail (or maybe it was hotmail), and Internic were both believed to be using

qmail.

Overall I highly recommend using qmail, it runs great and is easier to configure

than sendmail.

Comments

On 2008-12-24 09:54:21 wwe superstars said:
I’ve been using qmail for a couple years and it works great. It does feature SPAM
filtering and prevention techniques, though some of them aren’t distributed with
the man package. However from being on the qmail mailing list for a while I can
tell you SPAM prevention was a big focus.
Additionally when paired with serialmail qmail runs really well over modem links.
You can setup a virtualdomain to hold mail in a queue until a user connects and
then flush the mail to the users personal linux box for delivery into user’s
mailboxes. I realize this can be done with other tools, but qmail does this easily
and it works great.
Also regarding a POP server, personally I use a patched version of the University
of Washington’s POP/IMAP server and it runs really well. I know a large ISP who
does this as well.
Finally you may be interested to know that there are some very large sites on the
net using qmail, or at least they appear to be (you never know for sure). I believe
Rocketmail (or maybe it was hotmail), and Internic were both believed to be using
qmail.
Overall I highly recommend using qmail, it runs great and is easier to configure
than sendmail.

pagefile framentation

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2003-10-09 11:01:26

***Read the following if your machine seems to do excessive I/O during even simple UI operations (like repainting the active window).***



Since getting my new hard drive and XP template a few weeks ago, I had noticed that my machine performance was exceedingly poor. The OS appeared to be I/O bound on most common operations. I didn't suspect fragmentation initially, because the OS had just been templated and there was plenty of free space. However, doing a defragment analysis showed moderate filesystem fragmentation. I did a defrag, but performance gains were marginal. Then, I came across the following article: http://www.cyberwalker.net/columns/nov01/081101.html



The problem appears to have been fragmentation of the pagefile. Doing a regular defragment with the built-in Windows defragmenter will not fix this problem (if you are using a 3rd party defragmenter like Diskeeper, you may not have this problem). After following the instructions in the article, my machine performs dramatically better. As an example, the minaccept test suite runs for me in about 1/3 the time it took yesterday, and Notes and IE are responsive enough to use while the test is running. Caveat emptor, but if you are having similar problems, take a look at this.

Million Dollar Baby

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2005-01-24 03:23:23

I enjoyed it a lot. I'm glad I saw it... I could've easily have passed.



It almost made me cry, and I didn't even identify with any of the characters.

Happy Friday

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2005-01-21 19:46:49

House got bid up to over $700K. Ouch. I wonder if I can even finance that.



I picked up a roller today and painted for a whopping 15 minutes before I had to go lay down.



Sigh. I soooo need some exercise.

In Good Company

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2005-01-20 03:59:53

...was wonderful. I loved it. Films like that are why I go to the movies. Yes, there are better movies, and it's certainly not oscar material or anything, but it was so incredibly human.



Not every character was developed -- only the two main characters. Scarlet Johansson was little more than a pretty filler (but oh my god, what a filler... guh... she makes me weak in the knees), Malcom McDowell was on screen for less than a minute, and I don't really even remember anyone else (except that Quaid's wife had big lips... Eazzzzy on the botox there, lady!), but for the believable sappiness and father-figure heart-tugging, Amen.



Topher and Dennis were great. When did Dennis Quaid get to be over 50? And the little kid on That 70s Show get to be my age?



I always thought he was clearly in the Gen-Y crowd.



Speaking of... wtf am I? I'm technically gen-X (77 was the cut-off), but I really am right smack in the middle. None of my gen-X friends listen to quite the same music I do. (Must be that profound respect for hip hop and house music combined with the ownership of ever Blink 182 CD ever published.) And none of my gen-Y friends are ready to think about buying property.



Love being a tweener... gives me such a feeling of... belonging. Not!



Anyhow... a final note on the movie -- it makes you feel good, but doesn't give you the happy ending you expect (the one you will, if you're honest with yourself, find yourself hoping for). What one hopeful cynic named Fuery might call a happy realism.



Yes, it's cheesy. But it's good cheese.



--



Holy Shit! Just heard on Fox News (on in the background -- gotta keep up with the right-wingers so I can argue with them, you know): Stan Lee is getting 10% of the proceeds from the Spider-Man franchise. AND a cut of all toys and spidey merchandise since sometime in the 70s.



Love to manage that fund... Hey Stan, you wanna invest in some real estate?



--



The inauguration starts in a few hours... only four full years left from today, guys.



There is always a bright side.

Comments

On 2008-11-08 23:29:40 watch that 70s show said:
well i didn't see that movie till now. Would like to see if its so good as you are saying.

On 2009-08-10 17:35:13 songs said:
Plot was really nice.
Its surely one of more enjoyable movies came out from 2004.
Topher's acting was outstanding.

Bidding Wars

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2005-01-20 03:15:27

Didn't get the Montclair place. Upped the offer to $640K after much discourse, and it was still passed over.



Made an offer today on a triplex in Alameda for $660K. Hoowah. It's a lot, but it'll gross $3700+/month. Nice numbers.



Watched Sex and the City earlier tonight. Not my most heterosexual moment, I know, especially since the show centered around the girls' interaction with "gay boyfriends". Mrs. Broderick did, in fact, remind me of an ex for a second and a half there. Only took me three years, eh, Manda? Heh.



Anyway. One of the girls (still don't know their names) took photos with her soon-to-be ex for a magazine. "Trey [had moved out] before the magazine hit the newstands, but millions of women and little girls across the country wished for [that couple's] life." The theme of the show was something like "Relationships look different from the outside."



See? It's not *that* weird for me to watch it. Is it?



Oh boy.



--



Well, if it makes you feel any better, I watched Batman, Mask of the Phantasm today too. And I'm reading "The Sciene of Superheroes".



Both juvenile, but decidely masculine. I think. :-D



--



I need a workout. Bleah! I wonder if I can handle a stationery bike with my brace on.

Captain's Log

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2005-01-18 03:24:27

Went to Sac yesterday. Saw Auburn with Becky & Frank.



I think I might move up there for a few months. They have a guest bedroom that's a decent size. Instant family, instant new nephews (yay for their cute new cats), instant mini-renaissance.



I'll be back a lot. Stuff to do... rent 2 units in Concord, 1 in Livermore (yikes, bad month!), finish my family room and paint my house, rent Dublin, and sell MusicRip.



I made an offer today on a 2000 sq ft home in Montclair. There goes another 610K. Wish me luck.



In other news, I have a CAT scan next week. I'm... oddly anticipatory. Not anxious, really, since -- mostly because I'm feeling pretty mobile (don't ask me to bend over or anything, but I can sit (not lay) through a movie in a recliner now with Ibuprofen).



I did stand up and hit my head today on John's doorjam (he's got a low one). It hurt sooo bad. I didn't feel any nerve stuff, but I needed to lay down for awhile.



--



I spent a couple of hours today with my mom. She made an offer on a condo in Walnut Creek (yay for her).



It was weird. I saw a lot of people today, actually... Don, Kelita, Sarah, David, my mom, Gabe... the sensation was odd, to say the least.



The all look to me as a hero (!). David, referring to the rental unit they're adding on, told me that they've been inspired by me. Later, I found myself saying, "I was just lucky" to Don's reference to me as the guru of leverage. And John said something about "keeping up with the Johnnies."



It was strange... I felt pride every time, but yet, embarrassed, too.



I like being listened to. They all look at me with such admiration and respect now. It rocks. And I have inspired them all -- however indirectly. Heck, I think I can take credit for everyone from Raj to Surrino... and all the Jonathans and Davids in between.



But there's a very fine line between admiration and awe. And you can't tell people with awe that you cry sometimes.



--



My mother and I had a conversation about coffee today that segued into a discussion about addiction. I found myself telling my mother that responsible use of drugs -- legal or not -- was no worse than enjoying a good cup of coffee. I threw in my disdain for ephedrin marketed as health food as well. And, of course, I casually called addiction to ritalin, alcohol, or antidepressants "worse than using a mind-altering substance like E or Coke once or twice a year in a safe environment."



Then there was the comment on how incarceration for drug use was preposterous. "Fine, if you don't want it in the country and kids shouldn't use it, then make it a civil issue. Cite them and have them pay a fine!" Let drug users contribute to the budget, not be a drain on it, right? Massachusetts does that for Marijuana already.



She replied so diplomatically I just had to let it go... I asked her what she thought, and she said, "Well, I'm really conservative, so I'd be afraid to use anything."



She made it so personal... you can't "discuss" after that. I let it go. She obviously didn't want to even get into it, which disappointed me.



I guess we're just so different that you can only hope for a superficial interaction. Bummer.



--



So Nathan & Jeremy (twins brothers -- childhood church acquaintances) are "pioneering". The JWs have this deal where you're encouraged to proselytize to the extent that 90 hours a month makes you worthy of mention in front of the whole congregation and otherwise lauded as a super-pimp. It's completely... oh hell, this is public, so I'll try to be objective... blah! It's a sign of complete dedication to the lifestyle and religion.



Thing was, I always felt like those boys were basically troublemakers. Our parents had it all backwards... Corban and I got into trouble (loved that year-long game of tag we had going at every church meeting, for instance) a lot -- but were basically good kids that tried to be pleasing. I thought that those guys really didn't care -- sorta like the progidal son's brother that says "yeah, sure, I got it dad" and then goes and jerks off, father be damned. (y'all don't remember that fucker, do ya? Go re-read the parable, christian boy)



Anyway. Looking back on it, now, I realize that she was saying it because she was poking me with it -- "unlike you" was unsaid at the end. She said it with admiration and a little bit of... resentment? That's a little strong, but sorta.



The awesome part is that I'm so aloof -- so completely outside of her circle of influence -- that I completely missed it. I thought it was funny and ironic that "those boys" were dedicated "pioneers".



The mother-son projection of her disappointment in me was completely overlooked on my part.



How do I feel about this?



Triumphant. Hers is not my pain.



And just a little bit of sympathy. (It's all I can do. "mom" is a relative statement, if you know what I mean.)



--



I guess my feelings on drugs mean I'll have a lot of explaining to do when I run for president.



:-)



--



Saw Jamie and Jim at Starbuck's in CV today. It was good to see them. We chatted for a minute -- she got a new car, I broke my back, etc.



I went to the bathroom, came back, and they were gone.



The dynamics were the same as they always were. He was polite, but disdainful, and she was genuinely happy to see me and open.



Ahhhh, old flames. I wish he'd get over that. It's only been 2.5 years... and it would be cool to (just) skate with Jamie once in awhile.



C'mon, man! I promise not to have sex with your girlfriend, ok? Really! I'm swearing on it in a public forum!



(For the record, so you don't have to go searching through archives, she and I went out for a little less than a month, and it was almost a year before he even met her.)

Eternal Sunshine of the Spotless Mind

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2005-01-16 02:50:23

Wow.



If you had to do it all over again, would you?



If you had the breakup letters in hand after the best first date you've ever had, would you do it, knowing it's a repeat, or might be, but not remembering the how or why?



Would it be worth it? When would knowing the worst of it not hinder your movement forward?



When would the worst of it WITHOUT knowing the best of it not hinder you?



--



Tangerine.



--



It's funny... sitting here, thinking about them, thinking about the horrible things I said and thought in the aftermath... and I don't know if I would. Maybe. I'm trying to think of the first dates, and there were some good ones...



Heh.



There were some bad breakup speeches, too, though.



--



Anyhow. Great movie. Great food for thought. I'm re-watching the beginning now.



--



How do you lose two years? How do you lose them and not even realize that you've lost them?



Heh. There's lots of people who could lose two years and not realize it. I hope I'm not one of them.



I hope I don't become one of them.



--



She's absolutely nuts. Kate Winslet, I mean, in the opening ten minutes, the "first time" they meet. And I'd have been smitten too.



I'm sooo pensive right now. Harumph.

Garden State

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2005-01-15 17:03:05

Saw Garden State last night. It rocked! I think I might buy it, in fact. It was kinduv a coming-of-age flick, but the main character was 26. It/he dealt with (in)sanity, with dad, and with self. Still a little sugar-coated at the end (I got my happy ending), but hey, that's why I watch friggin' movies in the first place.



The friend I saw it with... when we were watching the credits, she said something like, "Assistant? What a boring job."



I responded, "Well, doesn't that also depend on who you're assisting? They could make it fun and interesting just as easily as they could make it lame."



"Oh? Who would you want to assist, Johnny?"



I grinned. "Natalie!" I answered triumphantly. (Referring to Natalie Portman, of course)



Heh heh.



--



I played "What can I do without my brace?" today for awhile... in fact, I walked to Starbucks and back without it. I did pretty well -- although sitting down for more than a couple of minutes still hurts, and I'm a little sore now, an hour after the fact.



Still... That was over a mile without the damn thing. A relative triumph! I think I might make that part of my daily routine this week. It felt good to "stretch" my legs.



(Oh how the mighty have fallen... two weeks ago, I'd have scoffed at a mile-long walk! I'd have tried to do a mile on my hands or something... That would've been impressive! :-)

oh yeah

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2005-01-13 23:36:26

I joined NetFlix today.



(pretty weird, that being news...)

Comments

On 2008-02-12 01:35:42 Komik Sözler said:
I have been a Netflix subscriber for years. You didn't miss anything, don't worry :)

Even-keeled

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2005-01-13 23:13:51

I've been doing a really good job staying upbeat and positive despite my injury.



Today I'm kinda mellow... didn't really have anything to do today, which has quashed my optimism a bit. I'm also starting to feel my athleticism drain for the first time today... that really-need-at-least-a-good-run feeling has passed and I'm starting to feel, well, average. Like I'll need a day or two to get back into the swing of things.



I guess it will be that way... probably about as long as I'm gone to get back to top form. So if I'm out three months, I won't be able to grab rim with both hands for six. Blah!



Basically, I could use a hug today.

(i)Podcasting

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2005-01-11 02:56:14

Methinks Raman thought of this over a year ago. Too bad my insightful company didn't productize it then and release it to avantgo.com. That would've been an awfully large jump in user base.



Oh well... I think the (mostly) open source solution of RSS+iTunes is a better technology anyway. Simpler... no proprietary server crap to deal with. Only iTunes and the hardware is proprietary, but Apple could care less because this just helps sell more iPods.



http://www.engadget.com/entry/5843952395227141/

http://en.wikipedia.org/wiki/Podcasting



Curiousities: M$ response for Windows Media Player, the audio-based extension of the democratization of news occurring from blogs, and the individuals/communities that will earn a new living from this, a la the focused bloggers that get paid today. Of less interest is how the likes of RealPlayer fits in (I think real is dying a slow death anyway, but there's still an awful lot of realplayer clients and publishers out there).



Has audible.com already RSS-ized it's goodies? RSS over an https connection? That's technically feasible...



I wonder if there's a MusicRip angle to this. Hmmmmm...

broken back!

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2005-01-07 13:24:59

450 lbs landed on my back Wed night due to a broken smith machine. I went to the ER, got shot up with Demorol (sp?) and am now on a cocktail of pain killers and muscle relaxers.



I have a fractured L5 and I'm out of work and play for at least a month.



On the bright side, I'm out of work for a month and I should fully recover. No tingling or other indicators of nerve damage... no obvious disc slippage in the spine. CAT scan and a custom brace are on order.



The hardest part? Tying my shoes and speed bumps. Ow, ow, ow. And, for once, I wish I drove an SUV instead of my Acura.



Enough keyboarding for now... you wouldn't believe the horrible ergonomics I'm pulling right now just to type a couple of paragraphs.

Spanglish

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2004-12-20 03:11:11

Good flick. Definitely worth seeing. Adam Sandler is maturing into a very good not-limited-to-comedy actor.



The socioeconomic play is a little too watered down, but the study of the interaction between the three main characters is incredibly real, believable, and thought-provoking. One of the few movies I've seen where I didn't really identify with any of the characters and still found it thoroughly enjoyable.



Sideways, for instance, was passable in my opinion for that very reason... I identified with none of the characters. It was interesting and entertaining, but not a provocation for introspection. Heck, I think the two characters were basically the same -- suffering from the same disease of low self-esteem and each dealing with it in supremely extreme and questionable ways.

Ocean's 12

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2004-12-13 00:32:03

...was fun. Sam said it bit, but I liked it. It was as good as the first one (the remake, that is) in my opinion. I think, in fact, it was a little more funny.



The wrap up was a little too fanciful, I think, but hey, it's the movies.

Duuuuuude

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2004-12-09 18:38:00

More etymology.



http://www.msnbc.msn.com/id/6676586/?GT1=5936

hard drive prices going UP?

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2004-12-08 14:34:02

I was getting 160gb HDs for ~$70 back in June. I even got a set for $63 if memory serves. So why are the same exact pieces of shit $90?



Ohhhhhhhh said the blind man to his deaf son. Since nothing is actually manufactured in America any more and the value of the dollar is falling like lead in ethanol, prices of goods are "rising".



Joy. Maybe the real property boom we've been seeing isn't irrational. Maybe the damn land (at least) is just keeping it's value.



--



Why do I want to squql "Bah, humbug!" all of a sudden?



:-)

Don't see Alexander

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2004-11-26 03:50:46

Worst movie ever. Slower than Master and Commander, longer than Troy, and crappy acting on the part of our Britney Spears-nailing Mr. Farrell. A hitler channel documentary on Alexander would have been better.



I wish I'd been more tired. I could've slept through it.



"Conquer your fear, and I promise you, you shall conquer death!"



Yeah, right, Colin. How about conquering that fake accent and terrible bleach job?



And, ok, we get the picture... Alexander had a gay thing going with his wrestling buddy. Do we *really* need to revisit this 6 times? Wouldn't once or twice have been sufficient?



Anyway. Don't see it. Don't rent it. If you catch the elephant scene on TNT in five years, great, watch that. Then flip back to the Simpsons rerun.

Giglet (etymological musings)

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2004-11-17 07:19:27

Ran across this word in my word-a-day email list today.



I'd have guessed that it had something to do with the "giga-" root -- as in gigabyte or gigawatt, meaning a billion.



Of course, there's "gig", meaning a short term contract. Maybe a micro-contract?



Then there's the usage in giggle -- is a giglet a little joke?



But, alas, it's meaning is un-guessable: http://wordsmith.org/words/giglet.html



I wonder if there's a word "googlet"... nope. Google tells me it's a Mac OS search tool and that's it. Now there's some new jargon waiting to be coined. How about little google wannabe companies? Or the search results on a small footprint device like a phone?



Heh. Enough uber-geeking. Gotta do some work.

biz idea of the day

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2004-11-12 09:02:48

instant PageRank:



+ Create an "enter to win" promo -- giveaway latest pop-culture gadget (e.g., an iPod)



+ Cost of entry is one link on a public site anywhere -- explicitly define how the link should look, e.g., "http://fuery.com"; "http://www.fuery.com" is different to google.



+ Create an engine to parse/verify the link on the target page.



+ In the enter-to-win form, ask for the linking page. Call the parse/verify engine to check the link.



+ On the entry page, explictly say that it's a gimmick to promote the site. "The drawing is a gimmick, but the iPods are real."



+ Create a forward-to: widget. If the user forwards the contest details to someone who also enters and creates a link, it's a good as them entering themselves. (go viral marketing power!) This means we giveaway two entries for every link. (Maybe it ought to be three or more, because natively created links should be worth more than downline links.)



Bonus: In order to enter the contest, you have to become a subscriber. :-)

Comments

On 2007-06-30 06:31:33 ebay selling said:
ebay selling...

Discover Insider Secrets to 'New' Video Technology That Explodes Your Sales, 'WOWS' Your Customers, Blows Away Your Competition and Pumps More Cash Into YOUR Pocket...And Runs On Autopilot 24/7 While You Relax And Have More Fun!...

AvantGo quirks of the day

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2004-11-05 10:09:24

These don't work in client 5.5 (they do, of course, in IE):



divelement.style.visibility='hidden';

divelement.innerHTML='some random content';



Use these instead:

divelement.appendChild(document.createTextNode('whassssssup'));

divelement.style.display='none';



Also, the 5.3 and later version of the sessionPOD:

avantgo.preferences.setStringValueForKey("key", myValue);

myValue = avantgo.preferences.getStringValueForKey("key");



--



Ran into an interesting problem yesterday in both IE and Avgo -- we left the language=Javascript declaration out of the script tag and everything failed without any script errors. We just got a blank page.

Securing/encrypting avantgo m-business databases (virgil) on device

Posted by Johnny Fuery on , under | comments (0)



Originally Published 2004-08-23 12:02:39

The following is a technical note written to address Vigil database encryption requirements using Afaria 5.1. Any questions, comments, or feedback is greatly appreciated.



Currently, the device-side Virgil databases used in M-Business Anywhere applications (e.g. Mobile Sales) do not have an on-device encryption solution. In the technical services group, we encountered this problem during a recent project proposal. In the future, it may be possible to take advantage of encrypted UltraLite databases using the UltraLite Pod, for applications such as Mobile Sales (depends on the product Roadmap and isn't guaranteed). For an immediate solution, we looked at the Afaria 5.1 Security Manager technology. The Security Manager channels created by Afaria can encrypt specified files while the device is powered off. This encryption, partnered with forced password-protection, provides additional security to the Vigil database files on a device. However, unlike an UltraLite database, the database files are not encrypted while the device is in use.



The following technical note highlights the general use and steps required to implement encryption on the Virgil database using Afaria 5.1. This procedure has undergone minimal testing, but has proven to work on both Windows CE and Palm devices. It would be recommended that extensive testing is made before a production deployment.



Usage Illustration:



1) The device is turned on

2) All files marked for encryption by the Afaria Security Manager are currently encrypted.

3) The user is prompted for a password.

Note: Afaria can be configured to deny non-administrator access to the PDA after a specified number of failed logins. Other possible actions include deleting all encrypted data or performing a hard-reset.

4) The user is successfully authenticated.

5) All files marked for encryption by the Afaria Security Manager are decrypted and are now readable.

6) User shuts down device

7) All files marked for encryption by the Afaria Security Manager are encrypted.

Note: Afaria Security channels can be configured to encrypt the desired files using one of the following algorithms:

- Blowfish

- AES

- Triple DES

- RC2

8) Device is powered down.



Note: It may be not feasible to use this solution with larger Virgil databases due to the delay of encryption/decryption of the database files. It is recommended to test the performance of the encryption with several encryption algorithms on sets of data that represent typical and high-end deployments.



Implementing this solution requires a workaround on Windows CE devices and is rather straight forward on Palm devices. Security channels designed for the CE device cannot encrypt files found in or underneath the \Program Files and \Windows directories. Since Virgil databases are installed underneath \Program Files, they will have to be moved to take advantage of the Afaria encryption features.



Windows CE implementation:



Requirements:

Afaria 5.1 Server

Windows CE Device with a synchronizing M-Business Server application using Virgil technology.

Windows CE Registry Editor - http://www.phm.lu/products



Implementation Steps:

1) Install a Windows CE Registry Editor on your CE device

2) Change the following two registry values:

HKEY_CURRENT_USER\Software\AvantGo\DatabaseLocation from \Program Files\AvantGo\Databases to \AvantGo\Databases.

HKEY_CURRENT_USER\Software\AvantGo\SRSDatabaseLocation from \ProgramFiles\AvantGo\Databases\srs to \AvantGo\Databases\srs.

3) Move the entire Databases directory found in \Program Files\AvantGo to a newly created AvantGo directory off of the root.

Note: Steps 1-3 can be accomplished using an Afaria Session Manager channel. What you would do is include both the session and security channels inside the channel set and send this to the CE device.

4) Synchronize your M-Business Anywhere application to ensure the move was successful.

IMPORTANT NOTE: If we want this to be a viable solution for customers, it would be beneficial to have a version of the M-Business Client installation that contains registry values similar to those changed in previous steps.

5) Disable any password on the CE device. Start | Settings | Password

Note: You can also use Afaria Session Manager channels for this because enabling/disabling the CE password is controlled by a registry flag.

6) Create a Afaria security channel for CE devices on the Afaria 5.1 server.

i) On the Channels, Administration bar, click New and then choose Security Manager channel.

ii) In the Client types dialog, label the channel and choose the WinCE Client type and click Next.

iii) Accept the selected Enforce power-on password check box.

iv) To allow an administrator's password to unlock a locked down device, select the respective check box, then enter and confirm the password.

v) Specify the allowable number of invalid password attempts before the device locks down and choose the desired lockdown behaviour.

vi) Select Next twice to complete the channel. (Encryption settings are handled later)

vii) In the left pane of Channels, Administration, select the newly created Security Manager channel.

viii) Select Set encryption options

ix) Select the Allow user to select additional files / databases for encryption check box.

x) Click the Add link and specify \AvantGo\*.* for encryption. Select the Include sub-folders check box and click OK.

xi) Return to Channels, Administration, click Save and then Close.

xii) Right-click on the newly created channel and select "Publish". You need to 'publish' a channel before a client can 'subscribe' to it.

7) Install the Afaria client on the CE device.

8) Configure the Afaria client to connect to your Afaria 5.1 server machine

i) Start the Afaria Client in Start | Program Files

ii) Select View | Configuration

iii) Specify the name of IP address of the Afaria 5.1 server machine.

iv) Enter the newly created security channel in the Channel Name field. The channel name must be preceded by a backslash.

v) Select OK.

9) Synchronize the device to obtain the Security Channel from the Afaria server.

10) Power down the device and test the encryption behavior.



Palm Implementation:



Requirements:

Afaria 5.1 Server

Palm OS Device with a synchronizing M-Business Server application using Virgil technology.



Implementation Steps:

1) Disable any password on the Palm device. Start | Settings | Password

Note: You can also use Afaria Session Manager channels for this because enabling/disabling the CE password is controlled by a registry flag.

2) Create a Afaria security channel for Palm devices on the Afaria 5.1 server.

i) On the Channels, Administration bar, click New and then choose Security Manager channel.

ii) In the Client types dialog, label the channel and choose the Palm Client type and click Next.

iii) Accept the selected Enforce power-on password check box.

iv) To allow an administrator's password to unlock a locked down device, select the respective check box, then enter and confirm the password.

v) Specify the allowable number of invalid password attempts before the device locks down and choose the desired lockdown behavior.

vi) Select Next twice to complete the channel. (Encryption settings are handled later)

vii) In the left pane of Channels, Administration, select the newly created Security Manager channel.

viii) Select Set encryption options

ix) Select the Allow user to select additional files / databases for encryption check box.

x) Click the Add link and specify your M-Business Anywhere application database file for encryption and click OK.

Note: This requires the administrator to know the names of all M-Business application database files. Repeat this step for all sensitive database files.

xi) Return to Channels, Administration, click Save and then Close.

xii) Right-click on the newly created channel and select "Publish". You need to 'publish' a channel before a client can 'subscribe' to it.

3) Install the Afaria client on the Palm device.

4) Configure the Afaria client to connect to your Afaria 5.1 server machine

i) Start the Afaria Client in Start | Program Files

ii) Select View | Configuration

iii) Specify the name of IP address of the Afaria 5.1 server machine.

iv) Enter the newly created security channel in the Channel Name field. The channel name must be preceded by a backslash.

v) Select OK.

Note: Afaria requires a direct TCP/IP connection to interact with Palm devices. There are several communication options available including: Windows RAS connections, Ethernet cradles, and Wi-Fi connections.

5) Synchronize the device to obtain the Security Channel from the Afaria server.

6) Power down the device and test the encryption behavior.