I use mod_authn_dbd to check HTTP authentication credentials against a MySQL database. After switching from Basic to Digest authentication I got 500 errors and No DBD Authn configured! in the server's error log. It took me a while to realize that it wasn't enough to change

… is actually easy thanks to Dnsruby. The following code illustrates that:

Jsp2X is a command line utility for batch conversion of JSP pages to JSP documents, i.e. JSPs in well-formed XML syntax (aka JSPX, see chapter 5 of the JavaServer Pages^TM 1.2 Specification and chapter 6 of the JavaServer Pages^TM 2.0 Specification). It is written in Java and incorporates a parser derived from a combined JSP+XHTML grammar using the ANTLR parser generator. It tries very hard to create JSPX output that portable across engines. Jsp2X was designed to be used in an iterative fashion in which it alerts the user of potential problems in the input.

Whether a VPN connection has the "Use default gateway on remote network" option enabled has big impact on how network traffic from your machine is routed.

Today I ran into a subtle issue regarding the order in which Windows Vista queries connection-specific DNS servers. I tested a setup with a PPTP VPN server that also provides DNS name resolution services to its VPN clients. For that purpose I ran both a BIND 9 name server and a Poptop PPPD daemon on the same box. It is dual-homed, i.e. one interface is the private interface of the VPN tunnel endpoint and the other one is the public Ethernet interface through which the server is linked to the internet. I configured BIND to listen on both interfaces.

It took me sometime to find Ubuntu torrents that work. I noticed that the .torrent files on the official Ubuntu server and its mirrors point to dead torrents. After some digging, I found this tracker to be most up to date. In case you're stumbling over this problem too, give it a try. It seems to be the official Ubuntu tracker.

[This article is now somewhat obsolete because vmware-server have been included the official portage tree. There is no need for a separate overlay. The bug reports still apply. This is an updated version of a two previous article on the subject.]

The new VMware Server is going to replace VMware's GSX Server product. And it's more than just a new name: VMware will supposedly release it free of charge. Being still in beta testing, there are currently no stable ebuilds available for it on Gentoo Linux. Fortunately, Mike Auty and others are working on one and they are doing a fine job. They also seem to be streamlining and consolidating other related VMware ebuilds. You can keep track of their progress on these Bugzilla bugs:

• Problems regarding the vmware-module ebuild: 137422.
• Problems regarding the vmware-player ebuild: 137423.
• Problems regarding the vmware-server ebuild: 137424.
• Problems regarding the vmware-server-console ebuild: 137425.
• Problems regarding the vmware-workstation ebuild: 137426.
• Problems regarding the vmware-workstation-tools ebuild: 137428.
• Problems regarding the vmware overlay in general: 122500.

The VMware Server ebuilds are not part of the official stable Gentoo portage tree so if you want to install them on your system you will have to jump through a few extra hoops. Fortunately this process has become very convenient and straight-forward thanks to Gunnar Wrobel's layman.

I had difficulties downloading the Ruby Plugin for jEdit today. The main site of the plugin seams to be down and the instructions don't mention certain dependencies. Until Rob fixes those problems, all necessary files will be available for download at Diary Products.

[This is an updated version of a previous article on the subject.]

VMWare is going to replace its GSX Server product with the new VMware Server. And it's going to be more than just a new name: the best thing about it is that VMware releases it free of charge. Being still in beta testing, there are currently no stable ebuilds available for it on Gentoo Linux. Fortunately, Mike Auty is working on one and he is doing a fine job. You should keep track of his progress on Gentoo Bugzilla bug #122500. For people with little Portage experience (author included) it can be a bit complicated to throw together an ebuild from bugzilla attachments.

The frequent visitor of Diary Products knows that it runs on the LightTPD aka Lighty web server. The machine that hosts Diary Products is serving other sites as well so it needs to have some kind of virtual hosting mechanism in place. I use LightTPD's very straight-forward and easy to use mod_simple_vhost module. The only draw-back with LightTPD is that it doesn't support directory specific configuration files similar to Apache's .htaccess files. But this is not such a big deal for me because as much as I liked the convenience of .htaccess, I always considered it a waste of cycles and a security issue. The ideal solution in my opinion would be one which

[02/28/2005: Update - More Changes]
[03/02/2005: Update - Still Bugs in IE]

After this site has been using the old, boring, standard Drupal theme for two years, I am now proud to present my own creation: the new Diary Products theme. It uses the phptemplate engine and is a hybrid between table-based and CSS-based layouts as I am not a follower of the pure "Look Ma, No Tables" approach. There are still a few glitches here and there but overall I am quite happy with it.

Ever wondered why port scanners like nmap are able to tell that some of the ports on your server are protected by a firewall? Have a peek at this nmap transcript:

Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2006-02-23 22:54 CET
Interesting ports on doodah.com (12.34.56.78):
(The 1658 ports scanned but not shown below are in state: closed)
PORT     STATE    SERVICE
21/tcp   open     ftp
22/tcp   open     ssh
53/tcp   open     domain
80/tcp   open     http
3306/tcp filtered mysql

I'm quite sure my firewall blocks access to the mysql port. Yet it bugs me that it is possible to tell that I have MySQL installed on my system simply by performing a port scan.

[This is and outdated version of the article. Read the new version!]

VMware Server is going to replace GSX server. The best thing about it is that VMware releases it free of charge. Being still in beta testing, there are currently no stable ebuilds available for it on Gentoo Linux. Fortunately, Mike Auty is working on one and he is doing a fine job. You should keep track of his progress on Gentoo Bugzilla bug #122500. For people with little Portage experience (author included) it can be a bit complicated to throw together an ebuild from bugzilla attachments.

I stumbled upon the Tab Mix Plus extension for Firefox yesterday and I fell in love with it on the spot. Finally there's someone who understands tabbed browsing and realizes what's missing in Firefox' default implementation. I urge the devs to incorporate this extension into head. This is not an extension, it's crucial! If you use tabs, go get it! If you understand the difference between Ctrl-Tab Ctrl-Tab and Ctrl-Tab-Tab, run and get it!

Some of the features:

• Session saver (When starting Firefox, it restores all tabs that were open when you quit Firefox)
• Undo closing a tab
• Open new tabs next to existing ones instead of at the end of the list.
• Ctrl-Tab moves to the previously active one instead of the next one in the tab list.
• Organizes tabs in multiple rows if you have many tabs open.
• Ctrl-W'ing the last tab doesn't close Firefox anymore.
• Customize mouse and keyboard events, tab font and color.

All of these are optional. If you don't like one, you can switch it off.

If you are a user of Urchin 4 or 5 you might have noticed that Urchin’s “Countries” report does not match the standards that Urchin has set for professional website statistics.  It seems to be Urchin’s weak spot.  It might be ok for you but I was certainly disappointed when I discovered that Urchin determines (or should I rather say: attempts to determine) a visitor’s location from a database that is derived from reverse DNS lookups. This type of location reporting can hardly be considered state-of-the-art, even less so for a commercial website log file analytics application. This article is about how Urchin 5 can be fooled into using true Geo IP mappings for its Countries report.

Urchin is a professional web log analysis and statistics application. It was recently acquired by Google and what used to be called Urchin 6 On Demand is now being integrated into Google Analytics. I don’t know for how long the stand-alone Urchin 5 will be around but right now it is still used by many individuals and corporations. I was not happy with the way Urchin deals with dynamic URLs, i.e. URLs that have query parameters in them. After playing around with Urchin 5's advanced filters for a while, I came to the conclusion that they can be employed to improve Urchin's dynamic URL handling.

One might think that it wouldn't be so difficult to setup Visual SourceSafe 2005 on Windows Server 2003 with IIS such that users can access the SourceSafe database using the Visual SourceSafe 2005 Internet plugin. But dude, I was so wrong! I managed to get it working in the end but it took me an etire day. Anyway, this isn't a complete HowTo. I would just like to point out a few not so obvious caveats.

The other day I decided that I wanted to switch my laptop's German language version of Windows XP to the English language version. I could have reinstalled Windows XP from scratch but that would have meant losing all my settings and configurations and, since I have fine-tuned my system, many hours of work would have gone down the drain. Furthermore, I wanted to maintain the German version for certain tasks. What to do?

Let's skip the introduction. You probably googled this article anyway, so you'll know what I'm talking about. This is the scenario: You use group policies to publish or assign software packages (usually Windows Installer MSI) to your Windows workstations. At some point it would be convenient to move a package from one group policy to another, without triggering a complete reinstallation.

USB storage - a possible security risk?

Decent IT administrators secure their networks behind firewalls. They install mail filters on their SMTP servers and deploy anti-virus software on all client workstations. But securing the network is not sufficient -- what happens if the users bring their own USB memory sticks and connect them to the computers at their office? A 1 Gb USB stick can sometimes hold an entire company's vital data. Within minutes or even seconds an employee has all the files they need in order to start up their own business and take all the customers with them. Alternatively, what happens if a careless user accidentally compromises the network with an infected USB stick?

If you look at all the pages of a particular site, you will notice that most pages share common parts. These common parts typically include navigation, header, footer, styles and so on. Of course, you can duplicate the common part in every html file on that site. But as the site grows, making a change to one of the common parts ends up in a lot of tedious work: you need to apply the change to every single HTML file on the site. Now imagine your site has 1000 pages! You don't want to do that.

I post this for people who have had the same experience so they do not panic like I did.

The Symptoms

Yesterday one of my Windows Domain Controllers became inaccessible. Users were not able to login to their workstations and I even couldn't log into the server using my admin credentials. The server would not recognize the admin account so I guessed Active Directory must have been down. I had to shutdown the box completely and impolitely using the reset button. After that I did the usual routine checks in order to verify that things were running smoothly. But things weren't at all ok. After the restart, the File Replication Service could not play back its JET database logs and it started an non-authoritative restore (although it didn't say that).

I'm currently struggling to get Gentoo to install from a Live CD on a new Dell Lattitude X300. It boots the kernel just fine but the init script can't mount the live CD because it doesn't find the cdrom drive. The X300 comes with a docking station which holds the CD drive which is connected internally via USB.

[continued from Typo3: Including the Home Page (Site Root) in Navigation]

The Problem

For months, my client's site was running fine using the above simple solution. Over time though, I noticed several oddities. These oddities were caused by the fact that the home page is accessible under two URLs, the canonical root http://www.domain.com/ and the non-canonical root http://www.domain.com/home.0.html as shown in the figure below.

In modern web design, it is considered good practice to have a "Back To Home" link on every page so that users can easily return to the root of the site, i.e. the home page. Because of that I wanted a Home button on every page of my client's Typo3-based website. Although this seems like a very simple thing to do, it turned out to be quite a challenge in Typo3, especially when trying to avoid duplicate content penalties induced by major search engines.

It's often considered convenient to decorate external links in order to indicate the distinction between links that go to a page on the same site and links that leave the site. On one of my sites I use CSS to set a background bitmap for all links. Until today the bitmap was the same for internal as for external links. I used a little hack in order to set the class attribute of internal links to some value while leaving external links untouched.

One of my clients runs his own intranet for his employees. The intranet currently consists of a bunch of static HTML pages which are written and maintained by a single editor. This approach might have been sufficient five years ago but as the intranet grew it became apparent that the static HTML would become unmanageable in the near future. I therefore suggested replacing the existing solution with a community-oriented CMS. Due to certain requirements the set of contestants was cut down to two: Drupal and Plone. I favored Plone because a) I am slightly disappointed with the direction and pace that Drupal’s development has recently taken and b) I wanted to learn Zope and Plone anyway.

Problem: Your web site uses the Typo3 CMS. Your typoscript templates contains TMENU objects for navigation menus. You want to use the page alias somewhere in the A tags of these TMENU menus. For example, you want to set the id of a menu item's A tag to the alias field of the page that the menu item stands for.

<a id="widgets" href="...">Buy Widgets</a>

Buy Widgets is the title of the page and widgets is its alias.

25.07.2006: Fixed typos (RIPrep and RISetup confusion in section Putting a driver into a RIS image).

The other day, a new machine arrived at the office. Although it was a fast and sexy Dell Optiplex SX280, I dreaded going through the setup and installation procedure; maybe because I live in a dream world. In my personal administrators’ dream world, when a new desktop computer arrives the hardest task is trying to get your signature right on that funny brown handheld computer that the UPS dude hands you after dropping the box. That’s because in my dream world I use a fleet of tools and technologies that MS refers to as IntelliMirror. In a nutshell, IntelliMirror equals RIS plus AD plus Windows Installer. I won't tell you all the gory details about these; rather, for the remainder of this article I'll assume that you have used RIS before.

Problem 1: The Site Title Is Global

Your site supports multiple languages using the "modern" single-tree aproach where one page has one or more translations in alternative languages. In Typo3 every page's title usually starts with the site title and the page title is appended to it. The page title can easily be translated by customizing the language-specific header fields. The site title, however, can only be set globally. Consider yourself lucky if your site title is universal across languages. Mine isn't. Furthermore, I like my site's title to contain main search engine keywords, i.e. the words I want my site to be found under in Google, Yahoo and so on.