Development, Network, Security, Ideas & Opinions
Just came accross this: seems like Microsoft has released some parts of the CLI under one of their “free” licenses.
Download details: Shared Source Common Language Infrastructure 2.0 Release
Update 2006/03/26: As I just noticed at Mono’s “Contributing” page, they won’t accept any contributions from people who had a look at the download.
Just a quick note: NetBeans 5.0 has been released. I really think, Eclipse got a good competitor.
According to this Microsoft page and this Golem-Article (German), Microsoft is going to make driver signatures from Microsoft mandatory for any driver running in kernel space in Windows Vista x64. They claim security reason for this.While (faulty) drivers definitely can lead to serious (security) problems under Windows, they sometimes fulfill cruitial parts, especially in windows file system monitoring, for which there are many legitimate reasons. Having to go through the WHQL for every driver (and every minor patch) seems a little costly and time consuming to me…
Well, after all, for me it seems to be three things:
Update 2007-01-23: I have to revise most points of this, as I now learned something new about it. Vista x64 will accept digitally signed drivers, but they do not necessarily be signed by Microsoft. Read more in my updated article.
Ever happened to run out of random numbers?
Well, if you are using Apache together with mod_ssl you can easily run into the situation that after starting up Apache, requests to it will block up to several minutes or time out. This happenes, if Apache is configured to use /dev/random as a source for random numbers which are required in the initialisation of mod_ssl and similar, if you have to few entropy information left for the generation of more secure random numbers.
As suggested in a Gentoo Forums article, you can emerge the tool sys-apps/rng-tools, which provides you with rngd, a daemon collecting entropy from hardware random number generators and feeds /dev/random with this data.
If you happen (like me) to not having a hardware random number generator on your server’s mainbord, rngd will use /dev/urandom as a source of entropy and mix it with entropy collected from your system. While this will indeed result in a certain drop of “randomness” of /dev/random, it still has major advantages by reducing the startup time of apache to several seconds, as /dev/random will not block any more.
Don’t forget to add rngd to your server’s default runlevel (rc-update add rngd default).
Our Windows 2003 Server refused to sync the clock via NTP. Main reason for this behaviour is the fact that as PDC it wants to change the NTP server’s clock as well, which is normally not permitted by the NTP server and the packet is discarded.
To change the preferred server of the Windows Time service (w32time), follow these steps:
w32tm /config /manualpeerlist:<server>,0x8 /syncfromflags:MANUALw32tm /config /update
net time /querysntp
w32tm /resync
(source: Meinberg Funkuhren – FAQ – Windows synchronisiert nicht mit NTP (German))
To force SSL on a given directory using .htaccess, use the following code. It requires mod_rewrite enabled in Apache. Adjust the path in the RewriteRule to match the full qualified URL of the HTTPS-domain.
RewriteEngine On
RewriteCond %{SERVER_PORT} !443
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
As you might have guessed from previous posts, I’m currently in the process of implementing a single-sign-on scenario within our network. Or, at least, I’m trying to have at least one single username/password combo for all internal services. Authentication is therefore realized against an Active Directory, based on a Microsoft Windows 2003 Server.
For integration of Bugzilla into the Active Directory, see this link (Update: Link is broken, for an archived version, use this link, thanks to the commenter!).
A nice project, everyone coming from Java and migrating to C#:
IKVM.NET Home Page
It is a JVM implemented in .NET, contains a .NET implementation of a lot classes from the Java class libraries (JDK), compliance of 1.4 almost complete and contains tools for interop between Java and .NET.
If you want to authenticate TikiWiki agaist Microsoft Active Directory, have a look at this article.
The most interesting part in this posting is that if you are using a Windows 2003 Server, you need to patch the LDAP.php in the PEAR authentication module, as Win2k3 by default does not allow any anonymous queries against the directory.
In <tikiroot>/lib/pear/Auth/Container/LDAP.php search for the following line in function _connect():
if ((@ldap_bind($this->conn_id)) == false) {
and replace it with
if ((@ldap_bind($this->conn_id,"someuser","somepassword")) == false) {
Note, that someuser is in the form of user@domain.tld.
I also recommend to choose to authenticate your admin user against the internal database and not the LDAP (AD) container, otherwise you will lock yourself out easily.
For fans of “Babylon 5” I came around a nice game: Babylon 5: I’ve Found Her. They got the flight physics quite good. For a fan project it has excellent graphics and sounds. I especially like the flight physics. Unfortunately I’ve only had time to play the tutorial yet.