by R.I. Pienaar | Sep 17, 2004 | Uncategorized
As before [1, 2] I will mention feeds that I unsubscribe from not because I find them boring but because they annoyed me to the point of unsubscribing.
Lockergnome is usually a pretty good resource for lots of things, in particular I read their RSS & Atom Tips in my aggregator but I am now unsubscribing from this useful resource due to spam.
(edited to remove the name of the company advertising)
I can understand the need for advertising in RSS feeds and will tolerate it in full text feeds, I will however not tolerate it in feeds that only show you a snippet of the story forcing you to open their page and view their banner ads. They are already seeing revenue from me when I click on their RSS item – when it is interesting enough – so why should I also see the ads in my RSS reader. If they want to see ad revenue from me, then they should feel an incentive to get me to open the full article in my browser by posting interesting content. As it stands, they just annoy me.
by R.I. Pienaar | Sep 9, 2004 | Uncategorized
A few years ago I decided to switch to PHP as my web development language of choice – I used Perl before that – since then I have done all my web development in PHP and tend to pick projects developed in PHP over non PHP ones.
Most notably I use Horde with some of it’s modules, most notably IMP. Other systems I wrote myself using RoadSend Site Manager. These rely on PEAR modules to function, I keep Horde and IMP up to date as possible but my own system I wrote about 3 years ago have not been updated since, and neither has Site Manager.
Last week I updated some PEAR module using portupgrade and suddenly I ended up with weird behaviour in IMP where it won’t show some attachments in mail, but not all. Eventually I gave up and just started upgrading my whole PHP and Apache system to new versions since mine was getting a bit old and outdated.
So I uninstalled all the old stuff after making backups and started fresh, when it was all done and moved to the new FreeBSD PHP build system and PEAR all up to date I thought it will all be good, but it was not. Horde started having issues, strangely only with mozilla, it would not do the redirect to the login page correctly. My own code would fail due to some change in the DB abstraction that caused calls to fetchrow() on a DB Handle to return unknown method errors and still the attachments were broken. Essentially the stuff was not backward compatible at all.
I fixed things by getting hold of old copies of PEAR and placing it in the directories of each application and overriding the PHP include paths for those applications to point to their own older instance of PEAR. This kind of thing just winds me up and it is totally typical of the Open Source world where breaking backwards compability and forever redoing code is the order of the day.
I can understand that expecting 3 year old code to still work is pushing my luck a bit, but HORDE and IMP is recent projects that I keep up to date, you wouldn’t expect them to use functionality that is that outdated.
by R.I. Pienaar | Sep 5, 2004 | Uncategorized
Today a friend and I went for a walk on the Thames South Bank and noticed a photographic exhibition at the OXO Tower Wharf. The exhibition was by Colin O’Brien and showed a collection of his images from 1954 to 2004.
His work that was shown was all Black and White and shot for the biggest part in and around London where he lives. I picked up a nice, signed, book with the images that was on shown. His work is well worth a look.
by R.I. Pienaar | Sep 4, 2004 | Uncategorized
I have been going through some of pbase‘s favorite galleries and came across one by someone who calls himself Knox. Of his photos there are two collections that really impressed me the one of Paris / London and one about City Cats.
It is not often that someone takes good photos of cats, they all tend to be a cliche or just a snap of a kitty, this guy though has a collection of absolutely stunning photos of cats in NYC. The collection is part of a book of which more can be read on its site http://alleycatphotos.com/. From this site is a short bio of Knox:
Always seeking the perfect and pure musical note, Knox can be found in both recording and photographic studios from NYC to Katmandu. Around age 5 he was amazed at “the feel” of the first 35mm camera he stole. The sound you hear in a New York City alley could very well be coming from the bottom of a dumpster – a man in black, coaxing a little kitty to “smile for the camera.” He is well maintained by Lukas, a Giant Schnauzer of disreputable character.
Knox can be reached by e-mail at <email removed>
and boasts numerous Web sites, including www.AvatarPhotoArt.com and www.ArcadiaRocks.com.
It does not look like their book is published, I would certainly buy a copy when it comes out.
by R.I. Pienaar | Sep 2, 2004 | Uncategorized
Most products have some quirks that you don’t like, some requires you to slightly amend the way you work and I am usually quite happy with that. The Cisco PIX has one major annoyance that I just can’t come to grips with.
When adding a VPN to the PIX you put one policy set on the interface that the traffic will leave. For each interface you define a crypto map with various sub groups of information associated with individual VPNs.
access-list 101 permit ip host y.y.y.y host z.z.z.z
crypto ipsec transform IPSECXFORM esp-des esp-sha-hmac
crypto map IPSECMAP 20 ipsec-isakmp
crypto map IPSECMAP 20 match address 101
crypto map IPSECMAP 20 set peer x.x.x.x
crypto map IPSECMAP 20 set transfrom-set IPSECXFORM
crypto map IPSECMAP 20 set security-association lifetime seconds 28800
crypto map IPSECMAP interface outside
These few commands will essentially set up the phase 2 of the IPSEC connection. Later on when you want to add a second VPN you just add a new numbered submap to the IPSECMAP since each interface can only ever have one MAP assigned to it.
When you type any of the above crypto map commands a new submap gets initialized with defaults:
# crypto map MAP 1 set peer 1.1.1.1
# sh crypto map
Crypto Map: “MAP” interfaces: { outside }
Crypto Map “MAP” 1 ipsec-isakmp
WARNING: This crypto map is in an incomplete state!
(missing peer or access-list definitions)
Peer = 1.1.1.1
No matching address list set.
Current peer: 1.1.1.1
Security association lifetime: 4608000 kilobytes/28800 seconds
PFS (Y/N): N
Transform sets={ }
The problem here is that if the IPSECMAP crypto map is active on the outside interface at the time, this incomplete crypto map will prevent all traffic from flowing. Only when you have both the peer and the match address specified will it have enough information to not try and crypt all the traffic on the interface.
The PIX CLI has no way to send a batch of commands to it, and there is no way to enable/disable just a sub crypto map. Cisco’s documentation has the following suggestion:
While a new crypto map instance is being added to the PIX Firewall, all clear and SSH traffic to the firewall interface stops because the crypto peer/ACL pair has not yet been defined. To workaround this, use PIX Device Manager (PDM) to add the new crypto map instance or, through the PIX Firewall CLI, remove the crypto map interface command from your configuration, add the new crypto map instance and fully configure the crypto peer/ACL pair, and then reapply the crypto map interface command back to the interface. In some conditions the CLI workaround is not acceptable as it temporarily stops VPN traffic also.
So you either use the GUI or you turn off ALL OTHER VPN’s while adding a new one!? That is insane, there are so many ways to elegantly fix this problem, they can have a simple addition to the crypto map command set, something like crypto map IPSECMAP 20 disable and make that the default state, only when you have configured the whole sub map would you enable it, however now I am stuck using the GUI!
UPDATE: This seems to only affect PIX Firewall Version 6.2, from 6.3 onwards the problem goes away, the bit of output from sh crypto map is from a 6.3 PIX and it knows the MAP is incomplete, 6.2 initialised it to 0.0.0.0 matching all traffic. Time to upgrade my lab PIX machines ๐
by R.I. Pienaar | Aug 13, 2004 | Uncategorized
Digital Outback Photo has a good article about Depth Of Field, well worth a read for anyone interested in moving from taking snapshots to taking photos that appeal on an artistic level.
It covers the basics of Depth of Field, how to achieve it using a camera and why in some cases it is very difficult, it then introduces the new Photoshop CS Lens Blur Filter that can simulate this effect where it was too difficult to achieve using the camera alone.
One of the skills that separates novice photographers from the more experienced is an awareness and control over “Depth of Field” (commonly referred to by its abbreviation “DOF”). Sometimes, to get the shot, we need to use a very small aperture. When we do, not only is the subject in sharp focus, but features in the background and/or foreground can compete for attention. This tutorial will walk you through the steps in using a new feature in Adobe Photoshop CS: the Lens Blur filter.
