Good Bye MyBlogLog

I have just received an email from Yahoo! announcing the end of MyBlogLog service. It’s going to be discontinued effective May 24, 2011. Nice of Yahoo! to give us some time before terminating it for good.

However the link for help pages redirected me to this page: http://help.yahoo.com/l/us/yahoo/ysm/ll/featured/index.html, which I think is a mistake because it’s for “Local Featured Listings”.

Nevertheless, we thank you Yahoo! for a great service.

Google Authenticator Rocks

OK, “Google Authenticator” is actually the name of the smartphone apps provided by Google. What is it all about? It’s two factor authentication similar to the ones banks use to authenticate users to log in or to perform transactions. Corporate users might also have the same security method using smart card or RSA SecurID to log in to machines or connect to VPN.

The basic idea is simple, you will need your password and the code provided by the apps so that if your password is compromised the malicious user will not be able to log into your account. Plus, you’ll always have your phone with you so you will have this code when you need it.

Here’s how the app looks like on the iPhone:

The code changes in a few seconds (there’s a timer pie on the left that moves to show how long will the code will stay).

This 6 digit code, will be asked when you log in to Google services from the web browser. Don’t worry it will not be every time if you select it to remember trusted machines. It’ll be remembered for 30 days and after that I think it will be asked again (I have just started using it today so I am just guessing the behavior).

Before you Begin

If you use Google services in various places such as in mobile applications (e.g. Google Mobile App), desktop applications (e.g. Google Talk), and other places where two factor verifications aren’t coded yet, you will need some time to set up application specific passwords for each of them so that they will still work. More on this below.

How To Start

It’s easy to activate. One will need to navigate to https://www.google.com/accounts/SmSAuthconfig and follow the on screen instruction.

Official step by step instruction from Google is available here.

It’s a very simple and quick process. Once activated, all other applications not using two factor authentication will automatically be denied access (login fails) and they need to use the application specific password discussed below.

What if I lose my smart phone?

Google thought of everything. Upon signing up, you will be receiving 10 emergency codes to keep safe. These codes need to be kept securely, but accessible, for example in your wallet. Each of them can only be used one time.

You’ll also have the option use a backup phone number for an emergency code to be sent to you via SMS or an automated voice service. Cool eh?

Application Specific Passwords

While setting up two factor authentication takes maybe 2 or 3 minutes, entering application specific passwords may take some time. They each are 12 characters in length. They are used for applications such as Thunderbird, Outlook, mobile mail, GTalk, IM+ mobile app, etc. and the list is endless.

But it’s not that painful, compared to the security it provides (says a paranoid man).

For pictures from other devices (BlackBerry and Android) please head here: TechCrunch: Google Rolls Out Two-Factor Authentication For Everyone. You Should Use It.

So what about you? Are you jumping on the bandwagon? You should. Tell me your experience below.

Mac OS X: Modifying Stubborn Files Transferred From Windows

This is related to the previous post, where I had a lot of checked out Subversion working copies in my disk. They came from a Windows machine I used before I bought myself a Mac.

For your information, in a Subversion working copy, there will always be a hidden folder named .svn in each directory, and a bunch of files in them. Many files in there are read-only on Windows, and on UNIX or Mac systems they have read permissions set (-r–r–r–). They are supposed to be that way and only a Subversion client can work on them.

When attempting to update my working directory, my Subversion client refused to update the files because it can’t write to .svn/entries

Tested on: Snow Leopard 10.6.6
Known to work as early as: Tiger 10.4.x

The issue is not related to permissions or even Subversion. For some kind of unknown reasons, when read-only files are transferred from Windows, there is a special flag set on Mac OS X – the user immutable flag. When this happens, you will be receiving these:

$ chmod u+w entries 
chmod: Unable to change file mode on entries: Operation not permitted

As root:

$ sudo chmod u+w entries
Password:
chmod: Unable to change file mode on entries: Operation not permitted

However, root can delete the files. But I don’t want the files to be deleted. I merely wanted to update (and later add new and modified files to the repository) my working copy.

The simple solution to this is to use the chflags command to unset the user immutable flag:

$ chflags -R nouchg *

As simple as that, and you will be able to operate on the files again. In my case, my “svn update” operation went as smooth as silk.

Remember, the permissions of the file does not even matter. Even if it’s world-writable -rwxrwxrwx

For the record, I transferred the file via a USB drive (NTFS file system), and I have received reports that this is the same case if you transfer from a file share (Samba or Windows File Sharing).

I hope this saved you some time.

Starting Subversion Service on Demand in Mac OS X

Since I moved to a new home I didn’t let my Linux servers run 24/7 so that I can save on electricity bills. It’s not so much about moving homes but it’s about the tariff increase. My 500W and 400W power supplies can easily reach the max usage of around 300W each which translates to around 432kWh per month, costing me around RM123.55 (source: TNB Tariff). Money that can be better spent for my gadgets, craft items for my wife, or toys for my kid.

The last time my Subversion repositories were used, was in Feb 2009. Since the repositories are just files, I can easily transfer them to my Mac to use locally. For me, file history and ability to revert changes are more important that using the repository as backup. My Mac is backed up using Time Machine anyway so I am pretty much safe. I am obsessed with file history and proper branching in source code, sometimes I think I have a mild version of OCD. Seriously.

OK, now on to the technical part. I am unsure on how my machine is pre-installed with CollabNet’s version, but you can install it on your Mac using one of the available packages listed in Apache’s official Subversion packages list.

Tested on: Snow Leopard 10.6.6
Known to work as early as: Tiger 10.4.x

My version:

svn, version 1.6.5 (r38866)
   compiled Jun 24 2010, 17:16:45
 
Copyright (C) 2000-2009 CollabNet.
Subversion is open source software, see http://subversion.tigris.org/
This product includes software developed by CollabNet (http://www.Collab.Net/).

Please take note that the method I am going to show here is to allow access to Subversion as a service via the network. I like to prepare for future use for example allowing access from other machines. You can always opt for local file based access, http, https, and svn+ssh (and you will not need to do the steps below).

On Mac, you can have services launched as a permanent process or on demand using launchd – System wide and per-user daemon/agent manager.

In this discussion we will be running svnserve on demand, similar to running services via inetd on Linux.

It is fairly straightforward. You need to create a .plist file similar to the one below. I named mine org.apache.subversion.svnserv.plist

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
< ?xml version="1.0" encoding="UTF-8"?>
< !DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" 
"http://www.apple.com/DTDs/PropertyList-1.0.dtd"> 
<plist version="1.0">
<dict>
    <key>Debug</key>
    <false />
    <key>Disabled</key>
    <false />
    <key>GroupName</key>
    <string>staff</string>
    <key>Label</key>
    <string>org.apache.subversion.svnserv</string>
    <key>OnDemand</key>
    <true />
    <key>Program</key>
    <string>/usr/bin/svnserve</string>
    <key>ProgramArguments</key>
    <array>
        <string>svnserve</string>
        <string>--inetd</string>
        <string>--root=/Users/adyromantika/SVNRepository</string>
    </array>
    <key>ServiceDescription</key>
    <string>SVN Code Version Management</string>
    <key>Sockets</key>
    </dict><dict>
        <key>Listeners</key>
        </dict><dict>
            <key>SockFamily</key>
            <string>IPv4</string>
            <key>SockServiceName</key>
            <string>svn</string>
            <key>SockType</key>
            <string>stream</string>
        </dict>
    <key>Umask</key>
    <integer>2</integer>
    <key>UserName</key>
    <string>adyromantika</string>
    <key>inetdCompatibility</key>
    <dict>
        <key>Wait</key>
        <false />
    </dict>
</plist>

Things that need to be changed:

  1. Line 17: /usr/bin/svnserve needs to be changed to reflect your local installation.
  2. Line 22 needs to be changed to use your own repository root. This is not the name of the folder with “conf”, “db”, etc. folders but one folder up, so that your svnserve can serve multiple repositories.
  3. Line 11 is where you need to put the group name you want the svnserve process to run as. As you can see, I am lazy so I used the default group “staff”.
  4. Line 41 is where you need to put the username of you want the svnserve process to run as. I used my own user id which is not the best security practice but as I mentioned earlier, I am lazy.

Now that it’s done, copy the file to /Library/LaunchDaemons/ and run the command:

sudo launchctl load /Library/LaunchDaemons/org.apache.subversion.svnserv.plist

You are all set. Please note that since it’s launched on demand, you will not see the svnserve process running unless you are connected to the repository. You can simply use telnet to verify you get some kind of response:

adymac:~ adyromantika$ telnet localhost 3690
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
( success ( 2 2 ( ) ( edit-pipeline svndiff1 absent-entries commit-revprops depth log-revprops partial-replay ) ) )

If you don’t get a response or “Unable to connect to remote host” you may want to check the file /etc/services and see whether these two lines are commented:

svn     3690/udp    # Subversion
svn     3690/tcp    # Subversion

Good luck. If you are having issues please comment below and I will try my best to help.

Tak Nak – Really?

Tak Nak“, literally translated to “Don’t Want” is a tag line for Malaysia’s anti smoking campaign. In true sense it means “Say No To Smoking”. It’s a collaboration between the Government and a few other organizations.

I was lucky enough to have some time to recently visit the National Zoo of Malaysia (locally known as Zoo Negara). For the record, I have not been there for more than 20 years. To my surprise, I was welcomed with cigarette smoke and cigarette butts everywhere. Since it’s an open park people seems to think that it is alright to smoke in public.

The only no smoking sign was found at the corner of the ticket counter, and even then the security guard was smoking 1.5 meters away (welcoming visitors with tobacco smell). I’m amazed on how undeveloped Malaysians minds are.

Yes, I do smoke but I don’t smoke in public attractions or even restaurants where kids and women are around.

I am not trying to make enemies or humiliate anyone, so I will be applying “mosaic” to the faces.

The tiny No Smoking sign is on the glass, top right corner:

Ticket counter B

Continue reading Tak Nak – Really?