Shrinking VirtualBox Disk Images

On my MacBook Pro with minimal disk size (250GB) I had to install VirtualBox in order to run any kind of Windows, for emergency cases. I was able to install Windows Server 2008 in a 20GB dynamically expanding virtual disk image (VDI).

A couple of months back I also made a clone of my HP NX9010 hard disk, a Seagate Momentus 80GB drive using the dd utility and attach it to the same virtual machine. I don’t have a lot of time at hand so this will enable me to selectively back up the files on that drive, when I have some free time. I use that old laptop to play videos for my child.

After some time, the Windows Server 2008 VDI grew up to 11GB and the Momentus VDI stayed at 74GB because dd was copying it bit by bit. I needed to free up more space. My target was the Momentus VDI because it’s huge and I have already deleted (backed up) a lot of files in it.

As their name suggest, they are dynamically expanding so they will not shrink themselves. In VMware, you can easily stumble upon the “shrink” button in the tool. In VirtualBox, we need to use the command line utility VBoxManage.

It’s as simple as:

VBoxManage modifyhd Seagate\ Momentus\ 80GB.vdi --compact

*VBoxManage is run on the host machine, while the virtual machine is powered off (not suspended).

Running it without any preparation work will shrink the VDI a bit, too insignificant to even notice.

And so I used SDelete to zero all the unused space on the VDI, and ran VBoxManage again. SDelete needs to be run inside the virtual machine while it’s running.

sdelete -c d:

I managed to get the 74GB VDI to shrink to 23GB. Now that’s a significant reduction in size.

Still, I was greedy. I wanted to know whether fragmentation has any effect on the shrink-ability of the VDI. So I went into the virtual machine, ran defrag, ran sdelete, then I executed VBoxManage to compact the VDI.

Below was my final result. From 74GB to 5.1GB I was fully satisfied. I was also able to shrink the 11GB VDI that contains the OS to 9.7GB.

If you have questions/suggestions/feedback, please leave a comment.

WordPress 3.1 Upgrade

I am not going to announce or talk about the release of WordPress 3.1 as I know that most people already know it was released on 23 February 2011. I am also not going to talk about the features.

I would like to share problems that I encountered and how to fix them. Well, I only had 2 problems so far. These are not encountered while upgrading this blog you’re reading.

The first was the problem with no post on the main page. Depending on your theme, it might say, “Sorry no post matching your criteria”. Just after an upgrade, it’s scary to think that all posts are gone. But yeah I still have my backup.

Before you blame WordPress and jump to Blogger or such, you need to check whether you have disabled all of your plugins. Most often plugins are the reason errors occur after an upgrade. In each release, API and functions changes and while WordPress developers try to avoid backward compatibility issues, some of them are just inevitable.

The culprit for my problem was a sticky post plugin. In haste, I deleted all traces of the plugin on the server and in my local disk. Additionally I was working on another machine so I can’t recall the name of that plugin right now.

This was an upgrade from version 2.6. I heard that an upgrade from 2.6 to 2.7 will also produce the same problem by this plugin.

Sometimes, people do get totally blank page. The smartest thing to do is to enable WP_DEBUG in wp-config.php

define('WP_DEBUG', true);

While this line is not available in pre-3, it’ll work if you add it.

It’s also beneficial for the plugin issue I mentioned above. That’s how I found out that there’s a SQL error produced by that plugin.

The next problem I encountered was related to the database version. This might be published somewhere in WordPress documentation but I failed to find it. WordPress 3.1 requires MySQL 4.1.2 and above.

This was a manual upgrade from WordPress 2.8.4 via FTP. The good thing is that the public facing site was still working fine. I was just unable to access the administration dashboard.

By the way, my hosting provider has dedicated database servers with MySQL 4.0 – 5.0 options. 4.0 has been obsolete and this particular blog being upgraded was the only one using 4.0. So all I had to do was:

  • Create a new database in the 5.0 server
  • Export from 4.0 into a SQL file
  • Import into 5.0
  • Run the normal database upgrade screen

And everything was hunky-dory. It’s interesting to see that there are less total rows, and the addition of wp_commentmeta table:

Database for 2.8.4

Database for 3.1

If you are on normal cheap hosting with MySQL on the web server itself, you’re out of luck if the server only has MySQL 4.0. It’s time to move away.

So that’s it. Since there are a few more blogs in the upgrade process I might add more findings in this post as I come across them.

Good Bye MyBlogLog

I have just received an email from Yahoo! announcing the end of MyBlogLog service. It’s going to be discontinued effective May 24, 2011. Nice of Yahoo! to give us some time before terminating it for good.

However the link for help pages redirected me to this page: http://help.yahoo.com/l/us/yahoo/ysm/ll/featured/index.html, which I think is a mistake because it’s for “Local Featured Listings”.

Nevertheless, we thank you Yahoo! for a great service.

Google Authenticator Rocks

OK, “Google Authenticator” is actually the name of the smartphone apps provided by Google. What is it all about? It’s two factor authentication similar to the ones banks use to authenticate users to log in or to perform transactions. Corporate users might also have the same security method using smart card or RSA SecurID to log in to machines or connect to VPN.

The basic idea is simple, you will need your password and the code provided by the apps so that if your password is compromised the malicious user will not be able to log into your account. Plus, you’ll always have your phone with you so you will have this code when you need it.

Here’s how the app looks like on the iPhone:

The code changes in a few seconds (there’s a timer pie on the left that moves to show how long will the code will stay).

This 6 digit code, will be asked when you log in to Google services from the web browser. Don’t worry it will not be every time if you select it to remember trusted machines. It’ll be remembered for 30 days and after that I think it will be asked again (I have just started using it today so I am just guessing the behavior).

Before you Begin

If you use Google services in various places such as in mobile applications (e.g. Google Mobile App), desktop applications (e.g. Google Talk), and other places where two factor verifications aren’t coded yet, you will need some time to set up application specific passwords for each of them so that they will still work. More on this below.

How To Start

It’s easy to activate. One will need to navigate to https://www.google.com/accounts/SmSAuthconfig and follow the on screen instruction.

Official step by step instruction from Google is available here.

It’s a very simple and quick process. Once activated, all other applications not using two factor authentication will automatically be denied access (login fails) and they need to use the application specific password discussed below.

What if I lose my smart phone?

Google thought of everything. Upon signing up, you will be receiving 10 emergency codes to keep safe. These codes need to be kept securely, but accessible, for example in your wallet. Each of them can only be used one time.

You’ll also have the option use a backup phone number for an emergency code to be sent to you via SMS or an automated voice service. Cool eh?

Application Specific Passwords

While setting up two factor authentication takes maybe 2 or 3 minutes, entering application specific passwords may take some time. They each are 12 characters in length. They are used for applications such as Thunderbird, Outlook, mobile mail, GTalk, IM+ mobile app, etc. and the list is endless.

But it’s not that painful, compared to the security it provides (says a paranoid man).

For pictures from other devices (BlackBerry and Android) please head here: TechCrunch: Google Rolls Out Two-Factor Authentication For Everyone. You Should Use It.

So what about you? Are you jumping on the bandwagon? You should. Tell me your experience below.

Mac OS X: Modifying Stubborn Files Transferred From Windows

This is related to the previous post, where I had a lot of checked out Subversion working copies in my disk. They came from a Windows machine I used before I bought myself a Mac.

For your information, in a Subversion working copy, there will always be a hidden folder named .svn in each directory, and a bunch of files in them. Many files in there are read-only on Windows, and on UNIX or Mac systems they have read permissions set (-r–r–r–). They are supposed to be that way and only a Subversion client can work on them.

When attempting to update my working directory, my Subversion client refused to update the files because it can’t write to .svn/entries

Tested on: Snow Leopard 10.6.6
Known to work as early as: Tiger 10.4.x

The issue is not related to permissions or even Subversion. For some kind of unknown reasons, when read-only files are transferred from Windows, there is a special flag set on Mac OS X – the user immutable flag. When this happens, you will be receiving these:

$ chmod u+w entries 
chmod: Unable to change file mode on entries: Operation not permitted

As root:

$ sudo chmod u+w entries
Password:
chmod: Unable to change file mode on entries: Operation not permitted

However, root can delete the files. But I don’t want the files to be deleted. I merely wanted to update (and later add new and modified files to the repository) my working copy.

The simple solution to this is to use the chflags command to unset the user immutable flag:

$ chflags -R nouchg *

As simple as that, and you will be able to operate on the files again. In my case, my “svn update” operation went as smooth as silk.

Remember, the permissions of the file does not even matter. Even if it’s world-writable -rwxrwxrwx

For the record, I transferred the file via a USB drive (NTFS file system), and I have received reports that this is the same case if you transfer from a file share (Samba or Windows File Sharing).

I hope this saved you some time.

Starting Subversion Service on Demand in Mac OS X

Since I moved to a new home I didn’t let my Linux servers run 24/7 so that I can save on electricity bills. It’s not so much about moving homes but it’s about the tariff increase. My 500W and 400W power supplies can easily reach the max usage of around 300W each which translates to around 432kWh per month, costing me around RM123.55 (source: TNB Tariff). Money that can be better spent for my gadgets, craft items for my wife, or toys for my kid.

The last time my Subversion repositories were used, was in Feb 2009. Since the repositories are just files, I can easily transfer them to my Mac to use locally. For me, file history and ability to revert changes are more important that using the repository as backup. My Mac is backed up using Time Machine anyway so I am pretty much safe. I am obsessed with file history and proper branching in source code, sometimes I think I have a mild version of OCD. Seriously.

OK, now on to the technical part. I am unsure on how my machine is pre-installed with CollabNet’s version, but you can install it on your Mac using one of the available packages listed in Apache’s official Subversion packages list.

Tested on: Snow Leopard 10.6.6
Known to work as early as: Tiger 10.4.x

My version:

svn, version 1.6.5 (r38866)
   compiled Jun 24 2010, 17:16:45
 
Copyright (C) 2000-2009 CollabNet.
Subversion is open source software, see http://subversion.tigris.org/
This product includes software developed by CollabNet (http://www.Collab.Net/).

Please take note that the method I am going to show here is to allow access to Subversion as a service via the network. I like to prepare for future use for example allowing access from other machines. You can always opt for local file based access, http, https, and svn+ssh (and you will not need to do the steps below).

On Mac, you can have services launched as a permanent process or on demand using launchd – System wide and per-user daemon/agent manager.

In this discussion we will be running svnserve on demand, similar to running services via inetd on Linux.

It is fairly straightforward. You need to create a .plist file similar to the one below. I named mine org.apache.subversion.svnserv.plist

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
< ?xml version="1.0" encoding="UTF-8"?>
< !DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" 
"http://www.apple.com/DTDs/PropertyList-1.0.dtd"> 
<plist version="1.0">
<dict>
    <key>Debug</key>
    <false />
    <key>Disabled</key>
    <false />
    <key>GroupName</key>
    <string>staff</string>
    <key>Label</key>
    <string>org.apache.subversion.svnserv</string>
    <key>OnDemand</key>
    <true />
    <key>Program</key>
    <string>/usr/bin/svnserve</string>
    <key>ProgramArguments</key>
    <array>
        <string>svnserve</string>
        <string>--inetd</string>
        <string>--root=/Users/adyromantika/SVNRepository</string>
    </array>
    <key>ServiceDescription</key>
    <string>SVN Code Version Management</string>
    <key>Sockets</key>
    </dict><dict>
        <key>Listeners</key>
        </dict><dict>
            <key>SockFamily</key>
            <string>IPv4</string>
            <key>SockServiceName</key>
            <string>svn</string>
            <key>SockType</key>
            <string>stream</string>
        </dict>
    <key>Umask</key>
    <integer>2</integer>
    <key>UserName</key>
    <string>adyromantika</string>
    <key>inetdCompatibility</key>
    <dict>
        <key>Wait</key>
        <false />
    </dict>
</plist>

Things that need to be changed:

  1. Line 17: /usr/bin/svnserve needs to be changed to reflect your local installation.
  2. Line 22 needs to be changed to use your own repository root. This is not the name of the folder with “conf”, “db”, etc. folders but one folder up, so that your svnserve can serve multiple repositories.
  3. Line 11 is where you need to put the group name you want the svnserve process to run as. As you can see, I am lazy so I used the default group “staff”.
  4. Line 41 is where you need to put the username of you want the svnserve process to run as. I used my own user id which is not the best security practice but as I mentioned earlier, I am lazy.

Now that it’s done, copy the file to /Library/LaunchDaemons/ and run the command:

sudo launchctl load /Library/LaunchDaemons/org.apache.subversion.svnserv.plist

You are all set. Please note that since it’s launched on demand, you will not see the svnserve process running unless you are connected to the repository. You can simply use telnet to verify you get some kind of response:

adymac:~ adyromantika$ telnet localhost 3690
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
( success ( 2 2 ( ) ( edit-pipeline svndiff1 absent-entries commit-revprops depth log-revprops partial-replay ) ) )

If you don’t get a response or “Unable to connect to remote host” you may want to check the file /etc/services and see whether these two lines are commented:

svn     3690/udp    # Subversion
svn     3690/tcp    # Subversion

Good luck. If you are having issues please comment below and I will try my best to help.

Tak Nak – Really?

Tak Nak“, literally translated to “Don’t Want” is a tag line for Malaysia’s anti smoking campaign. In true sense it means “Say No To Smoking”. It’s a collaboration between the Government and a few other organizations.

I was lucky enough to have some time to recently visit the National Zoo of Malaysia (locally known as Zoo Negara). For the record, I have not been there for more than 20 years. To my surprise, I was welcomed with cigarette smoke and cigarette butts everywhere. Since it’s an open park people seems to think that it is alright to smoke in public.

The only no smoking sign was found at the corner of the ticket counter, and even then the security guard was smoking 1.5 meters away (welcoming visitors with tobacco smell). I’m amazed on how undeveloped Malaysians minds are.

Yes, I do smoke but I don’t smoke in public attractions or even restaurants where kids and women are around.

I am not trying to make enemies or humiliate anyone, so I will be applying “mosaic” to the faces.

The tiny No Smoking sign is on the glass, top right corner:

Ticket counter B

Continue reading Tak Nak – Really?

TM UniFi Downtime: Exercise Your Rights

If you are a UniFi subscriber, and live in the Puchong (plus Damansara reported by achmatibrahim via Twitter) area you might have already been aware of the downtime since yesterday afternoon (8 December 2010). At the moment I am writing this post, it has been more than 12 hours. TM is not actively informing users about this downtime and all we get is this from their Twitter account:

tmcorp-unify-down

I have just called the UniFi Center a few minutes ago and the guy who picked up the call was a sales guy. He tried to contact the technical department but he failed. At least that’s what he said. So he promised to call back with a ticket number. I think he will not call me until the whole thing is over. I will just lodge a report with MCMC.

At first, he told me that TM is aware of the downtime and it’s because of server upgrade. That’s a lame and insulting excuse. There is no announcement on the UniFi website.

Please people, if you are one of the affected subscriber please do your part by calling 1 300 88 1222 and insist on a ticket number for the downtime.

Even if it’s one day, for VIP5 package subscriber that’s already RM149/30 = RM4.97 and if every single person as mentioned in the tweet above makes a claim for rebate, that’s already costing TM the amount of RM9,940 in rebates. Don’t take it from TM that “it’s OK to be down if so many people are affected”. We pay for this service.

Don’t ask for a rebate when calling the UniFi Center but ask for a formal report to be done. With the ticket number, go to MCMC website and lodge a formal report. The direct link to the Aduan is here.

We need to send a message to TM that downtime will cost them money. Otherwise it’ll be as usual for every single service we have in Malaysia where we just sit and wait for the service to get back.

We need to make them go out of their beds and work on fixing the issue. I am serious about this. You can do your part.

Yes, I am getting old and like to rationalize instead of rant.

skmm-unifi-report

DiGi iPhone Page Has Wrong Modification Date via HTTP

iPhone 4 has just been launched in Malaysia, and I have also been closely following the progress.

Looking at SoyaCincau’s comparison between Maxis and DiGi, I was attempting to load DiGi’s page again. I have done this before.

Instead of talking about iPhone 4 itself, I am going to see why the page is showing me 3GS instead. Yes, I am a nerdy SysAdmin and it’s hard to change.

The page is here http://www.digi.com.my/iphone/getone_want_iphone_payment.html

Here’s the page in my browser:

digi-iphone-http

I was about to blame it on Maxis Broadband’s transparent proxy when I saw that it was a MISS from Squid. And then I saw the modification date is way in the past (highlighted above).

This is not something serious, but just in case you get the old page, clear your browser’s cache and you should be able to see the new page. Or, access it via HTTPS:

digi-iphone-https

Notice the last modified date makes much more sense now.

The technical explanation to this is because your browser sees that the page has not been modified and decided to show you the cache. It’s as simple as that. This may happen because of misconfiguration or something like that but as I said, this is not something serious.

I just hope those who has been seeing 3GS list can now see the updated 4 list.

Have I decided which provider I am going to choose? Well that’s a secret for now…

Google Instant, Anyone?

I saw quite a significant number of tweets mentioning Google Instant, and decided to check it out. Some people might already be aware of it or heard of it before but I am outdated, that I am willing to admit.

First, I went to the Official Google Blog where I saw Search: now faster than the speed of type.

Next, I tried it myself on Google homepage. It’s really impressive.

google-instant

However, if you use a flaky connection like my Maxis Broadband you might see this:

google-instant-off

It says “Google Instant is off due to connection speed. Press Enter to search”. It’ll behave like normal search.

Which also means that it can be turned off.

The prediction feature is quite nicely programmed too. Notice that its suggestions included the word “mac” because I am on a Mac. Not surprising since this is easily detected by the browser’s user agent string.

I bet the prediction considers many other factors too, including Geo-location.

I find it interesting that I can see this now, since in its tweet Google mentioned that “Google Instant is rolling out to people w/ Instant-capable browsers in France, Germany, Italy, Russia, Spain, U.K. & U.S.

So the next time you see it, don’t be surprised!

… and tell me how you like it!

Does Berjaya HVN Really Have Rights Reproducing Thomas & Friends?

My son’s current favorite series are Special Agent OSO and the Mickey Mouse Clubhouse. He sometimes still watches Thomas & Friends. He can recognize Thomas in Toys ‘R’ Us even from the entrance a hundred meters away.

I’ve been looking high and low for high quality, and updated DVDs for him to watch in the car. Yes, it’s how we keep him relaxed inside the car instead of running around dangerously in a moving vehicle.

A few months ago, I bought original DVDs with KPDN & HEP sticker on it. They are made by Berjaya HVN. I was, however very disappointed with the quality. The DVDs contained antique videos.

Take Thomas, for example the videos are from before the intro was changed:

Disappointed, I tried downloading the videos from the Internet but I ended up being warned for downloading copyrighted materials.

For those who are observant, you will see that in the earlier seasons of Thomas & Friends the characters are non-moving dolls (only their eyes move). In newer pictures, the characters are free moving characters. An obvious observation is the kid waving to Thomas on the bridge, with a bicycle next to him.

Very Old:

thomas-kid-bridge-older

Old: (more rounded edges)

thomas-kid-bridge-old

New: (the kid waves, and notice the quality of props)

thomas-kid-bridge-new

For those who are not familiar with Thomas, here’s a newer intro but not the latest (notice the kid on the bridge still doesn’t wave – it’s from Season 8 while current season is 13):

Here is a DVD I bought a few weeks ago, look at the year printed on the sleeve.

thomas-2010

Looking at this you probably think the DVD contains the latest series! But no it doesn’t.

thomas-2010-video

Now, HiT Entertainment’s website contains no email so I have to blog about it and hope someone will be able to discover this post.

With the bad quality of DVDs I am seriously wondering whether Berjaya HVN is really licensed to reproduce the DVDs. They are DVDs, but the quality is VCD quality.

thomas-2010-65years

I am disappointed. And you blame me for downloading pirated videos?

I know that I can tell whether the DVD contains the latest series but right now it’s impossible to bring along the complete printout of the list of production every time I go out. Maybe when I get an iPhone, but that’s a whole different story not for today.

And this problem is not only for Thomas & Friends. It’s the same for Mickey Mouse Clubhouse and Tigger & Pooh. So I haven’t been able to find any Special Agent OSO DVD locally. All of them are by Berjaya HVN – not only their own opening montage looks bad, the whole disc contains blurred videos and some even with embedded subtitles.

Or is it just because Malaysia is just behind in a few years? I find this unacceptable in the information age.

I probably should mention that the videos and images above are all copyright of Gullane (Thomas) Limited.

Maxis Transparent Proxy is Causing Problems to Developers

I had to transfer 2 WordPress blogs to another hosting provider last night, as the free one is going to expire today. It should be as easy as:

  1. Transfer the files
  2. Transfer the database
  3. Change DNS servers in registry to the new DNS servers
  4. Configure the new hosting location

In a few hours after the DNS propagation is finished I should be able to point to the new site. If not, I should be able to use the host file /etc/hosts to point to the new server and make sure it works well.

I’ve had the trouble with Maxis transparent proxy before when it was blurting out random errors to random sites.

Today, even when OpenDNS is already updated with the new IP (DNS propagation has finished), the transparent proxy is still outdated and points to the old server.

maxis-transparent-proxy-troubling-developers

I am sure if I call Maxis or even use its MaxisListens Twitter account, they will not even understand the concept of DNS.

The thing with transparent proxy is, as long as it’s HTTP traffic it will be going through it (not HTTPS), and it does not matter if I use a host file.

Oh well. I guess I can’t test this quickly right now except by using an anonymous proxy or connecting to an external VPN. Who appreciates time these days?

BTW, making modifications in domainregistry.my was very fun and it took me more than 30 minutes to modify one domain.

SMTP Smart Host Setup for Postfix in Snow Leopard

snow-leopard

PHP does not have any SMTP authentication mechanism in its configuration, and most developer opt for PEAR packages to perform email sending via custom ports and SMTP authentication.

I am one of those who will avoid using external packages as much as possible unless really necessary, and of course because I wanted a quick solution to my problem (or an excuse to be lazy).

By default, PHP sets SMTP as localhost and port 25. Under normal circumstances, this should be no issue as the built in Postfix will just connect to the destination server and delivers the mail. However, if your ISP blocks outgoing packets to port 25, the mail will go nowhere.

1. Enabling Postfix on Snow Leopard

Postfix is not enabled by default. You may choose to run it by default on system startup.

$ sudo vi /System/Library/LaunchDaemons/org.postfix.master.plist

Add before the closing </dict> tag:

  <key>RunAtLoad</key>
  <true />
  <key>KeepAlive</key>
  <true />

Start Postfix:

sudo launchctl
launchd% start org.postfix.master

You can test by using telnet on port 25 if you speak SMTP protocol.

2. Configuring Postfix to use a Smart Host

A smart host is also called a relay. This means that you need an SMTP account somewhere in the Internet to send the mail for you. With spam problems, open relays are identified in databases and are blocked by destination servers, so this means that legitimate mail servers requires authentication.

I used my Yahoo! SMTP account to help me send my test emails. Yahoo! allows for PLAIN authentication. The not so good thing about this method is that your password is transmitted plain text.

GMail is more secure and requires TLS authentication and this requires postfix to have SSL support but since I need this quick I have no time to research and find out whether it is. (Excuses, excuses).

i. Create a storage file for the password, for example /etc/postfix/relay_passwd

plus.smtp.mail.yahoo.com USERNAME:PASSWORD

ii. Secure the config file

$ sudo chmod 600 /etc/postfix/relay_passwd

iii. Create the hash database for postfix

$ sudo postmap /etc/postfix/relay_passwd

iv. Configure /etc/postfix/main.cf:

relayhost = [plus.smtp.mail.yahoo.com]:587 
smtp_sasl_auth_enable = yes  
smtp_sasl_password_maps = hash:/etc/postfix/relay_passwd  
smtp_sasl_security_options =

v. Restart Postfix

sudo launchctl
launchd% stop org.postfix.master
launchd% start org.postfix.master

You should be all set. Test sending an email from PHP.

BTW, if you’re wondering, if you are a Yahoo! Mail web user, chances are that you don’t have SMTP access. However, I have heard that some countries still do have free SMTP access for now.

Connecting to Exchange using Entourage via Outlook Web Access

I wanted to be able to use my personal laptop to check my work email, so that I don’t have to carry around the 3kg DELL beast all the time. Sure, I can use the Blackberry but typing long emails on it can prove painful especially with fat fingers.

I have VPN access, but Cisco (official) VPN client keeps on and on causing my Snow Leopard to crash (kernel panic). The built in VPN client used to work until some security changes were made to the VPN concentrators.

Googling around I found a helpful hint, to set up my Entourage to connect to my work email via the Internet (not having to connect via VPN).

entourage-exchange

All of the fields are self explanatory, but one field was the problem: “Exchange Server”.

If your organization has a “OWA” or Outlook Web Access, you can try entering <servername>/exchange/<your_full_email> into the field and see whether it works. For example if your OWA is owa.romantika.com and your full email is [email protected] you would use:

owa.romantika.com/exchange/[email protected]

One thing I have not figured out yet, is whether or not my organization has public facing LDAP server (for address lookups). Since this is not a standard configuration, the server names are unpublished anywhere. But since it’s available I guess it’s not against the rule.

Hope this helps. I can now check my emails from my Entourage, but that’s it. No VPN access.

BTW I think you can use the same technique with an installation of Microsoft Outlook too!

Error Compiling djbdns and daemontools

While attempting to compile djbdns 1.05 and daemontools 0.76 on a CentOS 5.5 I received the error:

/usr/bin/ld: errno: TLS definition in /lib/libc.so.6 section .tbss mismatches non-TLS reference in envdir.o

The problem can be eliminated by adding:

-include /usr/include/errno.h

In conf-cc files for each tarball. Don’t forget to install gcc first, if you have a basic installation.

By the way, please remember to follow the installation instruction for daemontools exactly as described or you’ll end up with the software somewhere undesirable. Well, you can change /package to be elsewhere. I stupidly did it on /root as a test so the svcscanboot process was unable to execute programs in the /root directory. They run as unprivileged users.

Although these software felt like really old-school to me, they have very small memory footprint and runs very fast. If you’re also looking into DNS, consider PowerDNS too, as it has very good statistical capabilities.