We’ve been having problems with Microsoft Office Format files opening as read only from our NAS here on Fedora 10 clients. OpenOffice 3 creates file locks on opening the file, resulting in users being unable to save files.
On doing some reading, this can be alleviated by mounting the share using cifs rather than smbfs. On the client machines we have created a folder in media called N (mkdir /media/N), then mounted using the following:
mount -t cifs //10.204.6.5/N /media/N -o username=<username>,password=<password>,rw,iocharset=utf8,nobrl,nounix,sfu,file_mode=0777,dir_mode=0777
note the nounix option – this prevents the file locks from causing problems within OpenOffice. The sfu option preserves the date and time modifcation values.
Following a reboot (which is rare) I had problems connecting to our Exch 2003 server via Evolution in Intrepid – it simply wouldn’t authenticate. I deleted the mailbox account and tried to recreate, populating all the fields…..to be greeted with an “Exchange Account is Offline” message.
Following this I ran evolution from the command line – the output of which was:
e-data-server-ui-Message: Unable to find password(s) in keyring (Keyring reports: No matching results)
e-data-server-ui-Message: Key file does not have group ‘Passwords-Exchange’
I checked available keys in my keychain and the correct keys were there – along with appropriate passwords….
The I stumbled across the following bug report:
Where I found this comment from Timothy Alexander:
“Something that worked for me was clearing the “mailbox name” under exchange settings, and reauthenticating on that page. The auth went through fine, and it filled out the mailbox again (exactly the same way) but after a restart of evolution it worked fine.”
I tried removing the mailbox name and clicking authenticate, was greeted with the usual errors, but following a restart of evolution it worked!
For a while I’ve been fighting the good fight with poor stability using the webDav Exchange connection in Novell evolution. This has now been replaced with a more functional solution (proper native MAPI support) in Ubuntu 8.10 and will be soon in Fedora 10 with OpenChange.
Finally, Evolution is behaving as you might expect it to when connecting to an Exchange server – the improvements are immense, both in stability and functionality.
The OpenChange site is here for more information:
Hopefully this will be an end to using a buggy interface and the all to frequent crashes, along with the curse of occasional missing mail items. I’ve only been using it for a day, but already I’m loving it!
It looks like following Dan Kaminsky’s exploit being made public the first attacks have been reported on DNS servers:
I can’t believe that there are many people out there who haven’t yet patched their DNS servers……but it’s worth checking on the Doxpara site (http://www.doxpara.com/)
…that is, of course unless you’re DNS has been hijacked and you are being sent to a spoofed doxpara site
Still bad news for those running Mac DNS servers as Apple still haven’t released a patch, although apparently the Bind team have stated that the BSD version of the patch can be ported….
Further info here:
Firefox 3 is now well and truly into it’s beta phase, and one of the headline features is the way that it handles invalid SSL certificates.
I first noticed this when building a test environment to trial a few different web-based CRM systems, and I’ve got to say that there are some big pluses to this.
SSL certificates are cheap now and really for any commercial site out there, there should be no excuses for not using a real certificate. Windows Vista has proved that if you present users with a dialogue box enough times they will just habitually click through without second consideration, thus making them vulnerable to a plethora of security woes. This is a big security step forward and will hopefully encourage businesses out there to pull their socks up when it comes to using valid certificates (the biggie is likely to be the ability to use self signed SSL certs in Exchange/OWA!)
There is a method of bypassing this (if needed for testing purposes). For example, I am wanting to test a site in a lab environment, therefore my vulnerability to man-in-the-middle attacks is absolutely zero….
You can go to Preferences->Advanced Preferences->Encryption->View Certificates->Add Exception and then get and approve the certificate for your server…
Commentary with the Firefox developers is available here: https://bugzilla.mozilla.org/show_bug.cgi?id=431827
….and a good explaination of the reasoning behind the fix here:
Bit of an awkward fix, unfortunately, as this involves having access to a Windows/Outlook setup, but to add a Public folder that exists on Exchange, it needs to be bookmarked as a favourite for Evolution to pick it up.
For example, we use a public folder for shared (company-wide) contacts here. To add the folder I just log onto my account on a Windows machine, then added that public folder as a favourite.
After logging out of evolution and back in, I could then see these “public” contacts under the contact folder (CTRL+2).
Occasionally you find a piece of software that makes life infinitely easier….this has been a very good week, I’ve found 2!
I’ve just installed GLPI as a trouble ticketing system to assist with management of workflow and to track recurring faults. It’s an open-source, web based tool that uses apache, php and mysql to track issues and produce good quality reports.
It seems extremely stable in trials so far, but I will keep on using for the next few weeks before I roll out to users in our organisation for fault reporting.
Available from here: http://www.glpi-project.org/spip.php?lang=en
The next find was a tool called OCS Inventory. It’s another web/mysql app that is used for asset management. The useful thing about this tool is that it uses an agent installed as a service on workstations that can be deployed using a login script. This then updates the server on workstation boot with an abundance of information about the workstation, such as hardware info, serial number, installed software, installed printers, logged on user, etc
This has turned into a real time-saver for me! It’s available for download from http://www.ocsinventory-ng.org/
Managing a Windows environment (2 separate domains, one running a couple of 2003 Servers and Exchange, the other running SBS2003), there are times when I need to run a Windows client. Not least because the management tools required for our PBX phone systems (an Avaya IP Office and an Alcatel OmniPCX), our CCTV system (RMC), our photographic archive (iBase), our EPOS system and Sage Line 50 require windows to run and Wine is insensitive to. There are various other windows specific tools that effectively mean that I need a functional copy of windows to work, rather than beng able to switch over to linux as my sole desktop machine.
At the moment I use a KVM switch to swap between the 2 desktops I use (one is XP the other Ubuntu Hardy Beta). I spend about 99% of my day in Ubuntu, but can’t escape windows completely….this means 2 machines under the desk – which at best is not very environmentally sound, and at worst is downright inconvenient.
The solution? well a virtualised copy of Windows running on the Linux box is the obvious solution, but what about all the apps and data accumulated on the Windows machine over the last x years…..this may seem like a small concern, but it would take a LONG time to reinstall these apps – because of the custom nature of them they are heavy on configuration time, and while they could be installed, it would be a pain in the backside….
Along come the nice people at VMWare though with the Vmware Converter (http://www.vmware.com/products/converter/) a tool that simply installs and then allows you to convert a physical install of an OS into a Virtual OS that can then be opened in VMware Workstation, Server or Player!
While it is designed to allow for the virtualisation of server environments this is the perfect solution for the likes of myself who still need to use Windows apps, that aren’t Wine compatible but REALLY want to ditch the spare Windows machine sat under the desk…
Working for a number of clients, it’s surprising how many people assume that an email sent is secure by default. The number of people (including e-commerce providers) who feel comfortable sending (and requesting) credit card information via email is quite shocking…
It’s worth clarifying that sending an email is the digital equivalent of sending a postcard….anyone, on any number of the hops between the sender and the recipient, could read the contents of that email with relative ease, in the same way that if you sent a postcard, anyone en route between the sender and the recipient who handles that card could read the contents. Worse yet, there are methods of spoofing (pretending to be) the recipient mail server – causing all emails that are destined for the recipient to be captured then forwarded on without the recipient even knowing that this has happened….
There are methods of securing email, however – one of these is worth noting as a free solution – GNUPG http://www.gnupg.org/ and it is worth considering if you need to send any information that you feel is sensitive. GNUPG can be used for digital signing of emails (proving that the email is really from you) and also for the encryption of emails using a private key pair.
There are resources on the use of GNUPG on the site, and it can be used on a variety of platforms (Windows, Linux, Mac) etc.
Found an interesting video detailing how to beat disk encryption on a number of platforms…
The attack relies on the fact that once a machine is switched on and the encryption key has been entered, the key is then stored in RAM. By initiating a quick reboot, and then capturing the contents of the RAM, the key can be extracted and thus data compromised…..