26 June 2006

Open File Security Warning: the publisher could not be verified

Stupid Microsoft comes to our rescue again to save us from ourselves.

I decided to update Windows just because I hadn't done it in so long. At some point I disabled automatic updates because I always regretted updating due to Microsoft's continous stupidity. Well, here we go again.

After the update - I also installed Internet Explorer 7 to see if they've made any CSS compatibility improvements - I started getting this message every time I opened a program on our shared network drive:

Open File Security Warning
The publisher could not be verified. Are you sure you want to run this software?


Well, I clicked on it, didn't I?

After stumbling around a bit, here is the solution that seemed to help me:

Control Panel, Internet Options, Security tab, Local Intranet, Sites, Advanced, add \\Server\share as a website to the "zone".

It adds the drive as "file://server" but it seems to help prevent the pop-up from occurring.

There is also this option that may help with programs on a local drive:

Control Panel, System, Advanced, Performance Settings, Data Execution Prevention...

You can turn DEP on for everything "except those I select", and manually add them to the list.

Changing the DEP setting requires a reboot. Of course.

Could the beast get any more bloated and cumbersome?

21 June 2006

Cisco VPN Client on Fedora Core 5

I finally got around to getting my Cisco vpnclient working again after upgrading from FC4 to FC5. After the upgrade and a reinstall of the vpnclient, I was getting error messages like this:

# ./vpnclient_init start
Starting /opt/cisco-vpnclient/bin/vpnclient: insmod: error inserting '/lib/modules/2.6.15-1.2054_FC5/CiscoVPN/cisco_ipsec.ko': -1 Invalid module format
Failed (insmod)


I read elsewhere that this means it needs the linux headers, which would be the kernel-devel package. You can find out the kernel version you are running like this:

# uname -rm
2.6.15-1.2054_FC5 i686


I didn't know of an easy way to install automatically using yum since I'm not running the latest kernel version and yum wanted to install the newest package that doesn't match what I'm running. So...

I downloaded the kernel-devel rpm that I needed and then did a localinstall using yum:

yum localinstall kernel-devel-2.6.15-1.2054_FC5.i686.rpm

Did a reinstall of the Cisco vpnclient, ran the init.d start script as suggested by the installation notes, and - hooray! - it works again.

I'm running this version of the Cisco client, which was itself a pain in the ass to obtain because Cisco won't let me download it from them even though I've registered with them:

vpnclient-linux-4.8.00.0490-k9.tar.gz

I guess I'll wait and see if I get to go through all this great fun again next time I update my kernel...

07 June 2006

Fedora Core 5, Openldap address book and ldbm vs. bdb

I make attempts at using Openldap as an address book running on my Fedora linux box. It works, for the most part, but ldap is clearly built to be more than just a simple address book server. Because it is by no means user-friendly, setting it up and maintaining for this simple use is a challenge. There's just not an easy way to tie everything together and keep the address book entries up-to-date on the server. Someone please show me an address book application that will update ldap.

I occasionally tinker around with perl scripts and such in a meager attempt to make something useful. Right now it involves exporting my Palm Desktop address book entries to vcard format, and running those through a web-based perl script to convert them to ldif and ldapadd them to the DB.

Anyway, I recently upgraded from Fedora Core 4 to FC5 and noticed later that my ldap was acting funny. By funny, I mean this: from Thunderbird, name lookups would only find anything if I entered 3 characters or less. For example, "h", "ha", and "har" would find "harold", but "haro" would not find anything. From the Mac Address Book, it would never find anything.

I also received a warning at startup about using an ldbm database. So... I figured this would be a good time to switch over to using bdb since that seems to be what most posts talk about on various ldap forums.

The switch was not as easy as changing "database ldbm" to "database bdb" in slapd.conf and restarting. When I did this, I got errors. First, this:

bdb_db_open: Warning - No DB_CONFIG file found in directory /var/lib/ldap: (2)

So, I copied DB_CONFIG.example to DB_CONFIG and put it in /var/lib/ldap.

Then, I got errors like this:

Checking configuration files for slapd: bdb_db_open: db_open(/var/lib/ldap/id2entry.bdb) failed: No such file or directory (2)
bdb(dc=mydomain,dc=com): Unknown locker ID: 0
backend_startup_one: bi_db_open failed! (2)
slap_startup failed (test would succeed using the -u switch) [FAILED]
stale lock files may be present in /var/lib/ldap [WARNING]


Where do I get an id2entry.bdb file?

I decided to start from scratch. I started by uninstalling openldap-clients, openldap-server, openldap-devel from my server. But stopped short of removing openldap when it complained about something like 150 other packages that were dependent on it. So, instead, I deleted all the files from /var/lib/ldap and forced a reinstall of openldap. Then, reinstalled all the packages I had removed. My guess is that the only step I really needed to do was to remove the files in /var/lib/ldap.

Then, I put the DB_CONFIG file back into /var/lib/ldap, restored my slapd.conf, and what-da-ya-know? It started right up.

Repopulated my database and it all works great now.

Google searches on the ldap errors didn't help much. Anything I did come across was vague and spoken like you don't have any business messing with ldap unless you are already an expert. But, unless I'm missing something, Openldap is the only free option available to use as an address book server. And it really doesn't need to be so mystified to keep people like me from trying to use it.

Now that it's working again, I plan to try to get it to play nice with Mac Address Book. There seems to be a problem with the default schema mapping that causes fields to be missing in Address Book. And then, I just need to come up with a solution to keeping the damned entries updated and synched.

06 June 2006

MySQL foreign key notes

View foreign keys:
show table status from db_name_here like 'table_name_here';

Create a foreign key:
ALTER TABLE `db_name_here`.`table_name_here` ADD CONSTRAINT `fk_foreign_key_name` FOREIGN KEY `fk_foreign_key_name` (`key_id`) REFERENCES `foreign_table` (`id`);

Canary Hotspotter didn't detect my network

I just received my Canary Wireless digital Hotspotter yesterday. I had already read on their website that the hotspotter will not detect all networks because of the way some wireless routers transmit their information. Well, my home router - a Linksys BEFW1154 seems to be one of the ones that doesn't work.

I'm not surprised - I've had some strange problems with this router, and I would really like to replace it with something newer and faster. This is just another strike against it, I don't blame the hotspotter.

The hotspotter itself is a cool little device and I'm anxious to put it to work around town. I'll post more about it after I've had a chance to break it in...

If you are running php, and get the following error trying to connect to an MySQL database

Warning: mysql_connect(): Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2) in /server/web/path/common/mysql.class.php on line 40
2002 : Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)



Check your php.ini file for the following line and make sure it points to the correct MySQL socket file:

mysql.default_socket = /var/lib/mysql/mysql.sock