Categories
Computers Mac

Mac OS X “svn” client doesn’t know about common CA certs

I recently stumbled across a problem with Mac OS X Leopard’s “svn” (Subversion) client which doesn’t know about common root CAs (such as Thawte in my case,) even tho they are in the system keychain (which you can view using “Keychain Access.”)

It turned out that it only uses the certificates it find in /System/Library/OpenSSL/certs.

The strange thing is that the Thawte certificate in fact is already present on Mac OS, but it’s inside /usr/share/curl/curl-ca-bundle.crt, which svn doesn’t know about. So what I did to make it work is the following:

I extracted the certificate from /usr/share/curl/curl-ca-bundle.crt and copied it to /tmp/thawte.pem. I then determined the hash of the certificate as follows and created a link to the original certificate bundle (as superuser!):

#openssl x509 -in /tmp/thawte.pem -noout -hash
ddc328ff
#ln -s /usr/share/curl/curl-ca-bundle.crt /System/Library/OpenSSL/certs/ddc328ff.0

Voilà! Now I could connect to our Subversion repository without receiving a warning like the following:

Error validating server certificate for 'https://our.repos.de:443':
- The certificate is not issued by a trusted authority. Use the
fingerprint to validate the certificate manually!
Categories
Computers Mac WTF

MBP: Internal keyboard and trackpad lock-up

I just had another annoying problem with my MacBook Pro 4.1, running Mac OS X 10.5.6.

I left the machine unattended for like 10 minutes or so, and when I came back the screensaver was active. Sliding a finger over the trackpad wouldn’t produce the log-on dialog, nor would pressing keys on the internal keyboard. The machine was not crashed, however, since the screensaver animation was still running. What was even more strange is that the “Power on/off” button would work — when I shortly pressed it, the log-on prompt would appear.

Fortunately my view fell upon an external USB mouse, which I immediately tried. Voilà! I could move the mouse pointer with the external mouse, but the trackpad and internal keyboard were still dead.

I then attached an external keyboard, and that one also worked.

Back in Mac OS X I stopped all running applications, and restarted the MBP. Afterwards, all was fine again.

What the heck is this??? I thought Mac OS X was famous for its stability and reliability?! Is that what makes it “superior to Windoze” (according to a considerable fraction of Mac users)???

Categories
Computers Debian Linux

Courier IMAP: Could not log in after Debian 5.0 upgrade

After I had upgraded my server to Debian 5.0, I found that I could no longer log in via IMAP. I turned authentication debugging on by changing /etc/courier/authdaemonrc as follows:

DEBUG_LOGIN=1

This did not reveal any problems. Here’s an excerpt from mail.info:

authdaemond: received auth request, service=imap, authtype=cram-md5
authdaemond: authmysql: trying this module
authdaemond: cram: challenge=[...], response=[...]
authdaemond: cram: decoded challenge/response, username 'user@example.org'
authdaemond: SQL query: SELECT username, crypt, clear, uid, gid, pop, "",
  "", realname, "" FROM users WHERE username = 'user@example.org'
authdaemond: cram validation succeeded
authdaemond: Authenticated: sysusername=<null>, sysuserid=1000,
  sysgroupid=1000, homedir=/home/user/var/mail/example.org/user,
  address=user@example.org, fullname=Joe User, maildir=<null>,
  quota=<null>, options=<null>

Even though all seemed fine, Thunderbird complained about “server doesn’t support secure authentication.”

So I telnetted into my IMAP server by issuing telnet localhost imap and manually logged in as follows:

a login user@example.org thePass

Now I noticed immediately what was wrong:

* BYE [ALERT] Fatal error: Account's mailbox directory is not owned
  by the correct uid or gid:

The solution is that Courier now by default performs stricter checks on the “sanity” of your setup. I changed /etc/courier/imapd as follows, and all was fine again:

IMAP_MAILBOX_SANITY_CHECK=0
Categories
Computers Debian Linux

SVN database broken after Debian 5.0 upgrade?

After I had upgraded to Debian 5.0 SVN told me its database was broken. I googled for this problem and quickly found the solution:

svnadmin recover /var/lib/svn

This did the trick!

Categories
Linux WTF

Gallery2 not in Debian 5.0?!

When I upgraded to Debian 5.0 lately I noticed that there is no Gallery2 package anymore in Lenny. So I asked the Debian maintainer about this.

Here’s what he replied:

Gallery 2 is not available in Lenny due to large amount of differences between the previous version and 2.3-1 from unstable. The release team and I decided not to include Gallery 2 in stable due to this disruptive change late in the release process. The gallery2 package from sid can be installed via pinning.

WTF?! 🙁

Categories
Computers

Startled by “component device mismatches” on RAID1 volumes

I was startled today by a message in syslog that seems to point to a problem with my RAID1 volumes:

Mar  1 01:13:54 server mdadm[961]: RebuildFinished event detected on md device /dev/md3, component device  mismatches found: 512

This value is reflected in the following counter:
root:/etc/mdadm# cat /sys/block/md3/md/mismatch_cnt 512

I tried to clarify this by googling around, but I found no definitive answer whether this is an actual problem or not. However, I found a way to resync the MD components so that no mismatches remain:

root:/etc/mdadm# echo repair >> /sys/block/md3/md/sync_action

After you execute the repair you will notice that the counter shows the same number of mismatches again:

root:/etc/mdadm# cat /sys/block/md3/md/mismatch_cnt 512

This was to be expected — because the repair corrected (and thus encountered) this number of mismatches. So, if you force a check again, the counter should be down to 0:

root:/etc/mdadm# echo check >> /sys/block/md3/md/sync_action
root:/etc/mdadm# watch cat /proc/mdstat
[wait until check is finished]
root:/etc/mdadm# cat /sys/block/md3/md/mismatch_cnt
0

Categories
Computers

Beware: WordPress 2.5.1-6 is broken in testing (aka “Lenny”)

I just noticed that WordPress is broken since I upgraded it yesterday to Debian’s version 2.5.1-6 from testing. 🙁

Therefore I downgraded to 2.5.1-5 and cross my fingers that the Debian guys issue an update fast.

Someone else also posted about this already…

Categories
Mac WTF

“Burn VIDEO_TS folder to DVD” nightmare

I had a VIDEO_TS folder with VOB files that I wanted to burn to a DVD in order to be able to play it on our DVD player.

The first step was to create an ISO image. This can be done with a tool that comes with MacOS. Open a terminal and enter the following:

hdiutil makehybrid -udf -udf-volume-name "<volume name>" -o /target/image.iso \
    /path/to/parent/folder/

Make sure you specify the folder that contains the VIDEO_TS folder as the source folder in the above command line. Parallel to the VIDEO_TS folder you should also have an (empty) AUDIO_TS folder. Also make sure that there is no .DS_Store file (remove from terminal if present.) And note that the above is one logical line (the \ is a line break).

So, how do you write the ISO file to a DVD?

Continue reading ““Burn VIDEO_TS folder to DVD” nightmare”
Categories
Computers deutsch WTF

Sinnfreie Geschäftsmails…

Während meines Urlaubs erhielt ich von einem großen und bekannten deutschen Domainanbieter folgende Mail (Auszug):

Wie Ihnen sicher bereits aufgefallen ist, haben wir die für den 14.07.2008 angekündigte Lastschrift der Rechnung <XY> bisher nicht durchgeführt. Durch die Umstellung auf eine neue Finanzbuchhaltungs-Software haben sich die Lastschriften im Monat Juli leider verzögert, so dass wir den Betrag von 0,00 Euro erst zum 08.08.2008 einziehen werden.

Diese Nachricht hätte man sich nun wirklich sparen können — ein kleiner Test, ob die Rechnungssumme größer Null ist, hätte den Zweck schon erfüllt.

Wer selber solche oder ähnliche Nachrichten erhalten hat ist herzlich eingeladen, sie hier (in anonymisierter Form) zu posten!

Categories
Mac WTF

Cisco’s VPN Client is crap…

I suddenly had a problem on my Mac that I couldn’t start the VPN client anymore — “Error 51” was the only thing I received.

Google pointed me to this site where I found some very helpful advice.

Thanks!