Monday May 26, 2008

SSH with Kerberos? No!

In the last few days, my SSH connection from home to office is very very slow. However, when it's connected, the speed is not so bad. After some -vvv debug, it seems the SSH client waste a lot of time before showing a line "Cannot resolve network address for KDC in requested realm". What? SSH is using Kerberos? That's bad.

Well I have done some Kerberos programming jobs recently on this computer, but I never meant to tell SSH to use it. Finally I add these 2 lines into ~/.ssh/config, and now it's much faster.
Host \*
GSSAPIKeyExchange no

Saturday May 24, 2008

NetBeans with SoyLatte: The Missing Menu Items

If you also use SoyLatte to run NetBeans, you'll notice that there's no menu items for Exit, About and Options. Normally, Mac programs put them into the application name menu. With SoyLatte, NetBeans runs in the X11 window environment, where the application menu belongs to X11.app.

This is how I add them, the easiest way:
  • Open the Tools | Plugins dialog, select the Setting tab, and click "Proxy Settings"
  • Options dialog appears, click "Advanced Options" at the lower left corner
  • Expand "IDE Configuration | Look and Feel | Actions", locate "System | Exit", "Help | About" and "Window Options"
  • For each of them, right click and choose Copy, expand "Menu Bar" under "Look and Feel", choose a menu, right click and Paste.
  • Again, right click on the menu name, choose "Change order", position the newly added items to a nice place.
Done.

Friday May 23, 2008

cronjobs on Ubuntu

There's some network problems in the office, and my cron jobs are interrupted. In syslog, after the last successful CRON call of my job (at May 21 21:58:01), I see one hour of "CRON[4428]: User not known to the underlying authentication module", and after that my cron jobs never appears in the log anymore. That's about 36 hours ago. Yesterday I've been working using this account on this machine for the whole day, so there's no authentication problem anymore. It seems cron just never resumed from the failure.

Have to run "sudo /etc/init.d/cron restart".

BTW, the account is a NIS one. The Network is the Computer™.

Edit HTML in Google Docs

Just tried "Edit HTML..." of Google Docs. Ouch! I haven't seen this fat ugly HTML for a long time ever since I saved as HTML in Word 97 ten years ago.

Thursday May 22, 2008

hg clone on NFS

"hg clone" is very very fast if the target volume is a local disk. If it's on NFS, even if it's on a very very fast LAN, the speed degrades to less than 1/10. I guess it's because hg does huge amount of tiny writes.

Tuesday May 20, 2008

JSR 277 on modularity: JAM Hell?

I'm not an optimist, so when I read the JavaOne TS-6185 paper on JSR 277 and see the line "No more JAR hell", I simply ask myself: Will there be JAM hell? Soon?

Real computer scientists out there, please prove that either "DLL Hell" or "Assembly Hell" or "JAR Hell" is simply inevitable, every solution that claims to solve them is simply trying to hide the problem.

I'm not a CS major, so please correct me if I'm wrong.

Monday May 19, 2008

Nice IE

For the first time, I'm appreciating IE, for its adding of filter:gray CSS property.

Thank you.

Direct Internet Access in Office

Last Saturday, I found unable to SSH into my Linux box in the office, turns out we had a network upgrade at the weekend, and the NIS server's IP address got changed. I had placed static IP into /etc/yp.conf, therefore, a failure.

Fix the error this morning and it connects again. Another change is now that DIA (Direct Internet Access) is enabled. Solaris can ping external hosts directly. For Linux, update the hosts line in /etc/nsswitch.conf into hosts: nis files dns mdns.

Silence

Two minutes later, 14:28 Chinese time, exactly seven days after the earthquake in Wenchuan, there will be a three minutes slience all over China. Stand up!

Tuesday May 13, 2008

Wireshark Brings Down the Network?

I'm writing some network related codes now and would like to use Wireshark to see what's going on.

It's strange that anytime I start wireshark (using "sudo wireshark" to see the NICs) and press the capture button, the wireless network is brought down. The wireless menu icon goes gray, and when I try to reconnect, it reports a failure. However, I can turn AirPort Off and turn it on again to connect to the network again, and Wireshark works fine.

No idea why. I'm using Mac OS X 10.4.11 and Wireshark 0.99.7 with libpcap 0.9.4.

I Love This OpenSolaris



Yesterday evening I spend some time playing with the newly released OpenSolaris 2008.05 CD-ROM, and it's just so amazing!

I don't have a PC at home (not exactly, read the end of this post), so I try it out on my wife's ThinkPad notebook (she would not allow me to install a new OS there). Everything works so fine, although I don't like the continuous humming from the CD-ROM drive.

I feel satisfied at these points especially:
  1. Nice network support. It automatically find the wireless card, detect the access points, and ask me to choose one. After I choose one, and enter the password, it connects and shows me a new IP address as a balloon on the upper right corner.
  2. Nice sound support. Recording and playback all OK.
  3. Excellent out-of-box i18n support. The Firefox browser can display Chinese correctly and the IME (input method Editor) is already loaded so I can just choose Simplified Chinese and enter Chinese without any extra configuration.
I also notice an unexpected fact:
jack@opensolaris:~$ echo $PATH
/usr/gnu/bin:/usr/bin:/usr/X11/bin:/usr/sbin:/sbin
This is quite astonishing. OpenSolaris now chooses GNU tools as the default command sets, which means it's not compatible with the original Solaris. This can even be a nightmare sometimes. However, for Linux users, that might be the best news for them. Anyway I guess Linux users are the main people the new release is trying to attract.



I've just assembled my old desktop PC and started to install OpenSolaris there. Will need to buy a wireless network card for it.

Thursday May 08, 2008

IP addresses with VPN, and "kinit -xa"

I'm working from home now, connecting to the office network thru VPN. Running 'ifconfig -a' does not show the IP address for the VPN, although I can find it by using "who" in a SSH session into a office machine or simply look at the Shimo statistics pane.

But here comes a problem, Java's Kerberos uses the following method to fill addresses into the AS-REQ message when requesting the initial TGT from a KDC (which is in the office):
InetAddress.getAllByName(InetAddress.getLocalHost().getHostName())
and it cannot find the VPN IP. So if I use this TGT to request for a service ticket, an error is returned: Incorrect net address.

To solve this problem, I write a patch for Kinit.java in Java, creating a new option "-xa address" which adds an extra address into AS-REQ (this option can be provided more than once). The option "-a" is also added into Klist.java to print the addresses for a ticket. Everything works now.

BTW, I don't like the decision that Sun removed kinit and klist tools from JDK/JRE on Linux and Solaris. They're still very useful. On the other hand, on Windows, these tools exist. But any one who has downloaded MS's own klist.exe will find himself confused all the time: Sun's klist.exe shows ticket cache from the %HOME%/krbccc_xxx file, and MS's klist.exe shows the LSA cache, totally different content.

Wednesday May 07, 2008

Get Off the Stage! You Kindle Idiot.

I'm watching the replay of the first JavaOne General Session, and see this Kindle guy joining Rich Green on the stage, taking out his black and white book reader, demonstrating how stupidly easy it is to buy books online. After showing several Java books, quite carelessly, or at least it seems so, he shows another book, with the sketch of this man, of whom he speaks out the name on the stage:

Dalai Lama.

OK, so this guy hijacks a technical conference for 2 seconds because of his political bias and passionate love for a monk. He must be quite proud of living in a modern world and knows what the trend or fashion is these days.

Tuesday May 06, 2008

VirtualBox 1.6's Network Problem

Just upgrade to 1.6, all guests started but cannot talk to each other. They were connected into a shared "Internal Network" but now seems torn apart. XP cannot get a DHCP IP address from KDC. Even it's configured a static address, it cannot ping KDC.

I'll try to create another Internal Network and put them into this new one, hope this can solve the problem.

Update (2:18pm): Does not work. I finally reinstall version 1.56 and now they are running. I am a little suspect about what the issue really is. Because even after I install 1.56, the IP addresses go wrong once too. Anyway, for 1.56, a simple Repair inside the Windows guests solve all the problem, while in 1.6, I've tried anything I can but never got things right.

Friday Apr 25, 2008

Activating Windows'es inside VitualBox

Two months passed since my virtual lab switched to VirtualBox. Last night we have a power outrage here, and this morning when I restart the Windows guests inside, they prompt me for activations. Why not? I've been quite satisfied with these guys in the last 60 days.

The KDC is still not connected to the Internet. I have to add a new NAT interface to it and do the activation. Fortunately, the DHCP inside the office network nicely provides IP address, correct DNS, and a gateway. I was afraid that since I can do nothing on the Windows server except for activating it, any mis-configuration means I have to re-create the guest. Turns out everything is fine, and I have these 2 guests working now.

Don't want to touch the other ones, at least not now.
About

This blog has a comments managing system that requires me to approve each comment manually. Please do not re-post and I will reply it (if I have an answer) when I get pinged.

Search

Top Tags
Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today