About this blog…

I am employed by Netnod as head of engineering, research and development and am among other things chair of the Security and Stability Advisory Committee at ICANN. You can find CV and photos of me at this page.

As I wear so many hats, I find it being necessary to somewhere express my personal view on things. This is the location where that happens. Postings on this blog, or at Facebook, Twitter etc, falls under this policy.

The views expressed on this post are mine and do not necessarily reflect the views of Netnod or any other of the organisations I have connections to.

How I manage my email

Lately I have not only got questions how I can handle all email I get, but also seen people more or less give up on the flow of email they get. Based on that I decided to describe how I manage my mail.

My email management consists of a few different building blocks, and each […]

TextMate will not launch

I have had some problems with TextMate, but I did not know when it started. Probably since my last reboot (which would in fact be a correct guess) but since I do not reboot my mac very often I have no idea when it really started. I thought it had something to do with some […]

Adobe CS or something else?

I was notified in Twitter that my friend Rikard Nilsson was installing Adobe CS 5.5.

Rikard tweets

My response to that was of course “Why?” and he then stated he was doing it just because he has always done it.

I have myself as well just followed the stream, because I thought I […]

iPhone not detectable by iTunes

I managed to solve a problem that might be something that one of you encounter as well.

I installed a new MBP fetching with migration assistant stuff from a MBAir. On the air, XCode was installed. On the MBP after migration XCode was not available (one of those things Migration Assistant do not migrate properly, […]

Python 3.2.1 on MacOSX 10.7.1

Getting a proper version of python 3.x installed is not as easy as it has been earlier. First of all, you need the Developer package installed (again). This you do by installing XCode 4.x from the MacApp store. I thought I had done so, but could still not find gcc etc in my path. Some […]

Password recovery on VMWare ESXi 4 – problems with tar

One of my VMWare servers had a master password (to the VMWare console) that I had forgot. I.e. I had forgot to write it down, and not had any need to access the console for a while.

Started to look for a routine for password recovery, but after quite a lot of searching, I found […]

ServerAdmin and manual editing of Apache Config

I had an example of problems with ServerAdmin yesterday. I have one server (using Django) needing special settings for the Python environment. I have added that manually via two LocationMatch statements in the Apache Config for the site in question. Remember (or note) that the order of those LocationMatch statements do matter for Apache.

One […]

Large amount of email, or?

When I a few minutes ago checked mail, I watched the progress bar, and was chocked. If the number was correct, some people on a mailing list would have sent some trillions of email messages in just 30 minutes or so. Impressive. I did not know my mail server could handle that.

When […]

MacOSX 10.5 as VPN server

I am running some MacOSX Servers, and got a question from a friend whether I could terminate VPN connections that he was interested in. He runs Windows XP, and according to what one can find on the web, this should be no problems at all. Now I know that was really last famous words, but at least it works now. Let me tell you about the not so well documented issues. First of all, do activate the VPN service in Server Admin. As you can find with Google, Windows XP uses PPTP, so that is where the interesting stuff happens. Enable PPTP, and allow 40-bit encryption keys in addition to 128-bit, use MS-CHAPv2 as the PPP Authentication mechanism. First not very well documented issue is that the start and end IP addresses must indicate an interval of IP addresses the VPN terminating server see locally (that it can proxy arp for). I.e. IP addresses on the same subnet as the external interface on a host (like mine) that only have one IP address. Btw, I have always taken for granted this only works with IPv4. My host have IPv6 as well, but all of this is only IPv4. So, check for an interval of IP addresses on the same subnet as your VPN server itself, and indicate that interval in the PPTP settings. Getting the VPN termination box to also do NAT via the NAT service is something I have not succeeded with. I was hoping the VPN would end up as a virtual interface in the NAT settings, but no, that is not happening. Second thing that is not very well documented is that what happens part from starting the VPN service is that first time you launch VPN (or maybe when you activate the service), two (2) more things are happening:

  • An entry is added to your OD server
  • An entry is added to the System Keychain
  • I found I had to remove these, and add both with the terminal, i.e. manually. As many things (unfortunately) in the MacOSX Server automatic GUI settings, they take for granted the scenario one have is pretty simplistic. Because of this, before you start the VPN service (or after you stop it, as you of course have already started it when reading this), remove all users in OD that have the name of VPN MPPE Key Access User. Sometimes you might have managed to get more than one of these, so although you are doing “Delete” in Workgroup Manager, it might look like if nothing happens. Just do this until there is nothing visible there. You should also remove all keys in the System Keychain (that you can access via Keychain Access) that have the name ending with com.apple.ras. Just remove them. As far as I understand, they are used for exactly this and nothing else. When both OD entry and keys are removed, we have to create them again, and that is done with the command vpnaddkeyagentuser. The interesting thing here (that is not very well documented) is how to run the command. The manual page say you should do:

     vpnaddkeyagentuser directory_node_path 

    And the example given is:

     To add the keyagent user to the Open LDAP master on the local machine: vpnaddkeyagentuser /LDAPv3/ 

    The key here is that if the LDAP master is not on the local machine, then you MUST include the hostname of the LDAP server in the path. Using IP address does NOT work. So if your LDAP server is ldap.example.com, your command is:

     sudo /usr/sbin/vpnaddkeyagentuser /LDAPv3/ldap.example.com 

    You will then be prompted for the password that enable sudo, and then username and password for a user that has access to add users to the LDAP database. What is normally called the diradmin in other documentations. You can check with Keychain Access and Workgroup Manager afterwards that the key and the user was added. If you do not get explicitly a prompt for the username and password for a directory admin user, something went wrong. Start over, and ensure you give the command correctly. There is no error messages at all. That should do the trick, as long as you manage to configure XP correctly, something I leave as an exercise for the reader. […]

    USB and FireWire

    So I have this external USB/FW drive that I use for TimeMachine on my mac. I have (unfortunately) some other data on that as well. Day before yesterday it just stopped working, making the Finder unresponsible. I had to leave my hotel room in Hyderabad, so I yanked the cable. Bad thing, but what should I have done? I think the damage was done already. End result is that the drive is not visible. I see with USB Probe (part of Developer package) something on the USB bus that is suspended. Also, the drive does not turn off and stop spinning when the computer is turned to sleep. Indication that it might hopefully be a state problem in some machinery somewhere. Anyway, I then thought I could try FireWire access instead, if it is the USB driver on the disk that is confused. So I borrowed a FireWire cable of my friend Kurtis. Cool, if it was the case I had something to connect the cable to in the other end. Lesson learned: If you want to connect something via a cool interface, ensure you have not only the cable, but also something to connect the cable to in the other end. […]