Skip to content


STS-133 Artwork Released

NASA have released the artwork for the forthcoming STS-133 shuttle mission. The patch pays homage not only to the shuttle Discovery which will be completing its stint as a flying shuttle soon, but also to Mr. Robert McCall, longtime artist for NASA:

The STS-133 mission patch is based upon sketches from the late artist Robert McCall; they were the final creations of his long and prodigious career.

For additional information including an explanation of the imagery, please see the NASA Spaceflight website.

Posted in Space.

Tagged with , , .


National Park Week 2010

National Park Week will run from April 17th through the 25th this year.  Entrance to all 392 national parks will be free for that week, so now is the time to start finalizing plans for that great expedition.  Throw on the backpack and mosey on down a few miles of trail, or break out the Trek Light Gear hammock and cosy up to a couple trees for some R&R time amidst the sounds of nature.

Posted in Hobbies.

Tagged with , , , .


Happy Pi Day

For those who understand such things: Happy Pi Day.  I rarely jump on the bandwagon of all of the various X-days that have come and gone recently or which are coming, e.g. 10/10/10, but since Pi is such an interesting beast, it just needs to be celebrated on its day.  Question is: How does one properly celebrate Pi Day?  Sit down with your favorite math book?  Hug a math nerd?

Anyway…  I really like some of the other suggestions for Pi Day proposed on the Real Pi Day site.  Hopefully a consensus will be reached and banks and government employees can begin to have a day off in honor of the holiday.  And in case anyone is listening, I vote for the day/time when the sun has travelled 1/pi from perihelion.

Posted in Science.

Tagged with .


Congrats to the Brother

Craig on WRALCongratulations go out to my brother who was named national Technician of the Year by the E9-1-1 Institute.

More information appears in this story on the WRAL website.

Love the quote: “Through his leadership, the emergency communications IT team and the communications-electronics maintenance shop have made great strides toward enhancing the reliability and affordability of a wide variety of technology,” Furey said.

Now I’ll probably need an appointment to talk to him on IRC.

Posted in Life.


Ubuntu: Ten Minute Apache mod_authn_yubikey Install

YubiKey

The YubiKey, from Yubico is a small USB device which is about the size of a small flash drive, and which emits OTP strings when the button is depressed.   The device can also be reprogrammed to offer static passwords and the new 2.0 version has a very handy management application available.  The device is compatible with most recent *nix and Solaris installations, as well as MacOS and Windows.

Since receiving mine, I have tested it via several available PHP implementations, and other interfaces, e.g. the Wordpress plugin and the LastPass integration.  Last night, I found a site which offers an Apache HTTP Server module for use with the usual Basic authentication.  Since I wanted to use it on a production server without build tools installed, I first compiled it on a test server, and then copied the necessary files to the production box.  The following are the steps I used to build and enable it.

Install the prerequisites (assuming build-essential is already installed)

  1. $ sudo apt-get install apache2-threaded-dev libcurl3 libcurl4-openssl-dev

Download, unpack and build:

  1. $ wget http://mod_authn_yubikey.coffeecrew.org/authn_yubikey.tar.bz2
  2. $ tar jxf authn_yubikey.tar.bz2
  3. $ cd authn_yubikey/
  4. $ apxs2 \
  5. -DYK_PACKAGE=\\\"mod_authn_yubikey\\\" \
  6. -DYK_PACKAGE_VERSION=\\\"0.1\\\" \
  7. -I. -Wc -c -lcurl mod_authn_yubikey.c libykclient.c libykclient.slo mod_authn_yubikey.slo

If all has gone according to plan, the module object now exists in the .lib (dot lib) directory.  If necessary, scp it to your server and continue.

Note: The following layouts are based on an Ubuntu installation, you may need to put the library where your system expects to find it.

Copy module to required directory:

  1. sudo cp .lib/mod_authn_yubikey.so /usr/lib/apache2/modules/

Create the basic files to allow the module to be enabled/disabled using the normal Ubuntu functionality:

Module load file (/etc/apache2/mods-available/authn_yubikey.load)

  1. # /etc/apache2/mods-available/authn_yubikey.load
  2. LoadFile /usr/lib/libcurl.so.4
  3. LoadModule authn_yubikey_module /usr/lib/apache2/modules/mod_authn_yubikey.so

Basic module config file:

  1. # /etc/apache2/mods-available/modules/authn_yubikey.conf
  2. <IfModule mod_authn_yubikey.c>
  3. AuthYubiKeyRequireSecure Off
  4. </IfModule>

Since this module works in a similar manner to the standard Apache Auth packages, create a htpasswd file, adding a user with key id ‘abcdeffedcba’ (first 12 characters emitted by the YubiKey), username ‘jsmith’ and password ‘mypass’. The ‘-s’ uses SHA instead of crypt():

  1. $ cd /etc/apache2
  2. $ mkdir conf
  3. $ cd conf
  4. $ htpasswd -csb conf/ykUserDb abcdeffedcba jsmith:mypass
  5. $ touch conf/ykTmpDb && chown www-data conf/ykTmpDb

Now just pick a directory or location to protect, and add a basic config section to the appropriate Apache config file:

  1. <Location /supersekret>
  2. AuthType Basic
  3. AuthBasicProvider yubikey
  4. AuthName "Please log in using your YubiKey"
  5. AuthYubiKeyTimeout 30
  6. AuthYubiKeyTmpFile conf/ykTmpDb
  7. AuthYubiKeyUserFile conf/ykUserDb
  8. AuthYubiKeyRequireSecure On
  9. AuthYubiKeyExternalErrorPage Off
  10. Require valid-user
  11. </Location>

Note: The ‘AuthYubiKeyRequireSecure On’ ensures the only SSL (https) connections are allowed. Turn that off to use standard http.

That’s it, now just enable the module and restart Apache:

  1. $ sudo a2enmod authn_yubikey
  2. $ sudo /etc/init.d/apache2 restart

For additional information regarding the use and configuration of the module, please check the the mod_authn_yubikey website – http://mod_authn_yubikey.coffeecrew.org/.

Many thanks to Jens Frey, the author of the plugin for his quick response to my request for clarification on a few points.

Posted in Linux.


Twitter + ttytter + perl + Prowl = iPhone Push Goodness

Version 3.0 of the Apple iPhone OS now allows push notifications.  However, for security reasons (presumably), Apple requires that push notifications must flow through their server, and are only allowed to be delivered to native applications. 

Prowl is a new application which allows notifications to be pushed to the iPhone from applications like Growl for Windows or Macs.  Fortunately, the developer has also implemented an API so that one can easily submit push notifications from virtually any programming language which is able to talk to it via the web.

So what?  Well, as I am a big fan of Twitter, I follow enough people that I am often unable to keep up with the flow of tweets.  I had resorted to following the most important posters via RSS, but now I am able to follow their accounts and have any posts they submit pushed to my iPhone as a notification.

Continued…

Posted in Linux.


IPv6 Difficulties

Until my VMware server machine crashed, I had a pair of IPv6 tunnels running for many months out of a pair of virtual machines.  One was Ubuntu Hardy with a tunnel to Sixxs.net, the other an OpenBSD machine with a tunnel to Hurricane Electric’s Tunnelbroker service.

Wanting to get back into the IPv6 address space, I installed the aiccu client on another server and configured it for my Sixxs tunnel.  This worked out of the box, but within about 36 hours it stopped working.  Most frustrating was the lack of any errors in any logs and restarting the service had no effect.  The tunnel interface was created with the correct IP, route showed all the correct routes, and I could ping the IPv4 address of my assigned PoP (uschi02).  Then, strangely, about two hours later things started working again.  Until this morning…

I awoke to find that the tunnel had again dropped overnight, and as before, nothing I do seems to be able to get the tunnel working again.  The Sixxs website indicates that the PoP is up and talking to other PoPs.

So, since I also have a tunnel from Hurricane, I gave another machine a static IP and added the necessary information to /etc/network/interfaces:

#  Hurrican Electric IPv6 Tunnel
auto he-ipv6
iface he-ipv6 inet6 v4tunnel
endpoint <your_assigned_IPv4_server_endpoint>
address <local_IPv6_tunnel_endpoint>
netmask 64
mtu 1480
up ip -6 route add 2000::/3 dev he-ipv6

From this point, I restarted the network service:

sudo /etc/init.d/networking restart

et voila! The tunnel was up and pingable. So I guess I will stick with the HE service for now, though if anyone has any ideas as to what the issue with Sixxs might be (when using Ubuntu Intrepid and aiccu / AYIYA), please let me know.

Posted in Linux.

Tagged with , , .


SpaceX experiences anomaly during launch

SpaceX have experienced what they are calling “an anomaly” during tonight’s liftoff of their Falcon I system.  Early tweets on the topic indicate that there was an issue during tank separation which caused the rocket to explode.  This has not been confirmed, but given the sudden loss of video from the launch vehicle, and the even more sudden termination of their webcast, it is not out of the realm of possibility.

Hopefully they have good data to help prevent this in future launches.

Posted in Space.

Tagged with , , .


Embarq Customer Service: FAIL

This is why customer service personnel should 1) be located in the country whose population they are serving, or at least 2) human, awake, and able to respond to requests from potential customers.

I am online tonight shopping for a local land-based telephone service.  After spending twenty minutes looking around the Embarq website at their various plans, I still have not found out how they define “local” as in “Local phone service” which is included in their basic package.  I know, it should be in the FAQ section, or somewhere else linked directly from the page describing that as included in that package, but it is not.

So I find their Customer Service page and, conveniently, they have a Sales Chat link.  I fill in my question, and submit it.  This is what follows:

Scott Schulz
Initial Question/Comment: Looking at your service, but unable to find out what constitutes Local service. How is that defined?

6:19:08 PM System System
Jill @ EMBARQ has joined this session!

6:19:08 PM System System
Connected with Jill @ EMBARQ

6:19:08 PM System System
Phone Number: 919xxxxxxx

6:19:08 PM System System
Hello, thank you for contacting Embarq Customer Service. Please give me one moment to pull up your account information.

6:19:21 PM Customer Scott Schulz
I do not yet have an account

6:22:33 PM AgentJill @ EMBARQ
Can I please verify you on the account with the last four digits of your social security number or the password on your account?

6:22:46 PM Customer Scott Schulz
I do not yet have an account

6:27:08 PM Agent Jill @ EMBARQ
It seems that you have been idle for more than two minutes. I apologize for any inconvenience, but if there is no response in the next 2 minutes, this session will end. Thank you for your cooperation.

6:27:34 PM Customer Scott Schulz
I do not yet have an account, I am shopping for one

Jill @ EMBARQ
Thank you for connecting with Embarq! If you require further assistance, feel free to contact us again. You may chat live with an Embarq agent 8am to 8pm Eastern time Monday through Friday and 11am to 8pm Eastern time on Saturday. In a moment, you will be asked to take a short survey to rate your satisfaction with Embarq. Your feedback is important to us and we would appreciate you taking the time to respond. Have a great day Scott!

6:29:58 PM System System
Jill @ EMBARQ has left this session!

6:29:58 PM System System
The session has ended!

So much for pre-sales support… and so much for using Embarq as a carrier.

Posted in CustomerNoService.

Tagged with , , .


Ubuntu Hardy: The 10 Minute git Install

Since updating my laptop to Hardy Heron I had not yet installed an update git, so I thought it would be a good time for that:

Install the usual prerequisites:

sudo apt-get install curl libcurl4-openssl-dev libexpat1-dev

Fetch, unpack, and build:

wget http://kernel.org/pub/software/scm/git/git-1.5.5.3.tar.bz2

tar jxf git-1.5.5.3.tar.bz2

cd git-1.5.5.3

make prefix=/usr all

Unfortunately, at this point I got an error I had not seen on prior installs:

* tclsh failed; using unoptimized loading
MSGFMT    po/de.msg make[1]: *** [po/de.msg] Error 127
make: *** [all] Error 2

A little snooping brought me to this site.  While I’m sure that his method works, it seems a bit extreme to hand-build all of the listed packages.  Fortunately the answer to my problem was there:

sudo apt-get install gettext

After installing gettext, re-running ‘make prefix=/usr’ completed as expected.  After it is built, it is a simple matter to install all of the new goodness:

sudo make prefix=/usr install

Running ‘git version’ should return the newly installed version.  If you want to track the development version, you can now use this installed version of git to check out the devel repository and build it using the same steps.

Posted in Linux, Software.

Tagged with , , .