Right now, it’s a good idea to check for FreeBSD bash port updates daily

If you haven’t heard about the bash “shellshock” bug yet, it may be time to peek out from underneath the rock you’ve been under ;). While bash isn’t installed as standard on FreeBSD, there’s a very good chance that someone either installed it because it’s their preferred shell or because one of the ports lists it as a dependency. Either way, now would be a really good time to check if your machine has bash installed if you haven’t done so already. Go on, I’ll wait.

Anyhow, right now you really need to check for updates on the bash port on a daily basis as the updates are coming in at a pretty furious rate. I’m guessing we’ll be back to normal pretty soon, but right now with exploits already in wild, your server will need some extra grooming.

Of course the other, simpler option is to uninstall bash, unless one of the ports you are using has it as a dependency…

How to make a self-signed SSL certificate work with Windows RT’s Mail App on a Microsoft Surface RT

Long title, I know…

I was trying to get Windows RT’s Mail App to access the email on my own server. The server uses IMAPS with s self-signed certificate as I only want SSL for it encryption and don’t really need it for authentication purposes as well. As long as it is the correct self-signed certificate I’m happy.

The Mail app however rejects certificates that weren’t signed by a trusted authority and doesn’t offer an obvious exception mechanism (like Thunderbird or Apple Mail) that circumvents the need for a trusted certificate. The original Mail app that came with my surface also displays only a very cryptic error messages, but the latest update from earlier this week correctly suggests that one needs to add the self-signed certificate to the certificate storage in order to get Mail to recognize the certificate.

In my case the saving grace is that I use the same cert to secure the webmail access so IE can easily access the certificate. However as Joe User, you can’t add another certificate to the certificate store – you have to be Administrator to be able to add a certificate and I initially couldn’t find an obvious way to run IE as Administrator.

The trick turns out to be that you have to run IE from the desktop (yes, the Surface RT has a standard Windows Desktop, too). The easiest way to get there is to run IE from the ’tile’ UI, pull up the bottom menu and select ‘view on desktop’ from the settings icon menu. Once you are on the desktop, right-click (two-finger click on the ZX81 keyboard cover) on the IE icon. Bummer, no ‘Run as Administrator’ menu entry. However, there is an entry in this menu that says ‘Internet Explorer’. Right click/two finger click on that one and you get ‘Run as Administrator’. I fired up IE as administrator and the buttons to install the certificate were no longer greyed out.

At this point there was one last hurdle to climb over – if you let IE determine where the certificate is saved, Mail still does not recognize the certificate. You have to install it in ‘Trusted Root Certification Authorities’. And now, I can finally read my email on my Surface RT. Just be aware of the security implications of doing so as your certificate can now act as a root certificate for other certificates. Of course, you could simply get a ‘real’ certificate and not have that sort of security issue.

The above worked for me because I use the same certificate for two purposes. If you can’t simply access the certificate via a browser you’ll have to download the certificate onto your machine as a file and then use certmgr to import it. Again, you’ll most likely will have to run certmgr as Administrator as it won’t allow file operations otherwise.

That’s another warranty voided, then

Last night I did something I was adamant I wasn’t going to do, namely rooting my Android phone and installing CyanogenMod on it. Normally I don’t like messing with (smart)phones – they’re tools in the pipe wrench sense to me, they should hopefully not require much in the way of care & feeding apart from charging and the odd app or OS update. Of course, the odd OS update is can already be a problem as no official updates have been available for this phone (a Motorola Droid) for a while and between the provider-installed bloatware that couldn’t be uninstalled and the usual cruft that seems to accumulate on computers over time, the phone was really sluggish, often unresponsive and pretty much permanently complained about running out of memory. So far it appears that updating the OS and only installing a handful of apps that I actually use as opposed to the ones that I supposedly “need” has resulted in a much better user experience.

The whole process was comparatively painless, which I really appreciated. The biggest hurdle was getting the clockworkmod recovery image onto the phone. I ended up rebooting the Mac into Windows and install it via the Windows tools. Other than that, the installation went smoothly and didn’t leave me with a bricked phone so I’m happy with that part.

Why the effort, given my dislike for hacking smartphones? Well, for starters I can squeeze a little more life out of the phone. I’m eligible for an upgrade but thanks to Verizon’s shenanigans, sorry, added hoops (and added expense) required to jump through if you want to keep a grandfathered unlimited data plan, I don’t feel particularly compelled to spend money on a phone, especially if I have to pay full retail for an upgrade. I’m also not that big a fan of Android (I admit to preferring iOS) so I’m currently waiting on how the whole “unlocked iPhone” saga will play out with the iPhone 5. If I have to pay retail for a phone – any phone – I might as well use that as leverage to reduce the overall phone bill.

In the meantime I’ll see how I like the “new” Droid and better get used to occasionally reinstalling the OS on a phone, thus reminding me of the quip that Android truly is the Windows of smartphone OSs.

Moving to a multi-VHD Windows installation to separate work and personal data

I had been thinking about setting myself up with a way to work from home in a disconnected fashion. Most of the places I’ve worked at in the past required me to remote into the work desktop, which is a good idea if both sides have 100% uptime on their network connection and no issues with them being affected by adverse weather. Which in reality means that the connections tended to be unstable if the weather dictated that one really, really wanted to work from home on a particular day because snowfall was horizontal, for example. My current employer is more enlightened in this matter so my suggestion of locking all the necessary tools and source code inside a VM that would allow me to work from home even if the Internet connection was unavailable at either end was given the go ahead. Given that my desktop here is plenty powerful for most development tasks (it’s an older Intel Mac Pro with dual Xeons), this should be an idea solution.

Only, with the VM software I was trying out, the virtualised disk throughput was lacking a little. The product I’m working on uses Qt and it took a day to build the commercial version of 4.7.4 inside the VM, with one of the Xeons allocated to VM duty. Oops. Some more digging pretty much confirmed that the main issues was the disk throughput or lack thereof. At this point I came across Scott Hanselman’s article on how to boot Windows off a VHD. My understanding is that Bootcamp only supports booting of a single Windows partition so this sounded ideal to me – just put a VHD with all the tools and the source code on the boot partition I already have, then boot from the VHD if I need to. Donn Felker’s blog entry on booting off a VHD on a Bootcamp’d Mac added the one missing piece of information, namely that one should ignore the warning from the Windows 7 installer that the disk (VHD) you’re about to install on isn’t support and that there might be driver issues. Just go ahead and do it anyway.

After the installation and dropping all the tools on the VHD – I’m getting a little too familiar with the Visual Studio installer by now – Qt built pretty much in the expected time and the project itself can also be build within a reasonable amount of time. My guess the build is 5%-10% slower than on the work machine, but the work machine is building on an SSD and obviously hasn’t got a virtualised hard disk to deal with either. On the other hand my own machine has the benefit of 8 real cores.

Why all the effort? I don’t like mixing work projects and my own stuff, for starters. If I can lock work into a VM or at least some kind of a sandbox, there’s less of a chance of accidental cross-pollination between the two and no licensing headaches either. The latter is especially important to me as there are some software licenses that are “duplicated” in the sense that I have both a work and a personal license. And of course there’s the little detail that the work VM data can simply be destroyed by deleting the VM/VHD if it proves necessary.

Even though I did originally intend to only set up a single VHD for work purposes and keep all the personal software and data on my main disk, I’ve ended up creating a second VHD specifically for a couple of car racing simulators that I use (iRacing and rFactor). I’m not a big gamer but I do like track driving in the real world and using the simulators tends to help with familiarising yourself with a track, plus it helps in the off season, too. iRacing had a bit of a problem with the various bits of security software I have installed on my main Windows and given that I had a spare license anyway, it made sense to put it in its own “virgin Windows” sandbox. No issues since. Well, none related to the software…