Category: Technology

This took me a while to fig­ure out yes­ter­day, so in the hopes it helps someone else (or reminds me of the solu­tion when I need to solve the same prob­lem again).

The symp­tom: Mail.app on my Mac laptop is send­ing email with the wrong “From” head­er, even though I’ve chosen the right account to send it from, and the email in the Sent folder has the right email address in the From header.

The back­ground: my major cli­ent com­pany wants me to start using their email address for work I do for them, which seems com­pletely reas­on­able to me. For vari­ous reas­ons, how­ever, I need to keep using the Google SMTP serv­er that I have for my Tex­tu­al­ity email to send the mail (SSL cer­ti­fic­ate stuff that I have no con­trol over being the main reason). 

The solu­tion: as far as the Google SMTP serv­er is con­cerned, you need to prove you own the email address that’s in the From head­er, or it will simply sub­sti­tute the email address that it does know that you own (in my case my textuality.com email address). To authen­tic­ate, and thereby allow the Google SMTP serv­er to use the oth­er email address as the sender email address, log in to the browser inter­face of your Google email account (wheth­er GMail or a Google Apps account). Click on the “Set­tings” link (should be top right). Click on the “Accounts” link. In the “Send mail as:” sec­tion, click on the “Add anoth­er email address you own” link. The help inform­a­tion on this does­n’t make it clear that this sec­ond­ary email address can be any email address, served through any sys­tem. It does­n’t have to be a Google account, it just has to be an address you receive email at. You won’t be pick­ing up that email using the Google sys­tem unless you also set up some­thing in the “Get mail from oth­er accounts:” sec­tion, which is not some­thing I wanted to do. Then, fol­low the instruc­tions. Google will send email to your sec­ond­ary address as a simple authen­tic­a­tion (veri­fic­a­tion) pro­ced­ure. Click on the link in the email, or fol­low the oth­er instruc­tions. Then hey presto, the Google SMTP serv­er will allow you to send your email using your sec­ond­ary email address as the “From” sender. And people reply­ing to it will send the email to the right account.

The prob­lem du jour is one that I’m sure lots of people have run into, and one in which the stand­ard answer is for every­one to stand­ard­ize on one tool. Since I have this propensity for stand­ards that mean people can choose the tools they want, I don’t really like that atti­tude, even if I under­stand the “I just want to get some work done” prin­ciple behind it.

In short, I don’t use Out­look. Lots of people do, and they want me to share my cal­en­dar with them to make it easi­er to book meet­ings. Fair enough, in this one com­pany almost every­one uses Out­look. I use Google cal­en­dar, which can share in a num­ber of ways, and get­ting a basic ICS file from point A to point B is not an issue. What is the issue is the pri­vacy angle, or free/busy set­tings. Since I have dif­fer­ent cli­ents, and dif­fer­ent pro­jects, when I pub­lish my cal­en­dar on a site for cli­ent A, they should­n’t see the titles of the times I have booked for cli­ent B, or for my private appoint­ments. They just want to know when I have free time, any­way. Should be easy, right? Just set the Google cal­en­dar shar­ing options to show only free/busy, down­load the .ics file that’s gen­er­ated and upload to the appro­pri­ate serv­er, right? Wrong. Google cal­en­dar saves free/busy using the VFREEBUSY com­pon­ent. Microsoft Out­look does not import or export VFREEBUSY com­pon­ents, thus when it tries to open that .ics file it throws an error. 

I guess I could install Out­look and use Google/Outlook syn­chron­isa­tion, but I also have a Mac laptop and don’t really feel like buy­ing mul­tiple cop­ies of pro­grams just to share a cal­en­dar. Next thought: maybe iCal on the Mac will pub­lish the info cor­rectly. I import the ICS file into iCal, set it to pub­lish to the web­dav serv­er, make sure I leave off all the title and note info, only to find that what is still pub­lished is the LOCATION info, which con­tains all sorts of things like who’s call­ing whom, where the meet­ing is, etc. Thus it’s not exactly just the free/busy info I was look­ing for, des­pite what the help file says.

At this stage I guess I’m look­ing at pro­gram­ming some­thing to take the Google ICS and get rid of the inform­a­tion I don’t want pub­lished. It seems a little silly that I can­’t read­ily share a free/busy sched­ule between sys­tems that sup­posedly are set up to allow sub­scrip­tions to oth­er people’s cal­en­dars, so I’m won­der­ing what I’m missing.

Update Sep 20: hav­ing calmed down a bit over the week­end, I looked at the ics file that Google Cal­en­dar cre­ates with the free/busy, and com­pared to the usu­al ics file. The solu­tion is to find and replace “VREEBUSY” with “VEVENT”. Upload that edited .ics file to the cli­ent’s Web­Dav serv­er, prob­lem solved. OK, it isn’t auto­mat­ic, but my appoint­ments don’t change that fre­quently. And when I have a few spare moments I’ll script it. 

For small com­pan­ies, like my one-per­son con­sult­ing shop and many of my cli­ents, using Google Apps is an obvi­ous solu­tion to the prob­lem of email and shar­ing doc­u­ments and cal­en­dars. The stand­ard edi­tion is usu­ally enough, which makes it free as well. So far email also seems to be delivered more quickly than through my old web­site host.

The most com­plic­ated part of set­ting up Google Apps is con­fig­ur­ing the DNS cor­rectly; that’s the sub­ject of anoth­er post. The most con­fus­ing part of using it, how­ever, con­tinu­ally bites and until Google fixes it (and I can­’t ima­gine they’re not aware of the prob­lem), will con­tin­ue to annoy. 

Here’s the issue. I signed up for a Google account (docs, primar­ily) using my stand­ard email address. Then I set up a Google Apps account for Tex­tu­al­ity where I have the same email address, and a Google Apps ver­sion of doc­u­ments, cal­en­dar, etc. I now have two Google accounts with the same email address, dif­fer­ent pass­words, dif­fer­ent URLs to log into at, and they show dif­fer­ent con­tents. If someone shares a doc­u­ment with me using my stand­ard email address, it some­times shows up in the non-Apps account, and some­times in the Apps account, and occa­sion­ally in both. I have yet to fig­ure out the algorithm by which the Google doc­u­ments shar­ing mech­an­ism decides which account (with the same email address, remem­ber) gets which document.

I’m sure (or at least hope) that Google will fix the prob­lem even­tu­ally. In the mean­time, it’s some­thing to be aware of.

After I wrote my piece about mod_security, the people at Packt Pub­lish­ing offered me a copy of their book Mod­Se­cur­ity 2.5, with the pro­viso that I review it. This soun­ded like a reas­on­able idea to me.

Over­all, I would recom­mend the book to people who are run­ning Apache and need to know more about rel­at­ively simple ways to add secur­ity to their web sites. The book motiv­ates the use of mod_security and con­vinced me that any­one host­ing a web site should have it installed, ready to deal with any prob­lems you encounter. The book goes through com­mon scen­ari­os and what mod_security can do to deal with them, includ­ing recent events such as an attack on Twit­ter in April 2009. All the examples are explained clearly, and the rule con­fig­ur­a­tions will look famil­i­ar if you’ve had some prac­tice writ­ing either Rewrit­eEn­gine dir­ect­ives or httpd.conf vhost con­fig­ur­a­tions. It also shows how to send alert emails or count the num­ber of times a file has been down­loaded, which I thought were nice additions. 

As is the case with any secur­ity sys­tems, there are lay­ers upon lay­ers of things you can do, and the book includes quite a few that I think are overkill unless you sus­pect you’re being tar­geted for some reas­on (such as fin­an­cial or con­tro­ver­sial sites). If you do have one of those sites, the chapter on block­ing com­mon attacks alone could save a lot of pain. Many of the com­mon attacks are covered (SQL injec­tion, XSS, etc.), along with ways to com­bat them. 

The book includes instruc­tions on installing a couple of GUI tools to help mon­it­or incid­ents; I did­n’t have time to install all of these giv­en the OpenSolaris/Linux dif­fer­ences and it’s less import­ant for me giv­en the fact I’m not run­ning sites that are likely to be attacked (my high-band­width sites are on com­mer­cial host­ing). If you’re run­ning import­ant web sites, you’d prob­ably want to set up these tools to work prop­erly to save hunt­ing through log files yourself.

I tested a few things out on the OpenSol­ar­is box in the base­ment; get­ting it installed was a little dif­fer­ent to the book (which is writ­ten mostly assum­ing a Linux web stack).

mod_security is installed with 2009.06 ver­sion of the OpenSol­ar­is web stack, but not act­ive. To activ­ate: pfexec cp /etc/apache2/2.2/samples-conf.d/security2.conf /etc/apache2/2.2/conf.d/security2.conf. Restart the serv­er with svcadm restart apache22 and check that mod_security is installed by see­ing if the logs are avail­able under /var/apache2/2.2/logs. You can also check if the mod­ule is loaded by cre­at­ing and execut­ing a phpinfo file.

One of the annoy­ing things about mov­ing to the 64-bit Win­dows 7 is that Palm decided not to sup­port USB syn­chron­iz­a­tion. Since my phone/PDA is a Treo 680, that’s a nuis­ance. In the­ory, I can sync via bluetooth. In prac­tice, it’s not as easy as it used to be.

First off, I had to get a bluetooth-USB dongle to use with my desktop PC. I plugged it in, Win­dows found it and installed the driver. That much worked. The page linked to above shows the steps to go through to enable the bluetooth syn­chron­iz­a­tion with the Treo; fol­low­ing those steps worked just fine (although s‑l-o-w-l‑y) the first time. And then it stopped work­ing, with an error mes­sage “unable to ini­ti­ate hot­sync oper­a­tion because the port is in use by anoth­er application”.

I tried unplug­ging the bluetooth device, dis­abling it, noth­ing worked. I then fool­ishly installed the soft­ware that came with the device, which was a bad mis­take, as it made everything bluetooth-related stop work­ing. And even though I tried to unin­stall it after­wards, noth­ing worked.

I used Glary util­it­ies to clean the registry, it found a lot of entries that CCle­an­er, my pre­vi­ously favour­ite registry clean­er did­n’t. Res­ult: sup­posedly a clean­er registry, but no joy on the bluetooth device settings.

Pok­ing around on the web uncovered this, and since web­sites have a habit of dis­ap­pear­ing, tak­ing their use­ful inform­a­tion with them, I’m going to take the liberty of rewrit­ing the sali­ent points here.

Unplug the device. Go to the con­trol pan­el, then search for “ser­vices”. From the Ser­vices win­dow, browse the list of ser­vices and find the Bluetooth Sup­port Ser­vice, and double-click the entry. Select Auto­mat­ic from the Star­tup type and then click OK. Plug the device back in.

This at least meant that I could access the set­tings on the bluetooth device, which was an advance, even if I still could­n’t hot­sync. In the end, I dis­covered that if I added anoth­er couple of COM ports, that the Treo would hot­sync. Slowly, of course. And the next time I wanted to sync, I had to delete all the COM ports that the bluetooth dongle knew about, and add another.

My next phone/PDA will come from a com­pany that does allow USB syn­chron­iz­a­tion. On present form, it looks like it won’t come from Palm.

After the pre­vi­ous set of Win­dows 7 adven­tures, I dis­covered that the box I bought does­n’t sup­port hard­ware-assisted vir­tu­al­isa­tion, which is needed for the Vir­tu­al XP mode. Option 2 for the scan­ner: try out a sep­ar­ate applic­a­tion called VueS­can, which claims to sup­port a large num­ber of scan­ners. Except for, this pro­gram needs the Can­on scan­ner drivers to first be installed. Which don’t exist. On to the next attempt: install Vir­tu­al Box, and put Win­dows XP on that as a vir­tu­al machine. The prob­lem with this was that the USB port kept claim­ing it was busy, and none of the vari­ous tips I found worked. Ver­dict: I could­n’t find a way to sup­port the Can­on 3000F scan­ner under Win­dows 7 64-bit, and will have to use my old XP laptop as a scan­ner driver until I have suf­fi­cient motiv­a­tion to buy a new scanner.

Mind you, installing the vir­tu­al­box + Win­dows XP combo ended up being use­ful any­way. Quick­Books 2003 installs, but does­n’t run, under Win­dows 7. I gath­er that even the latest ver­sions of Quick­Books have issues with Win­dows 7, so I simply installed the one I have in the Win­dows XP vir­tu­al machine. There was a bit of fid­dling involved in mov­ing data around, that involved installing the vbox guest addi­tions and set­ting up shared folders, but in the end it all worked. I sus­pect more than a couple of pro­grams will end up in that vir­tu­al machine.

Over­all, I prob­ably spent close to a week of work time set­ting up my work envir­on­ment to be more or less where I was before my old PC died. It’s obvi­ous they bor­rowed quite a bit from the Mac OS X envir­on­ment, includ­ing hid­ing some of the use­ful func­tions. The menus fad­ing in and out were start­ing to make me sea-sick until I found out how to turn that off (Con­trol Pan­el -> Sys­tem and Secur­ity -> Sys­tem -> Advanced -> Per­form­ance Set­tings). I’m sure I’ll find more issues as I get more used to the envir­on­ment, along with more pro­grams that won’t install or work. For­tu­nately cyg­win does work under Win­dows 7, along with Office 2003 (which I need for cli­ent compatability).