Posts filed under Annoying

iMac 1TB Disk Went Missing in Action

It's been three weeks exactly (well, almost), and my new iMac i7 27" went to the repair shop.. (*sniff*).

The iMac booted normally this morning, but after a couple of minutes, the fans started kicking in. A new sensation for me. I have never heard a fan in this, or my other (i)Macs. At first I thought that my external drive (Drobo) started making the noise, but the Drobo was silent.

Turned out the fans in my iMac started blowing (hard), and the airflow was relatively warm. Too warm for a Mac which has been switched on for about 10 minutes with no real CPU intensive tasks running.

First I checked the Activity Monitor and 'Top' in the Terminal app to see if there was some program that consumed too many CPU cycles. Nothing there. On average, the CPU was 3% busy.
Next thing to do was resetting the PRAM/NVRAM by holding the Option-Command-R-P combination during a power-on of the iMac. This also made no difference (booting went a bit faster though).

Read more …
Posted on December 6, 2010 by Willem and filed under Annoying, Apple, No Way!!!, Personal and tagged 27 inch broken center harddisk iMac kaput leliveld service.

Microsoft Office 2008:Mac - Office did not install correctly

Come on.... it isn't even Monday. It's Friday for crying out loud.

What happened you ask? Well.....

I got an e-mail with a XLS file attached (I know.. shit happens). So I tried to open it, but I got a reminder that I hadn't (re)installed Office 2008 on my new iMac. But not to worry. I have the official Microsoft Office 2008 DMG (with matching serial number) on my Drobo, so the installation was done in a matter of minutes.

This is when it happened. Starting office resulted in this error: "Office did not install correctly". It even had a link to a Microsoft article explaining I needed an update. But the update wouldn't install since it was for OSX 10.4 (or something). Installing the latest update didn't solve it either.

Well, remove Office and reinstall it then... That didn't work either. Still the same error.

Searching the Interwebs resulted in a suggestion to remove everything Microsoft from the Mac.... And so I did. Especially the locations like:

/Library/Preferences/
~/Library/Preferences/

should be free of everything Microsoft. After trashing the Trash I reinstalled Office 2008. This time I was asked to enter my name and serial number. Something that didn't happen the first times. Then it occurred to me; I had copied my preferences (and other settings) when I migrated from my old to my new iMac. I guess that Microsoft doesn't support that.

It would have been nice if they had an option in the Removal Tool (which they generously supply) to remove EVERYTHING. I think that they didn't forget it. I think that this is by design. Just to screw with us Mac user.

Posted on December 3, 2010 by Willem and filed under Annoying, Microsoft, Personal, Software, Tips'n Tricks and tagged 2008 Installation Office failure.

iMac with Multiple Monitors

One can not have enough screen "real-estate" when working with photos, or while exploring your web-development skillz. So, a single display is simply not an option in my case......

Next to my 27" iMac stands a Dell 24" TFT Display. This Dell display is being abused for two things;

  1. extended display for my iMac, and
  2. as a main monitor for my (Windows) work laptop

using the input selector on the TFT display.

Since I'm a guy and I rock at multitasking (*cough*), I have both my Windows (work) laptop and my iMac powered on. In this scenario I have only one active display on my iMac. The second display should therefor not be used, and this is where Apple fails miserably.

Read more …
Posted on December 1, 2010 by Willem and filed under Annoying, Apple, Software, Tips'n Tricks and tagged SwitchResX display fail multiple.

Chinese Government Shows 'Interest'

It's no surprise that a lot of cyberattacks originate from the the 'excellent' People's Republic of China. Some of these attacks are funded by or even originating from the Chinese government. Well, the latter is definitely true.

My (private) ssh server is a point of interest to the Chinese government, since they are trying to get in.

Every couple minutes a possible break-in entry is recorded in my logs. I guess that they decided not to hammer the front door, in order to evade automatic blacklisting of the originating IP.

reverse mapping checking getaddrinfo for mail.zdpri.gov.cn [218.108.28.189] failed - POSSIBLE BREAK-IN ATTEMPT!

I checked the IP and it seems to host the web-mail for the Zhejang prov. Development Planning & Research Institute [1].

I guess it's time to tighten the timers on blacklisting.....

B.t.w. The reporting on the IP was provided by Splunk. Excellent tool for digging in logfiles and reporting.

Posted on November 18, 2010 by Willem and filed under Annoying, Security and tagged Splunk blacklisting chinese government sshd.

Comment Spammers Do Research

Lately, the comment spam rose exponentially. The is done by automated scripts, usually from compromised PC around the world. This way the original spammer will remain anonymous.

The last couple of days I noticed weird search queries (Google search referrers) in my logging;

Looks like someone (probably in the Hong Kong area) is searching the Internet for specific blogs (I guess SquareSpace blogs looking at the query) that contain certain words / fiels, indicating that commenting is allowed. These keywords match 100% with the field / words in and around the blog comment area. Shortly after these searches, the comment spam came pouring in.

At the moment, the only remedy against these spam comments is to screen every newly submitted comment by an editor, since the automated spam detection on the Squarespace platform is basically worthless. Too bad, since they rock at everything else.

Posted on September 17, 2010 by Willem and filed under Annoying, Website and tagged Squarespace comment research spam.

Microsoft Cryptographic Store and Passwords

We've been experimenting with with the use of user certificates for VPN access to the lab. Issuing, and using them isn't the problem. The problem is that there's no way of enforcing a password on the use of the private key. You can use private key protection on the certificate template, but that still doesn't enforce a password requirement. The user still has the option to choosing for the notification instead of a password.

Certificate Template - Request Handling OptionsThere's an option to enforce a password, but that's system wide for the Microsoft Cryptographic Service Provider, and we don't want to enforce passwords for ALL certificates. We just want to enforce passwords for this specific template.

Read more …
Posted on August 12, 2010 by Willem and filed under Annoying, Microsoft, Security and tagged CSP certificates.

OS X Kerberos / Open Directory Logging

Ever since I switched to OS X server at home I use Splunk> to see what's happening 'underneath the hood'. This revealed that there's a lot (really a whole lot) of Kerberos logging going on. Each and every day I get thousands of log entries regarding krb5kdc which results in over 1 million log entries only for krb5kdc in little over a week.

These syslog messages only contain the following 'text';

krb5kdc[16179](debug): routing msg not interesting
krb5kdc[16179](info): got routing msg type 5(RTM_LOSING) v5
krb5kdc[16179](info): routing socket readable

Looks like that the debugging level is set to debug (why??). And why can't we change it? Others seem to have this problem as well.

Looks like that the following command seems to work:

sudo defaults write /Library/Preferences/DirectoryService/DirectoryServiceDebug "Debug Logging Priority Level" FALSE

After entering that 1 line I haven't seen any new logentries in the kdc logs. More info on that command can be found @ Apple.

Nevermind......

Posted on July 22, 2010 by Willem and filed under Annoying, Apple, Operating Systems and tagged krb5kdc logging.

Slow Open Directory on OS X Server

Ever since I've been playing with my Mac mini with OS X server 10.6.4 I have had on-and-off problems in the authentication/Open Directory area.

  • Some accounts authenticate really quick, while others take minutes to authenticate.
  • Accessing the Open Directory through the Workgroup Manager is as slow as a slow boat to China. Changing users (just by selecting them) takes another boat along the Pacific.

So it was time to start digging into the phenomenon called 'Open Directory'.

The manual from Apple isn't much help in troubleshooting a slow Open Directory, so it was time to search the interwebs and start experimenting. If it didn't work, I can always reinstall the entire server from scratch.

Read more …
Posted on July 12, 2010 by Willem and filed under Annoying, Apple, Tips'n Tricks and tagged Open Directory slow troubleshooting.

The Problems with Apple OS X (10.6.4) Server

It has finally been done. I've switched off the old Windows 2003 server at home and officially replaced it with an Apple Mac mini server. For now... And with 'for now' I really mean for now. It turns out that Apple OS X Server doesn't resemble its client counterpart at all. Where the client is stable and intuitive, the server edition lacks both.

I'll try to explain why I think there's lots of room for improvement. Mainly stuff I ran into while configuring the server/services.
Since the Windows fulfilled several functions, I needed these functions to be available on the OS X server as well. These were;

  • Networking services like DNS and DHCP
  • Webserver
  • Mailserver
  • MySQL Database
  • SSH Server
  • File sharing on the internal network
  • Public Key Infrastructure for issuing certificates
  • Download station

Evaluating these functions, one would think that this shouldn't be a problem. Well it actually is.... At least some of those features.

Read more …
Posted on July 12, 2010 by Willem and filed under Annoying, Apple, Operating Systems, Switched2Mac and tagged PKI Server Admin certificates xca PKI XCA OSX.