16 June 2008

OpenDocument (ODF) Acid Test Proof of Concept

Morning all,

I've just put the finishing touches on the first
proof-of-concept Acid Test for OpenDocument Format (ODF) which I hope
will become a useful tool for encouraging and testing interoperability.
The tests themselves (148 of them in the 14x14 grid following the Web Standards Project's Acid2 test) still need development, as explained below, but the framework is in place.

You can read more about it at http://sites.google.com/a/odfiic.org/acid/ods and in the post to the OASIS 'ODF Implementation, Interoperability and Conformance (IIC) Technical Committee Formation' mailing list below. You're also encouraged to get involved if you have something to offer to the standards process.

Here's a sneak preview:

And here's the post:
---------- Forwarded message ----------
From: Sam Johnston
Date: Mon, Jun 16, 2008 at 2:34 AM
Subject: ODF Acid Test - Proof of Concept
To: oiic-formation-discuss@lists.oasis-open.org


Morning all,

With
a view to starting this week afresh I have been busy over the weekend
preparing the first proof of concept ODF Acid Test for the spreadsheet
component. The results are surprisingly impressive, thanks in no small
part to conditional styles
which allow me to set the cell colour depending on whether tests pass
(1+1=2) or fail (1+1=3). For more information about the test
methodology, samples, and the files themselves, refer to http://sites.google.com/a/odfiic.org/acid/ods

This
is not to be confused with an interop panacea (there is no such thing),
but it can be used to focus attention where it is most needed (provided
the attention is not too focused!). It also allows users to get on board the interop bandwagon and has proven a potent incentive for the browser vendors. Kudos to Google's Ian Hickson and the rest of the Web Sandards Project for their pioneering efforts in this area.

Kind regards,

Sam

--
Sam Johnston
Australian Online Solutions
http://www.aos.net.au/
+61 2 8898 9090
0 comments Links to this post
Labels:

11 June 2008

Making SSL work with Apache 2 on Mac OS X with CAcert

Getting SSL up and running on OS X is not too difficult these days. First you need to tell it to read the SSL config file (removing red lines, adding green lines):
--- /etc/apache2/httpd.conf 2008-06-11 03:42:25.000000000 +0200
+++ /etc/apache2/httpd.conf.dist 2008-06-11 04:15:15.000000000 +0200
@@ -470,7 +470,7 @@
#Include /private/etc/apache2/extra/httpd-default.conf

# Secure (SSL/TLS) connections
-#Include /private/etc/apache2/extra/httpd-ssl.conf
+Include /private/etc/apache2/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
# starting without SSL on platforms with no /dev/random equivalent
Then you need to fix this config file for your environment:
--- /private/etc/apache2/extra/httpd-ssl.conf.dist 2008-06-11 03:43:21.000000000 +0200
+++ /private/etc/apache2/extra/httpd-ssl.conf 2008-06-11 04:03:50.000000000 +0200
@@ -22,9 +22,9 @@
# Manual for more details.
#
#SSLRandomSeed startup file:/dev/random 512
-#SSLRandomSeed startup file:/dev/urandom 512
+SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random 512
-#SSLRandomSeed connect file:/dev/urandom 512
+SSLRandomSeed connect file:/dev/urandom 512


#
@@ -75,8 +75,8 @@

# General setup for the virtual host
DocumentRoot "/Library/WebServer/Documents"
-ServerName www.example.com:443
-ServerAdmin you@example.com
+ServerName secure.samj.net:443
+ServerAdmin xxxx@samj.net
ErrorLog "/private/var/log/apache2/error_log"
TransferLog "/private/var/log/apache2/access_log"

@@ -125,6 +125,7 @@
# Makefile to update the hash symlinks after changes.
#SSLCACertificatePath "/private/etc/apache2/ssl.crt"
#SSLCACertificateFile "/private/etc/apache2/ssl.crt/ca-bundle.crt"
+SSLCACertificateFile "/private/etc/apache2/server-ca.crt"

# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
@@ -143,6 +144,8 @@
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
+SSLVerifyClient require
+SSLVerifyDepth 2

# Access Control:
# With SSLRequire you can do per-directory access control based
Notice that I'm using client certificates for authentication but you can comment out the SSLCACertificateFile, SSLVerifyClient and SSLVerifyDepth options if you don't need this. If you do you'll want to grab the root from CAcert:
# curl -o server-ca.crt https://www.cacert.org/certs/root.crt
You'll want to generate random nubmers (key) and a certificate signing request (csr) in order to get a certificate (crt) file, and despite most information on the topic this can be done in one command:
# openssl req -newkey rsa:2048 -nodes -keyout server.key -out server.csrGenerating a 2048 bit RSA private key
.........+++
.....................................................................+++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:New South Wales
Locality Name (eg, city) []:Sydney
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Australian Online Solutions Pty Ltd
Organizational Unit Name (eg, section) []:Security
Common Name (eg, YOUR name) []:secure.samj.net
Email Address []:xxxx@samj.net

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Actually in the case of CAcert.org everything except the common name is ignored so you can leave it as defaults.

For testing we'll use a script which prints all the environment variables (this is what I was after for my certificate authentication anyway):
# cat /Library/WebServer/CGI-Executables/printenv
#!/bin/bash
echo "Content-type: text/plain"
echo ""
printenv
And when you browse to your machine (eg https://secure.samj.net/) you should see something like this:
SSL_SERVER_A_KEY=rsaEncryption
SSL_CLIENT_VERIFY=SUCCESS
SSL_SESSION_ID=A6C2F73FBFBB30AF927947D03B8E61AF26E0C4C68CB98F3B9CB7EB6E6ED78147
SERVER_SIGNATURE=
SSL_CLIENT_S_DN_Email=xxxx@debian.org
SSL_CLIENT_A_SIG=sha1WithRSAEncryption
SSL_CLIENT_I_DN_Email=support@cacert.org
HTTP_KEEP_ALIVE=300
SSL_VERSION_LIBRARY=OpenSSL/0.9.7l
HTTP_USER_AGENT=Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-GB; rv:1.9) Gecko/2008053008 Firefox/3.0
SERVER_PORT=443
HTTP_HOST=secure.samj.net
SSL_CIPHER_ALGKEYSIZE=256
SSL_SERVER_I_DN=/O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root
SSL_CLIENT_M_VERSION=3
DOCUMENT_ROOT=/Library/WebServer/Documents
HTTP_ACCEPT_CHARSET=ISO-8859-1,utf-8;q=0.7,*;q=0.7
SCRIPT_FILENAME=/Library/WebServer/CGI-Executables/printenv
HTTPS=on
REQUEST_URI=/cgi-bin/printenv
SSL_SERVER_I_DN_OU=http://www.CAcert.org
SSL_CLIENT_A_KEY=rsaEncryption
SCRIPT_NAME=/cgi-bin/printenv
SSL_SERVER_S_DN=/CN=secure.samj.net
SSL_VERSION_INTERFACE=mod_ssl/2.2.8
SSL_CLIENT_I_DN_OU=http://www.cacert.org
SSL_CIPHER_EXPORT=false
HTTP_CONNECTION=keep-alive
SSL_SERVER_I_DN_O=CAcert Inc.
SSL_CLIENT_S_DN=/CN=Sam Johnston/emailAddress=xxxx@debian.org/emailAddress=xxxx@samj.net/emailAddress=66e1c629ca065f0cead0ac9bee8e4cb016f93cb7
SSL_COMPRESS_METHOD=NULL
REMOTE_PORT=50392
PATH=/usr/bin:/bin:/usr/sbin:/sbin
SSL_CLIENT_I_DN_O=Root CA
SSL_CLIENT_M_SERIAL=0551B7
SSL_CIPHER=DHE-RSA-AES256-SHA
PWD=/Library/WebServer/CGI-Executables
SERVER_ADMIN=xxxx@samj.net
SSL_SERVER_A_SIG=sha1WithRSAEncryption
SSL_CLIENT_V_START=Jun 11 01:38:03 2008 GMT
SSL_SERVER_M_SERIAL=56C8
SSL_PROTOCOL=SSLv3
SSL_CLIENT_I_DN_CN=CA Cert Signing Authority
HTTP_ACCEPT_LANGUAGE=en-gb,en;q=0.5
SSL_SERVER_S_DN_CN=secure.samj.net
HTTP_ACCEPT=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
REMOTE_ADDR=::1
SHLVL=1
SERVER_NAME=secure.samj.net
SSL_SERVER_M_VERSION=3
HTTP_PRAGMA=no-cache
SSL_CLIENT_V_END=Jun 11 01:38:03 2010 GMT
SERVER_SOFTWARE=Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7l DAV/2
QUERY_STRING=
SERVER_ADDR=::1
SSL_SERVER_V_END=Jun 11 01:48:07 2010 GMT
SSL_CLIENT_I_DN=/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=support@cacert.org
SSL_CLIENT_S_DN_CN=Sam Johnston
GATEWAY_INTERFACE=CGI/1.1
SERVER_PROTOCOL=HTTP/1.1
HTTP_CACHE_CONTROL=no-cache
HTTP_ACCEPT_ENCODING=gzip,deflate
SSL_SERVER_I_DN_CN=CAcert Class 3 Root
REQUEST_METHOD=GET
HTTP_COOKIE=__utma=64622253.189158232302809900.1213012569.1213012569.1213087976.2; __utmz=64622253.1213012569.1.1.utmcsr=blogger.com|utmccn=(referral)|utmcmd=referral|utmcct=/rearrange
SSL_SERVER_V_START=Jun 11 01:48:07 2008 GMT
SSL_CLIENT_V_REMAIN=730
SSL_CIPHER_USEKEYSIZE=256
_=/usr/bin/printen
That's it for this morning's lesson.
2 comments Links to this post
Labels: ,

09 June 2008

Installing VMware tools in Ubuntu 8.04 (hardy)

So like me you've been hanging out for another Long Term Support (LTS) Ubuntu release and having arrived last month (8.04) you've got it up and running in VMware (Fusion in my case).

To make VMware tools install you need to:
  • Virtual Machine->Install VMware Tools (that's the easy part)
  • apt-get install build-essential linux-headers-$(uname -r)
  • mount /cdrom
  • cd /cdrom
  • cp VMwareTools*.tar.gz /tmp
  • cd /tmp
  • tar xzf VMwareTools*
  • cd vmware-tools-distrib
  • ./vmware-install.pl
  • Press enter for everything until it won't go any further because it wants the real location of your kernel headers. Give it '/lib/modules/2.6.24-16-server/build/include' and then keep pressing enter again until you get back to your prompt.
VMware Tools should start up (except perhaps for the advanced networking guff).

Update: Added extraction steps.
Update: The same process works for Debian 4.0 (etch)
11 comments Links to this post
Labels:

SSHKeychain 0.8.2 Post Install Problem on Leopard

It seems SSHKeychain breaks on (recent?) Leopard builds because it wants to find a group for each user (eg samj:samj):
#!/bin/sh
chown -R $USER:$USER "$2/SSHKeychain.app"
#chown root:admin "$2/SSHKeychain.app/Contents/Resources/TunnelRunner"
#chmod u+s "$2/SSHKeychain.app/Contents/Resources/TunnelRunner"
You'll want to change the second '$USER' to `id -gn` so it picks up your group name (eg 'staff') by itself, and while you're there you can comment out the two TunnelRunner lines if you want to set up tunnels on privileged ports and don't care about the security implications of setuid root binaries. You can do this by copying SSHKeychain.pkg from the mounted disk image, and right clicking to 'Show Package Contents'... then you can browse for Content->Resources->postinstall, or apply this diff:

--- SSHKeychain.pkg/Contents/Resources/postinstall 2008-06-09 09:25:03.000000000 +0200
+++ SSHKeychainFixed.pkg/Contents/Resources/postinstall 2008-06-09 09:19:47.000000000 +0200
@@ -1,4 +1,4 @@
#!/bin/sh
-chown -R $USER:$USER "$2/SSHKeychain.app"
+chown -R $USER:`id -gn` "$2/SSHKeychain.app"
#chown root:admin "$2/SSHKeychain.app/Contents/Resources/TunnelRunner"
#chmod u+s "$2/SSHKeychain.app/Contents/Resources/TunnelRunner"
Hope this saves someone some time.
9 comments Links to this post
Labels:

Apple WWDC Predictions

So it's Apple's Worldwide Developer Conference (WWDC) today in San Francisco and Steve Jobs will certainly have some new goodies for us Mac junkies, likely:
  • iPhone 2.0
    • Immediately available, probably worldwide, perhaps with new partnerships, probably cheaper again (who ever said being an Apple early adopter wasn't without its costs?)
    • New toys including 3G, GPS, probably something unexpected
    • Support for native applications via the (excellent) SDK - I was already building these on the first day it was released and it's already improved significantly with handful of updates
    • App Store in iTunes which means iTunes version bump (and like music et al takes a solid 30% cut on sales)
  • Software Updates
    • iTunes for iPhone stuff
    • OS X 10.6 seeding, but OS X is already pretty good so not holding my breath... maybe some more connection to the cloud including:
  • .Mac Rethink
  • Hardware
    • Nothing that will detract from the iPhone announcement... maybe some refreshes here and there
Anyway we'll see soon enough.

Update: was pretty much on the money.
0 comments Links to this post
Labels: ,
Subscribe to: Posts (Atom)