Monday, December 28, 2009

MySQL Uninstall on Mac OS 10.6

I had to uninstall a newer 64-bit version of MySQL to go back to a 32-bit version. Here are the steps:

# Remove folder with mysql installation
sudo rm -rf /usr/local/mysql-*
# Remove soft link to above folder
sudo rm /usr/local/mysql
# Remove receipts
cd /private/var/db/receipts/
sudo rm com.mysql.*

Thanks to this link for the critical bit on finding and removing the receipts.

Friday, December 18, 2009

Adobe Flash CS5 Versioning and Coding Enhancements

Adobe just released this sneek peak of Adobe Flash CS5. Two nice improvements are:
  • The ability to save projects as uncompressed xml-based text and asset files
  • Tight code authoring integration with Flash Builder 4
A seemingly minor enhancement is that the native .fla project file is now zip and xml based. What is more interesting and progressive is that you can also save the project as an uncompressed project folder where all the assets are laid out in your file system.

The layout within the project folder looks like this:

The two major advantages here are version control and the ability to directly manipulate the contained files with other tools. Versioning text files, as compared with binary files, means that you can diff versions and your source control system can take advantage of diffs between versions to reduce storage requirements. This is particularly relevant when you use git for source control because git keeps a complete copy of the repository on your local system.

A second major improvement in Adobe Flash CS5 is for ActionScript 3.0 developers (ActionScript 2.0 and FlashLite developers are left out here). Flash CS4's AS3 development environment was rather unsatisfactory. Rather then try to improve this, Adobe has gone the direction of Eclipse. Flash CS5 now includes tight integration with Flash Builder 4, a rich Eclipse-based code development IDE.

Wednesday, December 9, 2009

Saving Web Receipts Files on Mac OS X

Mac OS X has a handy feature that allows you to, via the print dialog, save PDF files directly to a web receipts folder. This is particularly useful when making online purchases in a browser.

You enact this feature by executing command-P (or File > Print), pulling down the combo box in the lower left of the print dialog, and choosing Save PDF to Web Receipts Folder. This automatically saves a PDF file directly to your ~/Documents/Web Receipts folder. How cool is that!

In Mac OS 10.5 and 10.6, this is now a python script that you can customize. Below I show how to modify this file to change the default save location and prepend the date to the resulting filename.
  1. Navigate to /Library/PDF Services/Save PDF to Web Receipts Folder.pdfworkflow/Contents.
  2. Edit the file tool. It doesn't look like you need to be root to do this, but if you do use sudo -s from the command line.
  3. Towards the top of the file add another import statement import datetime
  4. In main modify destDirectory to be your desired save folder location. I used:
    destDirectory = os.path.expanduser("~/PDFDocs/Receipts/")
  5. Modify these lines from:
    title = safeFilename(title)
    destFile = title + ".pdf"
    to:
    title = safeFilename(title)
    # Create a YYYYMMDD string
    today = datetime.datetime.now().strftime("%Y%m%d_")
    destFile = today + title + ".pdf"
  6. Presto, you are done! At least until a major software update clobbers this file. Which is why I wrote this blog entry: to remind me how to do this again the next time.

Moving Onwards from Adobe

I spent the last 16 years working at Adobe Systems. I was pretty quiet there, not writing much publicly about what I worked on. I'll say a few things about that here, and then give a hint as to where I am going next.

What I am most proud of from my time at Adobe is the security engine that we built from the ground up and put in place in Adobe Acrobat. This engine provides digital signatures and document encryption to Acrobat and PDF. The functionality that we added and the libraries that we built really are the best out there. It wasn't just me saying this: NIST loved our PKI validation engine.

It's not just that we did an outstanding job of supporting OCSP and CRLs with all the OID nuances. We also have a great, flexible chain validator, and the ability to wisely tap into the Windows platform for trust, in those instances where that trust has been properly configured within an organization.

Though I lead the engineering and, in fact, the early business effort to add these capabilities, I certainly don't take all the credit. I had an outstanding group of engineers who somehow, despite me, managed to build a solution that has integrity and robustness right down to the last line of code.

For all the years I toiled on digital signatures, we didn't see tremendous customer use early on. In fact that was a good thing, because it took a number of releases (Acrobat 4.0 through 6.0) before we were able to put into place all the bits to make the system robust.

This is changing. Adobe now has strong business support behind digital signatures (check out the Security Matters blog), folks like PDF Evangelist Leonard Rosenthal are contributing immensely to making PDF an ISO standard and PDF signatures, via PAdes, an EU electronic signature standard and the Acrobat engineering team continues to add important capabilities.

There really is no other good solution out there. PDF is the way to do electronic document signatures. Adobe has recognized this and is continuing to invest in this technology. This last release the engineers added support for long term archive signatures, a flexible certificate trust update mechanism, and better Mac OS X integration.

Aside from helping to build Acrobat, I spent a couple of years in Adobe's Advanced Technologies Labs furthering my research into security. My particular interest was in adding strong and effective security to browsers, via Flash, primarily for use with authentication and payments. If you look at OpenID and Microsoft's InfoCard, you get an idea of my area of interest. We had some really great ideas that, in my view, addressed many of the shortcomings you see today with OpenID, Facebook Connect, PassMark (RSA) and other solutions. But I'm afraid we were a bit ahead of our time. And so instead of today being able to see the fruits of that vision, you will have to wait until tomorrow to see bits of functionality dribble into the Flash APIs.

Where am I going next? It was my desire to work on a few personal projects. Now I have the freedom to do this and am working on all sorts of things ranging from presentations and business plans to technical education and coding. For the next while I am focusing on technology and this will be reflected in my blog. I'm quite enjoying reconnecting with technology after being too much of a manager for a few years. I won't say what it is that I'm working on - you'll have to watch this space to find out - but I will say it's really awesome to have the freedom to work on all aspects of a project, and not be confined by the structure of a large organization. Life is good.

Thursday, November 12, 2009

Git on a ReadyNAS NV+

Git is a "free & open source, distributed version control system designed to handle everything from small to very large projects with speed and efficiency".

Installing git on a ReadyNAS NV+ is fairly straightforward if you are familiar with the linux command line. First you will need a remote shell with which to login and execute commands. In my previous post I described installing SSH on ReadyNAS.

You can then use the linux APT (Advanced Package Tool) command to install git. APT is a convenient way to install software packages using the command line. Before you do that you need to install APT, but it's easy to do and worth it. Finding and installing APT is the same as it was for SSH, which I described in my previous post (so go read that post).

Now that APT is installed, ensure that your /etc/apt/sources.list contains the following:

deb http://www.readynas.com/packages readynas/
deb http://archive.debian.org/debian-security sarge/updates main contrib non-free
deb http://archive.debian.org/backports.org sarge-backports main contrib non-free
deb http://archive.debian.org/debian sarge main contrib non-free

deb-src http://archive.debian.org/debian-security sarge/updates main contrib non-free
deb-src http://archive.debian.org/backports.org sarge-backports main contrib non-free
deb-src http://archive.debian.org/debian sarge main contrib non-free


If you know how to use vi, editing this file won't be difficult. I've never been desperate enough to learn vi, so I cat'd the file into a new file under /c/home/ and edited there with emacs, then copied it back and verified the permissions.

Then:
  1. apt-get update
  2. apt-get install git-core
  3. apt-get clean
Oh my gosh, it's that simple. Now execute git:

$ git

Thanks to this forum post for the above information.

To read about setting up your remote git repository over ssh you might want to look at one of these two posts:

SSH on a ReadyNAS NV+

Running SSH was a step along the way of me becoming more familiar with SSH and running a remote git repository on my ReadyNAS NV+. Note that there are security concerns with opening SSH on your ReadyNAS device and exposing password authentication. It would be fairly trivial to launch a password attach over the SSH connection.

SSH defaults to use passwords for authentication. The password is set to your ReadyNAS admin password at the time you install SSH on your ReadyNAS. If this password is to be saved on disk somewhere, for example as part of an SSH configuration on the machine from which you are contacting the ReadyNAS, you may choose to temporarily change your ReadyNAS admin password before installing SSH, and then change the ReadyNAS admin password back afterwards. If you ever need to change the SSH password on the ReadyNAS, just reinstall SSH from System > Update in the ReadyNAS admin browser application.

  1. Get the SSH bin file from the ReadyNAS web site. Click the Add-ons for RAIDiator 4.1.3+ link and scroll to the EnableRootSSH link. Download the bin file and store it on your local computer.

  2. Log in as admin on your ReadyNAS using a browser

  3. Update your ReadyNAS firmware (optional). This is under System > Update. Just click the Check for Updates button.

  4. Click the Local tab and click Choose File to find the EnableRootSSH.bin file that you previously downloaded. Upload this and follow the prompts.


After a reboot SSH will be installed and ready to use. To login execute the following:

# Use the hostname or IP address of the ReadyNAS
$ ssh root@readynas-hostname


Then type the ReadyNAS admin password that existed at the time SSH was installed.

On my ReadyNAS, my share volumes are under /c and user volumes are under /c/home.

$ cd /c; ls -1

SSH can be configured to use public private keys as well. Refer to my later post and OpenSSH Public Key Authentication for more details.

Security Alert: Opening up your NAS to SSH with password authentication on a public network is a bad idea. In my situation I'm behind a firewall and simply using SSH for the convenience and to play around with the protocol.