A quick openvpn "oops" moment

I learned a quick, silly lesson today. I run some servers that tunnel using openvpn to facilitate our single sign on. I've migrated one before, and at the time, I foolishly did not create a new certificate/key pair for the new server and re-used the old one. During the point of the migration where I had both servers online at once, the two openvpn clients kept fighting - one connected, the other disconnected, and so forth, until I figured it out.

This time - I did things right - I generated a new certificate. HOWEVER, The subjects of the certificates were still the same, so they were being assigned the same IP address. This caused basically the same situation. Fortunately this time I was a bit quicker to realize. Make sure you differentiate your subject names when using openvpn. In general, you would already be doing this, but in the case of moving a server hosting a given domain from one box to another, since the domain name being served is the same there is an inclination to just type the same domain name in...don't do it. Make sure it's unique. Thanks for the forum post which lead to my answer, Jan Just Keijser!

I'm not sure if just the OU or CN must be different, or if both should be different. I erred on the side of caution and made sure both were distinct. I falsely assumed only the certificate itself had to be unique, but that's not the case.


This is a self-reminder blog post / post of shame. DOH!

World Time Buddy - an awesome timezone website

As the company I work for grows and has more users in remote areas of the globe, knowing what time it is for everyone gets tricky. We're in the US on the East Coast, but have employees in California, Hawaii, Germany, France, India, Ukraine, and other locations. A very simple site I found that does the best job I've seen is www.worldtimebuddy.com - hands down.

 Here is a sample of one I configured in around a minute and then bookmarked and shared:

 I couldn't get a larger image to work well in this theme so to see this for yourself use this link.

It may not have the fanciest name or super sleek graphics, but its display of information is amazing. Above we see that:

• It displays current times clearly for all timezones I care about in an easy to read/compare way. 
• Everything is vertically aligned with readable values for easy comparison
• I see whole-hour times for a 24 hour period
• I see current exact times
• I see offsets (+4, -6, etc) from my home time zone
• It shows the current date in each time zone in an easy to follow way
• It shows business hours, night hours, and late night hours in different colors
• It alerts me to upcoming time changes - in this case, Europe's daylight savings equivalent happens 4 days from now
• I can remove a timezone I no longer need with one mouseclick
• I can change my home timezone with one mouseclick
• Not visible in the above screenshot, but visible with the mouse cursor is the ability to drag and drop re-order timezones in any way I choose. I put mine in ascending order, but that isn't enforced, it was my preference. 
• I can click link icon in the top right corner to get a link to the site containing my customizations, easily bookmarkable and shareable with coworkers.
• New timezones can be added by using an autocompletable field (just start typing a city or country name)

I love the simple yet useful way it displays the timezones.If there is one area for improvement it would be a customized interface for mobile devices - you get the same, full webpage from a mobile device. It's still usable but the hover-able timeline does not work. Since it displays all of the hours it isn't strictly necessary, as you can still see the same information it just doesn't give it that extra focus if you want to pick a time for a meeting for people in vastly different timezones.

If you deal with multiple time zones a lot, definitely check out World Time Buddy.

How to Ruin a Perfectly Good Evening

Open your brand new SSD (Samsung 830 series 128GB)

Marvel with excitement at the iPhone-like packaging and eagerly image your old drive (Intel 80GB G1 SSD) onto the new one with Clonezilla - 15 mins and booted into Windows 7 on the new SSD. This is where I should have stopped - oh what a fool I was to continue.

Side-track to find out why PC basically hangs for 1-2 mins after login and discover it is Microsoft Security Essentials misbehaving - story for another day - 20 mins ...


Everything has gone smoothly so far - run AS SSD and ogle the new benchmark numbers. Uh oh. offset 31K bad? Great. I recall that I never fixed this on my Intel SSD and that is why, so I foolishly decide to try and fix it. I find an answer at lifehacker.


Download GParted and install on my trusty multiboot USB drive - I actually already had a GParted livecd on there but decided to throw Parted Magic on there to see what that was like.

Create a Windows 7 Repair Disc (directly from my copy of Windows 7 Home Premium I'm running at home). Wait, no, side-track and test out lightscribe to make a fun label for it first.

Discover that lightscribe software service needs to update. Do that. Find a label maker software - oh, already had one in some software suite - great. Hmm, it won't let me select my CDRW as my lightscribe driver...it will apparently only accept the lowest lettered optical disc drive. Wow. That's good engineering (Cyberlink LabelPrint). Re-map drive names so DVDRW drive comes first. Burn lightscribe label - remember why I haven't burned a lightscribe label in 6 years - because it takes way too long. Finally, let Windows create/burn a windows 7 repair disc.

Boot into Parted Magic and shift my partition forward a few MB, wait 15 mins, then shift back 1 MB, per Lifehacker instructions. Success - now, Windows will no longer boot because it's confused. (This is expected)

Boot up my freshly burned Windows 7 repair disc. I'm greeted with the following:

The windows recovery disc I burned from the copy of windows I am trying to repairing is incompatible with itself. Yes, that's right - incompatible with itself.

Do some quick searches and come up short. Decide screw it - I'll just reinstall Windows 7 on my SSD. Insert my Windows 7 Upgrade DVD (Family Pack - likely the source of all my pain!) Format the drive, select it - realize that Windows 7 RTM does not create "100MB" partition which has possible side-effect of aligning partition properly (same issue w/ original SSD install I think...). Decide to try and manually create partitions back in GParted and then let Windows 7 try to install.

Nope - Windows 7 will not install on it. Error 80300024. Excellent. No real useful info found.

Remove fancy new SSD and put back in old Intel one. Admit defeat for now.




4 hours after I started - blog about it, back at square one.

20 Years of VIM

VIM has now been out for 20 years. Ars has a nice article on it. It is my editor of choice on *nix based systems, but things weren't always that way. I remember when I first used vim (it may have even been an earlier clone, but probably not vi itself) , I hated it - it didn't make any sense. I was in highschool at the time, probably 14 years old. At the time I used pico since it was similar to MSDOS' EDIT.

It wasn't until I was in college that I truly got an appreciation for vim. I saw one of my professors using it to write code, and he was so incredibly fast it amazed me. It got me interested in how to use vim. Once you take the time to learn a few things about how it works, it's very useful. I still am a vim novice, I know enough to "miss" certain features when I am not using vim, but not enough to be a jedi master of vim (I'm a long ways away from that).

I'm going to take this anniversary as an opportunity to learn some new tricks in VIM. I wouldn't be surprised if I sum up some of the most frequent commands I use in a future post.

While I don't think software should generally have a steep learning curve, in the context of an editor for highly technical users, it makes sense to invest your time really learning an editor. The Pragmatic Programmer tells us to Use A Single Editor Well for a reason - there are real productivity benefits. I'm curious how many users take the time to learn an advanced editor like vim, emacs, or the ins and outs of something like Textmate. 


I think being under active development after 20 years is a pretty awesome accomplishment in software. How many projects have that kind of life span these days? A toast to you, VIM! To another 20 years of active development!

It's PragProWriMo again

It's November 1st. That means it's Pragmatic Programmer Writing Month (PragProWriMo) time again. Itself a spin off of National Novel Writing Month (NaNoWriMo).This will be my third year trying to participate in my own way.

My goal for the month is not to write a book. I take this as an opportunity to encourage myself to blog about technical topics every day for the month. Over time, my blog has become at the very least a resource for myself to find solutions or answers to simple problems I've encountered previously. I find writing every day for a month is both challenging and rewarding.

I lot has happened since last year. My job role has changed, my whole life has been changing (thanks to Jesus Christ), and I just got married last month. I've yet to determine what I will write about this month.

For tonight, I will just state a simple piece of technology that improves my world. Technology often advances just for the sake of advancement, and I'm not always sure a given new technology noticeably improves my life. Occasionally, I'll see something and go wow - why didn't this happen earlier. Why isn't this a feature of every widget? What's one of those things? The dripless pour spout on my new electric kettle. How many times have liquids (hot or otherwise) been spilled on countertops, on hands, everywhere, because a container has a spout that's prone to dripping everywhere? Somebody took the time to design one that DOES NOT DRIP regardless of how slow you tilt it. No messes because you poured too slow, or poured too fast to avoid a drip from pouring too slow.

And where is it on the features list? Not even listed on the vendor's website. It was listed on the box somewhere, though. (but isn't why I bought it - I wanted the programmable temperatures as I'm an avid tea drinker and boiling isn't enough flexibility)

Why doesn't every pitcher-like container have a no-drip spout? How many years do you think it will be until every new product has it? It saddens me that it may be quite some time. (5 years, 10 years, more?)

I find this "small touch" feature that is easily overlooked since the user can just deal with having to tread carefully and pour exactly right, or drip and spill liquids, maps over fairly well into the software world. Too often we let the user just deal with stupid, simple, easily fixable problems. We could fix them, but we don't spend the time. These type of problems agitate me more and more as I work with technology. Focusing on the small stuff MATTERS. It makes an IMPACT. This no-drip spout pitcher impresses me more than any other piece of technology I've seen this year - even more than Siri (which is really, really cool). I think more companies need to focus on the small details - it's something I believe Apple does quite well. Focus on no-drip pour spouts. Delight users with that simple, saves-you-10-seconds every day type of boring feature. Nothing frustrates me more than wasting my time on something easily fixed or automated.

I bet not a lot of people get excited about no-drip pour spouts - but I do. That's how I roll.

A Proper Emphasis on User Experience in Software: Example 1

I found myself thrilled the other week by how awesome and helpful the messages in ImgBurn are. I was slipstreaming some files on a Windows 7 DVD and wanted to keep it bootable, obviously. I figured I probably should do something but wasn't really sure what, so decided to just try and burn. The cost nowadays of a coaster is minimal.

ImgBurn nicely informed me of my error:

 

That is one of the best dialogs I have ever seen. Ever. It's not just evidence of smart logic, but also properly presenting it to me, and in an entertaining way to boot.. All developers dealing with UIs should learn from this great example.

That wasn't it though, being out of practice I also forgot to create a volume label! Not to worry, ImgBurn also let me know about that:

 

This great usability and functionality exists in a FREE program! I love it. This type of excellence should be rewarded - and can be (there's an option to donate on the website).

That's about it, really, I am seriously impressed by ImgBurn - it's a great tool and deserves attention.

Don't Use "Duplicate" button to add a new JRE/JDK in Eclipse

You may be tempted to use the "Duplicate..." button to add a new version of a JRE/JDK in Eclipse. Save yourself some potential hassle and use the "Add..." button instead. Manually copy and paste any Default VM Arguments you may have set afterwards.

The problem with using "Duplicate" is that all of the system library links remain at the old JRE/JDK after you update the "JRE Home". This can cause very strange errors, such as the following:

ZipFile.open(String, int, long) line: not available [native method]   
JarFile(ZipFile).(File, int) line: 114     
JarFile.(File, boolean, int) line: 135  
JarFile.(String) line: 72         
URLClassPath$JarLoader.getJarFile(URL) line: 646              
URLClassPath$JarLoader.access$600(URLClassPath$JarLoader, URL) line: 540        
URLClassPath$JarLoader$1.run() line: 607             
AccessController.doPrivileged(PrivilegedExceptionAction) line: not available [native method]    
URLClassPath$JarLoader.ensureOpen() line: 599  
URLClassPath$JarLoader.(URL, URLStreamHandler, HashMap) line: 583          
URLClassPath$3.run() line: 333   
AccessController.doPrivileged(PrivilegedExceptionAction) line: not available [native method]    
URLClassPath.getLoader(URL) line: 322   
URLClassPath.getLoader(int) line: 299     
URLClassPath.getResource(String, boolean) line: 168        
URLClassLoader$1.run() line: 194    

Some coworkers did this, and it caused a lot of headaches trying to figure out what was happening. Practically half the dev team has tried it at one point and learned the painful lesson, and it is an easy mistake to make.

If you insist on using "Duplicate...", then there is an easy fix. After you've updated the JRE location, if you use the "Restore Default" button it will update your JRE library entries. It's still very easy to forget this step, which is potentially a lot more work than just copy pasting your Default VM Arguments. If you forget to copy those, diagnosing out of heap errors is a lot simpler.