wiredfool

I suspect that my Jaguar installation has some corrupt fonts, preferences, or both.

Chimera won’t display or choose about half the fonts in the list, sometimes crashing, sometimes just not displaying the choices. Font inspector panels won’t select some of them and keep reverting to Lucida.

An md5sum of all of the fonts in my /Library/Fonts directory compared with another Jaguar machine only shows some missing, but no sig changes. Some of the sigs are the same, leading me to believe that perhaps I’m not getting the sum of all of the items within folder/file structures.

Any Ideas?

***Update

Nicholas Riley writes in that: It’s probably the font cache, not the fonts themselves. Either reboot in OS 9 or in single-user mode and delete the font cache files (all files should include “FCache”).

This appears to have worked to allow all the fonts to be displayed, but it appears that there’s an additional problem in Chimera’s prefs writing system. But that can be fixed by editing the javascript prefs file. (~/Library/Application Support/Chimera/….)

***IN PROGRESS

Ipsec is now possible on OSX 10.2 with built in tools. It takes a little bit of digging to get it setup, as there’s no gui for it yet.

There are 3 reasonably interesting configurations for ipsec, at least for my use:

• Host to Host – This is mainly a test case, if this doesn’t work then it’s unlikely that any thing else will.
• Host to network – This is a common VPN situation where your machine is using ipsec over the net to communicate with an entire network on the other end. This is your typical connect to the office type of situation. Traffic to other hosts will not be secured.
• Host to gateway – This is for secure wireless connections. Ip traffic between a something just on the other side of an airport hub and my laptop will be encrypted. Essentially, ipsec will be the default transport to the rest of the world. This will allow actual security on the airport network, instead of the joke known as WEP.

Osx uses the KAME ipv6/ipsec stack like most other BSD implementations. Helpfully enough, other people have written some howtows on getting this up and running with FreeBSD, NetBSD, and OpenBSD. I addition to getting ipsec working between Osx hosts, I’d like to get interoperation going with FreeSWAN, the standard linux implementation. These are some good starting links:

• http://www.kame.net/newsletter/20001119/
• http://www.daemonnews.org/200101/ipsec-howto.html
• http://www.freebsddiary.org/ipsec-tunnel.php
• http://www.kame.net/newsletter/20001119b/

Racoon and setkey are the two main programs that will be of interest. Racoon is a daemon that negotiates keys and identity information for ipsec sessions. Config files are in /etc/racoon, and it must be run as root. Setkey deals with policy decisions about which packets are to be sent or recieved with ipsec and which are to be run through the normal ip stack. Setkey needs to be configured before racoon runs, or alternately, racoon needs to be restarted after configuration changes.

Host – host

A basic script for resetting and adding ipsec policies follows. This script requires that traffic between MYIP and REMOTEIP is run through ipsec using the ESP/transport option. It will encrypt the contents of the packets but not the headers. (??) This was slightly adapted from one of the KAME tutorials. Note that this script will need to be run on both ends of the connection, with the MYIP and REMOTEIP values reversed.

#!/bin/sh
MYIP=192.168.1.116
REMOTEIP=192.168.1.126
# These commands need to be run on node A
# The next 2 lines delete all existing entries from the SPD and SAD
setkey -FP
setkey -F
# Add the policy
setkey -c << EOF
        spdadd $MYIP/32 $REMOTEIP/32 any -P out ipsec esp/transport/$MYIP-$REMOTEIP/require;
        spdadd $REMOTEIP/32 $MYIP/32 any -P in ipsec esp/transport/$REMOTEIP-$MYIP/require;
EOF

Racoon’s config files are reasonably close to working as shipped. They will attempt to match identities using a fqdn and a preshared secret key. Since all Jaguar macs will have this shared ‘secret’, it’s a real good idea to change the secret/method to something a little more secure. Preshared keys are stored in /etc/racoon/psk.txt. You can either create them based on ip addresses or on user names. Note that this file needs to remain secret, so it should be root readable only. (chmod 600 psk.txt). If you change to address based shared secrets, you will need to change /etc/racoon/racoon.conf from username to address verification. Look for lines like:

	my_identifier user_fqdn "macuser@localhost";
	peers_identifier user_fqdn "macuser@localhost";

And change them to

	my_identifier address;
	peers_identifier address;

With these changes, ipsec should be ready to go between your two hosts. Run the shell script (as root) on both sides of the connection, then start racoon as root. You will probably want to have console access for this, as it’s possible to configure yourself out of a remote system.

Try pinging the remote machine. Pings should get through. You can verify that the systems are communicating through ipsec by using tcpdump from another machine on the same network segment. (ADD example).

Host – Network

Host – Gateway

FreeSWAN interop

I’ve installed Jaguar and lived with it for a week or so. It’s been pretty good so far, but I’m still wondering about a few things.

One of the features that was advertized was iTunes playlist sharing by auto-discovery. I haven’t seen it anywhere.

Ipsec is there, but it’s there in a ‘you’ve gotta google then write shell scripts’ sort of way. At least I don’t have to recompile the kernel. I have gotten host-host (both sides Jaguar) ipsec working on the lan. Next on the list to try is Freeswan interop and host->network combinations. Ideally, I’d be able to have tibook -> airport -> freeswan firewall/gateway -> world working.

Antialiasing is nearly readable on LCD screens now. Certain fonts blatantly advertize the different vertical and horizontal resolution with the sub pixel antialiasing. Lucida Grande isn’t bad in the menu size, but in iTunes (for example) it’s terribly inconsistent. Some i chareacters are one pixel wide and black, some are two or three and grey. Speaking of text rendering, terminal doesn’t render Monaco 9 as fixed width. I’m hoping that this is just a bug and not by design. It almost appears that the character width is .05 more or less than a pixel, so every so often characters are compressed together or too far apart by one pixel. I would think that you could actually improve the horizontal resolution of text by using sub pixel rendering of letter placement without antialiasing. With an LCD, you could get 1/3 pixel placement accuracy horizontally.

Oh well, I’m sure that it will look incredible on this. Or just stick with monster CRTs.

As discussed at Nicholas’s while having really good food. (and turkish coffee that resembled the stuff made by my french press)

• Chipotle Tomato Soup
• Finger Food Pancakes

For a the winter “I want quick soup” mood. Everything is canned, adjust to taste.

• 1 28oz can tomatoes, whole or diced.
• 1 (14oz?) can corn
• 1 (14oz?) can whole cooked beans, drained (I use a 3 bean blend)
• 1 quart veggie broth

Conviently enough, all of the above are found in 2 aisles of Trader Joes. Finely diced potatoes can be good in this too. You may need a little more liquid if you use potatoes too.

Add the tomatoes, smoosh or cut them up if they’re whole. Add corn liquid, beans minus liquid, and broth. Simmer for 1/2 hour or so. You may need to go longer if your beans are still really firm. The tomatoes will start to break down a bit. Add the corn near the end so that it doesn’t go to mush.

Seasonings:

• Chipotle
• Salt
• Lime Juice

All to taste. Probably about a tablespoon of the lime and chipotle, a couple of teaspoons of salt. But do taste it as you go.

This is a pancake recipe that is good enough that I normally eat the pancakes without syrup or butter. And I’m a sugar freak.

The Core:

• 2 cups flour*
• 3 tsp baking powder
• 3 eggs seperated
• 2 cups milk
• oil, 1 tbsp more or less.
• Some salt, less than tsp.

The Flavorings:

• 1/3 cup Brown Sugar
• 1.5 tsp vanilla extract
• 1/2 tsp cinnamon
• Other seasoning to taste: nutmeg, cardamom, whatever you have that’s interesting.

A word about the flour. You want something with flavor that doesn’t have a lot of protein, like bread flours. Too much protein will make your pancakes rubbery instead of tender. Depending on where you are in the country, you may need to seek out something with less gluten than the ordinary all purpose flours. I use Bob’s Red Mill Whole Wheat Pastry Flour, which is 10% protein instead of 13% for their normal flours. And a good flavor.

To make:

Mix the dry ingredients. Seperate the eggs, add the yolks to the mixture and beat the whites till they are stiffish or your hand gets tired. Mix in the other wet ingredients till you have a good batter, then fold in the egg whites.

Cook like pancakes. (nawww. you don’t say.) With a good nonstick pan and the right temperature, you don’t need any additional oil in the pan. Too cool and they’ll stick, too warm and they turn brown fast.

If you’re not into following recipies, the only proportions that are really essential are the baking powder, flour and milk. Everything else is open to intrepretation.

This started as something from the Tassajara bread book.

I’ve posted some of the better pictures from my Northern Ireland vacation.

Dont’ know why, but one of my sites is generating the following URL,

http://laquintagroup.net/l5Press/public/login?http://laquintagroup.net/l5Press/member/signup

whether I click on the automated signup link or whether I directly type in:

http://laquintagroup.net/l5Press/member/signup

This appears to be the behaviour occuring after the plugIn was activated. Any ideas why this is occuring?

More importantly, how can one manage the automated membership registration process in such an instance?

Every so often as you drive around Northern Ireland, you come across something that is ancient. Broken towers, incomplete walls, or the remains of castles. They are a reminder that some people came here before you and had completely different concerns.

This window is part of Carrickfergus castle. Other windows of the castle have somewhat realistic plastic soldiers with rifles. A reminder that Ireland does not have a particularly peaceful history.

I’m heading out on vacation to Northern Ireland for a week or so. Posts here will probably be slow for a good reason, instead of the usual neglect and work and gardening and biking and such.

The Saw Doctors, from Monday evening at Bumbershoot. Played for 2 hours in the wind and rain putting on a very good show.

I was a little dissapointed in the offerings at bumbershoot this year: fewer stages and higher prices. On monday, I only ended up seeing 5 shows. There was a huge hole in the middle of the day that was filled with a good rain shower. Rockin Teenage Combo was fun, El Vez was quite political, and on the ‘right’ side. He had a short talk/song on erosion of liberties and what this country is supposed to be. I also enjoyed the Derailleurs and the Antibalas Afrobeat Orchestra. Both nice upbeat bands.

This post has been brought to you by the wayport sea-tac airport airport network. It’s not free, but at $7 for a day (or the two hours that I’m waiting. 5 min at checkin, 2 minutes at security. 2:30 is the time to arrive for the London flight.)