Monday, June 28, 2010

tether droid eris to Ubuntu 10.04 machine

My internet service provider is a bit dicey and I occasionally need to be on the Internet even when they are figuring out how to reboot their remote router when they lose connectivity. So I thought I would just tether my smartphone (Droid ERIS) to my computer. After a bit of searching, I came up with a couple requirements.
  1. I didn't want to root my phone. While this is technically a cool thing to do, I just don't want to do that right now.
  2. I need to be able to connect natively to an Ubuntu linux machine. All my computers are currently running ubuntu and I didn't want to screw around with wine or a virtual machine.

Enter easytether. In 5 minutes I had internet connectivity... here's what I did:
  1. downloaded easytether
  2. downloaded the ubuntu driver to the phone
  3. connected the phone to the computer (via usb)
  4. installed the .deb located in phone's download folder
  5. ran easytether on the phone
  6. ran "easytether enumerate" on my computer
  7. ran "sudo dhclient easytether0" on my computer

I'm impressed! What's more telling (aside from this just working) is that there is not yet a Mac version, but there is both a 32 and a 64 bit Ubuntu package. It makes me wonder exactly how many Ubuntu users there really are and how long until it surpasses the Mac market.

Speed results:
Last Result:
Download Speed: 674 kbps (84.3 KB/sec transfer rate)
Upload Speed: 635 kbps (79.4 KB/sec transfer rate)

Sunday, June 27, 2010

My verizon bill

Here's a copy of my verizon bill:

My first reaction is "Hey, I don't owe anything"... However, from experience I think I DO, and I think it might be $127. Unfortunately, by putting a big $0 for my balance at the top, people generally are going to stop and simply assume they didn't owe anything.

I've called Verizon about this a few times and 2/3 times the person I talk to ALSO thinks that I don't owe anything. I then need to talk them through my billing history for 15 minutes before they realize I DO in fact owe something. Usually this is after a supervisor gets involved and starts trying to explain complicated billing cycles and all sort of things that neither I nor the CSR actually care to know anything about.

This is how NOT to design an online bill presentation screen, they've taken intimate knowledge about how their internal billing and accounting systems work and broadcast it all the way to the customer. In addition to frustration, this causes confusion and wasted time/money/effort.

On the plus side, I wonder how many millions of dollars per month verizon makes because confused customers try to pay their $0 bill and end up being late for the $127 they actually owe.

Saturday, June 19, 2010

What should I post online?

As a guy with a reputation of knowing something about computers, I often get hit up for tech advice from folks. Recently, a cousin of mine sent me a note asking about what sorts of things I post online and what I don't. Evidently he had been aware of a situation where kids used information from to commit crimes.

Personally, I think this is pretty interesting and a really good question. I say this because I think a lot of non-tech folks have not yet made the transition from "off line" to "online". Many technical people have already had to deal with this (often years ago), but many younger folks and/or non-technical people are just beginning to understand the implications of being truly "online". For example, here is a post from 7 years ago by some buffoon (that's me) who decided a to post an off topic friday afternoon 833r discussion. This will likely be available for a very very long time.

From my perspective, this is a pretty good example of how information wants to be free. That is, once you start putting information on the internet, you lose control of it. This means things on the internet (text, photos, videos) can be taken out of context and used for other purposes. In addition, depending on what you put out there, criminals might be able to gain enough information to do BAD things. In this particular situation (7 years ago) I was in our data center at one point and after I introduced myself this guy said "oh so YOU'RE Mike Mainguy". Evidently, because I was posting a lot of messages in user groups with my work email address, spammers where scanning the user groups and bombarding our domain with email to my account. At one point I believe I was told that my account was receiving more spam than any other account in the domain except for the CEO.

As another example, suppose I had posted on facebook that I was going on vacation for 2 weeks. This would mean that anybody who searched facebook for vacation, potentially would potentially be able to see it. This then would have an unintended side effect of telling every tech savvy criminal in the world that they would have a golden opportunity to break into my house. If prior to that, I had posted a facebook note about my new
plasma TV
, I'd have then put myself into a potentially vulnerable situation.

Don't get me wrong, the internet is bringing the world together and this is a wonderful thing. Social networking and other new applications enabling us to connect globally and interact across time and space in unimaginable ways. I obviously think that sharing information is a good thing and encourage everyone to get online and actively maintain an online presence. As with anything, however, there are unintended and potentially negative consequences of this. Folks who have newly minted online identities simply need to think about how they present themselves online.

Personally, before posting online, I typically ask myself the following questions:
  • "Would I be ashamed if my mom saw this?"
  • "Could a criminal use this information to do something bad?"
  • "Would a future employer potentially use this against me?"
If I answer "Yes" to any of these criteria, I typically don't post it. Obviously there are other considerations, but these three simple rules seem to serve me pretty well.

Sunday, June 13, 2010

Active Directory Authorization with Java

I have a situation where I need to be able to have sub groupings of users in Active directory to manage who can see particular pieces of information. It turns out this is easy, but unintuitive. An important detail is to realize that groups can be put inside into other groups and you can use the "member" and "memberOf" attributes to determine who is in which group. So if you have an OU in Active directory called "OU=web,DC=mainguy,DC=org" and you create a group with a name of "CN=Germany National Sales,OU=web,DC=mainguy,DC=org". From here in Active directory you create any number of subgroups and put them in the parent group (under the same OU in our example, but that's not necessary).

At this point, you can dump users into any of the groups and you can get segregate users into nested structures. With a little creativity you can use recursion to have deeper nesting (not necessarily a good thing) as well as a "deny/allow" capability (perhaps based on ou).

In any event, here's the code that can get you started.

package org.mainguy;

import java.util.Hashtable;

import javax.naming.AuthenticationException;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;

class FastBindConnectionControl implements Control {
 public byte[] getEncodedValue() {
  return null;

 public String getID() {
  return "1.2.840.113556.1.4.1781";

 public boolean isCritical() {
  return true;

public class LDAPBinder {
 public Hashtable env = null;
 public LdapContext ctx = null;
 public Control[] connCtls = null;

 public LDAPBinder(String ldapurl) {
  env = new Hashtable();
  env.put(Context.SECURITY_AUTHENTICATION, "simple");
  env.put(Context.PROVIDER_URL, ldapurl);

  connCtls = new Control[] { new FastBindConnectionControl() };

  try {
   ctx = new InitialLdapContext(env, connCtls);
  } catch (NamingException e) {
   System.out.println("Naming exception " + e);

 public boolean authenticate(String username, String password) {
  try {
   ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, username);
   ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
   System.out.println(username + " is authenticated");
      return true;

  catch (AuthenticationException e) {
   System.out.println(username + " is not authenticated");
   return false;
  } catch (NamingException e) {
   System.out.println(username + " is not authenticated");
   return false;

 public void finito() {
  try {
   System.out.println("Context is closed");
  } catch (NamingException e) {
   System.out.println("Context close failure " + e);

 public void getMembership(String name) {
  String[] returns = {"member"};
  SearchControls sc = new SearchControls();
  try {
   NamingEnumeration ne ="OU=web,DC=mainguy,DC=org","memberOf="+name,sc);
   while (ne.hasMoreElements()) {
    SearchResult sr = (SearchResult);
    System.out.println("+" + sr.getName());
    Attributes attr = sr.getAttributes();
    System.out.println("--" + attr.get("member").size());

    NamingEnumeration allUsers = attr.get("member").getAll();
    while (allUsers.hasMoreElements()) {
     String value = (String);
  } catch (Exception e) {
  * @param args
 public static void main(String[] args) {
  LDAPBinder binder = new LDAPBinder("ldap://");
  binder.authenticate("", "supersecret");
  binder.getMembership("CN=Germany National Sales,OU=web,DC=mainguy,DC=org");



Saturday, June 12, 2010

Why windows is useful in the cloud

OK, I realize from a previous post that it in a previous post it may seem like I think that windows is completely non-functional in a cloud environment.

Let me back up a little...

From my perspective, running production servers on virtual machines spun up on demand is not useful (yet) with the windows operating system. The windows OS strategy is just not responsive enough to this sort of business requirement (yet).

That having been said, I just finished spinning up a windows 2003 server instance on rackspace... Why? I need to investigate some Active Directory problems we're trying to solve at work right now. I spent 4 hours downloading the massive DVD install image (and a bunch of crazy MS registration stuff) for a 10 day TRIAL version of the OS.

I then went over to my rackspace account (because of a different problem) and realized they could set up the server I needed. I clicked "create server" and they set up a virtual server in 15 minutes. Yes, it costs more to run this server than my Ubuntu instances, but it's only going to run for a couple of hours over the next 2 days so I don't really care.

In short, on-demand virtual windows machines (I'd love some XP/Vista/Windows 7 instances for testing our software hint hint) are a super useful thing and are worth their weight in gold (maybe even platinum), but this doesn't mean it's a good distributed virtual server platform.

Thursday, June 3, 2010

firefox 3.6 and google chrome

I happened to notice that doesn't seem to work properly with firefox 3.6 OR google chrome... That's about 25-50% of "normal" web traffic. Note: if the techie people show you log files that indicate firefox is really only 5% (or some other low number).... ask them "how could ANYONE with firefox possibly be using the site if it doesn't actually WORK with firefox?".

I used to be a little self conscious about posting gripes about browser compatibility, but now that I see the real numbers from a number of sites that get millions of hits, I'm fairly confident that firefox (and even crome) are actually pretty important at this point. Right now I support a couple of non-technical sites that get millions of hits per month and IE gets around 70% firefox gets around 20% and chrome gets around 5% (the rest is a mixed bag).

I'd recommend letting the tech folks take about a week and make the site at least work with these browsers. In all fairness, I guess it is possible that the site works on windows versions of chrome and firefox as I'm using linux, but I suspect it's equally broken on windows. At this point, cross browser compatibility is a commodity and no professional organization should really allow incompatibility on a public site (IMHO).

Why windows will not work in the cloud

Quick question, "why is windows not suited for deployment in the cloud?"

Take a look at amazon's pricing. Next, take a look at rackspace linux and windows pricing.

Do you notice anything? A keen observer might see:

#1 Windows costs between 1.5x - 2.6x more than linux per compute cycle.
#2 Windows is in BETA for the rackspace cloud.

Now some folks might argue that this cost is offset by fact that windows servers are more managable (after all, you get a nice pointy clicky user interface right?). Those folks should try to push an update to 100 windows servers using the pointy clickly technique.

Any administrator worth their salt is going to use scripting and automated deployment techniques which is where linux really shines. Windows as a desktop platform is pretty good (although ubuntu is catching up, but it windows as a server platform still suffers from it's high TCO.

All this having been said, I guess I'll restate my subject in a slightly different way:

"Windows is very cost efficient or technically capable for creating distributed systems"

Wednesday, June 2, 2010

Kmart pharmacy customer (dis)service

First off, let me qualify this post by saying I am a former employee of Sears Holdings Corporation which is the parent company for Kmart. As such, I happen to still use their insurance through COBRA and because of the plan offered, my insurance only allows me to use Kmart (and VERY few other) pharmacies.

Last night I was supposed to go to Kmart and refill a prescription for my son. As circumstances would have it, I forgot so ultimately, I probably contributed to the stress levels associated with this situation. We happened to have one dose left of his medication so we assumed it wouldn't be a big deal to pick it up in the morning. My wife thought she could just run to the pharmacy this morning and get a refill.

This morning, I happened to be attending a software development conference in Chicago (coincidentally with at least one, if not more than one SHC associate) and started receiving frantic calls from my wife. She went to TWO different Kmart pharmacies (10 miles apart) and they didn't have the prescription. She was assured, however, she could drive just another 5 miles away and get it filled.

Because she had other things she had to get done, she went to another pharmacy right next door (Walgreens ) and was going to pay a LOT of money ($150) to get the scrip filled. After the third call, I told her to simply lay down the cash and we'll worry about the cost later, after all, our time and our son's health was too valuable to be driving all over Northwest Illinois hoping that someone had what we were looking for. It turns out, she got the idea to call our pediatrician and they happened to have had a some samples that they gave us until Kmart would be able to fill the prescription, but this brings me to my point:

Kmart pharmacy, you get a big fat "F" in customer service. Honestly, I really like the people working there as individuals, they're really friendly and seem to be nice people


I happen to know that the store in Rockford is affiliated with This should have been a home-run make my wife happy win-win-win situation for all involved. If the store in Rockford had proposed that my wife pay an extra $10 to have the prescription delivered to our doorstep she would have been jumping up and down in happiness. Instead she was frustrated, mad, and disgusted with the entire situation.

Some alternative scenarios proposed:

#2 Go get the scrip from Walgreens, then figure out how to get reimbursed...
#3 Anything else? Really, do you need US to come up with better solutions? I'm the customer here, I'm looking for solutions, NOT excuses...