I've not been writing much lately, because I haven't had much (a) to#
Tue, 03 Sep 2002 13:11:42 +0000
I've not been writing much lately, because I haven't had much (a) to
write about, (b) time to write it in. More (b) than (a), in fact.
Oracle error messages, n in a series of
most-positive-fixnum:
:; owm
Exiting
java.lang.NullPointerException
at oracle.ewt.lwAWT.BufferedApplet.<init>(Compiled Code)
at oracle.sysman.emSDK.client.appContainer.WebApplication.<init>(Compiled Code)
at oracle.security.admin.wltmgr.owma.OwmaApp.<init>(Compiled Code)
at oracle.sysman.emSDK.client.appContainer.WebApplication.main(Compiled Code)
Done.
The error message actually means "cannot connect to X server".
Isn't it obvious? It also means "we don't accept any of the
standard toolkit options", of course.
It turns out that we actually want to be using the Oracle
Enterprise Login Assistant for this instead anyway. It has basically
the same deficiency but doesn't insist on displaying a splash screen,
so can actually map its window and get on with answering requests
without user input.
Some notes about importing existing SSL certificates into Oracle#
Tue, 03 Sep 2002 17:08:07 +0000
Some notes about importing existing SSL certificates into Oracle
Wallet Manager:
- Importing a site certificate as a trusted certificate will appear
to work, but the Oracle HTTP Server (a.k.a. binary-only-Apache minus
the perectly good modssl, plus modossl which is dumb,
underdocumented and ... oh, never mind. That was an aside) won't
actually work with it. Instead it will send you some corrupted mush
which according to ethereal is a zero-length certificate.
- You can't import a site certificate as a user certificate,
because it won't let you import certificates that it doesn't have CSRs
for.
- You can't import your old CSR even if you have kept it, because
it doesn't have the option for that either
- But the so-called wallets are in fact (fairly) standard PKCS#12
files, which can be created by OpenSSL: if you create a pkcs12 file
using a third-party tool you just have to call it ewallet.12
(you can only point owm at directories, not actual filenames).
- You need to put the CA cert in the wallet as well as the
site cert, otherwise it complains that your password is incorrect.
The cry goes up: Yay Oracle error messages!
So in our particular case,
- Download the Thawte CA cert from
http://www.thawte.com/serverbasic.crt
- Convert to PEM: openssl x509 -inform der -in
~/serverbasic.crt -outform pem -out thawte.crt.pem
- Make a wallet: openssl pkcs12 -noiter -nodes -export -certfile ~/serverbasic.crt -inkey ../ssl.key/www.foo.com.key -in ../ssl.crt/www.foo.com.crt -name 'friendly name' -nodes -noiter -out /tmp/e1/ewallet.p12
Most of the time spent finding this out was actually in translating
the "incorrect password" error message into "I can't load this wallet
because it doesn't include the CA cert". Obvious in retrospect. Sure
Time passed#
Mon, 09 Sep 2002 14:34:48 +0000
Time passed ...
Paid projects calming down a little, so today was housekeeping day for#
Wed, 11 Sep 2002 01:35:00 +0000
Paid projects calming down a little, so today was housekeeping day for
some more of the free stuff.
- At last, the lucky members of the general public have CVS access again for telent projects
- New release of db-sockets with
all known bug fixes (this is not another day of saying "all known bugs
fixed"). This will be 0.55 when it appears on vn-cclan and the
notable change is a fix for unix-domain sockets
- First Entomotomy checkin:
code I hacked out before and during the LSM and haven't really looked
at since. I'm pretty sure it did something, or at any rate
that I believed at the time that it did something. Which may not be
the same thing entirely
Immediate priorities for, say, tomorrow, are to understand what
entomotomy does or doesn't do, and hopefully to get it into a state
where it does something useful.
I'd write something amusing here, but the truth is I'm tired and
would rather get some sleep. I briefly also considered writing
something bitter and cynical about the darker parts of ANSI CL, or
this afternoon's fight with cvs error messages, or even Oracle (a rich
seam of source material which I don't think will ever really run out),
but the truth is I'm just too happy (for, it must be admitted,
substantially unrelated reasons) to summon the necessary bile. So,
nyer.
Some day I will learn how to release new versions of stuff into#
Wed, 11 Sep 2002 15:54:40 +0000
Some day I will learn how to release new versions of stuff into
vn-cclan. Today's trick (repeatedly) has been to forget to do the cvs
commit before making the tar file. And to upload the wrong tar file
at least once, I suspect. Not sure how that happened
Still, today's db-sockets 0.57 fixes a bug in yesterday's 0.55 (and
all previous versions, in fact) when used with SBCL 0.7.7 or any other
compiler that actually checks the syntax of defgeneric forms
Went to the Consume meeting#
Sun, 15 Sep 2002 21:47:45 +0000
Went to the Consume meeting. Consume is the not-entirely-local local
community 802.11b wireless group (it's in London; even line-of-sight I
doubt I could get a 50 mile point-to-point link).
Consume Live is a lot like you'd expect it to be from the flavour
of the mailing list discusions: that is, it's a loose coalition with
almost as many reasons to participate in a wireless network as there
are people who want to, and it meanders gracefully towards nothing in
particular, occasionally falling into the tar pits of legal arguments
or needless techy fugues. Blood fugues, almost.
But we got in a couple of discussions about the aspects I find
genuinely interesting: (a) it has a Wiki
which needs some fairly active love and attention (I have a thing for
Wikis, as regular readers know) and (b) service discovery.
It appears that I wrote half of and then forgot about a September 15th#
Fri, 27 Sep 2002 17:14:47 +0000
It appears that I wrote half of and then forgot about a September 15th
entry, which subsequently posted itself when I rsynced the htdocs
directory for some other reason. Oh well. I'll fix it up at some point
I guess from context that "The Bourne Identity" is a film. Given that
every time I read the title my first instinct is to assume it's an
sh function that returns its argument, there is probably no
hope for me. Um.
At last I have wireless at home (and in the back yard, and in the
street behind that about as far back as the corner of the block). The
PLX thing that I'd wasted
so
much
time
trying to get working on and off over the past year is now in the bin,
after I happened into PC World yesterday and saw they were selling
real PCI-PCMCIA adaptors for £25 (compares with £21.74 mailorder from
dabs.com, so not an unreasonable instant-gratification-tax)
(All indications are that the PLX stuff does work for other people;
the most likely explanation for why mine doesn't is that the hardware
itself was b0rked)
Stuff happening lately:
- Stargreen Box Office
visual makeover: now substantially less ugly
- Entomotomy
(temporary URL, wrong side of cable modem, unreliable) initial site,
running. Further hacking, ongoing.
TODO list,
shortening slowly.
- It's required remarkably little hacking of asdf to get the Debian Common Lisp Controller to work with it. It's required, as far as
I can tell from Kevin's commit
messages, substantially more work to CLC itself, none of which I did.
My involvement is mostly to sit on IRC and
say "it already does that", or sometimes "no, I won't make it do that"
- The Local Food Directory (placeholder page at http://www.buyitlocally.org.uk/) is substantially finished except
for not working at all in a few key respects. It turned out to be
most conveniently implemented as another CLiki application.
- That's all I can remember right now.
I got email from a friend asking about book recommendations for
Knowledge-Based Systems. It's not exactly my area of expertise (OK,
so I'm a Lisp programmer. That doesn't have to mean I know
anything much about AI) so I spent a few minutes with Google and found
(among other, more relevant things) this interview with Ask Jeeves