Cisco VPN on Linux on campus

Now that I'm at UH this is the second time I've had to do something like this, so I thought I'd throw together a post about it in case someone else is trying to do the same, or in case I set up a new machine and have to do it again...

Since I'm apparently unable to use my Linux Mint 12 system (64-bit, Ubuntu-based) with the secure wireless network here on campus, I decided to set up the VPN, at least for the time being. The problem is that the Linux VPN software that's available from the university's website won't install. It requires building a kernel module, but it seems to be assuming an older kernel, because I get a ton of messages about header files missing like linux/config.h. Some research shows that this file (and others) were deprecated and removed from the kernel source somewhere around 2.6, and I'm running 3.0.0-12 (64-bit).

I searched a bit online and found an article named "How To: Install Cisco VPN Client on Linux Mint 12 (64 bit)". I thought to myself "Hey, that's exactly what I'm trying to do!" so I followed the instructions. Make sure to read the output when the vpn_install script finishes, especially this one:

* You must run "/etc/init.d/vpnclient_init start" before using the client.

That must be done as root (or via sudo), otherwise you will find that the VPN interface isn't available when you try to connect. You should only need to do this once, provided that you chose the default option to automatically start the VPN service at boot time.

After the installation is done and you've started the service, in Linux Mint 12 you need to go to System Settings > Network and do the following:

1) Click the [+] button to add a new interface.

2) Choose VPN and click "Create..."

3) Choose "Cisco Compatible VPN (vpnc)" and click "Create..."

4) Set the connection details.

This step is where it can get tricky again, since the Cisco VPN setup requires both your individual username/password and a group username/password. Every place I've checked keeps this information secure, so you'll need to do a little work to get this information. I'm not going to post the actual group information here for obvious reasons, though I can certainly tell you how I found the info.

UH (like all other places I've dealt with) requires that you log in to access their VPN configuration information (the PCF files). UH actually goes so far as to not allow download of the VPN client at all without logging in. I was able to retrieve the remaining setting information by logging in, downloading the VPN software for Windows, extracting it, and opening up the PCF file in a text editor. This file contains a lot of configuration data, but most notably it includes the gateway, group name, and group password. The group password is encrypted, so it's necessary to decode the password so you can enter this into the settings. (It's easy enough to find a decrypting utility online, so I'm not going to link to one in particular.)

After you've gathered the information, you'll need to at least enter the following:

• Connection Name: Whatever you'd like, but know that it will append "VPN", so entering just "UH" will give you an interface named "UH VPN".
• Gateway: This is normally an IP address. Get it from your university's connection information page (e.g. UH's), if available, or get from the PCF file.
• User name: Your campus-provided username.
• Group name: Get this from the PCF file, if not otherwise provided.

Optionally, you can also enter:

• User password: Your campus-provided password.
• Group password: Get this from the PCF file, if not otherwise provided.

If you don't want to be prompted for the passwords every time make sure to change the options to save them. I entered the passwords in the config screen, however I was then prompted for them when I first connected to the VPN...

The last bit of configuration is that you may need to enter a domain, particularly if your university is really into Windows networking. This is necessary for UH. To enter this into the configuration click "Advanced", enter the domain (e.g. "cougarnet") into the appropriate box, and save.

With any luck you can now access the VPN!

Hopefully this will be helpful, and please feel free to leave any comments, questions, etc.

Also, I'd be interested in knowing if any fellow Cougars have managed to get their Linux system connected to the UHSecure network, since that's what I was trying to do in the first place!

mutt for gmail on cygwin

I wanted to set up mutt to check my gmail and google apps accounts on cygwin and it took a bit of trial and error, since the default mutt build in cygwin isn't configured appropriately for this setup. I installed mutt using cygwin's setup.exe, then went searching for configuration examples. The best starting point I found was the following:

http://lifehacker.com/5574557/how-to-use-the-fast-and-powerful-mutt-email-client-with-gmail

This site gives some instructions along with a sample .muttrc:

# A basic .muttrc for use with Gmail

# Change the following six lines to match your Gmail account details
set imap_user = "YOUR.EMAIL@gmail.com"
set imap_pass = "PASSWORD"
set smtp_url = "smtp://YOUR.EMAIL@smtp.gmail.com:587/"
set smtp_pass = "PASSWORD"
set from = "YOUR.EMAIL@gmail.com"
set realname = "YOUR NAME"

# Change the following line to a different editor you prefer.
set editor = "nano"

# Basic config, you can leave this as is
set folder = "imaps://imap.gmail.com:993"
set spoolfile = "+INBOX"
set imap_check_subscribed
set hostname = gmail.com
set mail_check = 120
set timeout = 300
set imap_keepalive = 300
set postponed = "+[GMail]/Drafts"
set record = "+[GMail]/Sent Mail"
set header_cache=~/.mutt/cache/headers
set message_cachedir=~/.mutt/cache/bodies
set certificate_file=~/.mutt/certificates
set move = no
set include
set sort = 'threads'
set sort_aux = 'reverse-last-date-received'
set auto_tag = yes
ignore "Authentication-Results:"
ignore "DomainKey-Signature:"
ignore "DKIM-Signature:"
hdr_order Date From To Cc
alternative_order text/plain text/html *
auto_view text/html
bind editor complete-query
bind editor ^T complete
bind editor noop

# Gmail-style keyboard shortcuts
macro index,pager y "unset trash\n " "Gmail archive message"
macro index,pager d "set trash=\"imaps://imap.googlemail.com/[GMail]/Bin\"\n " "Gmail delete message"
macro index,pager gi "=INBOX" "Go to inbox"
macro index,pager ga "=[Gmail]/All Mail" "Go to all mail"
macro index,pager gs "=[Gmail]/Starred" "Go to starred messages"
macro index,pager gd "=[Gmail]/Drafts" "Go to drafts"


I copied this to my home directory, made the appropriate changes, ran mutt, and then began reading ensuing the error messages...

$ /usr/bin/mutt
Error in /home/peter/.muttrc, line 6: smtp_url: unknown variable
Illegal instruction (core dumped)


The first line was straightforward enough, so I commented that line out, re-ran mutt, commented out another line noted in the next error, and so on, but I quickly found that the stock mutt build isn't compiled with support for much:

$ /usr/bin/mutt -v
Mutt 1.5.20 (2009-12-10)
Copyright (C) 1996-2009 Michael R. Elkins and others.
Mutt comes with ABSOLUTELY NO WARRANTY; for details type `mutt -vv'.
Mutt is free software, and you are welcome to redistribute it
under certain conditions; type `mutt -vv' for details.

System: CYGWIN_NT-6.1 1.7.15(0.260/5/3) (i686)
ncurses: ncurses 5.7.20091227 (compiled with 5.7)
libiconv: 1.13
hcache backend: GDBM version 1.8.3. 10/15/2002 (built Feb 26 2009 02:58:00)
Compile options:
-DOMAIN
-DEBUG
-HOMESPOOL -USE_SETGID -USE_DOTLOCK -DL_STANDALONE +USE_FCNTL -USE_FLOCK
+USE_POP +USE_IMAP -USE_SMTP
+USE_SSL_OPENSSL -USE_SSL_GNUTLS -USE_SASL -USE_GSS +HAVE_GETADDRINFO
+HAVE_REGCOMP +USE_GNU_REGEX
+HAVE_COLOR +HAVE_START_COLOR +HAVE_TYPEAHEAD +HAVE_BKGDSET
+HAVE_CURS_SET +HAVE_META +HAVE_RESIZETERM
+CRYPT_BACKEND_CLASSIC_PGP +CRYPT_BACKEND_CLASSIC_SMIME -CRYPT_BACKEND_GPGME
-EXACT_ADDRESS -SUN_ATTACHMENT
+ENABLE_NLS +LOCALES_HACK +HAVE_WC_FUNCS +HAVE_LANGINFO_CODESET +HAVE_LANGINFO_YESEXPR
+HAVE_ICONV -ICONV_NONTRANS -HAVE_LIBIDN +HAVE_GETSID +USE_HCACHE
-ISPELL
SENDMAIL="/usr/sbin/sendmail"
MAILPATH="/var/spool/mail"
PKGDATADIR="/usr/share/mutt"
SYSCONFDIR="/etc"
EXECSHELL="/bin/sh"
-MIXMASTER
To contact the developers, please mail to mutt-dev@mutt.org.
To report a bug, please visit http://bugs.mutt.org/.
mutt-dev@mutt.org


No SMTP support is the big problem, so I knew right away that a rebuild was needed. I installed the mutt source package, which gave me the source tree in /usr/src/mutt-1.5.20-1/, but then there was the issue of configuring. Much to my display, I got errors when I even tried to run ./configure!

After a little more research I found that I needed to run the following command:

autoreconf -f -i -Wall,no-obsolete


Fortunately this worked and I could now proceed with the build. Here are the options I ended up needing:

./configure --enable-imap --enable-pop --with-ssl --enable-smtp --with-homespool=mailspool --enable-hcache --enable-debug --with-sasl


You can easily leave out --enable-debug, but I left this in to help with future troubleshooting. I also needed to install a couple packages through cygwin, though I regret that I didn't keep a list. If you use these instructions it would be nice if you could leave a comment noting what extra packages you needed to install.

After configure and a make install, I now have a working mutt at /usr/local/bin/mutt with the following options:

$ /usr/local/bin/mutt -v
Mutt 1.5.20 (2009-12-10)
Copyright (C) 1996-2009 Michael R. Elkins and others.
Mutt comes with ABSOLUTELY NO WARRANTY; for details type `mutt -vv'.
Mutt is free software, and you are welcome to redistribute it
under certain conditions; type `mutt -vv' for details.

System: CYGWIN_NT-6.1 1.7.15(0.260/5/3) (i686)
ncurses: ncurses 5.7.20091227 (compiled with 5.7)
libiconv: 1.14
hcache backend: GDBM version 1.8.3. 10/15/2002 (built Feb 26 2009 02:58:00)
Compile options:
-DOMAIN
+DEBUG
+HOMESPOOL -USE_SETGID +USE_DOTLOCK -DL_STANDALONE +USE_FCNTL -USE_FLOCK
+USE_POP +USE_IMAP +USE_SMTP
+USE_SSL_OPENSSL -USE_SSL_GNUTLS +USE_SASL -USE_GSS +HAVE_GETADDRINFO
+HAVE_REGCOMP -USE_GNU_REGEX
+HAVE_COLOR +HAVE_START_COLOR +HAVE_TYPEAHEAD +HAVE_BKGDSET
+HAVE_CURS_SET +HAVE_META +HAVE_RESIZETERM
+CRYPT_BACKEND_CLASSIC_PGP +CRYPT_BACKEND_CLASSIC_SMIME -CRYPT_BACKEND_GPGME
-EXACT_ADDRESS -SUN_ATTACHMENT
+ENABLE_NLS -LOCALES_HACK +HAVE_WC_FUNCS +HAVE_LANGINFO_CODESET +HAVE_LANGINFO_YESEXPR
+HAVE_ICONV -ICONV_NONTRANS -HAVE_LIBIDN +HAVE_GETSID +USE_HCACHE
-ISPELL
SENDMAIL="/usr/sbin/sendmail"
MAILPATH="mailspool"
PKGDATADIR="/usr/local/share/mutt"
SYSCONFDIR="/usr/local/etc"
EXECSHELL="/bin/sh"
-MIXMASTER
To contact the developers, please mail to mutt-dev@mutt.org.
To report a bug, please visit http://bugs.mutt.org/.
mutt-dev@mutt.org


Enjoy!

Cr48 impressions so far

I've been using the Cr48 as my "main" computer for the two days (ish) and so far I'm rather impressed. The critics are right - it is basically a browser in a box, but a very well put together one. I'm a little surprised at just how much of my normal daily computing I'm accomplishing on this, but there are a few things that are missing and/or that I'm not thrilled with...

As I mentioned in my first post about the Cr48, I would really like bluetooth support so I could use my new bluetooth mouse, but at least USB mouse support is there. The trackpad is the issue for me - I don't particularly like trackpads in general, but in particular, the Cr48 doesn't disable the trackpad while typing and I tend to brush the trackpad while I'm typing. I tried using the trackpad without tap-to-click, but that made things like "right" clicking difficult, which is accomplished by tapping with two fingers simultaneously. I find that I have to tap quite a bit harder to right-click than to left-click. I also find it cumbersome to click and drag with this trackpad.

I tried watching a WMV file yesterday, but Chrome OS doesn't seem to have a way to handle it built-in. When I clicked the file it downloaded, but clicking the file in the "Downloads" window gives the error "Unknown file type." I tried installing the extension "Embed WMPlayer inline" but this gives a missing plug-in error. I was able to upload one of the WMV files to YouTube and watch it there, but this is hardly a good permanent solution. I also tried downloading a pure-java program as well, but unsurprisingly trying to open the zip file gives the same "Unknown file type" error.

One of the other things that I'm less than thrilled about is that I have to check each of my four email accounts separately. I have my GMail account, two Google Apps email addresses and a student email account for my grad program. On my other computers I use Thunderbird and it's "Unified Folders" view that shows me the contents of all four inboxes in a single listing. In Chrome OS I can't find a way to do that and instead have four separate windows open all the time that I have to flip between. I tried a couple of quick searches in the chrome web store, but I don't see anything helpful...

Even though the last three paragraphs are criticisms, I'm overall very happy with this machine. The speed of going to sleep and waking up is by itself rather amazing. I'm realizing now that with my Ubuntu laptop I actively avoid closing the lid because I've been having problems with it not sleeping properly. I've been thinking about a fresh re-install for this very reason. In fact, the slowest part about waking up my Cr48 is waiting for my wifi connection to be re-established.

Google's Ninjas

I had my first experience with Google's tech support and with 3G yesterday. I tried setting up my free* 3G service through Verizon two days ago and although I got a confirmation email, my Chrome notebook still wouldn't connect to 3G, instead prompting me to set it up again. I waiting until yesterday afternoon and tried again. No dice, so I followed the Chrome OS Help page instructions to call Verizon and get them to walk through manually activating, but it didn't work...

After I got my car jump-started and got back home from the store, I filled out the support request form to have a  Chrome Notebook Ninja (coolest. title. ever.) contact me via email. I also had the option to request a phone call, with the disclaimer that it would take up to 3 days for a call, so I went with the email option. Much to my surprise, I got a phone call from one of the Ninja's less than an hour later. He conferenced in Verizon support and in less than 20 minutes later I was up and running. This was easily the most pleasant tech support call I've ever been on - my wife even told me I was having too much fun talking to tech support! :-)

* Free. Yes, actually free, but naturally only to a point. 100MB/month for two years is free. After that you either pay for more or don't use it.

A very Google xmas

It's fairly obvious from this essentially empty blog that I don't post here much, but I feel compelled to write a bit about the unexpected present I got from Google yesterday...

We visited my in-laws out of state for the last week or so and flew back in to Atlanta (snow?!?!) late last night after a whirlwind adventure in gift giving with small children involved. The drive home from the airport was fairly easy, and when we got to our door there was a package right next to the door. I didn't even look to see what it was but just grabbed it and got the girls inside and proceeded to unload the car. Finally I went to open the almost entirely unmarked box, which had no information except my name and address (with "Individual" under my name) and the return address - no sender name. Thinking this was a present from some relative, I didn't think much of it until I got the outer box off and saw the box inside it:

Image from the Google Cr48 Pilot Program page. Used without permission, but I'll take it down if Google wants me to!

It took me 2 or 3 seconds to make the connection and remember where I'd seen this -- on the Google Chrome OS Cr48 info page! My wife later commented that she thought I was going to poop my pants in my excitement! ;-) Needless to say I was up way too late last night playing with it.

It's a very basic and rather thin notebook. It's matte black, with a very minimal set of ports (1 USB, power, 1/8" headphone jack, and a VGA port) and no identifying marks on the outside at all - no logo, no model info, nothing. There are, of course, serial numbers and such under the battery, but that's it. It has a built-in webcam, a large clickable trackpad (like late model Macbooks), and a keyboard that most resembles that of a Macbook. There are some notable things missing such as an optical drive and an ethernet port. I haven't missed either of these so far, but I would like to have bluetooth so I can use my bluetooth mouse with the Cr48. I tried plugging in my bluetooth dongle, but it didn't even light up. :-(

As promised on the Cr48 pilot program page (http://www.google.com/chromeos/pilot-program-cr48.html), the machine sprang to life on it's own as soon as I opened the lid. The initial boot process had me select a wi-fi network, enter in my google ID and password, take my picture with the webcam (optional) and then I was in. (Disclaimer: I'm writing this a couple days after the fact, so I may be forgetting something!).

There are a few notable differences with the keyboard. First, it has no Caps Lock key - the key itself is there, but is labeled with the image of a magnifying glass and its default function is to open a new tab with the search bar focused. Also, the function keys are not "F" keys, but are rather labeled with icons. Fortunately, there's an on-screen key command guide that you can pull up by typing control-alt-slash. The erstwhile functions keys are: esc, back, forward, reload, fullscreen, next window, bright down, bright up, mute, volume down, volume up, and power. It's otherwise pretty standard, except that the keys are labeled with lowercase letters.

As expected, the interface to Chrome OS is almost exactly like you get by run the Google Chrome browser maximized with all OS toolbars or panels hidden. There are some differences, of course, such as the Settings menu item instead of Preferences. There Settings window has tabs on the left and has most of the same options as the Preferences window in the Google Chrome browser (at least on my Ubuntu machine), with the addition of controls for basic system settings (time/date, trackpad, language, accessibility options), internet connections settings (wi-fi and 3G) and settings related to user access (allow guest access or not, whether or not to show usernames and pictures on the login screen, and the option on limit who can sign on). This last one was particularly interesting to me, because the default settings are to allow guest access and the checkbox "Restrict sign-in to the following users:" is unchecked. This is exactly the opposite of what I have come to expect from other operating systems, where guest access must be explicitly enabled (if it's even an option) and you must explicitly create a user account for each user. 

More to come...

How I created a very large import spec in Access 2007 without doing it the hard way

I had a situation arise at my workplace where I needed to create an import specification in MS Access 2007 for input containing over 260 fields/record. Once I found the solution I started out by writing these steps down as a future reference for myself, but since I had very little success finding any info online I decided to post this in the hopes that someone else might find this useful down the line.

We receive score data in a non-delimited text file. There is one row/record and each row belongs to one person, but a single row is nearly a thousand characters long and contains anywhere from 1 to 30 sets of scores.

The purpose of having this data in an Access DB is that we need to have the data in a human-readable format that is also searchable based on fields (e.g. search for last name containing "Smith"). We get, at most, a few thousand records a year, so there is very close to zero benefit to be had from spending the resources to develop and maintain a properly normalized database for this. The score data from the records are entered into the production computer system through other means, but so we need to be able to go back to the source data at any time (I'm told we could get charged penalties if we ask for too many re-sends).

Description of the file layout I had to work with:
- 30 sets of scores @ 7 fields each
- 8 more sets @ 2 field each that I don't need
- 268 total fields
- By subtracting those I don't want I whittled it down to 258 fields, 251 of which I needed to import (just under the 255 max imposed by Access!)

Steps
- Start to import data and create a new import specification
    - Optionally, set the general import spec options (date format, separators, etc.)
- Make note of the specification name (optionally, change it to what you want) & save
- Cancel out of the import process
- Show System Objects in the Navigation Pane
    - right-click on "All Access Objects" & choose "Navigation Options..."
    - click the "Show System Objects" checkbox (optionally also the "Show Hidden Objects" box) and click OK
- Open the table "MSysIMEXSpecs" and make note of the SpecID for the SpecName you just created
- Close the table "MSysIMEXSpecs"
- Open the table "MSysIMEXColumns" and filter the rows to show only those with SpecID equal to the one you noted above
- At this point I copied & pasted those into an Excel spreadsheet for reference.
- I made an temporary spec in order to figure out a few of the values that I needed:
{DataType & Indexing value conversion tables}
SkipColumn is TRUE/FALSE (ok, Yes/No)
- I created the Field Names based on the names given in the file layout. For those that repeated I tacked on a number to the end. I found the simplest way was to use an Excel spreadsheet. You could also write a simple script in something like perl or python. I chose Excel because I want my solution to still work if they make me remove cygwin and perl. ;-)
- I used 0 (zero) for all Attributes
- Set the SpecID to the number previously noted.
{screenshot to show the Excel table}
- Go back to Access and delete all rows in the MSysIMEXColumns table with SpecID = X
- Import External Data from the Excel document into the MSysIMEXColumns table
- Save and done. I can now use my import spec to pull in my flat file data!