Fun with grid certs

Here are some useful openssl commands if you regularly need to renew/process certificates from DOEGrids (department of energy) to authenticate on national compute grids such as the Open Science Grid.

Taking your Globus keypair and importing into your browser.

You Globus cert is in .pem format. To import into a browser like Firefox (so that you can renew your cert over the web, for instance), you will need to convert it to a .p12 file. To do this, enter this in your .globus directory:

openssl pkcs12 -export -inkey userkey.pem -in usercert.pem -out my-cert.p12

Then  import my-cert.p12 as a user cert into Firefox.

 

Exporting your key pair from your browser for use by Globus grid-proxy-init.

  • Export or 'backup' your certificate. The interface for this varies from browser to browser, Firefox is "Tools -> Options -> Advanced -> View Certificates". The exported file will probably have the extension .p12 or .pfx.
  • Guard this file carefully. Store it off your computer, or remove it once you are finished with this process.
  • Copy the above PKCS#12 file to your ~/.globus directory.
  • Extract your certificate (which contains the public key) and the private key:
    • Certificate:
      openssl pkcs12 -in YourCert.p12 -clcerts -nokeys -out $HOME/.globus/usercert.pem
    • To get the encrypted private key :
      openssl pkcs12 -in YourCert.p12 -nocerts -out $HOME/.globus/userkey.pem

      You must set the mode on your userkey.pem file to read/write only by the owner, otherwise grid-proxy-init will not use it(chmod go-rw $HOME/.globus/userkey.pem).
     

Sync clock with VMWare Player

I run Windows on my laptop but oftentimes fire up Linux Virtual Machines using VMWare Player. Because I use my virtual machines to build source code stored on my physical host, it is important to have the clock synced between my physical and virtual hosts.

If you search the web, the typically answer to accomplish this is to setup NTP in Linux. NTP will sync the clock to time servers on the Internet. This solution is a non-starter for me, as I want to instantiate VMs with synced time even if I do not have internet access (such as on an airplane).

As it turns out, the VMWare tools can sync the clock in a virtual host to the physical host. Why there is not an option to enable this in the VMWare player GUI is beyond me. Here is what to do to sync your guest OS clock to the physical OS every 30 seconds:

  1. Install VMWare tools in your guest OS, if you haven't already.
  2. Edit the .vmx file for your virtual machine to contain the lines:
    tools.syncTime = "TRUE"
    tools.syncTime.period = 30 
     

SOLUTION : Amazon Instant Video fails on Linux with flash Updating message

Yesterday we were happily watching an episode of 24 via Amazon Prime Instant video on our media PC which runs Ubuntu 11.10 (specifically, Mythbuntu). Today when we tried to start an episode, inside of the Adobe Flash Window an "Updating..." appears in a yellow status bar... and then fails. This was particularly mysterious because I already was running the latest version of Flash!

The problem is that starting end of January 2012, Amazon has slowly been re-encoding their video content so a new DRM enabled Flash is required. This DRM support in Flash on Linux requires Hardware Abstraction Layer (HAL) software (sigh...). So to get things working again, be sure i) have the latest version of Flash for Linux installed, aka version 11.x +, and ii) install the HAL libraries. At least on Ubuntu/Mythbuntu, HAL is not installed by default. So to fix my Linux box to play all Amazon video again, I just closed all Firefox/Flash instances and then entered:

sudo apt-get install hal
This Adobe post got me on the right track, although initially I ignored it because it claimed to be specific to 64bit Linux (and I am running 32bit), but obviously the tidbit about HAL is important for either 32 or 64bit users. Another blogger talks about additional challenges for 64bit users here.

Hope this helps someone.

Solution for Thinkpad X220 brightness controls disabled after resume from sleep / hibernate

I have noticed on my new Thinkpad X220 that the on-screen brightness controls sometimes stop working after resume from sleep / hibernate. In other words, after coming out of hibernate, the Fn-Home and Fn-End buttons to increase/decrease screen brightness do nothing. I am running Windows 7, but some Google searches reveal the same problem exists on Linux. And yes, I have all the latest driver versions including BIOS and video drivers.

The Lenovo forum suggests excluding a utility program from your virus scanner. I tried that, but no luck.

However, the following work-around solved the problem for me:

It seems like issue is only happens when "Lid close action" is set to "nothing" in the global options of the Power Manager utility. If "Lid close action" is set to "sleep", system wakes up when I open lid without pressing power button and brightness buttons work correctly.

Software installed on a new Windows 7 machine

I recently replaced my ThinkPad X61 laptop with a shiny new ThinkPad X220 running Windows 7 Professional and the ThinkVantage Tools. In order to be able to live with Windows 7, I had to do a bunch of customizations but that is a topic for another post. In this post, I brain dump in no particular order all the 3rd party software I had to download/install. By listing it all here, I will perhaps remember what I did next time I get a new laptop :). All software below is free except for the few packages labeled with ($$$).

  1. 1by1 - nice lightweight music player
  2. 7Zip - deal with compressed files
  3. ActivePerl - most popular Perl environment for Windows
  4. MiKTeX - excellent LaTeX environment for Windows, downloads CTAN packages on the fly as needed, includes TeXWorks which lets you edit side-by-side with a tracking PDF preview window
  5. blunderdelay - imo an essential plugin for Thunderbird that periodically (every few minutes) sends out messages queued in your Outbox in the background. There is no way I am going to sit blocked while Thunderbird slowly sends outgoing messages in the foreground; this plugin gets around that. Another option is to set the mailnews.sendInBackground option to true in the Thunderbird about:config settings.
  6. NoScript - plugin for Firefox that disables javascript by default, and provides an easy way to add sites into an allowed white-list. perhaps one of the best things you can do to avoid virus, keyloggers, etc, from getting onto your machine.
  7. cmake - cross-platform software build and package tools, used to build Condor from source.
  8. Git - revision control; the windows version also installs many essential Unix command-line tools (awk, bash, find, which, etc) which I add to my search path.
  9. MozBackup - used to move Firefox and Thunderbird settings/bookmarks from old laptop to new laptop.
  10. Console - if you use the command prompt, grab this from Sourceforge - it moves the old console window (cmd.exe) into the modern era with transparency, tabs, fast cut-n-paste, etc.
  11. Process Explorer from Sysinternals.com - replace the default windows Task Manager with something actually really useful.
  12. Firefox
  13. Thunderbird
  14. Flash Plugin
  15. Java Plugin
  16. Google Voice Plugin
  17. Launchy - never use the silly Start Orb again! Must-have utility to launch apps, web sites, google searchers quickly from home-row on the keyboard. Brilliant. Use it for a day, you will never go back.
  18. Miranda w/ Skype plugin - Miranda is my favorite multi-protocol instant messaging tool. Besides support for all the usual protols like Yahoo and Google, Miranda also handles Jabber, IRC, and Skype. It is also very lightweight and uses very little screen real-estate.
  19. Skype
  20. Virtual Clone Drive - mount a .iso file (cd-rom image). why Windows 7 cannot do this out of the box is a mystery (and pathetic).
  21. Visual Studio 2008 Professional Edition ($$$)
  22. WiX - tool to create Windows .msi installation packages
  23. VMware Player - run virtual machines (duh), required as I do a lot of development on Linux. allows me to simultaneously compile on Windows and Linux from the same source tree. happy to see that current versions also allow you to create new virtual machines and support vix command-line tools. needed to enable a bios setting to run 64bit VMs.
  24. WordWeb - fantastic pop-up dictionary and thesaurus that you can use from inside any program (aka vim, email, texworks), just highlight the word and hit ctrl-alt-w.
  25. Xming - finally a free X windows server for Windows that works, is small and easy to install.
  26. Airfoil ($$$) - software to allow me to stream audio/music over WiFi from any Windows application (not just iTunes!) to an Airport Express hooked up to my house stereo system. once I found this I deleted the bloated/annoying iTunes software. Besides a wireless hookup to play MP3s, since it can stream audio from Firefox as well as anything else, allows an easy way to play Grooveshark / Pandora through the home audio system.
  27. CutePDF Writer - a virtual printer that "prints" to a PDF file. any program that can print can now produce a PDF file. why Windows 7 cannot do this out of the box is a mystery (and pathetic).
  28. Vim - most awesome text editor.
  29. Calibre -great package to manage an ebook library; think of it like a decent iTunes for books. can convert ebooks from one format to another, understands dozens of different ebook devices like the Kindle, etc.
  30. Microsoft Office 2010 ($$$)
  31. Adobe Reader
  32. Cisco Anyconnect VPN client
  33. Secure CRT ($$$) -my favorite ssh client. putty is decent and free, but SecureCRT is better.
  34. Gnuplot -graphing/charting software.
  35. Microsoft Security Essentials - imo the best virus / spamware protection, and it is free. i switched to this after Avira failed me a few years ago.