Skip to content →

Tag: apple

Jacobian update

One way to increase the blogshare-value of this site might be to
give readers more of what they want. In fact, there is an excellent
guide for those who really want to increase traffic on their site
called 26
Steps to 15k a Day
. A somewhat sobering suggestion is rule S :

“Think about what people want. They
aren't coming to your site to view “your content”,
they are coming to your site looking for “their
content”.”

But how do we know what
people want? Well, by paying attention to Google-referrals according
to rule U :

“The search engines will
tell you exactly what they want to be fed – listen closely, there is
gold in referral logs, it's just a matter of panning for
it.”

And what do these Google-referrals
show over the last couple of days? Well, here are the top recent
key-words given to Google to get here :

13 :
carolyn dean jacobian conjecture
11 : carolyn dean jacobian

9 : brauer severi varieties
7 : latexrender

7 : brauer severi
7 : spinor bundles
7 : ingalls
azumaya
6 : [Unparseable or potentially dangerous latex
formula Error 6 ]
6 : jacobian conjecture carolyn dean

See a pattern? People love to hear right now about
the solution of the Jacobian conjecture in the plane by Carolyn Dean.
Fortunately, there are a couple of things more I can say about this
and it may take a while before you know why there is a photo of Tracy
Chapman next to this post…

First, it seems I only got
part of the Melvin Hochster
email
. Here is the final part I was unaware of (thanks to not even wrong)

Earlier papers established the following: if
there is
a counterexample, the leading forms of $f$ and $g$
may
be assumed to have the form $(x^a y^b)^J$ and $(x^a
y^b)^K$,
where $a$ and $b$ are relatively prime and neither
$J$
nor $K$ divides the other (Abhyankar, 1977). It is known
that
$a$ and $b$ cannot both be $1$ (Lang, 1991) and that one
may
assume that $C[f,g]$ does not contain a degree one
polynomial
in $x, y$ (Formanek, 1994).

Let $D_x$ and $D_y$ indicate partial differentiation with respect

to $x$ and $y$, respectively. A difficult result of Bass (1989)

asserts that if $D$ is a non-zero operator that is a polynomial

over $C$ in $x D_x$ and $y D_y$, $G$ is in $C[x,y]$ and $D(G)$

is in $C[f,g]$, then $G$ is in $C[f,g]$.

The proof
proceeds by starting with $f$ and $g$ that give
a
counterexample, and recursively constructing sequences of
elements and derivations with remarkable, intricate and
surprising relationships. Ultimately, a contradiction is
obtained by studying a sequence of positive integers associated
with the degrees of the elements constructed. One delicate
argument shows that the sequence is bounded. Another delicate
argument shows that it is not. Assuming the results described
above, the proof, while complicated, is remarkably self-contained
and can be understood with minimal background in algebra.

  • Mel Hochster

Speaking about the Jacobian
conjecture-post at not even wrong and
the discussion in the comments to it : there were a few instances I
really wanted to join in but I'll do it here. To begin, I was a
bit surprised of the implicit attack in the post

Dean hasn't published any papers in almost 15 years and is
nominally a lecturer in mathematics education at Michigan.

But this was immediately addressed and retracted in
the comments :

Just curious. What exactly did
you mean by “nominally a lecturer”?
Posted by mm
at November 10, 2004 10:54 PM

I don't know
anything about Carolyn Dean personally, just that one place on the
Michigan web-site refers to her as a “lecturer”, another
as a “visiting lecturer”. As I'm quite well aware from
personal experience, these kinds of titles can refer to all sorts of
different kinds of actual positions. So the title doesn't tell you
much, which is what I was awkwardly expressing.
Posted by Peter
at November 10, 2004 11:05 PM

Well, I know a few things
about Carolyn Dean personally, the most relevant being that she is a
very careful mathematician. I met her a while back (fall of 1985) at
UCSD where she was finishing (or had finished) her Ph.D. If Lance
Small's description of me would have been more reassuring, we
might even have ended up sharing an apartment (quod non). Instead I
ended up with Claudio
Procesi
… Anyway, it was a very enjoyable month with a group
of young starting mathematicians and I fondly remember some
dinner-parties we organized. The last news I heard about Carolyn was
10 to 15 years ago in Oberwolfach when it was rumoured that she had
solved the Jacobian conjecture in the plane… As far as I recall,
the method sketched by Hochster in his email was also the one back
then. Unfortunately, at the time she still didn't have all pieces
in place and a gap was found (was it by Toby Stafford? or was it
Hochster?, I forgot). Anyway, she promptly acknowledged that there was
a gap.
At the time I was dubious about the approach (mostly
because I was secretly trying to solve it myself) but today my gut
feeling is that she really did solve it. In recent years there have
been significant advances in polynomial automorphisms (in particular
the tame-wild problem) and in the study of the Hilbert scheme of
points in the plane (which I always thought might lead to a proof) so
perhaps some of these recent results did give Carolyn clues to finish
off her old approach? I haven't seen one letter of the proof so
I'm merely speculating here. Anyway, Hochster's assurance that
the proof is correct is good enough for me right now.
Another
discussion in the NotEvenWrong-comments was on the issue that several
old problems were recently solved by people who devoted themselves for
several years solely to that problem and didn't join the parade of
dedicated follower of fashion-mathematicians.

It is remarkable that the last decade has seen great progress in
math (Wiles proving Fermat's Last Theorem, Perelman proving the
Poincare Conjecture, now Dean the Jacobian Conjecture), all achieved
by people willing to spend 7 years or more focusing on a single
problem. That's not the way academic research is generally
structured, if you want grants, etc. you should be working on much
shorter term projects. It's also remarkable that two out of three
of these people didn't have a regular tenured position.

I think particle theory should learn from this. If
some of the smarter people in the field would actually spend 7 years
concentrating on one problem, the field might actually go somewhere
instead of being dead in the water
Posted by Peter at November
13, 2004 08:56 AM

Here we come close to a major problem of
today's mathematics. I have the feeling that far too few
mathematicians dedicate themselves to problems in which they have a
personal interest, independent of what the rest of the world might
think about these problems. Far too many resort to doing trendy,
technical mathematics merely because it is approved by so called
'better' mathematicians. Mind you, I admit that I did fall in
that trap myself several times but lately I feel quite relieved to be
doing just the things I like to do no matter what the rest may think
about it. Here is a little bit of advice to some colleagues : get
yourself an iPod and take
some time to listen to songs like this one :

Don't be tempted by the shiny apple
Don't you eat
of a bitter fruit
Hunger only for a taste of justice

Hunger only for a world of truth
'Cause all that you have
is your soul

from Tracy Chapman's All
that you have is your soul

Leave a Comment

tweedledee and tweedledum


Tweedledum is a first-generation iMac (233 MHz
slot-loading, 192Mb RAM, No Airport) whereas Tweedledee is
2nd-generation (350 MHz front-loading, 192Mb RAM, Airport card). A
couple of weeks ago I replaced their original hard-discs (4 Gb resp. 6
Gb) by fat 120 Gb discs and from this weekend they serve as our
backup-facility. Tweedledee is connected via Airport to our network and
is a fully functional 10.3 computer, everyone has a login on it and is
encouraged to dump important files onto it as a secondary copy.
Tweedledum. on the other hand, is invisible to the network but forms a
one-wire network with Tweedledee (they are connected by a crossed
ethernet cable which results in having a self-assigned IP address in the
169.254 range and hence they can see each other; moreover using the
Sharing-pane in the System Preferences I allowed
Tweedledee to share its internet connection to other computers,
connected to it via Ethernet, so Tweedledum can go online to get
system-updates when necessary).
A house-computer rule is that
all important files (which means those you don’t like to loose in a
crash) are kept in the Documents folder of your
Home-folder on your own computer. At regular intervals I make
sure that these folders are synchronized with backup-copies on both
Tweedledee & Tweedledum, so at any given time there are at least 3
computers containing the essential files (usually more as everyone has a
login at each of the 4 ‘work’-computers and can drop extra copies
around, but must clean-up when asked).
To synchronise I use
the shareware program ExecutiveSync. It is no longer possible to
obtain this from its original homepage as they seem to have been taken
over and invite you to buy You Sinc instead which costs more than
twice what ExecutiveSync costs (19.95$). Fortunately, for now you can
still download it from the Apple site. I have
ExecutiveSync running on Tweedledee (you are only allowed to run it on
one computer, you can install it on every computer but then the
synchronizing process is sometimes not possible which is why I came to
the following work-around). In ExecutiveSync you make several
Projects which involve choosing a Local folder and a
Remote folder somewhere on your network which you want to keep in
Sync. In my Home folder on Tweedledee I made several (originally
empty) folders such as docsGitte. Then my ExecutiveSync-project
syncGitte takes docsGitte as the local folder and the
/Users/gitte/Documents-folder on iBookGitte as the remote
folder. The first time you synchronise takes a lot of time (especially
over the wireless network, it may be better to do the first sync via
ethernet) but afterwards it works pleasantly.
Once I
synchronised all the local Documents-folders with the corresponding
folders in my home-folder on Tweedledee, I have another
ExecutiveSync-project BACKUP which takes as the Local-folder my
Home-folder and as the remote folder a folder BACKUP I did create
on Tweedledum. Fortunately, here the synchronising is done over Ethernet
or it would take forever.

Leave a Comment

the iTunes hack

If you
are interested in getting thousands of mp3-files on your computer
using only 128 Kb of ROM, read on! Yesterday I made my hands dirty and
with Jan’s help upgraded two 6 Gb colored iMacs (a blue and a
pink one) to potential servers for our home-network having a 80 Gb resp.
a 120 Gb hard disk. If you do the installation yourself such an upgrade
costs you roughly 1 Euro/Gigabyte which seems to me like a good
investment. Clearly, you need to know how to do this and be less
hardware-phobic than I am. Fortunately, the first problem is easily
solved. There is plenty of good advice on the net : for the colored
iMacs we used the upgrade an iMac-page of MacWorld. For possible
later use, there is also a page for replacing the hard disk in an old iBook
(which seems already more challenging) and in a flat screen iMac (which seems to be impossible
without proper tools). Anyway, we followed the page and in no time
replaced the hard disks (along the way we made all possible mistakes
like not connecting the new hard disk and then being surprised that the
Disk Utility cannot find it or not putting back the RAM-chips and
panicking when the normal start-up chime was replaced by an aggressive
beep). An unexpected pleasant surprise was that the blue iMac, which I
thought to be dead, revived when we replaced the hard disk.

Back home, I dumped a good part of our CD-collection on the blue
iMac (1440 songs, good for 4.3 days of music and taking up 7.11 Gb of
the vast 120 Gb hard disk) to test the iTunes Central hack
explained by Alan Graham in his six
great tips for homemade dot mac servers
. Would I manage to get the
entire collection on my old iBook which had only (after installing all
this WarWalking-software) 800 Mb of free disk space? Here is what
I did :

1. On the iBook (or any machine you want to
play this trick on) go to your Home/Music/iTunes-folder and drag
the two files and one directory it contains to the Trash. Do the
same for the two files com.apple.iTunes.eq.plist and
com.apple.iTunes.plist which are in the
Home/Library/Preferences-folder.

2. On the
iBook, use the Finder/Network-icon to connect to the server
(iMacServer in my case) and browse to the iTunes-folder where you placed
all the music (still, on the iBook in the Finder-window opened when you
connect to iMacServer). Make an Alias of the two files and the
directory in it (click on one of them once, go to the
File-submenu of the Finder and choose Make Alias) which
results in three new entries in the iTunes directory : iTunes 4 Music
Library alias
, iTunes 4 Music Library.xml alias and iTunes
4 Music Library alias
. Drag these 3 aliases to the
Home/Music/iTunes-folder on the iBook and rename them by removing
the alias-addendum.

3. In the Finder-window on
the iBook corresponding to the iMacServer browse to the
Home/Library/Preferences-folder and drag the two files
com.apple.iTunes.eq.plist and com.apple.iTunes.plist to
the Home/Library/Preferences-folder of the iBook. Launch
iTunes and it will give you access to the whole iTunes-collection
of iMacServer! In all, the three aliases and the 2 copied files take up
128 Kb…

Leave a Comment

bandwidth measures


One day (hopefully) lots of MP3, JPEG and perhaps even
MPEG-files will be flying around our wireless home-network. But I
didn’t have any idea of how much data I could cram through the
Airport-connections. To estimate the available bandwith of a
network there is a nice free tool around, iperf of which you can download binaries for
almost any platform including OS X. So click on the MacOS X (Darwin 6.4)
binary button half way on the iperf-page and you get a Desktop
iperf-1.7.0-powerpc-apple-darwin6.4 Folder
which you may rename to
just iperf. Do this on two computers connected to the
Airport-network you want to measure. Now, decide which of the two will
play the ‘server’ and which the ‘client’ (the end result does not
depend on this choice). So fire up the Terminal of the serving
computer and type

sudo ~/Desktop/iperf/iperf -s

and you will
get a message saying that the server is listening on TCP port 5001. Go
to the SystemPreferences/Network to obtain the IP-address of the server
(say it is 10.0.1.5) . Walk over to the ‘client’-computer and type
into its Terminal

sudo ~/Desktop/iperf/iperf -c 10.0.1.5
-r

and after a few moments it will compute the bandwidth of the
connection for you. Here is a sample output of two Airport-card
iMacs connected to the same Airport-Extreme base station :

iMacLieven:~/Desktop/iperf lieven$ ./iperf
-s ------------------------------------------------------------\r\
nServer listening on TCP port 5001 TCP window size: 64.0 KByte
(default) -----------------------------------------------------------
- [  4] local 10.0.1.2 port 5001 connected with 10.0.1.7 port
49245 [ ID] Interval       Transfer     Bandwidth [  4]  0.0-10.3
sec  2.77 MBytes  2.27
Mbits/sec -----------------------------------------------------------
- Client connecting to 10.0.1.7, TCP port 5001 TCP window size:
65.0 KByte
(default) -----------------------------------------------------------
- [  4] local 10.0.1.2 port 49515 connected with 10.0.1.7 port
5001 [ ID] Interval       Transfer     Bandwidth [  4]  0.0-10.2
sec  2.73 MBytes  2.23 Mbits/sec indicating a bandwidth of approximately
2.25Mbits/sec. If we replay the same game with two
AirportExtreme-card iMacs on the same network we can nearly
triple (!) the bandwidth : 
[eMacAnn:~] lieven% cd
Desktop/iperf [eMacAnn:~/Desktop/iperf] lieven% ./iperf
-s ------------------------------------------------------------\r\
nServer listening on TCP port 5001 TCP window size: 64.0 KByte
(default) -----------------------------------------------------------
- [  4] local 10.0.1.5 port 5001 connected with 10.0.1.6 port
49314 [ ID] Interval       Transfer     Bandwidth [  4]  0.0-10.0
sec  8.50 MBytes  7.11
Mbits/sec -----------------------------------------------------------
- Client connecting to 10.0.1.6, TCP port 5001 TCP window size:
65.0 KByte
(default) -----------------------------------------------------------
- [  4] local 10.0.1.5 port 49320 connected with 10.0.1.6 port
5001 [ ID] Interval       Transfer     Bandwidth [  4]  0.0-10.9
sec  7.07 MBytes  5.45 Mbits/sec

However, if these two
AirportExtrame-card computers connect to each other via the
Graphite-Airport base station the bandwidth drops to a meagre 1.9
Mbits/sec which is roughly the same as two Airport-card computers
connecting (which gave me 2.45 Mbits/s). Anyway, there is no immediate
problem with bandwidth on either network for what I have in mind.
Another important number to know is the real speed of our
internet-connection (for instance if I want to replace our old router by
a better documented one and have a measure for the in/decrease of the
connection-speed). Here, a good URL is performance.chello.at which offers two tests :
String and String SSI. The later one has a graphical
resulting page such as

Leave a Comment

the cpu 2 generation

Never
ever tell an ICT-aware person that you want to try to set up a
home-network before you understand all 65536 port-numbers and their corresponding
protocols. Here is what happened to me this week. Jan Adriaenssens returned from an extended vacation in New Zealand and I told him
about my problems with trying to set up WebDAV securely. He
stared at me with that look that teenage children have if they
find out their parents dont know how to handle the simplest things on a
mobile such as saving a number, writing an SMS let alone use the
dictionary… and asked ‘now why would you want to do that??? I just
use AppleTalk to connect to my computer securely’. Now I’m not such a
fool that I didnt try this out but I didnt manage to get matrix
mounted on my Desktop. ‘Oh, but thats probably because of the
firewall’ Jan said ‘just send an email to Peter (the guy running the
defenses here) and ask him to open up ports 548 and
427…’ And sure enough five minutes later the problem was
solved and I could trow my WebDAV-plans in the dustbin (although, I
think Ive found a use for WebDAV but will keep this a bit longer to
myself until I checked it out). If you think that was the end of it,
think twice. Never ever point an ICT-professional to your
computer. They then start looking at its firewall-logs and find all
sorts of things such as : ‘I noticed that traffic from port 53
was dropped to the firewall, could it be that you configured the
firewall as DNS-server. If this is the case, you better remove it and it
will increase your network-speed, I think.’ And sure enough that
IP-address was set on my machine as one of two possibilities for the
DNS-server so I quickly removed it and in the process thought that maybe
I should also remove the other one so I did send Peter another email
asking whether that was ok. It turned out that the second IP address was
the genuine DNS-server so I got a sec answer back ‘You better leave
this as it is otherwise not much will work…’ Oh, shame, shame eternal
shame on me!

My only defense is that I still belong
to what I would call the cpu 2 generation (I’m a few years too
old to belong to the more computer-aware generation X). When I
started out doing research in 1980 the single most important command was

cpu 2

which you had to type before you could run any program.
By typing this you asked to be given 2 minutes of central processing
time, so you had to write all your programs in such a way that either
they gave a result back within 2 minutes or to include lots of
output-commands giving you a chance to determine at which parameters you
would restart the program for your next cpu 2. I once computed in
this way all factorial maximal orders in quaternion algebras by spending
a couple of days in the computer room. These days any desktop computer
would finish this task in half a minute. Perhaps the younger generations
will appreciate all the hard computer-work we had to do back then if
they read a bit from the computer history museum page!

Leave a Comment

antwerp sprouts

The
game of sprouts is a two-person game invented by John Conway and Michael Paterson in 1967 (for some
historical comments visit the encyclopedia). You just need pen and paper to
play it. Here are the rules : Two players, Left and Right, alternate
moves until no more moves are possible. In the normal game, the last
person to move is the winner. In misere play, the last person to move is
the loser. The starting position is some number of small circles called
“spots”. A move consists of drawing a new spot g and then drawing two
lines, in the loose sense, each terminating at one end at spot g and at
the other end at some other spot. (The two lines can go to different
spots or the same spot, subject to the following conditions.) The lines
drawn cannot touch or cross any line or spot along the way. Also, no
more than three lines can terminate at any spot. A spot with three lines
attached is said to be “dead”, since it cannot facilitate any further
action.

You can play sprouts online using this Java applet.
There is also an ongoing discussion about sprouts on the geometry math forum. Probably the most complete
information can be found at the world game
of sprouts association
. The analysis of the game involves some nice
topology (the Euler number) and as the options for Left and Right are
the same at each position it is an impartial game and the outcome
depends on counting arguments. There is also a (joke) variation on the
game called Brussels sprouts (although some people seem to miss the point
entirely).

Some years ago I invented some variations
on sprouts making it into a partizan game (that is, at a given
position, Left and Right have different legal moves). Here are the rules
:

Cold Antwerp Sprouts : We start with n White
dots. Left is allowed to connect two White dots or a White and bLue dot
or two bLue dots and must draw an additional Red dot on the connecting
line. Right is allowed to connect two White dots, a Red and a White dot
or two Red dots and must draw an additional bLue dot on the connecting
line.

Hot Antwerp Sprouts : We start with n
White dots. Left is allowed to connect two White dots or a White and
bLue dot or two bLue dots and must draw an additional bLue dot on the
connecting line. Right is allowed to connect two White dots, a Red and a
White dot or two Red dots and must draw an additional Red dot on the
connecting line.

Although the rules look pretty
similar, the analysis of these two games in entirely different. On
february 11th I’ll give a talk on this as an example in
Combinatorial Game Theory. I will show that Cold Antwerp Sprouts
is very similar to the game of COL, whereas Hot Antwerp Sprouts resembles SNORT.

Leave a Comment

homemade .mac

The
other members of my family don’t understand what I am trying to do the
last couple of days with all those ethernet-cables, airport-stations,
computer-books and the like. ‘Improving our network’ doesn’t make
much of an impression. To them, our network is fine as it is : from
every computer one has access to the internet and to the only
house-printer and that is what they want. To them, my
computer-phase is just an occupational therapy while recovering
from the flu. Probably they are right but I am obstinate in
experimenting to prove them wrong. Not that there is much hope,
searching the web for possible fun uses of home-networks does not give
that many interesting pages. A noteworthy exception is a series of four
articles by Alan Graham for the macdevcenter
on the homemade dot-mac with OS X-project.

In
the first article Homemade Dot-Mac with OS X he explains how to
set-up a house-network (I will give a detailed account of our
home-network shortly) and firing up your Apache webserver. One nice
feature I learned from this is to connect a computer by ethernet to the
router and via an Airport card to the network (you can force this by
specifying the order of active network ports in the
SystemPreferences/Network/Show Network port configuration-pane :
first Built-in Ethernet and second Airport). This way you
get a faster connection to the internet while still connecting to the
other computers on the network. In the second part he explains how to
get yourself a free domain name even if you have (as we do) a dynamic
IP-address via a service like DynDNS. Indeed it is quite easy to set this up but
so far I failed to reach my new DNS-server from outside the network,
probably because of bad port-mapping of my old isb2lan-router.
This afternoon I just lost two hours trying to fix this (so far :
failed) as I didn’t even know how to talk to my router as I lost the
manual which is no longer online. A few Google-searches further I
learned that i just had to type http://192.168.0.1 to get at the set-up pages
(there is even a hidden page) but you shouldnt try these links
unless you are connected to one of these routers. Maybe I will need
another look at this review.

In the second
article, Homemade Dot-Mac with OS X, Part 2 he discusses in
length setting up a firewall with BrickHouse (shareware costing $25) compared to the
built-in firewall-pane in SystemPreferences/Sharing convincing me
to stay with the built-in option. Further he explains what tools one can
use to set up a homepage (stressing the iPhoto-option).Finally, and this
is the most interesting part (though a bit obscure), he hints at the
possibility of setting up your own iDisk facility either using
FTP (insecure) or WebDAV.

The third article in the
series is Homemade Dot Mac: Home Web Radio in which he
claims that one can turn the standard OS X-Apache server into an iTunes
streaming server. He uses for this purpose the QuickTime Streaming Sever which you can get for
free from the Apple site but which I think works only when you have an
X-server. It seems that all nice features require an X-server so
maybe I should consider buying one…

The (so far)
final article is Six Great Tips for Homemade Dot Mac Servers is
really interesting and I will come back to most op these possibilities
when (if) I get them to work. The for me most promising options are :
the central file server (which he synchronizes using the
shareware-product ExecutiveSync ($15 for an academic license) but
I’m experimenting also a bit with the freeware Lacie-program Silverkeeper which seems to be doing roughly the
same things. The iTunes central-hack is next on my ToDo-list as
is (at a later stage) the WebDav and the Rendezvous-idea. So it seems
I’ll prolong my occupational therapy a while…

Leave a Comment

SSL on Mac OSX

A
longer term project is to get the web-server www.matrix.ua.ac.be integrated in our home-network
as an external WebDAV-server (similar to the .Mac-service
offered by Apple). But as this server runs all information about the
master-class on non-comutative geometry connecting to it via HTTP to use
WebDAV is too great of a security risk as all username/password
combinations will be send without encryption. Hence the natural question
whether this server can be set up to run SSL (Secure Sockets
Layer) such that one can connect via HTTPS and all exchanged information
will be encrypted. As the server is an Apache it comes down to get
mod-ssl running. A Google on mod_ssl OS X gives the
ADC-document Using mod-ssl on Mac OS X which seems to be just
what I want. This page is very well documented giving detailed
instructions of using the openssl command. However, the
end-result is rather weak : it only makes the localhost running
HTTPS, that is, one can connect to your own computer safely… which is
pretty ridiculous (other computers in the same network cannot even
connect safely).

So, back to the Google-list on which
one link raises my interest Configuring mod-ssl on Mac OS X which looks like
the previous link but has one essential difference : the page is written
by Marc Liyanage. If you ever tried to get PHP and/or MySQL
running under OS X you will have noticed that his pages are by far the
most reliable on the subject, hence maybe he has also something
interesting to say on mod-ssl. However, the bottom line of the
document is not very promising :

You
should now be able to access the content with https://127.0.0.1 from
the same machine.

which is again the
localhost. So perhaps it is just impossible to run mod-ssl
without having an X-server. Anyway, let us try out his procedure.
Begin by issuing the following commands in the Terminal

sudo -s cd /etc/httpd mkdir ssl chmod 700 ssl cd
ssl gzip -c --best /var/log/system.log > random.dat openssl rand
-rand file:random.dat 0

Next, we need a server certificate. If you
want to do it properly you need a certificate from a certification
authority
such as Thawte but this costs at least $200 a year which I
am not willing to pay. The alternative is to use a self-signed
certificate
which will force the browser to display an error-message
but if the user dismisses it all traffic exchanged with the server will
still be encrypted which is just what I want. So, type the command

openssl req -keyout privkey-2001.pem -newkey rsa:1024
 -nodes -x509 -days 365 -out cert-2001.pem

(all on one line).
You will be asked a couple of questions (the only important one is the
Common Name (eg, YOUR name). Here you should take care to enter
the host name of your web server exactly as it will be used later in the
common name field. In my test-case, if I want to get my server
used by other computers in the network this name will be
imaclieven.local. (note the trailing .). Now issue the following
commands

chmod 600 privkey-2001.pem chown root
privkey-2001.pem apxs -e -a -n ssl /usr/libexec/httpd/libssl.so

which will activate the SSL-module (if at a later state you want
to de-activate it you have to change -a by -A in the last command).
Finally, we have to change the /etc/httpd/httpd.conf file so
first save a backup-version and then add the following lines at the end
of the file :

(IfModule mod-ssl.c)     Listen 80    
Listen 443     SSLCertificateFile /etc/httpd/ssl/cert-2001.pem    
SSLCertificateKeyFile /etc/httpd/ssl/privkey-2001.pem    
SSLRandomSeed startup builtin     SSLRandomSeed connect builtin   
 (VirtualHost -default- :443)         SSLEngine on    
(/VirtualHost) (/IfModule)

Observe that round brackets ()
should be replaced by <>. Finally, we do

apachectl
stop apachectl start

and we are done! Going to another computer
in the network and typing in Safari https://imaclieven.local./
will result in an error message


Just click Continue and you will have a secure connection
to the server. Thanks Marc Liyanage!

(Added january
11th) Whereas the above allows one to make a HTTPS connection it is not
enough for my intended purposes. In order to get a secure connection to
a WebDAV server, this server must have the mod-auth-digest module
running which seems to be impossible for the standard Apache server of
10.3. You need an X-server to have this facility. So I think I have to
scale down my ambitions a bit.

Leave a Comment

iMacBondiBlue

We
still have an original iMac (Bondi Blue). It runs at 233 MHz,
has 192Mb RAM and a hard-disk of 4Gb, so is pretty outdated. Still, when
Mac OSX was introduced I had a hard time installing extra RAM in it (for
this model you have to take it apart disconnecting all sorts of cables)
so it would be a shame if this oldest member of the family is left out
of the network. The problem is that it has an Ethernet card but no
possibility to include an Airport-Card… So I bought a D-Link Wireless USB adapter and was told that installation would be
plug-and-play : just connect it to the USB-port, open up the
Applications/Utilities/Airport Setup Assistant and everything
would rum smoothly. Hahah! When I started the Assistant it was clever
enough to detect that no Airport-Card was installed and refused further
action. But, there is a CD in the package so I did install the driver
which really adds a new icon Wireless Adaptor to the System
Preferences
. Clicking it gave the sobering message No Wireless
Device Attached
and I couldnt press the Scan button for detection of
possible networks. But disconnecting the D-Link a number of times and
pressing it very hard eventually I got a wireless icon in the toolbar
but still it couldnt give me a signal strength of available networks.
But that might be right as the ABS is protected both by WEP and by
MAC-access. So, I added the MAC-address of the D-Link to the list in the
Access Control pane of the Airport Admin Utility which
also gives a way to get at the Hex-equivalent of the WEP-key : click on
the Password icon. So, i manually created in the Wireless
Adaptor-preferences a network with the correct name, WEP-key equivalent
and so on and thought that would do it. But no, now I did get a signal
strength but it showed that I was not connected and that the WEP-key was
incorrect. On the other hand, no complaints were listed when i tried to
access the ABS as Peer-to-peer but this created all other sorts
of problems as I could detect with iStumbler so I quickly removed
this option and got to bed.

This morning I realized
that I still have the old Graphite Airport Base Station lying
idle so I connected it with a patch cable to the Router, reconfigured it
without WEP-protection and without Access Control and instructed
BondiBlue to connect to this new network, which it immediately managed
to do but it took a few restarts and time to get it onto Internet and
connected to other computers on this second network. So, now I will
increase security on this new network and see where it fails. First, add
Access Control by including the MAC Address of the D-Link and other
computers, reconfigure the ABS and the BondiBlue is still on the
network! Next, WEP : in the Apple documentation it is mentioned to take
a passphrase of exactly 5 symbols to ‘increase compatibility with
third-party products’. Let’s try ab;12, change in the
Wireless Adaptor-Prefrences the properties of the network by
choosing Enable WEP 40 Bits ASCII (5 characters) and give the key
ab;12 and sure enough : everything works! So the problem was that
our regular network is WEP-protected by a longer passphrase and D-Link
could not handle the HEX-equivalent 10 digit number. A final attempt :
in the D-Link documentation a solution is offered by giving the ABS a
10-digit Hex together with a starting $-sign so let’s try
$4bb2603b52 on the ABS and 4bb2603b52 in the properties of
the D-Link preferences : success!

However, if I try
any of these two methods on the Airport Extreme base-station,
none of this works! If it were not for the USB-network printer on the
extreme ABS I would just replace it again with the Graphite. Still, I’m
fed up with it for today, BondiBlue is online but via Graphite and all
other computers can communicate with it when they change stations.

Leave a Comment

WarWalking (3)


This time we turn to Ethereal, ‘sniffing the glue that holds the
Internet together’. Here is the description they give : “Ethereal is a
free network protocol analyzer for Unix and Windows. It allows you to
examine data from a live network or from a capture file on disk. You can
interactively browse the capture data, viewing summary and detail
information for each packet. Ethereal has several powerful features,
including a rich display filter language and the ability to view the
reconstructed stream of a TCP session”. Whereas OSX is not included it
is possible to get Ethereal running under OSX but it
requires some work. To begin you need to have the XTools
installed (the extra CD shipped with 10.3) (btw. you probably needed
already the XTools to get Kismet up and running). Secondly, you
need to have X11 in Applications/Utilities. This is not a
standard option if you install 10.3 but with a custom install you can
install X11. If you haven’t done this, no problem, you can download X11
from the apple-site (43Mb! download). And finally you need
to have Fink installed (see a previous
post
). If you are set, open the Terminal and type

sudo fink install ethereal-ssl

Fink will tell you that it needs some additional packages to
install (12 in my case) and you agree to this with typing Y. Get
yourself a coffee and a book or newspaper because the compilation
process takes quite a while (in my case it took over one hour!). When it
finally stops you hope to be done, so start up X11 and type

sudo /sw/bin/ethereal

and it
works! If you want to begin sniffing you have to click on
Capture/Start and a pop-up window appears. Specify en1 as
Interface and click on Ok. If after some time you press
Stop all the captured packages appear in the main window and you
can start playing. We will see another time what exactly you can do with
all this information…

The previous time that I
tried to install Ethereal (on an iBook) I got an error message :
dyld: /sw/bin/ethereal can’t open library: /sw/lib/libdl.0.dylib (No
such file or directory, errno = 2)
. Fortunately a simple Google gave
me the following work-around. So if you get into problems that will
probably solve them. I also needed to type xhost in X11 to
allow su to use my window. But, none of these problems appeared right
now so maybe they updated the package.

Moreover,
Ethereal is very well documented both with an online manual-page and a User’s guide (which you can also download as
PDF-file : 454 pages! but only the first 100 or so are worth
printing).

Leave a Comment