Easier to use? Cheaper because of that? Dream on!

The Exchange Server I already had strange problems [read this and related postings there] with, today had another one of them. I had to give reading-permission to some public folder to some users (although the GUI to do that from within Outlook is really easy to use, some people rely on me doing that for them because that’s even easier).

The Exchange Server Manager threw a strange message at me whenever I tried to expand the folder-list in the tree. The text was useless as ever and nothing was posted to the event-logs – as ever. Why is there a logging-framework if it is not used? (besides, if it would have been used, the message would have been just as un-understandable as the one I was getting).

This time, I was lucky: I got an error number along with the message that was even known to the knowledgebase. The error was 80040e19 and the knowledgebase article was Q328659.

The problem was easy to fix and had something to do with some “security-tool” that got installed alongside the IIS-Lockdown tool which itself got installed alongside the common Windows-Update procedure. Nice to know that just updating the system via such an easy procedure can bring essential functions down without any warning.

Microsoft always emphasises the ease of use of their products and the better support you are getting when using their closed source solutions. Granted: The “ease of use”-thing can sometimes really be true (many things just work out-of-the box with not nearly as much work as I would have when using a common linux distribution), but when something does not work, fixing microsofts server software is much more difficult than fixing equivalent linux software as the fixes are un-obvious and the error messages are unusable.

The level of support for me is just the same as with comparable open-source software: Use google, enter the error message you get and pray someone had a fix for it posted somewhere. If not, I see virtually no solution in Microsoft land (besides paying a lot of money for support) whereas in the open-source land I would be able to fix the problem sometime later as I have readable error-messages and if that does not help I could try to understand the problem by reading the sourcecode.

That’s why I usually prefer open solutions. Or have you ever seen software working flawlessly?

Java and native libraries

As you may know, I am working with barcode scanners – actually it’s all about my companies product PopScan which is a software-tool for accessing a nice little barcode scanner which is essentially a barcode scanner and nothing more and thus quite inexpensive.

We have two similar products: One is the enterprise version which is sort of a framework for implementing custom made barcode solutions. Two quite big companies here in Switzerland are already using it (just visit PopScan’s webpage to learn more, I won’t make any more sales-pitches here).

The other product – PopScan SMB – is a out-of-the-box solution for small and medium businesses which allows them to provide a easy to use barcode ordering system to their customers (ok. now I’m really finished sales-pitching. I’m coming to the technical aspects…)

PopScan SMB is largely webbased: On the client side we have a very little application that does nothing but hanging there and wait for a scanner to be connected. When that happens, it reads the scanned codes and displays (using the IE ActiveX control) the webpage with the filled shoppingcart – very nice and simple.

The drawback so far was that we could only support Windows with this solution (written in Delphi – but as a reader of this blog, you may know that already). The point is that we got quite some requests to get this to work on the Mac and additionally we have some ideas involving Linux….

As I wanted to learn Java for quite some time now, I deceided to rework the thing as a Java-Thing (Applet, Webstart, see below).

The first Problem was accessing the serial port where the scanner is connected to. Possible? Yes. Sun has created a specification for accessing serial and paralell ports and provided a sample implementation for Windows and Solaris.

If you want support for all the other OSes and if you want a solution that is acutally working, I propose, you have a look at the library from SerialIO which is what I’m using. Works like a charm and is definitely worth the money.

Next problem: How do we install the thing on the clients and how do we keep it upgraded? Two solutions come to my mind:

  1. Java WebStart: Just put a JNLP-File somewhere on your server and link to it. The browser downloads it and Java WebStart does the rest, meaning installing and keeping the software updated. The big advantage: The mechanism has explicit support for native libraries (what this blog entry is about) and works quite nicely. The disadvantages: 1) I’m not sure whether java.net.URLConnection does use appropriate preconfigured proxy servers which is a requirement for the solution to be usable (quite a lot of our possible customers have quite strict firewalls and forced proxies) and 2) it does not work on Mac OS < X which has only Java 1.1
  2. Java Applet: Put it on a wepage which the user opens and that’s it. No installation necessary, Proxy-Support, Java 1.1 support – you name it. The optimal solution if there were not that small little problem: No support for native libraries (which I have to install to access the serial port). Anyhow: The applet is what I did

    (actually there is a third solution: Create a “normal” application and a platform-specific installer and let the user install and run it. This would work, but would force me to again create a special auto-update-mechanism and it would require quite a lot of user-intervention.

    So it all can be broken down to the one question: How to handle native libraries with Java-Applets?`

    The answer is as simple as the question:

    1. Write your code
    2. When the library is accessed for the first time and can’t be loaded, a java.lang.UnsatisfiedLinkError is thrown. Catch it and…
    3. … download the required libraries to the local computer into the correct directory
    4. Tell the user to restart the browser

      Of course your applet has to be signed for this to work, but this can be done quite nicely in a Ant-Task.

      Where to download the file to?

      Into some directory in java.library.path, where each platform has its preferred location (which is – by the way not what the SerialIO-Documentation suggests):

      <table border=0>

      Windows {java.home}/bin OS X (Java 1.3) somewhere under /System which is bad OS X (Java 1.4) ~/Library/Java/Extensions

      (I must check OS 9 later)

      Safari uses Java 1.4, where both IE and Mozilla (Camino, Firebird and Mozilla itself) use 1.3.

      The problem with MacOS’es 1.3 library path is that it’s never writable by the user currently logged in (not even she’s in the admin group). To put a file there within the Finder, you must authenticate yourself as super-user (which calls sudo somewhere under the hood) which is not possible from within java.

      The solution: The current directory “.” is also in java.library.path. On Richards mac, . pointed to the root of the harddrive “Macintosh HD” (/), which is writable by users of the admin group. So for now installing the library under “.” when using the 1.3 VM does work as long as the current user is an administrator, which is the same requirement like under windows and can be explained somewhere in the handbook or on the webpage. Problem solved (Safari users have the advantage of being able to use the applet even without the admin installing the native library first as a directory in the users homedir is in the library path in 1.4)

      I really searched the web before writing this entry and I’ve not found anything about applets and native libraries (especially not under Mac OS). Maybe there is a simpler way to do what I am doing. I’d be glad to hear from you!

Keyboard review

This review of logitechs diNovo wireless desktop was slashdotted today. I wonder why the reviewer does not say anything about the stupid size of the delete key which actually spans both rows of this 2 by three row with the page-up/down, home and end keys. Insert is where you exspect scroll-lock to be which is missing.

You can’t believe how many times I mass-deleted some files in Total Commander instad of just marking them.

Then again, maybe this layout will be the new “standard”: Looking at the other reviewed desktops, the one from Microsoft also has this layout and because of the slashdot-effect I cannot check out the others.

By the way: Besides this delete-problem, the diNovo is the best keyboard I ever had so far: Great typing-feeling, great design and good access-technology (it you can live with this)

Delphi, Windows XP, Styles and embedded IE

Let’s say you have a delphi (delphi 7 – altough prior versions can use Mike Lischkes Theme Manager application which embedds the Microsoft Internet Explorer ActiveX Control. Let’s assume furhter that you have created your Manifest so the application appears in the themed style under Windows XP.

Unfortunatly, the embedded IE does not do that: Controls are still drawn in the old theme-less style. Why? How to tell the Control to use the themed style (which it certainly supports – just look at IE itself)?

For long I was looking for a solution which I’ve just found.

First, call SetThemeAppProperties (defined in UxTheme.pas), then send WM_THEMECANGED to your forms – at least to the one that uses the IE-Control. Example:

  SetThemeAppProperties( STAP_ALLOW_NONCLIENT OR
       STAP_ALLOW_CONTROLS OR
       STAP_ALLOW_WEBCONTENT );
  PostMessage(frmBrowser.Handle, WM_THEMECHANGED, 0, 0);

Especially important is the flag STAP_ALLOW_WEBCONTENT

Then, in the form containing the browser, just add a message-procedure:

Form-declaration:

  private
    procedure wmthemechanged (var msg: TMessage); message wm_themechanged;

Update: I’ve turned off the comment-feature as this entry somehow got listed in some spammers database. I’m currently deleting about 10 entries per day that are just there to provide links to some stange sites. I’ll post about this later.

Fun with Logitech

I recently bought the diNovo Media Desktop from Logitech: I really liked it’s design and the bluetooth-support as this is the only really usable way for wireless equipement (no problems with multiple devices per room, encryption, … you name it)

The problem was: The driver on the CD-ROM installed just another Widcomm Bluetooth-stack which despite being the same piece (down to the version) of software that was installed with my think pad’s internal bluetooth-adaptor (you will have to update to version 1.4 on IBM’s webpage to use the HID-profile), was not compatible with the prior Widcomm-Software (which is a political/legal problem and has no technical reasons at all).

So, when using the diNovo-drivers, the internal bluetooth-adaptor does not work (too bad when trying to use your cellphone to connect to the internet when other means of connectivity are not availabe), and when not using them, I cannot configure the special keys and the media-player support (which is stupid anyway as it does not support Winamp).

My final solution was to revert back to only IBM’s internal driver and pair the logitech devices whith that one (hint: the mouse uses the key 0000). Installing set point which would work perfectly well with IBM’s BT-stack (as it’s the same as logitechs), was not possible beacuse the logitech BT adaptor could not be found. Ergo: No media keys, but at least a really nice keyboard and mouse together with a working BT-support.

Talk about BT-interoperability…

I really look forward to the Windows-integrated BT-stack (which probably will be the widcomm one too – just look at the stack of Windows Mobile 2003)

Woah! It works?

A little history lesson:

  • My goal was single-sign on on our Linux-, OSX- and Windows Boxes
  • It did not work very well
  • So I turned it off and forgot about it. Or better: I had it in it’s sort-of-working state until I had to upgrade SASL for Cyrus Imapd which in turn brought the OpenLDAP-Replica server to a state where it would consume 100% of CPU time and not respond to any requests. This is where I’ve given up. Talk DLL-Hell ;-)

    Then came the time with our Exchange-Trial which turned out to be working quite nicely.

    And finally, yesterday, Jonas asked for a shell-account on one of the Linux boxes – Samba-Access was already working (by using security = domain and password server = * in smb.conf). This is where I really wanted to rethink the whole single-sign-on-thing – even more that I really want to create users just once so I don’t forget to remove them at different places, should I have to remove (or disable) one once in a while.

    LDAP was no alternative (as you can read here on gnegg.ch).

    I haven’t tried out winbind back then, which is what I’ve set up this morning.

    And it’s funny: It just worked. First I was joining the Samba-Servers to the ADS-Domain following this quide. No problems (which I could not believe at first). Then I followed this guide and the manpage of smb.conf to get winbind to work and as before: It runs flawlessly (after adding UsePAM yes to sshd.conf). Even more interesting: Here on the Gentoo box I was trying this out first, it worked even without any PAM-configuration at all.

    Nice.

    What do I have?

    I can manage my users at a central place – this time on the Windows Server with quite good looking GUI tools. This is what I’ve always wanted to do. Nothing more, nothing less.

    I’m a bit afraid from trying to configure our Mac OS X-computer, but we’ll see.

    Very nice and satisfying.

The anatomy of a delphi crash

Delphi has the habit of crashing on exit from time to time. This time it was quite resourceful in finidng different styles of error-messages:

Harmless
Quite ordinary

Overlay
Overlay

Transparent
Transparent

Captionless
And finally: Captionless

New messages popped out just after closing the previous one with “OK”. Finally I had to close the delphi32.exe process using the Task Manager. Delphi would be the perfect piece of software if only it’d be more stable.

What a cute fairy this is…

<img alt=”philip_die_gluecksfee.jpg” src=”http://www.gnegg.ch/archives/philip_die_gluecksfee-thumb.jpg” width=”100” height=”144” border=”0” align=”left” hspace=5 />Jonas’ girlfried soes some work for us updating sunrise ADSL-World. If possible, we try to get the people to return to the site by using contests like about a week ago, where one ended and they needed me to chose the lucky winner as I did not have the time yet to write a tool taking this work from me.

Anyway: Instead of just reminidng me to do it, Nina sent this picture which is a really great photoshop work. Thanks, Nina.

Cinecard

Here in zurich one of the company running the cinemas (Kitag AG) has a quite good working reservation system based on the “cinecard” which allows you (for one thing) reserve or buy tickets from the internet with a realtime preview which seats your’re going to get.

Recently they have changed the old chipcards to a thing containing an RFID-Tag. As my problems with this (they don’t even have a privacy policy on their site) mostly concerns people in Zürich, Basel and Bern, I’ll post a small article I have written in german. This is from an Email I sent to an employee of Kitag AG. She doesn’t like what I wrote either:


> ehrlich gesagt. Das mit der Ciné-Card habe ich im Fall nicht gewusst -
> wie funktioniert das?? Über den Magnetstreifen/Chip? Hilfe, dann bin
> auch ich trackbar!! Im Internet sowieso überall... das ist furchtbar.

Der Chip, der in die neuen Cinecards eingebaut ist (bei den CD’s war er noch sichtbar unter dem weissen Papier rund um das Loch - bei den ganz neuen ist er in das Material eingearbeitet) wird als RFID-Chip bezeichnet. Das Ding kostet, wenn Du genügend grosse Stückzahlen abnimmst, so um die CHF 1.50 pro Stück, ist weniger als ein Millimeter dünn und funktioniert folgendermassen:

Du kannst das Teil durch Induktion (man bedenke: Ein Rechts-System, ein Rechts-System) über ca. 30 Meter mit Strom versorgen. Hat es Strom, kannst Du spezielle Kommandos senden, um die eingespeicherte ID auszulesen.

Also: Jeder RFID-Tag hat eine eindeutige Nummer gespeichert und diese Nummer kann aus 30 Metern Distanz ausgelesen werden, ohne dass Du es merkst.

Soviel zur Technik an sich.

Die Idee war, dass man damit die Barcodes ersetzen kann. Und die Sache hat was: Im Migros füllst Du deinen Einkaufswagen mit Kram, fährst ihn zur Kasse und plopp steht da, was Du bezahlen musst, weil die Kasse eben die RFID-Tags der Waren im Wagen ausgelesen hat. Bequem.

Gleiches im Lager: Du hast ein Lager mit verschiedenen Regalen. Ein RFID-Scanner überwacht nun den Füllstand desselbigen konstant. Wird das letzte Stück aus dem Lager genommen, plopp wird nachbestellt. Bequem.

Wall-Mart in den USA hat das System weitergetrieben: Am Regal mit den Gilette-Rasierklingen (schweineteuer) wurde ein RFID-Scanner und eine Webcam angebracht. Die Kamera hat jeden photographiert, der ein Packet Klingen aus dem Regal entnommen hat. An der Kasse wurde dann über einen ernuten RFID-Scanner festgestellt, wenn einer eine Rasierklinge bei sich trug. Wenn ja, wurde ein Photo gemacht und mit den Regal-Photos verglichen. Eventuelle Diebe konnten so nachdem sie die kasse passiert hatten bequem von den Hausdetektiven geschnappt werden. Dumm nur, dass das System nicht zuverlässig funktioniert hatte (z.B. das Zurückstellen von Klingen zurück ins Regal), was zu tonnenweise sinnlosen Durchsuchungen und Anzeigen geführt hat. Weniger Bequem.

Szenario: Benetton verwendet RFID-Tags auf ihren Kleidern. Die Tags sind konstant aktiv und können von überall her ausgelesen werden. Ich ziehe mir so einen Pullover an und kaufe daraufhin im Coop eine Kiste Bier. Ein RFID-Scanner bei der Kasse findet einen unbekannten Tag (den in meinem Pullover), meldet den bei der Kasse, die gleichzeitig meine Präferenz nach Bier speichert. Bedenke: RFID-Tags sind weltweit eindeutig. Nun komme ich das nächste Mal in den Coop. Der RFID-Scanner am Eingang erkennt meinen Pollover wieder und plopp habe ich einen Mitarbeiter von Coop am Arsch, der mir eine Kiste bier verkaufen will. Mühsam.

Es wird noch besser: Mit meinem Pullover gehe ich nun und kaufe mir einen PC, den ich per Kreditkarte bezahle. Der RFID-Scanner erfasst die eindeutige ID meines Pullovers und sendet die zusammen mit Daten über meinen Einkauf und mit meiner Kreditkarten-Nummer an die örtliche Mastercard-Niederlassung. Zwei Tage später: plopp Werbung für einen passenden Drucker in meinem Briefkasten – direkt von Mastercard.

Da nirgens auf kitag.com steht, dass sie meine persönlichen Daten nicht an 3. weitergeben, habe ich leider keine Garantie, dass mein Name und Adresse, der jetzt ja eindeutig der eindeutigen ID auf dem RFID-Tag der cinecard zuweisbar ist, nicht früher oder später weitergegeben wird. Bequem für Händler und Strafverfolger (von denen ich zum Glück nichts zu befürchten habe), die Partner der kitag sind: Wann immer ich mit meiner Cinecard (habe sie immer im portemonaie dabei) ein Laden des Partners betrete könnte ein RFID-Scanner die ID erfassen und damit meinem Namen und meiner Adresse, die ich selbst auf kitag.com eingegeben habe die getätigten Einkäuft zuordnen. Kitag und deren Partner hätten in kürzester Zeit ein genaues Profil, was Philip Hofstetter so tut. Was er einkauft, wo er das tut, welche Filme er schaut, wo er wohnt,… Cool, was?
</tt>

If you live here in switzerland, coordinate with me to get something done. I’ll already be fine with a statement from kitag that they do not give away personal data.