Merry Christmas

Screen shot showing with the Christmas 2012 theme.In celebration of winter break, I decided to change my website’s blue marble theme to a deck-the-halls / red glow motif.

May the warm colors bring you a festive mood!

Credit for the background image goes to AreteStock at DeviantArt.  She has generously licensed her work for free use.

Also new here is the upgraded WordPress 3.5, to which I made some small but very important contributions.  Any WordPress author should be happy to know that I found and patched a bug that prior to version 3.5 caused WordPress to say your draft work had been saved automatically, when in fact WordPress was automatically discarding your work all along.  I first noticed the bug in September when my website ate a fairly long article to which I had devoted some hours.  I resolved the bug in the new version by removing the code that was causing the problem.

While tinkering with themes and WordPress, I also adjusted the printer styles so that it will be easier to print articles from this website.

Happy Holidays!

Galileo Offline Maps

Galileo Offline Maps logo screen shot
It’s free on iOS devices.

Galileo is my favorite GPS moving map for driving unfamiliar roads.  It’s installed on my iPad, which is much easier to carry and charge in the car than a laptop GPS system.

Here are a few pros and cons to this application, as well as a comparison to ForeFlight and Apple Maps.  Why these three choices?  Among the many mapping applications I’ve looked at and tried out, these are the only three  I still have on my iPad.


  • Quick start up.
  • Fast and smooth panning and zooming.
  • Intuitive map caching.
  • Try before you buy.  All except a few features work in the free version.
  • Uses the best maps, and you can edit them if they need changes.

Continue reading Galileo Offline Maps

Split Tunnel VPN, Part 2

Diagram of the split tunnel VPN configuration that does not require static routing
Updated Split Tunnel Design

Two years ago, I devised a Windows XP split tunneling solution that involved static routing.  That solution had the advantage of being cheap, but also had the disadvantage of scaling poorly with any number of client computers.

Now I have a second solution that eliminates the static routing problems.

While researching new VPN security issues recently, I came across an obscure piece of information about the Windows VPN client.  It is nestled cryptically in this one sentence from a Microsoft whitepaper:

When the Use default gateway on remote network check box is cleared, a default route is not created, however, a route corresponding to the Internet address class of the assigned IP address is created.

Absent any other explanation, that sentence requires some mental gymnastics to understand.  Allow me to help with this.

Continue reading Split Tunnel VPN, Part 2

How to Secure a Windows VPN with PEAP

Authentication Methods page in the RRAS Remote Access Policy Wizard
Setting up PEAP

In light of last month’s announcement by Moxie Marlinspike and David Hulton that they developed a method for decrypting Windows VPN traffic in under 24 hours, it is now important to stop using MS-CHAPv2 as a means of authenticating VPN passwords.

There is a relatively simple fix for this.  Microsoft VPN servers have the ability to authenticate passwords using another protocol called PEAP, also known as PEAP-EAP-MSCHAPv2.  The only reason one might avoid using PEAP in the first place is that the Microsoft documentation is confusing and describes a requirement for Public Key Infrastructure (PKI) deployment.  The PKI as described in Deploying Remote Access VPNs requires anywhere from one to three servers just to issue certificates.  However, it only specifies the PKI requirement for a slightly different protocol called EAP-TLS.

To be clear, PEAP does not require a full-blown PKI or even an internal Certificate Authority.  You can, in fact, use the same certificate that has been, or would be, issued to a web server for SSL encryption.  There is no reason to add a second certificate just for a VPN server.  This also means there is no investment required in PKI if a free certificate issuer is used, such as

Below is a brief tutorial for configuring an existing RRAS installation with PEAP-MS-CHAPv2.

Continue reading How to Secure a Windows VPN with PEAP

Facebook Disables Options, Floods News Feed

The News Feed settings menu.
These Don’t Work Anymore

Facebook recently rolled out changes to its News Feed feature, making it controversial and difficult to use again.

  • When your friends click “Like” on an item posted by someone who is a stranger to you, that story is now added to your News Feed.
  • These “Like” stories now comprise the majority of News Feed items, flooding the home page with irrelevant images and branding.
  • The settings that were designed to remove these stories no longer work.

When I log in to Facebook now, I am bombarded by photographs posted by people I have never heard of in my life.  My friends are clicking the “Like” button on these photos, causing them to appear on my News Feed.

What this problem means for me is that even though my friends sometimes exercise good taste, we do not have the same taste.  The images in my News Feed now frequently contain profanity, political messages, corporate branding, and other unwanted or randomly useless information.

And it’s not just me.  The News Feed became such an annoyance yesterday that I wrote about it on my Facebook profile, which quickly received replies from friends having the same problem.

In the past, unwanted posts could be permanently blocked by adjusting the feed settings.  Now Facebook has gone too far.  They have broken all of the settings listed under “What types of updates” to receive from friends.  Even though I have “Comments and Likes” turned off for many of my friends, I am still getting a flood of their unwanted activity updates.

Continue reading Facebook Disables Options, Floods News Feed

White Templates for GoodNotes

Screen shot of the template import screen in GoodNotes.
Template Import

I’m playing with a note taking application for iPad called GoodNotes. It has a lot of potential to help replace notebooks for homework. It requires some customization because the default templates have a beige background. Beige is easier to look at on a bright computer screen, but it is impractical when printing. The built-in solution seems to be to export “notes only”. However, I have mixed feelings about printing handwritten notes from lined paper that has no lines.

Here are my customized templates, based on the built-in options, with the background color removed for better printing.

iPad-Size Templates

Portrait Landscape
PDFRuled (lined paper) PDFLandscape Ruled
PDFSquared (graph paper) PDFLandscape Squared
PDFMusic (staff paper) PDFLandscape Music
PDFBlank PDFLandscape Blank
PDFWide Ruled PDFManuscript Ruled
PDFDouble Ruled

Continue reading White Templates for GoodNotes

Don’t Use min-width Media Queries

Opera Mini Screen Shot
Mobile Friendly

Two weeks ago, I tried to point out a shortcoming of example CSS code over at the website.

The point in question was the use of the “min-width Media Query” which I felt was incompatible with Internet Explorer.

Since this is tricky to describe without drawing a picture, I decided to set up a few sample web pages here to serve as a live demonstration of the problem.

The demo is: My min-width Media Query Test Case

For readers uninterested in the demo or the raw code, I am providing a set of screen shots below to fully illustrate the results.

My scenario begins with a page that looks fine in most browsers, but renders poorly in Opera Mini, a mobile web browser.

In an attempt to make the page mobile friendly, I used the min-width CSS media query to cause Opera Mini to ignore parts of the code.  Unfortunately, this rendered poorly in Internet Explorer 8 and older versions.

Continue reading Don’t Use min-width Media Queries

XMB Forum Offline

XMB Logo

The open source community website for eXtreme Message Board forum software went down Friday afternoon.  It is now going on two days of down time, and has been replaced by an “Apache 2 Test Page.”

I wanted to share the news and offer a place for comments.  I am one of the more active members of the community and already received some inquiries about this.

My position as a volunteer developer actually does not include administration of the server computer.  I was informed yesterday that the server was no longer running and would be restored from a backup copy.  However, there is no current estimate for when the restoration will be done.

Update: A new server has been established at

Photo Privacy Broken on Facebook Timeline

Facebook Profile with sensitive areas blurred
My Public Profile Should Not Look Like This

Have you ever added one of your photos to a Facebook group?  If yes, you might want to delete your photo albums right now.  I discovered today that the Facebook privacy settings for photos do not work.

Inspired by a discussion about social media I heard on NPR, I went into Facebook to do a thorough check and re-check of all of my privacy settings.  Guess what?

Dozens of photos I have on my Timeline are now publicly available.  >:{  Every one of those photos is set to “Friends” only privacy.  When I click the “View As…” option and then “Public”, all of those photos are now appearing on my public Timeline profile.

To confirm this, I registered a fake account that has no friends.  I viewed my own profile using that new account and a different web browser.  When I scrolled down far enough on the Timeline, my old photos started showing up to this newly registered user!

The fake user gets nothing by clicking on the “Photos” section near the top, suggesting this bug is specific to the new Timeline profile feature.

In an unsuccessful attempt to hide the photos, I used my real account to reset the album privacy to “Only Me”.  At this point, the photos were still appearing in the public preview as well as the fake account viewing my real profile.

Continue reading Photo Privacy Broken on Facebook Timeline

Server Monitoring Through DD-WRT

DD-WRT Commands screen with a server monitoring script.
Powerful Little Script

Happy New Year!  I’m kicking off my 2012 blog entries with a fun little hack for Linksys routers.

There are plenty of articles on the web about using DD-WRT to enable router monitoring.  I decided to turn this idea on its head and use my router for server monitoring!  When I realized DD-WRT comes with a sendmail command, I knew this was going to be quick and easy to set up.

This is great for anyone who would like their celly to light up as soon as something goes wrong with an important computer or website.  All of the needed software is already built in to compatible routers, so there is no need to purchase or install a dedicated monitoring system on a separate computer.

By following these easy steps, you can create your own reliable monitoring service.

Continue reading Server Monitoring Through DD-WRT