simon.schönbeck.dk

  • Pidgin certificate prompt

    Today using the version of Pidgin that came with Fedora 10 I received the following certificate prompt:

    Accept certificate for ows.messenger.msn.com?
    The root certificate this one claims to be issued by is unknown to Pidgin.

    The majority of cases of unknown certificate issuers are due to the chain of trust breaking down. This break down in the certificate chain is mainly caused by the software in question not including the intermediate certificate authorities certificates. Without these intermediate certificates the software can not verify through the certificate hierarchy up till the root certificate and therefore prompts the user about what to do.

    The options I received in the Pidgin prompt were:

    View certificate
    Accept
    Reject

    Upon selecting “View certificate” I am presented with the following details:

    Common name: ows.messenger.msn.com
    Fingerprint (SHA1): a9:9c:2d:ee:4a:d1:c8:7d:a7:c5:c3:05:32:98:5f:ee:57:87:73:8a
    Activation date: Tue Jan 29 14:37:21 2008
    Expiration date: Wed Jan 28 14:37:21 2009

    So far everything looks as it is a bona fide certificate but to verify the identity completely I load the page https://ows.messenger.msn.com/ in Firefox. As expected no certificate warnings were received and I opened the certificate viewer to see its details and confirmed the data matches up with the data received in Pidgin:

    certificate
    Certificate Viewer

    I can safely trust this certificate as Firefox has verified through the certificate chain that all intermediate certificates are valid too:

    certificate_chain
    Certificate Chain

    This certificate is simply used by Microsoft for the Live Messenger offline messaging service. Although you normally would trust verified certificates it did happen in the past that certificates were incorrectly issued to the wrong people. So always be cautious!

  • Virtualmin & suEXEC

    If by chance you have installed the Webmin module Virtualmin at some point you may have come across the following error message when setting up the module:

    Failed to save enabled features: The Suexec command on your system is configured to only run scripts under /var/www, but the Virtualmin base directory is /home. CGI and PHP scripts run as domain owners will not be executed.

    This error message is caused by using a version of suEXEC compiled by default to use /var/www as the document root of Apache. The suEXEC feature allows to execute scripts as the user owning the virtual host instead of the global apache user increasing security. The solution has either been to recompile suEXEC with the new desired path (/home in this case) or simply disable (Server Templates > Apache Website > Automatically add appropriate SuExec directive?) suEXEC completely inside the Virtualmin module configuration.

    A much simpler approach I used was to create a link between the two directories. I used mount to bind the two directories together and act as one. Voila, Virtualmin now continued the module setup without a remark!

    To achieve this I ran the following command as root:

    mount --bind /var/www /home

    That is it really. Now the directories act as one for the suEXEC wrapper too.

    Please note this will usually only last till next reboot. To mount permanently include the following line into your /etc/fstab:

    /var/www /home none bind

    The following is the extract from the mount man page:

    Since Linux 2.4.0 it is possible to remount part of the file hierarchy somewhere else. The call is
    mount --bind olddir newdir
    or fstab entry is:
    /olddir  /newdir  none  bind
    After this call the same contents is accessible in two places.  One can also remount a single file (on a single file).

    One note is that if you already had local users set up inside the /home directory you will mount on top of it, making the existing users data unavailable (not deleted). Simply unmount again and the users data will be back again. To get around this change the default path Virtualmin uses to create new virtual hosts home directories to something else e.g. /virtualmin. This can be done in the Users & Groups module.

  • BMW X5 fan blower issues

    Sometimes I had the climate system blower in my BMW X5 slow down so it could barely be heard, even when increasing the fan manually to a higher setting. After some minutes it usually started behaving normally again. Yesterday though it simply stayed on minimum no matter which buttons were activated.

    After a bit of reading I determined that the final stage resistor (aka final stage unit or blower motor resistor) was probably the culprit. This morning I went to the BMW dealer and bought the original unit for €90 and replaced it myself in about 15 minutes without any issues. The most time consuming part was actually to get to the dealer and back in rush hour traffic.

    The BMW part number is 64116923204 (PN 64 11 6 923 204) and is a newer, slightly different formed, and hopefully improved version of the existing unit. You can also buy the same unit cheaper at Ebay but from a different manufacturer. Simply search for the part number in the auction description.

    There are some excellent guides full of pictures to follow which you should have a look at:

    This unit is unfortunately very often the source of other issues, the most annoying one would be draining the battery so you can not start the car. Definitely a recommended DIY job before proceeding to more expensive repairs.