If you’ve ever tried connecting to a remove service or server using SSL from your server side PHP script running on a Windows Server, you may very well have encountered the condition that SSL certificate of the remote server cannot be verified. THe problem occurs when you have the CURLOPT_SSL_VERIFY_PEER curl option set to true.

The error looks like this:

 error:14090086
 SSL routines:SSL3_GET_SERVER_CERTIFICATE
 certificate verify failed

Well, the problem has a very simple solution. CURL cannot talk directly to the Windows certificate repository, so you have to give it a file to validate the Trusted Root Certificate Authority against.

Follow these steps to export your Trusted Root Certificate Authority CA certs:

1. From the windows start menu, run the command “mmc.exe” to launch the Microsoft Management Console;
2. From the MMC, choose “File” > “Add/Remove Snap-in…” from the main menu;
3. Add the “Certificates” snap-in; When asked which certificates you want to manage, select “Computer Account” and “Local computer“;
4. from the console root, navigate to “Certificates (Local Computer)” > “Trusted Root Certification Authorities” > “Certificates“;
   
5. * Select all of the certificates (CTRL+A) and select “Action” > “All tasks” > “Export…” from the MMC main menu;
6. Follow the wizard to export the certificate(s) to the Cryptographic Message Syntax Standard – PKCS#7 (,pb7 file) to a file called “TrustedRootCAs.pb7“;
7. Open a command prompt (“cmd.exe“) and navigate to the folder containing the PB7 file you just created;
8. Run openSSL.exe (you may need to add the path to this program to the Windows PATH environment variable) to convert the file to text using the following command:
1. c:\php\extras\openssl\openssl.exe pkcs7 -inform DER -in TrustedRootCAs.pb7 -print_certs -text > TrustedRootCAs.certs
9. Then, in your PHP application, add the following line BEFORE you call curl_exec():
1. curl_setopt ($ch, CURLOPT_CAINFO, ‘C:\PHP\extras\openssl\TrustedRootCAs.certs’)

That’s about all you should need to get things rolling.

Remember, you don’t necessarily have to export all of the CA’s. In the case of Yubikey, the authentication API server uses a certificate issued by GoDaddy, so you only need export that single on if you prefer not to have to keep this file updated every time ROOT CA certificates are updated by the various providers.

So, you’ve installed FTP 7.5 and tried to connect to your server remotely and noticed that even though you can connect ok, you can’t in fact get a file-listing from your new FTP server. Well, I noticed this too.

So, you’re probably wondering how to fix it. You may have even tried adding some new firewall rules to Windows yourself to open up the data channel. Well, unfortunately that doesn’t quite fix the problem.

(more…)

I just got promoted.
One of my photos (well two actually) has just been used to promote the home page of the Photo Art Gallery (a.k.a. PhArt Gallery)

Come see my complete portfolio here: http://www.photoartgallery.com/artist/doublehelix

The rest of my work can of course be found here: http://www.redbubble.com/people/doublehelix

I was lucky enough to attend the Star Wars experience exhibition before it finished here at the ScienceWorks museum in Melbourne last week.

Here are some shots from the show:

Well, I’m married – and we just spent a whole month travelling Italy with a stopover in Dubai.

Here are some shots from the trip… enjoy.

If you’re running Microsoft Windows Vista, with Office 2007, you’ll more than likely come across this problem during one of your early automatic Office Updates or Service packs. The error comes as you try to launch your office application for the first time after an office update. It reads something along the lines of “<application> has not been installed for the current user”.

At the core of this issue is a simple malconfiguration of the MSI installer that performs the update and configures the registry. It seems that as the installer creates or modifies executeable files and/or registry keys, it does so as the administrator user. This in turn cases all of the permissions on those files/keys to reset to those of the administrator user, causing the error you see.

Specifically, Update KB951944for Office 2007 seems to be the update causing the issue (according to user who have tested each and every patch for the bug). Skipping this one should avoid the problem all together.

There are several possible resolutions to this problem depending on your specific situation, some simple to solve, some more difficult.

The most obvious, and easiest fo resolve, is permissions on the executable files themselves. Firstly you have to open the Office application folder (normally “C:Program files (x86) Microsoft OfficeOffice 12″ or similar). You’ll need to locate each individual application executable (e.g. “Word” is “winword.exe“.) Right click on the executeable and select the “Properties” menu. In the properties window that opens, select the “Security” tab and click “Edit“. Give “Users” full control. You’ll may (in rare cases) need to re-create your shortcuts from these files.

Amongst the registry keys that are affected are the following:

• HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components379E92CC2CB71D119A12000A9CE1A22A
• HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsDA42BC89BF25F5BD0AF18C3B9B1A1EE8
• HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsDA42BC89BF25F5BD0BF18C3B9B1A1EE8
• HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsDA42BC89BF25F5BD0CF18C3B9B1A1EE8
• HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components82DE7549CF3F8CCB0DF18C3B9B1A1EE8
• HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components6F949E36CB3004C50AF18C3B9B1A1EE8
• HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components6F949E36CB3004C50CF18C3B9B1A1EE8
• HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components7AA6F3DBF3CE139469FE63D56E7AF446

Any (including any that may not be listed above yet simmilarly afflicted) registry affected in this manner keys need to have thier permissions reset to the same permissions as thier parent key. i.e permissions should be inherited.
If you’re not comfortable doing this by hand, there’s an open-source utility called SetACL (http://setacl.sourceforge.net/) that can help.

WARNING: There are many keys under the “components” key that have nothing to do with Office! do not go and arbitrarily go and reset every single sub-key under “components” to inherited permissions, as this will effectively remove all UAC protection from all installed components (not just office) so don’t do that! You’ll have to inspect individual registry keys.

If you’re in fact going to use SetACL, you can execure the appropriate command-line function like this:

setacl -ot reg -on "HKLMSoftwareMicrosoftWindowsCurrentVersionIn stallerUserDataS-1-5-18Components{GUID}" -actn setprot -op "dacl:np;sacl:nc" -rec yes

Where {GUID} is the ID of the component that requires resetting. It may be easier to copy this command into a batch file if you need to execute it numerous times. Typing this over and over 30 times can be painful.

Well, hopefully one of these solutions has solved the problem fo you. If not, I’ve heard of a later update causing almost the same issue, so you may very well be experiencing a similar problem! Let me know if you do… especially if you figure out another way to solve it.

Thanks to everyone at VistaHeads for following up the problem.

For more information, and to join in discussions on Microsoft products, see the following Microsoft specific Newsgroups:
microsoft.public.office.misc and microsoft.public.word.newusers

In Delphi, arrays are, put simply, a list of values contained within a common variable, that are accessible by their index within that list.

But what if you don’t want your list of values to be able to be altered at run-time? You need them to be contained in a constant rather than a variable.

Example: to declare an array of abbreviated week names:

const
  Days: Array[0..6] of String = (
      'Sun', 'Mon', 'Tue', 'Wed', 'Thu', 'Fri', 'Sat'
  );

You could then access each name by the index of the day of the week within the Days constant.

i := DayOfWeek(Date); //returns an integer 0-6
ShowMessage('Today is  ' + Days[i]);

Another common use for constant arrays is to describe the values in an ENUM type:

type
  TStatusCodes = [
    scUnknown, scActive, scPending,
    scDisabled, scSuspended
  ];
const
  StatusString = Array[TStatusCodes] of String = (
    'Unknown', 'Active', 'Pending',
    'Disabled', 'Suspended'
  );

Then, the description string for each status code becomes available via the ordinal value of the status code itself:

ShowMessage('Your account is '+ StatusString[scActive]);

Would show a message box with the text “Your account is Active“. Of course in the real world, the status code enumeration value would come from a user object or some such similar method (like “function getAccountStatus(): TStatusCode;” perhaps).

Ok, so you want to know how long it’s been since your windows workstation or server was last (re)booted. There are two options. The first is built right into windows, the second is an external command-line program provided by Microsoft to help with the problem.

Option 1:

1. Go to “Start” -> “Run“.
2. Write “cmd” and press on “Enter” key.
3. Write the command “net statistics server” and press on “Enter” key.
4. The line that start with “Statistics since …” provides the time that the server was up from.

* The command “net stats srv” can be use instead.

Option 2:

The Uptime.exe tool allows you to estimate Server Availability with Windows NT 4.0 SP4 or Higher.

Uptime.exe is a standalone program. To install the tool, simply copy the file into your Windows directory. You may then run the tool at a command prompt.

For extended help on this tool, type the following at a command prompt:

uptime /help

This tool is most accurate when run with administrator privileges, however, even without administrator privileges, the tool attempts to make a best estimate based on available information. In all cases, the results should be considered estimates.

The uptime.exe program can be downloaded from Microsoft here:
http://download.microsoft.com/download/winntsrv40/install/uptime_1.01/nt4/en-us/uptime.exe

See also:

http://support.microsoft.com/kb/555737
http://support.microsoft.com/kb/232243

If you’ve been running Vista for any period, you may well have come across the following error if you’ve installed a software DVD player, or upgraded an existing one, or perhaps have Azureus Vuze or some other Java application with media player capabilities installed:

java.io.FileNotFoundException: C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\Azureus\azureus.config.saving (The system cannot find the path specified)

or
error:failed to create directory C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\Azureus\azureus.config.saving (The system cannot find the path specified)

Well, it seems that some genius programmer, instead of using the WIN32 function to determine the users application data path, has instead hard coded one assuming that the user will be running Windows XP under which creating the above directories might be allowed as all users are super users by default (under normal home-use circumstances).

Well, there is a solution – however it involves editing the Windows Registry.
NOTE: If you’re unsure about what this means or are uncomfortable with editing the Windows Registry directly, ask for help from someone who has, or do a lot of research before you begin. If you break or corrupt your registry, windows may very easily become unusable.

Open your registry editor by running RegEdit from the windows “RUN” command:

Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folder

and make sure that AppData is set to “C:\Users\<user>\AppData\Roaming“. (replacing <user> with your local user account name – check the path yourself if unsure).

Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folder

AppData should be “%USERPROFILE%\AppData\Roaming“

Computer\HKEY_CURRENT_USER\Volatile Environment

AppData should be “C:\Users\<user>\AppData\Roaming” (again, replacing <user> with your local user account name – check the path yourself if unsure).

This should solve most of your issues.

I’ve been told that DELETING any registry keys containing the value: “C:\Documents and Settings\ReleaseEngineer.MACROVISION” will also work as the keys will be re-created automatically using default values (the correct default values) the next time a program saves its settings. However, this seems a drastic and possibly unsafe step, so leave it as a last resort if you’re still having problems.

Hope this help you all.

There are a lot of quirks between different browsers, in particular though are the differences in the way each browser handles the DOM in JavaScript.

Internet Explorer, for the most part, implements MSXml 4.0 or higher. However that’s (obviously) a Microsoft technology, and the standard implementation doesn’t support XPath in the DOM.

In particular the selectNodes() and selectSingleNode() functions are of particular use when manipulating XML or the DOM. Using these functions you can parse an XPath expression and get a nodelist of elements in your DOM that match the expression.

(more…)