tribut.

Thoughts on technology and mathematics

Hide Static Apache Error Pages From Clients

Creating custom error pages using Apache is easy. Simply put

ErrorDocument 404 /errors/404.html

in your vhost-config or .htaccess and apache will serve your file instead of that ugly default message.

However, when you use a static file, requests to /errors/404.html will now result in your error page being displayed with HTTP 200 OK status. I did not want it to end up in some search engine’s directory, but unfortunately the files have to live inside the DocumentRoot so it can’t simply be moved away. An obvious solution would have been to create a suitable entry in robots.txt:

User-Agent: *
Disallow: /errors/

However this still does not fix the fundamental problem of the file being accessible as a document - so how do I make it seem to the clients as if there was no such file in the first place?

In the case of the ErrorDocument being a script, it can just always output a 404 status code header. For static files? To my surprise mod_rewrite has no flag to reply with arbitrary status codes (or reply with 404 as [F] does for 403 Forbidden). My first hope was to use mod_alias’ Redirect:

Redirect 404 /errors/404.html

This works, but will also be applied when Apache looks for the ErrorDocument itself, resulting in broken 404 pages. So is there a way to do a conditional redirect only if the request isn’t the result of a 404? Turns out, there is: Apache sets the environment variable REDIRECT_STATUS for you. So this is what I currently use:

RewriteCond %{ENV:REDIRECT_STATUS} !=404
RewriteRule ^errors/404\.html$ thisfiledoesnotexist [L]

This will effectively trigger a 404 error (because the file this redirects to does not exist) and when Apache fetches the ErrorDocument, no redirect happens.

Now, while this works its certainly not elegant. If anyone has a solution that does not rely on the file thisfiledoesnotexist not existing, I’d be happy to hear from you.

Comments →

Amazon Kindle and Eduroam With CA Certificate

WPA2 with 802.1X (“Enterprise”) is what you want to use to encrypt your WiFi when you have lots of users and thanks to the formidable Eduroam initiative most universities I visit (as well as my home university) now provide such a service.

When I’m on the road, I almost always take my Kindle with me. So I was very happy to find that the Kindle Paperwhite supports WPA2 Enterprise. Sending logins over external networks of course calls for certificate verification. To my great surprise the Kindle manual does not specify how this is done and Amazon support - after consulting with their tech guys - told me to copy the file to the folder Cert and specify its name in the wifi settings. They were a loss when that did not work for me.

The internet wasn’t helpful either. Universities simply suggested to leave the CA certificate field empty and forum posts were outdated, so I was left to guesswork.

Fortunately I found some settings that appear to work well so I though I should share them: First, convert your certificate to the PEM format. If you have a certificate in DER format, simply use openssl to convert:

openssl x509 -in input.der -inform DER –out output.crt -outform PEM

Using a USB connection create the folder certs (not: cert!) in the root directory of your kindle and copy the certificate there. The file must end on .crt, files with other names such as *.pem won’t be detected. Then, go to Settings > Wi-Fi Networks > Other > Advanced and refer to the screenshot or the following table for the correct settings. The name of the certificate goes into “CA certificate” (without path).

Network name
eduroam
Connection Type
DHCP
Security Type
WPA2
Version
Enterprise
EAP Method
PEAP
Phase 2 Authentication
MSCHAPv2
CA Certificate
yourcert.crt
Username
user@your-institution.tld
Comments →

Export Google Contacts to Roundcube, Including Photos

The fact that Google doesn’t export photos from Contacts didn’t bother me until very recently, when Roundcube announced support to display the contact picture along mails.

People have been complaining for years so it’s unlikely the situation will change anytime soon. Here are some workarounds.

Using an Android phone

If you have an android 4.x phone, this is definitely the easiest solution: Go to People, hit Menu, select Import/Export and finally Export to storage and you end up with a .vcs on your memory card that has all fields from the address book, including the photo.

Unfortunately, Roundcube 0.9 seems to have problems with the generated files - images don’t display and non-ascii characters are messed up. The following command is the result of a bit of trial-and-error and fixed it for me:

sed 's#^PHOTO;ENCODING=BASE64#PHOTO;ENCODING=b#' < orig.vcs > fixed.vcs

Using Thunderbird

Without an android phone, the only way to get those photos into roundcube seems via the Google Contacts plugin. It allows access to your Google Contacts from the Thunderbird address book and supports photos. Great, no? Well, almost. Thunderbird is still limited to two emails per contact. Depending how many users with >2 email entries you have this may bother you (the additional emails will simply be lost).

As there is no export in Thunderbird for vCard, you will also need ThunderSync. The plugin keeps your address book in sync with a folder of .vcs files.

Finally, apply the fix from above (while at the same time combining the generated files into one) and you’re done:

cat sync-folder/*.vcs |
  sed 's#^PHOTO;ENCODING=BASE64#PHOTO;ENCODING=b#' > fixed.vcs

If you have a better solution (automatic syncing comes to mind), please let me know in the comments.

Comments →