Filed under: Musings | Canmore's Blog

SAP NCC-1701D Support

2009-07-15T21:08:53+02:00

The search phrases sap platin-gui freezes and use sapgui for java frequently appear in my server log files. However, as I used these in a different context, people will be disappointed once they discover that there are no articles concerning SAP GUI for Java except an installation guide for FreeBSD. This is obviously a matter of some importance, judging from the page hits, so I decided to do my part in the great struggle for bug-free software.

Using SAP GUI for Java

Let me answer the second search string first: Yes, you should use SAP GUI for Java. It is stable, secure and fast. SAP only lists a fraction of all Linux distributions in their Lifetime and Support Matrix for SAP GUI for Java. This is to ensure the highest standards of quality (in translation: SAP does not want to get sued into oblivion and must check that it really, really works at least with some operating systems. It not easy, given the myriad of system environments out there in the wild).

However, in almost all cases, SAP GUI for Java should run just fine under your personal Linux distribution of choice. So, on to the installation:

Download a recent Java Runtime Environment from Sun.
Download a recent version of SAP GUI for Java. Pick the jar-file that fits your operating system best.
Start the installation via java -jar PlatinGUI-Linux-710r9.jar (or execute the jar-file using another method of your choice).

You are done.

Solving problems with SAP GUI for Java

There are several things to do when the GUI freezes or hangs.

Execute SAP GUI for Java from a terminal emulator. Use xterm or the likes. This allows you to view any error messages that might help to pinpoint problems within the source code.
Try a different Java Runtime Environment. Install an older JRE (there is no need to remove the current one). Set the PLATIN_JAVA environment variable to the installation directory of the older JRE, for example by executing export PLATIN_JAVA=/usr/local/Java/jre1.6.0_11/bin/java and /opt/SAPClients/SAPGUI710rev9/bin/guilogon from a terminal.
Try a different version of SAP GUI for Java. It is possible to install different versions in parallel. I would recommend this option especially if you are testing a new version for deployment.
Check with a supported operating system. Take a look at the Lifetime and Support Matrix for SAP GUI for Java and set up a test environment. This should be your last resort, because in most cases, the problem does not depend on your operating system.
Take a stack trace. If the GUI hangs, follow this very helpful article and create a stack trace. This diagnostical information is very helpful for SAP's support teams.

Reporting problems

In any case: You should always report your problems. SAP is very grateful for any feedback, even if it is in the form of debug information. You can use one of the following means of communication:

Use the SDN Expert Forums (free registration required, section "Application Server—SAP GUI", for lesser problems, general questions or if you do not have an account for the SAP Service Marketplace.
Create a bug report at SAP. Use BC-FES-JAV as the component.

Whatever you do, try to describe the problem as precisely as possible: Attach all debug information (stack traces, error messages etc.) and create a step-by-step reproduction scenario. The more information you provide, the less time your request will take.

This is, for example, a bad bug report:

hello, i get error in gui. please advise!

Whereas this is definitely better (of course, a step-by-step description would be best. System information is also not included, but at least, one could try to reproduce the problem now):

When I click the "delete world" button in transaction GOD, SAP GUI for Java throws a java.lang.NullPointerException. The operation will then be aborted.

Small disclaimer (thereby fulfilling SAP's guidelines for blogging): While I work at SAP, these opinions are my own. Especially the policy regarding unsupported operating systems.

Jabber is the new ICQ

2009-07-07T23:38:02+02:00

Almost every person I know has an IM account. Most of them are still regular users of ICQ, despite of all its shortcomings. I do not want to make any boring, technical comparisons between the two protocols. Jabber/XMPP is clearly superior to ICQ for a many reasons. However, game theory shows us that "superior product" does not imply "market dominance". Let me try to convince you to create a Jabber account. Here are some questions you might have.

Where can I get a suitable client?

Wikipedia to the rescue! My short suggestions: Use Pidgin (Windows, Linux, BSD) or Adium (MacOS X).

Why should I want to use another protocol?

Because you will need it, eventually. Chances are, you already use a multiprotocol messenger, such as Trillian Pro or Miranda for Windows, Pidgin or Kopete for Linux/Unix, Adium or iChat for MacOS X. If you are not yet using a multiprotocol messenger, you should consider using one. It makes life easier, because you can still maintain your ICQ account (I am doing this, for example, because there are some people who simply refuse to use anything but ICQ. You are not one of them *handwave*).

You should also think about this: ICQ is owned by AOL. They want to make money—which is OK, I suppose. Hence, the original client for the ICQ network is Adware. Of course, AOL does not want you to use any other client:

[…] You agree not to (1) create or use any software other than the Software provided by ICQ or by America Online, Inc., or any affiliate thereof, to enter your ICQ number and password or to access the ICQ Services, without the express written authorization of ICQ; […]

Indeed, AOL changed the protocol several times in the past, thereby kicking out users that did not use the original client. Do you really want to be a part of that? There is also the "default argument" against ICQ, citing their user policy. Basically, AOL owns the right to use your messages for all purposes (see the Wikipedia article for more details). Most people will probably respond to that along the lines of "My conversations are not that relevant". That may be true, but for me, this passage reeks of intolerable business practices.

Alright, stop. How do I get an account?

Good news first: You will not have to memorize a wimpy UIN. Instead, you will get a nice address of the form nickname@server.tld (this also leads to less SPAM in your messenger).

If you happen to have a Google Mail account, you can use Google Talk. This means that people can contact you using your e-mail address. Google has instructions for some clients on their web page.

In any other case, you must decide about a server. You probably want to use either jabber.org. There are of course others, such as jabber.ccc.de. For simplicity, I am describing the steps for jabber.org. I trust you will be able to read the necessary documents for other servers.

Register an account using the web interface of jabber.org.
Start the appropriate wizard in your client program that allows you to add a new account. If you do not know how to do this, the documentation could be helpful. The steps for Google Talk might also prove useful (of course, the account details will have to be changed).
Enter your nickname (nickname@jabber.org) and your password. For security, you should enable SSL/TLS, if that is an option in your client.

Are there any alternatives to using two protocols?

Yes, there is at least one: Jabber transports. Some servers allow you to treat contacts from other IM networks as normal Jabber contacts and "transport" your messages transparently to the other network. Since the server needs to support it, it might not be available everywhere. This little article does not cover transports, so you have to ask a search engine of your choice. Sorry.

Done. What now?

See, that was not so hard.

If you want so, you may now drop me a note via Jabber (canmore@jabber.org). Do not forget to convert your friends, for they, too, shall bask in the glory of Jabber!

Web 2.0 mortuus est, vivat Web 3.14159...

2009-03-30T19:50:44+02:00

Tired of all the fuss about Web 2.0, I decided to proudly announce Web 3.1459..., also known as Web Pi or Web π. Web 3.14159... is clearly superior to Web 2.0 for many reasons (i.e. because I say so).

More information about Web 3.14159... is available on a site that does not use JavaScript or Flash, but simply delivers its content.

If you want to show your support for Web 3.14159..., simply download one of the graphical logos (or design your own) and let your visitors know how hip you are. Domain owners might also create an appropriate subdomain and host some information about Web 3.14159... there.

If you like this idea, spread it around the intertubes and link directly to http://web3.14159.annwfn.net.

Updates expected, nice weather ahead

2008-09-12T19:13:25+02:00

I noticed that some parts of this very informative website became a little rusty over the years. That's why I decided to update and change the content. The process might take some time, but I will notify all visitors (my server log tells me that at least some spiders like this site. Perhaps one or two human beings read this, too. Anyway: Hi, Googlebot. Nice writing to you. Did you get those cookies from me?) once it is done.

In the meantime, take a look at this very basic attempt to create a graphical represenstation of all the links found on my pages. Enjoy.

In Memoriam Robert Jordan (1948-2007)

2007-09-17T18:32:22+02:00

James Oliver Rigney Jr, better known as Robert Jordan, creator of the Wheel of Time books, passed away yesterday. My deepest condolences to his family and close friends.

Rest in peace, RJ!

Promoting Privacy

2007-07-12T13:10:15+02:00

I am sure that most of the people actually bothering to read this blog had to explain at some point in their lives to other people why they actually care about encrypting mails or other (sensitive) data. I, for one, mostly respond something like this:

"Because I am a really paranoid person. I do not trust a government that is unable to see the point of my personal freedom and my privacy. There are many things that just are not anyone else's business."

Sadly, at this point of the conversation most people stare at me. They utter things like "If you have nothing to hide, you have nothing to fear!" or, worse, "If you are not doing anything illegal you do not have to bitch about people knowing it!". (This attitude explains why I don't talk to strangers.)

Fortunately, two people try to promote the lost art of information protection. One is a professor who has written a rather good article about the faults of the aforementioned arguments. You can find it at the SSRN (select "anonymous download". It is quite funny that one has to divulge private information for downloading a paper. But then again, life is pretty funny sometimes.). Sadly, it is not technical (i.e. it does not show the layman some ways to protect her/his privacy) but rather a kind of guideline on how to deal with people that do not get the point of privacy. The other person is x127 who has written a German article about encrypting mails with Mozilla Thunderbird and Enigmail some time ago.

Like all good books about mathematics, I leave the details of how to convince people to encrypt, to think, to care etc. as an exercise for the reader - you.

Hopefully, with the new (German) laws that are under way, more and more people see the importance of not sharing everything with their governments (with Facebook/StudiVZ, MySpace etc. it is hard enough to remain anonymous, anyway). To quote Thomas Jefferson:

"I have sworn upon the altar of god eternal hostility against every form of tyranny over the mind of man."

Integrating Dokuwiki and phpBB2

2007-04-01T20:51:23+02:00

Dokuwiki is a nice Wiki system if you don't need tons of extra features and plugins. If you happen to have a phpBB2 installation running, too, you can tell Dokuwiki to use this database to authenticate users. Here's how that works.

The following changes should be made to your local.php configuration file. The might get overwritten if you store them elsewhere. Here is an excerpt from my configuration file:

/* you want ACLs and MySQL */
$conf['useacl'] = 1; 
$conf['authtype'] = 'mysql'; 

/* I do not want users to register via Dokuwiki */
$conf['openregister']= 0; 

/* check the MD5-hash via MySQL */
$conf['auth']['mysql']['forwardClearPass'] = 1;

Moreover, you have to configure the database connection:

$conf['auth']['mysql']['server']   = 'your server';
$conf['auth']['mysql']['user']     = 'your username';
$conf['auth']['mysql']['password'] = 'your password';
$conf['auth']['mysql']['database'] = 'your database';

Pay special attention to the values of TablesToLock. If you use a specific table in a query, add this table to the array:

$conf['auth']['mysql']['TablesToLock']= array( "your_table", 
"your_table AS another_table" );

As a last step, we have to define some queries Dokuwiki uses for certain actions. The names are quite telling, so I will not explain them in great detail.

$conf['auth']['mysql']['checkPass']= "  SELECT user_password AS login
                                        FROM forum_users /* change it :-) */
                                        WHERE
					username='%{user}'
                                        AND
					user_password=MD5('%{pass}')";

$conf['auth']['mysql']['getUserInfo'] = "SELECT user_password AS pass, 
					 username AS name, user_email
					 AS mail
                                	 FROM forum_users
					 WHERE
					 username='%{user}'";

/* this query is from the dokuwiki documentation */
$conf['auth']['mysql']['getGroups']   = "SELECT a.group_name AS `group`
		                         FROM forum_groups a, 
					 forum_users b, 
					 forum_user_group c
	                                 WHERE b.user_id = c.user_id
                     			 AND
					 a.group_id = c.group_id
					 AND
					 b.username='%{user}'";

For all those black hats laughing right now because they see SQL injection possibilities: No way. The strings are escaped by the Dokuwiki authentication code. However, I would not use that method for any vital applications. Then again, if they are vital, you'd probably be writing your own wiki anyway...

A last remark: There are more options which you could add (searching for users via the user manager, updating user information etc.). This article show the absolute minimum you need to supply. To set the proper access rights, just add the groups you have in your phpBB2 installation to the acl.auth.php file. I would advise you to use the built-in group management system of phpBB2 because you will almost certainly need user groups in your discussion forum, too.

To laugh, or not to laugh, that is the question...

2007-02-23T17:28:14+02:00

...whether 'tis nobler in the mind to suffer 
The slings and arrows of stupid enterprises,
Or to take arms against a sea of stupidities,
And by opposing, end them. To code, to sleep -
No more...

This little piece of poetry lets Shakespeare spin in his grave. Sorry for that, old pal. But this is what came to my mind when the person reponsible for the "server room" in our village sent me the picture below.

More pictures are to come, I guess. By the way: Directing some efforts into the network problems I mentioned earlier, it was finally possible to convince my ISP that something was wrong. Using the older, insecure firmware on our devices seems to do the trick. The vendor's technicians are working hard on that issue (and the correspondence I collected is quite interesting. As soon as the bug I discovered is found in their code, I will upload some of that stuff).

Merry Christmas

2006-12-25T19:15:34+02:00

I have a christmas present for you: I am going to show you how to take down an entire subnet using a very sophisticated DoS attack. You must meet these prerequsites:

Get yourself a very incompetent ISP.
Make sure that there is absolutely no alternative to using this ISP. Alternatively: Live in a rather rural area and forget about fast Internet connections.
Download netcat or hping. These tools are so 1337...they almost approach 1338.

Now find a comfortable chair and practice an evil laugh. Quotes such as "Yppee-ki-yay, motherf*cker" or "Army or not, you must realize you are doomed!" are always helpful.

As a last step send one UDP packet to a certain port (> 1024) to one of the machines in your ISP's net. Since your ISP is incompetent, a formidable UDP storm will arise and with less than 2kb data, you have taken an entire network down. Congratulations.

This article contains irony, but most of it is true. According to my ISP, our net has been "attacked" several times. They do not believe me that this has to be some kind of weird error (since Counter-Strike uses this port, too, our net has become quite unstable...).

Anyway: Fröhliche Weihnachten. Merry christmas. Joyeux Noël.

Project Epsilon 1

2006-11-21T22:34:03+02:00

Let's start with something easy: A null modem cable is definitely not an RJ45 network cable. Furthermore, it won't work when plugged into a VGA connector.

Now it's becoming more advanced: If your IP address is 10.0.0.1 and the IP address of another device that is connected via a cross-over network cable to your computer is 192.168.0.1, you should change your IP address. No, it won't work if you use 192.168.0.1, too. And no, the device will not change its IP address on its own.

And a last one (at least for now): File names are very sensitive. They get angry if you do not use their real name. Keep in mind that these involves the case and the file extension. For example: ID10t is not equal to iD10T. The file extension is sometimes not shown by Windows. You might consider using a real operating system. However, true IT pros know an amazing trick: They are able to tell Windows to permanently show the file extension!