Unable to Publish a Google Apps Spreadsheet Form

Google Apps is a great service that Google provides to organizations and businesses, large and small.

But some times Google Apps can be very frustrating, just like any software. Besides bugs and "occasional odd design choices", the fact that things often change under the hood, albeit (or especially?) in small ways, some times make it more difficult to find effective support in the large user community.

Here is one thing I am doing for my daughter's high school FIRST Robotics Competition team: put a form on the team's website for T-shirt orders. I have been coaching the small web team to build the website using Google Sites and other services. So naturally a Google Docs spreadsheet form is my first choice for this job.

I designed the form and inserted it into a page as a gadget. Then I got this message on the page telling me that I don't have permission to access this item, regardless if I am logged in or not. As a matter of fact, I do have permission to access the form and the spreadsheet.

Googling the problem led me to Richard Nichols' blog entry about the exact issue. But I have in effect, although not in words, the exact same setting as he wrote in the blog: Essentially users must be allowed to share documents outside the domain. I have even tried to share the spreadsheet associated with the form to the public, but even that did not change the situation.

The trick posted in a Google Docs help forum does not work either. I have tried both embedding the form from the spreadsheet and inserting it as gadget in Google Sites' page editing function. So far nothing has allowed me to see the form on the site.

I guess one thing I could try is to implement the form outside the domain, using a generic Google account. But it really should not be that frustrating!

Ubuntu 11.10 Unity Annoyances

I gave up on Unity on my netbook long ago, but I thought I'd give it a try on my desktop. The longer I use it, the more it annoys me, in many small ways, and below is a small list of them:

1. Application menu
   
   You have to move an application window all the way to the top of the screen so that its top edge touches the app panel to make sure you have the application menu. Otherwise, for example, if you are using GIMP, and there is another application window between the image window and the app panel in the background, moving the mouse across the app in the background up to the app panel will make it display the background application's menu instead of GIMP's menu.
   
   I realize that this may be the residual effect of me setting up Gnome desktop to focus on the window where my mouse pointer is. I could probably figure out how to turn that off -- but I don't want to. I like to have the ability to enter text using the keyboard while the application may be sitting in the background.


2. Missing application logos
   
   Many application are still missing logos in the applications panes. I was hoping the situation would turn better as 11.10 updated over time, but that has not happened yet.
   

I googled a bit to see what others thought. Some people seem to like it. But more do not. A snapshot of a vote in a TechRepublic article:

I think I am going back to Gnome for now.

Cisco IOS User Privilege

Nothing new in this entry. Just to jot down a couple of thoughts about the IOS command below:

aaa authorization exec default local group tacacs+

In Cisco IOS, a user may be assigned a privilege level from 1 to 15 for accessing a device. Each privilege level may be configured to do different things, but the most simple and common practice is likely that a user is given level 1 privilege, which by default only allows the user to do things like showing status, etc. When a user needs to change configuration on the device, he or she may use the enable command to gain the proper privilege, usually level 15.

There are a couple of ways for that privilege elevation to be authorized. One common way is to configure an enable secret on devices. The argument is that the device could be configured even when it loses connection to an authentication/authorization (AAA) server.

But on the other hand, if one by mistake messes up the enable secret configuration on a device, having an alternative authorization route allows that mistake to be fixed relatively easily without having to physically visit the device, provided that the only thing wrong on it is the enable secret and it is still talking to the AAA servers.

That leads to the IOS command line above: It says to try the local enable secret first when a user asks for the enable privilege level; If that fails, try the TACACS+ server(s) configured in the device.

References:

• How to Assign Privilege Levels with TACACS+ and RADIUS
• How to Configure tacacs Authentication and Authorization for Admin and non-Admin users in ACS 5.1

A Bug in jQuery Grid Plugin

I want to call this a bug because, as the name implies, editoptions is optional. (That being said, this is a small bug in an excellent jQuery plugin.)

But without editoptions, a column with edittype="select" will be created in a formedit dialog without an id attribute, which results a data element missing when the form is submitted. Of course, this is only a problem when one wants to customize the form initialization — Most people probably do not use jqgrid that way.

The bug should be in the area between line number 548 and 564 in grid.formedit.js as of jQuery Grid plugin version 4.2.0. But I haven't had much time to understand exactly how that code section works.

A workaround seems to be always have an editoptions parameter for a select type column, as the example below shows:

     array('name' => "actid", 'index' => "actid", 'width' => 50, 'align' => "center",
           'editable' => true, 'edittype' => "select", 'editoptions' => array('value' => ";"))

That is data for a column in PHP from the drupal-nm project, with the workaround colored in red.

Extending Home Wireless Network

My Internet service provider is Comcast, whose cable comes in the house on the side, enters the basement, then terminates on a cable modem, which is connected to a wireless router. I have a dual-band Netgear N600 (model WNDR3700).

The wireless signal traveling up from the basement works fine on the first floor and part of the second floor. I get fairly consistent 200Mbps link speeds on the 5GHz 802.11n connections on the first floor. But in the corner where I sit on the second floor, even with signal strength reading at -70dBm and above, my netbook with a 2.4GHz 802.11g radio rarely gets above 26Mbps and more often stays below 6Mbps, with high rate of packet loss.

I bought the first Netgear N600 refurbished at $58 plus change. At that price, it seems make sense to get another one to extend the reach of my wireless network to the entire second floor: I could use the 5GHz radio for backhaul down to the basement and 2.4GHz radio for connecting devices. That is a little geeky but should work.

The stock software in the WNDR3700 (v1, as it turns out) does not support client mode. I don't want to use WDS because it would mean I lose an entire radio band to the backhaul. I have had good experience with DD-WRT working in the way I want: Using one of them in client mode and as a router to bridge a network segment from the second floor to the main network in the basement.

Installing the latest version (2.4 pre-SP2) on the WNDR3700 is easy: Just like what one does to upgrade the router uploading it using the web GUI -- Just make sure you are using the factory image as that is for imaging a unit running factory software.

This should be an easy project. But so far it has kept me puzzled for a bit. I will have to spend some more time to get all my network segments, DHCP settings and routing right.

So, here is the configuration, which should work but does not.

On the base router, which is still running the stock Netgear code, I have IP address 172.16.4.4 reserved for the second router, which is running DD-WRT. I also have a static route configured there for the 192.168.2.0/24 subnet.

The routing table on the second router is:

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
172.16.4.1      0.0.0.0         255.255.255.255 UH    0      0        0 ath1
172.16.4.0      0.0.0.0         255.255.255.0   U     0      0        0 ath1
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 br0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 br0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         172.16.4.4      0.0.0.0         UG    0      0        0 ath1

On the second router, the interface ath1 (which connects to the base router on the 5GHz 802.11n/a radio) has IP address 172.16.4.4 and br0 has 192.168.2.1 -- The bridge interface br0 bridges together ath0, eth0 and eth1.

I can ssh to the second router from a PC wired to it. From there I can ping everything on the 172.16.4.0/24 subnet as well as the wired device -- But nothing outside my home network.

From a device on the 172.16.4.0/24 subnet, I can ping 192.168.2.1 but not the device wired to the second router -- as if the routing table does not work.
Strange!

[Edit]: Well, maybe not -- maybe just too many late nights clouding my thinking.
The Client Mode article in the DD-WRT wiki clearly (well, maybe not) states Also note that the device should be in GATEWAY MODE instead of ROUTER mode, otherwise Masquerade/NAT does not happen. Of course, the NATing that did not happen was on the way going out the ISP link.

So now, I do have it working. I still wonder what happened on the second network segment regarding routing. Also, I wonder if I could get it working with segmenting (subneting) one 24-bit subnet and still use router-mode rather than gateway mode. Or, maybe I should just use client-bridge mode instead to make things simpler.

First Impression of Ubuntu 11.10, The Oneiric Ocelot

Saw 11.10 release the other day and gave it a go. The experience is less than impressive -- partly because 10.04 the Lynx set the bar pretty high.

The new desktop, Ubuntu Unity, started in 10.10 the Meerkat or maybe even earlier, as the default on netbooks. I remember immediately removing it and installing the classic Gnome back. I feel like doing the same thing with 11.10 -- I have a Asus EEE PC-901. After rebooting, the thing I immediately noticed was the slow boot. The Wow factor from the first time seeing Ubuntu 10.04 giving me the login screen in just 10 seconds was gone.

I have not mentioned the "waiting for network configuration" problem. When that message pops up on the Ubuntu boot splash window, if you press the Esc key, you will see that the boot process has actually gone passed the network configuration stage long ago. (It looks like some one may have been able to fix that problem.)

Unity did not work at all after the upgrade, likely because that I do not have a 3D accelerated video card. Switching to Unity 2D works but that still feels slow, much more sluggish than the classic Gnome in Ubuntu 10.10: Moving a window, you don't see it follow the mouse cursor as responsively as in Lynx or Meerkat.

The top panel bar -- I am not sure what it is called, Indicator panel? -- won't auto-hide, which annoys me. That is fine on a desktop, but a netbook's display real-estate is limited. I would like to use as much of the screen for work as possible.

Much in the System Settings panel seems to be gone as well, not just the icons (e.g., some of the apps in 11.10, both on the right-hand side vertical Launcher panel and in the System Settings window, refuse to display their icons, which I have not had a chance to figure out why.) I used to set the mouse cursor focus to follow the mouse pointer -- which allows one to type into an application without having to raise the window up to the front, rather than having to click a window.

I will give Unity a few more days, or even a few more weeks, before deciding if I will go back to Gnome classic, mostly because that it seems to be the direction Ubuntu is moving into. I will go back to classical Gnome if it continue to be sluggish.

[2011-10-31 Edit]

I decided to go back to Gnome classic on my netbook. It does seem to be a bit faster. While doing that, I also found out that the panel auto-hide setting has changed: Right click on the panel no longer works. One needs to Alt+Right-click the panel to get to the settings, which does not seem to work with Unity's top panel. I guess I am sticking with Gnome classic as long as I can.

Still having trouble with the booting process dropping to a shell on my desktop. Although exit out of the BusyBox shell gets it going, that prevents me from running it with VBoxVMService. Also, I am still having the Waiting for network configuration. . . problem, which is really annoying.

[2011-11-30 Edit]

Finally got around to fix the Waiting for network configuration. . . problem. The solution is to edit out the wired Ethernet interface section (eth0 on my netbook) in /etc/network/interfaces. I am not sure why the network configuration code could not sense that there is nothing plugged in there and skip the configuration in that case.

Google +1 Button

The Google +1 button is one easy way to share a web page with people on the Google+ social networking service from Google. Google has a specific page for it. Basically you need to add a JavaScript that works on a Google XML tag. But the problem is that when you use the Google Sites service, you cannot just insert a JavaScript snippet in a page.

So I searched for a Google+ button for Google Sites specifically and immediately found this gadget posted in the Google Sites forum:

http://code.alexandrojv.com/gadgets/Google-Plus-1-Button.xml

That made it a lot easier to add a Google +1 button in a Google Sites page.

电子邮件的安全问题

对内行来说，“电子邮件”和“安全”这两个词在同一句话里出现是不对的，因为电子邮件的设计从技术上来说，几乎就不可能是安全的。医院往外发的邮件都会自动加上一个免责声明：“Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues” -- 就是起一个警告作用。

比电子邮件安全的现代通讯手段多得是，但是，俗称“伊妹儿”的这东西可能是大多数网民第一个接触到的互联网通讯工具，方便、简单、实用。这也是为什么现在每个人的邮箱里都塞满了垃圾邮件，但还是无法舍弃电子邮件。通讯工具本质就决定了用的人多才方便实用，就算我个人不喜欢电子邮件，但是需要联系的人用 email，我也就只能将就了。两年多以前 Google Wave 推出的时候，我很激动了一阵，最终不得不放弃，在 Google 公布停止 Wave 的开发之前很久就停止了使用，原因很简单：我希望联系的人都不用 Wave。

写这篇文字的起因，是最近几天连续有几位平时有邮件来往的熟人都出现了问题，先是一位从英国伦敦发来一封紧急求助的邮件，述说财物被盗，让朋友们赶紧按信里给的地址汇钱相助。这种手法我见惯了，相信收到这封邮件的其他人也不会上当，但是我还是给所有人发了一封警告的邮件。第二天又收到另外一人的邮件，里面只有一个网页的网址，我知道多数也是被人冒名发的垃圾，点了进去，却发现冒名者还有更险恶的招数在里面。赶紧又给所有收件人发了一个警告，结果马上收到一位朋友的回邮，说她已经点了那个网页。幸好她还算有所警觉，没有再进一步上当。

这个网页点进去之后，浏览器里会弹出一个窗口，告诉你你的电脑有安全问题，你需要马上安装一个软件来解决问题。这次的这个网页设计得还不十分逼真，以前看见过更像真的。遇到这种情况，记住不要再点任何按钮，尽管弹出的窗口可能有“OK”和“Cancel”这样的选择，但是你点那个结果可能都是一样的。如果你不幸误点了任何按钮，记住千万不要同意安装任何软件；如果你更不幸安装了软件，那你就赶紧祈祷或者拜佛吧。

前段时间网上热烈讨论 Gmail，特别是一些中国维权人士的邮箱，遭遇来自中国的攻击一事。当时一位香港人士在 YouTube 上发了一段视频，显示了一个邮件里收到的视频链接，在点击了之后就在他的 Gmail 帐号里自动设置了一个邮件转发。随便在 YouTube 上搜索一下“Gmail hack”就能找到无数的视频，不过这并不是说 Gmail 特别不安全，实际上 Gmail 比其他一些同是通过浏览器操作的邮箱相对来说要比较安全一些 -- 注意我用的“比较”一词：我前面说过，目前的电子邮件技术不可能绝对安全，而浏览器操作的邮箱，如比较常见的 Gmail、Hotmail 以及 Yahoo! Mail 这些，又给恶人更多一些攻击的角度，所以，使用电子邮件记住一点：电子邮件不安全！

今天，我在三天之内收到第三个由熟人邮箱发来的垃圾邮件 -- 这三起一是 Hotmail，两个是 Yahoo! Mail，所以我想还是写一笔。

首先，是邮箱的密码：记得曾经看过一个教小孩上网安全的招贴画，说“密码象内裤一样，一定要定期更换。”一般人很少换密码，更不会象换内裤那么勤。但是如果你的邮箱密码十年没变，应该考虑变一下了。同时，密码也要讲究一些：不要太过熟悉、太过简单，比如电话号码、生日什么的，最好不要用。最好是自己设计一个规则：比如，如果你喜欢摇滚，可以记住一句歌词，或者记住一句俗语，象什么“害人之心不可有”之类的，然后抽取每个字（词）的第一个字母，加一些大小写变化，再加一些符号之类就不错：“H4zxbk6!”。

其次，还是要多一些安全意识。上述那位香港人士演示的通过 Gmail 邮件转发来偷人私信的手法，是利用了 Flash 软件的一个漏洞。Flash 是 Adobe 公司的一套软件，常被用来制作、放送网络视频、动画之类，基本上在所有的浏览器里都有 Flash 插件。如果有人恶意制作一个视频放在网上，然后通过电子邮件发给你，在你收看视频的时候，他背后偷偷地做一些小动作，比如偷你邮箱的 Cookie 去修改你邮箱的设置，你基本上根本不会注意。这种攻击手段往往容易让人中招，尤其如果你是从“熟人”那里收到转发的视频，你更可能放松警惕。Flash 是一个著名的不安全软件，但是挡不住用的人多，另外一个 Adobe Reader 用来阅读 PDF 文档的，也是 Adobe 公司的产品，两者都屡次被用作恶意攻击的工具。

再次，多数人使用微软的视窗 (Windows) 操作系统软件，但是多数人可能的都没有定期更新系统的习惯。这又是一个需要“象内裤一样”对待的事儿，一定要定期做。微软公司每个月至少发布一次安全补丁，如果你不修补你的电脑系统的话，后果就像裤子破了不补一样 -- 你知道会出现什么状况，对吧？当然，这些系统补丁有时候是会有意想不到的副作用，比如打完补丁系统无法启动之类的，可能会偶有发生，那也是无法避免的。作为微软的用户，你只能“两害相权取其轻”，或者闭着眼睛，在红药丸和蓝药丸两者之间选一个。

还有，就是微软视窗里的 IE (Internet Explorer) 浏览器软件，如果能不用，改用 Mozilla Firefox 或者 Google Chrome 浏览器最好。如果一定要用 IE，注意在定期做好系统补丁的同时，把 IE 更新到最新版本。

最后，还有一个办法就是彻底摆脱微软视窗的桎梏。以前，我一直向人推荐 Linux -- 这是一个开源的系统，相对来说市场占有率远远低于微软的视窗，没有病毒侵害之忧，而且操作上不比微软视窗差，只是有区别而已。现在，Linux 对我个人来说仍然是首选，但是市场上用谷歌安卓 (Google Android) 系统的智能手机、平板电脑类的产品已经非常丰富而且越来越多、越来越便宜，Google ChromeBook 一类产品也开始崭露头角，都是值得推荐的 PC 换代产品，当然如果你钱多的话，苹果公司的 Mac、iPhone、iPad 之类也是不错的选择。但是，从电子邮件的角度来说，安卓一类产品与 Gmail 的紧密结合用起来会比苹果公司的产品更方便。

说完这些，还是要重申一点：目前还没有什么能改变电子邮件不安全这一现实。

国际互联网机构敞开了域名系统的大门

(Source: Internet Body Opens Way For New Domain Names)

山姆 · 赫尔姆斯
道琼斯通讯社

新加坡（道琼斯）-- “点康姆”时代已经结束，欢迎进入“点神马”时代。

统管国际互联网域名政策的机构星期一表决通过了决议，将允许任何公司和个人以任何语言、注册任何字符串作为网站域名，这一步迈出可能会改变人们浏览互联网的习惯方法。在新的政策规定下，人们可以用 .com、.net 或者 .biz 以外的其他后缀来注册域名，甚至可以用单个词语做网址。

简称 ICANN 的非营利机构“国际互联网名称与编码联合体”介绍说，采用这一更加开放（同时也可能更加混乱）的域名注册办法，目的在于激发新一轮的创新。商业机构可以创立标志性域名来推广品牌，而专家们也说，这对银行一类注重联网安全问题的机构会起到帮助作用。也能帮助业者创造商业机会，销售二级域名。

“这可能是域名空间一个崭新的创新时代来临的曙光”，ICANN 的首席席执行官罗德·贝克斯特罗姆星期一在新加坡说。他接着道，“互联网的域名系统这一开放直面整个人类的想象力和创造力，将带来无穷的机会。”

总部在墨尔本的澳洲域名国际公司负责管理澳大利亚 (.au)、阿曼 (.om)、卡塔尔 (.qa) 和阿拉伯联合酋长国 (.ae) 等国家域名的注册，其首席执行官亚德里安·金德里斯目前正帮助他的客户做申请他们自己的顶级域名的准备。他说，这些申请者中主要是商业公司，希望保全其品牌，还有就是创业者希望在网络空间圈下一块有价值的“地皮”。

例如，注册“.doctor”（点医生）这个顶级域名的人可以靠向行医者专卖“某某医生”这样的二级域名赚钱。“我觉得这些域名可以卖 $1000 一个，因为顶级域名里可以建立验证机制来增值，”金德里斯说。

顶级域名可以由最长达 63 个字符的任何字符串构成，ICANN 说。例如，"asknotwhatyourcountrycandoforyouaskwhatyoucandoforyourcountry" 不加后缀可以用来注册域名。不过，申请人必须预付 $185000 美元来注册这样一个域名，而传统的域名将来还是只需很小的一笔费用。

ICANN 将在 2012 年 1 月 12 日至 4 月 12 日之间根据新的规则接受域名注册申请。第一批新域名在 2012 年下半年就可能上线。

ICANN 说，上述的昂贵收费是根据处理这类申请整个过程估计所需的成本，包括处理域名纠纷可能需要的法律程序和其他一些无法预料的事项，当然，这个域名“拍卖”也有可能产生相当可观的一笔收入，那将归入 ICANN 的储备基金。

“拍卖”的赢家将由专家组根据一系列条件来审核申请者合格与否，比如申请人使用所申请域名的计划，其商业模式是否能够持久，等等。

如果申请人在赢家公布之前撤回申请，将根据提前量得到相应的退款。

ICANN 如果怀疑申请人有对明显不属于他们的某品牌或商标侵权的图谋，将会拒绝其申请，由此可见，理论上真正有权申请象 .cocacola 这样一个域名的也就一家公司。

问题可能复杂化之处在于象 .anything 这类语义普通的域名，但这也可能是 ICANN 能捞一票的地方。

如果 ICANN 无法就某个域名从一组申请人中间挑出一个最合适的候选人，那么申请将进入拍卖程序，最终可能谁钱袋最大谁就是赢家。

ICANN 的主席 Peter Dengate Thrush 在媒体招待会上说，他觉得大部分纠纷会在申请程序之外、进入拍卖阶段之前得到解决。

“但是如果真的进入拍卖程序，卖得的钱也还是回归整个 ICANN 社区，用于正途，”他说，但没有具体说 ICANN 会拿这些钱干什么。

这不是 ICANN 头一次计划增加通用域名的数量。大约十年前，为了缓解对一些热门的域名的需求，类似 .info、.biz 和 .museum 等一批通用顶级域名投入了使用，但业界对这些新域名的反应并不踊跃。

-By Sam Holmes, Dow Jones Newswires; +65-6415-4157; samuel.holmes@dowjones.com

What's wrong with Cisco's software

Here is what's wrong: They obviously do not do quality control on their software.

Here is the proof: That is a warning message one gets when completing a Local Username NetConfig job instance.

Warning:

If you have selected Local credential in Common Parameters pane and Secret credential in IOS Parameters pane as Disable then Secret credential is updated in the Credentials database.

If you have selected Local credential as No Change in the Common Parameters pane and selected Disable for Secret credential in the IOS Parameters pane, then Secret credential is updated in the Device and Credentials database.

If you have selected Local credential as Disable in the Common Parameters pane, and selected No Change for Secret credential in the IOS Parameters pane, then Local credential is updated in the Device and Credentials database.

That message is as cryptic as this one -- But that is not the problem I am babbling about here.

The problem is: There is no Disable option, anywhere, period!

You can see in the second screen shot: There is No Change, Add, and Remove. But there is no Disable.

It's not like this is the first release of the software. It is CiscoWorks LMS 3.2.1.

[Edit 2011-06-01]: Here is another proof I almost forgot and got reminded today.

Mystery with CiscoWorks Device Discovery

Cisco Discovery Protocol (CDP) is a nice feature, similar to the standard Link Layer Discovery Protocol (LLDP), for discovering how devices are interconnected at the data link network layer -- or directly wired between devices, in plain English. CiscoWorks does a very good job discover devices on a network using CDP and other protocols. The way it is done is: (1) A protocol or a set of protocols are selected; (2) A set of seed devices are configured for each protocol; (3) A job is scheduled to run periodically to sweep the network.

We are pretty much a Cisco shop, so I select CDP and routing table, give them the core routers as seed devices, and set it to run every some days of the week. The job usually takes a long time due to the number of devices involved -- One could exclude devices by rules, such as IP address range or device classification (sysObjectID), etc. which would save time for the job as it avoids querying devices that may never respond.

The mystery I run into is that, my scheduled discovery job runs but never seems to be able to completely finish. CiscoWorks always tells me that it does not have any information for the latest discovery job. Cisco TAC engineers have provided suggestions, but nothing seems to help.

After some digging around, I found that the log rotation job I scheduled to run everyday is likely the culprit. I may have inadvertently checked the Restart Daemon Manager option when scheduling the log rotation job.

The lesson for me is, with Cisco's software, I have to be aware what I am doing every step of the way to avoid shooting myself in the foot. Otherwise, I may be in for a fun ride that is hard to find a way out.

VirtualBox as a Windows Service

Running VirtualBox as a service allows a guest virtual machine be automatically started when the host is started.

Just a few links for reference:

• Chapter 7. Remote virtual machines, Oracle VM VirtualBox^® User Manual, Oracle Corporation, Copyright © 2004-2011 Oracle Corporation
• How to run VirtualBox as service in Windows, 21 Jun 2009 @ 8:40 PM
• How to run multiple VirtualBox as service in Windows simultaneously, 08 Jul 2009 @ 10:22 AM
• Running VirtualBox VMs as Services in Windows, Joe Mocker's Weblog, Mar 04, 2010

CiscoWorks LMS 3.2 NetConfig Notes

I want to curse whomever at Cisco who wrote this message:

Warning:

If you have selected Enable Password in Common Parameters pane and Enable Secret in IOS Parameters pane as Disable then Enable Secret password is updated in the Credentials database.

If you have selected Enable Password as No Change in the Common Parameters pane and selected Disable for Enable Secret in the IOS Parameters pane, then Enable Secret Password is updated in the Device and Credentials database.

If you have selected Enable Password as Disable in the Common Parameters pane, and selected No Change for Enable Secret in the IOS Parameters pane, then Enable Password is updated in the Device and Credentials database.

Cisco's software always leaves a lot to be desired, maybe more than others'. But this is beyond the pale.

How to Build an FRC Team Website

I have volunteered to evaluate websites for the FIRST Robotics competition, since one of my daughters is in Team 3322. From reading the websites of a number of FIRST Robotics Competition (FRC) team websites, I see many of them are missing out on some very basic points. So I thought I would write down some thoughts.

Here is a website received the highest scores among the 11 sites I evaluated: http://www.team2834.com/. Take a look and you will see the points I am going to make below.

1. Promote FIRST RoboticsIt makes sense, doesn't it? Your team is part of the FIRST community made up by thousands of teams, and the FIRST community needs your team just like others to grow bigger and stronger. So promote the concept behind the FIRST competition to every one of the visitors to your site: Put the FIRST logo where your visitors see when they first come on to the site; Tell them about the game(s) of competition this year; Tell them more about the different programs FIRST has; What is FLL, FTC and FRC, etc. Materials are there on the FIRST website. You are not to copy and paste, but it is not hard to tell the story of FIRST once you learn what the community and programs have to offer.
2. Team BuildingYour team may be a rookie or a veteran. But your team and team members have their own stories. Tell them on the site. Tell your visitors who you are: Name and number of the team, who are the current members and alumni. Use words, images, videos to tell the stories of your past competitions, current activities, challenges and triumphant moments. Tell stories of people who support the team: mentors, parents and teachers.
3. Help OthersCoopetition is a word you hear a lot in FIRST events. Basically it means that the kids are competing with each other, while at the same time, they are helping -- cooperate with -- each other. What people do in that sense is to provide helpful information, links, pointers and some times tool kits, to other teams.
4. Meet Technical ChallengesThere are many technical challenges in the FIRST Robotics Competition. Specifically in building a website, one must make sure that the site passes a few marks:
   
   1. It needs to render correctly in all the major browser software: Chrome, Firefox, Internet Explorer, Opera and Safari. Multiple versions of Internet Explorers (6, 7, 8, 9) are in use, but it is probably OK just to target version 7.
   2. It is a plus if the site is made reasonably readable on a mobile device, such as an Android phone or an Apple iPod Touch.
   3. HTML validation: Make sure that there are no errors in the HTML code.
   4. CSS validation: The same here -- make sure there are no errors.
   5. Accessible to handicapped people: It may not come natural to everyone that people challenged physically are also online. It is not difficult to allow them to access a web site. But the tools they use do appreciate a little assistance. For example, giving a photograph an appropriate title, allows a blind person to hear what the photo is about.
5. Utilize Online Resources
   There are many resources available online for one to build a web site. For example, there are open source content management systems, such as Drupal, Joomla and WordPress that would make the website administration an easier job. There are also online tools to help with the technical challenges mentioned above. For example, the W3C has tools for HTML and CSS validation. There are also tools for accessibility test.
6. Have Fun!
   I am not good at that. But I trust that the kids will always find ways to have fun while doing things.

Rooting Gone Bad + Road to Recovery (I Hope)

Received on 3/31 my ViewSonic gTablet from the Woot sale. Immediately started researching rooting it and modifying it. To tell the truth, being able to run things on a tablet the way I want it is half the whole reason I want Android.

So I found the XDA Developers forum, registered and started my research. Perhaps being a Linux user, or perhaps the fact that rooting and installing the ClockworkMod Recovery was easy and smooth, made me feel a bit too brave than I should have. Anyway, I ended up following this simple set of instructions rather than dig deeper on the forum. I installed VEGAn-7-03082011-Experimental, rather than VEGAn 6 stable version, since many have reported that the VEGAn 7 experimental releases are stable enough for daily use.

Well, the gtablet ended up in a state where it powers up, displays the ViewSonic 3-bird image, and stops there. That was last night.

But all is not lost. Far from it, since I can hold volume up and start the gTablet in to the ClockworkMod Recovery mode.

At this point, I think I still have an option to repartition the tablet's inner storage (also an SD card?) before nvflash it.

References

• Install ClockworkMod, a ROM, Flash Player, and the Market Fix
• nvflash FULL restore, using bekit's original image (Instructions)
• G-Tablet Full Restore your Gtablet using nvflash - refresh to factory
• [FIX] Full market (improved market fix) on G Tablet (YouTube video)
• [FAQ] Viewsonic G-Tablet ROMs Frequently Asked Questions (READ THIS FIRST)

[Edit] -- Problem solved! The install guide listed first in the references above really made it easy. I guess the problem I had was caused either by missing a step (although I am pretty sure I followed the instructions to the letter) somewhere, or by the fact that the VEGAn 7 build is not for my particular gTablet.

Anyway, I redid the mod using the stable release of VEGAn v5.1 beta release. My tablet is back. Now I need to get Android Market working so I can get my apps.

[Resolved]

Windows Vista: Pings But No Browsing -- Solved

Before a friend asked me to help a friend of hers with a PC problem, I never knew so many people are suffering from the same issue: Here is a proof. And the problem does not seem to stop with Vista. It seems to be epidemic in the Windows world. Many seem to suffer from the same problem or with a slight twist one way or another.

The problem was initially communicated to me simply as: She couldn't get on the Internet, which I thought was simple. However, a little big of digging around revealed something different: The laptop (an Acer Exensa 5420-5687, running Windows Vista Home Premium 32-bit OS) connects to the network fine, either wired or wireless. The problem is that the browsers don't work, although nslookup returns DNS name lookup results fine and pinging IP addresses or host names responds normally.

So far, I have tried running netsh winsock reset, netsh int ipv4 reset, etc. Nothing has changed. Disabling all third party services in msconfig didn't help. I have removed Symantec anti-virus, there is no Norton on the machine.

Under wireshark, I can see DNS packets going out of the network interface when connected on wireless. No action in a browser has generated any outgoing packets. That seems to tell me that there is something gone bad somewhere in the Windows TCP/IP stack that completely blocked traffic from any browser application. That may sound bizarre, but this is Windows! Anything could happen.

Rebuilding the OS may be much easier than trying to figure out what is wrong, however trivial the problem may be in the end. But the owner says she has lost the discs, maybe the machine never came with one. So that may leave me with no choice but to become a pirate.

[2011-03-19] -- The removal of expired Symantec stuff may not have been as clean as it should/could have been. Anyway, the problem is resolved using the Norton Removal Tool. Also worth noting is this thread of discussion about this exact problem, which contains a posting with a compiled list of different things that may have something to do with the problem.

Every time I encounter a problem like this, I thank Linus Torvalds for Linux.

Gizmo5 关张

当年，The Gizmo Project 是 Linux 系统上最早做互联网话音服务和软件的几个项目之一。两三年前，忘了具体的日子，登录 Gizmo5.com 的时候，网站的首页上写着，公司已经被 Google 收购了，暂不再接受新用户。其后静候佳音，却一直没有消息。前几天，突然收到邮件，说 Gizmo5 将于四月三日停止提供服务。

Gizmo5 的这个决定，或者说，Google 的这个决定，也不算很意外。毕竟 Gmail 里面整合的电话功能推出已有一段时间，而且应该说，Gmail 整合电子邮件和电话这两个常用的功能做得还是挺成功的。再加上与 Google Contacts 的整合，让使用者在一个界面之下能够同时做两件经常要做的事，共用一个通讯录，是个很合理的组合。

唯一失去的可能就是一个能够独立使用的客户端，不仅可以使用 Gizmo5 自有的网络电话技术，还兼容 SIP 标准，以及多种短信通讯技术。不过这些功能都有其他可以替代的软件，如 Pidgin、Empathy 等等。另外一个需要用户自己做的，是向 Google Voice 转移，以前在 Gizmo5 购买的话费可以一并转账，或者退款。通过 Gmail，Google Talk 和 Google Voice 这样的组合，用户现在到 2011 年的年底还可以免费在美国境内打电话。

JavaScript 纠错

用 jQuery 有一段时间了，一直是用 Firefox 做开发环境，一个重要的原因就是因为 Firebug 这个好工具。但是有时候 JavaScript 在 IE 里面会出现一些奇妙的错误，有些时候这些错误还不是很容易重复。或许还是我太懒，一直用 Firefox 顺手，所以有成见。不过有这种成见的似乎不只我一个。

言归正传，今天有遇到一位只用 IE 的同事 -- 因为在医院做技术支持，机器上一般都只有 IE -- 用我的 portman 工具时遇到问题。于是就搜了一下 "Firebug IE7"，找到这篇文章《Firebug in IE for *any* web site》，顺藤摸瓜回到 Firebug Lite，文中的主意似乎已经被吸纳到“正版”里了，现在只要直接在 IE 里面加一个书签就行。

这么现成的工具，以前居然一无所知。

诺基亚投向微软怀抱也许对大家都好

刚才在网上读了这篇《Counterpoint: Nokia choosing WP7 may be good for everyone》觉得应该同意一下。作者的观点是，现在安卓 (Android) 和 iPhone 已经形成智能手机的两大阵营，而黑莓 (Blackberry) 在很长时间里无所作为，坐视 Apple 和 Google 两家鲸吞市场份额。虽然市场对微软的“运气” (Win 7) 反应不咋地，但是市场上多一个竞争者对最终用户总是好事，况且微软还是一头八百磅的市场巨猿。

不过，我觉得微软的大对她在手机市场的腾挪并不是好事，微软的移动平台 Windows Mobile 在手机上已经时日不短，早期市场上微软似乎对其他任何平台都是威胁，Palm 的消亡尤历历在目。然而随着前面六个版本一次次的让人失望，Windows Mobile 到了今天纵使摇身一变成 Windows Phone 也还是不免有点“鸡肋”。比较 WP、iPhone、Android，对于 WP 的遭遇不难看出一点端倪：微软不管做什么软件，桌面情节都还是太重。当然，这也是微软的历史使然，她靠桌面操作系统、桌面系统上的应用软件起家、称霸，断然放弃这个霸主地位，从感情上、从生意人的市场分析角度，都是不可为的事。只是时事逼人，就算是诺基亚的加盟给 WP 打了一剂强心针，如果微软不彻底丢弃她的桌面情节，最终式微也不会太远。

虽然我一贯厌恶微软，智能手机市场里能多一些竞争对于用户还是好事。