Happy Birthday Joel!

Joel turns four today! Happy birthday to you! As promised, we held your little birthday bash in the new house with the rest of the family. Hope you had a smashing good time!

Home delivery... The big move... And hello new home!

We finally decided to put aside the problems with the third storey and move into our new house anyway; its just too inconvenient for a family of five to cram into a one bedroom apartment. Moreover, we couldn't push back the delivery of the stuff we ordered for the new place much longer. And lastly, we promised little Joel that he will be spending his fourth birthday (which is tomorrow!) in the new house and we didn't want to disappoint him.

We managed to cram the delivery of our new sofa, dining, bed, washer, fridge and TV all within the last few days in preparation for our move today. Other than the magazine storage of the sofa set and fridge, all other items were delivered in good condition. Thank goodness for that.

So early this morning, we deposited the kids at my parents and started packing up for the move. Yeah, we should have done the packing way in advance but there just isn't enough room in the studio apartment to fit three hyper-active kids and all the packed boxes.

We didn't engage any professional help for the move as we are not bringing any furniture or bulky items over. We also did not need to rope in any friends to help as we have been moving stuff to the new house during the last few visits. I've also finally managed to exercise the value of my SUV purchase earlier this year and boy am I pleasantly surprised at the amount of stuff that the CX-7 can hold; It took us only four trips to move nearly all our essentials. And this is including a ladder, bamboo sticks and a five-tier toyoga storage drawers!

We took the whole morning to pack followed by the whole afternoon to unpack. And boy what tough work it was moving stuff up and down six flights of stairs! I can already imagine my thighs and bum getting their much needed workout in the coming days... Its also at this time did I realize just how much stuff we (or should I say my kids) have. I am definitely not looking forward to doing this again anytime soon!

Setting up backup on the DNS-323

Here's a quick and dirty way of doing backups from Volume_1 (aka HD_a2) to Volume_2 (aka HD_b2) on a nightly basis. In summary, here is what you need to do:

1. Install and configure fonz's fun_plug. (look here for details)
2. Grab and install the rysnc addon package for fonz's fun_plug.
3. Define a rsync job to run on a nightly basis at 2:05am. The crontab line will look like this: 5 2 * * * /mnt/HD_a2/fun_plug.d/bin/rsync -rlptDv --delete /mnt/HD_a2 /mnt/HD_b2 >/mnt/HD_a2/fun_plug.d/log/rsync.last.log 2>&1
4. Create a script in the start folder (i.e. /mnt/HD_a2/fun_plug.d/start) to add the above into the crontab every time you boot the box. (Remember to set execute permission for the script to auto run on the next boot.)

Cracks in the walls + 6 days of endless rain + useless MA = big nightmare

What a week... Rain poured continuously for the past 6 days with just the occasional clear sky in between. And what timing too... It has to be right at the end of my renovation works at my new place to reveal the multiple points of water seepage problems in the house. And there goes my freshly painted walls and nicely varnished flooring...

Filed a repair form at the management office only to be told that "external walls are out of warranty" and I'm to find my own solution to the problem... WTF?! Even if its "out of warranty", its part of their scope of work to repair since external walls are considered part of the common property. "No sir" he says "not in this estate". WTF?!x2

Not believing that this should be the case, I subsequently called up the developer, main contractor, and even the BCA. After explaining my situation, all provided me with lots of information (some valid, some relevant but none of which will solve my problem).

In the meantime, I also inquired with a few waterproofing specialist on the cost of repairs and was dismayed to find that its not only expensive ($6k for 3 cracks?!), these so-called specialist won't guarantee that they can fix the problem for good. Experts my foot.

Finally, out of desperation, I decided to call the head office of the MA to give the manager a piece of my mind regarding the crap her guy is dishing me. She offered to take up my case and seek MC's approval to engage someone to repair the cracks. Now we are talking...

The bad news is, the MC don't meet till Jan 08 (and they probably will deliberate over a few weeks before arriving at any conclusion, which may not even be in my favor) and with the weather like this for the next couple of months (monsoon season you see), I think I'm better off paying for the repairs now then to pay for the interior damages later. So either way, I'm screwed. Welcome to the shitty world of strata title living.

Look ma! Its snowing... not!

Joel had his first experience with "snow" today. Well, no, unfortunately its not the real deal in some fancy temperate country (We'll get to that when little Jarett is old enough to travel) but in a large freezer-like contraption inappropriately called Snow City somewhere in the western part of Singapore. Why inappropriate? Because from what Mommy who accompanied him on the field trip says "Everything is frozen solid and there is more ICE than anything that resembles snow".

Thanks Snow City, now I'm going to have a hard time trying to convince Joel that our fridge has an ice compartment rather than a "snow" compartment in there...

Doremon vs Ultraman!

The kids in their new PJs... Looks like Doremon currently has the throne but will Ultraman settle for the no. 2 spot? Only time will tell... But for now... Stop fooling around and get back to bed!!! GRRrrr!

Seamless sign on to internal web applications using your Windows credentials

I was recently tasked to architect and lead the Single Sign On (SSO) implementation within the Pan Asia region. This is part of the global identity management initiative whose vision is enable any employee in any part of the world to access any authorized internal application, be it web or desktop, using a single username and password.

Given that:

1. the scope is for internal systems only,
2. all workstations are part of an Active Directory domain,
3. Windows authentication (aka NTLM/Kerberos) is the standard authentication protocol for non-web related access (shared folders, printers, Microsoft Exchange, etc) in our environment,
4. Internet Explorer is the standard browser application used in our environment.

Its a no-brainer that the cheapest and quickest way to achieve SSO is by enabling Windows authentication on the web application end.

Besides cost savings, the other major benefit to this approach is that users only have to sign on to their workstations once (i.e. the normal Windows login process) and enjoy seamless access to any (internal) web applications just like how you access Microsoft Outlook or shared folders today.

Getting this up and running in ASP/IIS based web applications is a piece of cake. See recipe. (No pun intended.) The key steps are:

1. Disable Anonymous Access and enable "Integrated Windows authentication" in IIS for the ASP/ASPX application in question.
2. Do the same in the web config file if this is an ASP.NET application.
3. In your code, grab the id of the user using the code Request.ServerVariables["LOGON_USER"].

On the Java front, there are two choices mainly:

1. via a servlet filter like JCIFS NTLM HTTP Authentication module, or
2. via Andy Armstrong's JAAS login module

One gotcha to take note of. The above works when your application, hosted in the internal network is accessed from the web browser:

1. via an internal IP.
2. via the hostname of the IIS server.
3. via a fully qualified domain name (FQDN) that is a sub-domain under your Windows domain. i.e. your Windows domain is acme.com and your application domain name is abc.acme.com.

If, however, your application is accessed via a FQDN other than the above, you will find that user is prompted for his credentials in a popup dialog much like what you get in Basic Authentication. Details on this issue (and workarounds) can be found in this KB article (ID 303650).

In summary, its due to Internet Explorer mistakenly identified your site as an Internet site and the default browser settings prevents it from sending your Windows credentials for security reasons. To overcome this, you have to add the FQDN to the "Trusted sites" or "Local Intranet" lists.

To make life easier for your users, and since they are all on the domain, you can get your system administrators to push this configuration change to their PCs transparently via group policies or logon scripts.