SIPE (MS Lync) plugin for Adium / Pidgin will fail authentication for users with very long passwords

Late last week I discovered an issue in the SIPE plugin for Adium (which lets you connect to MS Lync messaging servers using Adium, instead of the native Lync client).  The issue will prevent users who have very long passwords (somewhere north of 25 characters seems to be the magic number) from successfully authenticating.

I discovered this shortly after changing a password,  as my new one was roughly 32 characters long.   I found I could log in everywhere except for Lync.   I investigated various versions of Adium / SIPE to see if the issues were related to an update to the software (didn’t make sense, as I had just been logged in – but I checked anyway).   I also checked the Lync client to see if I could connect there (so as to determine if the issue was client side or server side).  Lync happily logged me in.

So then I tried a shorter password,  one around ~28 characters.   That, too, failed.    A third attempt at a password – one that rings in right at 25 characters – seems to have done the trick and is able to connect.

I’ve been looking at the code in the sip-sec-ntml.c file included with the pidgin-sipe-adium plugin source core,  but haven’t yet figured out what’s causing the issue.   Admittedly my C skills are a bit rusty.

Unfortunately, I didn’t think to get debug logs while the issue was happening,   and I don’t have a test environment I can use to easily grab those – so I’ve not been able to post a bug report on the SIPE plugin bug tracker.  I’m hopeful I can figure out the issue and post something along with the suggested solution.

 

 

 

Andy White, Carl Sampson liked this post

New beginning

For the past six months or so, I’ve been doing product management on two “products”, and building + managing a new team of analysts tasked with product security for a cloud based marketing software platform. I don’t feel like I was particularly effective at any of those tasks because I was stretched far too thin to be able to spend adequate amount of time on any of my tasks.

But I never complained (at least not too loud), and always tried my best to juggle the insane load and not let things fall apart too much. I figured (correctly, as it turns out) that it would be temporary and things would work out for the better.

As it turns out, this week I found myself presented with a choice: I could continue in product management, and likely have the team of analysts taken away from me, or I could make another career change and move to our engineering organization as a senior manager and continue to run – and expand – my team.

It was a difficult choice, as I enjoyed product management and finally felt like I understood it and was getting better at it. But at the same time I was just getting started with my team and didn’t feel it was wise to abandon my new guys so quickly after recruiting them – and I hadn’t yet left my mark and completed what I set out to do.

But ultimately, I had to decide what it was I really wanted to do – and that required thinking about what I ENJOY doing. I realized that when I find a new vulnerability in a system and exploit it successfully I feel a sense of satisfaction, and joy. I get excited. I’m happy. And that’s part of what my team does. Building my team would enable me to do what I enjoy, and to help others do what they enjoy – and even better, do it to help protect customers and make our products better.

After realizing that, it wasn’t even a question of which I would choose.

And so now, I’m starting anew. I can’t can’t wait to get started and make a difference.

Avoiding the quick and dirty hack

priorityIt’s quick and dirty, kind of a hack, and won’t scale… but we need this ASAP so lets do it.   We can always clean it up later when we have more time”

The assumption is that things will slow down, more time will suddenly become available, and the real  solutions that were deferred will become possible to achieve.  The reality is that things are unlikely to slow down and the next time you will be revisiting the problem is when your ‘quick and dirty’ solution failed to scale and turned into the latest in a long series of fires to put out.

It’s incredibly easy to fall into this trap.  With a long list of items that need attention and development – seemingly all of them critical – it can be incredibly tempting to try to solve some of the immediate needs as quickly as possible.   Often, “as quickly as possible” involves what are sometimes referred to as “dirty hacks” – and are widely recognized as sub-optimal solutions to the ultimate problem.  The rationale is that solving the immediate problem eases the pressure and allows us time to work on the other high priority issues – thus allowing us to get more done.  The problem is that it’s a false accomplishment – you haven’t really achieved more, or reduced the amount of work you have to do.   In reality, you’ve achieved less and increased the work you’ve got to accomplish.

Allow me to explain.
Read More

Brian McGreer liked this post

The choice is yours

After a particularly frustrating day in the office yesterday,  found myself becoming easily annoyed by the time I got home.  It didn’t take much for me to become annoyed.  From annoyed it was a blazingly fast journey to angry, and just a hop – skip – and jump from angry to seething.

But why?

At the time, I would blame it on my circumstances.   Everything was going wrong!  Nothing seemed to go my way!  The world is conspiring against me, and idiots are everywhere!  Why am I the only intelligent person on this rock?!

Clearly this was just the anger talking, but it’s easy to listen to that and agree – it’s the WORLD’s fault I’m this angry and pissed off.   It’s the WORLD’s fault that I’m not happy.  It’s so very simple and easy to place the blame anywhere else, to so clearly be the victim.

Except I’m not a victim,  at least not of anyone or anything other than myself.   You see,  I had a choice.    I could choose to become angry, or I could choose to shrug off the admittedly minor offenses that compounded to take me from calm to breathing-fire mad.  I could choose to remain angry, or let it go. I could choose to stew in unhappy annoyance or I could choose to enjoy my evening and have fun. Which course my night would take… would be of my own choosing.

As it turns out in this case, I chose the latter.  It wasn’t immediate, but it was conscious.   After realizing I was letting myself claim victim status and succumbing to anger, I took a few minutes to sit quietly outside on my deck and relax and let it go.  I made the choice to not be a slave to anger and annoyance and instead enjoy myself and be happy.

The best part?  It worked.

So, the next time you have a day where everything seems to be going wrong and the world is conspiring against you… take a few moments to sit quietly and relax.  Be positive, be happy, and good things will follow.  It’s not easy,  and it doesn’t come naturally.   It is a worthy exercise.   Being upbeat, happy and positive is far more likely to lead to an improvement in the outcome of your day.   It’ll also make people want to be around you, which will likely help reinforce a happy upbeat mood.
Just remember the next time you have a bad day – you can get angry or you can remain positive.  The choice is yours.

So are the consequences.

 

 

4th of July Recap

IMG_1411

The inaugural fire in the new fire pit – great success!

Our plans for the 4th were surprisingly low key this year,   after our initial plans fell through.   We decided that with the cool, clear, evening it would be a great opportunity to have the inaugural fire in the new fire pit and light of a few fireworks we had bought.  This, of course, after enjoying some cocktails and a decidedly “American” dinner of cheeseburgers on the grill.

The fire was great,  though most of the fireworks were…. less than we had hoped for.  Thankfully – about halfway through the pack of fireworks our new neighbors down at the other end of the cul-de-sac came and told us they were about to fire off about $1500 in fireworks (the big stuff) and we were invited to come down to watch.

We quickly grabbed some chairs and beverages and headed down to join a whole bunch of neighbors who came out to watch the show.

And what a show it was!     Leaning back in my chair quite comfortably as round after round of fireworks went streaking into the sky,  loudly bursting above us in all their colorful glory,  it was impossible not to smile and giggle and clap and be filled with a sense of belonging and happiness.   And community.

The old rusty metal fire pit served one final purpose:  a place to set off our puny fireworks.

The old rusty metal fire pit served one final purpose: a place to set off our puny fireworks.

I may not always get along with my neighbors… but it is nice that every once in a while we can come together as a community and enjoy something so simple as the birthday of our nation.   It’s nice that we can put aside differences and celebrate our freedom.  And play with explosives.

Those same neighbors invited us to a house party they’re having later this month.   Not sure if we’ll go – but it was nice that they invited us.

Next year we’re going to see if they want to work together and have a block party for the 4th – with grilled food,  swimming in various pools (possibly), music and – of course – a repeat of that fantastic fireworks show.    It was pretty spectacular.

 

 

Elizabeth Hess liked this post