MoonPoint Support Logo

 


Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals



Advanced Search
December
Sun Mon Tue Wed Thu Fri Sat
 
     
2014
Months
Dec


Wed, Dec 31, 2014 4:45 pm

Determining the version of Microsoft Word used to edit a .docx Document

I sent someone a Microsoft Word document that contained a network diagram I had created in PowerPoint and then copied and pasted into the Word document. I created the file on an Apple MacBook Pro laptop using Microsoft® Word 2008 for Mac and saved it in "Word Document (.docx)" format. The diagram I pasted into the Word document was created with Microsoft® PowerPoint® 2008 for Mac. The recipient informed me that some of the text in boxes in the diagram was cropped, so he edited the diagram and sent me a copy of the document with his edited diagram. When I viewed his version, I saw text missing that had been present in my version and some of the double-headed arrows I had on the diagram now looked odd to me when viewed in Word on the Mac. I presumed the issue was due to the different versions of Microsoft Word we are using, since I had encountered issues before where diagrams created in a Microsoft Office application on a Windows-based PC looked different when viewed in the same application on a Mac.

I thought he was likely using Office 2013, but I wanted to verify that was the version he was using. The .docx files we were exchanging became a standard Word format starting with Office 2007. They are in an Office Open XML format, which is a zipped, XML-based file format developed by Microsoft; information about the formats can be found in the Microsoft Office 2007 article Introducing the Office (2007) Open XML File Formats. Prior to Office 2007, Microsoft used proprietary file formats based on the OLE Compound File Binary Format.1

You can check the version of Word that was last used to edit a document by unzipping the docx file; you can use the unzip command from a shell prompt on a Mac OS X system. If your unzip program isn't opening it, you may have to rename it changing the .docx extension to .zip, but that's not needed for the OS X unzip utility. When you unzip the docx file, there will be a docProps directory with an app.xml file within it. In that file you will see a number between AppVersion tags, e.g., as shown below:

<AppVersion>15.0000</AppVersion>

To translate that number into the commonly used version number, the table below can be used:

NumberOffice Version
12.00002007 or Office 2008 for Mac
14.00002010
15.00002013

If you are interested in the usage for the other documents within the .docx container file, see the ForensicsWiki article Word Document (DOCX). The contents of the Word document can be found in word/document.xml when you examine the files within the .docx file.

Since I saw 15.0000 as the AppVersion in the file he sent, I could tell that he was, indeed, using Office 2013. In .docx files I saved from Word 2008, I saw 12.0000 as the AppVersion number within app.xml.

To resolve the problem, instead of copying and pasting the diagram from PowerPoint into the Word document, I saved it as a JPEG image from within PowerPoint. Then chose "Insert", then "Picture", then "From File" within Word to insert the diagram as a picture instead. When I viewed the document with embedded diagram afterwards in Word for Office 2007 and 2010 it looked the same as it did in Word 2008 on the Mac, though it had also looked ok in those Microsoft Windows applications when I used the pasted PowerPoint version. The embedded JPG file also looked the same in Apache OpenOffice Writer 4; it had not appeared when I viewed the document there previously and when I had viewed the PowerPoint file in OpenOffice Impress, the diagram looked quite different with most of the text missing and small circles beneath the network clouds in the diagram.

References:

  1. Microsoft Office: File formats and metadata
    Date accessed: December 31, 2014
    Wikipedia, the free encyclopedia
  2. Which Version of Microsoft Word created a given document?
    Date: August 25, 2013
    By: Gergely Herendi
    Super User
  3. Word Document (DOCX)
    ForensicsWiki

[/os/windows/office/word] permanent link

Tue, Dec 30, 2014 1:24 am

PHP script displaying wrong time

I include the following PHP code in web pages on this system to display the last time that a file was updated.
<?php

$thisfile = pathinfo($_SERVER['PHP_SELF']);

echo "Last modified: ".date("l F j, Y g:i A",
filemtime($thisfile["basename"]));

?>
After I replaced the hard drive recently and installed CentOS 7 as a fresh install, the times displayed have been ahead 5 hours, i.e., the PHP code was displaying a time stamp matching Universal Coordinated Time (UTC), also commonly referred to as Greenwich Mean Time, rather than Eastern Standard Time (EST)

I verified the time zone was set correctly at the operating system level with the timedatectl command, so I realized the issue must be with PHP itself. I checked the location of the PHP configuration file, php.ini and found it was located at /etc/php.ini.

$ locate php.ini
/etc/php.ini
/usr/share/doc/php-common-5.4.16/php.ini-development
/usr/share/doc/php-common-5.4.16/php.ini-production

I logged into the root account and checked the contents of the /etc/php.ini file. I found that the timezone was not set in the file:

[Date]
; Defines the default timezone used by the date functions
; http://php.net/date.timezone
;date.timezone =

So I removed the semicolon which was making the date.timezone line into a comment and set the time zone to be the appropriate one for Eastern Time (ET).

[Date]
; Defines the default timezone used by the date functions
; http://php.net/date.timezone
date.timezone =America/New_York

I then restarted the Apache web server software with the apachectl restart command, which fixed the problem.

[/languages/php] permanent link

Tue, Dec 30, 2014 12:51 am

Setting the time zone on a CentOS 7 system

You can see the time zones a CentOS 7 system recognizes by entering the command timedatectl list-timezones while logged into the root account.
[root@localhost ~]# timedatectl list-timezones
Africa/Abidjan
Africa/Accra
Africa/Addis_Ababa
Africa/Algiers
Africa/Asmara
Africa/Bamako
Africa/Bangui
Africa/Banjul
Africa/Bissau
Africa/Blantyre
Africa/Brazzaville
Africa/Bujumbura
Africa/Cairo
Africa/Casablanca

<text snipped>

Pacific/Pitcairn
Pacific/Pohnpei
Pacific/Port_Moresby
Pacific/Rarotonga
Pacific/Saipan
Pacific/Tahiti
Pacific/Tarawa
Pacific/Tongatapu
Pacific/Wake
Pacific/Wallis

For a system in the Americas, the following time zones are recognized:

[root@localhost ~]# timedatectl list-timezones | grep America
America/Adak
America/Anchorage
America/Anguilla
America/Antigua
America/Araguaina
America/Argentina/Buenos_Aires
America/Argentina/Catamarca
America/Argentina/Cordoba
America/Argentina/Jujuy
America/Argentina/La_Rioja
America/Argentina/Mendoza
America/Argentina/Rio_Gallegos
America/Argentina/Salta
America/Argentina/San_Juan
America/Argentina/San_Luis
America/Argentina/Tucuman
America/Argentina/Ushuaia
America/Aruba
America/Asuncion
America/Atikokan
America/Bahia
America/Bahia_Banderas
America/Barbados
America/Belem
America/Belize
America/Blanc-Sablon
America/Boa_Vista
America/Bogota
America/Boise
America/Cambridge_Bay
America/Campo_Grande
America/Cancun
America/Caracas
America/Cayenne
America/Cayman
America/Chicago
America/Chihuahua
America/Costa_Rica
America/Creston
America/Cuiaba
America/Curacao
America/Danmarkshavn
America/Dawson
America/Dawson_Creek
America/Denver
America/Detroit
America/Dominica
America/Edmonton
America/Eirunepe
America/El_Salvador
America/Fortaleza
America/Glace_Bay
America/Godthab
America/Goose_Bay
America/Grand_Turk
America/Grenada
America/Guadeloupe
America/Guatemala
America/Guayaquil
America/Guyana
America/Halifax
America/Havana
America/Hermosillo
America/Indiana/Indianapolis
America/Indiana/Knox
America/Indiana/Marengo
America/Indiana/Petersburg
America/Indiana/Tell_City
America/Indiana/Vevay
America/Indiana/Vincennes
America/Indiana/Winamac
America/Inuvik
America/Iqaluit
America/Jamaica
America/Juneau
America/Kentucky/Louisville
America/Kentucky/Monticello
America/Kralendijk
America/La_Paz
America/Lima
America/Los_Angeles
America/Lower_Princes
America/Maceio
America/Managua
America/Manaus
America/Marigot
America/Martinique
America/Matamoros
America/Mazatlan
America/Menominee
America/Merida
America/Metlakatla
America/Mexico_City
America/Miquelon
America/Moncton
America/Monterrey
America/Montevideo
America/Montserrat
America/Nassau
America/New_York
America/Nipigon
America/Nome
America/Noronha
America/North_Dakota/Beulah
America/North_Dakota/Center
America/North_Dakota/New_Salem
America/Ojinaga
America/Panama
America/Pangnirtung
America/Paramaribo
America/Phoenix
America/Port-au-Prince
America/Port_of_Spain
America/Porto_Velho
America/Puerto_Rico
America/Rainy_River
America/Rankin_Inlet
America/Recife
America/Regina
America/Resolute
America/Rio_Branco
America/Santa_Isabel
America/Santarem
America/Santiago
America/Santo_Domingo
America/Sao_Paulo
America/Scoresbysund
America/Sitka
America/St_Barthelemy
America/St_Johns
America/St_Kitts
America/St_Lucia
America/St_Thomas
America/St_Vincent
America/Swift_Current
America/Tegucigalpa
America/Thule
America/Thunder_Bay
America/Tijuana
America/Toronto
America/Tortola
America/Vancouver
America/Whitehorse
America/Winnipeg
America/Yakutat
America/Yellowknife

For a system on the east coast of the U.S., the appropriate time zone would be "America/New_York". You can see the current timezone setting with the command timedatectl with no parameters.

[root@localhost ~]# timedatectl
      Local time: Tue 2014-12-30 00:15:02 EST
  Universal time: Tue 2014-12-30 05:15:02 UTC
        RTC time: Tue 2014-12-30 05:15:02
        Timezone: America/New_York (EST, -0500)
     NTP enabled: yes
NTP synchronized: yes
 RTC in local TZ: no
      DST active: no
 Last DST change: DST ended at
                  Sun 2014-11-02 01:59:59 EDT
                  Sun 2014-11-02 01:00:00 EST
 Next DST change: DST begins (the clock jumps one hour forward) at
                  Sun 2015-03-08 01:59:59 EST
                  Sun 2015-03-08 03:00:00 EDT

If you need to change the time zone, you can enter the command with a set-timezone parameter, e.g., timedatectl set-timezone America/New_York.

You can use the ntpdate package to synchronize your system with a Network Time Protocol (NTP) server. You can check if the package is installed with the command rpm -qi ntpdate. You will see details on the package, if it is installed. If it is not installed, you will see "package ntpdate is not installed".

References:

  1. How To Configure Server Timezone In CentOS 7
    By: Richard W
    Date: September 14, 2014
    Liberian Geek

[/os/unix/linux/centos] permanent link

Mon, Dec 29, 2014 9:38 pm

Colasoft Ping Tool 1.2

If you want a graphical version of the ping tool that comes with most operating systems, the Colasoft Ping Tool provides a GUI tool that, in addition to providing the standard information provided by ping tests, such as minimum, maximum, and average response times, also puts the information into a chart, which can be viewed in several formats, e.g., bar chart, line chart, and area chart. As ping packets are sent, the program updates a graph showing how ping response times are varying over time with response times in milliseconds on the y axis and the x axis showing time. The program also allows you to save an image of the chart it produces as a BMP file, which can be viewed by a variety of image viewing programs on a Microsoft Windows system.

[ More Info ]

[/reviews/software/windows/network/icmp] permanent link

Mon, Dec 29, 2014 12:09 am

PowerShell Server 6.0

I installed PowerShell Server software on a Windows 8.1 Professional system to enable the system to function as an SSH server. I've used Bitvise's SSH server software and Copssh with recent operating systems, but hadn't used the PowerShell Server software before. The software allows a system to function as an SSH and SFTP server. I had hoped to be able to allow domain accounts to log into the system as well as local accounts, but so far I've only been able to log into the system via SSH after installing the software with local accounts on the system.

[ More Info ]

[/reviews/software/windows/network/ssh] permanent link

Sat, Dec 27, 2014 11:01 pm

EFI System Partition

PCs now have UEFI firmware rather than the BIOS they once had. Hard disk drives in systems with UEFI firmware may have an "EFI System Partition", which will be fairly small, e.g. about 100 MB, which may be a third partition on drives that may have an operating system, such as Microsoft Windows on one partition and system recovey software on another partition. The EFI partition must be formatted with the FAT12, FAT16, or FAT32 file system. The partiton will store boot loader code for operating systems, such as Windows, installed on other partitions and may also store device drivers needed by the firmware.

[ More Info ]

[/hardware/pc/UEFI] permanent link

Sat, Dec 27, 2014 3:20 pm

Windows Server 2012 - Folders located on the system hard drive

After I set up a Windows Server 2012 Essentials server, I noticed the dashboard indicated two alerts were pending. One of them was just to reboot the server since updates had been recently installed that required a reboot, but the other alert was "One or more server folders are located on the system hard drive". The folders referenced were as follows:

If you have a second internal drive or another partition on the primary drive you can move the folders with these steps.

[/os/windows/server2012] permanent link

Thu, Dec 25, 2014 9:29 pm

Windows Server 2012 Essentials Product Key

I needed to install Microsoft Windows Server 2012 Essentials on a system. Windows Server 2012 is the server version of Windows 8 and the successor to Windows Server 2008 R2. I had the product key for Windows Server 2012, but not the media. I downloaded an ISO file for Windows Server 2012 R2 Essentials from Microsoft at Windows Server Evaluations. The evaluation version allows you to try the software for 180 days before purchase. I burned the .iso file to a DVD and started the installation of the software. When I got to the "Enter the product key to activate Windows" step, I put in the product key I had, but received the message "We couldn't verify the product key. Please check your installation media." After triple-checking the product key, I had to conclude it wasn't going to work with the latest version of the software I downloaded from Microsoft's site. Someone provided me with a link where I could download an ISO file to use with the legitimate product key, but I was concerned about the possibility of tampering with the contents of that ISO file. So I checked the MD5 and SHA-1 hashes for the ISO file with digestIT 2004, which gave me the following hashes for en_server_install_disc_windows_server_2012_essentials_x64_dvd_1022281.iso:
MD5: 5ee4c7ad57248b5e791dcfd39d9e54e3
SHA-1: 1f3fbf9cd23f864a2acc6b7a6a8e6a9eb94b5c52

I was then able to verify those hashes with postings from Server 2012 Essentials RTM (SHA-1 from October 11, 2012) and Server 2012 Essentials RTM Page 2 (MD5 and SHA-1 from December 8, 2012) postings at My Digital Life Forums , which gave me the confidence to use that .iso file for the installation of the server software, since the hashes matched ones posted for the 2012 version of the software distributed by Microsoft. Such hashes are commonly used to verify that a file is exactly the same as it was when provided by the original software developer and has not been modified.

When I installed Windows Server 2012 from the DVD I burned from that ISO file, I was able to use the product key I had.

[/os/windows/server2012] permanent link

Thu, Dec 25, 2014 6:20 pm

Cloning a drive with Clonezilla

Clonezilla, which is a live CD based on Debian Linux, provides the capability to clone one disk drive to another. You can boot a system from the live CD and copy an entire drive, including Microsoft Windows partitions, to a new drive.

[ More Info ]

[/os/unix/linux/Clonezilla] permanent link

Mon, Dec 22, 2014 11:59 pm

Allow file downloads in Internet Explorer 11

A user reported she received the following message when attempting to download an attachment to email she was viewing while logged into her GoDaddy email account through Internet Explorer 11.

Security Alert - Your current security settings do not allow this file to 
be downloaded

I tried downloading a Microsoft Word .docx attachment to an email and saw the same Security Alert window, which stated "Your current security settings do not allow this file to be downloaded."

The setting, which applies to all files rather than a particular type of file such as a Microsoft Word document, can be changed through the following steps in Internet Explorer (IE) 11:

  1. Click on Tools.
  2. Select Internet Options.
  3. Click on the Security tab.

    IE Internet Options Security tab

  4. Select the Internet zone, which is the left-most zone in the row of icons representing the four zones: Internet, Local intranet, Trusted sites, and Restricted sites.
  5. Click on the Custom level button.
  6. In the Security Settings - Internet Zone window that opens, scroll down through the settings list until you see Downloads. For the File download option, change it from "Disable" to "Enable"

    IE Security Settings - File Download

  7. Click on the radio button next to "Enable".
  8. Click on OK.
  9. When asked "Are you sure you want to change the settings for this zone?", click on Yes.
  10. Click on the OK button to close the Internet Options window.

[/network/web/browser/ie] permanent link

Sun, Dec 21, 2014 5:38 pm

CoolYou

A friend was complaining that his laptop, which runs Microsoft Windows 7 Home Premium, was very slow, so he was considering purchasing another laptop. I suggested he download and install Malwarebytes Anti-Malware 1 x 1 px and scan the system with that software. One of the items it detected was CoolYou (image), which it classified as Trojan.Dropper.

[ More Info ]

[/security/malware] permanent link

Sat, Dec 20, 2014 10:46 pm

Malwarebytes Anti-Malware detection for csrss.exe

A user reported that she saw a message on her system, which runs Windows 7 Professional, Friday morning December 19, 2014 indicating that malware had been detected on her system by Malwarebytes Anti-Malware 1px x 1px.

Malwarebytes detected csrss.exe

The file, which Malwarebytes identified as Trojan.Agent, was csrss.exe was located in her %TEMP% directory, i.e., C:\Users\Pamela\AppData\Local\Temp. There is a legitimate Microsoft Windows file named csrss.exe, but that file is located in C:\Windows\System32. The legitimate file on her system is 7,680 bytes in size and has a time stamp of 0/7/13/2009 08:39 PM. When I checked the one Malwarebytes Anti-Malware was identifying as malware, I saw it had the same size and time stamp.

C:\Windows>dir %TEMP%\csrss.exe
 Volume in drive C is OS
 Volume Serial Number is 4445-F6ED

 Directory of C:\Users\Pamela\AppData\Local\Temp

07/13/2009  08:39 PM             7,680 csrss.exe
               1 File(s)          7,680 bytes
               0 Dir(s)  864,839,192,576 bytes free

I uploded the one Malwarebytes Anti-Malware flagged as malicious to Google's VirusTotal site, which analyzes uploaded files with many antivirus programs to determine if they are safe or potentially dangerous. I had the site reanalyze the file, which had been scanned previously. Zero of the fifty-four antivirus programs used by the site to scan the file identified it as malware. The SHA256 hash listed for the file is cb1c6018fc5c15483ac5bb96e5c2e2e115bb0c0e1314837d77201bab37e8c03a - see the report.

I ran a binary file comparison between the two files using the Microsoft Windows fc utility. It found no differences between the two copies of csrss.exe.

C:\Windows>fc /b %TEMP%\csrss.exe c:\windows\system32\csrss.exe
Comparing files C:\USERS\PAMELA\APPDATA\LOCAL\TEMP\csrss.exe and C:\WINDOWS\SYSTEM32\CSRSS.EXE
FC: no differences encountered

I had previously placed md5deep, which can be downloaded from md5deep and hashdeep, and its associated utilities on the system. I used the 64-bit version, since the system was running the 64-bit version of Microsoft Windows 7, of sha256deep to check the SHA-256 hash for the version of the csrss.exe file in C:\Windows\System32. It reported the same SHA-256 hash as VirusTotal listed for the copy of the file I uploaded from the users %TEMP% directory. I also checked the MD5, Tiger, and Whirlpool hashes for both files. For both files the MD5 hash was 60c2862b4bf0fd9f582ef344c2b1ec72 The Tiger hash function yieled a hash of 42e263a5861a1e3b8e411fec97994a32d2cdfc04cf54ab4b for both. The Whirlpool hash was def1e95668f22e06b605093df41d3bb635e7096860bb0adb6c405be49e723fb2497a8a2b64ca5d25519c4ba00c75facb0421bebc4df24f7c9918e0bb85f4c8f4 for both files.

C:\Program Files\Utilities\File\md5deep>sha256deep64 c:\windows\system32\csrss.exe
cb1c6018fc5c15483ac5bb96e5c2e2e115bb0c0e1314837d77201bab37e8c03a c:\windows\system32\csrss.exe

C:\Program Files\Utilities\File\md5deep>sha256deep64 %TEMP%\csrss.exe
cb1c6018fc5c15483ac5bb96e5c2e2e115bb0c0e1314837d77201bab37e8c03a C:\Users\Pamela\AppData\Local\Temp\csrss.exe

C:\Program Files\Utilities\File\md5deep>md5deep64 c:\windows\system32\csrss.exe
60c2862b4bf0fd9f582ef344c2b1ec72 c:\windows\system32\csrss.exe

C:\Program Files\Utilities\File\md5deep>md5deep64 %TEMP%\csrss.exe
60c2862b4bf0fd9f582ef344c2b1ec72 C:\Users\Pamela\AppData\Local\Temp\csrss.exe

C:\Program Files\Utilities\File\md5deep>tigerdeep64 c:\windows\system32\csrss.exe
42e263a5861a1e3b8e411fec97994a32d2cdfc04cf54ab4b c:\windows\system32\csrss.exe

C:\Program Files\Utilities\File\md5deep>tigerdeep64 %TEMP%\csrss.exe
42e263a5861a1e3b8e411fec97994a32d2cdfc04cf54ab4b C:\Users\Pamela\AppData\Local\Temp\csrss.exe

C:\Program Files\Utilities\File\md5deep>whirlpooldeep64 c:\windows\system32\csrss.exe
def1e95668f22e06b605093df41d3bb635e7096860bb0adb6c405be49e723fb2497a8a2b64ca5d25519c4ba00c75facb0421bebc4df24f7c9918e0bb85f4c8f4 c:\windows\system32\csrss.exe

C:\Program Files\Utilities\File\md5deep>whirlpooldeep64 %TEMP%\csrss.exe
def1e95668f22e06b605093df41d3bb635e7096860bb0adb6c405be49e723fb2497a8a2b64ca5d25519c4ba00c75facb0421bebc4df24f7c9918e0bb85f4c8f4 C:\Users\Pamela\AppData\Local\
Temp\csrss.exe

So I've no reason to suspect that the file in the %TEMP% directory is any different than the one in the C:\Windows\Temp directory. I thought that perhaps the only reason Malwarebytes Anti-Malware flagged it to be quarantined is that it was an exe file in the user's AppData\Local\Temp directory. It is possible that I copied the file there previously when I was checking on various files on the system when trying to eliminate a source of malware infection on the system and that an update to Malwarebytes Anti-Malware now has it mark any file in that directory as malware. I had Malwarebytes Anti-Malware quarantine the file and then copied another legitimate Microsoft Windows exe file, write.exe and also the csrss.exe file from \C:\Windows\System32 into that directory just to see if Malwarebytes Anti-Malware would flag them as malicious. It again detected csrss.exe as malicious, but did not report the write.exe file I copied into that directory from C:\Windows\system32 as malicious, so it doesn't seem to be judging all .exe files in that folder as potential threats, just certain ones.

[/security/antivirus/Malwarebytes] permanent link

Sat, Dec 20, 2014 9:13 pm

Seagate external USB drive part number 9SF2A4-500

I have a Power Adapters page where I list the power adapters that are needed for various devices. I started the page years ago after repeated instances where I had to figure out what power adapter went with what device when an adapter got disassociated from a device and either lost or jumbled with other adapters. To make it easier for me to immediately associate an adapter with a device, I listed the model/part number for a device and the model/part number for its power adapter. I also list, when I can find a source, a site where a suitable replacement adapter can be purchased. Now, whenever I encounter a device, I try to immediately enter the power adapter information for it on my web page. But today, I found a couple of power adapters next to a couple of devices that I had jumbled together. And when I checked my web page I found that I hadn't entered the power adapter information for either device. I was fairly certain that I could associate the right adapter with each advice, assuming that since the adapters were near the devices that they were indeed the ones that went with those devices, but while double-checking on the adapter for a Seagate USB external drive with part number 9SF2A4-500, I came across Felix's Blog, a blog from another person providing tech support, by Marcel "Felix" Giannelia of Terrace, BC, Canada who provides Disassembly instructions for Seagate 1 TB Expansion External Drive (9SE2A4-571 or 9SF2A4-500). I've copied his instructions to my own site here, so that I have a copy should the author's site, or even just these instructions, disappear, since he states at Welcome to Felix's little Knowledge Base thing that "I've been even sloppier about copyright in the files I've written myself. I intend the ones I wrote myself to be in the public domain." According to his disassembly instructions, the drive inside the Seagate External Expansion case is a Seagate Barracuda 7200.12 model ST31000528AS ST31000528AS 1px x 1px.

Checking other postings's to the author's site, I found "Do NOT paraphrase when calling tech support", which links to an email he sent to a user regarding the user's paraphrasing an error message for the Eudora email client, a program I once used many years ago and which users I supported once used. I can certainly emphasize with his posting; many years ago when I was a sysadmin for a Digital Equipment Corporation (DEC) VMS system, a user contacted me about a problem with one of her databases on the system. She gave me the error message and, since DEC very nicely provided documentation for the database software listing possible error messages and steps to take to rectify the problem associated with a particular error message, I referred to that documenation and found it listed an error message that was a very close match to the one the user gave me. After spending a couple of hours checking all of the possibilities listed for that error message, I contacted the user and had her recreate the problem. When she then read me the exact error message, I realized it was quite different than what she had paraphrased from memory previously. Once I had the exact error message, it only took me a few minutes to fix the problem, but I had wasted hours on the problem before that because she hadn't written down the exact message, but gave me a paraphrased version. One user takes snapshots of error messages on her computer screen with her phone now and sends them to me; that's very helpful, since I can see the window containing the error message and its exact contents.

I also found his "Why cats save humans from house fires" amusing, though the smoke alarm has almost never gone off in our house due to food preparation. It did go off one time when I put the tea kettle on the stove to heat water for tea and then went into another room to work on a computer. I didn't hear the tea kettle whistling; when the smoke alarm went off I went into the kitchen and found that all of the water in the tea kettle had boiled off and there was a burning puddle of plastic next to the tea kettle due to the plastic on the handle melting. Our cats didn't like the blaring smoke alarms throughout the house.

In another posting by Felix, I found an adapter that will also be useful to me, since it supports both IDE, aka PATA, drives as well as SATA hard disk drives listed in his a "Product Plug!" posting for a "Ultra USB 2.0 to IDE/SATA Cable for 2.5-Inch/ 3.5-Inch / 5.25-Inch Drive with Power Adapter", which he notes is a "a USB to any-kind-of-hard-drive adapter. That is, it's got a USB plug on one end, and all the kinds of hard drive connector mashed together on the other end. I just ordered one, because this is going to save me so much time disassembling USB enclosures". His link was to the ULT40112 on the TigerDirect.ca site, i.e., the Canadian site for TigerDirect; it is available in the U.S. from TigerDirect.com. I have devices that provide USB connectivity for hard drives that aren't in an enclosure, but none that support both IDE, aka PATA, and SATA drives.

Unfortunately, the plug on the Asian Power Devices WA-24E12 (output 12V 2A) power adapter I found near the drive that I thought went with the drive would not plug into the drive, even though according to information I found elsewhere online it should have worked for that drive. Another 12V 2A adapter, model ADS-24F-12 1224GPCU, I tried from another Seagate external USB disk drive enclosure did connect easily, though.

Seagate® Expansion™ External Data Sheet PDF icon

[/hardware/storage/Seagate] permanent link

Sat, Dec 20, 2014 5:38 pm

Checking the warranty on a Segate drive

If you want to check whether a Seagate disk drive is still under warranty, you can do so at either the Warranty Validation or the Customer Returns page. You can check the warranty for an internal hard disk drive or an external USB drive.

You will need to complete fields on the form for the following information:

If the warranty is expired, you will see "Warranty is expired for the entered Product/Serial". You won't see the date that the warranty expired on.

[/hardware/storage/Seagate] permanent link

Sat, Dec 20, 2014 1:58 pm

Viewing history of DNS server and IP Changes for a Domain

If you wish to view a history of Domain Name System (DNS) server changes for a domain name, you can do so through the WhoISrequest Domain History Checker, which tracks nameserver changes since 2002 for all COM, NET, ORG, INFO, BIZ and US domains.

E.g., if I put sailormoonworld.com, which was registered in 1998, in the search field, I can see a list of all of the DNS servers that translated the fully qualified domain name (FQDN) to an IP address since WhoISrequest began tracking name server changes in 2002. The history information for that particular domain shows that registration for the domain name lapsed in 2013 and the domain name was picked up by a domain name squatter then. The domain name squatter let the domain registration lapse in the summer of 2014. I re-registered the domain name for the original owner, a family member, in October.

You can also view such information through the DNS History site, which notes "Here at DNS History we have been crawling DNS records since 2009, our index currently contains over 200 million domains and discovering over a billion DNS records."

If I put sailormoonworld.com in the Doman Search field on that site, though, it does not have any information on it, though it does have information on moonpoint.com, though that information was last updated on 2010-08-11, so that site's information does not appear to be as comprehensive nor as up-to-date as the information provided through the WhoISRequest site.

You can also find past name server and registration information through the who.is Search Domain DNS and Name Server Information page. When you put a domain name in the search field, and click on "Search DNS and Name Servers", you will see information on the domain, such as name servers, SOA record, DNS records, including the mail exchanger (MX) servers for the domain. If you click on the History tab above that information, you will see past domain name registrars and name servers associated with the domain.

If you wish to see prior IP addresses associated with a domain name, you can use ViewDNSInfo IP History. I noticed when I checked sailormoonworld.com with its tool, though, that it is not showing a change made near the end of October for that domain. The last change it shows was for 2014-07-05. The site also has a lot of other tools, e.g. Google Pagerank Checker, etc.

[/network/dns] permanent link

Thu, Dec 18, 2014 10:53 pm

Finding files by modification date in Windows

If you need to search a Microsoft Windows for files modified on a particular date or within a specific time span, you can use the datemodified qualifier within the Windows Explorer.

[ More Info ]

[/os/windows/explorer] permanent link

Sun, Dec 14, 2014 6:05 pm

Determining the accounts in the administrators group form a command prompt

To determine the accounts in the administrators group for a Microsoft Windows system, you can use the command net localgroup administrators
C:\Users\Administrator>net localgroup administrators
Alias name     administrators
Comment        Administrators have complete and unrestricted access to the computer/domain

Members

-------------------------------------------------------------------------------
Administrator
JDoe
mayberry\Administrator
mayberry\Domain Admins
SvcCOPSSH
The command completed successfully.

[/os/windows/commands] permanent link

Sun, Dec 14, 2014 5:45 pm

Copssh Connection Issues

When I tried connecting to a Windows 7 Professional system running Copssh 5.0.1 from PuTTY 0.58 on a Windows Small Business Server (SBS) 2003 system, a "PuTTY Fatal Error" window appeared with the message "Couldn't agree a client-to-server cipher (available: aes128ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com)". I tried connecting from the same system with an OpenSSH_3.8.1p1 SSH client that is part of OpenSSH for Windows and received the message "no kex alg", which may mean "no key-exchange algorithm". When I tried specifying the encryption cipher using the OpenSSH client, I received an error message similar to the one I saw with PuTTY.
C:\Program Files\SSH\OpenSSH\bin>ssh -c 3des jdoe@192.168.0.15
no matching cipher found: client 3des-cbc server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
C:\Program Files\SSH\OpenSSH\bin>ssh -c blowfish jdoe@192.168.0.15
no matching cipher found: client blowfish-cbc server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com

When I tried connecting from the SBS 2003 system to another system, to which I could successfully connect with the OpenSSH SSH client, when I specified the -v option for debugging output with ssh -v jdoe@example.com, I saw the following:

debug1: Remote protocol version 2.0, remote software version OpenSSH_6.4
debug1: match: OpenSSH_6.4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none

I upgraded PuTTY on the client system from version 0.58 to 0.63. I then no longer received the message about no matching cipher being found, but, instead saw another "PuTTY Fatal Error" window open, this time with the message "Network error: Software caused connection abort". I saw the same error message when I used PuTTY's plink utility from the command line.

C:\Program Files\Network\SSH\PuTTY>plink -ssh jdoe@192.168.0.15
Using username "jdoe".
jdoe@192.168.0.15's password:
FATAL ERROR: Network error: Software caused connection abort

I installed Bitvise SSH Client (Tunnelier) 6.08 and tried connecting with that client. Like with PuTTY, after I authenticated with the SSH server, I was immediately disconnected. I saw the following from Tunnelier:

First key exchange completed using ecdh-sha2/nistp521. Session encryption:
aes256-ctr, MAC: hmac-sha2-256, compression: none. Attempting password authentication.
Authentication completed.
The SSH2 session has terminated with error. Reason: FlowSocketReader: Error
receiving bytes. Windows error 10054: An existing connection was forcibly closed
by the remote host.

When I was able later to connect to the system running Copssh via RDP for troubleshooting after the user had left for the day, I checked its status log, which you can do on a Windows 7 system by the following steps:

  1. Click on Start.
  2. Select All Programs.
  3. Select Copssh.
  4. Select Copssh Control Panel.
  5. Under the Status tab, you will see an icon that looks like a piece of paper with one edge folded down. You may also see something like "6 events last 15 minutes" next to it. Double-click on that icon.

    Copssh Control Panel status tab

When I checked the log, I saw many "fatal: mm_request_receive: read: Connection reset by peer" messages. There was a "Received SIGHUP; restarting" entry hours later.

2014.12.12 23:26:23 - Received SIGHUP; restarting.
2014.12.12 18:30:02 - fatal: mm_request_receive: read: Connection reset by peer

Seeing that, I tried establishing a connection with PuTTY again and was then able to log in by SSH successfully.

But then when I tried logging in remotely by SSH two days later the problem was back. I restarted the service within the Copssh Control Panel by clicking on the green button next to "Service is running" to stop the service. When the button turned red, I clicked on it again to restart the service, but that didn't resolve the problem; I still got the "Network error: Software caused connection abort" message when I tried connecting via PuTTY 0.63 and I saw the "fatal: mm_request_receive: read: Connection reset by peer" message in the Copssh log for evey connection attempt. Though I didn't expect it to resolve the problem, I tried the "net stop" and "net start" commands from a command prompt.

C:\Users\Administrator>net stop "OpenSSH SSHD"
The Openssh SSHD service is stopping.
The Openssh SSHD service was stopped successfully.


C:\Users\Administrator>net start "OpenSSH SSHD"
The Openssh SSHD service is starting.
The Openssh SSHD service was started successfully.

But that did work. I was then able to successfully log into the system via SSH.

[/os/windows/network/ssh/copssh] permanent link

Sun, Dec 14, 2014 5:10 pm

Ripping a CD with Microsoft Windows Media Player 12

To rip a CD to the music libary stored on your system, i.e., to copy the music from the CD to the hard drive on a Windows sytem, using Windows Media Player 12, take the following steps:
  1. Insert the CD in the CD/DVD drive in the system.
  2. Start the Windows Media Player application.
  3. On the left pane of the Windows Media Player window, navigate to the location of the CD/DVD drive, which should be displaying the album as shown below where the album is identified as "unknown album"

    Windows Media Player Rip CD to Library

  4. Right-click on the CD in the left pane of the window and choose "Rip CD to library. As the CD is "ripped", you should see the status displayed under "Rip status" near the top of the window; status information is also displayed in the lower, right-hand side of the window.

    Windows Media Player Rip Status

    The status under "Rip status" should change to "Ripped to library" at the completion of the rip process.

On a Microsoft Windows 7 system, you should then see the name of the album in your music folder under Libraries\Music or C:\Users\Username\Music\, where Username is the name for the account under which you logged into the system, if you look for it using the Windows Explorer. If the album/artist could not be identified by Windows Media Player, you may see an "Unknown artist" folder with an "Unknown album" folder within it. From the Windows Explorer, you can right-click on the folder names and change them, if you wish.

[/os/windows/software/audio-video/WMP] permanent link

Fri, Dec 12, 2014 11:54 pm

DNSQuerySniffer v1.35

I installed DNSQuerySniffer v1.35 on a Microsoft Windows Professional system which has been generating a lot of unusual DNS and HTTP traffic even when the owner of the system is not using the system. E.g., I've seen a lot of such traffic overnight, far more than can be accounted for by normal processes running and checking on available updates, etc. And the websites being contacted are not ones I would expect to be contacted. DNSQuerySniffer allows the DNS queries and responses from DNS servers to the system on which the software is installed to be monitored and captured for later analysis.

[ More Info ]

[/os/windows/software/network/dns] permanent link

Wed, Dec 10, 2014 11:53 pm

SysRescueCd

If you need to boot a system outside of the operating system residing on its hard disk drive, a live CD or DVD provides a means to boot the system from an optical drive with an operating system that is on the CD or DVD. There are many Linux-based live CDs, which can be used to boot and troubleshoot systems running Microsoft Windows as well as those running Linux. Many Linux-based live CDs have antivirus, backup utilities, etc. that facilitate troubleshooting and maintenance of Windows systems. One such live CD is SystemRescueCd.

[ More Info ]

[/os/unix/linux] permanent link

Tue, Dec 09, 2014 11:32 pm

Microsoft Visual C++ Runtime Error from Dell Stage

On a Dell desktop system running Microsoft Windows 7 Professional, for awhile now whenever the user logged into her account, a Microsoft Visual C++ Runtime Library window opened with the following information displayed:

Runtime Error!

Program: C:\...

 

This application has requested the Runtime to terminate it in an
unusual way.
Please contact the application's support team for more information.

[  OK   ]

Checking on the application that was creating the window, I found it to be "Dell Stage", which was software preinstalled on the system, which I uninstalled.

[ More Info ]

[/os/windows/software] permanent link

Sun, Dec 07, 2014 10:45 pm

Scan of Windows system with Malwarebytes Anti-Malware on 2014-12-07

When I scanned a Windows 7 Professional system with Malwarebytes Anti-Malware it reported a file associated with PUP.Optional.TorchMedia, which I had it remove.

[ More Info ]

[/security/malware] permanent link

Sun, Dec 07, 2014 7:30 pm

Rotate the DNS server log file on a Windows server

For a site where a Windows Small Business Server (SBS) 2003 system serves as a DNS server, I wanted to rotate the DNS log file every night at midnight. The log file is named DNS.log and I'd like to close the current log at midnight renaming it to DNS_YYYYMMDD.log where YYYY is the 4-digit year, MM, the month (1-12) and DD the day (1-31). The system date can be put in the format YYYYMMDD using substring extraction as explained at Appending a date to a filename in batch files.

Renaming the log file requires stopping the DNS server service, which can be done with the command net stop "DNS Server". If you try to move the file without stopping the service, you will receive the message below:

D:\Logs\DNS>move dns.log dns_old.log
The process cannot access the file because it is being used by another process.
        0 file(s) moved.

After the file is moved/renamed, the DNS server service can be restarted with net start "DNS Server".

The location of the DNS log file is stored in the Windows Registry. A REG QUERY command can be used to obtain the current location for the file as explained at Determing the location of a Microsoft Windows DNS log file from a command prompt. After the location and name of the file is determined, the DNS server service can be stopped, then the current log file can be renamed, and the DNS server service can be restarted, creating a new log file with the name and at the location indicated by the registry entry.

The batch file is shown below and is available here.

@echo off

REM Name: rotatednslog.bat
REM Version: 1.0
REM Created: December 6, 2014
REM Last Modified: December 6, 2014
REM
REM: Location of latest version: 
REM: http://support.moonpoint.com/downloads/computer_languages/mswin_batch/rotatednslog.bat
REM
REM Description: When scheduled to run at the end of each day, this batch
REM file will roate the DNS server log. The DNS server service will be
REM stopped temporarily, so the current DNS log can be renamed to a log file
REM with the name DNS_YYYYMMDD.log, where YYYY is the year, MM the month, and
REM DD the day. The DNS server service will then be restarted creating a
REM new DNS log file. The current location of the DNS log file is obtained
REM from the Windows Registry.

REM Required for substituting the contents of a variable in string subsitution
REM employed to insert the contents of the date variable YYYYMMDD in the log
REM file name.

SETLOCAL ENABLEDELAYEDEXPANSION

REM Windows Registry key holding the location of the DNS log file

SET regkey="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters"

REM Registry value needed from the above key

SET regvalue="LogFilePath"

REM Extract only the file location from the output of the reg query command

FOR /F "tokens=3" %%G IN ('reg query %regkey% /v LogFilePath ^| find %regvalue%') DO set logfile=%%G

REM Set the variable YYYYMMDD to today's date in YYYYMMDD format where
REM YYYY = 4-digit year, MM is month (1-12), and DD is day (1-31)

SET YYYYMMDD=%DATE:~10,4%%DATE:~4,2%%DATE:~7,2%

REM Set the name for the rotated log file to have "_YYYYMMDD.log" at the
REM end of the file name.  Need to use delayed expansion.

SET renamedlog=!logfile:.log=_%YYYYMMDD%.log!

REM Stop the DNS server service

NET STOP "DNS Server"

REM Move the log file to its new location with its new name.
REM Since you cannot specify a new drive or path for your destination file with
REM the RENAME command, I'm using the MOVE command, instead, in case I may
REM wish to update this batch script to move the file to another drive and/or
REM directory.

MOVE %logfile% %renamedlog%

REM Restart the DNS server service

NET START "DNS Server"

If it is run from a command prompt, you will see the following output:

C:\Program Files\Utility\Scripts>rotatednslog
The DNS Server service is stopping.
The DNS Server service was stopped successfully.

        1 file(s) moved.
The DNS Server service is starting.
The DNS Server service was started successfully.

Since I would like the batch file to execute at the end of each day, I scheduled it to run at 23:59 (11:59 PM) Monday through Sunday with the command at 23:59 /every:m,t,w,th,f,s,su "C:\program files\utility\scripts\rotatednslog.bat (specify the location for the batch file).

C:\Program Files\Utility\Scripts>at 23:59 /every:m,t,w,th,f,s,su "C:\program files\utility\scripts\rotatednslog.bat"
Added a new job with job ID = 5

I could have used 00:00 to run the batch job at midnight, but I set it to run 1 minute before midnight to be sure that the date inserted in the name of the file is the one for the day that has just ended rather than the date of the new day.

If you want to see the details of scheduled batch jobs, you can just enter at without any parameters at the command line and hit return. You will then see all the scheduled batch jobs. There may be gaps in the ID numbers if some batch jobs have been deleted.

C:\Documents and Settings\Administrator>at
Status ID   Day                     Time          Command Line
-------------------------------------------------------------------------------
        1   Each M T W Th F S       7:30 PM       d:\backups\daily.bat
        2   Each Su                 7:30 PM       d:\backups\weekly.bat
        5   Each M T W Th F S Su    11:59 PM      "C:\program files\utility\scripts\rotatednslog.bat"

If you wish to delete a scheduled batch job you can use at id /delete, where id is the numeric ID assigned to a batch job. E.g., the rotatednslog batch job above could be deleted with at 5 /delete.

[/network/dns/windows] permanent link

Fri, Dec 05, 2014 11:27 pm

Determine the file name and extension from a string containing path and filename

For Microsoft Windows systems, if you have a string or variable holding the complete path to a file and the file name and extension, but you wish to have just the file name and the extension of the file you can use %~nx1 which will expand the batch parameter expansion variable %1 to a file name and extension.

Other modifiers you can use in expansion are as follows:

ModifierDescription
%~1 Expands %1 and removes any surrounding quotation marks ("").
%~f1 Expands %1 to a fully qualified path name.
%~d1 Expands %1 to a drive letter.
%~p1 Expands %1 to a path.
%~n1 Expands %1 to a file name.
%~x1 Expands %1 to a file extension.
%~s1 Expanded path contains short names only.
%~a1 Expands %1 to file attributes.
%~t1 Expands %1 to date and time of file.
%~z1 Expands %1 to size of file.
%~$PATH:1 Searches the directories listed in the PATH environment variable and expands %1 to the fully qualified name of the first one found. If the environment variable name is not defined or the file is not found, this modifier expands to the empty string.

Combinations of modifiers and qualifiers that you can use to get compound results are shown in the table below:

ModifierDescription
%~dp1 Expands %1 to a drive letter and path.
%~nx1 Expands %1 to a file name and extension.
%~dp$PATH:1 Searches the directories listed in the PATH environment variable for %1 and expands to the drive letter and path of the first one found.
%~ftza1 Expands %1 to a dir-like output line.

In the examples above, you can use other batch paramters besides %1 and PATH. Cmd.exe provides the batch parameter expansion variables %0 through %9.

Batch parameters can't be manipulated in the same manner that you can manipulate environment variables. You can't search and replace values or examine substrings within them. You can, however, assign the parameter to an environment variable and then manipulate the environment variable.

So, if I wanted just the file name dns.log from d:\logs\dns.log, I could use the following in a batch file:

@echo off
call :getfilename "d:\logs\dns.log"
exit /b

REM Determine just the file name

:getfilename
echo %~nx1

If I have the above batch commands in a file called test.bat, I would see the following when I ran it.

C:\Users\JDoe>test.bat
dns.log

If there is a Windows Registry key containing the file location and I want to query that key and extract just the file name, I could use commands such as the following if the file location was stored in LogFilePath for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters:

@echo off

REM Regkey is set to the registry key containing the location of the DNS log 
REM file

set regkey="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters"

REM Regvalue is set to the value that is desired from the above registry key

set regvalue="LogFilePath"

REM log_file_location is set to contain the complete path to the log file nad
REM its name, e.g., d:\logs\dns\dns.log

FOR /F "tokens=3" %%G IN ('reg query %regkey% /v LogFilePath ^| find %regvalue%') DO set log_file_location=%%G

call :getfilename %log_file_location%
exit /b

REM Determine just the file name

:getfilename
echo %~nx1

References:

  1. Using batch parameters
    Microsoft Corporation
  2. Determing the location of a Microsoft Windows DNS log file from a command prompt
    Date: November 22, 2014
    MoonPoint Support

[/os/windows/commands] permanent link

Fri, Dec 05, 2014 12:45 pm

Using tcpdump on OS X

When I tried running tcpdump on a MacBook Pro laptop running Mac OS X 10.8.5 from an account that was configured to "Allow user to administer this computer" in System Preference/Users & Groups, I received a "no suitable device found" message.
$ tcpdump
tcpdump: no suitable device found

The problem can be addressed by changing the ownership or permissions of the Berkeley Packet Filter (BPF) file in /dev. The default permissions and ownership are shown below:

$ ls -l /dev/bpf*
crw-------  1 root  wheel   23,   0 Nov 30 22:42 /dev/bpf0
crw-------  1 root  wheel   23,   1 Dec  4 21:45 /dev/bpf1
crw-------  1 root  wheel   23,   2 Dec  4 15:39 /dev/bpf2
crw-------  1 root  wheel   23,   3 Nov 30 22:41 /dev/bpf3

To resolve the problem, I changed the ownership of the bpf0 file to the account I was using:

$ sudo chown jdoe /dev/bpf0
Password:

I also checked to see what the designation was for the wireless adapter in the system. It was en1.

$ networksetup -listallhardwareports

Hardware Port: Bluetooth DUN
Device: Bluetooth-Modem
Ethernet Address: N/A

Hardware Port: Ethernet
Device: en0
Ethernet Address: d4:9a:20:0d:e6:cc

Hardware Port: FireWire
Device: fw0
Ethernet Address: d4:9a:20:ff:fe:0d:e6:cc

Hardware Port: Wi-Fi
Device: en1
Ethernet Address: f8:1e:df:d9:2b:66

VLAN Configurations
===================

I then tried again to run tcpdump specifying the wireless interface; this time I received a "You don't have permission to capture on that device message with a reference to bfp1, so I changed the ownership on that file as well. I was then able to observe traffic with tcpdump.

$ sudo chown jdoe /dev/bpf0
$ tcpdump -i en1
tcpdump: en1: You don't have permission to capture on that device
((no devices found) /dev/bpf1: Permission denied)
$ sudo chown jdoe /dev/bpf1
$ tcpdump -i en1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en1, link-type EN10MB (Ethernet), capture size 65535 bytes

I changed the ownership back to root on /dev/bpf0 to see if I could still run tcdump, but when I did so I was no longer able to observe network traffic with tcpdump.

$ sudo chown root /dev/bpf0
$ tcpdump -i en1
tcpdump: en1: You don't have permission to capture on that device
((no devices found) /dev/bpf0: Permission denied)

I could have just changed ownership of all of the bpfx files in /dev initially with sudo chown jdoe /dev/bbf*, but I wanted to determine if I only needed to change a specific one for the wireless interface, en1. Alternatively one can expand the permissions on those files, e.g., one can use sudo chmod 644 /dev/bpf*. When the system is rebooted the permissions/ownership will be reset, so you will have to take the same steps to run tcpdump subsequent to a reboot of the system.

I specifically wanted to check on DNS queries, so, after changing the ownership for the bpf file back to the account I was using, I specified port 53, but saw no data.

$ tcpdump -i en1 'port 53'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

I wasn't able to observe the DNS traffic until I ended the VPN connection I was using when I ran the command. Once I disconnected from the VPN, I was able to check on the DNS queries from the system and the responses from a DNS server.

References:

  1. Tcpdump Permission Denied on OS-X
    Date: June 12, 2007
    MoonPoint Support
  2. Managing Wi-Fi from the terminal command line under OS X
    Date: February 28, 2014
    MoonPoint Support
  3. No Interfaces Available In Wireshark Mac OS X
    Date: January 31, 2010
    langui.sh Languishing since 2008.

[/os/os-x] permanent link

Tue, Dec 02, 2014 9:45 pm

Shellshock Vulnerability on OS X Systems

You can test a system to determine if it may be vulnerable to being exploited through the shellshock, aka bashdoor, vulnerability using the command env x='() { :;}; echo vulnerable' bash -c 'echo this is a test'. If it is vulnerable, you will see the commands executed that appear after the semicolon. On vulnerable systems, Bash is executing commands that are concatenated at the end of function definitions stored in the contents of environment variables.

When I checked a MacBook Pro running, OS X 10.8.4, I saw output indicating it was vulnerable, i.e., I saw "vulnerable" displayed when the command was run. The check can be performed by opening a Terminal window and entering the code. The terminal application is in Applications/Utilities.

$ env x='() { :;}; echo vulnerable' bash -c 'echo this is a test'
vulnerable
this is a test

A bash shell prompt could be otained by a malicious remote user if Remote Login was enabled and Guest Access was also enabled, though, hopefully, if Remote Login was enabled, Guest Access would not be enabled. Of course, a malicious person could also gain access to the system remotely if Remote Login is enabled and a weak password is present for an account on the system that is allowed remote access.

A OS X system could also be vulnerable if it is functioning as a web server and there are scripts present on the server that would allow an attacker to provide any input he wishes that could be executed as code by the script.

Apple released a fix for the vulnerability for OS X systems on September 29, 2014.

After the laptop was upgraded to OS X 10.8.5 and security updates were applied, I didn't see "vulnerable" displayed when the code was executed.

$ env x='() { :;}; echo vulnerable' bash -c 'echo this is a test'
this is a test

And when I tested the related vulnerability CVE-2014-7169, the date was no longer displayed.

$ env X='() { (a)=>\' sh -c "echo date"; cat echo
date
cat: echo: No such file or directory

A system that has been patched for both CVE-2014-6271 and CVE-2014-7169 will simply echo the word "date" and the file "echo" will not be created, as shown above.

References:

  1. Shellshock Vulnerability: What Mac OS X users Need to Know | The Mac Security Blog
    By Derek Erwin
    Date: September 26, 2014
    Intego - Mac Antivirus & Security
  2. Shellshock (software bug)
    Wikipedia

[/security/vulnerabilities/multios] permanent link

Mon, Dec 01, 2014 10:32 pm

Searching for messages in Outlook 2010

Microsoft Outlook 2010 provides a means to quickly search through email for particular messages by specifying multiple criteria in its search field. It also provides the means to use logical operators, such as NOT to exclude some messages that you deem not pertinent.

[ More Info ]

[/network/email/clients/outlook] permanent link

Sat, Nov 29, 2014 2:02 pm

Creating a Windows 8 System Repair Disc

For any Microsoft Windows system, you should ensure that you have a Microsoft Windows Repair Disc to aid in recovering from problems before you experience some problem on the system that makes the system unbootable. A Windows Repair Disc is a bootable disc that can be created inside Microsoft Windows which will contain a number of repair tools that will allow you to recover from some types of problems that can make a system unbootable from the hard drive. Steps to create a repair disc in Windows 8 are posted here.

[/os/windows/win8] permanent link

Wed, Nov 26, 2014 11:28 pm

Logging on a Verizon MI424WR-GEN2 Router

The Actiontec MI424WR-GEN2 router/firewall provided by Verizon to business clients has a system log that is viewable by logging into the router and also supports sending logging information to a syslog server. The steps to view the log and/or set the device to send information regarding connections through the firewall can be found here.

[/network/routers/actiontec/MI424WR] permanent link

Wed, Nov 26, 2014 8:49 pm

Opening a file in Chrome

If you need to open a file on your hard drive in Google's Chrome browser, you can use the keyboard shortcut Ctrl-O, i.e., by hitting the Ctrl and O keys simultaneously. Or, if you want to open a file on drive C: on a Microsoft Windows system, you can put C:\ in the browser's address bar. The address will change to file:///C:/, i.e., the word "file" followed by a colon and 3 forward slashes and then the drive letter specified, colon, and forward slash, which conforms to the standard file URI scheme for accessing file-based URLs. You can then navigate to the file you wish to open in the browser. Or, if you know the full path, you can put it in the address bar, e.g., c:\users\jdoe\documents\index.html.

[/network/web/browser/chrome] permanent link

Wed, Nov 26, 2014 6:58 pm

Turning McAfee Total Protection Real-time protection off

Sometimes you may wish to temporarily disable the antivirus software on a system in order to scan the system with other antivirus/antispyware software. If you are using McAfee Total Protection as the antivirus software on a system, instructions for turning off its real-time scanning feature are listed here.

[/security/antivirus/mcafee] permanent link

Tue, Nov 25, 2014 10:35 pm

Checking on process memory consumption on a Windows system

Sometimes when checking on excessive memory usage on a Microsoft Windows system with the Task Manager I see that many instances of a particular process may be listed. I wanted a way from a command prompt to total the amount of memory consumed by processes with a particular name, e.g. chrome.exe, so I created a showmemusage.bat batch file to allow me to specify a particular process name and then have the script add the memory usage for all processes with that name.

[ More Info ]

[/os/windows/commands/batch] permanent link

Sun, Nov 23, 2014 11:20 pm

Copssh 5.0.1

If I will need to remotely troubleshoot a system, I like to have the system functioning as an SSH server, so that I have a means to log into the system over an encrypted connection to a command line interface. Microsoft Windows sysems don't come with SSH server software from Microsoft, but there are third-party applications that allow you to set up a Microsoft Windows system as an SSH server. By using an SSH connection to obtain a Windows command prompt, I can log into the system for troubleshooting while the user continues to work on the system without interfering with the user's work. One software package that I've found that works well for that purpose is Copssh (Gygwin + OPenSSH).

[ More Info ]

[/reviews/software/windows/network/ssh] permanent link

Sat, Nov 22, 2014 11:46 pm

Appending a date to a filename in batch files

I wanted to append today's date to a file name for a file processed by a batch job on Microsoft Windows systems, specifically a Small Business Server (SBS) 2003 system and Windows 7 and 8 systems. You can obtain the current date using the date /t command (the /t option prevents the command from prompting for a change to the date) or by using echo %date% to display the contents of the date environment variable. However, both of those display the date in the form DDD mm/dd/yyyy, where DDD is the day of the week represented by a 3-character abbrviation, e.g., "Sat", mm is a two-digit representation of the month, e.g., "11" for November, dd is the day and yyyy is the year, on the Windows systems I support.
C:\>date /t
Sat 11/22/2014

C:\>echo %date%
Sat 11/22/2014

You can reformat the representation of the date that is stored in the %date% environment variable, however. I wanted the date in the form yyyymmdd, so that I could stick that at the end of filenames to represent the rotation date for a log file. You can use a command like the one below where a variable, YYYYMMDD is set to hold the reformatted date (the variable name can be anything you like, e.g., mydate, etc., but that name reminds me of the format I'm using for the date.

C:\>set YYYYMMDD=%DATE:~10,4%%DATE:~4,2%%DATE:~7,2%

C:\>echo %YYYYMMDD%
20141122

The substring arguments to extract the elements of the date string are in the format %variable:~startposition,numberofchars%, so if the "S" in Saturday in the string "Sat 11/22/2014" is at position 0, the 10th character is the "2" of 2014 and I want 4 characters, i.e., "2014", so %DATE:10,4% will give me those characters. Or you can also think of the first number as the numer of characters to be skipped, i.e., %variable:~num_chars_to_skip,numberofchars%. I can then append %DATE:~4,2% to get "11" for the month followed by %DATE:~7,2% to extract the day, i.e., "22" if the date is November 22, 2014 represented in the %DATE% variable as "Sat 11/22/2014".

References:

  1. How to append a date in batch files
    Posted: May 14, 2009
    stackoverflow
  2. Extracting a Substring from a String under Microsoft Windows
    MoonPoint Support

[/os/windows/commands] permanent link

Sat, Nov 22, 2014 10:00 pm

Items detected by a ClamWin Scan on 2014-11-22

In continuance of an effort to ensure that all malware has been removed from a Windows 7 Professional system, I scanned the system with ClamWin Free Antivirus today. It identified 12 suspect items, but I'm not sure any of those contributed to excessive memory usage I saw at times on the system yesterday from explorer.exe consuming more than 1/2 the 6 GB of memory on the system for prolonged periods.

[ More Info ]

[/security/malware] permanent link

Sat, Nov 22, 2014 12:25 pm

Determing the location of a Microsoft Windows DNS log file from a command prompt

If you need to determine the location of the log file for a Microsoft Windows server functioning as a DNS server from the command line, you can do so through a reg query command.
C:\>reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters /v LogFilePath

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
    LogFilePath    REG_SZ    d:\logs\dns\dns.log

You can reduce the output displayed to just the line containing the log file location by piping the output of the reg query command into the find command.

C:\>reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters /v LogFilePath | find "LogFilePath"
    LogFilePath    REG_SZ    d:\logs\dns\dns.log

If you wish to see just the log file location and not the other information returned by the reg query command, you can use a FOR /F loop command such as the following:

C:\>for /f "tokens=3" %g in ('reg query "HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters" /v LogFilePath ^| find "LogFilePath"') do @echo %g 
d:\logs\dns\dns.log

C:\>

The FOR /F loop breaks up a line of output from the command that is being processed into items, called "tokens" that are separated by space on the lines of output from the command. In this case, I'm only interested in the third token on the line of output, which is the location of the DNS log file. The output that is being processed is the result of piping the output of the reg query command into the find command. Since the pipe symbol, i.e., the vertical bar character |, has a special meaning for the Windows operating system, you need to place an "escape character", which for Windows is the caret symbol, ^, immediately before it. You also need to put the at symbol, @, before the echo command to avoid seeing the echo command itself as output.

If you wish to use a batch file to execute the commands to find the log file location, you need to replace the %g with %%g as shown below.

@echo off
FOR /F "tokens=3" %%G IN ('reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters" /v LogFilePath ^| find "LogFilePath"') DO echo %%G

The registry key and the value to be queried can also be placed in environment variables that can be modified, if you wish to query other registry keys, instead of the one for the DNS log file location, so that it is easier to see what needs to be changed for such other queries.

@echo off

REM Name: queryreg.bat
REM Version: 1.0
REM Created: November 22, 2014
REM Last Modified: November 22, 2014
REM
REM Description: Displays just the value of a registry key from a
REM "reg query regkey /v regvalue" command omitting the additional
REM information that is output by the command

set regkey="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters"
set regvalue="LogFilePath"

FOR /F "tokens=3" %%G IN ('reg query %regkey% /v LogFilePath ^| find %regvalue%') DO echo %%G

Download: queryreg.bat

[/network/dns/windows/logging] permanent link

Fri, Nov 21, 2014 11:09 pm

Windows DNS Log Analyser

If you've turned on logging for the DNS service provided on Microsoft Windows servers, a useful tool for analyzing the contents of the log file is Windows DNS Log Analyser, which is a small (about 1.44 MB), free program that understands the Microsoft Windows DNS server log file format which will present the information to you in a more easily analyzed format.

[ More Info ]

[/network/dns/windows] permanent link

Thu, Nov 20, 2014 11:17 pm

Enabling DNS Logging on a Microsoft Windows SBS 2003 Sever

DNS logging can be useful when trying to monitor what systems an infected system is trying to contact. The DNS log will show you what DNS queries were sent by the system to the DNS server to look up IP addresses for host names.

[ More Info ]

[/network/dns/windows] permanent link

Tue, Nov 18, 2014 10:51 pm

Checking and changing the Windows Firewall settings on a Windows system

The advfirewall command can be used from a command prompt to check and modify the settings for the Microsoft Windows Firewall software on a Windows Vista, 7, 8, or Server 2008 system.

[ More Info ]

[/os/windows/software/security/firewall] permanent link

Mon, Nov 17, 2014 9:57 pm

COPSSH permission denied message

When I tried connecting from PuTTY on a Windows 8 system to a Windows 7 system running Copssh, a free OpenSSH-based SSH server package for Microsoft Windows systems, I received the message "Disconnected: No supported authentication methods available (server sent: keyboard-interactive)", which appeared in a "PuTTY Fatal Error" window. When I tried connecting using OpenSSH on a SBS 2003 system, I received the message "Permission denied (keyboard-interactive)." I received the same message using the ssh client on a Mac OS X system.

I opened the Copssh control panel on the system and clicked on the Users tab. I had been trying to login with a domain account, but found that the activated users list showed only two local accounts on the system, but no domain accounts. When I clicked on the Add button to add a new user, I found that for the "Domain" setting, the only option I could choose was the local system, since its name appeared, but there was no other value to select in the drop-down list. When I tried using one of the listed accounts for the user name and password, I was able to successfully log in by SSH.

[/os/windows/network/ssh/copssh] permanent link

Sun, Nov 16, 2014 11:28 pm

Malware Detected by Malwarebytes Anti-Malware 2014-11-16

A user who has been experiencing performance problems with her system recently reported it was running particularly slowly on Friday, November 14. I checked the system this weekend. Malwarebytes Anti-Malware detected some files associated with malware, but I'm not certain all problems associated with the system are resolved yet. One of the files, jm78.dll, it reported as associated with malware may have come from a no longer existing website in Russia, but I'm not certain of that, either and don't have time for futher investigation of the system tonight.

[ More Info ]

[/security/malware] permanent link

Sat, Nov 15, 2014 10:43 pm

Finding the proxy setting for Firefox from a command line

If Firefox on a Microsoft Windows system is configured to use a proxy server, you can find the proxy server settings in prefs.js in the account's Firefox profile directory. Searching the file for "network.proxy" will provide the settings.

[ More Info ]

[/network/web/browser/firefox] permanent link

Fri, Nov 14, 2014 10:51 pm

Checking Installed Updates with WinUpdatesList (WUL)

WinUpdatesList (WUL) from NirSoft is a free program that can show you the list of intalled updates on a Microsoft Windows system. It was written by Nir Sofer.

You don't need to go through an install process to use the program, though an installer is available for download from the developer's website. If you don't want to go through an installation process, simply download the zip file containing the executable program from the developer's website and unzip the contents of the zip file. Within the zip file are 3 files:

wul.exe43 KB
wul.chm15 KB
readme.txt9 KB

Note: File sizes are for version 1.32, which is the current version.

The wul.chm file is a Compiled HTML Help file.

When you run wul.exe by double-clicking on it, you will see a list of installed Windows updates, aka "patches". On Microsoft Window 98, ME, 2000, and Windows XP you will see a list of files associated with the patch in the lower pane of the WUL window. On Microsoft Windows 8, 7, Vista, and 2008 systems there is no information on files installed by the update in the lower pane.

WinUpdatesList (WUL)

By default, the list of installed updates is ordered by name, but you can click on the column headers to sort by other criteria. E.g., you can click on the column header Installation Date to sort by date the patch was installed.

You can right-click on an entry in the upper pane of the window and choose "Properties" to see more details as shown in the example below, for the installed patch.

WinUpdatesList (WUL)

The utility can also be run from the command line with the following options:

Command-Line Options

/stext <Filename> Save windows updates list into a regular text file.
/stab <Filename> Save windows updates list into a tab-delimited text file.
/scomma <Filename> Save windows updates list into a comma-delimited text file.
/stabular <Filename> Save windows updates list into a tabular text file.
/shtml <Filename> Save windows updates list into HTML file.
/sverhtml <Filename> Save windows updates list into HTML file. (vertical)
/sxml <Filename> Save windows updates list into XML file.
/another <Windows Folder> connect to another instance of operating system on the same computer (Windows 2000/XP only). You can combine this option with one of the save options in order to save the Windows updates list of another operating system.

Examples:
wul.exe /shtml c:\temp\1.html /another d:\winnt
wul.exe /another f:\winnt

/remote <Computer Name> Connect to remote Windows 2000/XP operating system. You can combine this option with one of the save options in order to save the Windows updates list of a remote computer.

Examples:
wul.exe /shtml c:\temp\1.html /remote \\comp01
wul.exe /another /remote \\192.168.0.101

[/os/windows/software/utilities/nirsoft] permanent link

Thu, Nov 13, 2014 10:41 pm

Determining the version of Flash installed on a system

You can determine the version of Flash installed on a system by visiting BrowserSPY.dk, which can provide a variety of information for your system, and running its Flash test. You can determine what version is the most current by visiting the Adobe Flash Player web page. As of November 13, 2014, the current version is 15.0.0.223. Note: browserspy.dk will display commas in place of the periods when it reports the version, i.e., 15,0,0,223

[/network/web/browser] permanent link

Thu, Nov 13, 2014 10:38 pm

Determining Java version on a Windows 7 system

To determine the version of Java installed on a Windows 7 system, take the following steps, which should also work on other versions of Windows, though you may need to look for "Programs" rather than "All Programs" for the first method, depending on your version of Windows.

Method 1

  1. Click on the Windows Start button, normally at the lower left-hand corner of the screen.
  2. Select All Programs. Scroll down until you see the Java group, then select it and "Configure Java" within it. You will then see a Java Control Panel window appear.

    Java Control Panel

  3. Click on the About button in the Java Control Panel window. An About Java window will appear telling you the version of Java that is installed on the system.

    About Java

Method 2

Obtain a command prompt by clicking on the Windows Start button then typing cmd and hitting return. At the command prompt type java -version and hit return.

C:\>java -version
java version "1.8.0_25"
Java(TM) SE Runtime Environment (build 1.8.0_25-b18)
Java HotSpot(TM) Client VM (build 25.25-b02, mixed mode, sharing)

The version information displayed above is "1.8.0_25". The first method displayed "Version 8 Update 25" for the same version. The number after the underscore in the output from the command line, i.e. "25", is the build number for that version. A version can have many build numbers before the developer increments the version number.

You can determine what version of Java is the latest or download the latest version from www.java.com.

[/software/java] permanent link

Wed, Nov 12, 2014 9:58 pm

Call to undefined function mysql_connect()

I finally resolved problems with access to MySQL databases on a CentOS 7 server from the command line yesterday - see MySQL service not running on CentOS 7 system - but when I visited web pages on the server that rely upon PHP code to access MySQL databases on the server, I was seeing blank pages, though other PHP web pages that didn't have any database access were displaying properly. When I checked the Apache error log for a website where the PHP code should have displayed data from a database, I saw "PHP Fatal error: Call to undefined function mysql_connect()" associated with attempts to load the web page containing the PHP code that connected to the MySQL database.

I verified that the php-mysql package was installed with rpm -qi php-mysql.

# rpm -qi php-mysql
Name        : php-mysql
Version     : 5.4.16
Release     : 23.el7_0.3
Architecture: x86_64
Install Date: Tue 11 Nov 2014 08:26:15 PM EST
Group       : Development/Languages
Size        : 237259
License     : PHP
Signature   : RSA/SHA256, Fri 31 Oct 2014 10:24:56 AM EDT, Key ID 24c6a8a7f4a80eb5
Source RPM  : php-5.4.16-23.el7_0.3.src.rpm
Build Date  : Fri 31 Oct 2014 09:07:27 AM EDT
Build Host  : worker1.bsys.centos.org
Relocations : (not relocatable)
Packager    : CentOS BuildSystem <http://bugs.centos.org>
Vendor      : CentOS
URL         : http://www.php.net/
Summary     : A module for PHP applications that use MySQL databases
Description :
The php-mysql package contains a dynamic shared object that will add
MySQL database support to PHP. MySQL is an object-relational database
management system. PHP is an HTML-embeddable scripting language. If
you need MySQL support for PHP applications, you will need to install
this package and the php package.

I created a PHP test page with the following code:

<html>
<head>
<title>PHP Test</title>
</head>

<body>

<h2>A test page</h2>

<?php echo "<p>Hello world</p>"; ?>

<?php phpinfo(); ?>

</body>
</html>

"Hello world" was displayed by the PHP echo command and the information from the phpinfo function was also displayed. I searched through the results displayed for references to "MySQL" and found mysql and mysqli sections, including the following:

mysql

MySQL Supportenabled
Active Persistent Links 0
Active Links 0
Client API version 5.5.37-MariaDB
MYSQL_MODULE_TYPE external
MYSQL_SOCKET /var/lib/mysql/mysql.sock
MYSQL_INCLUDE -I/usr/include/mysql
MYSQL_LIBS -L/usr/lib64/mysql -lmysqlclient

Since it appeared that PHP support for MySQL was present, I restarted Apache with apachectl restart, though I didn't expect that to resolve the problem. But when I refreshed the web page afterwards, the information from the MySQL database was displayed. Apparently, I should have restarted Apache after I ran the systemctl start mariadb.service to start the MariaDB database service yesterday. MariaDB is a fork of MySQL.

References:

  1. Fatal error: Call to undefined function mysql_connect()
    Date: May 16, 2012
    stackoverflow
  2. Resolving a Fatal error: Call to undefined function mysql_connect() in RedHat
    By: Shailesh N. Humbad
    Created: October 18, 2004
    Last Modified: July 24, 2011
    Somacon
    Articles on web development, software, and hardware

[/software/database/mysql] permanent link

Tue, Nov 11, 2014 11:06 pm

MySQL service not running on CentOS 7 system

When I issued the mysql command on a CentOS 7 system, I received the error message below:

ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (111)

It took me awhile to figure out that since I was using MariaDB, a fork of MySQL, that I needed to enter the following 3 commands to enable, run, and secure the MariaDB service.

systemctl start mariadb.service
systemctl enable mariadb.service
mysql_secure_installation

[ More Info ]

[/software/database/mysql] permanent link

Tue, Nov 11, 2014 5:26 pm

Checking the creation and modified times for files with python

If I want to display each line in a file with a python script and at the end of the output print the number of lines in the file, I can use the python code below:
filename = raw_input("Enter file name: ")
with open(filename) as input_file:
    for i, line in enumerate(input_file):
        print line,
print "{0} line(s) printed".format(i+1)

The script will prompt me for the name of the file to be checked and will loop through that file displaying each line from it, printing the total number of lines at the end of the file.

The comma after the print line statement prevents a newline from being printed, so each file name will be printed immediately below the preceding one without a blank line between them. If the comma was not there, a blank line would be printed between each line containing a file name.

The {0} references the first positional argument in the format statement, which in the case above refers to "i+1". The .format(value) at the end of the line tells python how to format the output. So the count of the number of lines in the file, which will be i plus 1, will be printed after the for loop completes.

If each line in the file is a directory path and file name, e.g.,:

./security/vulnerabilities/windows/wmf-vulnerability-exploited.php
./security/vulnerabilities/windows/kb908519_embedded-web-font.php
./security/antivirus/avast/avast-ie9/index.php
./network/Internet/domains/domain-reputation-check.php

then I can use import os.path, time to import modules that that will will allow me to obtain the time stamps for the files.

import os.path, time

filename = raw_input("Enter file name: ")
with open(filename) as input_file:
    for i, line in enumerate(input_file):
        print line,
        line = line.rstrip('\r\n')
        print "last modified: %s" % time.ctime(os.path.getmtime(line)),
        print "created: %s" % time.ctime(os.path.getctime(line))
print "{0} line(s) printed".format(i+1)

Since the input file was created on a Linux system each line ends with a newline character, which is represented by "\n". So I have to strip off the trailing newline at the end of each file name in the input file with the rstrip function. If the input file was created on a Windows system, I would have to strip off a carriage return, which is represented by "\r". By using rstrip('\r\n'), any carriage return or newline characters will be stripped from the end of each line in the input file, so the script will work on Mac OS, Mac OS X, Microsoft Windows, or Unix/Linux systems.

I see output such as the following when I run the python script:

$ python checkfile.py
Enter file name: checkfiles2_php.txt
./security/vulnerabilities/windows/wmf-vulnerability-exploited.php
last modified: Mon Jan  9 15:45:00 2006 created: Tue Oct 14 10:21:03 2014
./security/vulnerabilities/windows/kb908519_embedded-web-font.php
last modified: Wed Jan 11 23:42:00 2006 created: Tue Oct 14 10:21:03 2014
./security/antivirus/avast/avast-ie9/index.php
last modified: Sat Aug 11 17:22:14 2012 created: Tue Oct 14 10:21:05 2014
./network/Internet/domains/domain-reputation-check.php
last modified: Sun Oct  6 13:30:27 2013 created: Tue Oct 14 10:21:12 2014

The creation times displayed above are the time I copied files from an old drive to a new drive.

References:

  1. python looping through input file
    Date: July 30, 2013
    stackoverflow
  2. Python trailing comma after print executes next instruction
    Date: October 24, 2010
    stackoverflow
  3. 6.1. string — Common string operations
    Python 3.4.2 documentation
  4. Python string formatting: % vs. .format
    Date: February 22, 2011
    stackoverflow
  5. How can I remove (chomp) a newline in Python?
    Date: November 8, 2008
    stackoverflow
  6. How to get file creation & modification date/times in Python?
    Date: October 25, 2008
    stackoverflow

[/languages/python] permanent link

Tue, Nov 11, 2014 5:15 pm

Finding a particular string in files

On a Linux/Unix or Mac OS X system, you can use the find and grep commands to search for a specific text string in files. E.g., if you wished to search all files with a ".php" file extension for the occurrence of the word "noindex", you could use the following command:

find . -name "*.php" -exec grep "noindex" {} /dev/null \;

Since "*" has a special meaning for the shell, you will need to include it within quotes or precede it with the backslash escape character as shown below:

$ find . -type f -name \*.php -exec grep -l "noindex" {} \;

If I wished to search all files, not just those ending with ".php", I can use a command similar to the following one.

find . -type f -exec grep "noindex" {} \;

The -type f instructs find to only check regular files and not other objects such as directory names.

If I want to send the results to an output file, I could just append a >outputfile_name to the end of the line, but that will also produce output indicating that the output file itself is being checked.

$ find . -type f -exec grep "noindex" {} \; >checkfiles.txt
grep: input file ‘./checkfiles.txt’ is also the output

To avoid that issue, you can use the --exclude argument.

$ find . -type f -exec grep -l --exclude checkfiles.txt "noindex" {} \; >checkfiles.txt

I can also use just the grep command, as shown belown:

$ grep -rwl . -e "noindex" --include=\*.php

The -r option tells grep to search recursively; the "." is indicating that the search should be started in the current directory. The -w indicates that I want exact word matches, e.g., " noindex ", not "nonindex" or "noindexes". The -l option indicates that I don't want to see the lines on which the word occurs, just the file names for those files in which it is found. The -e option provides the pattern that grep should search on and the --include option tells grep which files it should search within.

       -r, --recursive
              Read  all  files  under  each  directory, recursively, following
              symbolic links only if they are on the command  line.   This  is
              equivalent to the -d recurse option.

       -w, --word-regexp
              Select  only  those  lines  containing  matches  that form whole
              words.  The test is that the matching substring must  either  be
              at  the  beginning  of  the  line,  or  preceded  by  a non-word
              constituent character.  Similarly, it must be either at the  end
              of  the  line  or  followed by a non-word constituent character.
              Word-constituent  characters  are  letters,  digits,   and   the
              underscore.

       -l, --files-with-matches
              Suppress  normal  output;  instead  print the name of each input
              file from which output would normally have  been  printed.   The
              scanning  will  stop  on  the  first match.  (-l is specified by
              POSIX.)

      -e PATTERN, --regexp=PATTERN
              Use  PATTERN  as  the  pattern.   This  can  be  used to specify
              multiple search patterns, or to protect a pattern beginning with
              a hyphen (-).  (-e is specified by POSIX.)

       --include=GLOB
              Search only files whose base name matches GLOB  (using  wildcard
              matching as described under --exclude).

References:

  1. Finding a String with a Recursive Grep
    Date: March 10, 2007
    MoonPoint Support
  2. How can I use grep to show just filenames (no in-line matches) on linux?
    Date: July 9, 2011
    stackoverflow

[/os/unix/commands] permanent link

Mon, Nov 10, 2014 10:51 pm

Checking Microsoft Windows 7 firewall status from a command prompt

I enabled the Microsoft Windows Firewall on a Windows 7 system from the Control Panel by selecting System and Security and then Firewall After enabling the Windows firewall, I checked on the firewall status from a command line with netsh firewall show state . Though the netsh firewall command, which I've used since Microsoft Windows XP was released, is deprecated in Windows 7, it can still be used to obtain information on the status and configuration of the Microsoft Windows Firewall from the command line.
C:\>netsh firewall show state

Firewall status:
-------------------------------------------------------------------
Profile                           = Domain
Operational mode                  = Enable
Exception mode                    = Enable
Multicast/broadcast response mode = Enable
Notification mode                 = Enable
Group policy version              = Windows Firewall
Remote admin mode                 = Disable

Ports currently open on all network interfaces:
Port   Protocol  Version  Program
-------------------------------------------------------------------
22     TCP       Any      (null)
1900   UDP       Any      (null)
2869   TCP       Any      (null)

IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at http://go.microsoft.com/fwlink/?linkid=121488 .

I checked on what applications had the three listed ports open with netsh firewall show portopening.

C:\>netsh firewall show portopening

Port configuration for Domain profile:
Port   Protocol  Mode    Traffic direction     Name
-------------------------------------------------------------------
22     TCP       Enable  Inbound               Copssh
1900   UDP       Enable  Inbound               Windows Live Communications Platf
orm (SSDP)
2869   TCP       Enable  Inbound               Windows Live Communications Platf
orm (UPnP)

Port configuration for Standard profile:
Port   Protocol  Mode    Traffic direction     Name
-------------------------------------------------------------------
22     TCP       Enable  Inbound               Copssh
1900   UDP       Enable  Inbound               Windows Live Communications Platf
orm (SSDP)
2869   TCP       Enable  Inbound               Windows Live Communications Platf
orm (UPnP)

IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at http://go.microsoft.com/fwlink/?linkid=121488 .

I also checked to see what programs were allowed by firewall rules.

C:\>netsh firewall show allowedprogram

Allowed programs configuration for Domain profile:
Mode     Traffic direction    Name / Program
-------------------------------------------------------------------
Enable   Inbound              McAfee Shared Service Host / C:\Program Files\Comm
on Files\McAfee\Platform\McSvcHost\McSvHost.exe
Enable   Inbound              LifeTray.exe / C:\Program Files (x86)\Microsoft Li
feCam\LifeTray.exe
Enable   Inbound              LifeExp.exe / C:\Program Files (x86)\Microsoft Lif
eCam\LifeExp.exe
Enable   Inbound              LifeEnC2.exe / C:\Program Files (x86)\Microsoft Li
feCam\LifeEnC2.exe
Enable   Inbound              LifeCam.exe / C:\Program Files (x86)\Microsoft Lif
eCam\LifeCam.exe
Disable  Inbound              Internet Explorer / C:\program files (x86)\interne
t explorer\iexplore.exe
Enable   Inbound              Dropbox / C:\Users\JSmith.mayfield\AppData\Roaming
\Dropbox\bin\Dropbox.exe

Allowed programs configuration for Standard profile:
Mode     Traffic direction    Name / Program
-------------------------------------------------------------------

IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at http://go.microsoft.com/fwlink/?linkid=121488 .

Since I need to be able to ping the system from other systems on the LAN for troubleshooting, I verified that ICMP echo requests and replies were not going to be blocked by the firewall.

C:\>netsh firewall show icmpsetting

ICMP configuration for Domain profile:
Mode     Type  Description
-------------------------------------------------------------------
Enable   2     Allow outbound packet too big
Enable   8     Allow inbound echo request

ICMP configuration for Standard profile:
Mode     Type  Description
-------------------------------------------------------------------
Enable   2     Allow outbound packet too big

IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at http://go.microsoft.com/fwlink/?linkid=121488 .

I saw that "allow inbound echo request" was enabled and I was able to ping the system from the domain controller.

References:

  1. Obtaining Information About the Windows XP Firewall from the Command Line
    Date: March 1, 2006
    MoonPoint Support

[/security/firewalls/windows] permanent link

Sun, Nov 09, 2014 5:21 pm

Monitoring Failed SSH Logins to a CentOS System

If you have ssh enabled on a system that is accessible to the Internet, it is probable that malicious individuals will try to gain access to the system by brute force login attempts. I.e., since a Linux, Unix, or OS X system is likely to have a root account, an attacker may use "root" as the userid and then attempt to login with commonly used passwords. There are sites on the Internet that provide lists of passwords commonly used and an attacker can easily use a dictionary attack where he tries every word in a dictionary as a possible password. Attackers can use dictionaries for multiple languages, lists of sports teams, name dictionaries, e.g., dictionaries of names parents might check to aid in selecting a name for a baby, etc. So a root or another administrator account should have a strong password. If it doesn't, the system will likely be cracked by an attacker eventually.

Attackers also routinely use name dictionaries to break into systems with any accounts that have weak passwords. E.g., an attacker may use a name dictionary to pick names to use as the userid. Let's say the first name in the name dictionary is Aaron. The attacker might then use a word dictionary to try every word in the English language, or some other language, as a possible password for an account with the userid of aaron. If an aaron account doesn't exist on the system or has a strong password, once the attacker has gone through every word in the word dictionary or whatever other password list he is using, he will then go onto the next name in his name dictionary, e.g., perhaps Abe. The attacker will proceed in this manner until he finds an account with a weak password he can compromise or exhausts all possible combinations of names for accounts and words to use for possible passwords. Of course it would take a human an inordinate amount of time to type all such possible userid and password combinations, but an attacker will let a program make such guesses for him. He merely needs to start the program and let it run. His program may be able to check many thousands of userid and password combinations in minutes.

If the system isn't monitored for such brute-force password attempts, an attacker can run unchecked for days. Even if he can't get in, he will be using bandwidth to/from the system under attack as well as CPU cycles, etc., so may slow down access to the system for legitimate users. I've seen periods where a system has been under attack from 5 such attackers in different countries at once.

On CentOS Linux, you can check the /var/log/secure log to find instances of such attacks.

# grep 'Failed password' /var/log/secure | tail -5
Oct 28 09:47:43 frostdragon sshd[32246]: Failed password for root from 123.125.219.130 port 11859 ssh2
Oct 28 09:47:47 frostdragon sshd[32249]: Failed password for root from 123.125.219.130 port 13894 ssh2
Oct 28 09:47:52 frostdragon sshd[32253]: Failed password for root from 123.125.219.130 port 15886 ssh2
Oct 28 09:47:56 frostdragon sshd[32256]: Failed password for root from 123.125.219.130 port 17740 ssh2
Oct 28 09:48:01 frostdragon sshd[32259]: Failed password for root from 123.125.219.130 port 19477 ssh2

You can see the number of failed ssh login attempts from various login addresses with the command grep 'Failed password' /var/log/secure | grep sshd | awk '{print $11}' | sort | uniq -c - the IP address from which the failed login attempt was made is the 11th item on the line.

If you pipe the output of the awk command into sort, you can sort the output by IP address; uniq -c will then provide you the count of failed SSH login attempts from particular IP addresses.

# grep 'Failed password' /var/log/secure | grep sshd | awk '{print $11}' | sort | uniq -c
      1 101.227.71.40
    409 117.27.158.71
      2 117.27.158.91
     84 122.225.109.104
    315 122.225.109.108
    232 122.225.109.118
    321 122.225.109.197
    247 122.225.109.212
    115 122.225.109.217
    458 122.225.97.103
    309 122.225.97.108
     96 122.225.97.110
    377 122.225.97.117
    478 122.225.97.120
    121 122.225.97.83
     63 122.225.97.84
     81 122.225.97.88
     36 122.225.97.98
    382 123.125.219.130

I can see from the above output from that command that there were 382 failed ssh login attempts from the 123.125.219.130 address at the time I ran the command.

From a search on that IP address at the American Registry for Internet Numbers (ARIN), I found the address was part of a block of addresses managed by the Asia Pacific Network Information Centre (APNIC) . A whois search on the APNIC site showed the IP address is part of a large block of addresses, 123.112.0.0 - 123.127.255.255, allocated to an organization in Beijing, China. I often see attacks from IP addresses allocated to entities in China.

You can manually block further attempts to compromise a system in this manner using a route reject command or through the firewall software on the system. The default firewall software for CentOS 7 is FirewallD. You can configure it through a Graphical User Interface (GUI), which can be opened using the command firewall-config or through a command line interface at a shell prompt by using the command firewall-cmd. I blocked the IP address from any access to the system using the command below, though by the time I blocked it, the login attempts had ceased:

# firewall-cmd --add-rich-rule="rule family='ipv4' source address='123.125.219.130' reject"
success

The block can be viewed through the graphical interface for FirewallD by running firewall-config. E.g., in this case under "Rich Rules" for the public zone, I can see the blocked IP when starting the application after issuing the firewall-cmd command.

FirewallD blocked IP

The command above will put in place a firewall rule that will apply to the default firewall zone, but will only remain until the firewall service is restarted, e.g., with a system reboot. To put in place a permanent block, I could have used the commands below. Instituting a permanent change requires a restart of the firewall service, though.

firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='123.125.219.130' reject"
systemctl restart firewalld.service

To have a block apply to a specific firewall zone, e.g., the public zone, I could use the commands below.

firewall-cmd --permanent --zone='public' --add-rich-rule="rule family='ipv4' source address='123.125.219.130' reject"
systemctl restart firewalld.service

The output of the grep command run against /var/log/secure displayed above was sorted by IP address; if you, instead, would like to sort the output by count of failed login attempts you can pipe the output of the commands above into sort again adding the -n argument to sort by the number that appears first on each line.

# grep 'Failed password' /var/log/secure | grep sshd | awk '{print $11}' | sort | uniq -c | sort -n
      1 176.222.201.154
      1 85.132.71.83
      1 91.220.131.33
      1 a
      1 pi
      1 ubnt
      2 client
      4 ubuntu
      4 usuario
     27 git
     48 122.225.97.117
     64 221.228.205.196
     71 61.174.51.223
     78 admin
    129 122.225.97.79
    191 122.225.109.198
    237 122.225.97.116
    268 117.27.158.88
    306 113.200.188.55
    336 117.27.158.89

I can see from the above output that the greatest number of failed SSH login attempts made on the day I ran the command, which was November 9, 2014, were made from 117.27.158.89. Checking the APNIC site again, I see that IP address is also assigned to an entity in China.

If you want to reverse the sorting order, so that the largest number appears first, simply add the -r argument to the last sort command.

# grep 'Failed password' /var/log/secure | grep sshd | awk '{print $11}' | sort | uniq -c | sort -nr
    336 117.27.158.89
    306 113.200.188.55
    268 117.27.158.88
    237 122.225.97.116
    191 122.225.109.198
    129 122.225.97.79
     78 admin
     71 61.174.51.223
     64 221.228.205.196
     48 122.225.97.117
     27 git
      4 usuario
      4 ubuntu
      2 client
      1 ubnt
      1 pi
      1 a
      1 91.220.131.33
      1 85.132.71.83
      1 176.222.201.154

In the above output, some of the failed entries are associated with userids the attacker attempted to use to login. E.g., for the case of the usuario one, I can see that the illegitimate login attempts where that name was used for the userid orginated from the 221.228.205.196 IP address. There is no account on the system with that userid. The IP address is also assigned to an entity in China.

# grep usuario /var/log/secure
Nov  9 10:53:01 localhost sshd[23516]: Invalid user usuario from 221.228.205.196
Nov  9 10:53:01 localhost sshd[23516]: input_userauth_request: invalid user usuario [preauth]
Nov  9 10:53:03 localhost sshd[23516]: Failed password for invalid user usuario from 221.228.205.196 port 52710 ssh2
Nov  9 10:53:04 localhost sshd[23568]: Invalid user usuario from 221.228.205.196
Nov  9 10:53:04 localhost sshd[23568]: input_userauth_request: invalid user usuario [preauth]
Nov  9 10:53:06 localhost sshd[23568]: Failed password for invalid user usuario from 221.228.205.196 port 53534 ssh2
Nov  9 10:53:07 localhost sshd[23654]: Invalid user usuario from 221.228.205.196
Nov  9 10:53:07 localhost sshd[23654]: input_userauth_request: invalid user usuario [preauth]
Nov  9 10:53:10 localhost sshd[23654]: Failed password for invalid user usuario from 221.228.205.196 port 55193 ssh2
Nov  9 10:53:12 localhost sshd[23657]: Invalid user usuario from 221.228.205.196
Nov  9 10:53:12 localhost sshd[23657]: input_userauth_request: invalid user usuario [preauth]
Nov  9 10:53:14 localhost sshd[23657]: Failed password for invalid user usuario from 221.228.205.196 port 56072 ssh2

To count just by IP address so that the login failurers for particular usernames don't appear in the output, I can put another grep command, one that will filter the output of the prior grep command so any lines of output from it are eliminated if they contain "invalid user", before the awk command.

# grep 'Failed password' /var/log/secure | grep sshd | grep -v "invalid user" | awk '{print $11}' | sort | uniq -c | sort -n
      1 176.222.201.154
      1 85.132.71.83
      1 91.220.131.33
     48 122.225.97.117
     64 221.228.205.196
     71 61.174.51.223
    129 122.225.97.79
    191 122.225.109.198
    237 122.225.97.116
    268 117.27.158.88
    306 113.200.188.55
    336 117.27.158.89

If you wish to see what userids are being used most frequently for the failed login attempts, the string of commands entered above need to be modified to search for the userids used in failed login attempts. The above commands don't show the most commonly used userid, which is root, since almost all Unix/Linux systems will have a root account.

For failed login attempts the lines that appear in the output are slightly different depending upon whether the userid used exists on the system. E.g., if the account doesn't exist on the system, as in the case for client and git below, the lines appear as follows:

Nov  9 10:34:14 localhost sshd[21745]: Failed password for invalid user client f
rom 91.220.131.33 port 60223 ssh2
Nov  9 10:52:00 localhost sshd[23204]: Failed password for invalid user git from
 221.228.205.196 port 60513 ssh2

If the account does exist, e.g., the root account, then the lines have the following format:

Nov  9 04:58:50 localhost sshd[21319]: Failed password for root from 122.225.97.
79 port 7951 ssh2

The sed command can be used to strip out the "invalid user" from lines to make the format of those lines containing "invalid user" the same as for those for valid userids on the system. You can then use the awk command to display the contents of the 9th entry on the line, which is the userid used.

# grep "sshd.*: Failed password for" /var/log/secure | sed 's/invalid user //' | awk '{print $9}' | sort | uniq -c | sort -n
      1 a
      1 operator
      1 pi
      1 ubnt
      2 client
      4 ubuntu
      4 usuario
     27 git
     78 admin
   1844 root

The output from a check of the /var/log/secure file shows that the most common user name used in attempts to log into the system by attackers is root.

References:

  1. Firewalld - Block an IP Address
    By: up2long
    Date: February 26, 2014
    Fedoraforum.org

[/network/ssh] permanent link

Sun, Nov 09, 2014 5:04 pm

No JavaScript Support in Firefox

When visiting a web page with the Firefox 33.0 browser, I received a message indicating that JavaScript was disabled. When I attempted to view a spreadsheet I had in Google Docs I couldn't see any of my sheets. When I went to the JavaScript test page at BrowserSPY.dk, it indicated that there was no JavaScript support in the browser. I don't know how I inadvertently disabled JavaScript support in Firefox, but to re-enable it, you can put about:config in the Firefox address bar where you would normally put the address of a page you wanted to visit. When you hit Enter you will see a warning message "This might void your warranty! Changing these advanced settings can be harmful to the stability, security, and performance of this application. You should only continue if you are sure of what you are doing." You will need to click on the "I'll be careful, I promise!" button to continue so that you can enable JavaScript again.

In the list of preference options that appear, scroll down until you see javascript.enabled.

Preference NameStatusTypeValue
javascript.enableduser setbooleanfalse

You will need to double-click on the javascript.enabled line to change the value from "false" to "true" to enable javascript support. You can disable javascript support by double-clicking on the line to toggle the status to false, if it is set to true and you wish to disable it.

Once you have reenabled JavaScript, you should be able to successfully display webpages that rely upon it.

[/network/web/browser/firefox] permanent link

Sun, Nov 09, 2014 10:54 am

Determining when Apache was last restarted

If you need to determine the time that an Apache web server was last restarted, you can look for the word "resuming" in the Apache error log file. On a CentOS Linux system, you can use the command grep resuming /var/log/httpd/error_log.

# grep resuming /var/log/httpd/error_log
[Sun Nov 09 03:29:02.631763 2014] [mpm_prefork:notice] [pid 20663] AH00163: Apac
he/2.4.6 (CentOS) configured -- resuming normal operations

[/network/web/server/apache] permanent link

Fri, Nov 07, 2014 10:40 pm

Installing YAML Perl module

YAML, which is a recursive acronym for ""YAML Ain't Markup Language", is a human-readable data serialization format that incorporates concepts from programming languages such as C, Perl, and Python. To install the YAML Perl module type perl -e shell -MCPAN at a shell prompt and then at the cpan prompt, type install YAML.
# perl -e shell -MCPAN
Terminal does not support AddHistory.

cpan shell -- CPAN exploration and modules installation (v1.9800)
Enter 'h' for help.

cpan[1]> install YAML

Once it is installed you can view documentation on it by issuing the command perldoc YAML. If you just want to see if it is installed, you can issue that command. If it is, you will see the documentation. If it isn't installed, you will see a message "No documentation found" followed by the module name.

You can also use the -l argument to perldoc, which will report the location of the Plain Old documentation, abbreviated pod, file for the module, if one is present or also report "No documentation found", if the module can't be found. Be sure to capitalize "YAML" or you will see the "No documentation found" message.

# perldoc -l yaml
No documentation found for "yaml".
# perldoc -l YAML
/usr/local/share/perl5/YAML.pod

[/languages/perl] permanent link

Thu, Nov 06, 2014 10:26 pm

Copying the crontab file from a backup

On a CentOS Linux system, I needed to copy the crontab file for the root account from a backup disk. The crontab files are stored in /var/spool/cron, so I needed the /var/spool/cron/root for the root account. Since I didn't want to include every line from the old crontab file, I edited the old one and copied its contents. I then used crontab -e while logged into the root account to create a new crontab file. I pasted the contents of the old file into the new one. When I tried saving the file, I got the message below:
# crontab -e
no crontab for root - using an empty one
crontab: installing new crontab
"/tmp/crontab.wpnAYC":3: bad minute
errors in crontab file, can't install.
Do you want to retry the same edit?

I had also seen "bad day-of-week", instead of "bad minute" when editing the file previously. I typed "y" to retry and then realized the source of the problem, which I thought at first from the error message was some error in the first five entries on the line that specify when a cron job should run. Instead, the problem was because when I copied and pasted the contents of the old file into the new file, entries that had wrapped around to a new line on the screen were now on two lines whereas before they were only on one line. E.g., for the output above, line 3, which was the one referenced for "bad minute" was really the continuation of line 2, but it was now, because of my copy and paste operation, on line 3 with no time specified, but instead the end part of the command line. I edited those lines where that had occurred, so though they wrapped around on the screen each entry was one continuous line. I was then able to save the file successfully and then view the crontab file with crontab -l Since I had SELinux enabled on the system, I checked the security context for the cron file and saw the following.

# ls -Z /var/spool/cron/root
-rw-------. root root unconfined_u:object_r:user_cron_spool_t:s0 /var/spool/cron/root

References:

  1. Cron
    Wikipedia, The Free Encyclopedia
  2. Cron and Crontab usage and examples
    Date: May 4, 2014
    Pantz.org Technical Reference Site
  3. How to Backup Crontabs of All Users on CentOS, RHEL, Ubuntu & Dabian
    By: Rahul Kumar
    Date: April 2, 2014
    TecAdmin.net

[/os/unix/linux/centos] permanent link

Wed, Nov 05, 2014 10:38 pm

You don't have permission to access / on this server error

After adding a virtual host section for a website to Apache's httpd.conf file on a Linux system, I restarted Apache and tried viewing the website with a browser. Instead of seeing the home page for the site, I saw:

Forbidden

You don't have permission to access / on this server.

When I looked in the error log for the site, I saw the following:

[Wed Nov 05 21:27:30.519520 2014] [core:error] [pid 4471] (13)Permission denied: [client 207.255.181.210:1604] AH00035: access to / denied (filesystem path '/home/jdoe/public_html') because search permissions are missing on a component of the path
[Wed Nov 05 21:27:31.179045 2014] [core:error] [pid 4471] (13)Permission denied: [client 207.255.181.210:1604] AH00035: access to /favicon.ico denied (filesystem path '/home/jdoe/public_html') because search permissions are missing on a component of the path

Checking the public_html directory and the directories beneath it, I saw that owner, group, and world all had "execute" access, i.e., the capability to search through the directories.

$ ls -ld public_html
drwxrwxr-x. 14 jdoe jdoe 4096 Nov  5 21:04 public_html

But, checking the user's home directory I found there was no access to it except for the owner. When I changed that access to grant search access to other accounts in the same group and all accounts, then the website became visible.

$ chmod ga+x /home/jdoe
$ ls -ld /home/jdoe
drwx--x--x. 13 jdoe jdoe 4096 Nov  5 21:17 /home/jdoe

You can check the permissions on a directory and the directories above it up to the root directory with just one command using the namei -m command in the form namei -m /path_to_directory/dirname. E.g.:

$ namei -m /home/jdoe/public_html
f: /home/jdoe/public_html
 drwxr-xr-x /
 drwxr-xr-x home
 drwx--x--x jdoe
 drwxrwxr-x public_html

[/network/web/server/apache] permanent link

Wed, Nov 05, 2014 8:15 am

Denying interactive logins for an account

On a Linux system, you can change the designated shell for an account to "nologin" to prevent user's from interactive logons. For instance, if an account is only used for email, then you might wish to block the user from logging in and obtaining a shell prompt, so that should anyone else obtain the password for the account the person whould not be able to do anything other than send and receive email for the account. If the user's account was jasmith, you could use the command below:
# usermod --shell /sbin/nologin jasmith

[/os/unix/linux/sysmgmt] permanent link

Tue, Nov 04, 2014 11:57 pm

Dovecot logon_trusted_networks

A user reported that she was no longer able to download her email after receiving a new system. She uses Outlook, which was reporting the following error:

Task 'jasmith@example.com - Receiving' reported error (0x800CCC92) : 'Your e-mail server rejected your login. Verify your user name and password for this account in Account Settings. The server responded: -ERR [AUTH] Plaintext authentication disallowed on non-secure (SSL/TLS) connections.'

At first I thought the tech who upgraded the system had made some change to Outlook on the system, but I eventually realized that the email server using dovecot for POP3 email access was denying access, because the system had a new IP address. The user was using POP3, port 110, for downloading email and I had previously added the old IP address to the login_trusted_networks line in /etc/dovecot/dovecot.conf file on the email server. By adding an IP address or IP address range to that line, you can configure dovecot to allow users to login using an unencrypted userid and password, i.e., plaintext authentication, from the specified IP address or range of addresses. The relevant section in dovecot.conf is shown below:

# Space separated list of trusted network ranges. Connections from these
# IPs are allowed to override their IP addresses and ports (for logging and
# for authentication checks). disable_plaintext_auth is also ignored for
# these networks. Typically you'd specify your IMAP proxy servers here.
login_trusted_networks = 192.168.0.0/24 192.168.1.0/24 172.45.55.82

In the case above, the server will accept plaintext passwords from any system in the 192.168.0.0/24 address range, i.e., 192.168.0.0 to 192.168.0.255, the 192.168.1.0/24 address range, and from the specific IP address 172.45.55.82, which was the user's IP address. After updating her IP address in the file, I restarted dovecot with service dovecot restart.

The system uses sendmail for sending email and I also had to update /etc/mail/access to include her IP address, since the change to the dovecot configuration file allowed her to download her email, but sendmail would still not except any email sent from her computer, since relaying was permitted from her old email address, but not her new one. I added her IP address and a comment line to the /etc/mail/access file.

# J. A. Smith
172.45.55.82                           RELAY

I then used makemap hash to generate an updated /etc/mail/access.db file.

# makemap hash /etc/mail/access </etc/mail/access

She was then able to send as well as receive email; I didn't need to restart sendmail.

[/network/email/dovecot] permanent link

Mon, Nov 03, 2014 9:12 pm

Adding another SMTP Server to Thunderbird

To add another SMTP server for outgoing email in Thunderbird 24.6.0 on a Microsoft Windows systems, take the following steps:
  1. Hit Alt-T to bring up the Tools menu.
  2. Select Account Settings.
  3. An Account Settings window will open showing you all of the email accounts you have set up. Scroll down to the bottom of the list of accounts where you will see Outgoing Server (SMTP), which you should select by clicking on it.
  4. You will then see an Add button that you can click on to add an additional SMTP server for outgoing email.
  5. Complete the fields for the SMTP server, including "Description", "Server Name" and "Port", which will likely be 25 or 587. If you need to authenticate with the server when sending email, select the appropriate authentication method and provide a user name, if needed.

    Add SMTP Server to Thunderbird

  6. Click on the OK button.
  7. If you wish any of the email accounts you have set up in Thunderbird to use that SMTP server, select an account you wish to have use that outgoing email server by right-clicking on it, e.g. jdoe@example.com, and picking Settings. For the "Outoging Server (SMTP)" value, which you will see with the email address selected, i.e., don't click on "Server Settings" or any other option below the address, select the new server and click on OK.

References:

  1. Multiple SMTP servers - Thunderbird
    mozilaZine

[/network/email/clients/thunderbird] permanent link

Sun, Nov 02, 2014 1:09 pm

CGI.pm missing from CentOS system

When I tried accessing a website on a CentOS 7 server that I had recently set up as a web server using Apache, when I attempted to view the site, which I transferred from a CentOS 5 system, I saw the following error message in my browser.

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at webmaster@example.com to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.

Checking the httpd error log, I saw the following entries for the problem:

[Sun Nov 02 11:31:21.399775 2014] [cgi:error] [pid 18794] [client 94.228.34.209:55416] AH01215: Can't locate CGI.pm in @INC (@INC contains: /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at /home/jdoe/public_html/blog/blosxom line 92.
[Sun Nov 02 11:31:21.399911 2014] [cgi:error] [pid 18794] [client 94.228.34.209:55416] AH01215: BEGIN failed--compilation aborted at /home/jdoe/public_html/blog/blosxom line 92.
[Sun Nov 02 11:31:21.401265 2014] [cgi:error] [pid 18794] [client 94.228.34.209:55416] End of script output before headers: blosxom

When I searched the system for CGI.pm, I found it was not present.

# find / -name CGI.pm -print 2>/dev/null
#

The file was present on a backup from the CentOS 5 system at /usr/lib/perl5/5.8.8/CGI.pm.

Since it wasn't installed, I tried installing it.

# perl -e shell -MCPAN
Can't locate CPAN.pm in @INC (@INC contains: /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .).
BEGIN failed--compilation aborted.

But that failed because CPAN.pm wasn't installed, either.

# find /usr/lib/perl5 -name CPAN.pm -print 2>/dev/null
# whereis CPAN.pm
CPAN:[root@frostdragon conf]# locate CPAN.pm
#

So I installed the perl-CPAN package with yum.

# yum install perl-CPAN

After the installation, I checked on the package and the location of CPAN.pm.

# rpm -qi perl-CPAN
Name        : perl-CPAN
Epoch       : 0
Version     : 1.9800
Release     : 283.el7
Architecture: noarch
Install Date: Sun 02 Nov 2014 12:02:15 PM EST
Group       : Development/Languages
Size        : 762403
License     : GPL+ or Artistic
Signature   : RSA/SHA256, Fri 04 Jul 2014 12:15:45 AM EDT, Key ID 24c6a8a7f4a80eb5
Source RPM  : perl-5.16.3-283.el7.src.rpm
Build Date  : Tue 17 Jun 2014 01:42:20 PM EDT
Build Host  : worker1.bsys.centos.org
Relocations : (not relocatable)
Packager    : CentOS BuildSystem <http://bugs.centos.org>
Vendor      : CentOS
URL         : http://www.perl.org/
Summary     : Query, download and build perl modules from CPAN sites
Description :
Query, download and build perl modules from CPAN sites.
# whereis CPAN.pm
CPAN: /usr/share/man/man3/CPAN.3pm.gz
#

I was then able to install CGI.pm.

#  perl -e shell -MCPAN

CPAN.pm requires configuration, but most of it can be done automatically.
If you answer 'no' below, you will enter an interactive dialog for each
configuration option instead.

Would you like to configure as much as possible automatically? [yes] yes

 <install_help>

Warning: You do not have write permission for Perl library directories.

To install modules, you need to configure a local Perl library directory or
escalate your privileges.  CPAN can help you by bootstrapping the local::lib
module or by configuring itself to use 'sudo' (if available).  You may also
resolve this problem manually if you need to customize your setup.

What approach do you want?  (Choose 'local::lib', 'sudo' or 'manual')
 [local::lib] sudo

Autoconfigured everything but 'urllist'.

Now you need to choose your CPAN mirror sites.  You can let me
pick mirrors for you, you can select them from a list or you
can enter them by hand.

Would you like me to automatically choose some CPAN mirror
sites for you? (This means connecting to the Internet) [yes] yes
Trying to fetch a mirror list from the Internet
Fetching with LWP:
http://www.perl.org/CPAN/MIRRORED.BY

Looking for CPAN mirrors near you (please be patient)
........................... done!

New urllist
  http://cpan-du.viaverio.com/
  http://mirror.cogentco.com/pub/CPAN/
  http://httpupdate25.cpanel.net/CPAN/

Autoconfiguration complete.

commit: wrote '/root/.cpan/CPAN/MyConfig.pm'

You can re-run configuration any time with 'o conf init' in the CPAN shell
Terminal does not support AddHistory.

cpan shell -- CPAN exploration and modules installation (v1.9800)
Enter 'h' for help.

cpan[1]>

At the cpan[1] prompt, I entered install CGI. Note: You need to use uppercase letters, not "cgi"

After the installation completed, I typed "exit" at the CPAN prompt. I was then able to reload the page in the browser without getting the "Internal Server" error; I did not have to restart Apache.

References:

  1. Perl CGI:Can't locate CGI.pm
    Date: June 5, 2005
    LinuxQuestions.org
  2. perl CPAN not installed by default
    Date: February 4, 2012
    DirectAdmin

[/languages/perl] permanent link

Tue, Sep 16, 2014 1:02 pm

Recovering the prior Safari session on a Microsoft Windows system

If you are using Apple's Safari web browser on a Microsoft Windows system and need to recover a prior browsing session, if Safari crashes or you have to kill the application through the Task Manager, because it is no longer responding, you can recover all the open windows and tabs from the prior browsing session for Safari 5.1.7 once you restart Safari by using the Alt-i key combination to have the History menu appear, then selecting "Reopen all Windows from Last Session".

If you would like to have Safari automatically reopen all the prior tabs and windows when you restart Safari, click on the gear icon at the top right-hand corner of the browser window, then select Preferences, then select "All windows from last session" instead of "A new window" for the value for "Safari opens with".

[/network/web/browser/safari] permanent link

Tue, Sep 09, 2014 12:40 pm

Evernote Web Clipper for Safari on Windows

The Evernote Web Clipper is available for Safari on a Microsoft Windows system from here. Once you've installed it, you will see the Evernote elephant head icon at the top left of the Safari browser window, slightly to the right of the buttons that allow you to move forward and backward in the tab history.

Evernote for Safari on Windows

To login to Evernote, click on that icon and hold the button down until the login window appears.

Safari Evernote Web Clipper login

Once you've logged in, you can click on the button again to save web pages as an article, simplified article, full page, bookmark, or screenshot.

Evernote Web Clipper - Safari save

[/network/web/browser/safari] permanent link

Mon, Aug 11, 2014 10:37 pm

Creating a WinPE Boot Disc with MustangPEBuilder 2 ADK

I needed to do some troubleshooting on an HP desktop system running Microsoft Windows 8 that would no longer boot into Windows. The system has three 2 TB drives configured as a RAID 5 array providing 4 TB of storage, but one of the drives had failed. I could boot the system from Linux rescue CDs, but, since I didn't have an appropriate driver to access the drives as a 4 TB RAID array, I couldn't access user files on the system by that method. I could boot into the Windows recovery environment and choose the advanced options, which would allow me to get to a command prompt.

Windows 8 System Image Recovery Advanced Options

I could then copy files from the drives to an external USB drive using xcopy, but the user had over 900,000 files in her My Documents directory and xcopy only copied about 800,000 of those. I wanted to try another method of copying the files to see if that would be more successful, but there were no other utilities available to me from the command prompt that I thought would be more successful.

I created a boot disc on another Windows 8 system using MustangPEBuilder 2 ADK, which allowed me to boot into a Windows GUI, but without the appropriate driver added I haven't yet been able to access the data in the user's My Documents directory with it. I have been able to add Windows applications, such as IrfanView, but I haven't figured out yet how to get some other applications I want to use added nor a driver that will allow me to access the RAID drives.

[/os/windows/mustang] permanent link

Sat, Aug 09, 2014 3:55 pm

Editing ISO files with Magic ISO Maker

I had an issue with a bootable Windows PE DVD no longer working as I expected. I thought the problem was due to the boot.wim no longer being created correctly. The .wim file is a Windows Imaging Format file and boot.wim contains a bootable version of Windows PE. On a Windows 8 system, I was able to use the Windows Explorer to copy the boot.wim file from within an ISO image, but I needed a way to replace the boot.wim file in another ISO image file with the one I copied. To do so, I used the Magic ISO Maker program, which provides the capability to create and edit ISO files and extract files from within ISO files. It also can deal with the BIN disc image format and Apple Disk Image DMG files. MagicISO can open and manipulate just about any disc image format. Magic ISO Maker can deal with ISO, BIN, IMG, CIF, FCD, NRG, GCD, PO1, C2D, CUE, CIF, and CD formats.

Magic ISO Maker Unregistered startup

The unregistered version has a limitation preventing you from saving an image greater than 300 MB, but in my case that was not an issue since the image size was 175 MB.

Magic ISO Maker Unregistered startup

I did purchase the software though, since it worked well and I often deal with much larger ISO files. When you purchase the software, you will receive a zip file by email containing a .reg file, which will provide you a temporary license. Extract the .reg file from the .zip file, and double-click on it to create the registry entries to register the software. You should later receive a permanent serial number.

The steps to take to insert or replace a file within an existing ISO file using MagicISO are listed below:

  1. Select File.
  2. Select Open.
  3. Browse to the location of the ISO file you wish to modify and open it.
  4. If you have a Windows Explorer window open side-by-side with the Magic ISO Maker window, you can drag the file you want to insert into the ISO file over into the Magic ISO Maker window and into the directory there where you wish to insert the copy of the file into the ISO file. If a file by that name already exists, a "Query for overwriting" window will appear notifying you that the file already exists and asking if you want to overwrite it. You can click on the Yes button to overwrite the file.
  5. Click on File then Save as to save the update to the ISO file in a new ISO file, since you can't save to the ISO file you have open within Magic ISO Maker.

VirusTotal analysis of Setup_MagicISO.exe on 2014-08-09

[/os/windows/utilities/MagicISO] permanent link

Thu, Aug 07, 2014 10:47 pm

Adding a printer from the command line on an OS X system

While in someone else's office, I needed to add an HP Color LaserJet CP4025 printer in that office to the list of available printers on my MacBook Pro laptop. I was able to generate a printout of the printer's configuration from its front panel to get its IP address. I then looked for a suitable Postcript Printer Description (PPD) file on the laptop. The PPD files can be found in /Library/Printers/PPDs/Contents/Resources.

$ ls /Library/Printers/PPDs/Contents/Resources | grep -i LaserJet | grep 40
HP Color LaserJet CM4540 MFP.gz
HP Color LaserJet CM6040 MFP.gz
HP Color LaserJet CP4005.gz
HP Color LaserJet CP4020 CP4520 Series.gz
HP LaserJet 400 M401.gz
HP LaserJet 400 M401dne.gz
HP LaserJet 400 MFP M425 Fax.ppd.gz
HP LaserJet 400 MFP M425.gz
HP LaserJet 4000 Series.gz
HP LaserJet 4050 Series.gz
HP LaserJet 4240.gz
HP LaserJet 9040 9050 MFP.gz
HP LaserJet 9040.gz
HP LaserJet M9040 M9050 MFP.gz
HP LaserJet P4010_P4510 Series.gz

The HP LaserJet 4000 Series.gz file seemed appropriate. I then used the command below to add the printer:

$ lpadmin -p "192.168.234.59" -v "lpd://192.168.234.59/" -D "Matt - HP CP4025" -L "Building 18 Room S188" -P "/Library/Printers/PPDs/Contents/Resources/HP LaserJet 4000 Series.gz" -E

The printer then appeared in the list of available printers under System Preferences/Print & Scan and I was able to print to it.

The lpadmin command can be used to configure CUPS printers. CUPS is a modular printing system often found on Unix and Linux operating systems. Apple's OS X opertaing system is a Unix-based graphical interface.

The options for the lpadmin command, which can be used to configure CUPS printers, are listed below:

    -p = Printer name (queue name if sharing the printer)
    -v = IP address or DNS name of the printer
    -D = Description of the printer (appears in the Printers list)
    -L = Location of the printer
    -P = Path to the printer PPD file to use for the printer
    -E = Enable this printer to accept print jobs

The text specified with the -D option is the description that I see for the printer when I check Print & Scan under System Preferences.

Print and Scan printers

[/os/os-x] permanent link

Wed, Aug 06, 2014 9:00 pm

Command line unrar utility for Microsoft Windows

If you need to extract files from a .rar file on a Microsoft Windows system, RARLAB, which procues the WinRAR program that provides a GUI for dealing with RAR files on Microsoft Windows systems, also provides a free utility, unrar, which can be run from a command line on a Windows system. The utility is available at WinRAR and RAR archiver addons.

To use the program, you need to extract the unRAR.exe file from the file you download. You can do so by simply double-clicking on the unrarw32.exe file you downloaded. You will then be prompted for a directory into which the unRAR.exe file should be extracted.

Specificy unrar destination folder

The default installation directory is C:\Program Files(x86)\Unrar. If you don't have access to install files in that directory on a system, you can place it anywhere, e.g. in "My Documents". So you don't need administrator level access to a system to put the utility on a system or run it on a system. There is only the one file, Unrar.exe file that you need. to use the software.

If you see a Program Compatibility Assistant window appear stating "This program might not have installed correctly, you can simply click on "This program installed correctly" to have the Unrar.exe file placed in the directory you chose, if you have the appropriate access to place files in that directory..

Unrar Program Compatibility window

You can see the options availble for the program by typing unrar at a command prompt in the directory in which you extracted unrar.exe.

C:\Users\joe\Documents\bin>unrar

UNRAR 5.00 freeware      Copyright (c) 1993-2013 Alexander Roshal

Usage:     unrar <command> -<switch 1> -<switch N> <archive> <files...>
               <@listfiles...> <path_to_extract\>

<Commands>
  e             Extract files without archived paths
  l[t[a],b]     List archive contents [technical[all], bare]
  p             Print file to stdout
  t             Test archive files
  v[t[a],b]     Verbosely list archive contents [technical[all],bare]
  x             Extract files with full path

<Switches>
  -             Stop switches scanning
  @[+]          Disable [enable] file lists
  ac            Clear Archive attribute after compression or extraction
  ad            Append archive name to destination path
  ag[format]    Generate archive name using the current date
  ai            Ignore file attributes
  ap<path>      Set path inside archive
  c-            Disable comments show
  cfg-          Disable read configuration
  cl            Convert names to lower case
  cu            Convert names to upper case
  dh            Open shared files
  ep            Exclude paths from names
  ep3           Expand paths to full including the drive letter
  f             Freshen files
  id[c,d,p,q]   Disable messages
  ierr          Send all messages to stderr
  inul          Disable all messages
  ioff          Turn PC off after completing an operation
  kb            Keep broken extracted files
  n<file>       Additionally filter included files
  n@            Read additional filter masks from stdin
  n@<list>      Read additional filter masks from list file
  o[+|-]        Set the overwrite mode
  oc            Set NTFS Compressed attribute
  or            Rename files automatically
  ow            Save or restore file owner and group
  p[password]   Set password
  p-            Do not query password
  r             Recurse subdirectories
  ri<P>[:<S>]   Set priority (0-default,1-min..15-max) and sleep time in ms
  sl<size>      Process files with size less than specified
  sm<size>      Process files with size more than specified
  ta<date>      Process files modified after <date> in YYYYMMDDHHMMSS format
  tb<date>      Process files modified before <date> in YYYYMMDDHHMMSS format
  tn<time>      Process files newer than <time>
  to<time>      Process files older than <time>
  ts<m,c,a>[N]  Save or restore file time (modification, creation, access)
  u             Update files
  v             List all volumes
  ver[n]        File version control
  vp            Pause before each volume
  x<file>       Exclude specified file
  x@            Read file names to exclude from stdin
  x@<list>      Exclude files listed in specified list file
  y             Assume Yes on all queries

C:\Users\joe\Documents\bin>

To extract the contents of a .rar file, use the e argument to unrar followed by the name of the rar file.

C:\Users\joe\Documents\bin>unrar e %USERPROFILE%\Downloads\ST0044_9e8d3db5
2aa4e60904a3676eb33f763.rar

UNRAR 5.00 freeware      Copyright (c) 1993-2013 Alexander Roshal


Extracting from C:\Users\joe\Downloads\ST0044_9e8d3db592aa4e60904a3676eb33763.rar

Extracting  ST0044_BlacX Duet 5G Snow Editon_manual_12071201.pdf      OK
All OK

[/software/utilities/file/rar] permanent link

Tue, Aug 05, 2014 9:12 pm

Session Manager Firefox Add-on

The Firefox add-on Session Manager created by Michael Kraft allows you to save a Firefox session at any time. You can save and restore the state of all or only some Firefox windows and tabs. The session data saved includes history, text data, and cookies.

All sessions are stored in the sessions folder inside your profile directory and can be moved around as with any other file. On a Microsoft Windows 8 system, the sessions folder is in %APPDATA%\Mozilla\Firefox\Profiles\profiledir\sessions. You can find the value of %APPDATA% at a command prompt by issuing the command echo %APPDATA%.

C:\>echo %APPDATA%
C:\Users\JDoe\AppData\Roaming
The value of the profile beneath the Profiles directory will vary. E.g.:

C:\Users\JDoe\AppData\Roaming\Mozilla\Firefox\Profiles\nqp8058i.default\sessions

To get to that folder, simply select "Open Session Folder" in Session Manager's menu (might not work on all OSes), which you can get to in Firefox on Microsoft Windows by using the Alt-T key combination to show the Tools menu, then selecting Session Manager. Session Manager also allows you to reopen the 10 last closed windows and tabs. You do not need to restart Firefox after installing the Session Manager add-on to begin using it.

To save the Firefox session at any time, take the following steps on a Microsoft Windows system (applies to Firefox 31.0 and Session Manager 0.8.1.5):

  1. Use Alt-T key combination to bring up the Tools menu. Alternatively, you can click on the blue floppy disk icon that is placed on the Firefox address bar when you install Session Manager. That icon appears to the left of another icon that is a red cross in a white box which will allow you to reopen recently closed tabs or windows.

    Session Manager - Menubar icons

  2. Select Session Manager.
  3. Select Session Manager again.
  4. Select Save Session.
  5. A window will open where you can name the session you are about to save.

    Session Manager - Save Session

    Provide a name for the session you wish to save in the "Name" field, which could be the date or anything you like. You can uncheck any tabs you don't want saved for the session.

  6. Click on Save Session. Note: when you click on it, it may appear that nothing is happening, but don't click again, give it a few seconds to complete the save.

To load a saved session, go through the same steps to bring up Session Manager, but instead of selecting Save Session select Load Session. You will then see a list of any saved sessions.

Session Manager - Load Session

If Firefox crashes or you reboot the system without closing Firefox, you will see a window like the one below when you open Firefox, which will give you the option of restoring Firefox to the state it was in when it crashed or from a prior saved session.

Session Manager - Firefox Crashed

References:

  1. Session Manager
    Add-Ons
  2. Session Manager
    mozdev.org

[/network/web/browser/firefox/addons/sessionmgr] permanent link

Mon, Aug 04, 2014 10:02 pm

Finding a MySQL table entry containing a text string

If you wish to search for an entry in a table in a MySQL database that contains a text string, such as "Groot", you can use the LIKE operator. E.g., for a table named chatroommessages with a a field named message, you could search for any occurrences of "Groot" in a message with the following:

SELECT `message` FROM `chatroommessages` WHERE `message` LIKE '%Groot%';

The percent signs at the beginning and end of the text indicate that any other text can occur before and after that text, so if a message contained "I am Groot!", it would be selected. The "%" will match any number of characters, including zero characters.

You can search for words or phrases with any other text occurring before or after the text you are seeking:

SELECT `message` FROM `chatroommessages` WHERE `message` LIKE '%only a test%';

If you want to use a wildcard that represents only one character rather than zero or more characters, you can use the underscore character.

SELECT `message` FROM `chatroommessages` WHERE `message` LIKE '%test_r%';

The above SQL query would look for all messages that contained any text before "test", followed by any one character, an "r", and then any number of other characters. So the above query would find any of the following:

Hopefully I don't run out of Testor's Dull coat.
my test results were inconclusive.
I am currently a beta tester.

The case of the text doesn't matter. E.g., it doesn't matter that I used all lowercase letters in "test" when I issued the SQL query. The query would find "TEST" with all uppercase letters as well. So the message contained "Testor" with a capital "T" was also found.

If you need to search for an occurrence of a wildcard character, e.g., you need to find "30%", then you would need to use a backslash, \, as an "escape character" to take away the special meaning of the percent sign in a query.

SELECT `message` FROM `chatroommessages` WHERE `message` LIKE '30\%';

That will restrict the search to finding only messages containing "30%", whereas if you used LIKE 30% rather than LIKE 30\%, the search would also return any messages containing "300", "3000", "30132", etc.

StringDescription
\%Matches one “%” character
\_Matches one “_” character

References:

  1. 12.5.1 String Comparison Functions
    MySQL Documentation: MySQL Reference Manuals

[/software/database/mysql] permanent link

Sun, Aug 03, 2014 12:02 pm

Creating shortcuts with XXMkLink

If you need to create shortcuts from the command line or within a batch file on a Microsoft Windows system, you can use the free XXMkLink program from Pixelab, Inc.. The company also produces free and commercial versions of XXCLONE, for cloning disk drives, and XXCOPY, a file management utility for copying files.

To use XXMkLink, download the zip file and extract XXMKLINK.EXE from within it to an appropriate directory on a hard drive. You can then run that program without any parameters to see options available for it.

C:\>"\Program Files\Utilities\XXMKLINK"

XXMkLink     ver 1.00    (c)2005 Copyright  Pixelab, Inc.


=========== Syntax =======================

xxmklink spath opath [ arg [ wdir [ desc [ mode [ icon[:n] ]]]]] [switches...]

  where  spath     path of the shortcut (.lnk added as needed)
         opath     path of the object represented by the shortcut
         arg       argument string (use quotes with space, see below)
         wdir      path of the working directory (for "Start in")
         desc      description string (shown in Shosrtcut's Properties)
         mode      display mode (1:Normal [default], 3:Maximized, 7:Minimized)
         icon[:n]  icon file [with optional icon index value n]

         Currently, the following switches are supported

         /p        prompts before action
         /q        no output when successful (quiet)

  Note:  Switches (whose first character is always slash) can be placed in
         any position of the command argument.  A string that starts with
         a slash as a non-switch argument must be surrounded by a pair of
         double-quotes (").  It is recommended that the XXMKLINK's switches
         be placed before or after the non-switch arguments for clarity.

         Make sure that each element is surrounded by a pair of
         double-quotes (") if embeded space is present.

         The third field (arg) is for the argument string for the object
         (typically a program that requires command arguments) that must
         be entered as one string here, even if it has many parts that are
         separated by spaces and possibly with double-quote characters.

         When double-quoted string has an embedded double-quote,
         add a backslash in front of each embedded double-qoute.

         Use an empty string (two consecutive double-quotes) as a
         place holder since this command syntax is sensitive to the
         order of the field, optional switches cannot alter the
         pre-determined order as defined by the program.

         When an invalid display mode is specified (not 1, 3 nor 7),
         the default (Normal Window) value will be used.

         When the icon specifier does not point to an existing file,
         the icon field will be ignored.

  E.g.   mklink "c:\Program Files\mydir\My Shortcut.lnk" c:\boot.ini
           (At least two arguments are always needed.)

         mklink c:\myauto c:\autoexec.bat "/q" . "I say \"Hello.\"" "desc..."
           (In this example, the third argument string, "/q" was entered
            as a quoted string.  If it were without the quotation marks,
            it would be treated as the xxmklink switch, /q, not the argment
            string for the object program.)

At a minimum, the following two arguments are needed to the program to create a shortcut:

spath - path and filename for the shortcut; if you don't add a .lnk at the end of spath, one will be added automatically, since all shortcuts must have a .lnk extension.

opath - path and filename of the object represented by the shortcut, i.e. the location and name for the file or program for which you are creating the shortcut.

E.g., suppose I wanted to create a shortcut on the desktop for the account under which I'm currently logged into the system that points to the WinSCP program, winscp.exe. I could use the following command, if the xxmklink.exe file is in C:\Program Files\Utilities and the winscp.exe program is in c:\program files (x86)\network\SSH\WinSCP\. If I was logged into the JDoe account, the environment variable %USERPROFILE% would equate to C:\Users\JDoe.

C:\>"\Program Files\Utilities\xxmklink" %USERPROFILE%\Desktop\WinScp.lnk "c:\program files (x86)\network\SSH\WinSCP\winscp.exe"

XXMkLink     ver 1.00    (c)2005 Copyright  Pixelab, Inc.

The shortut created as follows

Shortcut path:     C:\Users\JDoe\Desktop\WinScp.lnk
Target object:     c:\program files (x86)\network\SSH\WinSCP\winscp.exe
Arguments;
Working Directory:
Description:
Display Mode:      Normal Window (1)
Icon file:

If I then hit the Windows key and the "D" key simultaneously, I would then see the WinSCP shortcut on the desktop.

Security information for current version of XXMkLink, which is 1.00

File name:xxmklink.zip
SHA256: 2fe7b3b9c73e6467ba8d4e5157491a4409b44eab359d0320a3cba1e2bbec08ca
MD5: 8f67bd67f4bd752837276caff870e474
VirusTotal dection ratio: 0/54
Analysis date:2014-06-28

[/os/windows/utilities] permanent link

Sat, Aug 02, 2014 10:38 pm

phpMyAdmin SQL History

If you need to see a recent history of SQL commands you've run inside phpMyAdmin, you can see recently entered commands by clicking on the SQL icon, which is a box with "SQL" in red letters within it, that occurs just below "phpMyAdmin" at the upper, left-hand side of the phpMyAdmin window.

phpMyAdmin SQL icon

Once you click on that icon, another small window will pop up which contains a tab labeled SQL history.

phpMyAdmin SQL history tab

Click on that tab to see the recently entered SQL commands

[/network/web/tools/phpmyadmin] permanent link

Sat, Aug 02, 2014 10:13 pm

Mustang PEBuilder 2 winpe_x86 exists

On a Windows 8 system, I had to kill Mustang PEBuilder 2 through the Task Manager due to it hanging while creating an ISO file. When I restarted it and clicked on Create WinPE ISO, I saw the error message below:

Folder C:\winpe_x86 exists. Move, rename or delete and try again. Program will terminate.

When I clicked on OK, the Mustang PEBuilder window closed. The C:\winpe_x86 directory gets created during the process by which Mustang PEBuilder 2 creates the .iso file. The directory and its contents are normally deleted after the ISO file is created. When it has not been deleted and I had previously seen the error message, I was able to delete the C:\winpe_x86 folder and all its contents and restart the process of building an ISO file without a problem. But this time I received "access denied" messages when attempting to delete some of the directories and files within it.

The problem was due to the directories and files being owned by TrustedInstaller. To remedy the problem, I took the following steps:

  1. Right-click on a directory that can't be deleted and choose Properties.
  2. Click on the Security tab.
  3. Click on the Advanced button.
  4. The owner will be listed as TrustedInstaller; click on Change then in the "Enter the object name to select" field, type Administrators.
  5. Click on OK.
  6. Click on the checkbox next to "Replace owner on subcontainers and objects" to check the box.
  7. Click on the Apply button.
  8. In the "Permission entries" list, make sure Administrators have "Full control".
  9. Check the checkbox for "Replace all child object permission entries with inheritable permission entries from this object. When notified that this will replace explicity defined permissions on all descendants of this object with inheritable permissions, click on Yes.
  10. Click on the Apply button.
  11. You can now close the "Advanced Security Settings" window by clicking on OK.
  12. You can click on OK again to close the Properties window for the directory.

You should now be able to delete the directory and all subdirectories and files within it.

References:

  1. Windows 7 - How to Delete Files Protected by TrustedInstaller
    Help Desk Geek

[/os/windows/utilities/diagnostic/mustang] permanent link

Thu, Jul 31, 2014 10:48 pm

Uninstalling Shoutbox on an SMF 2.0.x forum

Since I had replaced Shoutbox on a Simple Machines Forum (SMF) site running SMF 2.0.8 with CometChat, I was asked to uninstall the Shoutbox mod and delete the files associated with it from the site.

SMFPacks Shoutbox 1.0.3 was shown in the packages list, but there was no option to install or uninstall it, only options to "List Files" or "Delete". But there was a configuration page for it within the forum software. That page showed that Shoutbox was disabled.

I found in the Packages directory for the forum there was a SMFPacks_Shoutbox.zip file. When I unzipped the file and checked the package-info.xml for it, I saw the following in the installation section for 1.x versions of SMF:

<!-- 1.1.x -->
<install for="1.1-1.1.99">

There was an installation section for 2.0.x versions of SMF as well:

<!-- 2.0.x -->
<install for="2.0">

Since it did not list a range of version numbers, I went to Admin, then Package Manager and then clicked on the Advanced link at the bottom of the list of mods. I then changed the Emulate Version value from 2.0.8 to 2.0 and clicked on the Apply button. I was then able to uninstall SMFPacks Shoutbox 1.0.3 and delete the files associated with it. I then clicked on the Advanced link again at the bottom of the list of mods, clicked on Revert beneath Emulate Version, and then clicked on the Apply button to put Emulate Version back to its original value.

[/network/web/forums/smf] permanent link

Sun, Jul 27, 2014 5:30 pm

Copying a MySQL table from one database to another

To copy a MySQL table, both the structure and data, from one database to another, the following two commands can be used inside MySQL where db1 is the original database and db2 is the new database and table is the name of the particular table you wish to copy.

CREATE TABLE db2.table LIKE db1.table;
INSERT INTO db2.table SELECT * FROM db1.table;

[/software/database/mysql] permanent link

Sun, Jul 27, 2014 4:30 pm

Showing all MySQL databases or all tables in a database

For MySQL on a Linux system, if you need a list of all MySQL databases you can display a list of the databases by logging into MySQL and then issuing the command show tables; or from a shell prompt you can issue the command mysqlshow -u username -p where username is a MySQL username. The -p option will result in a prompt for the password associated with the username.
$ mysqlshow -u jdoe -p
Enter password:
+--------------------+
|     Databases      |
+--------------------+
| information_schema |
| jdoedbf            |
| test               |
| tokyo              |
+--------------------+
If you need a list of all tables in a MySQL database, you can display a list of tables by logging into MySQL with an account that has access to the database and then issuing the command show tables; or from a shell prompt you can issue the command mysqlshow -u username -p dbname where username is the account with access to the database and dbname is the name of the database. The -p option will prompt for the password for the account.
$ mysqlshow -u jdoe -p products

If you need to find a table with particular text in the name, you can pipe the output of the mysqlshow command into grep. E.g., if you were looking for a table in a database named "products" with many tables that contained "cat" as part of the name of the table, you could use something like the following:

$ mysqlshow -u jdoe -p products | grep cat

[/software/database/mysql] permanent link

Sat, Jul 19, 2014 5:17 pm

Taking a screenshot with scrot

Scrot is a command line screen capturing application for Linux systems developed by Tom Gilbert. If the package is installed, you can type scrot imagefile to take a snapshot of the screen and store it in the file named imagefile, e.g., scrot test.png. If you don't want the terminal window from which you ran the command captured in the screenshot, you can issue the sleep command followed by some delay in seconds followed by a semicolon and then the scrot command to give you time to minimize the terminal window from which you ran the command. E.g.:
$ sleep 10; scrot test.png

The above command would give you 10 seconds to minimize the terminal window and any other open windows you didn't want to see in the screenshot. The results of the screenshot would be stored in the directory from which the command was run in the file test.png. Or you can use the scrot command's own delay parameter, -d or --delay followed by the number of seconds of delay you wish to give yourself before scrot captures the screen, e.g., scrot -d 10.

For help on the utility issue the command scrot --help.

scrot --help
Usage : scrot [OPTIONS]... [FILE]
  Where FILE is the target file for the screenshot.
  If FILE is not specified, a date-stamped file will be dropped in the
  current directory.
  See man scrot for more details
  -h, --help                display this help and exit
  -v, --version             output version information and exit
  -b, --border              When selecting a window, grab wm border too
  -c, --count               show a countdown before taking the shot
  -d, --delay NUM           wait NUM seconds before taking a shot
  -e, --exec APP            run APP on the resulting screenshot
  -q, --quality NUM         Image quality (1-100) high value means
                            high size, low compression. Default: 75.
                            For lossless compression formats, like png,
                            low quality means high compression.
  -m, --multidisp           For multiple heads, grab shot from each
                            and join them together.
  -s, --select              interactively choose a window or rectangle
                            with the mouse
  -u, --focused             use the currently focused window
  -t, --thumb NUM           generate thumbnail too. NUM is the percentage
                            of the original size for the thumbnail to be,
                            or the geometry in percent, e.g. 50x60 or 80x20.
  -z, --silent              Prevent beeping

  SPECIAL STRINGS
  Both the --exec and filename parameters can take format specifiers
  that are expanded by scrot when encountered.
  There are two types of format specifier. Characters preceded by a '%'
  are interpreted by strftime(2). See man strftime for examples.
  These options may be used to refer to the current date and time.
  The second kind are internal to scrot  and are prefixed by '$'
  The following specifiers are recognised:
                  $f image path/filename (ignored when used in the filename)
                  $m thumbnail path/filename
                  $n image name (ignored when used in the filename)
                  $s image size (bytes) (ignored when used in the filename)
                  $p image pixel size
                  $w image width
                  $h image height
                  $t image format
                  $$  prints a literal '$'
                  \n prints a newline (ignored when used in the filename)
  Example:
          scrot '%Y-%m-%d_$wx$h_scrot.png' -e 'mv $f ~/images/shots/'
          Creates a file called something like 2000-10-30_2560x1024_scrot.png
          and moves it to your images directory.

This program is free software see the file COPYING for licensing info.
Copyright Tom Gilbert 2000
Email bugs to <scrot_sucks@linuxbrit.co.uk>

You can also type man scrot to see information on use of the utility.

References:

  1. Scrot
    Wikipedia, the free encyclopedia
  2. The Tom Gilbert Blog

[/os/unix/linux/utilities/graphics] permanent link

Sat, Jul 19, 2014 1:11 pm

Steps for taking a screenshot in GIMP

Steps for taking a screenshot in GNU Image Manipulation Program (GIMP), which is a free graphics program available for Linux, Mac OS X, Solaris, and Microsoft Windows systems.
  1. Click on File.
  2. Select Create.
  3. Select Screenshot.
  4. When the GIMP screenshot window opens, you will have the option of selecting the area for the screenshot.
    Area
    • Take a screenshot of a single window
      [ ] Include window decoration
    • Take a screenshot of the entire screen
      [ ] Include mouse pointer
    • Select a region to grab
    Delay [ 0 ] seconds

    At the end of the delay, click in a window to snap it.

  5. When you have selected the option you want, click on the Snap button.

If you choose to take a screenshot of a single window, the cursor will change to something similar to a "+". Move the cursor over the appropriate window and that window will be pasted into a GIMP window when you click on the window. Note: make sure you don't have any windows overlapping the one you wish to capture, otherwise you may see a portion of an overlapping window in the screenshot.

If you don't want to capture the border around a window, scrollbars for the window, and any application menu at the top of the window, uncheck "Include window decoration.

If you choose "Take a screenshot of the entire screen", a snapshot will be taken of the entire screen including the GIMP window.

If you select a region to grab, the cursor will change as above. You can then click in one corner of the area of the screen you wish to include in the snapshot then drag the mouse to a diagonal corner while holding the mouse button down. When you release the button, the area selected will be captured.

Once you have the screen shot, you can create a GIF, JPG, PNG, etc. image file from the screenshot by clicking on File and selecting Export.

[/software/graphics/gimp] permanent link

Fri, Jul 18, 2014 8:53 pm

Determining the default browser from the command line

If you need to determine the default browser on a system running Microsoft Windows, you can look in the registry at HKEY_CLASSES_ROOT\http\shell\open\command

Default browser in registry

To determine the default browser from the command line, you can use the command reg query HKEY_CLASSES_ROOT\http\shell\open\command /ve.

C:\>reg query HKEY_CLASSES_ROOT\http\shell\open\command /ve

HKEY_CLASSES_ROOT\http\shell\open\command
    (Default)    REG_SZ    "C:\Program Files\Network\Web\Mozilla Firefox\firefox.exe" -osint -url "%1"

If you just wanted a true or false result for determining whether Firefox is the default browser, you could pipe the output of the reg query command to the find command as below. A result of 0 means "false", i.e., Firefox is not the default browser and a result of 1 means it is the default browser.

C:\>reg query HKEY_CLASSES_ROOT\http\shell\open\command /ve | find /c /i "firefox"
1

Reference:

  1. How Does Your Browser Know that It’s Not The Default?
    Date: March 23, 2007
    The New Old Thing | Absurdity in Its Fullest

[/network/web/browser] permanent link

Tue, Jul 08, 2014 10:57 pm

Junos Pulse VPN Client Issue on Mac OS X

The Junos Pulse 5.0.3 VPN client had been working fine on my Mac OS X laptop for quite some time, but recently whenever I opened it, it would show "Disconnecting". I could click on the Connect button, which resulted in the application displaying "connect requested", but the application would never connect nor disconnect. I could select "Close Junos Pulse" in the application, but when I restarted the application I was in the same situation. I could probably have resolved the problem by rebooting, but since I had a lot of applications and files open and didn't want to have to close all the files and applications, I looked for another alternative. Issuing the following commands at a command prompt from a terminal window allowed me to eliminate the problem without rebooting.
$ launchctl unload -w /Library/LaunchAgents/net.juniper.pulsetray.plist
$ sudo launchctl unload -w /Library/LaunchDaemons/net.juniper.AccessService.plist
Password:
$ osascript -e 'tell application "Junos Pulse" to quit'

The account I was logged in under had adminisrator level access, so I simply provided its password at the password prompt above.

When I reopened Junos Pulse afterwards, it wasn't showing any available connections, so I closed it and then issued the commands below.

$ sudo launchctl load -w /Library/LaunchDaemons/net.juniper.AccessService.plist
$ launchctl load -w /Library/LaunchAgents/net.juniper.pulsetray.plist

When I then reopened the Junos Pulse application through the Finder, I saw the VPN connection I normally use and was able to successfully establish a VPN connection. And I was able to disconnect without a problem afterwards.

[/os/os-x] permanent link

Sun, Jun 29, 2014 8:58 pm

Showing permissions for MySQL databases

Any of the following commands can be used to view privileges on MySQL databases for the currently logged in user:

SHOW GRANTS;
SHOW GRANTS FOR CURRENT_USER;
SHOW GRANTS FOR CURRENT_USER();

E.g., if logged into MySQL as the user joe:

mysql> show grants;
+----------------------------------------------------------------------------------------------------+
| Grants for joe@localhost                                                                           |
+----------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'joe'@'localhost' IDENTIFIED BY PASSWORD '75ac044c66d44642'                  |
| GRANT ALL PRIVILEGES ON `family`.* TO 'joe'@'localhost'                                            |
| GRANT ALL PRIVILEGES ON `partslist`.* TO 'joe'@'localhost'                                         |
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ON `tokyo`.`tokyo` TO 'joe'@'localhost'               |
+----------------------------------------------------------------------------------------------------+
4 rows in set (0.00 sec)

To show databases for which the user has access, the show databases command can be used:

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| family             |
| partslist          |
| tokyo              |
+--------------------+
4 rows in set (0.00 sec)

To see which users have access to a particular database, you use the command select user from mysql.db where db='dbname';, where dbname is the name of the relevant database, if you are logged into an account with administrator privileges, e.g., as root. E.g. for a database named partslist:

mysql> select user from mysql.db where db='partslist';
+------+
| user |
+------+
| joe  |
+------+
1 row in set (0.01 sec)

[/software/database/mysql] permanent link

Sun, Jun 29, 2014 7:40 pm

Dropping tables with a similar prefix from a MySQL database

I wanted to remove all of the tables from a MySQL database where the tables all had names starting with a similar prefix. Rather than deleting the tables one by one, I wanted to reduce the time and typing on my part to drop all of the tables. One way to do so is to use the mysqldump command to create a file that contains all of the needed DROP commands. You can issue a mysqldump command similar to the following where user is a user name with permissions to access the database and database is the name of the database:

mysqldump -u user -p database > dump.sql

The -p option will prompt you for the password for the user. E.g., supposing the user name is jdoe and the database is named jdoe_db:

$ mysqldump -u jdoe -p jdoe_db > dump.sql
Enter password:

Then, on a Unix/Linux/ system, you can use the grep command to search for lines in the dump.sql file produced by the mysqldump command for "DROP TABLE IF EXISTS" and then pipe that output into another grep command that searches only for lines containing the particular string in the table name that you want to key on for dropping tables. E.g., suppose you want to drop all tables that have example as part of the table name:

$ grep "DROP TABLE IF EXISTS" dump.sql | grep example > drop.sql

You can check the drop.sql file output by the above commands to verify that only the particular tables you wish to drop will be removed from the database.

$ more drop.sql

DROP TABLE IF EXISTS `example_settings`;
DROP TABLE IF EXISTS `example_smileys`;
DROP TABLE IF EXISTS `example_spiders`;

If you are satisfied that only the tables you want removed from the database will be deleted from the database, you can then issue the command:

mysql -u user -p database < drop.sql

E.g., for the example above, you could use:

$ mysql -u jdoe -p joe_db < drop.sql
Enter password:

The dump.sql and drop.sql files can then be deleted.

[/software/database/mysql] permanent link

Sat, Jun 21, 2014 12:23 pm

Prepending a character to all values in a column

I needed to prepend a "/" value to a directory field in a MySQL table named files for every entry in the table. With a column named Directory in the table, that can be done using the UPDATE command. E.g.:

UPDATE fles SET Directory = Concat('/', Directory);

[/software/database/mysql] permanent link

Tue, Jun 17, 2014 11:24 am

Creating a business category in Quicken 2014

I wanted to create a new business expense category in Quicken 2014 named Hardware. But when I created a new expense category, the category always defaulted to be a personal expense. I could not locate a means to specify that I wanted the new category to be in the business rather than personal group and I didn't see any way to change the classification to business after the category was created. I could put the new business expense category as a subcategory beneath an existing business category, but that is not what I wanted to do. There is a way to put the new category as a top-level category in the business group rather than have it be a subcategory, though, by first creating it as a subcategory and then changing it.
  1. Click on Tools.
  2. Select Category List.
  3. Click on the Add Category button.
  4. Type a name for the new category in the Category Name field.
  5. Select the Subcategory of radio button and pick a business category, such as "Supplies (Business)". Add a description if you like.
  6. Click on the Tax Reporting tab and make any changes, if any are needed, there.
  7. Click on OK.
  8. Right-click on the new category in the category list, then select the Expense radio button, rather than the Subcategory of one.
  9. Click on OK.
  10. Click on Done to close the Category List window.

The category will remain as a business category after the change.

[/financial] permanent link

Sat, May 17, 2014 2:20 pm

Turning airplane mode on and off under Windows 8

To enable or disable "airplane mode" on a Windows 8 system, you can take the following steps.

[/os/windows/win8] permanent link

Sat, Apr 19, 2014 4:47 pm

Making Firefox the default browser

If you wish to make Firefox the default browser on a Microsoft Windows system, take the following steps:
  1. Open Firefox.
  2. Use Alt-T, i.e., the Alt and T keys simultaneously, to bring up the tools menu.
  3. Select Options.
  4. Click on the Advanced tab.
  5. Click on the Make Firefox the default browser button.

    Firefox Options

  6. At the Set Default Programs window which then opens, click on Firefox.

    Set Default Programs

  7. Click on Set this program as default.
  8. Click on the OK button. You can then close the Default Programs window.
  9. You should now see "Firefox is currently your default browser" in the Options window where the Make Firefox the default browser button appeared previously.

    Firefox Options

    Click on the OK button in the Options window.

Note: applies to Firefox 28 as well as earlier versions.

[/network/web/browser/firefox] permanent link

Mon, Apr 14, 2014 9:47 pm

QuickBooks company files list from registry

If you wish to see the list of previously opened company files that would be displayed inside QuickBooks when QuickBooks is open, but no company file is open, without opening QuickBooks, you can query the registry key HKEY_CURRENT_USER\Software\Intuit\QuickBooksCommon\QBFinder using the reg query command. E.g.:
C:\Users\JDoe>reg query HKEY_CURRENT_USER\Software\Intuit\QuickBooksCommon\QBFinder

HKEY_CURRENT_USER\Software\Intuit\QuickBooksCommon\QBFinder
    0    REG_SZ    c:\users\jdoe\documents\quickbooks\csi\c.s.i.qbw|23|professional
    1    REG_SZ    c:\users\jdoe\documents\quickbooks\moonpoint\moonpoint.qbw|23|professional

The .qbw files displayed would be ones you could select by clicking on them from the "No Company Open" window inside QuickBooks. The "|23|professional" at the end can be ignored, if you only want to know the file names and locations. The directory path and file names displayed can then be used to backup any relevant QuickBooks files to another location for archiving, for instance, without needing to open QuickBooks.

[/financial] permanent link

Mon, Apr 14, 2014 9:19 pm

QuickBooks company file needs to be updated

If you see the following message when you attempt to open a company file from a prior version of QuickBooks in QuickBooks 2013, which prevents you from opening the file, you will need to provide a user name and password for a QuickBooks account that has administrator level access to the file instead of the account credentials you are using.

Warning

This company file needs to be updated. Please ask your QuickBooks Administrator to update the file.

  OK  

[/financial] permanent link

Sun, Apr 06, 2014 9:40 pm

Printing to a PDF File with CutePDF Writer

Microsoft Windows operating systems don't provide by default an application to print files in PDF format, but the CutePDF™ Writer program from Acro Software Inc. is free and will give you the capability to produce a PDF file as output from almost any application that supports printing.

[ More Info ]

[/reviews/software/windows/utilities/pdf] permanent link

Wed, Apr 02, 2014 11:00 pm

Determining the day of the week for a date

I needed to determine the day of the week for a particular date several years in the past. Rather than page back through the years using a GUI calendar, I thought I'd do it from the command line on a Linux system to which I had logged in by SSH, but couldn't remember the format for the command to display the day of the week, so had to look it up. The date command on a Linux system can be used to display information for dates other than the current one.
NAME
       date - print or set the system date and time

SYNOPSIS
       date [OPTION]... [+FORMAT]
       date [-u|--utc|--universal] [MMDDhhmm[[CC]YY][.ss]]

DESCRIPTION
       Display the current time in the given FORMAT, or set the system date.

       -d, --date=STRING
              display time described by STRING, not ‘now’

There were several format options available to me.

%a locale’s abbreviated weekday name (e.g., Sun)
%A locale’s full weekday name (e.g., Sunday)
%u day of week (1..7); 1 is Monday
%w day of week (0..6); 0 is Sunday

I wanted to determine the day of the week for May 30, 2005, so I could use YYYYMMDD, i.e., 20050530 for the date with any of those format parameters.

$ date --date="20050530" +%a
Mon
$ date --date="20050530" +%A
Monday
$ date --date="20050530" +%u
1
$ date --date="20050530" +%w
1

A calendar can be displayed at a shell prompt using the cal command as well that will show you the day of the week for a date using ASCII characters, e.g.:

$ cal 05 2005
      May 2005
Su Mo Tu We Th Fr Sa
 1  2  3  4  5  6  7
 8  9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31

From that calendar, I can see that May 30 in 2005 was a Monday.

[/os/unix/commands] permanent link

Mon, Mar 31, 2014 11:03 pm

Determining the boot disk for an OS X system

The bless command, which can be run from a Terminal window, can be used to determine the boot disk on an OS X system:
$ bless --info --getBoot
/dev/disk0s2

If you are interested in more details for that drive, you can use the diskutil info command followed by the drive's designation. E.g.:

$ diskutil info /dev/disk0s2
   Device Identifier:        disk0s2
   Device Node:              /dev/disk0s2
   Part of Whole:            disk0
   Device / Media Name:      Customer

   Volume Name:              Macintosh HD
   Escaped with Unicode:     Macintosh%FF%FE%20%00HD

   Mounted:                  Yes
   Mount Point:              /
   Escaped with Unicode:     /

   File System Personality:  Journaled HFS+
   Type (Bundle):            hfs
   Name (User Visible):      Mac OS Extended (Journaled)
   Journal:                  Journal size 24576 KB at offset 0x1119b000
   Owners:                   Enabled

   Partition Type:           Apple_HFS
   OS Can Be Installed:      Yes
   Media Type:               Generic
   Protocol:                 SATA
   SMART Status:             Verified
   Volume UUID:              A140B2C6-4C4F-3B14-B179-C1A7FE0325D4

   Total Size:               249.2 GB (249199599616 Bytes) (exactly 486717968 512-Byte-Blocks)
   Volume Free Space:        56.4 GB (56438132736 Bytes) (exactly 110230728 512-Byte-Blocks)
   Device Block Size:        512 Bytes

   Read-Only Media:          No
   Read-Only Volume:         No
   Ejectable:                No

   Whole:                    No
   Internal:                 Yes
   Solid State:              No

[/os/os-x] permanent link

Sun, Mar 30, 2014 10:38 pm

OnlineWebCheck HTML Validator

I've been using the Markup Validation Service provided by the World Wide Web Consortium (W3C) to check for errors in the HTML code for webpages on this site, but recently came across another such free service, the Free HTML & CSS Validation Service at OnlineWebCheck.com. Like the W3C service, you can provide a URL for your website to be analyzed for HTML errors. The service will display any errors found on a submitted page and warnings for page elements that aren't errors, but which may deserve closer scrutiny. The online service is free and allows you to check URLs one-by-one. The service uses CSE HTML Validator Pro, which is software that runs on Microsoft Windows systems, or Linux and Mac OSX with Wine. There is a free version of that software available for download as well as paid versions with more features - see Compare CSE HTML Validator Editions. I haven't yet tried that software on a Microsoft Windows system yet, though, but have only used the online validation service.

I found the service yesterday when the W3C service wasn't responding. One warning I received for a submitted page was for the lack of a language specification within the <HTML> start tag. The warning was:

The natural primary language is not specified. It is highly recommended that the "lang" and/or "xml:lang" (for XHTML) attributes be used with the "html" element to specify the primary language. For example, add the attribute lang="en" for English or lang="fr" for French. Specifying the language assists braille translation software, speech synthesizers, translation software, and has other benefits.

<html>

I had been including the following within the <head> section:

<meta name="language" content="english">

The OnlneWebCheck.com validator noted in regards to it, though:

Remove this meta tag and use the "lang" attribute on the "html" element if trying to specify the document's language, or use a "dcterms.language" meta tag instead. Furthermore, "language" is not a recognized metadata name. Visit http://www.w3.org/TR/html5/document-metadata.html#standard-metadata-names and http://wiki.whatwg.org/wiki/MetaExtensions for more information.

<meta name="language" content="english">

Though the W3C validation service had never issued any warnings nor errors related to the lack of inclusion of the language attribute within the <HTML> tag or use of the meta tag, at the W3C site at Specifying the language of content: the lang attribute webpage, I found:

Language information specified via the lang attribute may be used by a user agent to control rendering in a variety of ways. Some situations where author-supplied language information may be helpful include:
  • Assisting search engines
  • Assisting speech synthesizers
  • Helping a user agent select glyph variants for high quality typography
  • Helping a user agent choose a set of quotation marks
  • Helping a user agent make decisions about hyphenation, ligatures, and spacing
  • Assisting spell checkers and grammar checkers

The recommendation made for assisting search engines and browsers to determine the language for webpages is to include the language attribute within the <html> tag as shown below:

<html lang="en">
...
</html>

Or for XHTML:

<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
...
</html>

So, I decided to modify the template that I use for pages to include the language attribute within the <html> tag, i.e., to use <html lang="en">, and to include the attribute within the <html> tag for Blosxom's head.html file.

If a page is in another language than English, the appropriate code can be chosen from the ISO 639-1 two-letter language codes. ISO 639-1 defines abbreviations for languages. In HTML and XHTML they can be used in the lang and xml:lang attributes.

[/network/web/design] permanent link

Sat, Mar 29, 2014 4:24 pm

Google Analytics Add-on for Google Sheets

If you use Google Analytics, for monitoring your website, Google now provides an add-on for Google Sheets, which is Google's equivalent to Microsoft Excel, available through Google Docs, that allows you to incorporate Google Analytics data within a Google Sheets worksheet.

[ More Info ]

[/network/web/services/google] permanent link

Sat, Mar 29, 2014 10:19 am

Cell Padding in a Table

There are multiple ways to add padding around text within cells in a table. Specifying <table cellpadding="ypx"> with y representing the number of pixels of padding will add padding to the left, right, top, and bottom of the text. If you only wish to have additional padding at the left and right of the text, you can do so by CSS, e.g.:
<style type="text/css">
   .padded {padding-left: 10px; padding-right: 10px;}
</style>

You can then apply the class "padded" to each td in the table.

[ More Info ]

[/network/web/design] permanent link

Fri, Mar 28, 2014 10:12 pm

Problem with Blosxom calendar cache

I use the Calendar Plugin for Blosxom on this site. When I checked the site with the Xenu Link Sleuth tool, which reveals broken links, today I found it reporting errors for urls with "//" in the directory path in the URL. It took me a few minutes to realize that the errors were due to the calendar displayed for the blog that points to prior entries. When I looked at the URLs for various days on this month's calendar, I saw that the links were all appearing similar to the following one:

http://support.moonpoint.com/blog/blosxom/2014/03//RS=%5EADAZpNNfKrcEOr1DFixlJAHJ_euLow-/2014/03/04/2014/03/2014/03/01/

They had "RS=" and "euLow-" followed by repetitions of the year and month in the URL. I knew that the links had been appearng normally, so I suspected the problem was caused when I posted an entry this morning. Sometimes when I've worked on something previously, but not yet posted it, I will change the time on the file associated with the entry to point to the date and time I worked on it or when I edit an entry I may set its time stamp to the original date and time after I've finished editing it. I had done that this morning, so I suspected there was a problem with the calendar's cache file, .calendar.cache, which is located in the Blosxom plugins state directory, plugins/state. The file can be deleted; it will be recreated automatically when the Blosxom blog is viewed again. I deleted the file and refreshed the page in the browser with which I was viewing the site and all of the links for the calendar then appeared normally.

[/network/web/blogging/blosxom] permanent link

Fri, Mar 28, 2014 9:22 pm

Xenu Link Sleuth

When I checked the error log for this site this morning, I noticed an entry pointing to a nonexistent file on the site, which led me to check the Apache CustomLog file to look for information on why someone might have followed a link to a file that never existed on the site. I didn't discover the source of the incorrect link, but in the process of checking for that incorrect link I found a very useful tool, Xenu Link Sleuth, that revealed a signficant problem with the site due to a change I made this morning and pointed out broken internal links on the site.

[ More Info ]

[/network/web/tools] permanent link

Fri, Mar 28, 2014 10:46 am

Determing the NTP servers in use on a Mac OS X system

If you need to know the Network Time Protocl (NTP) server in use on a Mac OS X system you can use the command systemsetup -getnetworktimeserver or you can look at the contents of the /etc/ntp/conf file.
$ systemsetup -getnetworktimeserver
Network Time Server: ntp.example.com
$ cat /etc/ntp.conf
server ntp.example.com minpoll 12 maxpoll 17
server time.apple.com

The minpoll and maxpoll values specify the minimum and maximum poll intervals for querying the time server as a power of 2 in seconds. So, for the example above, where the time server is ntp.example.com, the minimum interval is 2 to the power of 12 or 4,096 seconds, which is a little over an hour (1.14 hours). The minimum interval defaults to 6, which equates to 2 to the power of 6, which is 64 seconds. The maximum interval defaults to 10, i.e. 2 raised to the power 10, which is 1,024 seconds. The upper limit for the value is 17, which is 36.4 hours. A secondary time server is also shown in the example above. The secondary time server could be used when the primary one is unavailable.

[/os/os-x] permanent link

Wed, Mar 26, 2014 9:21 pm

Green border around Google Sheets cell

If a green border appears unexpectedly around a cell in a Google Sheets spreadsheet, then the worksheet is likely open elsewhere. If you've shared the spreadsheet, someone with whom you have shared it may have it open or you may have it open on another system or even in another tab within your browser. In that case the cell that is currently selected in the other open instance of the worksheet will be highlighted by a green border. At the top of the worksheet you will also see the number of other instances of the open worksheet. If it is open in just one other place you will see "1 other viewer" at the top right of the worksheet next to a green square.

1 other 
viewer

If you move the cursor over the cell with the green border, you will see the name of the other user displayed, or your own logged in name, if you have the worksheet open multiple times. You can also put the cursor over the green squares at the top right area above the spreadsheet to see those names. If the worksheet was open more than twice, e.g., if it was open 3 times, you would see additional green boxes corresponding to the number of other open instances of it.

2 other viewers

[/network/web/services/google] permanent link

Tue, Mar 25, 2014 9:13 pm

Not enough free disk space for Entourage

If Entourage display the message "Your hard disk is full. The Entrourage database requires additional free space. Entourage will now quit so you can make more space available on your hard disk by moving or deleting files.", if you store a lot of email one area where you may be able to free disk space is in old identities or backups for an identity beneath ~/Documents/Microsoft User Data

[More Info ]

[/os/os-x/software/office] permanent link

Mon, Mar 24, 2014 8:17 am

Attempted SQL injection attack

When I checked the webserver's error log file this morning, I noticed the following two entries related to the IP address 221.11.108.10:

[Mon Mar 24 08:15:07 2014] [error] [client 221.11.108.10] File does not exist: / home/jdoe/public_html/ctscms
[Mon Mar 24 08:15:12 2014] [error] [client 221.11.108.10] File does not exist: /home/jdoe/public_html/plus, referer: http://support.moonpoint.com/plus/search.php?keyword=as&typeArr[111%3D@`\\'`)+and+(SELECT+1+FROM+(select+count(*),concat(floor(rand(0)*2),(substring((select+CONCAT(0x7c,userid,0x7c,pwd)+from+`%23@__admin`+limit+0,1),1,62)))a+from+information_schema.tables+group+by+a)b)%23@`\\'`+]=a

There is no ctscms file nor directory, nor do I use a search.php file, nor even have a directory named plus on this web site, so the queries seemed suspicious.

Performing a Google search on the attempted query to search.php, which appears to be an SQL query, I found links to a number of sites in the Chinese language. E.g., dedecms plus / search.php latest injection vulnerability (translated to English).

The query I saw in the Apache error log appeared to be an SQL injection attack. In Arrays in requests, PHP and DedeCMS, an InfoSec Handlers Diary Blog entry, I found the following in relation to an SQL injection attack used against /plus/download.php, which is a PHP script associated with the DedeCMS Content Management System (CMS):

And this definitely looks malicious. After a bit of research, it turned out that this is an attack against a known vulnerability in the DedeCMS, a CMS written in PHP that appears to be popular in Asia. This CMS has a pretty nasty SQL injection vulnerability that can be exploited with the request shown above.

So I blocked any further access to the server hosting this site from that IP address using a route reject command.

# route add 221.11.108.10 reject
[root@frostdragon ~]# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
221.11.108.10   -               255.255.255.255 !H    0      -        0 -
171.216.29.9    -               255.255.255.255 !H    0      -        0 -

The 221.11.108.10 IP address is allocated to an entity in China. I blocked another Chinese IP address, 171.216.29.9 two days ago.

The Arrays in requests, PHP and DedeCMS blog entry indicated the attacker discussed in that article was using a script that identified itself with a user agent string of WinHttp.WinHttpRequest:

Additionally, as you can see in the log at the top, the User Agent string has been set to WinHttp.WinHttpRequest, which indicates that this request was created by a script or an attack tool executed on a Windows machine.

When I checked the Apache CustomLog to see what user agent string was submitted with the queries to this site, I saw it was "Googlebot/2.1", so the attacker appears to be using an updated script. that misidentifies itself as Googlebot. The Internet Storm Center blog entry was posted 6 months ago and discusses a log entry from September 5, 2013. The log entry posted in that article shows a source IP address of 10.10.10.10, which is a private IP address substituted in the article for the actual IP address from which the attack originated.

I saw the following in my log:

221.11.108.10 - - [24/Mar/2014:08:15:07 -0400] "GET /ctscms/ HTTP/1.1" 404 291 "
-" "Googlebot/2.1 (+http://www.google.com/bot.html)"
221.11.108.10 - - [24/Mar/2014:08:15:12 -0400] "GET /plus/search.php?keyword=as&
typeArr[111%3D@`\\'`)+and+(SELECT+1+FROM+(select+count(*),concat(floor(rand(0)*2
),(substring((select+CONCAT(0x7c,userid,0x7c,pwd)+from+`%23@__admin`+limit+0,1),
1,62)))a+from+information_schema.tables+group+by+a)b)%23@`\\'`+]=a HTTP/1.1" 404
 299 "http://support.moonpoint.com/plus/search.php?keyword=as&typeArr[111%3D@`\\
'`)+and+(SELECT+1+FROM+(select+count(*),concat(floor(rand(0)*2),(substring((sele
ct+CONCAT(0x7c,userid,0x7c,pwd)+from+`%23@__admin`+limit+0,1),1,62)))a+from+info
rmation_schema.tables+group+by+a)b)%23@`\\'`+]=a" "Googlebot/2.1 (+http://www.go
ogle.com/bot.html)Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, a
pplication/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-power
point, application/msword, */*"

References:

  1. Stopping an Attacker with the Route Reject Command
    MoonPoint Support
    Date: April 15, 2007
  2. Arrays in requests, PHP and DedeCMS
    Internet Storm Center
    By: Bojan, ISC Handler

[/security/attacks] permanent link

Sun, Mar 23, 2014 2:08 pm

Julian date in spreadsheets

The ordinal date, i.e., the day of the year, is a number that ranges from 1 for January 1 through 365 or 366 for December 31, depending if the year is a leap year. The ordinal date is also referred to as the "Julian date", though in astronomy "Julian date" is not the ordinal date, but a serial date system starting on January 1, 4713 B.C.E.

If you wish to display the current ordinal date in a spreadsheet, such as a Microsoft Excel or a Google Sheets worksheet you can use the formula below:

=TEXT(TODAY() ,"yyyy")&TEXT((TODAY() -DATEVALUE("1/1/"&TEXT(TODAY(),"yy"))+1),"000")

That formula will insert the current day in Julian format with a four-digit year. E.g. for March 23, 2014, it would result in 2014082 appearing in the cell where the forumla is used, since March 23, 2014 is the 82nd day of 2014. If you just wish to display the day of the year and not the year, you can use the formula below:

=TEXT((TODAY() -DATEVALUE("1/1/"&TEXT(TODAY(),"yy"))+1),"000")

That forumula will display 082 in the cell in which the formula is used.

References:

  1. Insert Julian dates
    Support - Office.com

[/os/windows/office/excel] permanent link

Sun, Mar 23, 2014 1:31 pm

W3C Validation

The World Wide Web Consortium (W3C) is an international standards organization for the World Wide Web (WWW). Among the services offered by the W3C are a Markup Validation Service a Link Checker, a CSS Validation Service, and RSS Feed Validation Service. The services are free.

The markup validation service allows you to submit a URL for a webpage to be checked by the service or to upload an HTML file to be checked for incorrect HTML code. If the code in a webpage is incorrect, you may not see the results you expect for the webpage when it is displayed in a browser or it may display incorrectly in some browsers used by visitors to the page. The W3C tool will notify you of the types of errors on the page and the line numbers on which they are found. You can match those lines numbers with the appropriate lines in the code in browsers that allow you to view the source code of a page.

You can provide a URL to the link checker tool and it will determine if any of the links on the webpage are invalid.

The CSS validation service allows you to check the validity of Cascading Style Sheets (CSS) used on webpages to control the appearance and formatting of the pages. You can provide a URL for a CSS or upload a CSS file to be verified.

The W3C Feed Validation Service will check the syntax of Atom or RSS feeds. E.g., if you use RSS to publish updated information on blog entries, you can provide the URL for the index.rss file on your site.

The W3C provides other tools as well at Quality Assurance Tools. All of the software developed at the W3C is Open Source / Free software, which means that you can use the software for free and download the code, if you wish. You can also modify the code to suit your own purposes, if you wish.

There is also a paid W3C Validator Suite™, if you wish to have the W3C validate an entire site automatically rather than you validating pages individually.

Note: the W3C validation services can't check pages that require authentication, but can only check pages that are accessible from the Internet without passwords or files that you upload to be checked.

[/network/web/design] permanent link

Sat, Mar 22, 2014 10:49 pm

Blocking Internet access except for virus scanning sites

After a system became infected with malware, I disconnected its network cable then added rules to the firewall separating it from the Internet to block all Internet access except for DNS access to its designated DNS server provided by the user's ISP. I then granted access to the VirusTotal IP addresses on all ports. VirusTotal is a website belonging to Google that will allow you to scan files you upload to it with multiple antivirus programs to determine if they may be malware.
NameIP Addresses
virustotal.com 216.239.32.21
216.239.34.21
216.239.36.21
216.239.38.21
www.virustotal.com 74.125.34.46

After implementing the firewall rules, I reconnected the network cable to the system.

Since accessing http://virustotal.com redirects one to http://www.virustotal.com, I wasn't able to access the VirusTotal website until I added the IP address 74.125.34.4 to the list of destination IP addresses the infected system was allowed to access through the firewall. Even though I could then access the site's webapge and select a file to upload, I was unable to actually upload a file that I wanted to check for malware.

So I then added the IP address for the Jotti's malware scan website to the permitted outbound access list for the infected system. I was able to access it with a web browser on the system and upload a suspect file to have it scanned by the 22 antivirus programs the site currently uses to scan uploaded files.

NameIP Addresses
virusscan.jotti.org 209.160.72.83

[/security/scans] permanent link

Sat, Mar 22, 2014 5:42 pm

Blocking access from 171.216.29.98

I noticed entries in Apache's error log today associated with IP address 171.216.29.98:

[Sat Mar 22 15:23:58 2014] [error] [client 171.216.29.98] PHP Notice: Undefined index: HTTP_USER_AGENT in /home/jdoe/public_html/index.php on line 39
[Sat Mar 22 15:23:58 2014] [error] [client 171.216.29.98] PHP Notice: Undefined index: HTTP_USER_AGENT in /home/jdoe/public_html/index.php on line 46
[Sat Mar 22 15:23:58 2014] [error] [client 171.216.29.98] attempt to invoke directory as script: /home/jdoe/public_html/blog/

The error was occurring because of PHP code in the file that checks the value for HTTP_USER_AGENT.

I found that the IP address, which is allocated to a system in China, is listed at the Stop Forum Spam site as being associated with someone trying to post spam into forums today - see 171.216.29.98. And when I checked Apache's CustomLog to check the user agent for the browser the user or software program running at the site might be using to identify itself, I found that the log entries indicated that it wasn't providing user agent information, which browsers and web crawlers normally provide. The log also showed that other than that one file at the site's document root, the user or program accessing the site only queried a directory that has "forums" as part of the path. I have blog entries posted on forum software, so that may have prompted the visit to the site from that IP address, if the person or program is looking for sites where he or it can post forum spam.

I checked the "reputation" of the IP address at other sites that provide information on whether an IP address has been noted to be associated with malicous activity and found the following:

  1. Site: WatchGuard Reputation Authority
    Rating: Bad
    Reputation Score: 95/100
    Comment: The score indicates the overall ReputationAuthority reputation score, including the name and location of the ISP (Internet Service Provier), for the specified address. A score of 0-50 indicates a good to neutral reputation. 51-100 indicates that threats have been detected recently from the address and the reputation has been degraded.
  2. Site: Barracuda Reputation
    Reputation: Poor
    Comment:
  3. Site: McAfee Trusted Source
    Reputation: Unrated
    Comment:
  4. Site: Check Your IP Reputation - Miracare of Mirapoint
    Reputation: High Risk
    Comment: This IP address is used for sending Spam on a regular basis
  5. Site: BrightCloud Security Services URL/IP Lookup
    Reputation: High Risk
    Comment: Location - Chengdu, China. Spam Sources found. Webroot IP Reputation is listed as "High Risk", but lower down on the page the status assigned to the address is "Moderate Risk".

To stop any futher access to the server from that IP address, from the root account, I used the route command to reject access by the IP address.

# route add 171.216.29.9 reject

Note: the command is valid on a Linux system, but though the route command is available on a Microsoft Windows system, that operating system doesn't support the "reject" parameter.

The blocked route can be seen by issuing the route command with no parameters.

# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
171.216.29.9    -               255.255.255.255 !H    0      -        0 -

If I ever want to permit access to the server from that IP address again, I could use route del 171.216.29.9 to permit access from that address.

References:

  1. Stopping an Attacker with the Route Reject Command
    MoonPoint Support
    Date: April 15, 2007

[/security/scans] permanent link

Sat, Mar 22, 2014 2:10 pm

Renamed Website Files Still Being Crawled

I've noticed in the site's error logs that files that haven't existed on the site for years are producing error entries when web crawers still attempt to access them. Apparently, elsewhere on the web that are still links pointing to the nonexistent files, which has led me to conclude that I need to create redirects for those files on the site that I move or rename, if the files have been on the site for any significant lengthh of time.

[ More Info ]

[/network/web/crawlers] permanent link

Fri, Mar 21, 2014 9:55 pm

Favicon.ico

While trying to reduce entries in the site's Apache error log, I've decided I should eliminate the many "File does not exist" error messages for favicon.ico. I often see attempts to access that file from the site's root directory, but, since there is no such file, a lot of extraneous entries appear in the error log file for it when browsers attempt to access it. Favicon is short for "favorite icon" and is also known as a "shortcut icon". Favicons were first supported in March 1999 when Microsoft released Internet Explorer 5. In December of 1999, the World Wide Web Consortium (W3C) made it a standard element in HTML 4.01 recommendation to be used with a link relation in the <head> section of an HTML document. It is now widely supported among browsers.

The original purpose of a favicon was to provide a small icon, commonly 16 x 16 pixels, that a browser would associate with a website when a user bookmarked the site. Today, browsers typically display a page's favicon in their address bar and sometimes also in the browser's history display as well as using it in association with a bookmark. Those browsers that provide a tabbed document interface (TDI) also typically display the favicon next to a page's title on a tab for the site with which the favicon is associated.

I had an icon I had used years ago, but decided I liked the crescent moon icon, I found at favicon.cc better. That site provides a tool that will allow you to create your own favicon. It also provides many free icons that you can download.

To use the icon file, you can simply place the favicon.ico in the root directory of the website where browsers can automatically locate it. Or you can place it elsewhere on the site and specify its location by inserting the following code within the head section of the HTML code for a page, substituing the relative path from the website's document root for YOUR_PATH.

<link href="/YOUR_PATH/favicon.ico" rel="icon" type="image/x-icon" />

Something like the following is also acceptable. I.e., in addition to specifying the file's location you can can also give the file a name other than favicon.ico.

<link rel="icon" href="http://example.com/myicon.ico" />

The file also does not have to be a .ico file. See the file format support section of the Wikipedia Favicon article for other image file formats that are supported by various browsers.

[/network/web/browser] permanent link

Thu, Mar 20, 2014 9:21 pm

Check marks, x marks, and checkboxes

If you need to represent a check mark, aka tick mark, or an x mark, aka cross, x, ex, exmark, and into mark, or a checkbox, aka check box, tick box, and ballot box, which someone can checkmark, on a webpage, there are a number of HTML codes that can be used to do so. The codes can be represented in decimal or hexadecimal format depending on your personal preference.
  Code
SymbolDescriptionDecimalHexadecimal
ballot box&#9744;&#x2610;
ballot box with check&#9745;&#x2611;
ballot box with x&#9746;&#x2612;
white heavy check mark&#9989;&#x2705;
check mark&#10003;&#x2713;
heavy check mark&#10004;&#x2714;
×mulitplication sign&#215;&#x00D7
large multiplication sign&#10005;&#x2715;
heavy multiplication sign&#10006;&#x2716;
cross product, also known as Gibb's vector product&#10799;&#x2A2F;
ballot x&#10007;&#x2717;
heavy ballot x&#10008;&#x2718;

If you see squares or question marks instead of the symbols, you may need an appropriate language pack installed to display the symbols.

[/network/web/html] permanent link

Wed, Mar 19, 2014 11:17 pm

AuthUserFile not allowed here

After setting up a redirect similar to the following in an .htaccess file in a directory, I found that I would get a 500 Internal Server Error with the message "The server encountered an internal error or misconfiguration and was unable to complete your request." whenever I tried to access a file in a password-protected subdirectory beneath the one in which I had created the .htaccess file to have the Apache server redirect visitors accessing an old .html file that I had replaced with a .php one.

Redirect 301 /dir1/dir2/example.html /dir1/dir2/example.php

In the Apache error log for the website, I saw the following:

[Wed Mar 19 21:05:17 2014] [alert] [client 192.168.0.10] /home/jdoe/public_html/dir1/dir2/dir3/.htaccess: AuthUserFile not allowed here, referer: http://support.moonpoint.com/dir1/dir2/example.php

That error log entry was created when I clicked on a link I had in example.php to access a file in the directory dir3, which was below the one in which example.php was located.

To allow the redirect to work, I had inserted the following code in the VirtualHost section for the website within Apache's /etc/httpd/conf/httpd.conf file.

<Directory /home/jdoe/public_html/dir1/dir2>
    AllowOverride FileInfo
</Directory>

The .htaccess file for controlling access to the subdirectory dir1/dir2/dir3 had worked fine until I created another .htaccess file above it in dir2 for the redirect. The one for controlling access to dir3 with a username and password was similar to the following:

AuthUserFile /home/jdoe/public_html/.htpasswd-test
AuthGroupFile /dev/null
AuthName Testing
AuthType Basic
Require user test1

Because it contained AuthUserFile and AuthGroupFile, but I didn't specify AuthConfig within the <Directory> section for the virtual host in the httpd.conf file, but only FileInfo for AllowOverride, the authorization control no longer worked. When I changed the AllowOverride line to that shown below and restarted Apache with apachectl restart then both the redirect for the file in dir2 and the HTTP basic access authentication method for files in the subdirectory dir3 beneath dir2 both worked.

<Directory /home/jdoe/public_html/dir1/dir2>
    AllowOverride AuthConfig FileInfo
</Directory>

I had forgotten that by limiting AllowOverride to just FileInfo for dir2, I was effectively nullifying any other type of overrides in any subdirectores beneath it.

References:

  1. Apache Core Feartures
    Apache HTTP Server Project

[/network/web/server/apache] permanent link

Tue, Mar 18, 2014 10:34 pm

Use netsh to determine WLAN driver version

To obtain information about the driver for the wirless interface in a Microsoft Windows system, the netsh command may be used. After issuing the command from a command prompt, you can type wlan, then show drivers to show the properites of the wireless LAN drivers on the system.
C:\Users\JDoe>netsh
netsh>wlan
netsh wlan>show drivers

Interface name: Wi-Fi

    Driver                    : Realtek RTL8188E Wireless LAN 802.11n PCI-E NIC
    Vendor                    : Realtek Semiconductor Corp.
    Provider                  : Realtek Semiconductor Corp.
    Date                      : 2/27/2013
    Version                   : 2007.10.227.2013
    INF file                  : C:\windows\INF\oem13.inf
    Files                     : 2 total
                                C:\windows\system32\DRIVERS\rtwlane.sys
                                C:\windows\system32\drivers\vwifibus.sys
    Type                      : Native Wi-Fi Driver
    Radio types supported     : 802.11n 802.11b 802.11g
    FIPS 140-2 mode supported : No
    802.11w Management Frame Protection supported : Yes
    Hosted network supported  : Yes
    Authentication and cipher supported in infrastructure mode:
                                Open            None
                                WPA2-Personal   CCMP
                                Open            WEP-40bit
                                Open            WEP-104bit
                                Open            WEP
                                WPA-Enterprise  TKIP
                                WPA-Personal    TKIP
                                WPA2-Enterprise TKIP
                                WPA2-Personal   TKIP
                                WPA-Enterprise  CCMP
                                WPA-Personal    CCMP
                                WPA2-Enterprise CCMP
                                Vendor defined  TKIP
                                Vendor defined  CCMP
                                Vendor defined  Vendor defined
                                Vendor defined  Vendor defined
                                WPA2-Enterprise Vendor defined
                                WPA2-Enterprise Vendor defined
                                Vendor defined  Vendor defined
                                Vendor defined  Vendor defined
    Authentication and cipher supported in ad-hoc mode:
                                Open            None
                                Open            WEP-40bit
                                Open            WEP-104bit
                                Open            WEP
                                WPA2-Personal   CCMP
    IHV service present       : Yes
    IHV adapter OUI           : [00 e0 4c], type: [00]
    IHV extensibility DLL path: C:\windows\system32\Rtlihvs.dll
    IHV UI extensibility ClSID: {6c2a8cca-b2a2-4d81-a3b2-4e15f445c312}
    IHV diagnostics CLSID     : {00000000-0000-0000-0000-000000000000}

netsh wlan>

Or you can issue the netsh wlan show drivers command at the command prompt to have the information shown and be immediately returned to the command prompt.

[/os/windows/commands] permanent link

Mon, Mar 17, 2014 5:48 pm

Recursively locating HTML files

To recursively locate files of a particular file type, e.g., HTML files, on a Unix, Linux, or OS X system from a command line interface, aka shell prompt, the following command can be used:

find . -name "*.html"

The subdirectory path will be included in the output along with the file names.

If you wish to have a count of the number of such files, you can use either of the two commands below:

find . -name "*.html" | grep -c .
find . -name "*.html" | wc -l

Note: if you use the grep command, be sure to include the dot after the -c.

[/os/unix/commands] permanent link

Mon, Mar 17, 2014 5:30 pm

How to have Firefox forget basic access authentication credentials

If you've accessed a webpage that uses HTTP basic access authentication to prompt for a user name and password to control access to a web page within Firefox, you can have Firefox "forget" those credentials so you can enter different ones by the following two methods.

Method 1

Note: this method applies for Firefox 27 and may not apply to all other versions.

  1. Click on Firefox at the upper, left-hand corner of the Firefox window to access its menu.

    Firefox menu

  2. Select History.
  3. Select Clear Recent History.

    Clear Recent History

  4. If the site was accessed within the last hour, you can leave "time range to clear" set at "Last Hour"; if not, you may need to change the value to a longer period. With Details visible, you can clear the checkmarks for all the items, except Active Logins, if you wish.

    Clear Active Logins

  5. Click on the Clear Now button.

Method 2

Note: This method may work for some other browsers as well as Firefox, but won't work for Internet Explorer. An advantage to this method is it is applied to just the particular website. It doesn't cause Firefox to forget the credentials for any other websites.

With some browsers, you can specify the credentials to use to access a webpage protected by basic authenticaion by putting the userid and password in the URL for the page with http://user:pass@www.example.com, substituting a username for the site for "user" and a password that goes with that username for "pass" in the address line, e.g. http://bob:mypassword@www.example.com.

If you put http://abc@www.example.com/some-page.html in the address bar for the webpage some-page.html that is protected by the basic authentication method, then the browser can be caused to forget a valid set of credentials previously used to access that page that Firefox remembers and will normally reuse until you exit from Firefox. You will be prompted by the website for a new set of valid credentials, allowing you to enter a new user name and passwrod to access the page or cause your browser to forget the previously valid ones.

[/network/web/browser/firefox] permanent link

Sun, Mar 16, 2014 11:59 am

List of accounts on a Linux or Unix system

To see a list of accounts on a Linux or Unix system, the following command can be used:

cut -d: -f1 /etc/passwd

[/os/unix/commands] permanent link

Sun, Mar 16, 2014 9:41 am

Determining low, high, average, and median values with Google Sheets

To determine the smallest, largest, average, and median value for a column of numbers in a Google Sheets spreadsheet, the MIN, MAX, AVERAGE, and MEDIAN functions can be used.

For a column of numbers from A2 to A66, the following forumlas could be used:

Minimum:MIN(A2:A66)
Maximum:MAX(A2:A66)
Average:AVERAGE(A2:A66)
Median:MEDIAN(A2:A66)

[/network/web/services/google] permanent link

Sat, Mar 15, 2014 11:17 am

Changing the Channel Number on a NetGear CVG824G Router

Sometimes wireless network disconnections and slow data transfers can be caused by interference between multiple wireless access points, such as neighboring wireless routers using the same radio frequency channel for communications. Simply changing the channel number used for wireless communications by one of the routers may resolve the problem. For a NETGEAR® Wireless Cable Voice Gateway Model CVG824G device, the channel number can be changed using these steps.

[/hardware/network/router/netgear] permanent link

Fri, Mar 14, 2014 10:30 pm

Excel countifs function

Microsoft Excel, starting with Excel 2007, provides a function, countifs, to count the number of occurrences of some item while stipulating multiple criteria be met. The function also is available in Microsoft® Excel® 2008 for Mac. The function works like the countif function, but whereas countif only permits one criteria to be stipulated, countifs supports one or more criteria. The syntax for countifs is:

COUNTIFS( criteria_range1, criteria1, [criteria_range2, criteria2, ... criteria_range_n, criteria_n] )

As an example, suppose I have the following worksheet in a spreadsheet:

<> A B C D
1 NumberProjectApprovedFunded
238397Alpha2/12/14N
338400Alpha2/7/14Y
438407Beta3/4/14N
538408Alpha2/25/14N
638409Epsilon3/14/14Y
738412Gamma3/14/14Y
838413Zeta3/14/14Y
938415Alpha3/14/14N
10    
11 Approved today 4   
12 Approved and funded today 3   

Number represents work request numbers associated with various projects. Column C has dates for when the work requests were approved with today's date being March 14, 2014. Column D indicates whether the requests have been funded with a "Y" for "yes" and a "N" for "no".

If I wished to count the number of work requests funded today, I could use the formula =COUNTIF(C2:C10,TODAY()) in cell B11. COUNTIF works because I have only one criteria. But, if I wanted to count the number that were approved and funded today, then I would need to use COUNTIFS rather than COUNTIF. I could use the formula =COUNTIFS(C2:C10,TODAY(),D2:D10,"Y") in cell B12.

[/os/windows/office/excel] permanent link

Fri, Mar 14, 2014 9:55 am

Netsh command to show available Wi-Fi networks

On a system running Microsoft Windows, you can see the available Wi-Fi networks near the system,the signal strengths, channel numbers, etc. for each from a command prompt using the command netsh show networks mode=Bssid
C:\Users\JDoe>netsh
netsh>wlan
netsh wlan>show networks mode=Bssid

Interface name : Wi-Fi
There are 5 networks currently visible.

SSID 1 : 558935
    Network type            : Infrastructure
    Authentication          : WPA2-Personal
    Encryption              : CCMP
    BSSID 1                 : 0c:54:a5:48:19:e5
         Signal             : 81%
         Radio type         : 802.11n
         Channel            : 1
         Basic rates (Mbps) : 1 2 5.5 11
         Other rates (Mbps) : 6 9 12 18 24 36 48 54

SSID 2 : Haze
    Network type            : Infrastructure
    Authentication          : WPA2-Personal
    Encryption              : CCMP
    BSSID 1                 : 94:44:52:5a:54:54
         Signal             : 83%
         Radio type         : 802.11n
         Channel            : 11
         Basic rates (Mbps) : 1 2 5.5 11
         Other rates (Mbps) : 6 9 12 18 24 36 48 54

SSID 3 : 08FX02038916
    Network type            : Infrastructure
    Authentication          : Open
    Encryption              : WEP
    BSSID 1                 : 00:18:3a:8a:01:c5
         Signal             : 49%
         Radio type         : 802.11g
         Channel            : 6
         Basic rates (Mbps) : 1 2 5.5 11
         Other rates (Mbps) : 6 9 12 18 24 36 48 54

SSID 4 : linksys
    Network type            : Infrastructure
    Authentication          : Open
    Encryption              : None
    BSSID 1                 : 00:13:10:fa:ef:a3
         Signal             : 45%
         Radio type         : 802.11g
         Channel            : 6
         Basic rates (Mbps) : 1 2 5.5 11
         Other rates (Mbps) : 6 9 12 18 24 36 48 54

SSID 5 : Hickox
    Network type            : Infrastructure
    Authentication          : Open
    Encryption              : WEP
    BSSID 1                 : 0c:d5:02:c5:e8:8c
         Signal             : 48%
         Radio type         : 802.11g
         Channel            : 11
         Basic rates (Mbps) : 1 2 5.5 11
         Other rates (Mbps) : 6 9 12 18 24 36 48 54

netsh wlan>

[/os/windows/commands] permanent link

Thu, Mar 13, 2014 11:15 pm

Netsh show interfaces

The signal strength for wireless network connectivity can be checked on a Windows system from the command line using the netsh command. From a command prompt issue the command netsh and when the netsh prompt appears issue the command wlan and then show interfaces.
C:\Users\JDoe>netsh
netsh>wlan
netsh wlan>show interfaces

There is 1 interface on the system:

    Name                   : Wi-Fi
    Description            : Realtek RTL8188E Wireless LAN 802.11n PCI-E NIC
    GUID                   : d79cd37a-fe78-482b-b23e-af4953ba9f6b
    Physical address       : 48:d2:24:68:e1:aa
    State                  : connected
    SSID                   : Haze
    BSSID                  : 94:44:52:5a:54:54
    Network type           : Infrastructure
    Radio type             : 802.11n
    Authentication         : WPA2-Personal
    Cipher                 : CCMP
    Connection mode        : Auto Connect
    Channel                : 11
    Receive rate (Mbps)    : 72
    Transmit rate (Mbps)   : 72
    Signal                 : 100%
    Profile                : Haze

    Hosted network status  : Not available

netsh wlan>

The signal strength for the wireless connection is shown on the Signal line, e.g., 100% in the case above. The wireless connection is using the 802.11n wireless network standard, which is one of the 802.11 standards.

[/os/windows/commands] permanent link

Wed, Mar 12, 2014 11:40 pm

Adding "rel=nofollow" to Blosxom advanced search option for find plugin

I've noticed in the logs for the blog that search engines are trying to access pages with "?advanced_search=1" in the URL. E.g., I've seen a lot of entries similar to the following:

5.10.83.52 - - [12/Mar/2014:00:32:23 -0400] "GET /blog/blosxom/<a%20href=/<a%20h ref=/<a%20href=/2008/05/01/2008/03/2008/05/05/network/email/clients/outlook/2008 /10/network/email/sendmail/2008/07/network/email/clients/outlook/2008/05/25/2008 /12/2008/05/18/2008/05/03/index.html?advanced_search=1 HTTP/1.1" 200 12080 "-" " Mozilla/5.0 (compatible; AhrefsBot/5.0; +http://ahrefs.com/robot/)"

They seem to be getting erroneous URLs reflecting a directory structure related to dates that doesn't exist on the system. The URLs appear to be related to the find plugin, since its search option includes code for "advanced_search=1", so I've edited the Perl code for that plugin to include rel="nofollow" at the end of the URL generated for the advanced search capability.

The orignal code was:

<a href="$blosxom::url/$path_withflavour?advanced_search=1">Advanced Search</a>

The line is now:

<a href="$blosxom::url/$path_withflavour?advanced_search=1" rel="nofollow">Advanced Search</a>

Adding rel="nofollow" to a URL tells search engines, such as Google's search engine not to follow any link that includes the nofollow parameter.

The following meta tag can be included in the head section of the HTML code for a page to tell search engines not to follow any links on a page.

<meta name="robots" content="nofollow">

But there may be instances, such as this case for me, where a webpage designer wants only some links on a page not to be followed to their destination by search engines.

The attribute can also be added to individual links if you don't want to vouch for the content of the page to which the link points. E.g., adding it to links placed in comments by those commenting on a page will allow visitors to go to the linked page, but search engines that adhere to the nofollow parameter won't use the link to increase their ranking of the page to which the link points, which may discourage some comment spammers.

The rel="nofollow" option for links was developed as a way to combat link spam. In January 2005, Google, Yahoo! and MSN announced that they would support use of the "nofollow" tag as a way to deter link spam. Microsoft's MSN Spaces and Google's Blogger blogging services joined the effort to utilize the tag to discourage link spamming At that time a number of blog software providers, including Six Apart, WordPress, Blosxom, and blojsom, also joined the effort by supporting use of the tag.

References:

  1. Use rel="nofollow" for specific links
    Google Webmaster Tools
  2. Wipedia ponders joining search engines in fight against spam
    By: Michael Snow
    Date: January 24, 2005

[/network/web/blogging/blosxom] permanent link

Tue, Mar 11, 2014 10:31 pm

Determining resolution from the command line on OS X

To determine the video resolution from a command line, such as a Terminal shell prompt, on an OS X system, you can use the command system_profiler SPDisplaysDataType.
$ system_profiler SPDisplaysDataType
Graphics/Displays:

    NVIDIA GeForce 9400M:

      Chipset Model: NVIDIA GeForce 9400M
      Type: GPU
      Bus: PCI
      VRAM (Total): 256 MB
      Vendor: NVIDIA (0x10de)
      Device ID: 0x0863
      Revision ID: 0x00b1
      ROM Revision: 3448
      gMux Version: 1.8.8
      Displays:
        Color LCD:
          Display Type: LCD
          Resolution: 1440 x 900
          Pixel Depth: 32-Bit Color (ARGB8888)
          Main Display: Yes
          Mirror: Off
          Online: Yes
          Built-In: Yes

    NVIDIA GeForce 9600M GT:

      Chipset Model: NVIDIA GeForce 9600M GT
      Type: GPU
      Bus: PCIe
      PCIe Lane Width: x16
      VRAM (Total): 512 MB
      Vendor: NVIDIA (0x10de)
      Device ID: 0x0647
      Revision ID: 0x00a1
      ROM Revision: 3448
      gMux Version: 1.8.8

In the example above, the video resolution for the MacBook Pro on which I ran the command is 1440 x 900. The Screen Information page at BrowserSpy.dk will also report a system's screen resolution, if you visit that page using a browser on the system. In this case it reports a width of 1440 and a height of 900 pixels for the MacBook Pro.

[/os/os-x] permanent link

Mon, Mar 10, 2014 10:29 pm

Debug output for calendar plugin for Blosxom

I've been using Blosxom for this blog and version 0+6i of the calendar plugin for Blosxom written by Todd Larason whose website seems to no longer be extant, though it is available through the Internet Archive's WayBack Machine here. The last time the Internet Archive archived the site was on March 25, 2010. The plugin can be downloaded from this site at Calendar Plugin for Blosxom.

The plugin has been contributing a lot of entries in the site's error log that appear to be related to normal behavior for the plugin. I've been ignoring them, since the plugin has been working fine and the entries seem to be more informatonal in nature than reflective of a problem with the plugin. E.g., I see a lot of entries similar to the following:

[Sun Mar 09 23:59:19 2014] [error] [client 10.0.90.23] calendar debug 1: start() called, enabled
[Sun Mar 09 23:59:20 2014] [error] [client 10.0.90.23] calendar debug 1: filter() called
[Sun Mar 09 23:59:20 2014] [error] [client 10.0.90.23] calendar debug 1: Using cached state
[Sun Mar 09 23:59:20 2014] [error] [client 10.0.90.23] calendar debug 1: head() called
[Sun Mar 09 23:59:20 2014] [error] [client 10.0.90.23] calendar debug 1: head() done, length($month_calendar, $year_calendar, $calendar) = 3947 1212 5229

I finally decided I should stop the production of those entries, though, so I could more readily see log entries that are significant. So I looked at the Perl code for the plugin. On line 30, I see the following:

$debug_level    = 1 unless defined $debug_level;

The debug surboutine is on lines 49 through 56 and is as follows:

sub debug {
    my ($level, @msg) = @_;

    if ($debug_level >= $level) {
        print STDERR "$package debug $level: @msg\n";
    }
    1;
}

On line 517, I see the following comment.

C<$debug_level> can be set to a value between 0 and 5; 0 will output
no debug information, while 5 will be very verbose.  The default is 1,
and should be changed after you've verified the plugin is working
correctly.

Since the plugin has been working for a long time and I don't need to see the debugging information, I set the value for debug_level on line 30 to zero instead of one.

$debug_level    = 0 unless defined $debug_level;

That has stopped the insertion of the calendar plugin entries in the Apache error log file with no effect on the calendar's functionality.

[/network/web/blogging/blosxom] permanent link

Sun, Mar 09, 2014 4:04 pm

Redirecting a URL on an Apache Web Server

If you are using an Apache webserver and you need to redirect visitors to a webpage to another webpage, instead, one method of doing so is to use a server-side redirect, which can be accomplished by inserting a redirect in an .htaccess file, to the new page.

[ More Info ]

[/network/web/server/apache] permanent link

Sat, Mar 08, 2014 10:14 pm

Turning off command echo in MUSHclient but retaining command history

For MUSHclient, if you don't want commands echoed back to you when you type them, but want them stored in the command history, leave command echo turned on. You can check that it is turned on after you connect to the MUSH by clicking on Display. You should not see a check mark next to No Command Echo. If one is there click on No Command Echo to uncheck it.

MUSHClient command echo

You then need to take the following steps:

  1. Click on Game.
  2. Select Configuration.
  3. Select All Configuration.
  4. Uncheck the checkbox next to "Echo My Input In" under Output Window.

    MUSHClient output window echo

  5. Make sure the value for the number of lines to keep under Command History is not set to 0, but is set to the number of commands you want to keep in the history; the default value is 1,000 lines..
  6. Click on OK.

You should then be able to see commands you type in the command history window that you can open with Ctrl-H. If you want to save the setting so that you don't have to change it the next time you connect to the MUSH, click on File and select Save World Details.

Instructions appy to version 4.84.

[/gaming/mushclient] permanent link

Fri, Mar 07, 2014 10:20 pm

Using mdfind to locate files

On a Mac OS X system, you can use the mdfind command to locate files on the system from a command line interface, e.g., from a shell prompt that you may obtain by running the Terminal program, which is located in Applications/Utilities. You can specify the name of the file using the -name option.
$ mdfind -name Waterfalls.mp3
/Users/jdoe/Music/iTunes/iTunes Media/Music/Bob Weir/Relax With Soothing Waterfalls/01 Soothing Waterfalls.mp3
/Users/jdoe/Downloads/Waterfalls.mp3

You can specify just part of the file name and the search is not case specific, i.e., "waterfall" and "Waterfall" are deemed identical.

$ mdfind -name waterfall
/Users/jdoe/Downloads/Waterfalls.mp3
/Users/jdoe/Music/iTunes/iTunes Media/Music/Bob Weir/Relax With Soothing Waterfalls/01 Soothing Waterfalls.mp3
/Users/jdoe/Music/iTunes/iTunes Media/Music/Bob Weir/Relax With Soothing Waterfalls
/Library/Desktop Pictures/Eagle & Waterfall.jpg

As shown in the above example, directories whose names contain the string on which you are performing the search, i.e., "waterfall" in the above case, will also be returned.

If you just want a count of files and directories containing a particular string, such as "waterfall" in the name, you can add the -count parameter.

$ mdfind -count -name waterfall
4

If you want to limit the search to a particular directory you can use the -onlyin parameter.

$ mdfind -name waterfall -onlyin "/Library/Desktop Pictures/"
/Library/Desktop Pictures/Eagle & Waterfall.jpg

[/os/os-x] permanent link

Thu, Mar 06, 2014 10:43 pm

Using sw_vers to obtain OS X version

On a MAC OS X system, you can obtain information on the operating system version from a command line interface, e.g. from a terminal session, which you can get by running the Terminal program in Applications/Utilities, by using the sw_vers command.
$ sw_vers
ProductName:	Mac OS X
ProductVersion:	10.8.3
BuildVersion:	12D78

If you are only interested in the ProductName, ProductVersion , or BuildVersion, you can specify arguments that will restrict the output to just that informaton.

$ sw_vers -productName
Mac OS X
$ sw_vers -productVersion
10.8.3
$ sw_vers -buildVersion
12D78

You can also get the OS X version number using the system_profiler command.

$ system_profiler SPSoftwareDataType | grep "System Version"
      System Version: OS X 10.8.3 (12D78)

[/os/os-x] permanent link

Wed, Mar 05, 2014 10:38 pm

Audio File Play - afplay

On Mac OS X systems you can play an audio file, such as an MP3 file, from a command-line interface, i.e., a shell prompt, which you can get by running the Terminal program found in /Applications/Utilities, by using the audio file play command, afplay. E.g.:

afplay Waterfalls.mp3

You can terminate the playing of the audio file using Ctrl-C. You can specify that the audio file only be played for a specific number of seconds using the -t or --time argument. E.g., the following command would play the specified MP3 file for 10 seconds and then terminate afplay:

afplay --time 10 Waterfalls.mp3

For help on the command use afplay -h.

$ afplay -h
Usage:
afplay [option...] audio_file

Options: (may appear before or after arguments)
  {-v | --volume} VOLUME
    set the volume for playback of the file
  {-h | --help}
    print help
  { --leaks}
    run leaks analysis
  {-t | --time} TIME
    play for TIME seconds
  {-r | --rate} RATE
    play at playback rate
  {-q | --rQuality} QUALITY
    set the quality used for rate-scaled playback (default is 0 - low quality, 1 - high quality)
  {-d | --debug}
    debug print output

[/os/os-x] permanent link

Tue, Mar 04, 2014 11:35 pm

Obtaining info on an audio file with afinfo

You can obtain information on an audio file, such as an MP3 file on a Mac OS X system from the command line using the afinfo command.
$ afinfo Waterfalls.mp3
File:           Waterfalls.mp3
File type ID:   MPG3
Num Tracks:     1
----
Data format:     2 ch,  44100 Hz, '.mp3' (0x00000000) 0 bits/channel, 0 bytes/packet, 1152 frames/packet, 0 bytes/frame
                no channel layout.
estimated duration: 3642.644850 sec
audio bytes: 72852897
audio packets: 139445
bit rate: 160000 bits per second
packet size upper bound: 1052
maximum packet size: 523
audio data file offset: 2228
optimized
audio 160637484 valid frames + 528 priming + 2628 remainder = 160640640
----

The command will tell you the bit rate and the estimated duration if you choose to play the file. In the example above, the MP3 bitrate is 160 kbit/s, which is a mid-range bitrate quality for an MP3 file. Common bitrates for MP3 files are as follows:

The estimated playing time of the MP3 file in the example above is 3642.644850 sec. You can convert that to minutes from the command line by passing a command to python to convert seconds to minutes.

$ python -c "print 3642.644850 / 60"
60.7107475

If you wanted to convert that to hours, you could just divide by 60 minutes per hour by adding another "/ 60" at the end of the command.

$ python -c "print 3642.644850 / 60 / 60"
1.01184579167

If you just want to know the bit rate, you can pipe the output of afinfo through grep and awk:

$ afinfo Waterfalls.mp3 | grep "bit rate" | awk '{print $3}'
160000

If you just want to know the duration in seconds, you can use the following commands:

$ afinfo Waterfalls.mp3 | grep "estimated duration" | awk '{print $3}'
3642.644850

If you want the value in minutes you can also use awk to print that value instead.

$ afinfo Waterfalls.mp3 | grep "estimated duration" | awk '{print $3 / 60 , "minutes"}' 
60.7107 minutes

[/os/os-x] permanent link

Mon, Mar 03, 2014 7:31 pm

YandexBot Web Crawler

When checking my website logs to see if there were any entries indicating it had been "crawled", i.e., indexed, by DuckDuckGo, I found that there were no log entries for any of the IP addresses used by the DuckDuckGoBot for indexing webpages for 2013 nor for 2014. I found at DuckDuckGo's Sources webpage that though the search engine has its own web crawler, it relies heavily on indexes produced by the web crawlers for other search engines stating:

DuckDuckGo gets its results from over one hundred sources, including DuckDuckBot (our own crawler), crowd-sourced sites (like Wikipedia, which are stored in our own index), Yahoo! (through BOSS), Yandex, WolframAlpha, and Bing.

DuckDuckGo's page states they apply their own algorithm to rank results obtained from other search engines upon which they rely for data.

One of the search engines mentioned was Yandex. The Yandex search engine, Yandex Search, can be accessed at www.yandex.com. According to the Wikipedia articles for Yandex and Yandex Search the company operates the largest search engine in Russia with about 60% market share in Russia with its search engine generating 64% of all Russian web search traffic in 2010. The article on the company also states:

Yandex ranked as the 4th largest search engine worldwide, based on information from Comscore.com, with more than 150 million searches per day as of April 2012, and more than 50.5 million visitors (all company's services) daily as of February 2013.

The article also indicates Yandex is heavily utilized in Ukraine and Kazakhstan, providing nearly a 1/3 of all search results in those countries and 43% of all search results in Belarus.

When I searched the logs for this year for this website, I found quite a few entries indicating the site had been indexed by the Yandex web crawler. I.e., there were many entries containing the following:

"Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)"

In the homepage for this site, I include PHP code to notify me whenever Google's Googlebot indexes the site, so I updated that code to include a check that will lead to an email alert being sent to me whenever the YandexBot indicates the site, also.


<?php
$email = "me@example.com";
if( eregi("googlebot", $_SERVER['HTTP_USER_AGENT']) )
{
    mail($email, "Googlebot Alert",
            "Google just indexed your following page: " .
            $_SERVER['REQUEST_URI']);
}

if( eregi("YandexBot", $_SERVER['HTTP_USER_AGENT']) )
{
    mail($email, "Yandex Alert",
            "Yandex just indexed your following page: " .
            $_SERVER['REQUEST_URI']);
}

?>

[/network/web/search] permanent link

Mon, Mar 03, 2014 5:17 pm

Removing a site from search results

If you don't wish to have any results returned for a particular site when you are performing a search using Google, Bing, Yahoo, or DuckDuckGo, you can include the option -site on the search line. E.g., if I wished to search for "accessing deleted wikipedia pages", but didn't want any results returned from Wikipedia.org, I could use the following search terms:

accessing deleted wikipedia pages -site:wikipedia.org

If you wish to include only results for a particular site, then you would put the site's name after the word site, e.g., if I wished to search just moonpoint.com, I could use the following:

accessing deleted wikipedia pages site:moonpoint.com

If you restrict searches using the site option, if you use a domain name such as moonpoint.com, results will also be returned for any domain names that include the specified domain name at the end of the domain name, e.g., in this case anything on www.moonpoint.com or support.moonpoint.com would also be returned. The same is true when using the -site option, i.e., no results would be returned for en.wikipedia.org or www.wikipedia.org in the first example.

[/network/web/search] permanent link

Sun, Mar 02, 2014 10:40 pm

F-Secure Rescue CD 3.16

F-Secure provides a free Rescue CD which allows you to boot a PC from a CD and scan it for malware using F-Secure's antivirus software. The F-Secure Rescue CD will attempt to disinfect any infected files and will rename any it can't disinfect by putting a .virus extension at the end of the file name. By doing that, when you reboot the system into Microsoft Windows, the infected file will not be loaded into memory.

[ More Info ]

[/security/antivirus/f-secure] permanent link

Sun, Mar 02, 2014 10:36 pm

Installing the SSH Server Service on Knoppix

You can determine if a Knoppix Linux system is listening for SSH connections on the standard SSH TCP port of 22 by issuing the command netstat -a | grep ssh. If you are returned to the shell prompt with no results displayed, then the system isn't listening for SSH connections on port 22.
root@Microknoppix:/# netstat -a | grep ssh
root@Microknoppix:/#

You can also check to see if it is running by using the command service --status-all. If there is a plus sign next to ssh, it is running. If, instead, there is a minus sign, it is not running.

root@Microknoppix:/# service --status-all
 [ - ]  acpid
 [ - ]  bootlogd
 [ - ]  bootlogs
 [ ? ]  bootmisc.sh
 [ ? ]  checkfs.sh
 [ - ]  checkroot.sh
 [ ? ]  console-screen.sh
 [ ? ]  console-setup
 [ ? ]  cpufrequtils
 [ ? ]  cron
 [ ? ]  cryptdisks
 [ ? ]  cryptdisks-early
 [ + ]  dbus
 [ + ]  ebtables
 [ ? ]  etc-setserial
 [ - ]  fsaua
 [ ? ]  fsrcdtest
 [ - ]  fsupdate
 [ ? ]  fsusbstorage
 [ ? ]  gpm
 [ ? ]  hdparm
 [ - ]  hostname.sh
 [ ? ]  hwclock.sh
 [ ? ]  hwclockfirst.sh
 [ ? ]  ifupdown
 [ ? ]  ifupdown-clean
 [ ? ]  kexec
 [ ? ]  kexec-load
 [ ? ]  keyboard-setup
 [ ? ]  keymap.sh
 [ ? ]  killprocs
 [ ? ]  klogd
 [ ? ]  knoppix-autoconfig
 [ ? ]  knoppix-halt
 [ ? ]  knoppix-reboot
 [ ? ]  knoppix-startx
 [ ? ]  loadcpufreq
 [ ? ]  lvm2
 [ ? ]  mdadm
 [ ? ]  mdadm-raid
 [ ? ]  module-init-tools
 [ ? ]  mountall-bootclean.sh
 [ ? ]  mountall.sh
 [ ? ]  mountdevsubfs.sh
 [ ? ]  mountkernfs.sh
 [ ? ]  mountnfs-bootclean.sh
 [ ? ]  mountnfs.sh
 [ ? ]  mountoverflowtmp
 [ ? ]  mtab.sh
 [ + ]  network-manager
 [ ? ]  networking
 [ - ]  nfs-common
 [ - ]  nfs-kernel-server
 [ + ]  open-iscsi
 [ - ]  portmap
 [ ? ]  pppstatus
 [ ? ]  procps
 [ ? ]  rc.local
 [ - ]  rmnologin
 [ - ]  rsync
 [ ? ]  screen-cleanup
 [ ? ]  sendsigs
 [ ? ]  setserial
 [ - ]  smartmontools
 [ - ]  ssh
 [ - ]  stop-bootlogd
 [ - ]  stop-bootlogd-single
 [ ? ]  sudo
 [ ? ]  sysklogd
 [ ? ]  udev
 [ ? ]  udev-mtab
 [ ? ]  umountfs
 [ ? ]  umountiscsi.sh
 [ ? ]  umountnfs.sh
 [ ? ]  umountroot
 [ - ]  urandom

On a Microknoppix system, such as may be present on a Rescue CD or other live CD or DVD, the SSH server software may not even be present on the CD or DVD. You can use the apt-cache search command followed by a regular expression, in this case ssh, to determine if the package is present on the system.

root@Microknoppix:/# apt-cache search ssh
libssl0.9.8 - SSL shared libraries
sshstart-knoppix - Starts SSH and sets a password for the knoppix user
openssh-client - secure shell (SSH) client, for secure access to remote machines

In the case above, I can see that only an SSH client is present. If I run the sshstart-knoppix command, I will be prompted to set a password for the knoppix account on the system, but, since the SSH server package is not present, the command won't actually start an sshd service.

If the SSH server service is not running and the SSH server package is not installed, first you need to install the SSH server software. To do so you may need to add an appropriate package repository, such as http://us.debian.org/debian to the file /etc/apt/sources.list. E.g., you will need to do so when using the F-Secure 3.16 Rescue CD.

If you attempt to install the openssh-server package and see the results below, then you need to add an appropriate repository to /etc/apt/sources.list so the system can find the package and download it.

root@Microknoppix:/# apt-get install openssh-server
Reading package lists... Done
Building dependency tree...
Reading state information... Done
Package openssh-server is not available, but is referred to by another package.
This may mean that the package is missiong, has been obsoleted, or
is only available from another source

E: Package 'openssh-server' has no installation candiate
root@Microknoppix:/#

You can add the http://us.debian.org/debian repository to the end of the file by using the cat command. Type cat >> /etc/apt/sources.list (make sure you use two greater than signs so as to append to the file rather than overwrite it) then type deb http://http.us.debian.org/debian stable main contrib non-free and then hit Enter. Then hit the Ctrl and D keys simultaneously, i.e., Ctrl-D. Next issue the command apt-get update. When that command has completed, issue the command apt-get install openssh-server. When informed of the amount of additional disk space that will be needed and them prompted as to whether you wish to continue, type "Y". When prompted "Install these packages without verification [y/N]?", enter "y".

When the command completes you can then issue the command netstat -a | grep ssh to verify that the system is listening on the SSH port, which is normally TCP port 22.

root@Microknoppix:/# netstat -a | grep ssh
tcp        0      0 *:ssh                   *:*                     LISTEN     
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN

If you issued the command apt-cache search openssh-server at this point, you would see the following:

root@Microknoppix:/# apt-cache search openssh-server
openssh-server - secure shell (SSH) server, for secure access from remote machines

Use the passwd command to set the password for the knoppix account, which you can use for remote logins.

root@Microknoppix:/tmp# passwd knoppix
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

Hit Return to continue.

Once the SSH server service is running, you should be able to connect to the system remotely with an SSH client on another system. To determine what IP address you should use for the connection, you can issue the command ifconfig. You should see an inet addr line that will provide the system's current IP address. It will typically be in the information provided for the eth0 network interface. The l0 interface is the local loopback interface, which will have an IP address of 127.0.0.1. You can use that address to verify that the SSH connectivity is working from the local system, but not for a remote login.

root@Microknoppix:/# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:18:f3:a6:01:8a  
          inet addr:192.168.0.40  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::218:f3ff:fea6:18a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:334286 errors:0 dropped:0 overruns:0 frame:0
          TX packets:262393 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:289663552 (276.2 MiB)  TX bytes:183570787 (175.0 MiB)
          Interrupt:23 Base address:0xc000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:24 errors:0 dropped:0 overruns:0 frame:0
          TX packets:24 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:2331 (2.2 KiB)  TX bytes:2331 (2.2 KiB)

To login remotely via SSH, use knoppix for the login account and provide the password you entered above for that account when prompted for the password. Once you have logged in under the knoppix account, you can obtain a Bash shell prompt for the root account using the command sudo bash.

knoppix@Microknoppix:~$ sudo bash
root@Microknoppix:/home/knoppix#

If you then need to stop, start, or restart the service, you can do so using /etc/init.d/ssh followed by the appropriate parameter.

root@Microknoppix:/# /etc/init.d/ssh
[info] Usage: /etc/init.d/ssh {start|stop|reload|force-reload|restart|try-restar
t|status}.

The configuration file for the SSHD service is /etc/ssh/ssh_config. You can change values by removing the comment character, #, from the beginning of a line and chaning the default value on the line, then stopping and restaring the service. Note: stopping the sshd service won't disconnect an existing SSH connection, so you can remotely restart the service with /etc/init.d/ssh restart without being disconnected.

[/os/unix/linux/knoppix] permanent link

Sat, Mar 01, 2014 11:28 am

Using multiple conditions with find

The find command on Unix/Linux and Apple OS X systems allows you to specify multiple criteria to be used for a search. For instance, suppose I have a directory named man and a file named manual.txt. If I wanted to find any files or directories containing "man" within their names, I could issue the command below. If the directory in which the find command was executed contained a subdirectory named man and a text file named manual.txt, I would see the results shown below:
$ find . -name \*man\*
./man
./manual.txt

Note: the backslashes before the asterisks are "escape characters", i.e., they tell the shell not to interpret the asterisk before the find command sees it - see What is the difference between \*.xml and *.xml in find command in Linux/mac. Another alternative is to enclose the *man* within double quotes.

$ find . -name "*man*"
./man
./manual.txt

But, if I only want to find items that have "man" in the name which are directories, I could use the following to specify I only want to see items where the file is of type directory ("d" represents directory and "f" represents a regular file):

$ find . -name \*man\* -type d
./man

By default, the find command will use a logical and for the two conditions, i.e., both conditions must be met. I could explicitly state I want to "and" the two conditions with a -a, but it isn't necessary to do so in this case.

$ find . -name \*man\* -a -type d
./man

But what if I want to to specify a logical "or", i.e. that I want results returned where either of two conditions are met? E.g., suppose I want to find all files where the filename contains man or guide. Then I need to use a -o parameter.

$ find . -name "*man*" -o -name "*guide*"
./man
./manual.txt
./guide.txt

Suppose I only wanted to see only files with man or guide in the filename that are "regular" files and not any directories. I could use -type f to specify that I only want to see regular files.

$ find . -name "*man*" -o -name "*guide*" -type f
./man
./manual.txt
./guide.txt

As you can see, the directory man is still returned. To get the results I want, i.e., to not have the directory man appear in the results, I need to enclose the "or" condtions within parentheses.

$ find . \( -name "*man*" -o -name "*guide*" \) -type f
./manual.txt
./guide.txt

Note: you also need to "escape" the meaning of ( and ) by preceding them with the backslash escape character. Otherwise, you will get an "unexpected token" error message.

$ find . (-name "*man*" -o -name "*guide*") -type f
-bash: syntax error near unexpected token `('

And you need to put a space after the left parenthesis and before the right parenthesis or you will receive an "invalid predicate" error message.

$ find . \(-name "*man*" -o -name "*guide*"\) -type f
find: invalid predicate `(-name'

As another example, suppose I want to find all HTML or PHP files that contain the word "Geek" within them when the HTML files have a .html extension and the PHP files have a .php extension on the file names. Then I need to use a -o between the conditions to specify that I want to see results if the file has an extension of .html or .php.

$ find . \( -name "*.php" -o -name "*.html" \) -exec grep -i "Geeks" {} /dev/null \;
./temp.php:1Geeks
./temp.html:2Geeks

Whenever a file has a name that ends in .html or .php, the file contents are sent to the grep command for examination. To specify that I want to use a logical or, the -o is placed between -name "*.php" and -name "*.html". Again, I also have to include the two conditions within parentheses to ensure that the "or" condition is checked before sending the results to grep for examination of the contents of the files. If the parentheses aren't used, I would only see one of the files returned.

$ find . -name "*.php" -o -name "*.html" -exec grep -i "Geeks" {} /dev/null \;
./temp.html:2Geeks

[/os/unix/commands] permanent link

Fri, Feb 28, 2014 10:41 pm

Using awk to sum numbers in a file

The awk command found on Linux/Unix and Mac OS X systems can be used to sum numbers in a file. E.g., suppose the file numbers.txt contains the following numbers:
10
20
30
40
50
1
2
3
4
5

The contents of the file can be piped into the awk command with the cat command and then summed by awk.

$ cat numbers.txt | awk '{sum+=$1} END {print sum}'
165

If the numbers are not in the first column in the file, but were in the second column instead, you can adjust $1 to be the relevant column instead. E.g, if the file contents looked like the following with the numbers in the second column, then you would use $2 instead.

Dave 10
Bill 20
Joe 30
Mary 40
Maria 50
Howard 1
Sam 2
Lisa 3
Karen 4
Nina 5
$ cat numbers.txt | awk '{sum+=$2} END {print sum}'
165

If you know the numbers always occur in specific colum positions in the file, e.g., in positions 10 to 15, you could also use the cut command instead of the cat command. E.g., if you file contained:

Dave     10
Bill     20
Joe      30
Mary     40
Maria    50
Howard    1
Sam       2
Lisa      3
Karen     4
Nina      5
$ cut -c10-11 numbers.txt | awk '{sum+=$1} END {print sum}'
165

[/os/unix/commands] permanent link

Fri, Feb 28, 2014 10:09 pm

Managing Wi-Fi from the terminal command line under OS X

To manage Wi-Fi connections from a shell prompt on a Mac OS X system you can obtain a command line interface by running the Terminal program located in Applications/Utilities. From that command line interface, you can determine whether a WiFi interface is present on the system using the command networksetup -listallnetworkservices. You should see "Wi-Fi" in the list of services that appears when you issue the command.
$ networksetup -listallnetworkservices
An asterisk (*) denotes that a network service is disabled.
Bluetooth DUN
Ethernet
FireWire
Wi-Fi

To determine the hardware interface supporting Wi-Fi connections you can use the command networksetup -listallhardwareports.

$ networksetup -listallhardwareports

Hardware Port: Bluetooth DUN
Device: Bluetooth-Modem
Ethernet Address: N/A

Hardware Port: Ethernet
Device: en0
Ethernet Address: d4:9a:20:0d:e6:ec

Hardware Port: FireWire
Device: fw0
Ethernet Address: d4:9a:20:ff:fe:0d:e6:ec

Hardware Port: Wi-Fi
Device: en1
Ethernet Address: f8:1e:df:d9:2b:66

VLAN Configurations
===================

In the case above, the Wi-Fi interface is en1.

To get information on the status of the system's Wi-Fi connection, you can use the command networksetup -getinfo Wi-Fi.

$ networksetup -getinfo Wi-Fi
DHCP Configuration
IP address: 192.168.0.5
Subnet mask: 255.255.255.0
Router: 192.168.0.1
Client ID: 
IPv6: Automatic
IPv6 IP address: none
IPv6 Router: none
Wi-Fi ID: f8:1e:df:d9:2b:66

To find if the system is currently connected to a wireless network and the network name for the current wireless connection, you can use networksetup -getairportnetwork <device name> where device name is the network interface on the system that supports WiFi connections. E.g.:

$ networksetup -getairportnetwork en1
Current Wi-Fi Network: Copernicus

If you stipulate a network interface that is not a WiFi interface, you will get an error message indicating the interface is not a Wi-Fi interface as shown below:

$ networksetup -getairportnetwork en0
en0 is not a Wi-Fi interface.
** Error: Error obtaining wireless information.

If you wish to to turn the Wi-Fi connection on or off from a shell prompt, you can use the networksetup -setairportnetwork command.

networksetup -setairportnetwork <device name> <network> [password]
$ networksetup -setairportpower en1 off
$ networksetup -getairportnetwork en1
You are not associated with an AirPort network.
Wi-Fi power is currently off.
$ networksetup -setairportpower en1 on
$ networksetup -getairportnetwork en1
Current Wi-Fi Network: Copernicus

[/os/os-x] permanent link

Thu, Feb 27, 2014 10:13 pm

Determining available WiFi networks from OS X shell prompt

On a Mac OS X system, such as a MacBook Pro laptop, you can detemine the available WiFi networks from a shell prompt, which you can get by running the Terminal program located in Applications/Utilities, by using the command below:

/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport scan

For example:

$ /System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport scan
                            SSID BSSID             RSSI CHANNEL HT CC SECURITY (auth/unicast/group)
                           SC8QR f8:e4:fb:ea:29:5d -86  11      Y  -- WPA2(PSK/AES,TKIP/TKIP) 
                    08FX02038916 00:18:3a:8a:01:c5 -80  6       N  -- WEP
                  Norman Netgear 84:1b:5e:2d:c9:16 -79  6       Y  -- WPA2(PSK/AES/AES) 
                          558935 0c:54:a5:48:19:e5 -16  1       Y  -- WPA(PSK/AES,TKIP/TKIP) WPA2(PSK/AES,TKIP/TKIP) 
                          Hickox 0c:d5:02:c5:e8:8e -80  11      N  -- WEP
                            Haze 94:44:52:5a:54:54 -33  11      Y  -- WPA(PSK/AES/AES) WPA2(PSK/AES/AES) 
                     David's Net ec:1a:59:8d:dd:61 -80  11      Y  -- WPA2(PSK/AES/AES) 

The SSID is the "Service Set Identification", which is a 1 to 32 byte string that represents the "network name". The SSID allows you to identify a network to which you may wish to connect. Sometimes a person setting up a wireless router may choose to not have the SSID broadcast. In that case you wouldn't see the SSID in the list even though the network is available for connections if you know the SSID.

The BSSID is the "Basic Service Set Identification". Each Basic Service Set is identified by a BSSID. For a BSS operating in infrastructure mode, the BSSID is the media access control (MAC) address of the wireless access point (WAP), which is generated by combining the 24-bit Organizationally Unique Identifier, which identifies the manufacturer, and the manufacturer's assigned 24-bit identifier for the radio chipset in the WAP. The BSSID is the formal name of the BSS and is always associated with only one BSS. The SSID is the informal human name of the BSS which is more easily remembered by humans.

You can determine the manufacturer from the BSSID by searching the IEE-SA - Registration Authority MA-L Public Listing. Take the first six digits of the BSSID and replace the colons with dashes and then put the result, which will be in the form of xx-xx-xx in the "Search for" field. E.g., in the case of the wireless network above identified as "David's Net", the BSSID is ec:1a:59:8d:dd:61, so you would search using ec-1a-59, which would show the wireless device was manufacturered by Belkin International Inc., a company that make wireless routers for the home market. For the network identified as "Norman Netgear", searching on 84-1b-5e shows the manufacturer is, indeed, Netgear.

If you just want the names of the available networks, i.e., the SSIDs, you can use the same command and then pipe its output to the cut command. Since the SSID will be the first 32 characters on each line, you will need to cut out the first 32 characters from each line.

$ /System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport scan | cut -c1-32
                            SSID
                           SC8QR
                    08FX02038916
                  Norman Netgear
                          558935
                          Hickox
                            Haze
                     David's Net

[/os/os-x] permanent link

Wed, Feb 26, 2014 5:50 pm

MSYS

If you would like to be able to use Unix/Linux utilities such as awk, cut, grep, less, sed, sort, tail, wc, etc. on a Microsoft Windows system, MSYS provides these and many other GNU utilities for Microsoft Windows systems.

[ More Info ]

[/os/windows/software/utilities] permanent link

Sun, Feb 23, 2014 1:37 pm

Accessing Deleted Wikipedia Pages

Wikipedia pages can be edited by anyone; they can also be deleted entirely by Wikipedia administrators for a variety of reasons. Within the Wikipedia community there are differing views regarding the retention and deletion of articles, e.g., see the Wikipedia article Deletionism and inclusionism in Wikipedia. If you read an article and want to ensure you have access to the information in the future, the best course is probably to use Wikipedia's own "print/export" feature or to save the content of the article elsewhere by using a service such as Evernote, which provides notetaking and webpage archiving services, Diigo, which provides a social bookmarking service with the capability to store a copy of webpages you have visited, i.e., to "cache" them so that you can view the webpage again as it was when it was cached whether it has been changed or deleted in the interim, or similar services. But, if you haven't archived an article and find a Wikipedia page was deleted and so is inaccessible to you, there are still some options available to you.

If the article was deleted some time between February and September 2008, you may be able to find it on Deletionpedia at deletionpedia.dbatley.com Deletionpedia is an archive that contains 62,224 pages which were deleted from the English-language Wikipedia between February and September 2008. If you know the title of the article that was deleted, you can browse "Pages deleted after more than 1000 days on Wikipedia" or " Pages edited more than 200 times" by their alphabetical listings. If you know the date the article was deleted which, if you have the Wikipedia URL for the article, can be found by visiting the URL for the article on Wikipedia, you can find it by searching Deletionpedia by Pages by deletion date.

Deletionpdedia's own search feature is disabled and the site suggests you use Google to search Deletionpedia. However, I've found that approach is likely to miss articles stored on Deletionpedia. E.g., Deletionpedia contains the article Elvis sightings (deleted 03 Jul 2008 at 10:12), yet if you search the site using Google with Elvis sightings site:deletionpedia.dbatley.com, no results are returned. Incidentally, Wikipedia does now contain an Elvis sightings article.

Interestingly, though Wikipedia now contains a Deletionpedia article, that article was itself once deleted from Wikipedia.

Another site Fixed Reference: Snapshots of Wikipedia provides access to articles archived in April and July of 2004.

Because Fixed Reference and Deletionpedia only provide access to articles from two years, 2004 for Fixed Reference and 2008 for Deletionpedia, their usefulness for accessing deleted articles is very limited. Another alternative is to search the Internet Archive at archive.org. The Internet Archive is a non-profit digital library with the stated mission of "universal access to all knowledge." It also archives pages found on the World Wide Web (WWW). The archived pages, which are created for a website when the Internet Arhive periodically scans the site, are accessible through its Wayback Machine. The name is a reference to the time machine used by Mr. Peabody, a talking dog, and his human companion, Sherman, in the cartoon series The Rocky and Bullwinkle Show to visit famous events in history. You can choose to "Browse History" to search for an archived copy of the page deleted from Wikipedia, if you know its URL. If the page was archived by the Internet Archive multiple times over a period of time, which could span years, you can view the page as it was on the particular days it was archived.

Another place you can check for deleted Wikipedia pages or pages that have disappeared from any website is Archive.is, which aims to be "your personal Wayback Machine!" The site can be freely used by anyone to take a "snapshot" of a webpage that will always be online even if the original page disappears. So, if someone else has archived a particular webpage for which you are searching, you may find it at Archive.is. You can also use the site to archive pages you may want to access later that could disappear from the original site or to make the pages available should the original site disappear from the web.

[/reference] permanent link

Sat, Feb 08, 2014 10:31 pm

ToDoList

I needed software that I could run on a system running Microsoft Windows 8 to help me manage projects and tasks. I had been using an online service for awhile, but was looking for software I could run on the system that would give me some additional capabilities, but I didn't want to spend several hundred dollars on Microsoft Project, which, though it offers all the features I might need, is overkill for my current needs. I found ToDoList, which is free to be an easy program to quickly start managing my projects and tasks.

[ More Info ]

[/software/projmgmt] permanent link

Sat, Feb 08, 2014 5:27 pm

KPT Plugins and Corel Paintshop Pro X6

The Corel PaintShop Pro program supports a number of plugins that provide special effects for images. For the X6 version of PaintShop Pro, Corel provides both 32-bit and 64-bit versions of the software. However, the Kai's Power Tools (KPT) plugins will only work with the 32-bit version as the plugins are incompatible with the 64-bit version.

Kai's Power Tools (KPT) was developed by Kai Krause, but sold to Corel Corporation . Kai also developed Live Picture, Bryce, Kai's Power Show, Kai's Power Goo, Convolver, Kai's Photo Soap and Poser. He pioneered user interface elements in his software such as soft shadows, rounded corners, and translucency.

References:

  1. Is the Paintshop Pro X6 KPT Collection Compatible with the 64 Bit version of Paintshop Pro X6?
    Corel Discovery Center

[/os/windows/software/graphics/corel/psp] permanent link

Fri, Feb 07, 2014 8:55 pm

Determine the date of manufacture of a Mac system

On my MacBook Pro laptop, running OS X 10.8.3, I can see the date it was manufactured by clicking on the Apple icon in the upper-left corner of the screen then selecting About This Mac and then clicking on the More Info... button.

About This Mac More
Info

If you need to get the information from a command line interface, e.g., from a terminal or SSH session, you can't get it directly using the system_profiler command, but you can use information provided by that command to look up the information online.

$ system_profiler SPHardwareDataType
Hardware:

    Hardware Overview:

      Model Name: MacBook Pro
      Model Identifier: MacBookPro5,3
      Processor Name: Intel Core 2 Duo
      Processor Speed: 3.06 GHz
      Number of Processors: 1
      Total Number of Cores: 2
      L2 Cache: 6 MB
      Memory: 4 GB
      Bus Speed: 1.07 GHz
      Boot ROM Version: MBP53.00AC.B03
      SMC Version (system): 1.48f2
      Serial Number (system): W89491TF64C
      Hardware UUID: FDE9B14D-E531-569F-A1EF-D0D0D0D0D0D0
      Sudden Motion Sensor:
          State: Enabled

You can use the model identifier information to look up information on when the model was manufactured using Lookup Mac Specs by Serial Number, Order, Model, & EMC Number, Model ID @ EveryMac.com.

If you just want the model identifier, you can use awk to isolate that information.

$ system_profiler SPHardwareDataType | awk '/Model Identifier/ {print $3}'
MacBookPro5,3

When I looked up MacBookPro5,3, I saw 3 entries with a "subfamily" of Mid-2009 15" listed for each. All 3 were introduced on June 8, 2009 and discontinued on April 13, 2010. Using the processor speed information provided by system_profiler, I could narrow the selection down to a specific MacBook Pro "Core 2 Duo" and see the standard RAM and hard disk size for that model.

You can also enter the last 3 characters of a 11 character serial number to obtain that information from the site. Though, in my case I saw an iPhone and several desktop systems listed as well as one laptop model, though, since I knew it was a laptop, I knew which one was the appropriate one.

[/os/os-x] permanent link

Wed, Feb 05, 2014 12:01 pm

Using the control key to select multiple items with IE under VMWare

If you need to select multiple items on a form on a webpage in Internet Explorer on a Microsoft Windows system, you can usually do so by holding down the Ctrl key while selecting the items. On an Apple keyboard, though, there is no Ctrl key though there is a Control key. But if you are using VMWare Fusion to run a version of Microsoft Windows in a virtual machine (VM) on a Mac OS X system, you can't use that Control key to select multiple items on a form when you are using Internet Explorer in the VM unless you change the default keyboard configuration, which can easily be done by taking the following steps:
  1. Click on VMWare Fusion at the top left of the VMWare window.
  2. Select "Preferences".
  3. Select "Keyboard & Mouse".
  4. Click on the "Mouse Shortcuts" tab.

    Mouse Shortcuts

  5. Uncheck "Secondary Button"; you can then close the "Keyboard & Mouse" window.

You can then select multiple items on a form by holding down the Control key while left clicking on items. If you want to go back to the default configuration afterwards, you can go back to the "Mouse Shortcuts" tab and click on the "Restore Defaults" button or just recheck the "Secondary Button" checkbox, which is associated with the mouse shortcut "Control - Primary Button".

[/os/os-x] permanent link

Sun, Feb 02, 2014 10:02 pm

32 or 64-bit Application

If you need to determine whether a Microsoft Windows application is a 32-bit or 64-bit program, there are a number of ways to do so, including simply right-clicking on the file and examining its properties.

[ More Info ]

[/os/windows] permanent link

Sun, Jan 26, 2014 11:40 am

Downloading Video Clips with Offliberty

If you wish to download a video clip from a website, such as a news site or YouTube, to archive it should it ever disappear from the Web, Offliberty, which provides "evidence of offline life", offers a means to download the video to your hard drive by simply putting in the URL for the webpage where it is found and then clicking on the Off button below the field where you enter the URL.

[ More Info ]

[/video/offliberty] permanent link

Sat, Jan 25, 2014 10:22 pm

Turning Off Automatic Updates in Windows 8

By default, a Windows 8 system will automatically install updates and reboot the system, if it deems it is necessary. You will be warned a few days beforehand that a reboot will be necessary within a few days, but when the time arrives, you will get only 15 minutes to save your work before the system automatically updates. If you are someone like me who tends to have a lot of windows open at once and who may be working on many tasks concurrently, 15 minutes may not be enough to save all work in progress, even if you are sitting at the computer at the 15-minute warning so have the full amount of time to save work in progress. And, if the 15-minute warning comes late at night, you may not even be awake at the time and may find when you first check the system after you have awakened that it rebooted over night and you have lost a lot of work in progress in applications that don't autosave. To download the updates, but control the timing of their installation yourself, take these steps.

[/os/windows/win8] permanent link

Sun, Jan 19, 2014 12:00 pm

Conditional Formatting in a Google Docs Spreadsheet

You can use conditional formatting in Google Docs spreadsheets to change the color of text in a cell or the background color of a cell just as you can in Microsoft Excel. E.g., if I had a cell that contained an expiration date and wanted the background color of the cell to be red if the date had been reached or had passed, I could click in the cell and take the following steps:
  1. Click on Format.
  2. Select Conditional formatting....
  3. I could then select "Date is before" in the first field and "today" in the next field. I could then check "Background" and select the color red for the background color for the cell once the date in the cell has been passed.
  4. Once you've set up the rule or rules for the cell or range of cells, clik on Save rules.

Conditional formatting for a Google spreadsheet

The cell will then have the normal color as long as the date stored in the cell is before today's date. Once the date in the cell matches today's date or is before the date of viewing, the cell background color will turn red.

Note: You can ensure that Google knows the cell contains a date by clicking on Format, selecting Number, and then More formats, which will allow you to pick a particular format you wish to use for dates, such as 2008-09-26, 9/26/08, etc.

[/network/web/services/google] permanent link

Sun, Jan 19, 2014 10:34 am

Kindle Fire Won't Power On

Yesterday, I found my Kindle Fire would not power on. I had used it a few hours earlier without seeing any message about the battery charge being low. But repeated attempts to turn it on by hitting the power button did no good. So I plugged it into a charger. Hours later when I attempted to power it on, I still was unable to do so. Following advice posted at My kindle won't turn on, I found that holding in the power button for 30 seconds then releasing the button and then tapping the power button again resulted in it powering on again. When it powered on, I saw the battery had a full charge.

[/ebook] permanent link

Sat, Jan 18, 2014 11:13 pm

Kindle App Invalid Item

I've been getting an "Invalid Item" message stating "Please remove the item from your device and go to All Items to download it again", when I try to read some books I've purchased through Amazon on my Android phone. I've tried suggestions I've found elsewhere for resolving the problem, but there are still a few books that I've been unable to download and read with the Kindle app on my phone.

[ More Info ]

[/ebook] permanent link

Tue, Jan 14, 2014 10:30 pm

Setting up a Cisco DPC3827 Router

I needed to configure a Cisco DPC3827 DOCSIS 3.0 Gateway provided by an Internet Service Provider (ISP) for a home local area network (LAN) today, so I've placed some notes here on steps for configuring that router.

[/hardware/network/router/cisco] permanent link

Sun, Jan 12, 2014 12:31 pm

Using an Email Alias in Thunderbird

When I register an email address for a website, I normally create a new email alias unique to that website or the company associated with the website. Unfortuately, many companies and websites sell their email lists to other companies, ususally labelled as their "partners" in their privacy policies, seeing that as a way to make additional revenue from their customers or website visitors. Even if a company states they won't do so, most reserve the right to change their privacy policy at any time and there is also the possibility that the company will go out of business at some point and all assets, including its mailing lists, will be sold to others.

I receive an inordinate amount of spam every day and waste a lot of time purging it from my inbox, so by creating an email alias, which I can easily do, since I manage the email server that processes my email, I can simply invalidate any alias when I notice I'm receiving a lot of spam with a particular alias I created in the "to" field. E.g., if I created an alias Acme_2014@example.com that points to Me@example.com and start receiving spam to Acme_2014@example.com, I know that the Acme Corporation sold my email address to a spammer or had a compromise of their server holding my account information.

Since Acme_2014 is not an email address that a spammer who employs name dictionaries to distribute spam might use, I can be sure that the source of the email is using the email address I gave to the Acme Corporation. If I used an address such as abe, bill, or zachary@example.com, I couldn't be certain, since some spammers try sending email to a domain using every name from a name dictionary. I also wouldn't use acme@example.com, since that is a word in an English language dictionary, so spammers using a dictionary for building email addresses might use it.

I can easily create aliases on my email server, but there are a number of online services that will allow you to create such aliases to thwart spammers. E.g., with such a service you might be able to create an alias acme_2014@spamblock1.com that points to me@example.com, if me@example.com is the email address you normally use.

If you wanted to communicate with Acme Corporation by email, you might need to use the alias you used in the "from" field of email you send to them. To do so in Thunderbird 24.2.0, right-click on your account, which should be located at the top of the left pane of the Thunderbird window. E.g., you may see me@example.com there. Select Settings, then put the alias in the Email Address field and, if needed, set the Your Name field appropriately, then click on OK. Once you have sent the email you needed to send to the Acme Corporation you can change the settings back to those you normally use.

[/network/email/clients/thunderbird] permanent link

Sat, Jan 11, 2014 4:38 pm

Disk Management Under Windows 7 from a Regular Windows Account

If you are logged into a Windows 7 system as a regular user without administrator privileges, you can still access the disk management function without logging off and on again as administrator or switching to the administrator account via the Switch User feature. To do so, take the following steps.
  1. Click on the Start button.
  2. Type cmd and hit enter to open a command prompt window.
  3. At the command prompt window, type runas /user:administrator mmc. Note: if the system is part of a Microsoft Windows domain and you wish to use the domain administrator account, put the domain name followed by a backslash after user: and before administrator. E.g., runas /user:mydomain\administrator mmc.
  4. When prompted for the administrator password, enter it.
  5. In the Console Root window that opens, click on File and select compmgmt.
  6. In the Computer Management window that opens, you will then see Disk Management under Storage.

[/os/windows/win7] permanent link

Tue, Jan 07, 2014 2:56 pm

Telemarketing or scammer call from 717-203-8889

At 2:12 PM, I received another annoying telemarketing/scammer credit card call. When I answered the phone I heard a message about reducing credit card interest rates. There was a mention that the call was from "Cardmember Services". Since there was no mention of my credit union nor bank, it was obvious that it was not a call from my bank nor credit union. I hit "1" to speak to a representative so I could ask that the calls be stopped. When I was finally connected to a person, I asked her what company she represented in a friendly tone; the person immediately hung up without answering, so I couldn't ask to be removed from any calling list used. I then used *69 to get the calling number, which was 7172038889. When I called I heard the message "Please leave a message for. That mailbox is full." There was no person or company identified after the word "for". I've received many telemarketing calls where the caller is identified as "Cardmember Services" and don't know how many telemarketing companies or credit card scammers use that identification. If it was a telemarketing number, there was not a way for me to get the actual name of the company.

As I usually do in such cases, I reported the calling number to the U.S. Federal Trade Commission's National Do Not Call Registry website, since my home phone number is in that registry, thus telemarketers shouldn't be calling my number. Unfortunately, many telemarketers ignore the list, apparently feeling that nothing will be done to them if they ignore the list. Perhaps that is true; I don't know how limited the FTC's resources may be for pursuing such companies. I can only hope that if enough complaints are filed for a particular number that the FTC will investigate and at least fine a few of them, though I'd like to see such companies put out of business.

I think anyone who would answer such a call and provide a credit card number to the caller is either a fool or extremely naive, since providing credit card information to an unknown caller may provide an opportunity to a scammer to use that information to use the credit card information for nefarious purposes. But since I've frequently received such calls, apparently such telemarketers/scammers find a fair number of people willing to do so.

[/phone] permanent link

Fri, Jan 03, 2014 9:50 pm

Altering a browser's display of a webpage by zooming in and out

Many browsers, e.g., Internet Explorer, Firefox, and Safari, provide a feature to zoom in and out, i.e., to magnify the display of a webpage to make text and images larger or smaller through the use of Ctrl-key combinations. Ctrl-+, i.e., the Ctrl and + (plus) keys hit simultaneously, will permit you to "zoom in" to enlarge the display of text and images on a page. Hitting the Ctrl and - (minus) keys simultaneously will reverse the process allowing you to zoom back out, i.e., reduce the size of text and images. If you wish to return to the default display, use Ctrl-0, i.e., the Ctrl and zero keys struck simultaneously.

[/network/web/browser] permanent link

Thu, Jan 02, 2014 7:30 pm

Juniper VPN software not working with Safari for Mac OS X

I haven't been able to use Safari on my MacBook Pro laptop running OS X version 10.8.3, aka " Mountain Lion, to start a VPN connection from home to the office network for some time. When I attempt to establish the VPN connection, by going to the website address that worked in the past from within Safari 6.1, I am asked about running a Juniper Networks application.
Wondershare Data Recovery for Mac Download1px x 1px

Do you want to run this application?

Name: NCAppController
Publisher: Juniper Networks, Inc.

When I run it, a "Setup Control - Warning" message then appears containing the following information:

Do you want to download, install, and/or execute software from the following server?

Product Name: Network Connect
Software Name: NetworkConnect.app

When I click on "Yes", I see a "[Network Connect] Error" window open stating "An error occurred while extracting one of the Network components." The only option available is "OK" and the VPN connection is not established.

According to Connections to Juniper Network Connect VPN failing in Safari 6.1 and Safari 7, this problem also occurs with Safari 7 on OS X 10.8 (Mountain Lion). The author of that article states:

Based on what I’m seeing, it looks like Safari 6.1 and Safari 7 introduced a new sandbox for browser plug-ins, replacing the previous Java whitelist. At this time, it does not appear that Juniper’s software is able to work with this sandbox.

I can establish the VPN connection by going to the Applications directory in the Finder and double-click on Network Connect, which starts the Network Connect 7.4.0 application, then put in my username and password for the VPN and establish a connection by that means without a problem.

[/os/os-x] permanent link

Thu, Jan 02, 2014 11:40 am

Choosing a country for the Tor exit node

If you use the Tor Browser Bundle for web browsing, you may sometimes see "This service is not available in your location" or similar messages when you attempt to use some online services when a service is not available to residents of some countries, if the exit node, i.e., the last hop in the Tor network, for your browser session happens to be in a country for which the oline service is unavailable. You can see the location of the exit node, i.e., the IP address that websites see for your location when you visit them by visiting WhatIsMyIP.com or similar websites that provide geolocation information.

If you wish to specify an exit node in a particular country, you can use the country code for the country established by the International Organization for Standardizaton. Two characters are used to represent the country code in an online address, e.g. us for the United States, dk for Denmark, gb for Great Britain, etc. You can find the complete list of country codes at ISO 3166-1-alpha-2 code. The country code to be used for the exit note must be placed in the torrc configuration file used by the Tor browser bundle. Look for the torrc file in the Data/Tor directory beneath the directory in which you installed the Tor Browser Bundle. You can edit it with a text editor, such as Notepad on a Microsoft Windows system. Put the following line at the end of the file where cc represents the country code:

ExitNodes {cc}

E.g., for a United States exit node, you would use:

ExitNodes {us}

To confirm the exit node location, restart the Tor browser, if it is running, and visit a site such as WhatIsMyIp. Note: if there is a problem accessing an exit node in the selected country or if you entered an invalid country code, you may find that you don't get past the "Connecting to the Tor network" window when you start the Tor browser. In that case, you may need to select a different country code. Also, some online services may block access from all known Tor exit nodes, since some people use Tor for malicious purposes rather than simply for online privacy. E.g., Wikipedia does not allow editing of articles when an editor is accessing Wikipedia via the Tor network.

Also note that the Tor Project does not recommend specifying an exit node. At Tor FAQ: Can I control which nodes (or country) are used for entry/exit? you will find:

We recommend you do not use these — they are intended for testing and may disappear in future versions. You get the best security that Tor can provide when you leave the route selection to Tor; overriding the entry / exit nodes can mess up your anonymity in ways we don't understand.

But that option is available, if you wish to use it, at least as of version 3.5 of the Tor Browser Bundle.

[/network/web/browser/tor] permanent link

Wed, Jan 01, 2014 3:45 pm

Tor reports Firefox is already running

If you install the Tor browser bundle for online privacy and see a "Close Firefox" window appear when you attempt to start the Tor browser with the message below, then you may need to change the location where you placed the Tor browser bundle:

Firefox is already running, but it is not responding. To open a new window, you must first close the existing Firefox process, or restart your system.

Close Firefox Tor error message

This message can appear even when the Firefox browser provided with the Tor browser bundle isn't running as you can see by using the Windows Task Manager to check for running processes, if the the software was placed under the C:\Program Files (x86) directory, even if you run the software from an account with administrator privileges. The software apparently needs to write to files in the directory where it has been installed, but can't do so. If you install it to the Desktop or under the Documents directory for the account from which you will be running it, you won't see the message.

[/network/web/browser/tor] permanent link

Once You Know, You Newegg AliExpress by Alibaba.com

Shop Amazon Local - Subscribe to Deals in Your Neighborhood

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo