On a Macintosh, aka Mac, OS X/macOS system, the user profile directory where the Firefox web browser stores its data can be found at "/Users/account_name/Library/Application Support/Firefox/Profiles" where account_name is the relevant user name. The profile directory for the account will be a sequence of 8 characters followed by ".default". E.g.:

$ ls "/Users/jasmith1/Library/Application Support/Firefox/Profiles"
bgq13udo.default
$

Within that directory will be a cookies.sqlite file within which Firefox stores browser cookies. You can view those cookies outside of Firefox using the SQLite relational database management system software found on OS X/macOS systems. You can examine the sqlite file with the sqlite3 command, which you can run from a command line interface (CLI), i.e., a Bash shell prompt, by opening a Terminal window; the Terminal application is found in the Applications/Utilities directory. You can examine the structure of the database using the SQLite .schema command. There is a moz_cookies table within the database.

[ More Info ]

[/network/web/browser/firefox] permanent link

# dmesg | egrep -i 'cdrom|dvd|cd/rw|writer'
[    1.571327] ata1.00: ATAPI: TSSTcorpCD/DVDW SH-S182M, SB02, max UDMA/33
[    1.598476] scsi 0:0:0:0: CD-ROM            TSSTcorp CD/DVDW SH-S182M SB02 PQ: 0 ANSI: 5
[    1.635809] sr 0:0:0:0: [sr0] scsi3-mmc drive: 48x/48x writer dvd-ram cd/rw xa/form2 cdda tray
[    1.635819] cdrom: Uniform CD-ROM driver Revision: 3.20
#

[ More Info ]

[/os/unix/linux/centos] permanent link

When I attempted to edit a file, index.php, using the vi editor, I saw the following message:

E325: ATTENTION
Found a swap file by the name ".index.php.swp"
          owned by: joe   dated: Mon Feb 20 19:36:11 2017
         file name: ~joe/www/UVNC/index.php
          modified: YES
         user name: joe   host name: example.com
        process ID: 19776
While opening file "index.php"
             dated: Mon Feb 20 19:38:44 2017
      NEWER than swap file!

(1) Another program may be editing the same file.  If this is the case,
    be careful not to end up with two different instances of the same
    file when making changes.  Quit, or continue with caution.
(2) An edit session for this file crashed.
    If this is the case, use ":recover" or "vim -r index.php"
    to recover the changes (see ":help recovery").
    If you did this already, delete the swap file ".index.php.swp"
    to avoid this message.

Swap file ".index.php.swp" already exists!
[O]pen Read-Only, (E)dit anyway, (R)ecover, (D)elete it, (Q)uit, (A)bort:

I hit the q key to return to the Bash shell prompt. When I compared the time stamps on the current version of the file and the .swp file, I saw that the current version had a time stamp 2 minutes after the time stamp for the .swp file.

$ ls -al | grep 'index.php'
-rw-rw-r--. 1 joe joe   7571 Feb 20 19:38 index.php
-rw-r--r--. 1 joe joe  20480 Feb 20 19:36 .index.php.swp
$

[ More Info ]

[/software/editors/vi] permanent link

[ More Info ]

[/security/firewalls/BullGuard] permanent link

On a Microsoft Windows system, you can determine the username for an account from a command prompt window using the whoami command as shown below.

C:\Users\enzo\Documents>whoami
slartibartfast\enzo

C:\Users\enzo\Documents>

In the example above, the account name is enzo and the system name is slartibartfast.

If you want to determine what groups the account belongs to, which would enable you to determine if the account is in the administrators group, you could add the /groups argument to the command as shown below. I added the /fo list option as well to format the output as a list; if that option isn't specified the output will be in table format.

[ More Info ]

[/os/windows/commands] permanent link

When I hovered my mouse pointer over the link in the message, I found that the first part of the name in the fully qualified domain name (FQDN) looked like something I would expect in a site name for my employer, but the ending of the domain name was securefileshares.com, which would not be a site I would go to to modify security questions for a work-related system. On my laptop, I use Outlook 2016 as my email; to view the email header for a message in Outlook 2016, you can take these steps, but most email clients provide a mechanism to view a message's header, which will show the originating system and other email servers a message has passed through. Viewing the header information, I saw the following lines:

Received-SPF: Temperror (SPF Temporary Error: DNS 'NoneType' object has no attri
bute 'header') identity=mailfrom; client-ip=52.1.96.230; helo=mail.nova.phishme.
com; envelope-from=postmaster@return--path.com; receiver=john.a.doe@example.com
<text snipped>
Received: from mail.nova.phishme.com (mail.nova.phishme.com [52.1.96.230])	by
<text snipped>
MIME-Version: 1.0
X-Priority: 3
X-PhishMe: Phishing_Training
X-PhishMeTracking: TjaVg7y+fe0Q/<text snipped>

The header lines showed it was a training exercise, since PhishMe is a company that helps organizations train their employees to avoid phishing attempts. But, if you have a question about whether a message you have received is legitimate or is a spoofed message that appears to come from a legitimate sender, such as your employer, bank, or some source you would trust, it is best to type in a link rather than click on one within an email, unless you observe the actual link very closely. It can also help to identify a message sent by someone spoofing a legitimate sender by examining message headers. It is trivially easy for a spammer, malware purveyor, or other malefactor to spoof a "From" address, so you should never assume that a "From" address is a reliable means of identifying a message's actual sender.

[/security/scams/phishing] permanent link

A user reported that she wasn't receiving any email. When I logged into the mail servers, which runs Dovecot for POP3/POP3S and used Telnet to connect to port 110, the well-known port for POP3, I didn't get any response after I entered the user command, so I exited to the telnet prompt with Ctrl-].

$ telnet 127.0.0.1 110
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
user nell
^]
telnet> quit
Connection closed.
$

I logged into the root account and checked today's and yesterday's maillog files for any references to Dovecot or POP3 issues, but saw none.

# grep -i dovecot /var/log/maillog
# grep -i dovecot /var/log/maillog.1
# grep -i pop3 /var/log/maillog.1
# grep -i pop3 /var/log/maillog
#

[ More Info ]

[/network/email/dovecot] permanent link

I downloaded the IP address range file from https://ip-ranges.amazonaws.com/ip-ranges.json using cURL, which is present on Apple OS X/macOS systems and is available for Linux and many other operating systems, including Microsoft Windows - see Releases and Downloads.

$ curl -o ip-ranges.json https://ip-ranges.amazonaws.com/ip-ranges.json
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   99k  100   99k    0     0   191k      0 --:--:-- --:--:-- --:--:--  191k
$

The following Python script can be used to extract just the Classless Inter-Domain Routing (CIDR) address blocks, i.e., the ip_prefix information from the JSON data stored in the ip-ranges.json file downloaded from the Amazon website and display it.

#!/usr/bin/python
import json

data = json.load(open('ip-ranges.json'))
for d in data["prefixes"]:
    print d["ip_prefix"]

[ More Info ]

[/languages/python] permanent link

C:\WINDOWS\system32>wbadmin get versions
wbadmin 1.0 - Backup command-line tool
(C) Copyright 2013 Microsoft Corporation. All rights reserved.

Backup time: 2/19/2017 8:31 PM
Backup target: 1394/USB Disk labeled Seagate Backup Plus Drive(E:)
Version identifier: 02/20/2017-01:31
Can recover: Volume(s), File(s), Application(s), Bare Metal Recovery, System State
Snapshot ID: {d4a62a80-ac6f-4aba-8886-6ba570c1284a}


C:\WINDOWS\system32>

Once you have the version identifier(s), you can use it to view the details regarding what volumes were backed up on the system to the external USB drive using a command in the form wbadmin get items -version:version_id.

[ More Info ]

[/os/windows/utilities/backup] permanent link

C:\Users\enzo\Documents>dir /ah *.swp
 Volume in drive C is Windows
 Volume Serial Number is B688-ED25

 Directory of C:\Users\enzo\Documents

02/18/2017  12:51 PM            12,288 .system.html.swp
               1 File(s)         12,288 bytes
               0 Dir(s)  1,954,264,215,552 bytes free

C:\Users\enzo\Documents>del .system.html.swp
Could Not Find C:\Users\enzo\Documents\.system.html.swp

C:\Users\enzo\Documents>del /ah .system.html.swp

C:\Users\enzo\Documents>

The syntax for the del command is shown below:

C:\>del /?
Deletes one or more files.

DEL [/P] [/F] [/S] [/Q] [/A[[:]attributes]] names
ERASE [/P] [/F] [/S] [/Q] [/A[[:]attributes]] names

  names         Specifies a list of one or more files or directories.
                Wildcards may be used to delete multiple files. If a
                directory is specified, all files within the directory
                will be deleted.

  /P            Prompts for confirmation before deleting each file.
  /F            Force deleting of read-only files.
  /S            Delete specified files from all subdirectories.
  /Q            Quiet mode, do not ask if ok to delete on global wildcard
  /A            Selects files to delete based on attributes
  attributes    R  Read-only files            S  System files
                H  Hidden files               A  Files ready for archiving
                I  Not content indexed Files  L  Reparse Points
                -  Prefix meaning not

If Command Extensions are enabled DEL and ERASE change as follows:

The display semantics of the /S switch are reversed in that it shows
you only the files that are deleted, not the ones it could not find.

C:\>

[/os/windows/commands] permanent link

[ More Info ]

[/os/windows/commands/wmic] permanent link

[ More Info ]

[/network/email] permanent link

C:\Users\Lila>wmic diskdrive get status, size, model
Model                                   Size           Status
Seagate Backup+  Desk SCSI Disk Device  5000970240000  OK
Seagate Backup+ Desk USB Device         4000776192000  OK
Generic- Compact Flash USB Device                      OK
Generic- SD/MMC USB Device                             OK
Generic- MS/MS-Pro USB Device                          OK
WD My Book 1140 USB Device              2000363420160  OK
Generic- SM/xD-Picture USB Device                      OK
WDC WD4003FZEX-00Z4SA0 ATA Device       4000784417280  OK


C:\Users\Lila>

[ More Info ]

[/os/windows/commands/wmic] permanent link

[ More Info ]

[/os/windows/win7] permanent link

#!/usr/bin/python

import sqlite3
conn = sqlite3.connect('/Users/jasmith1/Documents/Work/CRQ/CRQ.db')
cursor = conn.cursor()

sql = 'SELECT COUNT(*) FROM Tasks WHERE Approved >= date(CURRENT_DATE,"-7 day")'
cursor.execute(sql)
result = cursor.fetchone()
numApproved = result[0]
print numApproved

The first step I need to take is to import the sqlite3 module for use in Python. I then need to create a connection object for the database which I assign to conn. After that I need to create a cursor instance that I will use to execute an SQL statement. I assign the SQL statement to the variable sql (the name is arbitrary) and then execute the statement with cursor.execute(sql). The variable result is then assigned the results of cursor.fechone(). If I printed the contents of the result variable, I would see (5,), if the count was 5, since the result is a tuple with one element, but I want to see just the number, so I set numApproved to be result[0]. Instead of setting numApproved to result[0] and printing numApproved, I could skip a step and use the following two lines after sursor.execute(sql):

(numApproved,) = cursor.fetchone()
print numApproved

If I make the script excecutable with chmod 755 and then run the script, I will then see just the number of reccords approved within the last week:

$ chmod 755 weeklyApprovalCount.py
$ ./weeklyApprovalCount.py
5

References:

1. sqlite3 — DB-API 2.0 interface for SQLite databases
   Python documentation

[/languages/python] permanent link

I had to forcibly terminate two Wireshark processes with the Windows Task Manager prior to that message appearing in order to proceed with the upgrade, since I had seen a message that the installation could not proceed with Wireshark running, yet those instances of Wireshark wouldn't close when I tried to close them normally; one of the two was due to my trying a second time to start Wireshark when there was a long delay before it appeared.

I ran the Windows Task Manager with administrator privileges by typing Task Manager in the Cortana "Ask me anything" field and then right-clicking on Task Manager when it was returned in the search results. I saw Dumpcap, which is a process Wireshark and TShark run to perform packet capture, listed in the process list, so clicked on it to select it and then clicked on the End Task button, but that didn't actually terminate the process.

[ More Info ]

[/os/windows/processes] permanent link

[ More Info ]

[/os/os-x] permanent link

$ sqlite3 ~/Documents/Work/CRQ/CRQ.db
SQLite version 3.8.10.2 2015-05-20 18:17:19
Enter ".help" for usage hints.
sqlite> .schema Tasks
CREATE TABLE "Tasks" (
`CRQ`	TEXT NOT NULL,
`Task`	TEXT NOT NULL,
`URL`	TEXT,
`Received`	INTEGER,
`Reviewed`	INTEGER,
`Approved`	INTEGER,
`Notes`	TEXT,
`Summary`	TEXT
);
sqlite> .exit
$

I can open the database and manually type the command to count the records with an approval date on or after a date I specify using an SQL command like the one below:

$ sqlite3 ~/Documents/Work/CRQ/CRQ.db
SQLite version 3.8.10.2 2015-05-20 18:17:19
Enter ".help" for usage hints.
sqlite> SELECT COUNT(*) FROM Tasks WHERE Approved >= '2017-02-01';
11
sqlite>

[ More Info ]

[/software/database/sqlite] permanent link

Version 15.27 (161010)
Product ID: 03109-000-000001
License: Volume License

One annoying issue I've encountered is that I don't see a way to view attachments sent with some messages within Outlook. I can see a paperclip icon to the right of the sender's name in the left pane of the outlook window, which indicates the message has been received with an attachment, but in the right pane where the contents of the window is displayed, there is no indication that the message has an attachment. And, if I double-click on the message to open it in a separate window there is no indication the message has an attachment. The only way I've found to easily gain access to the attachment is to view the message in Outlook Web App in a web browser. In its right pane, I see a "To:" line followed by a "CC:" line and then an "Attachments:" line with the name of the attachment shown. I can click on the attachment name to open of save it.

In Outlook 2016, if I right-click on the first message where I observed this problem and choose View Source, I see the following in the header lines, which indicates the message does indeed have an attachment:

Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes

[ More Info ]

[/network/email/clients/outlook/2016] permanent link

First, ensure that the hash sign (#) is removed from the LoadModule cgi_module libexec/apache2/mod_cgi.so in /etc/apache2/httpd.conf. If you need to remove the hash/pound sign, restart Apache after modifying the file, which you can do with sudo apachectl restart. You will also need to use the sudo command to edit the file, if you edit it with a text editor such as GNU nano or vi.

[ More Info ]

[/os/os-x/apache] permanent link

#LoadModule cgi_module libexec/apache2/mod_cgi.so

You will neeed to edit the file with a text editor, such as the TextEdit app found in the Applications directory, or GNU nano or vi. And you will need to run the editor with root, i.e., administrator privileges by using the sudo command in order to be able to save modifications to the file. E.g.:

sudo nano /etc/apache2/httpd.conf

[ More Info ]

[/os/os-x/apache] permanent link

<!DOCTYPE HTML>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>PHP Test</title>
</head>

<body>

<h2>A test page</h2>

<?php phpinfo(); ?>

</body>
</html>

If I visit the page using a browser, the HyperText Markup Language (HTML) code on the page will be displayed, e.g. the "A test page" heading will be displayed, but the information that the phpinfo() command would display regarding the PHP settings for a system on which PHP is working won't be displayed. You could also try a simple PHP echo command, e.g. <?php echo "This is the output from a PHP echo command."; ?>, but the output from that command would not be displayed, either.

[ More Info ]

[/os/os-x/apache] permanent link

The Apache web server software isn't running by default and you can no longer enable it through the Sharing option under System Preferences as in some earlier versions of OS X, but you can start it from a command line interface (CLI) by opening a Terminal window (Terminal is found in the Applications/Utilities folder), with the command sudo apachectl start. Once you start the software, you will see the system is listening on the well-known port for Hypertext Transfer Protocol (HTTP) connections, port 80, by using the netstat command.

$ sudo apachectl start
Password:
$ netstat -a | grep http | grep LISTEN
tcp46      0      0  *.http                 *.*                    LISTEN     
$

[ More Info ]

[/os/os-x] permanent link

C:\Users\Collen>netstat -a | find "5900"
  TCP    0.0.0.0:5900           Speleologist:0         LISTENING

C:\Users\Collen>

I used windump, a free packet capture tool for Microsoft Windows systems, similar to the tcpdump tool found on OS X/macOS and Linux systems, to verify that the system was seeing the incoming connections to network port 5900.

[ More Info ]

[/os/windows/software/remote-control/vnc/ultravnc] permanent link

root@Alder> configure
Entering configuration mode

[edit]
root@Alder# set security zone security-zone untrust interface ge-0/0/0.0 host-inbound-traffic system-services ping

[edit]
root@Alder# commit
commit complete

[edit]
root@Alder#

Afer committing the configuration, you should be able to successfully ping the IP address of the untrusted, i.e., Internet side of the device.

[/security/firewalls/SRX] permanent link