MoonPoint Support Logo

 

Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals



Advanced Search
December
Sun Mon Tue Wed Thu Fri Sat
 
     
2008
Months
Dec


Mon, Dec 29, 2008 10:29 pm

Scripting Telnet Under Microsoft Windows

Telnet sessions can be automated using the Telnet Scripting Tool v.1.0 written by Albert Yale. I found the utility at How can I reboot my Alcatel SpeedTouch Pro by using a shortcut or a script?, where there is a sample of a text file that can be used to automate a telnet connection. The first line placed in the file contains the IP address of the telnet server followed by the port number to be used (23 is the default port for telnet connections). The subsequent lines contain the strings to wait for from the server, e.g. WAIT "User :" and to send as responses, e.g. SEND "\m". The \m is for a carriage return and linefeed.
Usage Syntax:

tst10.exe /r:script.txt [options]

/r:script.txt      run script.txt
[options]          any of these:

/o:output.txt      send session output to output.txt
/m                 run script in minimized window

Usage Example:

tst10.exe /r:script.txt /o:output.txt /m

Scripting Syntax:

HOSTNAME PORT      port number optional, default: 23
WAIT "string"      string to wait for
SEND "string"      string to send
\"                 represents the a quote character
\m                 represents a <CR/LF>
\\                 represents the backslash character

Scripting Example:

hostname.com 23
WAIT "login"
SEND "root\m"
WAIT "password"
SEND "mypassword\m"
WAIT ">"
SEND "dip internet.dip\m"
WAIT ">"

Scripting Note:

You can start with either WAIT or SEND commands,
but you *must* alternate them. ie: you can't use two
or more WAIT or SEND in a row.

Note:

TST will disconnect and close as soon
as its done with the last entry of the script.

If you need to, you can type in the terminal
window while the script is running.

You can use the tool to automate not just sessions where you log into another system via the telnet protocol, but other types of connections where you might use the telnet command.

E.g., I often telnet to the Simple Mail Transfer Protocol (SMTP) port, which is port 25 on mail servers, to troubleshoot connections. The Telnet Scripting Tool (TST) can be used to automate this type of testing as well.

For instance, I created a file, testSMTP.txt, to use with the Telnet Scripting Tool in timing how long it was taking a mail server to display its banner. The banner from mail server software, such as sendmail, usually begins with the code 220, e.g. 220 mail.example.com ESMTP Sendmail 8.13.8/8.13.8; Mon, 29 Dec 2008 21:39:48 -0500. So, I placed the following commands in a file to connect to a mail sever at address 192.168.0.5

192.168.0.5 25
WAIT "220"
SEND "quit\m"

The first line specifies the IP address of the server followed by the port number to use, in this case port 25 for an SMTP connection. The WAIT "220" tells the Telnet Scripting Tool to wait for the string 220 from the server and then to send the quit command followed by a carriage return and line feed, e.g. the characters that would be sent if I typed "quit" and hit the Enter key

I then opened a command prompt on a Windows XP system and entered the command below:

C:\DOCUME~1\JSmith\MYDOCU~1\>"\program files\network\tst10\tst10.exe" /r:testSMTP.txt

In this case the file testSMTP.txt was in the current directory, but the tst10.exe program was in \program files\network\tst10\tst10.exe

Note: before using the program,I uploaded the executable, TST10.exe, to VirusTotal, a service that scans files with many different antivirus programs. It checked the file with 38 antivirus programs. None of them found any malware within the file (see MD5: 4aee641e6ddb9a5fa95f590273729708). Note: the viradd and virsize in the Portable Executable (PE) information stand for "Virtual Address" and "Virtual Size" respectively (see Strange tcpip header?).

Download Locations for TST10.Zip

Petri IT Knowledgebase
MoonPoint Support
TheWorldsEnd.NET - free PHP networking scripts

References:

  1. How can I reboot my Alcatel SpeedTouch Pro by using a shortcut or a script?
    By: Daniel Petri
    Petri IT Knowledgebase
  2. Telnet Scripting for the DSL-G604T
    D-Link DSL-G604T Wireless ADSL Router Support Forum

[/network/telnet] permanent link

Mon, Dec 29, 2008 8:37 pm

The Letter "C"

A family member asked me why the English language has the letter "C" when it sounds like "K", e.g. "carp", "clown", or "public", or the letter "S", e.g. "publicity" or the second "c" in "cache", when it appears in words. She wanted to know why we didn't just dispense with the letter altogether. So I did a little online searching with Google and found an explanation at the history of the letter 'C'.

The explanation was that it derives from the Roman use of the letter C to stand for the K sound. The Anglo-Saxons in what is now Great Britain adopted the Roman system. After the Battle of Hastings in which William the Conqueror defeated the Anglo-Saxon forces led by Harold Godwinson many French words became part of the English language. The Norman French pronounced "C" as "S" before the letters "I,E,(Y)". So "C" became a letter with two sounds.

[/languages/english] permanent link

Mon, Dec 29, 2008 2:57 pm

Chopping Strings in BASH

The Bourne-again Shell (BASH) provides built-in mechanisms for extracting substrings from a string.

You can set the value of a variable with myvar="some text". You can view the value of the variable using $myvar or ${myvar}. Putting the "$" in front of the variable name causes BASH to use the value stored in myvar.

$ myvar="some text"
$ echo $myvar
some text
$ echo ${myvar}
some text

There is sometimes an advantage to the format that encloses the variable name in curly braces, i.e. the ${myvar} format.

$ echo "foo$myvar"
foosome text
$ echo "foo$myvarother text"
foo text
$ echo "foo${myvar}other text"
foosome textother text

In the above example, in the instance where the curly braces weren't used, the value of myvar wasn't displayed, because BASH didn't know I wanted myvar rather than myvarother, which has no value assigned to it, so it just dispalyed "foo text". In the second instance where the curly braces were used, BASH could tell I wanted the vaue of myvar and displayed "foo some textother text".

Substrings can be extracted from a string by chopping characters from the beginning and end of a string.

Chopping a trailing character:

You can chop a trailing character from a string in BASH by placing the variable name inside ${ }, such as ${myvar}, and then using %<char>. E.g. suppose myvar has the value "0064092004008999,". To remove the trailing comma from the end of the variable, you could use myvar=${myvar%,}

$ myvar="0064092004008999,"
$ echo ${myvar%,}
0064092004008999

If you wanted to remove the last "9" and all characters that appear after it in the line, you can use "*" in the expression.

$ myvar="0064092004008999,"
$ echo ${myvar%9*}
006409200400899

In the example above, the shortest matching substring is selected and removed, i.e. the "9,". If you wanted to remove the longest matching substring, e.g. every character from the first "9" onwards, you could use

$ myvar="0064092004008999,"
$ echo ${myvar%%9*}
00640

Chopping leading characters:

You can chop leading characters from a string by using # or ##. E.g. suppose myvar has the value "SNMPv2-MIB::sysContact.0 = STRING: John Smith". If you only want the name John Smith, you can use ## to remove the longest substring containing the ":" character. I.e., using myvar=${myvar##*:} wold work. If you instead used only one "#", the shortest matching substring would be removed. I.e., using myvar=${myvar#*:} would return :sysContact.0 = STRING: John Smith, where all characters up to and including the first ":" are removed.

$ myvar="SNMPv2-MIB::sysContact.0 = STRING: John Smith"
$ echo ${myvar##*:}
John Smith
$ echo ${myvar#*:}
:sysContact.0 = STRING: John Smith

References:

  1. Bash by example, Part 1
    Fundamental programming in the Bourne again shell (bash)
    Date: March 1, 2000
    IBM

[/os/unix/bash] permanent link

Fri, Dec 26, 2008 7:24 pm

Send NetScreen Traffic Log to a TFTP Server

You can view the traffic log from a NetScreen firewall using the get log traffic command. If you are using the CLI for the router, when the results are displayed via a console or SSH connection, you will need to hit a key at the more prompt to page through the output. You can hit q to stop paging through the output.

But rather than page through it by the above method, you can also transfer the contents of the log to a TFTP server. Instructions for setting up a TFTP server on a Linux system can be found at Setting Up a Linux TFTP Server.

To redirect the output to a TFTP server, use the command get log traffic > tftp <IP Address> <filename>, substituting the IP address of the TFTP server for <IP Address> and the name of the file you want to write to on the TFTP server for <filename>. E.g. the command below would store the log file on a TFTP server at IP address 192.168.0.5 in the file NetScreen-log.txt. Note: the file NetScreen-log.txt must already exist on the server, though it may be an empty file prior to transfer of the log file from the NetScreen firewall

ns5gt-> get log traffic > tftp 192.168.0.5 NetScreen-log.txt
redirect to 192.168.2.5,NetScreen-log.txt
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
tftp transferred records = 1308
tftp success!

If you see a tftp timeout max error message followed by a tftp abort message, firewall software on the TFTP server may be blocking the file transfer. If you see a !rcv tftp error(1) File not found message then you likely have mistyped the name of the file that should be pre-existing on the server or the permissions on that file are not set appropriately, e.g., if the TFTP server is a Linux or Unix system, the file should have world read+write permissions set on it, which you can set with chmod 666 filename.

Applicable Products:

Applicable ScreenOS:

References:

  1. How To: Redirect output to a TFTP server
    Date: October 7, 2008
    Juniper Networks Knowledge Base
  2. Setting Up a Linux TFTP Server
    Date: December 26, 2008
    MoonPoint Support

[/security/firewalls/netscreen] permanent link

Fri, Dec 26, 2008 6:23 pm

Setting Up a Linux TFTP Server

The Trivial File Transport Protocol (TFTP) proivides a mechanism to read files from or write files to a remote server. It is similar to the File Transfer Protocol (FTP), but doesn't have all of the features of FTP, such as an authentication mechanism.

The instructions below were written for the CentOS distribution of Linux, but TFTP server software is available for Linux, Unix, Windows and other operating systems. For Linux systems that use the Red Hat Package Manager (RPM) package management system, you can determine if the tftp-server package is installed with the command rpm -qi tftp-server.

# rpm -qi tftp-server
package tftp-server is not installed

The tftp-server package depends on the xinetd package; you can check if that package is installed with rpm -qi xinetd. If it isn't installed and you use the Yellow dog Updater, Modified (YUM) package management utility, you can install both packages with yum install tftp-server xinetd. To install just the tftp-server package, use yum install tftp-server. The installation of the tftp-server package will create the directory /tftpboot on the system. The directory should be set to 755 for tftp clients to be able to read from or write to files in the directory.

# ls -ld /tftpboot
drwxr-xr-x 2 root root 4096 Dec 24 14:15 /tftpboot

You next need to turn on the tftp service with the chkconfig command.

# chkconfig tftp on

You can verify that the service is available with chkconfig --list tftp.

# chkconfig --list tftp
tftp            on

TFTP uses the User Datagram Protocol and listens for data on port 69, so you can also use netstat -a | grep tftp to check on whether the system is listening for data on port 69. You should see something like the following if it is listening:

udp        0      0 *:tftp                      *:*

If you have firewall software running on the TFTP server, you will also need to allow connectivity to UDP port 69 through the firewall. You can do this on a CentOS system through the GUI by taking the following steps:

  1. Click on System.
  2. Click on Administration.
  3. Select Security Level and Firewall
  4. Under Firewall Options, select other ports.
  5. Click on the Add button.
  6. Put 69 in the port field and select udp for the protocol.
  7. Click on OK.
  8. Click on OK again.
  9. When prompted to override any existing firewall configuration, click on Yes.

To be able to write to a file on the tftp server, e.g. a file named firewall-log.txt in the /tftpboot directory, you need to first create the file with the touch command and then set the permissions on the file so it is "world" writable.

# touch /tftpboot/firewall-log.txt
# chmod 666 /tftpboot/firewall-log.txt

Once you have the TFTP server configured, you can then transfer files from the tftp client to the server.

References:

  1. TFTP Server
    Date: January 8, 2007
    CentOS
  2. Configuring a TFTP Server
    Date: June 5, 2003
    ONLamp.com

[/network/tftp] permanent link

Mon, Dec 15, 2008 9:00 pm

LED Holiday Lighting

I've heard that LEDs are more efficient for holiday lighting, but they cost more than traditional lights. Are they worth it?

Yes. Light-emitting diodes (LEDs) are small light sources illuminated by the movement of electrons through a semiconductor material - and they are worth the extra money.

According to ENERGY STAR®, LEDs are very energy efficient when producing individual colors, such as those used in many holiday lights. LEDs use up to 90 percent less energy than incandescent bulbs to produce the same amount of light.

The amount of electricity consumed by just one 7-watt incandescent bulb could power 140 LEDs - enough to light two 24-foot strings of lights.

Still not convinced? ENERGY STAR qualified LEDs are worth the extra money because they:

Learn more about LEDs by visiting energystar.gov

Source:

Lines - Delmarva.Com
December 2008

[/info/home/lighting] permanent link

Tue, Dec 09, 2008 9:48 pm

Transferring FTP Voyager Settings Between Systems

FTP Voyager, from Rhino Software, Inc. stores profile settings for a user in C:\Documents and Settings\username\Application Data\RhinoSoft.com\FTP Voyager\FTPVoyager.ftp, where username is the userid for the relevant user. Note: this is true for version 12.3.0.1 of FTP Voyager, but may not be true for all versions. Note, also, that you won't see the .ftp file extension if the system is configured to hide extensions for known file types.

So, if you need to reinstall FTP Voyager on another system, but wish to retain a user's individual FTP Voyager configuration information, such as personal FTP sites, which would appear under the FTP Voyager FTP Site Profile Manager, and scheduled file transfers, you should transfer this file from the old system to the new system and place the file in the corresponding directory on the new system.

[/network/ftp] permanent link

Mon, Dec 08, 2008 7:36 pm

Saving a Word Document as a Filtered Web Page

When saving a Word document, at least in Word 2003, you have the option of saving as "Web Page" or "Web Page, Filtered". You should get a smaller file if you use the filtered web page option. E.g., for one particular Word document, I found the size was half as much when I used the filtered option versus the unfiltered option, i.e. 26 KB for the filtered file versus 54 KB for the unfiltered version.

If you select "Web Page, Filtered" for the output file format, Word doesn't include tags that only have meaning to itself. Those tags might be useful if you are reopening the file to be edited again with Word, but don't need to be there for people viewing the document in their web browser or if it is to be edited later with an HTML editor. E.g., for one document the following code was in the head section of the HTML file in the unfiltered version, but not the filtered version.

<!--[if gte mso 9]><xml>
 <o:DocumentProperties>
  <o:Author>Gail V. Williams</o:Author>
  <o:LastAuthor>John Smith</o:LastAuthor>
  <o:Revision>2</o:Revision>
  <o:TotalTime>2</o:TotalTime>
  <o:LastPrinted>2008-10-22T10:25:00Z</o:LastPrinted>
  <o:Created>2008-12-05T21:57:00Z</o:Created>
  <o:LastSaved>2008-12-05T21:57:00Z</o:LastSaved>
  <o:Pages>1</o:Pages>
  <o:Words>1108</o:Words>
  <o:Characters>6317</o:Characters>
  <o:Company>Home</o:Company>
  <o:Lines>52</o:Lines>
  <o:Paragraphs>14</o:Paragraphs>
  <o:CharactersWithSpaces>7411</o:CharactersWithSpaces>
  <o:Version>11.9999</o:Version>
 </o:DocumentProperties>
</xml><!--[if gte mso 9]><xml>

When you save a document as a filtered webpage, you will get a warning such as "Saving Test.doc in this format (Web Page, Filtered) will remove Office-specific tags. Some Office features may not be available when you reopen this page. Do you want to save the document in this format?". If you retain the original Word document in .doc format as well as the new filtered HTML version of the file, you can always re-edit the original copy, if you have any concerns about needing to retain the Microsoft Word specific information.

References:

  1. About using filtered HTML
    Microsoft Office Online
  2. Reduce Web page size by filtering HTML
    Microsoft Office Online

[/os/windows/office/word] permanent link

Fri, Nov 21, 2008 5:27 pm

DC++ Shared File Locations

DC++, a Peer to Peer (P2P) filesharing program, stores settings in DCPlusPlus.xml, which you will find in the directory where it is installed. You will find the locations of shared files between share tags. The following is an example.


       <Share>
		<Directory Virtual="Comics & Etc">S:\Comics & Etc\</Directory>
		<Directory Virtual="Cartoons">T:\Cartoons\</Directory>
		<Directory Virtual="Books">T:\Books\</Directory>
	</Share>

[/network/p2p] permanent link

Thu, Nov 06, 2008 10:02 pm

NSA and the Army Seek Quantum Physics Answers

The NSA and the US Army Research Office are seeking answers to quantum physics questions. They have 3 broad goals:

The agencies expect to make one to three awards of less than two hundred thousand per year in 2009.

The agencies stipulate that "Investigators should presuppose the existence of a fully functional quantum computer and consider what algorithmic tasks are particularly well suited to such a machine."

References:

  1. NSA and Army on quest for quantum physics jackpot
    Date: October 28, 2008
    Network World

[/news] permanent link

Thu, Nov 06, 2008 10:00 pm

Eight Common Social Engineering Tactics

Network World, posted an article Social Engineering: 8 Common Tactics that lists common tactics used by people hoping to glean information by social engineering techniques that will allow them to break into systems, learn sensitive information, or manipulate people into taking action that benefits the social engineer, e.g. using spam to tout a stock and drive up its price temporarily.

[/security/social_engineering] permanent link

Mon, Nov 03, 2008 8:03 pm

Renaming a category in Microsoft Money 2007

To rename a category in Microsoft Money 2007, take the following steps in Money:
  1. From the home screen, where you see Account List, Account Register, Cash Flow, Manage Online Services, etc., click on Account List.
  2. You will see a menu bar above the Account List with Account Tools. Morgages & Loans, etc. on it. Click on Account Tools and select Categories & Payees.
  3. Find the category or subcategory you wish to rename, and right-click on it and choose Rename.
  4. Type the new name for the category and click on the OK button.

Any entries in Money, that were under the previous name for the category will now be under the new name.

[/os/windows/software/financial] permanent link

Thu, Oct 23, 2008 10:30 pm

Checks on ThelmaLou

When I logged into the ThelmaLou system as the administrator to check it today, I saw the following error message:

applnch.exe - Ordinal Not Found
The ordinal 140 could not be located in the dynamic link library MAPI32.dll

OK

 

When I clicked on OK, I then saw the following:

hkcmd Module
hkcmd Module has encounterd a problem and needs to
close. We are sorry for the inconvenience.
If you were in the middle of someting, the information you were working on
might be lost.

For more information about this error, click here.

Close

 

When I clicked on "click here", I saw the following error signature information:

AppName: hkcmd.exe	 AppVer: 3.0.0.1607	 ModName: oleaut32.dll
ModVer: 5.1.2600.3266	 Offset: 000344f1 

The file C:\DOCUME~1\ADMINI~1.MAY\LOCALS~1\Temp\c0f3_appcompat.txt was associated with the error report.

I checked the system with Bazooka Adware and Spyware Scanner, even though it's malware definitions haven't been updated in almost a year; they are 340 days old now. It didn't find any malware.

I then checked the system with Spybot Search & Destroy. It reported Microsoft.WindowsSecurityCenter_disabled. with registry entry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start (is not)W=2, but nothing else, aside from 2 cookies. I eliminated the two cookies, one for DoubleClick and one for ValueClick.

[/security/scans] permanent link

Thu, Oct 23, 2008 10:18 pm

Multiple Hbpoid.exe and Hpbpro.exe Processes Running

When I checked a Windows XP Professional Service Pack 2 system for which I had received a report from the user that it was running very slowly, I found multiple HPBOID.EXE and HPBPRO.EXE processes running. I counted them with tasklist /fi "imagename eq hpboid.exe" | find /c /i "hpboid.exe" and tasklist /fi "imagename eq hpbpro.exe" | find /c /i "hpbpro.exe". I found there were 63 instances of hpboid.exe and 49 instances of hpbpro.exe running. The processes were each taking from 56K to 76K of memory.

At hpboid.exe Windows process - What is it?, I found the hpboid process described as follows:

The process HP Status Server Module belongs to the software HP Status Server or HP Deskjet or HP Status Server Module by Hewlett-Packard Company (www.hp.com).

Description: File hpboid.exe is located in a subfolder of C:\Windows\System32 or sometimes in the folder C:\Windows\System32. Known file sizes on Windows XP are 73728 bytes (96% of all occurrence), 61440 bytes.
The program has no visible window. File hpboid.exe is not a Windows system file.

At have multiple hpboid.exe & hpbpro.exe processes, WHY?, I found others reporting the same problem. Someone posted the following script as a solution for eliminating the processes.

net stop spooler
sleep 5
taskkill /F /IM HPBOID.exe
taskkill /F /IM HPBPRO.exe
sleep 5
net start spooler

The poster suggested the script be saved as kill_hpprocess.cmd and run through the Windows task scheduler. The poster stated he found the script at HPBOID.EXE remove it permanently. The author of the blog article there states the following:

Some HP Printer drivers install a service called HP Status Server based on an executable called hpboid.exe, on terminal service machine it start itself many times and it doesn't remove it whenever user disconnect itself consuming too much resources.

He offers some steps to solve the problem on that webpage. Someone else posted the script there as a way to solve the problem. Another poster suggests the problem can be solved instead following advice from Hewlett-Packard (HP), which is the company responsible for hpboid.exe and hpbpro.exe. He references HP Deskjet 6980 Series Printer - Computer Crashes when Printing Over a Network and Network Task Manager Shows Multiple Instances of hpboid.exe Running

The HP webpage lists the following as solutions to the problem:

Issue
Task Manager shows multiple instances of hpboid.exe running. This consumes all the resources and the computer ultimately crashes. This happens when the printer is printing over a network.
Solution
Choose one of the solutions below.
Solution one
Follow the steps below to resolve this issue.
  1. Click Start , and then click Run.
  2. In the Run dialog box, type services.msc and click OK.
  3. Search for HP status server and right-click it. Click Properties, and then click Stop
  4. Click Apply and then click OK.
  5. Check whether the issue persists. If the issue persists, repeat the same steps for HP port resolver and stop this service.
Solution two
Search for hpboid.exe and delete the file. Deleting the file will not affect the printing functionality.

I followed the steps HP listed in solution one. I stoped the HP Status Server service. That reduced the number of hpboid.exe processes by only one, however, from 63 to 62. It did not reduce the number of hpbpro.exe processes. I stopped the HP Port Resolver service. That reduced the number of hpbpro.exe processes by one from 49 to 48. Since there were still many instances of each process running, I killed all of the others with the following commands:

taskkill /f /fi "imagename eq hpboid.exe"
taskkill /f /fi "imagename eq hpbpro.exe"

I saw a substantial reduction in the amount of memory being used when I killed all instances of those two processes.

References:

  1. hpboid.exe Windows process - What is it?
    file.net - Windows XP file forum
  2. have multiple hpboid.exe & hpbpro.exe processes, WHY?
    September 21, 2007
    Experts Exchange
  3. HPBOID.EXE remove it permanently
    October 2007
    Vittorio Pavesi
  4. HP Deskjet 6980 Series Printer - Computer Crashes when Printing Over a Network and Network Task Manager Shows Multiple Instances of hpboid.exe Running
    Hewlett-Packard Development Company, L.P.

[/os/windows/printers] permanent link

Thu, Oct 23, 2008 3:55 pm

Setting the Time Zone from the Command Line

After moving my Outlook data to another laptop, which was running Windows XP Home edition, I noticed that the timestamp on messages appeared to be hours behind when I thought the messages were likely received. When I sent a message where my own address was on the cc line, I noticed that there was a 3 hour difference between the timestamp on the message in my sent folder and the one I received in my Outlook inbox. I thought the timezone was likely set incorrectly, but when I tried cheking it from the account I was logged in under by clicking on the time in the lower right-hand corner of the screen, I recieved a message that "You do not have the proper privilege to change the System Time." Since I had a lot of applications open, I didn't want to close all of my open files, logoff, logon under an administrator account, change the time zone, log back into my account, and then reopen all of the applications and files I had open previously. There is a way that you can check the time zone and change it from the command line.

I used the runas command to run the following command under an administrator account on the system. In this case the "owner" account was in the administrators group on the system.

C:\>runas /user:owner "RunDLL32 shell32.dll,Control_RunDLL %SystemRoot%\system32\TIMEDATE.cpl"

That command opened the Date and Time Properties window. When I clicked on the Time Zone tab, I found the time zone set to "GMT-8:00 Pacific Time (US & Canada)", whereas it should have been set to "GMT-5:00 Eastern Time (US & Canda)". I could now change the timze zone.

The time zone can also be specified on the command line rather than changing it through the Date and Time Properties window. E.g. the command C:\>runas /user:owner "RunDLL32 shell32.dll,Control_RunDLL %SystemRoot%\system32\TIMEDATE.cpl,,/Z US Eastern Standard Time" would allow one to change the time zone to "(GMT-5:00) Indiana (East)". Of course, you don't need the runas /user:owner, if you are already logged into the system as an administrator.

NOTE: You do not encapsulate the time zone string in quotation (") marks. I have quotation marks around the entire rundll32 command for entering a command with spaces in it to the runas command.

You can see what the values are that you should use on the command line for your specific time zone by running regedit and navigating to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Current Version\Time Zones\.

In this case, I needed to use RunDLL32 shell32.dll,Control_RunDLL %SystemRoot%\system32\TIMEDATE.cpl,,/Z Eastern Standard Time rather than using "US Eastern Standard Time" to have the time zone be "(GMT-5:00) Eastern Time US & Canada". The value that appears under the Time Zone tab in the Date and Time Properties window is what is listed for the display value under each time zone within the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Current Version\Time Zones\ registry key.

When I changed the time zone, the time changed also to match the time zone change. I needed to reset it, which I did by opening a command window from the "owner" administrator account using runas /user:owner cmd. I then used the time command to reset the time.

References:

  1. JSI Tip 7525. How do I set the Time Zone from the command line?
    A Web Exclusive from FAQ for Windows
    Jerold Schulman
    WindowsITPro

[/os/windows/xp] permanent link

Fri, Oct 10, 2008 11:45 pm

Querying the Dell Service Tag with VBS

I needed to produce a list of the service tags for all of the Dell systems at a site. I found a Visual Basic script at Query Dell Service Tag that could query a Dell system for the service tag. There were two versions there, one that would request the system name through a pop up window and another that could be run from a command prompt.

I wanted to be able to run such queries from a command prompt, so the second version appealed to me. But it only queried one system at a time, so I modified the script to allow me to specify multiple systems at one time on the command line. The updated script is available at Dell-ServiceTag.vbs.

Usage:

cscript /nologo Dell-ServiceTag.vbs a b c

Output: 

Computer: a Dell Service Tag: AGXQVD1
Computer: b Dell Service Tag: BRKF462
Computer: c Dell Service Tag: 1NFWLB3

[/languages/vbs] permanent link

Fri, Sep 26, 2008 12:51 pm

Maillog Not Rotating

The maillog file in /var/log had been rotated every night to produce maillog.1, maillog.2, etc. on a CentOS Linux server. But the log file rotation stopped at some point and the maillog file has been growning huge. The file contains entries related to messages processed by sendmail on the system.

In email from the Cron Daemon to the root account, I found messages with the following within them:

/etc/cron.daily/logrotate:

error: syslog:1 duplicate log entry for /var/log/maillog

I checked /etc/logrotate.conf, but didn't find any references to rotation of the maillog file there.

Contents of /etc/logrotate.conf:

# see "man logrotate" for details
# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# uncomment this if you want your log files compressed
#compress

# RPM packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own wtmp -- we'll rotate them here
/var/log/wtmp {
    monthly
    minsize 1M
    create 0664 root utmp
    rotate 1
}

# system-specific logs may be also be configured here.

I then checked the /etc/logrotate.d directory. I found maillogrotate there.

Contents of /etc/logrotate.d/maillogrotate:

# Begin maillogrotate control file
/var/log/maillog {
   daily
   rotate 14
   sharedscripts
   create 0600 root root
   missingok
   postrotate
   /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
   endscript
}
# End maillogrotate control file

I also checked the /etc/logrotate.d/syslog file, since syslog may rotate the file.

Contents of /etc/logrotate.d/syslog:

/var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron {
    sharedscripts
    postrotate
        /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
        /bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true
    endscript
}

So it appears that both the /etc/logrotate.d/maillogrotate and the /etc/logrotate.d/syslog files were attempting to rotate the maillog file on a daily basis.

Checking notes posted on my blog, I found I resolved the problem on another email server, a Redhat Linux server, on Friday, September 17 of 2004, almost exactly 4 years ago, and had posted my notes in Daily Rotation of Mail Logs. In that case, I had removed the /var/log/maillog reference from /etc/logrotate.d/syslog, so I did the same thing in this case as well. But this time, I decided to leave the maillogrotate file in /etc/logrotate.d.

Checking my notes for the CentOS email server, I see that I had in the past removed the /var/log/maillog reference from /etc/logrotate.d/syslog. Some installation or upgrade must of led to the version of the file I created then being overwritten.

References:

  1. [Rocks-Discuss] /var/log/maillog in syslog.conf vs. /var/log/mail in logrotate.d/rocks
    Date: September 13, 2006
    SDSC Mailing List Server
  2. Pflogsumm issues
    Date: July 16, 2008
    HowtoForge - Linux Howtos and Tutorials
  3. Configuration: centos50
    System Configuration Collector (SCC)
  4. What the hell is rotating my mail.log?
    Date: February 23, 2007
    Stephan Paukner
  5. Rotating Linux Log Files - Part 1: syslog
    Date: Nisan 22, 2007
    Netlojik
  6. Logging, Log File Rotation, and Syslog Tutorial
    Wayne Pollock's Home Page
  7. Daily Rotation of Mail Logs
    Date: September 17, 2004
    MoonPoint Support

[/network/email/sendmail] permanent link

Tue, Sep 16, 2008 11:45 am

Did Al Gore Say He Invented The Internet?

The answer is "no". He did make a statement in an interview with Wolf Blitzer of CNN about his role in the creation of the Internet, but that statement was taken out of context to be used as a political attack tool. I've heard Al Gore mocked many times for his supposed statement and found someone else making what appeared to be a sarcastic comment in a post today to an article "The Web back in 1996-1997"

As I posted there, I would like to point out that he never claimed to have invented the Internet (see the Snopes article "Internet of Lies"). For a much fuller discussion of the topic and some history on the Internet’s development and Gore’s role in supporting advanced networking initiatives, I would recommend “ Al Gore and the Creation of the Internet

His early vision of its potential and his support for funding of advanced networking activities was important. Vint Cerf, who has, I think appropriately, been dubbed the “father of the Internet” for his technical contributions, along with Bob Kahn, in designing the Internet Protocol, has credited Gore’s early support for advanced networking efforts (see "Vint Cerf responded to MSNBC").

I see the same tactic of taking an opponent’s statements out of context being widely used in the current campaign by both parties. Unfortunately, I suspect many Americans will make up their minds based on what they see in political ads that are designed to mislead them. The tactic used so successfully against Gore still works.

[/network/Internet] permanent link

Tue, Sep 16, 2008 9:27 am

CA Anti-Spyware Scan of J

I checked a Windows XP Professional Service Pack 3 system, J, with CA Anti-Spyware 2008 LE. That version is free and will detect malware, but not remove it. You can purchase a license to have the software remove any malware it finds.

[ More Info ]

[/security/spyware] permanent link

Sun, Sep 14, 2008 7:55 pm

CopSSH Installation on Windows Vista

I installed copSSH 1.4.6 on a Windows Vista Ultimate system. The software is an implementation of an SSH server and client for Windows systems. I had been using OpenSSH for Windows 3.8.1p1 on Windows 2000 and XP systems, but I haven't been able to get it to work under Windows Vista. I haven't had any problems getting copSSH to function as an SSH server under Vista.

At the end of the installation, the installation software displays the message below:

copSSH 1.4.6 Setup

After the installation, I clicked on Start, selected All Programs, then COPSSH, then Activate a User.

copSSH User Activation Wizard

I selected a user and then proceeded to the next step where I typed in a passphrase, which is used to protect the private key for the account.

copSSH Passphrase

I then clicked on the Activate button, which produced the message below.

copSSH Compatibility Assistant

I selected the "This program installed correctly" option.

Since the system was using the firewall capability built into Windows Vista, I then clicked on the Start button, selected Control Panel, then Security then Windows Firewall, and then Change Settings.

Windows Firewall Settings

I clicked on the Exceptions tab and then selected Add Port. At the Add Port window, I specified copSSH as the name for the firewall port and the default SSH port, which is port 22. SSH uses the TCP protocol.

Windows Firewall - Add a Port

I clicked on Ok and then OK again to create the firewall rule for copSSH. I was then able to use PuTTY to log into the system from another system.

If you would like to use another port other than the default port of 22, you need to edit the sshd_config file, which you will find within the etc directory beneath the directory in which you installed copSSH, e.g. \Program Files\copSSH\etc\sshd_config.

I suggest editing the file with WordPad rather than Notepad, because WordPad can handle the end of line characters used in the file so that each line appears one beneath the other rather than all lines appearing as one long line as they will in Notepad. WordPad can deal with the end of line character used on Unix and Linux systems better than Notepad. The file uses the linefeed character common for files on Unix and Linux systems rather than the combination of carriage return and linefeed characters that Microsoft Windows uses.

To change the port, locate the line below. Remove the "#" from the beginning of the line, which turns the line into a comment line. Then replace 22 with whatever number you wish to use for the port.

#Port 22

When you've changed the port, you will need to restart the SSH server service, which you can do by rebooting or simply stopping and restarting the service. To stop and restart the service from the command line, obtain a command prompt. If you aren't logged into an administrator account, you can use the command runas /user:administrator cmd from a command prompt to open another command prompt window under the administrator account.

C:\>net stop "Openssh SSHD"
The Openssh SSHD service is stopping.
The Openssh SSHD service was stopped successfully.


C:\>net start "Openssh SSHD"
The Openssh SSHD service is starting.
The Openssh SSHD service was started successfully.

You can verify copSSH is listening on the new port using the netstat command. E.g., if you set the port to 5622, you could use the command below:

C:\>netstat -an | find "5622"
  TCP    0.0.0.0:5622          0.0.0.0:0              LISTENING

[/os/windows/network/ssh/copssh] permanent link

Sun, Sep 14, 2008 1:38 pm

Setting F-Secure Resce CD to Automatically Reboot

I needed to scan a system with an F-Secure Rescue CD 2.00. I started the scan late at night and wanted to go home to sleep before the scan completed. But I wanted the system to reboot into Microsoft Windows after the scan was completed. Since the results of the scan are stored in /tmp, which exists only in the system's memory when the system is booted from the F-Secure Rescue CD, I also wanted the output log files produced by the scanning process to be stored somewhere where I could access them after the reboot.

When a scan is started, the following is displayed:

Scanning


Scanning all filesystems mounted under /mnt/scan/ directory.
The results of the scan will be saved in /tmp/scan_results.txt

Alt-F1 This screen.
Alt-F5 To see details of files being scanned.
Alt-F6 To see any malware found.
Ctrl-C TO cancel scanning.

You can also use Alt-F2, Alt-F3, or Alt-F4 to get a shell prompt. I used Alt-F2 to obtain a shell prompt.

When a system is booted from the rescue CD, the hard drive on the system is mounted under /mnt/scan. In this case, the hard drive is an IDE drive designated as hda2 by Linux, which is the operating system used on the F-Secure Rescue CD. So I could store the log files, which are as follows, somewhere under /mnt/scan/hda2.

scan_error.txt
scan_log.txt
scan_results.txt

On this system there was a C:\TEMP directory, so I decided to store them there. You can see the directories on the hard drive using the ls command, e.g. ls /mnt/scan/hda2/.

Using the pico editor on the CD, I created a script, which I named rebootwin in the /tmp directory to automatically reboot the system after 9 hours, presuming that the scan of the system should certainly be completed within that time (it took about 3 hours).

root@tty2[/]# cd /tmp
root@tty2[tmp]# pico rebootwin

I put the following commands in the script:

#!/bin/bash
date
sleep 9h
cp scan*.txt /mnt/scan/hda2/TEMP/.
reboot

The script prints the date and time and then "sleeps" for 9h. When that amount of time has elapsed, it copies the log files from the scanning process from the /tmp directory to the C:\TEMP directory on the system's hard drive. The system is then rebooted. If the system is set to boot from the hard drive first, rather than a CD-ROM drive, it will boot into Windows from the hard drive. If the system's BIOS is set to attempt to boot the system first from a CD in a CD-ROM drive, it will reboot from the F-Secure Rescue CD, but, unless a key is hit within a few seconds, it will not continue with a reboot into the antivirus scanning software, but will instead boot from the system's hard drive.

I saved the script with Ctrl-X and then made the script executable with the chmod command. I then started the script with ./rebootwin.

root@tty2[tmp]# chmod 755 test
root@tty2[tmp]# ./rebootwin
Sat Sep 13 23:52:46 UTC 2008

The next morning, I was able to check the results of the scanning process by examing the log files on the system's hard drive.

[/security/antivirus/f-secure] permanent link

Sat, Sep 13, 2008 11:31 pm

Scan of J with AVG and F-Secure Rescue CDs

I've been continuing to check a Windows XP Pro system, J, which became infected on September 8, with programs to detect any malware that might remain on the system. I used AVG Rescue CD and an F-Secure Resce CD 2.00 to check the system tonight.

[ More Info ]

[/security/antivirus/f-secure] permanent link

Sat, Sep 13, 2008 4:52 pm

Rootkit Checks on J on 2008-09-13

I had checked a system, J, that had malware on it earlier in the week with the rootkit detection program, BlackLight from F-Secure. Today, I checked the system with two other rootkit detection programs, Rootkit Hook Analyzer from Resplendence Software Projects and RootkitRevealer from Microsoft. The software was originally developed by Sysinternals; Microsoft acquired Sysinternals in 2006.

I did not find any rootkit software on the system with any of the 3 rootkit revealers I used.

[ More Info ]

[/security/spyware] permanent link

Wed, Sep 10, 2008 11:00 pm

Infection Checks on 2008-09-10

I ran further checks on September 10, 2008 on a system that I found infected with Virantix and other malware on September 9 (see Infection by Virantix - braviax.exe).

[ More Info ]

[/security/spyware] permanent link

Wed, Sep 10, 2008 12:27 am

Infection by Virantix - braviax.exe

After a user attempted to open an attachment on an email message that was ostensibly from Southwest Airlines, but which was really malware, her system rebooted and kept popping up a ballon message from the system tray that "It is recommended to use special antispyware tools to pervent data loss. Windows will now download and install the most up-to-date antispyware for you." The message, which misspelled "prevent" was really coming from rogue antispyware software. Such messages are common to rogue antispyware that attempts to trick users into buying the software after the software has managed to surreptitiously install itself.

[ More Info ]

[/security/spyware] permanent link

Wed, Sep 03, 2008 6:27 pm

Remembering Text for a Regexp Replacement in Vi

I needed to insert a space between months and years in text in a document while using Vim, a version of the Vi editor for Windows systems. The text was as shown below:
December1999 Edition
November1999 Edition
October1999 Edition
...
March1996 Edition
February1996 Edition
January1996 Edition
With Vi, regular expressions can be used to search for and replace text. In this case I could use :.,$ s/199\(\d) Edition/ 199\1/ to perform the substitution.

To search from the line I was on to the end of the document I can use .,$. With the substitute s command, you can search and replace text with commands of the form s/old text/new text. You can use the i option, if you don't want the case of letters to be considered, i.e. if you wish "A" and "a" to be treated the same, then you can use s/old text/new text/i. You can use the g option, if you wish to replace all occurrences of old text on the line, for cases where the text may occur multiple times on the same line, e.g. s/old text/new text/g. You can use whatever delimiter you wish to separate the parts of the command, e.g. you can use s:old text:new text:.

The \d in the command indicates that I am only looking for digits, i.e. 0 to 9. By enclosing the \d in parentheses, i.e. by using (\d), I can have the editor "remember" whatever it found between the parentheses. Then I can have it insert what it has remembered in the replacement text by using \1. If I had used multiple parentheses at various parts in the search text, then the second string I wanted remembered would be indicated with a \2. In this case the last digit of the year was all I wanted the editor to remember and insert appropriately in the substitutiong text.

If you wish to search an entire document, you can use 1,$ to represent the first line of the file through the last line, or you can just use % to represent the entire file.

:% s/199\(\d) Edition/ 199\1/

References:

  1. Vim Regular Expressions - Substitute Command

[/software/editors/vi] permanent link

Mon, Sep 01, 2008 3:34 pm

Rootkit Detection Software

Rootkits allow a malefactor to take control of another's system. There are free programs to help detect rootkits on a Windows system. Two such programs are BlackLight from F-Secure and RootkitRevealer from Sysinternals, which has been acquired by Microsoft.

To use BlackLight, simply download it and run the downloaded file. There is no installation process. When the scan is completed, BlackLight will report whether it found any hidden processes, files, or folders that may be part of a rootkit.

BlackLight Scan Completed

Analysis of the results of a RootkitRevealer scan requires more technical competence as some of the entries you see listed in its report may be normal for Windows systems and not necessarily a sign that the system has been "rootkitted".

RootkitRevealer

[/os/windows/software/security/antimalware/rootkit] permanent link

Sat, Aug 23, 2008 3:42 pm

GSpot

When attempting to playing a movie file, such as an AVI, you may find that the audio and/or video doesn't play because of a missing codec. One solution is to use a audio/video player, such as VLC, which has built-in support for a wide variety of audio/video codecs. Or, if you prefer to stick with the media player you are accustomed to, such as Windows Media Player, then you can use a program, such as GSpot to identify the missing codec.

[ More Info ]

[/os/windows/software/audio-video/GSpot] permanent link

Sat, Aug 23, 2008 3:17 pm

VLC Media Player

VLC media player is a free cross-platform media player, which runs on Microsoft Windows, Mac OS X, BeOS, Syllable, and GNU/Linux systems. It also runs on BSD and Solaris systems. It is released under a GPL version 2 license.

VLC media player is a highly portable multimedia player for various audio and video formats, such as MPEG-1, MPEG-2, MPEG-4, DivX, mp3, ogg, etc, as well as DVDs, VCDs, and various streaming protocols. It can also be used as a server to stream with extended features, such as video on demand, on the fly transcoding, etc., in unicast or multicast in IPv4 or IPv6 on a high-bandwidth network. It doesn't need any external codec or program to work.

VLC media player

VLC supports the following types of files and, when installed, will make itself the default program for opening these types of files, unless you specify otherwise.

VLC File Type Associations

Audio Files

.a52
.aac
.ac3
.dts
.flac
.mka
.mp1
.mp2
.mp3
.ogg
.spx
.wav
.wma

Video Files

.asf
.avi
.divx
.dv
.m1v
.m2v
.mkv
.mov
.mp4
.mpeg
.mpeg1
.mpeg2
.mpeg4
.mpg
.ps
.ts
.ogm
.vob
.wmv

Other

.asx
.bin
.cue
.m3u
.pls
.vlc

References:

  1. The VideoLAN Web site
  2. VLC ReadMe

[/os/windows/software/audio-video/VLC] permanent link

Mon, Aug 18, 2008 8:21 pm

Transferring BlackBerry Filters to Another System

To transfer BlackBerry email filters from one system to another, take the following steps. Note: these steps were written for BlackBerry Desktop Manager Version 4.2.2.12 [Mar 19 2007] running on a Windows XP system.
  1. Click on Start.
  2. Select Programs.
  3. Select BlackBerry.
  4. Select BlackBerry Desktop Manager.
  5. Double-click on Email Settings.
  6. Click on the Filters tab.

    Email Settings Filters

  7. Click on Save.
  8. Save the filters to an .rfi file.
  9. Take the saved file to the other computer and go through the same steps, except click on Load to load the filters, rather than Save to save them.
  10. [/network/email/blackberry] permanent link

Sun, Aug 17, 2008 11:30 pm

Symantec Backup Exec 12 Installation

I installed Symantec Backup Exec 12 on a server tonight. I didn't have time to try it after I installed it. I had been using Norton Ghost 7.5 for backups of systems in the domain from that server, but the installation of Backup Exec caused Ghost 7.5 to stop working when I first rebooted the system after the Backup Exec installation. However, when I rebooted again, I received a VXValidate.exe error message, but Norton Ghost 7.5 worked.

[ More Info ]

[/os/windows/utilities/backup/backup_exec] permanent link

Sun, Aug 17, 2008 5:26 pm

Norton Ghost 7.5 - Realtek RTL8139 NIC

After replacing the motherboard in a Gateway PC, I had to update the template used by Norton Ghost 7.5 to reflect the network controller built into the motherboard of the new system. The built-in controller was a Realtek RTL8139 Family PCI Fast Ethernet NIC. I've included the necessary NDIS2 driver and instructions for configuring Ghost 7.5 to use it at Norton Ghost 7.5 - Realtek RTL8139 NIC

[/os/windows/utilities/backup/ghost] permanent link

Sat, Aug 16, 2008 5:14 pm

Ozdok/Mega-D Infected System

I encounted some problems disinfecting a system infected with the Ozdok/Mega-D trojan.

[ More Info ]

[/security/trojans] permanent link

Fri, Aug 15, 2008 6:38 pm

Belkin Wireless G Router Model F5D7230-4 Logs

I tested a Belkin Wireless G Router Model F5D7230-4 router that I had purchased for home use by my mother-in-law, but later replaced with a Linksys wireless router after she had a network access problem that I traced to the Belkin router not responding. I thought I might be able to use it to isolate and test systems that I suspected were infected with malware.

The version information for the router I tested is shown below:

Firmware version:F5D7230-4_US_8.01.07
Boot version:v1.01
Hardware version:F5D7230-4 6000

The Belkin F5D7230-4 router has a security logging feature that shows a "system log" and a "firewall log", but the logging capabilities provided by the router are extremely limited. There's no way to have a log transmitted by email or for log information to be transmitted from the router by syslog. And the information logged is very rudimentary.

The example below shows entries in the system log for attemnpts I made from a system at 192.168.2.4, which was on the WAN side of the router, to login with an incorrect password, from a system that wasn't allowed to remotely manage the router. The entries in the firewall log section are from an nmap scan I ran against the router from a system on the WAN side of the router.

Log File
System log:

Administrator login fail, Access deny - IP:192.168.2.4
Administrator login fail, Access deny - IP:192.168.2.4
Administrator login fail, Access deny - IP:192.168.2.4
Friday Aug 15 15:22:05 2008 - 192.168.5.4 login
Administrator login fail, Access deny - IP:192.168.2.4
Administrator login fail, Access deny - IP:192.168.2.4
Friday Aug 15 15:22:09 2008 - 192.168.5.4 login
Administrator login fail, Access deny - IP:192.168.2.4
Administrator login fail, Access deny - IP:192.168.2.4
Friday Aug 15 15:22:29 2008 - 192.168.5.4 login


Firewall log:
Friday Aug 15 15:24:00 2008 1 Blocked/RST by DoS protection 192.168.2.5
Friday Aug 15 15:25:13 2008 1 Blocked/RST by DoS protection 192.168.2.5
Friday Aug 15 15:26:20 2008 1 Blocked/RST by DoS protection 192.168.2.5
Friday Aug 15 15:27:32 2008 1 Blocked/RST by DoS protection 192.168.2.5

The router provides the capability to set "client IP filters" that allow one to limit outbound access through the router from systems on the LAN side of the router. You can specify an IP range and port range to be blocked and whether the block should apply only during specified days of the week and times or whether the block should always apply. And you can easily enable and disable a block. Using that capability you can limit outbound email access to only certain systems, etc.

There is also a "Parental Control" feature. Belkin states "Belkin's Parental Control protects you and your children/employees from objectionable content on the web. Parental Control comes pre-configured to block many types of web content, but is custom configurable to be more or less restrictive. Any web site can easily be set to be either, always blocked, or always allowed." That feature requires a subscription to Belkin's parental control service.

I had hoped that, if I specified a port block in the client IP filters section, I would see firewall log entries, if a system on the inside of the router attempted to access a system on the outside on a blocked port. Alas, no entries appear in the firewall log in such cases. For me, that makes the firewall logging capability provided by the router too limited to be of much value. I'd have to put a real firewall in front of it.

And for rating its security, you can access a lot of information from the router without even logging into it. If you use your web browser to access the router you can see the following information without logging into the router:

Version Info LAN Settings
Firmware Version LAN/WLAN MAC
Boot Version IP Address
Hardware (model number) Subnet Mask
Serial No. DHCP Server (enabled/disabled)
 
Internet Settings Features
WAN MAC Address NAT (enablded/disabled)
Subnet Mask SSID
WAN IP Security (enabled/disabled)
DNS Addresses  

If the router is going to be used strictly for home use, making that information so readily available may not be a big concern, since, hopefully, family members connected by cables to the router can be reasonably trusted. Hopefully, wireless protection has been activated, so that no one can easily access the device, since providing all of that information so readily then could make an attacker's job much easier.

In addition to the lack of logging functionality, I have concerns regarding the router's reliability. I replaced it at my mother-in-law's house after she had some problems printing via the wireless interface in her laptop. I traced the problem to the Belkin router not responding. Powering the router off and on resolved the problem, but this happened a couple of times and I thought it best to replace the router. I also encountered problems with the router not responding when I tested it. The problems occurred within just a few minutes of testing. While logged into the router from a system on the LAN side, I tried accessing it from the WAN side from a system permitted to manage the router. I wanted to see what be logged if I entered the wrong password from that system. Well, the router simply stopped responding completely. I couldn't even ping it from either the WAN or LAN side. It wouldn't provide IP addresses via DHCP and it was no longer accessible from either the LAN or WAN side by HTTP. I had to power the router off and on. I tried again with the same results. Even for a router designed primarily for home use, having to power the router off and on frequently could irritate other family members and, if it was used in a small office, users would likely find any tendency to stop responding aggravating.

[/hardware/network/router/belkin] permanent link

Thu, Aug 14, 2008 9:39 pm

Error in Netopia Router Outbound Filter Set

I had configured a Netopia R5300 router to block outgoing connections to TCP port 25, i.e. to block outgoing email traffic, except from two designated email servers, yet other systems on the LAN were also able to connect to the SMTP port (port 25) on systems outside the LAN. After checking the outbound filters (firewall rules), I finally realized I had incorrectly specified 0.0.0.0 for the subnet mask in rules rather than 255.255.255.255.

[More Info ]

[/hardware/network/router/netopia] permanent link

Thu, Aug 14, 2008 7:01 am

Opting Out of Credit Card Offers

It seems most weeks I receive several credit card offers in the mail. Since there are recycle bins in my community for paper, as well as cans and some types of plastic, I usually shred them and put the pieces in a box to be taken to the recycle bins with other items. But, since an offer I received yesterday had the following opt-out notice on the back of it, I decided it was time to opt out.

PRESCREEN & OPT-OUT NOTICE: This "prescreened" offer of credit is based on information in your credit report indicating that you meet certain criteria. This offer is not guaranteed if you do not meet our criteria. If you do not want to receive prescreened offers of credit from this or other companies, call toll free 1 (888) 567-8688; or write: Experian Consumer Opt Out, P.O. Box 919, Allen, TX 75013; Equifax Options, P.O. Box 740123, Atlanta, GA 30374-0123; TransUnion Opt Out Request, P.O. Box 505, Woodlyn, PA 19094-0505.

I called the opt-out number, 1-888-567-8688. I was informed it was the consumer credit reporting industry opt-in and opt-out number, which allows you to add or remove your name from "receiving firm offers of credit or insurance based on your credit report" with the following credit reporting services:

Experian
Equifax
Innovis
TransUnion

You can choose to add your name, i.e. opt-in, to such offers, remove your name for 5 years, or remove your name permanently. If you try to remove your name permanently, you will be informed that you have to complete a form you will be sent, so I chose to remove my name for 5 years.

You will be asked to confirm your phone number, name and address and provide your Social Security Number (SSN) and date of birth. The whole process is handled by an automated system and it only took me a couple of minutes to complete it.

When I completed the process, I was informed that my removal request would be completed within 5 business days, but that I might continue to receive offers for several months from companies to which my information had already been provided and that I might also receive offers from companies that had obtained my information by other means. Hopefully, though, I will see a substantial diminution of the daily deluge of junk mail we receive at my house.

[/financial] permanent link

Mon, Aug 11, 2008 7:03 pm

Excel Password Protection

For encrypting Excel workbooks with a password, use the following technique. Note: these steps apply to Office 2003 and 2007; for other versions the exact steps may vary.
  1. From the Excel menu select "File" or, if you are using Office 2007, click on the Office Button at the top left corner of the Excel window.
  2. Select "Save As"
  3. From the "Save As" window, select "Tools"
  4. Select "General Options"
  5. Specify a "Password to open"
  6. Click on "OK" to save the file.
A password is now required to open and view the file.

[/os/windows/office/excel] permanent link

Mon, Aug 11, 2008 6:33 pm

Password Protecting a PDF File in Adobe Acrobat

Acrobat supports public/private key encryption, but if you don't have a security certificate for another party to whom you are going to provide the encrypted document, then you need to use the "shared secret", i.e. password, approach for encrypting a PDF file where you specify a password for the document and give that password to the other party by some means other than email, e.g. by phone.

You can use the method outlined by Adobe in Set passwords for PDFs to password protect PDF files that you will then email to others.

The article mentions that PDF documents can have two types of passwords:

  1. User, aka "document open", password
  2. Pemissions, aka "master", password, which provides access controls for the PDF document

To keep unauthorized individuals from viewing a PDF file, employ a "user" password. The other type of password, which you might also want to use in some cases, controls what recipients can do with a document.

Note: there are low-cost tools readily available online to remove that type of password from a PDF file. There are also low-cost programs readily available to defeat the first type of password unless you pick a strong password, i.e. one that is not a dictionary word, car name, sports team, person's name, etc. There are plenty of password dictionaries available to allow people to crack weak passwords. Any password protection scheme is virtually worthless, if someone picks a weak password. A strong password should have at least 8 characters with a combination of characters from at least 3 character sets. Character sets include those below:

  1. Upper case letters
  2. Lower case letters
  3. Numbers
  4. Special characters, such as "!", "-", "_", "$", etc.

Open the file you want to protect in Adobe Acrobat and follow the instructions below for encrypting and password protecting the file.

  1. Click the secure button in the Tasks toolbar and choose Password Encrypt.
  2. Click on Yes when prompted "Are you sure you want to change the security on this document?" If necessary, type the Permissions password that lets you change security settings. If you don't know the password, contact the author of the PDF file.
  3. In the Password Security - Settings dialog box set the security options as desired. For the Compatibility setting, "Acrobat 5.0 or later" is the default option. That will provde 128-bit RC4 encryption. Selecting "Acrobat 3.0 or later", instead, will mean that users of older versions of Acrobat will be able to open the file, if they know the password, but I would strongly advise against choosing that option, if you need to guarantee that only someone who has been given the password can open it. If that option is selected, a 40-bit encryption scheme is used instead of 128-bit encryption. Even with a strong password, if you use 40-bit encryption, there are plenty of low-cost programs available online for anyone to easily break the password protection. With 128-bit protection, you can be confident that the protection will likely remain unbreakable for years to come (eventually increases in computing speeds, or the development of quantum computers, will likely render even that level of encryption breakable).
  4. Specify a password, click OK and then OK again.
  5. Save the file

Note: these instructions were written specifically for Adobe Acrobat 8 Standard edition, but will likely be similar for other versions.

[/os/windows/software/pdf] permanent link

Mon, Aug 11, 2008 3:01 pm

Windows Defender Detected Activity Monitor File

I performed a full scan of my HP laptop with Windows Defender after updating its definitions today to definition version: 1.4.172.0 created on 8/7/2008 at 4:00 AM.

Windows Defender Version:  1.1.1593.0
Engine Version: 1.1.3807.0
Definition Version:  1.41.172.0

Windows Defender found two items it gave a "medium" alert level. I instructed it to ignore both, since they were false positives. The first was for a download of the Activity Monitor program, which is in a "downloads" folder, but isn't installed on the system. The second occurred because SpySweeper updated the C:\WINDOWS\system32\drivers\etc\hosts file on 12/18/2006 to block nefarious sites.

NameAlert level
MonitoringTool:Win32/ActivityMonitorMedium
SettingsModifier:Win32/PossibleHostsFileHijackMedium

MonitoringTool:Win32/ActivityMonitor

Category:
Monitoring Software

Description:
This program monitors user activity, such as keystrokes typed.

Advice:
Review the alert details to see why the software was detected. If you do not like how the software operates or if you do not recognize and trust the publisher, consider blocking or removing the software.

Resources:
file:
C:\Documents and Settings\JDoe\My Documents\Downloads\activmon39full.zip->amagent39.exe

containerfile:
C:\Documents and Settings\JDoe\My Documents\Downloads\activmon39full.zip

View more information about this item online

SettingsModifier:Win32/PossibleHostsFileHijack

Category:
Settings Modifier

Description:
This program has potentially unwanted behavior.

Advice:
Review the alert details to see why the software was detected. If you do not like how the software operates or if you do not recognize and trust the publisher, consider blocking or removing the software.

Resources:
file:
C:\WINDOWS\system32\drivers\etc\hosts

View more information about this item online

[/os/windows/software/security/monitoring/activity_monitor] permanent link

Sun, Aug 10, 2008 5:13 pm

Bandwidth Testing for Verizon's BroadbandAccess Service - USB720

I've posted the results I obtained during testing this weekend of Verizon's BroadbandAccess service using a Verizon-provided USB720 modem at Bandwidth Testing for Verizon's BroadbandAccess Service - USB720

[/network/Internet/ISP] permanent link

Sun, Aug 10, 2008 1:15 pm

Using Helix for Forensics

I had come across Helix - Incident Response & Computer Forensics Live CD by e-fense before, but hadn't done anything with it. I read an article An Introduction to Digital Forensics by BJ Gleason in Linux+DVD 3/2008 and decided to try it.

[ More Info ]

[/security/forensics] permanent link

Sun, Aug 10, 2008 9:34 am

Regaining Access to Hidden Windows Account

I have a laptop running Windows XP Home Edition Service Pack 2 with one "hidden account", i.e. the account is not visible on the Windows welcome screen, which shows the accounts one can log into. I can log into that hidden account, by hitting Ctrl-Alt-Del and then putting in the username for the hidden account and its password. But a problem I have when I'm logged into that account and the screen saver activates, is that when I hit a key or move the mouse to access the system again, the system displays the welcome screen with the two visible accounts, but then hitting Ctrl, Alt, and Del won't bring up the login window where I can type in the username for the hidden account and its password.

The screen saver for the hidden account is set to the "Windows XP" screen saver with "On resume, display Welcome screen" checked.

At Hide user accounts from the Windows XP Welcome screen, one can download a tool that makes it easy to hide and unhide accounts. The webpage also mentions that the Ctrl-Alt-Del trick for logging into hidden accounts has a a pitfall - "it will fail to work if a user is still currently logged in."

If I hit Ctrl-End, the cursor is placed in the passwod field for one of the visible accounts, but hitting Ctrl-Alt-Del at that point has no effect and I can't get back into the logged in account.

I've found I can get around this problem by logging into one of the visible accounts and then immediately logging off that account. If I then hit Ctrl-Alt-Del a couple of times, I get the "Log On to Windows" user name and password prompt and can regain access to the hidden account under which I'm already logged in.

[/os/windows/xp] permanent link

Sat, Aug 09, 2008 8:01 pm

Flash Saving Plugin

I wanted to be able to view Flash movies cached by a browser, such as Internet Explorer or Firefox on a system. One free tool that allows you to view cached SWF files is Flash Saving Plugin

[ More Info ]

[/os/windows/software/network/web] permanent link

Fri, Aug 08, 2008 9:00 pm

RUBotted (Beta)

I installed a free bot detection utility from Trend Micro called RUBotted on a system to check for bot software on the system. I didn't expect to find such software on the system, but wanted to check it thorougly.

[ More Info ]

[/os/windows/software/security/antimalware] permanent link

Fri, Aug 08, 2008 12:10 pm

Adding a Link to a Local File in ELOG

I had some initial difficulties adding a link in an ELOG entry for a file stored locally on the server on which ELOG was running. I discovered that I needed to prepend a timestamp to the file name when placing it in the directory where entries are stored for the relevant logbook and then use that prepended timestamp as part of the path to the file in the URL.

E.g. for a file called samplefile.txt, I had to store it in the logbook directory as 080808_110230_samplefile.txt where 080808 represented the date for the file, August 8, 2008, and 110230 represented a timestamp for the file, i.e. 11:02:03 A.M. The date is in yymmdd format. I was then able to use http://server.example.com/sysadmin/080808_110230/samplefile.txt as the URL for the link in the logbook entry. I placed the 080808_110230 between slashes and followed it by the orginal filename.

I was then able to access the file through a link in the logbook entry.

[ More Info ]

[/network/web/blogging/elog] permanent link

Wed, Aug 06, 2008 11:09 pm

Configuring Apache as a Proxy Server

I needed to configure an Apache (version 2.0.59) server to act as a proxy server. I also needed it to continue to act as a web server. To do so, I added the 3 LoadModule directives shown below to the LoadModule section of Apache's httpd.conf, which is located in /usr/local/apache2/conf on this particular system, which is a Solaris 2.7 server (it will likely be in /etc/httpd/conf/httpd.conf, if you are running Apache on a Linux system).
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
The following lines, except for the comment lines, are also needed in httpd.conf:

#
# Proxy Server directives. Uncomment the following lines to
# enable the proxy server:
#

ProxyRequests On
#

    Order deny,allow
    Deny from all
    Allow from 192.168.1.3 192.168.1.4 127.0.0.1
In this case I wanted to limit access to the proxy server to access from the system itself, e.g. from the loopback address, 127.0.0.1, and two other IP addresses, 192.168.1.3 and 192.168.1.4. I could have also used 192.168.1 to allow access from any 192.168.1.x address.

After modifying the httpd.conf file, I restarted Apache with /usr/local/apache2/bin/apachectl restart. For a Linux system apachectl restart should suffice, though it is likely located in /usr/sbin, if you need to specify the full path.

After restarting Apache I was able to configure a browser on the system at the 192.168.1.4 address to use the Apache server as a proxy server. I used the IP address of the Apache server, 192.168.1.1 as the HTTP proxy server address with 80 as the port. I verified that the browser was using the Apache server as a proxy server by pointing the browser on the 192.168.1.4 system to www.showmyip.com. That site showed the address for the system as 192.168.1.1, i.e. it showed the connection as originating from the proxy server rather than the actual system on which the browser was being used.

I was also still able to access webpages on the website I host on the Apache server on the default HTTP port.

If you want to turn the proxy service off, you need only change the ProxyRequests On line to ProxyRequests Off and restart Apache.

References:

  1. Configuring Apache 2.0 as a Forward Proxy Server
    By: Martin Brown
    Date: January 4, 2008
    ServerWatch
  2. Configuring mod_proxy support for Apache
    IBM
  3. [/network/web/server/apache] permanent link

Tue, Aug 05, 2008 10:15 pm

Turnitin Crawler

While troubleshooting a problem with a website using wireshark, I was capturing HTTP traffic. I noticed a connection from 65.98.224.2 with the contents of the first packet received from that address showing the software accessing my support website identifying itself as shown below:

User-Agent: TurnitinBot/2.1 (http://www.turnitin.com/robot/crawlerinfo.html)

Checking the URL listed, I found the following:

Chances are that you are reading this because you found a reference to this web page from your web server logs. This reference was left by Turnitin.com's web crawling robot, also known as TurnitinBot. This robot collects content from the Internet for the sole purpose of helping educational institutions prevent plagiarism. In particular, we compare student papers against the content we find on the Internet to see if we can find similarities. For more information on this service, please visit www.turnitin.com

The Wikipedia article on Turnitin states that it is as "an Internet-based plagiarism-detection service created by iParadigms, LLC. Institutions (typically universities and high schools) buy licenses to submit essays to the Turnitin website, which checks the document for plagiarism."

I had read that many schools now use such services to deter students from submitting plagiarized papers. I've seen services offerring pre-written papers for students to submit for classes, so I can see the need for teachers to use such detection services. I didn't realize this service crawled websites to index materials on the web as part of its detection efforts, but it makes sense to me that the service would do so. This is the first time I've noticed this particular web crawler

[/network/web/crawlers] permanent link

Tue, Aug 05, 2008 9:58 pm

Installing Wireshark

I wanted to install Ethereal on a CentOS Linux system to sniff network traffic to try to resolve a problem for a website. I have tcpdump on the system, but I wanted to have a GUI tool to make analyzing the packets a little easier for me.

I ran yum install ethereal, which installed wireshark and its dependency, libsmi. Wireshark was installed, because development of ethereal has stopped and the core development team is now developing wireshark.

The FAQ for wireshark offers the following explanation of the name change.

In May of 2006, Gerald Combs (the original author of Ethereal) went to work for CACE Technologies (best known for WinPcap). Unfortunately, he had to leave the Ethereal trademarks behind.

This left the project in an awkward position. The only reasonable way to ensure the continued success of the project was to change the name. This is how Wireshark was born.

Wireshark is almost (but not quite) a fork. Normally a "fork" of an open source project results in two names, web sites, development teams, support infrastructures, etc. This is the case with Wireshark except for one notable exception -- every member of the core development team is now working on Wireshark. There has been no active development on Ethereal since the name change. Several parts of the Ethereal web site (such as the mailing lists, source code repository, and build farm) have gone offline.

After the installation completed, I tried running wireshark by issuing the command wireshark.

# wireshark
bash: wireshark: command not found

I then discovered that installing the wireshark RPM only installs a command line program, tshark. The program was installed in /usr/sbin/tshark. You can obtain help on tshark using man tshark or tshark -h. There is also documentation installed in /usr/share/wireshark/help.

I had to install wireshark-gnome to get the GUI version, which I did with yum -y install wireshark-gnome. I could then start the GUI version from a shell prompt with wireshark or start it by clicking on Applications, Internet, and then Wireshark Network Analyzer.

Since I wanted to capture only HTTP traffic, I typed HTTP in the Filter field and then clicked on the Apply button. I then clicked on Capture, Interfaces, and clicked on the Start button next to the eth0 interface to start capturing all HTTP traffic.

[/network/tools/sniffing/wireshark] permanent link

Tue, Aug 05, 2008 7:35 am

Web Developer Extension for Firefox

The Web Developer extension for Firefox adds a menu and a toolbar to the browser with various web developer tools. It is designed for Firefox, Flock and Seamonkey, and will run on any platform that these browsers support including Windows, Mac OS X and Linux.

You can install the extension by simply clicking on the link for it. When it is installed, you will be notified you should restart Firefox to complete your changes.

The extension provides the capability for one to easily view the headers or CSS information for a page, check for Section 508 compliance, display the dimentions of images on the page, and many other capabilities useful to web developers.

[ More Info ]

[/network/web/browser/firefox] permanent link

Mon, Aug 04, 2008 10:21 pm

Setting Up SquirrelMail

I wanted to set up SquirrelMail on a CentOS Linux system. After verifying that the SquirrelMail package was not already installed with rpm -qi squirrelmail, I installed the SquirrelMail package with yum install squirrelmail. The php-mbstring package is a dependency for the squirrelmail package, so it was installed as well.

SquirrelMail is installed in /usr/share/squirrelmail. The configuration files are installed in /etc/squirrelmail.

# ls /etc/squirrelmail
config_local.php  config.php  default_pref  sqspell_config.php

After the software was installed I ran the configuration script to configure SquirrelMail.

# /usr/share/squirrelmail/config/conf.pl

When I ran the configuration script, I saw the following menu:

SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Main Menu --
1.  Organization Preferences
2.  Server Settings
3.  Folder Defaults
4.  General Options
5.  Themes
6.  Address Books
7.  Message of the Day (MOTD)
8.  Plugins
9.  Database
10. Languages

D.  Set pre-defined settings for specific IMAP servers

C   Turn color off
S   Save data
Q   Quit

Command >>

I typed D and hit Enter to configure SquirrelMail for a specific IMAP server. In this case, I'm running dovecot on the server, which is one of the IMAP servers for which the configuration script can optimize SquirrelMail's settings.

SquirrelMail Configuration : Read: config.php
---------------------------------------------------------
While we have been building SquirrelMail, we have discovered some
preferences that work better with some servers that don't work so
well with others.  If you select your IMAP server, this option will
set some pre-defined settings for that server.

Please note that you will still need to go through and make sure
everything is correct.  This does not change everything.  There are
only a few settings that this will change.

Please select your IMAP server:
    bincimap    = Binc IMAP server
    courier     = Courier IMAP server
    cyrus       = Cyrus IMAP server
    dovecot     = Dovecot Secure IMAP server
    exchange    = Microsoft Exchange IMAP server
    hmailserver = hMailServer
    macosx      = Mac OS X Mailserver
    mercury32   = Mercury/32
    uw          = University of Washington's IMAP server

    quit        = Do not change anything
Command >>

I typed dovecot and hit Enter to configure SquirrelMail for the dovecot IMAP server. I was then shown the configuration options set for dovecot.

              imap_server_type = dovecot
         default_folder_prefix = 
                  trash_folder = Trash
                   sent_folder = Sent
                  draft_folder = Drafts
            show_prefix_option = false
          default_sub_of_inbox = false
show_contain_subfolders_option = false
            optional_delimiter = detect
                 delete_folder = false

Press any key to continue...

When I hit a key, I was returned to the main menu. I typed S and hit Enter to save the settings. I was informed "Data saved in config.php". I then typed Q and hit Enter to exit from the configuration script.

The system runs the Apache webserver, so I then restarted the Apache server with apachectl restart.

During the installation, the file /etc/httpd/conf.d/squirrelmail.conf is created. The file contains the following lines:

#
# SquirrelMail is a webmail package written in PHP.
#

Alias /webmail /usr/share/squirrelmail

The web interface for SquirrelMail can be accessed at http://a.example.com/webmail [substitute the actual name for your server for a.example.com]. You should see a login page where you can login to check email.

You can also test the SquirrelMail configuration using http://a.example.com/webmail/src/configtest.php [again, substitute your actual domain name for a.example.com]. When that page is displayed, you will see configuration information. The script will try to check some aspects of your SquirrelMail configuration and point you to errors whereever it can find them. You need to have run conf.pl in the config/ directory first, as I mentioned above, before you run this script. At the bottom of the webpage that is displayed, you should see "Congratulations, your SquirrelMail setup looks fine to me!"

[/network/email/squirrelmail] permanent link

Sun, Aug 03, 2008 4:25 pm

Outlook 2003 Mailbox Size Exceeded

An Outlook 2003 user received the message below:

You have exceeded the size limit on your mailbox. You can find types of items to delete or move, empty the deleted items folder, or you can have Outlook transfer items to an archive file.

I had to delete copies of messages he forwarded multiple times and archive some messages to bring the mailbox size below 2 GigaBytes (GB) [See Outlook 2003 Mailbox Size Exceeded].

I also checked the size of all other users' mailboxes on the Microsoft Exchange 6.5 server that processes his email. [See Determining Mailbox Size for All Exchange Users]

[/network/email/clients/outlook] permanent link

Sat, Aug 02, 2008 6:23 pm

ELOG Port Configuration

I installed the Electronic Logbook (ELOG) package developed by Stefan Ritt on a Windows Small Business Server (SBS) 2003 system to track work I do on the system. By default, ELOG uses port 8080, but I already had other webserver software listening on that port, so I changed the listening port for ELOG. I also configured ELOG to support SSL, i.e. to accept HTTPS connections. I also set a read and write password for access to the logbook I created.

Port Configuration
SSL Configuration
Password Configuration

[/network/web/blogging/elog] permanent link

Sat, Aug 02, 2008 3:10 pm

Determining Version of JRE

If you have Sun Microsystem's Java Runtime Environment (JRE) installed on a system, you can check its version by obtaining a command prompt and entering the command java -version.
C:\>java -version
java version "1.6.0_07"
Java(TM) SE Runtime Environment (build 1.6.0_07-b06)
Java HotSpot(TM) Client VM (build 10.0-b23, mixed mode, sharing)

If you selected the default install directory, the JRE software will likely be stored in C:\Program Files\Java.

C:\PROGRA~1\Java>dir
 Volume in drive C has no label.
 Volume Serial Number is AC89-88C6

 Directory of C:\PROGRA~1\Java

08/02/2008  08:55 AM    <DIR>          .
08/02/2008  08:55 AM    <DIR>          ..
11/20/2004  04:49 PM    <DIR>          j2re1.4.2_03
12/13/2004  02:57 AM    <DIR>          j2re1.4.2_05
08/15/2005  09:20 PM    <DIR>          jre1.5.0_04
01/12/2006  12:57 AM    <DIR>          jre1.5.0_06
08/02/2008  08:55 AM    <DIR>          jre1.6.0_07
       0 File(s)              0 bytes
       7 Dir(s)  54,967,054,336 bytes free

On a Linux system, you can also issue the java -version command to see the version.

$ java -version
java version "1.4.2"
gij (GNU libgcj) version 4.1.2 20071124 (Red Hat 4.1.2-42)

Copyright (C) 2006 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

[/software/java] permanent link

Tue, Jul 29, 2008 8:48 pm

TinyMUSH 3.1 Crashing After a Power Outage

A CentOS Linux system on which I was running TinyMUSH 3.1 patchlevel 5, the latest version of the MUSH available at the time I'm writing this entry, would not restart after I brought the system back online after a power outage. When I ran the Startmush script, I would see the following:
$ ./Startmush
Indexing help.txt
1004 topics indexed
Indexing mushman.txt
395 topics indexed
Indexing news.txt
line 5: line too long
line 7: line too long
line 9: line too long
line 11: line too long
line 13: line too long
line 17: line too long
line 19: line too long
line 21: line too long
line 23: line too long
line 25: line too long
line 27: line too long
line 41: line too long
line 43: line too long
line 45: line too long
line 47: line too long
line 49: line too long
line 120: line too long
line 122: line too long
line 124: line too long
line 126: line too long
line 128: line too long
line 130: line too long
line 132: line too long
line 134: line too long
line 136: line too long
line 138: line too long
line 140: line too long
line 142: line too long
line 144: line too long
line 146: line too long
line 148: line too long
line 150: line too long
line 152: line too long
line 244: line too long
line 247: line too long
line 298: line too long
line 300: line too long
line 305: line too long
line 350: line too long
line 357: line too long
line 359: line too long
line 362: line too long
line 364: line too long
line 621: line too long
line 623: line too long
line 625: line too long
line 627: line too long
line 629: line too long
line 631: line too long
line 633: line too long
line 839: line too long
line 841: line too long
line 843: line too long
line 845: line too long
line 847: line too long
line 853: line too long
line 862: line too long
line 874: line too long
line 876: line too long
line 878: line too long
line 880: line too long
line 882: line too long
line 884: line too long
line 886: line too long
line 888: line too long
line 890: line too long
line 907: line too long
line 912: line too long
62 topics indexed
Indexing plushelp.txt
line 4: line too long
line 9: line too long
line 142: line too long
line 229: line too long
line 254: line too long
line 282: line too long
line 655: line too long
line 680: line too long
line 880: line too long
42 topics indexed
Indexing qhelp.txt
18 topics indexed
Indexing wizhelp.txt
379 topics indexed
Indexing wiznews.txt
1 topics indexed
Checking for database files and creating backups of old files.
Saving old comsys module db.
Saving old mail module db.
Saving old game log moondreaming.log
Log cleanup done.
Process 18073
080729.193501 TinyMUSH INI/START: Starting: TinyMUSH version 3.1 patchlevel 5 #1 [01/27/2008]
080729.193501 TinyMUSH INI/START: Build date: Thu Apr 10 21:54:36 EDT 2008
080729.193501 TinyMUSH INI/START: Build info: ./configure
            gcc   -g  -I./gdbm-1.8.0
*** glibc detected *** ./bin/netmush: double free or corruption (top): 0x000000000c2076f0 ***
======= Backtrace: =========
/lib64/libc.so.6[0x2aaaab825684]
/lib64/libc.so.6(cfree+0x8c)[0x2aaaab828ccc]
/lib64/libc.so.6(fclose+0x14b)[0x2aaaab8148eb]
./bin/netmush[0x430a85]
./bin/netmush(tf_fclose+0x1d)[0x430cb0]
./bin/netmush[0x497e11]
./bin/netmush(main+0x74b)[0x499a72]
/lib64/libc.so.6(__libc_start_main+0xf4)[0x2aaaab7d18b4]
./bin/netmush(sin+0xb1)[0x40f529]
======= Memory map: ========
00400000-0053d000 r-xp 00000000 fd:00 30377121                           /home/amy/tinymush/src/netmush
0073c000-0074c000 rw-p 0013c000 fd:00 30377121                           /home/amy/tinymush/src/netmush
0074c000-00770000 rw-p 0074c000 00:00 0 
0c052000-0c221000 rw-p 0c052000 00:00 0 
2aaaaaaab000-2aaaaaac5000 r-xp 00000000 fd:00 6651907                    /lib64/ld-2.5.so
2aaaaaac5000-2aaaaaac6000 rw-p 2aaaaaac5000 00:00 0 
2aaaaaae3000-2aaaaaae4000 rw-p 2aaaaaae3000 00:00 0 
2aaaaacc5000-2aaaaacc6000 r--p 0001a000 fd:00 6651907                    /lib64/ld-2.5.so
2aaaaacc6000-2aaaaacc7000 rw-p 0001b000 fd:00 6651907                    /lib64/ld-2.5.so
2aaaaacc7000-2aaaaad49000 r-xp 00000000 fd:00 6651947                    /lib64/libm-2.5.so
2aaaaad49000-2aaaaaf48000 ---p 00082000 fd:00 6651947                    /lib64/libm-2.5.so
2aaaaaf48000-2aaaaaf49000 r--p 00081000 fd:00 6651947                    /lib64/libm-2.5.so
2aaaaaf49000-2aaaaaf4a000 rw-p 00082000 fd:00 6651947                    /lib64/libm-2.5.so
2aaaaaf4a000-2aaaaaf5f000 r-xp 00000000 fd:00 6651956                    /lib64/libnsl-2.5.so
2aaaaaf5f000-2aaaab15e000 ---p 00015000 fd:00 6651956                    /lib64/libnsl-2.5.so
2aaaab15e000-2aaaab15f000 r--p 00014000 fd:00 6651956                    /lib64/libnsl-2.5.so
2aaaab15f000-2aaaab160000 rw-p 00015000 fd:00 6651956                    /lib64/libnsl-2.5.so
2aaaab160000-2aaaab162000 rw-p 2aaaab160000 00:00 0 
2aaaab162000-2aaaab173000 r-xp 00000000 fd:00 6651972                    /lib64/libresolv-2.5.so
2aaaab173000-2aaaab373000 ---p 00011000 fd:00 6651972                    /lib64/libresolv-2.5.so
2aaaab373000-2aaaab374000 r--p 00011000 fd:00 6651972                    /lib64/libresolv-2.5.so
2aaaab374000-2aaaab375000 rw-p 00012000 fd:00 6651972                    /lib64/libresolv-2.5.so
2aaaab375000-2aaaab378000 rw-p 2aaaab375000 00:00 0 
2aaaab378000-2aaaab381000 r-xp 00000000 fd:00 6651918                    /lib64/libcrypt-2.5.so
2aaaab381000-2aaaab580000 ---p 00009000 fd:00 6651918                    /lib64/libcrypt-2.5.so
2aaaab580000-2aaaab581000 r--p 00008000 fd:00 6651918                    /lib64/libcrypt-2.5.so
2aaaab581000-2aaaab582000 rw-p 00009000 fd:00 6651918                    /lib64/libcrypt-2.5.so
2aaaab582000-2aaaab5b0000 rw-p 2aaaab582000 00:00 0 
2aaaab5b0000-2aaaab5b2000 r-xp 00000000 fd:00 6651941                    /lib64/libdl-2.5.so
2aaaab5b2000-2aaaab7b2000 ---p 00002000 fd:00 6651941                    /lib64/libdl-2.5.so
2aaaab7b2000-2aaaab7b3000 r--p 00002000 fd:00 6651941                    /lib64/libdl-2.5.so
2aaaab7b3000-2aaaab7b4000 rw-p 00003000 fd:00 6651941                    /lib64/libdl-2.5.so
2aaaab7b4000-2aaaab8fe000 r-xp 00000000 fd:00 6651914                    /lib64/libc-2.5.so
2aaaab8fe000-2aaaabafd000 ---p 0014a000 fd:00 6651914                    /lib64/libc-2.5.so
2aaaabafd000-2aaaabb01000 r--p 00149000 fd:00 6651914                    /lib64/libc-2.5.so
2aaaabb01000-2aaaabb02000 rw-p 0014d000 fd:00 6651914                    /lib64/libc-2.5.so
2aaaabb02000-2aaaabb09000 rw-p 2aaaabb02000 00:00 0 
2aaaabb09000-2aaaabb18000 r-xp 00000000 fd:00 30377114                   /home/amy/tinymush/game/modules/comsys.so.0.0.0
2aaaabb18000-2aaaabd18000 ---p 0000f000 fd:00 30377114                   /home/amy/tinymush/game/modules/comsys.so.0.0.0
2aaaabd18000-2aaaabd19000 rw-p 0000f000 fd:00 30377114                   /home/amy/tinymush/game/modules/comsys.so.0.0.0
2aaaabd19000-2aaaabd2b000 r-xp 00000000 fd:00 30377105                   /home/amy/tinymush/game/modules/mail.so.0.0.0
2aaaabd2b000-2aaaabf2b000 ---p 00012000 fd:00 30377105                   /home/amy/tinymush/game/modules/mail.so.0.0.0
2aaaabf2b000-2aaaabf2c000 rw-p 00012000 fd:00 30377105                   /home/amy/tinymush/game/modules/mail.so.0.0.0
2aaaabf2c000-2aaaabf2e000 rw-p 2aaaabf2c000 00:00 0 
2aaaac000000-2aaaac021000 rw-p 2aaaac000000 00:00 0 
2aaaac021000-2aaab0000000 ---p 2aaaac021000 00:00 0 
2aaab0000000-2aaab000d000 r-xp 00000000 fd:00 6651906                    /lib64/libgcc_s-4.1.2-20080102.so.1
2aaab000d000-2aaab020d000 ---p 0000d000 fd:00 6651906                    /lib64/libgcc_s-4.1.2-20080102.so.1
2aaab020d000-2aaab020e000 rw-p 0000d000 fd:00 6651906                    /lib64/libgcc_s-4.1.2-20080102.so.1
7fffd4567000-7fffd457d000 rw-p 7fffd4567000 00:00 0                      [stack]
ffffffffff600000-ffffffffffe00000 ---p 00000000 00:00 0                  [vdso]
080729.193501 TinyMUSH CNF/MOD  : Loaded module: comsys
080729.193501 TinyMUSH CNF/MOD  : Loaded module: mail
080729.193501 MoonDreamingMUSH INI/LOAD : Using gdbm file: moondreaming.gdbm
080729.193501 MoonDreamingMUSH INI/LOAD : Loading object structures.
080729.193501 MoonDreamingMUSH INI/LOAD : Loading db: data/mod_mail.db
Timeout - String 'Cleanup completed.' not found in 'moondreaming.log'. Giving up.
./Startmush: line 262: 18073 Aborted                 $BIN/netmush $make_db -c $GAMENAME.conf -l $LOGNAME -p $PIDFILE -t $TEXT -b $BIN -d $DATA -g $GDBM_DB -k $CRASH_DB >> $LOGNAME 2>&1

The "line too long" messages are normal for this MUSH and don't impact the functioning of the MUSH. The first unexpected message I see is the line below:

*** glibc detected *** ./bin/netmush: double free or corruption (top): 0x000000000c2076f0 ***

The line in the Startmush file that was producing the error message is shown below:

$BIN/netmush $make_db -c $GAMENAME.conf -l $LOGNAME -p $PIDFILE -t $TEXT -b $BIN -d $DATA -g $GDBM_DB -k $CRASH_DB >>$LOGNAME 2>&1 &

I suspected the problem might be related to the fact that I'm running the MUSH on a 64-bit version of CentOS now. It was previously installed on a 32-bit Red Hat 9 Linux system. I remembered encountering problems when I initially moved it to the CentOS system in April, related to the fact that the CentOS system was a 64-bit operating system. Unfortunately, I can't remember exactly how I resolved the problems I encountered then.

When I performed a Google search on "glibc double free or corruption 64-bit", one of the pages I found, glibc detected double free or corruption error? had a posting by RavenOfOdin that offered a solution:

Re: glibc detected double free or corruption error?

That's an old Linux C++ error. Not new news.
To fix it so you can run the program just type:

export MALLOC_CHECK_=0

before running the program.

So I entered the command export MALLOC_CHECK_=0 from a BASH shell prompt before the Startmush command. It solved the problem and the MUSH started as before the crash. I don't remember entering that command previously to get the MUSH to run, but since it did fix the problem, I thought I had better document it for the next time I encountered the problem.

$ export MALLOC_CHECK_=0
$ ./Startmush
Indexing help.txt
1004 topics indexed
Indexing mushman.txt
395 topics indexed
Indexing news.txt
line 5: line too long
line 7: line too long
line 9: line too long
line 11: line too long
line 13: line too long
line 17: line too long
line 19: line too long
line 21: line too long
line 23: line too long
line 25: line too long
line 27: line too long
line 41: line too long
line 43: line too long
line 45: line too long
line 47: line too long
line 49: line too long
line 120: line too long
line 122: line too long
line 124: line too long
line 126: line too long
line 128: line too long
line 130: line too long
line 132: line too long
line 134: line too long
line 136: line too long
line 138: line too long
line 140: line too long
line 142: line too long
line 144: line too long
line 146: line too long
line 148: line too long
line 150: line too long
line 152: line too long
line 244: line too long
line 247: line too long
line 298: line too long
line 300: line too long
line 305: line too long
line 350: line too long
line 357: line too long
line 359: line too long
line 362: line too long
line 364: line too long
line 621: line too long
line 623: line too long
line 625: line too long
line 627: line too long
line 629: line too long
line 631: line too long
line 633: line too long
line 839: line too long
line 841: line too long
line 843: line too long
line 845: line too long
line 847: line too long
line 853: line too long
line 862: line too long
line 874: line too long
line 876: line too long
line 878: line too long
line 880: line too long
line 882: line too long
line 884: line too long
line 886: line too long
line 888: line too long
line 890: line too long
line 907: line too long
line 912: line too long
62 topics indexed
Indexing plushelp.txt
line 4: line too long
line 9: line too long
line 142: line too long
line 229: line too long
line 254: line too long
line 282: line too long
line 655: line too long
line 680: line too long
line 880: line too long
42 topics indexed
Indexing qhelp.txt
18 topics indexed
Indexing wizhelp.txt
379 topics indexed
Indexing wiznews.txt
1 topics indexed
Checking for database files and creating backups of old files.
Saving old comsys module db.
Saving old mail module db.
Saving old game log moondreaming.log
Log cleanup done.
Process 20430
080729.202051 TinyMUSH INI/START: Starting: TinyMUSH version 3.1 patchlevel 5 #1 [01/27/2008]
080729.202051 TinyMUSH INI/START: Build date: Thu Apr 10 21:54:36 EDT 2008
080729.202051 TinyMUSH INI/START: Build info: ./configure
            gcc   -g  -I./gdbm-1.8.0
080729.202051 TinyMUSH CNF/MOD  : Loaded module: comsys
080729.202051 TinyMUSH CNF/MOD  : Loaded module: mail
080729.202051 MoonDreamingMUSH INI/LOAD : Using gdbm file: moondreaming.gdbm
080729.202051 MoonDreamingMUSH INI/LOAD : Loading object structures.
080729.202051 MoonDreamingMUSH INI/LOAD : Loading db: data/mod_mail.db
080729.202051 MoonDreamingMUSH INI/LOAD : Loading db: data/mod_comsys.db
080729.202051 MoonDreamingMUSH INI/COM  : Unrecognized comsys format.
080729.202051 MoonDreamingMUSH INI/LOAD : Load complete.
080729.202051 MoonDreamingMUSH CFG/UPDAT: God(#1) entered config directive: money_name_singular with args 'Moon Coin'. Status: Success.
080729.202051 MoonDreamingMUSH CFG/UPDAT: God(#1) entered config directive: money_name_plural with args 'Moon Coins'. Status: Success.
080729.202051 MoonDreamingMUSH INI/LOAD : Startup processing complete.
080729.202051 MoonDreamingMUSH NET/SLAVE: DNS lookup slave started on fd 1
080729.202051 MoonDreamingMUSH INI/LOAD : Cleanup completed.

References:

  1. glibc detected double free or corruption error?
    By: RavenOfOdin
    Date: May 12th, 2006
    Ubuntu Forums

[/gaming/tinymush] permanent link

Tue, Jul 29, 2008 11:53 am

Ghost 2003 Backup of Laptop SATA Drive

I received another HP Compaq tc4400 laptop while mine, which would no longer power on, was being repaired. I put the 80 GB SATA drive from my laptop in the new laptop. I wanted to backup the drive to an external USB drive using Norton Ghost 2003 prior to using it in the new system, so I attached the laptop's external DVD drive and attempted to boot from a Ghost 2003 boot CD. I received a message that command.com couldn't be found. I tried several Ghost 2003 boot CD's, but none worked. I was able to boot from a Ghost 2003 boot floppy disk, but when I ran Ghost, I received the message below:

Application Error
Read sector failure, result=1, drive=1,sectors 729050177 to
729050178
If this problem persists, contact Symantec Technical Support
at http://service.symantec.com

I put the drive in a desktop system and booted that system from one of the Ghost 2003 CDs I had tried with the laptop. I didn't receive any error messages and was able to back up the drive without any problems, so I'm not sure why I received the error message when attempting the backup with the laptop.

I know that sometimes a CD or DVD drive will have problems with discs from a particular manufacturer, so perhaps the external HP DVD ROM drive (p/n: PA509A#ABA) was having a problem reading the Office Depot CD-R discs I had put Ghost on, but that shouldn't have any bearing on Ghost aborting when I tried to start it to backup the disk drive. I was able to boot the laptop using the external DVD-ROM drive with an Ubuntu Linux LiveCD.

Ghost Backup

Drive	Size (MB)	Type	Cylinders	Heads	Sectors
    1	    76319	Basic	    20023	  255	     63


					Volume	Size	Data Size
Part	Type	ID	Description	Label	in MB	in MB
   1	Primary 07	       NTFS	No name	76316	    41270
					Free	    2
------------------------------------------------------------------
                                        Total	76319	    41270

Speed (MB/min):369
MB copied:38730
Time elapsed:1:44:56

[/os/windows/utilities/backup/ghost] permanent link

Mon, Jul 28, 2008 7:32 pm

Blosxom Not Working After Reboot on 64-bit System

A Linux server on which a Blosxom blog was running lost power due to a power outage. When power was restored and I rebooted the server, I found that the website hosting the blog was functioning ok, but attempting to access the blog itself returned only a blank webpage. Checking the error log for the site, I saw error messages such as the following:
[Mon Jul 28 08:57:25 2008] [error] [client 216.246.77.172] calendar debug 1: filter() called
[Mon Jul 28 08:57:25 2008] [error] [client 216.246.77.172] File is not a perl storable at blib/lib/Storable.pm (autosplit into blib/lib/auto/Storable/_retrieve.al) line 380, <DATA> line 32, at /home/jsmith/www/blog/plugins/calendar line 322
[Mon Jul 28 08:57:25 2008] [error] [client 216.246.77.172] Premature end of script headers: blosxom
[Mon Jul 28 08:58:22 2008] [error] [client 66.249.71.193] calendar debug 1: start() called, enabled
[Mon Jul 28 08:58:23 2008] [error] [client 66.249.71.193] calendar debug 1: filter() called
[Mon Jul 28 08:58:23 2008] [error] [client 66.249.71.193] File is not a perl storable at blib/lib/Storable.pm (autosplit into blib/lib/auto/Storable/_retrieve.al) line 380, <DATA> line 32, at /home/jsmith/www/blog/plugins/calendar line 322

The blog uses a Blosxom Calendar plugin.

I remembered having problems when I moved the blog from a 32-bit Linux system to a 64-bit system (see Blosxom Calendar Plugin on 64-bit System). I found the problem was similar and I was able to resolve it by deleting the .calendar.cache file from the Blosxom plugins state directory, plugins/state.

Once the blog was accessible again, I checked the state directory with ls -al again and saw the .calendar.cache file had been recreated.

[/network/web/blogging/blosxom] permanent link

Sun, Jul 27, 2008 3:53 pm

Ghost 2003 Boot CD - Abort, Retry, Fail?

I use Symantec's Ghost 2003 to create image backups of disk drives. Since the Ghost 2003 Boot Wizard can't create bootable CD's, only boot floppy disks, I create a boot floppy disk and then use a program like Nero or Roxio Easy Easy CD Creator, which can create boot CDs from floppy diskettes, to create a Ghost 2003 boot CD (see Procedure for Generating Norton Ghost Bootable CD for procedure to use with Roxio's Easy CD and DVD Creator 6). When I booted systems from the boot CD's I created I would see the message below:

Write protect error writing drive A
Abort, Retry, Fail?

I would hit F and the boot process would proceed. If I hit R, I would get the same message again. Hitting A for "Abort" would allow me to proceed to running Ghost, but the mouse driver wouldn't load. If I hit F8 just as I was booting from the Ghost 2003 boot CD, I could walk through the commands in config.sys and autoexec.bat, which allowed me to see that the error occurred just as the mouse driver was being loaded.

I didn't know how to eliminate the error until I found the cause of the problem described by eASYkILL in a posting at Ghost 2003 Multi-Boot CD (Abort,Retry,Fail) error. He posted the following information:

So here is the deal... MOUSE.COM is trying to create a MOUSE.INI file and because you created a bootable CD (read-only) it is unable to write the file and gives the error message (Abort, Retry, Fail). If you fail, you can continue just fine with mouse support.

The solution... add a MOUSE.INI to your floppy that you are creating the image from. If you booted from the floppy at least once, this problem doesn't occur because the file is created. That may be how it went away for you. Just re-create the bootable CD from the floppy with mouse.ini added.

Here is my mouse.ini

[mouse]
MouseType=PS2

Cheers!

Since most of the systems on which I'm performing the Ghost 2003 image backups have a mouse attached by the PS/2 mouse port, I thought that should work fine. So I used Notepad to create a mouse.ini file with the above lines on one of the Ghost 2003 boot floppy disks (be sure to change the "save as type" to "all files", if using the Windows Notepad program). I also found that I was able to boot laptops with a built-in mouse touchpad and use use the mouse with no problems with the mouse type set to PS2 in mouse.ini. I no longer received the "Abort, retry, or fail" message when booting from a Ghost 2003 boot CD that had the mouse.ini file in the root directory.

Note: you can see optons for the mouse.com program by typing mouse /? at a command prompt. You can use mouse off to remove the mouse driver from memory.

. You can specify the mouse type by using the type option.


mouse type       /Cn (serial), /Z (PS2), /In (inPort), /B (bus)
                  (n specifies a prot and can be either 1 or 2)

References:

  1. Procedure for Generating Norton Ghost Bootable CD
    MoonPoint Support
  2. Ghost 2003 Multi-Boot CD (Abort,Retry,Fail) error
    By: eASYkILL
    Date: April 1, 2005
    Microsoft Software Forum Network (MSFN)

[/os/windows/utilities/backup/ghost] permanent link

Thu, Jul 24, 2008 10:16 am

NTFS Support on CentOS

I needed to be able to access files on a USB drive formatted with the NTFS filesystem from a CentOS 5.1 Linux system. To do so I used the free open source NTFS driver for Linux, NTFS-3G.

I followed the instructions at How to Mount an NTFS Filesystem in order to be able to do so. I issued the command yum install fuse fuse-ntfs-3g dkms dkms-fuse to install the required packages (dkms and dkms-fuse install the fuse kernel module).

The system needs to be configured to use the RPMforge repository in order for the above yum install command to work. See Installing Wine on CentOS or RPMForge Packages and Yum Priorites for information on configuring yum to use the RPMforge repository.

After installing the ntfs-3g driver, I was able to mount the NTFS-formatted drive.

[root@localhost ~]# mkdir /mnt/windrive
[root@localhost ~]# mount -t ntfs-3g /dev/sda1 /mnt/windrive

I first created a mount point, which I arbitrarily named "windrive" under /mnt. Then I needed to specify the file system type with -t ntfs-3g. This particular drive was an external USB drive, which Linux identified as /dev/sda. It had only one partition on it, so I used /dev/sda1 to mount it. If you are unsure how Linux will identify the drive, see Linux Drive Designations

If the NTFS drive contains the Windows operating system for a system and the system was put into hibernation mode when it was shut down, you can only mount it in read-only mode. You will see the following message, which I saw when I tried to mount another drive from a hibernated Windows system, if you don't specify read-only mode for mounting the drive:

# mount -t ntfs-3g /dev/sdc1 /mnt/workdrive
Windows is hibernated, refused to mount.
Failed to mount '/dev/sdc1': Operation not permitted
The NTFS partition is hibernated. Please resume and shutdown Windows
properly, or mount the volume read-only with the 'ro' mount option, or
mount the volume read-write with the 'remove_hiberfile' mount option.
For example type on the command line:

            mount -t ntfs-3g /dev/sdc1 /mnt/workdrive -o remove_hiberfile

I was able to mount the drive by using the -r option for the mount command (you can also use -o ro).

mount -r -t ntfs-3g /dev/sdc1 /mnt/workdrive

fuse-ntfs-3g package information:

[root@localhost /]# rpm -qi fuse-ntfs-3g
Name        : fuse-ntfs-3g                 Relocations: (not relocatable)
Version     : 1.2712                            Vendor: Dag Apt Repository, http://dag.wieers.com/apt/
Release     : 1.el5.rf                      Build Date: Mon 14 Jul 2008 04:20:28 PM EDT
Install Date: Thu 24 Jul 2008 08:48:39 AM EDT      Build Host: lisse.leuven.wieers.com
Group       : System Environment/Kernel     Source RPM: fuse-ntfs-3g-1.2712-1.el5.rf.src.rpm
Size        : 905700                           License: GPL
Signature   : DSA/SHA1, Mon 14 Jul 2008 05:57:27 PM EDT, Key ID a20e52146b8d79e6
Packager    : Dag Wieers <dag@wieers.com>
URL         : http://www.ntfs-3g.org/
Summary     : Linux NTFS userspace driver
Description :
The ntfs-3g driver is an open source, GPL licensed, third generation Linux NTFS
driver. It provides full read-write access to NTFS, excluding access to
encrypted files, writing compressed files, changing file ownership, access
right.

Technically it’s based on and a major improvement to the third generation Linux
NTFS driver, ntfsmount. The improvements include functionality, quality and
performance enhancements.

ntfs-3g features are being merged to ntfsmount. In the meanwhile, ntfs-3g is
currently the only free, as in either speech or beer, NTFS driver for Linux
that supports unlimited file creation and deletion.

After unmounting the drive with the umount command, I removed the directory I created when mounting it.

[root@localhost /]# rmdir /mnt/windrive

[/os/unix/linux/centos] permanent link

Thu, Jul 24, 2008 10:05 am

Linux Drive Designations

If you are unsure how Linux will designate a drive, Linux identifies IDE drives as hdx, e.g. hda, hdb, hdc, or hdd, while sdx, such as sda, sdb, etc., is used to designate SATA, SCSI, and USB drives.

IDE/ATAPI device names

NameDevice
hdaIDE bus/connector 0 master device
hdbIDE bus/connector 0 slave device
hdcIDE bus/connector 1 master device
hddIDE bus/connector 1 slave device

To find drives on your system, type mesg | grep '^hd.:' and/or dmesg | grep 'SCSI device sd.:'

[root@localhost ~]# dmesg | grep '^hd.:'
hda: HDS722516VLAT80, ATA DISK drive
hdc: Memorex DVD16+/-DL4RWlD2, ATAPI CD/DVD-ROM drive
hdd: ST3120026A, ATA DISK drive
hda: max request size: 512KiB
hda: 321672960 sectors (164696 MB) w/7938KiB Cache, CHS=20023/255/63, UDMA(100)
hda: cache flushes supported
hdd: max request size: 512KiB
hdd: 234441648 sectors (120034 MB) w/8192KiB Cache, CHS=16383/255/63, UDMA(100)
hdd: cache flushes supported
hdc: ATAPI 48X DVD-ROM DVD-R CD-R/RW drive, 2048kB Cache, UDMA(66)
[root@localhost ~]# dmesg | grep 'SCSI device sd.:'
SCSI device sda: 398297088 512-byte hdwr sectors (203928 MB)
SCSI device sda: 398297088 512-byte hdwr sectors (203928 MB)
SCSI device sdb: 156301488 512-byte hdwr sectors (80026 MB)
SCSI device sdb: 156301488 512-byte hdwr sectors (80026 MB)
SCSI device sdc: 156301488 512-byte hdwr sectors (80026 MB)
SCSI device sdc: drive cache: write back
SCSI device sdc: 156301488 512-byte hdwr sectors (80026 MB)
SCSI device sdc: drive cache: write back

[/os/unix/linux] permanent link

Wed, Jul 23, 2008 2:41 pm

Installing Wine on CentOS

I needed to install Wine on a CentOS 5.1 system I had just set up. Wine is available from the RPMForge repository, so I downloaded the latest rpmforge-release package from RPMForge and installed it.
[root@localhost ~]# wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
[root@localhost ~]# rpm -Uhv rpmforge-release-0.3.6-1.el5.rf.i386.rpm

That placed two new files, mirrors-rpmforge and rpmforge.repo in /etc/yum.repos.d. I then checked to ensure the yum-priorites package was installed.

[root@localhost ~]# rpm -qi yum-priorities
Name        : yum-priorities               Relocations: (not relocatable)
Version     : 1.1.10                            Vendor: CentOS
Release     : 9.el5.centos                  Build Date: Sun 08 Jun 2008 06:25:46 PM EDT
Install Date: Wed 23 Jul 2008 12:20:43 AM EDT      Build Host: builder16.centos.org
Group       : System Environment/Base       Source RPM: yum-utils-1.1.10-9.el5.centos.src.rpm
Size        : 12698                            License: GPL
Signature   : DSA/SHA1, Sat 14 Jun 2008 07:23:04 PM EDT, Key ID a8a447dce8562897
URL         : http://linux.duke.edu/yum/download/yum-utils/
Summary     : plugin to give priorities to packages from different repos
Description :
This plugin allows repositories to have different priorities.
Packages in a repository with a lower priority can't be overridden by packages
from a repository with a higher priority even if repo has a later version.

I then verified that yum-priorities is enabled by ensuring that the following lines were present in /etc/yum/pluginconf.d/priorities.conf :

[main]
enabled = 1

The yum repository information is stored in /etc/yum.repos.d.

[root@localhost ~]# ls -l /etc/yum.repos.d
total 32
-rw-r--r-- 1 root root 2049 Jun 19 09:48 CentOS-Base.repo
-rw-r--r-- 1 root root  626 Jun 19 09:48 CentOS-Media.repo
-rw-r--r-- 1 root root  684 Mar  8  2007 mirrors-rpmforge
-rw-r--r-- 1 root root  428 Mar  8  2007 rpmforge.repo

I added priority=1 as the last line in the following sections of CentOS-Base.repo:

[base]
[updates]
[extras]

I added priority=2 as the last line in the [centosplus] .

I edited /etc/yum.repos.d/rpmforge.repo and added priority = 11 at the end of the file.

Repositories with lower priority numbers are considered to have a higher priority than than those with higher numbers. E.g. if repository A has priority=4 associated with it while repository B has priority=5 associated with it, repository A has a higher priority than repository B.

After adding the RPMForge repository, I was then able to install Wine with yum install wine. The following dependencies were also instaled:


Dependencies Resolved

=============================================================================
 Package                 Arch       Version          Repository        Size 
=============================================================================
Installing:
 wine                    i386       1.0-1.el5.rf     rpmforge          2.9 k
Installing for dependencies:
 wine-capi               i386       1.0-1.el5.rf     rpmforge           16 k
 wine-cms                i386       1.0-1.el5.rf     rpmforge           65 k
 wine-core               i386       1.0-1.el5.rf     rpmforge           36 M
 wine-esd                i386       1.0-1.el5.rf     rpmforge           43 k
 wine-jack               i386       1.0-1.el5.rf     rpmforge           13 k
 wine-ldap               i386       1.0-1.el5.rf     rpmforge          251 k
 wine-nas                i386       1.0-1.el5.rf     rpmforge           12 k
 wine-twain              i386       1.0-1.el5.rf     rpmforge           23 k

After the installation, I ran winecfg.

[root@localhost ~]# winecfg
wine: created the configuration directory '/root/.wine'
Could not load Mozilla. HTML rendering will be disabled.
wine: configuration in '/root/.wine' has been updated.

Wine was configured to emulate Windows XP by default. I clicked on the Desktop Integration tab and set the "My Documents", "My Pictures", "My Music", and "My Videos" folders to link to directories I created under a "Documents" folder, I created under the login directory for the account I was logged in under. The directories must be created before you link to them with the Wine configuration utility.

[root@localhost Documents]# mkdir Pictures
[root@localhost Documents]# mkdir Music
[root@localhost Documents]# mkdir Videos

Wine configuration of folders

In the Wine configuration window, I clicked OK to retain the default settings. When I was returned to the shell prompt, I ran wine notepad to test Wine with the notepad application.

References:

  1. Installing RPMForge
    CentOS Wiki
  2. yum-plugin-priorities
    CentOS Wiki
  3. RPMForge Packages and Yum Priorites
    MoonPoint Support
  4. Configuring Wine
    Wine HQ

[/os/unix/linux/centos] permanent link

Tue, Jul 22, 2008 11:00 pm

Installing Centos 5.1 on a USB Drive

Though it took me some trial and error to figure out how to get it working, I was finally able to install CentOS 5.1 on a USB drive and have a system boot from the drive automatically. I wanted to have the drive set up with CentOS, so I could easily transport programs and my personal files between locations.

[ More Information ]

[/os/unix/linux/centos] permanent link

Tue, Jul 15, 2008 8:31 pm

Use SFTP Rather Than FTP

FTP uses unencrypted userids and passwords for file transfers, whereas SFTP uses an encrypted userid and password and encrypts the data as well. Many may have also experienced problems with getting FTP to work through a firewall. Steven Frank provides a list of other reasons at http://stevenf.com/archive/dont-use-ftp.php as to why one should avoid FTP when possible.

[/network/ftp] permanent link

Tue, Jul 15, 2008 5:12 pm

Requiem for Windows XP

InfoWorld published an artcile A requiem for Windows XP on July 1, 2008 stating that Microsoft has held firm on discontinuing sales of Windows XP, though enterprises, small businesses, and some consumers will still be able to install XP as a "downgrade" to Windows Vista Business or Ultimate. System builders will still be able to build PCs with Windows XP until February 1, 2009, so if you purchase a PC at a computer show, such as those run by MarketPro, which I attend when they are held in my area, you will still be able to get Windows XP on such a system.

There is also a link in the article to a Windows 7 compatibility checker, if you are interested in determing whether a system will be able to support the next version of Windows.

[/os/windows/xp] permanent link

Tue, Jul 15, 2008 4:58 pm

Alternatives to Microsoft Office

InfoWorld has an article published July 15, 2008 titled Can you really live without Microsoft Office? that discusses open source and cloud computing alternatives to Microsoft Office.

One of the alternatives is OpenOffice. Though I use Microsoft Office on my Windows laptop, I use OpenOffice on other systems, such as Linux or Solaris systems and even on one Windows system. I've found it quite useable and, for most of the documents I work with, able to handle documents created in Microsoft Office's applications fairly well.

I also use Google Docs, though just the spreadsheet capability. I use Google Docs spreadsheets for personal use, such as tracking my mileage and gas consumption. It works fine for that and could also suffice for others with uncomplicated spreadsheet requirements, but it definitely isn't on a par with Microsoft Excel's capabilities.

I haven't tried the other alternative discussed in the article yet, Zoho. Zoho is a suite of online applications (services) that you access from the Zoho website. The applications are free for individuals and some have a subscription fee for organizations. In their FAQ, Zoho states that "We assure you that the contents of your Account will not be disclosed to anyone and will not be accessible to employees of AdventNet. Neither do we process the contents of your Account for serving targeted advertisements."

[/os/windows/office] permanent link

Mon, Jul 14, 2008 10:33 pm

Netscape Mail View

Someone who uses Netscape 7.2 for email reported that the count for unread messages, which appears on the left hand side of Netscape's mail window, was showing uread messages, but he couldn't find them. When I checked his system, I found he had changed the message "view" to show only messages with attachments. I changed it to show all messages again, by selecting "All" for "View" ("View" appears slightly above the list of messages in a folder).

Netscape 7.2 supports the following "views"

All
Unread
Important
Work
Personal
To Do
Later
People I know
Recent Mail
Last 5 Days
Not Junk
Has Attachments

There is also an option to customize the view of messages.

[/network/email/clients/netscape] permanent link

Sun, Jul 13, 2008 7:57 pm

BFG Tech Model BFG550WGSPSU Power Supply

BFG GS550 Power Supply Box BFG550WGSPSU
connectors

Click either image to see a larger version

Manufacturer: BFG Tech
Model: BFG550WGSPSU
AC Input: 115/230V~,60/50Hz,10/6A

Specifications
ATX12V 2.2
Dual 12V Rails
SATA Connectors
PCI Express Ready
Efficiency: > 80% Typical
Silent 140mm Intake Fan
BFG Thermal Control Technology
Protection Circuitry
MTBF: 80,000 Hours at 25° C
Safety Approval: CCC, CB, UL, TUV, CE, CSA, CUL, NEMKO, SAA, GS, VDE
Dimensions: 8.6cm W x 15cm H x 14cm D (3.4" W x 6" H x 5.5" D)
1 Year Warranty
BFG Tech model BFG4550WGSPSU power supply
DC Output
+3.3V = 35A
+5V = 40A
+3.3V +5V Max. Combined Wattage = 130W
+12V1 = 18A
+12V2 = 18A
+12V Max. Combined Wattage = 432W
-12V = 0.5A
+5VSB = 2.5A
 
Included in Box
1 x 550 Watt Power Supply Unit
1 x US Power Cable
1 x User's Guide
4 x Mounting Screws
 
Connectors
1 x 24-Pin (20+4-Pin) Motherboard Connector
1 x 8-Pin (4+4-Pin) CPU 12V Power Connector
1 x 6-Pin PCI Express Connector
1 x 8-Pin (6+2-Pin) PCI Express Connector
4 x 4-Pin Molex Connectors
1 x 4-Pin Floppy Connector
4 x SATA Connectors (also includes connectors for IDE drives)
 
Works With The Following Motherboards
PCI Express
AGP
PCI
 

Manual

BFG Tech "GS" Series User's Manual - Microsoft Word Document
BFG Tech "GS" Series User's Manual - HTML Document (produced by OpenOffice.org Writer)

References:
  1. GS-550 Power Supply
    BFG Tech
  2. BFG Tech "GS" Series User's Manual
    BFG Tech

[/pc/hardware/power-supply] permanent link

Sun, Jul 13, 2008 3:04 pm

Scheduling NTBackup for a Daily Backup

The NTBackup utility comes with Windows NT, 2000, Server 2003, Small Business Server (SBS) 2003, and Windows XP. NTBackup is not installed by default with Windows XP Home Edition, but is available on the Windows XP installation disc. Microsoft has replaced NTBackup in Windows Vista.

NTBackup backs up files to a proprietary BKF format. With Windows XP and later, it can even backup open files using Volume Shadow Copy, aka Volume Snapshot Service (VSS)..

To create a backup process that runs every week on a specific day to backup a folder on a system, you can create a batch file similar to the following:

@echo off

REM NTBackup batch file for ACCI folder

REM Set date variable
For /f "tokens=2-4 delims=/ " %%a in ('date /t') do (set date=%%a-%%b-%%c)
date = %date%

ntbackup backup D:\ACCI /J "ACI" /V:No /M Normal /Snap:on /f "F:\ACI\Backups\Current\ACCI_Weekly_%date%.bkf"

The above batch file, which I've named acci-weekly.bat will backup the D:\backup on the system on which it is run. The files will be backed up to F:\ACI\Backups\Current\ACCI_%date%.bkf. The %date% variable is set by the code below:

For /f "tokens=2-4 delims=/ " %%a in ('date /t') do (set date=%%a-%%b-%%c)
date = %date%

The %a variable holds the month, %b holds the day, and %c holds the year. Files will be created with names in the form ACCI_Weekly_07-12-2008.bkf.

The other parameters used are as described below:

/J {"JobName"}
Specifies the job name to be used in the backup report. The job name usually describes the files and folders you are backing up in the current backup job.

/V:{yes | no}
Verifies the data after the backup is complete.

/M {BackupType}
Specifies the backup type. It must be one of the following: normal, copy, differential, incremental, or daily.

/SNAP:{on | off} Specifies whether or not the backup should use a volume shadow copy.

/F {"FileName"}
Logical disk path and file name. You must not use the following switches with this switch: /P /G /T.

Further information on the options availabe with the ntbackup command can be obtained by running ntbackup /? from a command prompt.

By specifying normal as the backup type, all of the files in the folder will be backed up. If the folder occupies a large amount of disk space and will take a considerable amount of time to backup, you may not want to backup all of the files every day.

In this case I would run a normal backup on Sundays, but an incremental backup every other day. So I have a second batch file, acci.bat.

@echo off

REM NTBackup batch file for ACCI folder

REM Set date variable
For /f "tokens=2-4 delims=/ " %%a in ('date /t') do (set date=%%a-%%b-%%c)
date = %date%

ntbackup backup D:\ACCI /J "ACI" /V:No /M Incremental /Snap:on /f "F:\ACI\
Backups\Current\ACCI_%date%.bkf"

To run the batch file that performs the incremental backup every day, you can use the at command.

C:\Documents and Settings\Administrator>at 19:30 /every:m,t,w,th,f,s d:
\backups\acci.bat
Added a new job with job ID = 1

The above command schedules the backup to run every night, Monday through Saturday, at 7:30 P.M. The backup is an incremental backup. An incremental backup is a backup that copies only those files created or changed since the last normal or incremental backup. It marks files as being backed up by clearing the archive attribute on files. If you use a combination of normal and incremental backups to restore your files, you will need to have the last normal backup and all incremental backup sets.

You can check scheduled jobs by running the at command with no parameters. You can get help on the command with at /?.

C:\Documents and Settings\Administrator.mayberry>at
Status ID   Day                     Time          Command Line
-------------------------------------------------------------------------------
        1   Each M T W Th F S       7:30 PM       d:\backups\acci.bat

To schedule the job that runs once a week on Sunday, I can use at 19:30 /every:su d:\backups\acci_weekly.bat.

For a full restoral from the backups, I would need to restore first from the weekly normal backup and then restore from each of the incremental backups from that week.

[/os/windows/utilities/backup/ntbackup] permanent link

Sat, Jul 12, 2008 2:42 pm

Ghost 7.5 Client Timed Out Failure

When I ran a Symantec Ghost 7.5 backup task to create an image backup of a system over the LAN, the task failed. I looked at the event log for the backup task by right-clicking on the failed task.

Ghost 7.5 task failure

I saw that the initialization failed.

Ghost 7.5 initialization failed

The event details showed that the client timed out.

Ghost 7.5 client timed out

A Ghost client system should be listening on UDP port 1346. The Ghost server sends a datagram from UDP port 1347 to port 1346 on the client to start the backup. But when I scanned the client system with Foundstone's free ScanLine program, I found it wasn't responding on port 1346.

C:\>sl -u 1346 192.168.0.14
ScanLine (TM) 1.01
Copyright (c) Foundstone, Inc. 2002
http://www.foundstone.com

Scan of 1 IP started at Sat Jul 12 13:29:59 2008

-------------------------------------------------------------------------------
192.168.0.14
Responded in 0 ms.
0 hops away
Responds with ICMP unreachable: Yes

UDP ports:

-------------------------------------------------------------------------------

Scan finished at Sat Jul 12 13:29:59 2008

1 IP and 1 port scanned in 0 hours 0 mins 0.02 secs

And when I examined the network traffic between the two systems with MicroOLAP's tcpdump when I ran the backup task, I saw the client system was returning a "udp port 1346 unreachable" message.

I logged onto the system from the server using the Remote Desktop Protocol (RDP). When I logged on and checked whether the system was listening on UDP port 1346 with netstat, I saw it was listening.

C:\Documents and Settings\Administrator>netstat -a | find "1346"
  UDP    Ellie:1346             *:*

When I disconnected and scanned the system from the Ghost server again using ScanLine, I could then see it was responding on UDP port 1346. Apparently just logging on to the system caused it to start accepting data on port 1346 again.

C:\Program Files\Network\Scanning\Scanline>sl -u 1346 192.168.0.14
ScanLine (TM) 1.01
Copyright (c) Foundstone, Inc. 2002
http://www.foundstone.com

Scan of 1 IP started at Sat Jul 12 14:09:32 2008

-------------------------------------------------------------------------------
192.168.0.14
Responded in 0 ms.
0 hops away
Responds with ICMP unreachable: Yes

UDP ports: 1346

-------------------------------------------------------------------------------

Scan finished at Sat Jul 12 14:09:36 2008

1 IP and 1 port scanned in 0 hours 0 mins 4.02 secs

But when I ran the Ghost task again, it again failed. And when I scanned the system with ScanLine again, I found the client system was no longer responding on port 1346. And when I checked from the system itself by using the netstat command again, I found netstat was no longer showing it listening on port 1346.

From the client system itself, I ran ngctw32.exe, which is located in C:\Program Files\Symantec\Ghost. When I ran ngctw32, the ScanLine program showed it listening on port 1346 as did netstat. I then reran the Ghost task from the server. This time the backup started.

[/os/windows/utilities/backup/ghost] permanent link

Fri, Jul 11, 2008 3:26 pm

Free RocketMail Account

I signed up for a free RocketMail email account from Yahoo today to use as a test email account. Yahoo offers unlimited storage for the email account. RocketMail was acquired by Yahoo! and relaunched by as Yahoo! Mail in 1997.

John Kremer, a Yahoo! Mail vice president, provides some history on how Yahoo's email account storage capacity has grown over the years. He mentions that when Yahoo! Mail launched in 1997, users got a whopping 4 megabytes (MB) of storage for their email.

[/network/email/free] permanent link

Thu, Jul 10, 2008 3:57 pm

Turning Off Forwarding in Microsoft Exchange

On a Small Business Server (SBS) 2003 system, to turn off forwarding of email from Microsoft Exchange 6.5 to an external email address, take the following steps:

  1. Click on Start.
  2. Select All Programs.
  3. Select Administrative Tools.
  4. Select Active Directory Users and Computers.
  5. Under Users, right-click on the appropriate user account and select Properties.
  6. Click on the Exchange Advanced tab.
  7. Click on Delivery Options.
  8. Under Forwarding Address, select None, instead of Forward to.
  9. Click on OK.
  10. Click on OK to close the Properties window.

[/network/email/exchange] permanent link

Thu, Jun 26, 2008 10:05 pm

Maximum Email Size Allowed by GoDaddy

GoDaddy.com offers email hosting service for domains. The maximum message size GoDaddy permits for email accounts hosted on their email servers is 30 MB. The maximum size allowed for an attachment to a message is 20 MB. The total combined size of the file attachment and the contents of the email message itself cannot exceed the 30MB limit.

References:

  1. What is the maximum attachment size I can send through my email account?
    Last Updated: April 24, 2007
    GoDaddy Help Center

[/network/email/godaddy] permanent link

Tue, Jun 24, 2008 10:03 pm

Visio Netscreen Shapes

MTMnet, Inc. provides Netscreen shapes, as well as many other network shapes, at MTMnet.com's Visio Icon & Stencil Library

The following Juniper Networks NetScreen shapes are provided:

5GTNetscreen-5GT
5XTNetscreen-5XT
5GT WirelessNetscreen-5GT Wireless
HSCNetscreen-HSC
25Netscreen-25
208Netscreen-208
500Netscreen-500
500 GPRSNetscreen-500 GPRS
5200Netscreen-5200
5400Netscreen-5400
IDP 10Netscreen-IDP 10
IDP 100Netscreen-IDP 100
IDP 500Netscreen-IDP 500
IDP 1000Netscreen-IDP 1000
ISG 2000Netscreen-ISG 2000
RA 500Netscreen-RA 500
SA 1000Netscreen-SA 1000
SA 3000Netscreen-SA 3000
SA 3000 FIPSNetscreen-SA 3000 FIPS
SA 5000Netscreen-SA 5000
SA 5000 FIPSNetscreen-SA 5000 FIPS
SM 3000Netscreen-SM 3000
Netscreen-SA Central ManagerNetscreen-SA Central Manager
Netscreen-Global ProNetscreen-Global Pro
Netscreen-Security Manager 2004Netscreen-Security Manager 2004
Netscreen-Remote Security clientNetscreen-Remote Security client
Netscreen-Remote VPN clientNetscreen-Remote VPN client
Generic 19in RackGeneric 19" Rack

Download the .vss file onto your system. Visio 2003 stores the stencils that come with it in C:\Program Files\Microsoft Office\Visio11\1033. You should also have a My Shapes directory under your My Documents directory. I store stencils I've downlaoded there.

To use the new shapes, in Visio, click on File, then Shapes, then My Shapes, if you've stored them in that directory. Then select Netscreen for the Netscreen shapes.

Download Sites:

MTMnet.com
ShapeSource by Visimation
MoonPoint Support

[/os/windows/office/visio] permanent link

Mon, Jun 23, 2008 9:21 pm

PossibleHostsFileHijack

I scanned my laptop with Windows Defender version 1593. It reported it found "Win32/PossibleHostsFileHijack.

Windows Defender - PossibleHostsFileHijack

Scan Results
1 items detected

Select an action to apply:

NameAlert levelActionStatus
SettingsModifier:Win32/PossibleHostsFileHijack MediumClean 

Category Settings Modifier

Description:
This program has potentially unwanted behavior

Advice: Review the alert details to see why the software was detected. If you do not like how the software operates or if you do not recognize and trust the publisher, consider, blocking or removing the software.

Resources: file: C:\WINDOWS\system32\drivers\etc\hosts

View more information about this item online

The link provided by Windows Defender to SettingsModifier:Win32/PossibleHostsFileHijack provided the following information:

Also Known As:

Trojan.Win32.Qhost (Kaspersky)
Qhosts.apd (McAfee)

Summary

A detection of Win32/PossibleHostsFileHijack is an indicator that your HOSTS file may have been modified by malicious or potentially unwanted software. Modifications to the HOSTS file can cause access to certain Internet domains to be redirected or denied. This may prevent the computer from connecting to certain Web sites.

Symptoms

Situations such as the following may be signs that your HOSTS file has been modified without your consent:

  1. You are unable to access a certain Web site that you believe is in operation, such as a site that provides programs to help keep your computer secure.
  2. Your browser connects to a Web site that does not appear to be appropriate, given the Web address you entered.

The hosts file is at c:\windows\system32\drivers\etc\hosts. In this case Windows Defender is flagging it because it has been modified. Typically, it doesn't have much more in it than a reference to the loopback address, i.e. 127.0.0.1 localhost.

In the case of this laptop, Spy Sweeper added entries such as the following:

127.0.0.1 localhost
127.0.0.1 1.httpdads.com #SpySweeperCASS
127.0.0.1 207-87-18-203.wsmg.digex.net #SpySweeperCASS
127.0.0.1 a.mktw.net #SpySweeperCASS
127.0.0.1 a.tribalfusion.com #SpySweeperCASS

Many antispyware programs, such as Spy Sweeper or Spybot Search & Destroy, will add entries to the hosts file, pointing the address to malicious sites or those that distribute adware/spyware to the loopback address, 127.0.0.1, instead. That ensures that if the the system attempts to contact one of those sites, such as httpdads.com , which is listed by SpySweeper, which is antispyware software produced by Webroot Software, Inc., that instead of going to the website distributing the malware, the system instead is directed to the local loopback address on the system itself, preventing the system from contacting the actual website.

So, in this case, I can consider the report a "false positive" and instruct Windows Defender to ignore it.

[/security/spyware/defender] permanent link

Thu, Jun 12, 2008 10:11 pm

Eudora 4.2 Filenames with Spaces

A user of Eudora 4.2 reported that she was unable to open attachments in email messages. When I checked her system I found that I could not open attachments by double-clicking on them, if the attachment's filename had a space in it, but I could open attachments that did not have spaces in the names. Also, when I moved the cursor over the attachment name in the message, I saw %25%20 representing the spaces in the file names, e.g. "Pulte Contact Information.xls" appeared as "Pulte%25%20Contact%25%20Information.xls". The attachments were stored in M:\attach, so I saw the following when I moved the cursor over that file:

file:///M:/attach/Pulte%25%20Contact%25%20Information.xls

When I double-clicked on the attachment, I saw the following error message.

M:\attach\Pulte%20Contact%20Information.xls
Windows cannot find 'M:\attach\Pulte%20Contact%20Information.xls'. Make
sure you typed the name correctly, and then try again. To search for a file,
click the Start button, and then click Search.

OK

A percent sign followed by 20, i.e. %20, is often used to represent a space in filenames within HTML documents, but I didn't know why %25%20 was appearing.

At Corrup path to mail attachments: includes %2520, I found someone reporting a similar problem. A respondent to the original poster provided the following comment:

This happens only when you "use Microsoft's viewer," which means that every email window is actually an Internet Explorer window, in which spaces are not allowed in URLs.

%25 itself represents the character "%" - so after one interpretation by the browser, %2520 becomes %20, which when interpreted a second time represents one space.

However, I get only forward slashes [/] in my paths when using this mode, which also begin with file:///C:/... [three initial forward slashes]

When not "using Microsoft's viewer," then you get backward slashes [\] and the path is file://C:\... [with no %, just spaces]

That described what I saw. I saw forward slashes for the full directory path when I hovered the mouse over the attachment name, but backslashes were listed in the error message that appeared.

Someone else suggested unchecking "Use Microsoft Viewer" in "Tools|Options|ViewingMail". I clicked on Tools, Options, and selected Viewing Mail. I saw the following:

Eudora Viewing Mail options

I unchecked "Use Microsoft's viewer". After closing and reopening Eudora, I was then able to view attachments with spaces in the filenames by double-clicking on them. I noticed that Eudora was now displaying backslashes in the filenames, which is the convention used by Microsoft Windows, when I moved the mouse over them instead of the forward slashes it showed previously.

[/network/email/clients/eudora] permanent link

Sun, Jun 08, 2008 9:47 pm

Microsoft Releasing Seven Patches This Month

Microsoft is releasing 7 patches for Windows this month. Some of the patches plug remote code execution vulnerabilities. One is a critical patch for Internet Explorer (IE) that address a vulnerability in versions of IE from 5.01 through 7. This patch applies to Windows 2000 SP4, XP SP2 and SP3, Windows Server 2003 SP1 and SP2, Vista SP1, and all versions of Windows Server 2008. Further information on the patches is available at " Microsoft To Issue 7 Patches This Month.

References:

  1. Microsoft To Issue 7 Patches This Month
    By Jabulani Leffall
    June 5, 2008
    Redmond | The Independent Voice of the Microsoft IT Community

[/security/patches/windows] permanent link

Sun, Jun 08, 2008 9:43 pm

Spam Accounts for Three-quarters of Email

MessageLabs, an online security company, which provides antispam and antivirus services, reported that three-quarters of the email messages it scanned during May 2008 were spam, an increase of 3.3% from the prior month. MessageLabs also reported that one out of every 170 messages it scanned contained some kind of malicious code with 90% of that malicious code being botware, which can turn a computer into a "zombie" that can be remotely controlled by a "bot herder".

Mark Sunner, MessageLabs MessageLabs' chief security analyst, reported that spammers are now also using Google Docs and Microsoft's SkyDrive free online storage to host the contents of their spam messages. The spammers put a link into the messages they send pointing to online documents hosted on those services, which have the advantage of providing large amounts of bandwidth.

References:

  1. Report: Cyberspace Becoming More Malicious
    By William Jackson
    June 4, 2008
    Redmond Developer News

[/network/email/spam] permanent link

Mon, Jun 02, 2008 6:53 pm

Photoshopping and Digital Forensics

A lot of photos you see posted on the web or sent around by email may have been "photoshopped", i.e. doctored in an image editing program, such as Adobe's Photoshop graphics program. Such photo manipulation has been going on since before the advent of Photoshop, though.A Scientific American article, Digital Forensics: 5 Ways to Spot a Fake Photo, published on June 2, 2008, details techniques that can be used to determine when photos have been digitally altered.

There is an article The Reuters Photo Scandal that discusses the manipulation of images and the staging of photos for political purposes.

[/os/windows/software/graphics/adobe/photoshop] permanent link

Mon, Jun 02, 2008 6:26 pm

Best Buy Pilot Recycling Program

According to engadget's article, Best Buy offers up free electronics recycling in 117 stores, Best Buy has started a pilot recycling program in some of its stores in the Baltimore, San Francisco, and Minnesota areas. Stores in those areas will now accept up to two items per day, per household, including televisions and monitors up to 32-inches, computers, cameras and other devices not including microwaves, air conditioners. or appliances.

I've used Office Depot's recycling program. You can buy boxes in several different sizes into which you can place electronic items to be recycled. You bring the boxes back to the store where someone checks that the items they contain are on the list of those that Office Depot states they will recycle when you buy the boxes. The cost of the boxes depends on their size. A small box is $5, a medium one is $10, and a large one is $15. Details on the program are available at Tech Recycling Services.

Staples also has a recycling program. Details on their program can be found at Staples Soul - Recycling. According to the Staple's website, "A recycling fee of $10 per piece of large equipment is charged to cover handling, transport, product disassembly and recycling. Smaller computer peripherals such as keyboards, mice, and speakers are accepted at no charge."

Engadget has information on other recycling services at http://www.engadget.com/tag/recycling, including information on a U.S. Postal Service recyling program where the Postal Service allows you to ship items to a recycling company for free.

Another service I found mentioned in comments to a June 2, 2008 engadget article, Staples to stock Flexplay self-destructing DVDs was GreenDisk. GreenDisk recycles the following items:

[/hardware/recycling] permanent link

Mon, Jun 02, 2008 5:59 pm

Electronic Book Reading with Kindle

There is a May 28, 2008 article with information on Amazon's Kindle electronic book reader on engadget titled Bezos: second Kindle is "not that near," Amazon to launch paid streaming VoD. I've considered buying one of those. I'm running out of space to store all of my books and am storing boxes of books in my attic now. I'd like to be able to have at least a good portion of them available electronically with the capability to mark passages I find particularly interesting (I never markup my physical books, though). But the price has kept me from buying a Kindle.

According to the article, Amazon's founder, Jeff Bezos, has said that there are 125,000 books available for the Kindle. I didn't know it also could allow you to surf the web or listen to music in MP3 form. One of those posting comments to the article stated the following:

Frank - the Kindle can check e-mail, surf the web, & play mp3s. The browser still needs some work but it is usable. Internet service is free and at decent speeds as long as you are in a Sprint service area. The Kindle is definitely a niche device but could become more mainstream with some changes, primarily price & a larger screen. IMO it's not as ugly in real life as the pictures represent on the web but could use a better design. I have a few other quibbles with it but have no regrets in buying one.

[/ebook] permanent link

Sun, May 25, 2008 7:05 pm

Microsoft Stopping Book Search Project

eWeek reports in a May 25, 2008 article, Microsoft Expels Book Search: Can Google Cash In?, that Microsoft is ending its Live Search Books and Live Search Academic software projects. Under those projects, Microsoft digitized 750,000 books and indexed 80 million journal articles.

Microsoft is apparently ending the projects because it doesn't see them as revenue generating projects. Thankfully, Google, whose own efforts led Microsoft to embark on similar projects, will continue its efforts to digitize books. The Google Book Search Library Project allows one to view snippets of books still under copyright and to download the entire contents of books that are no longer under copyright.

[/network/web/search] permanent link

Thu, May 22, 2008 9:08 pm

perl-Calendar-Simple Package

I needed to install a calendar generation package on a Linux system. I had previously used pcal on another Linux system and decided to use it again, since I was familiar with it and found it met my requirements.

I looked for a pcal RPM package. I found that the perl-Calendar-Simple package contained a pcal program and decided to install it. I installed the package, which is available from http://packages.sw.be/perl-Calendar-Simple/ or RPM PBone. If you are using the RPMforge repository, you can install it with yum or another installer. To configure yum to use the RPMForge repository, see RPMForge Packages and Yum Priorites.

# yum install perl-Calendar-Simple

After I installed the package, I found it installed /usr/bin/pcal. That pcal program was a Perl script. I could use it to generate the current month's calendar by typing pcal or a specific month from the current year with pcal m, where m is a number representing a month, e.g. pcal 6 would display the month of June. Or you can use pcal mm, e.g. pcal 06 for June. That pcal can also generate a calendar for a specific month and year with pcal mm yyyy, e.g. pcal 06 2009 for the calendar for June 2009.

# pcal 06 2009

     June 2009
Su Mo Tu We Th Fr Sa
    1  2  3  4  5  6
 7  8  9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30

But that pcal program didn't offer me as many options as I had with the cal program that was already installed on the system. I didn't need anything particularly fancy, but I did need the capability to generate a calendar in HTML format, which the Perl pcal script didn't provide.

References:

  1. RPMForge Packages and Yum Priorites
    MoonPoint Support
  2. Pcal
    MoonPoint Support
  3. PCAL and LCAL: PostScript Calendar Programs
    SourceForge.net
  4. pcal and lcal - pcal branch
    freshmeat.net

[/languages/perl] permanent link

Sun, May 18, 2008 8:33 pm

Capitalizing the First Letter of Names with Excel

I needed to take a Comma-Separated Values (CSV) file that contained a column of names, with all of the letters in upper case, e.g. "JOHN SMITH", and convert the names to a form where only the first letter of the first name and the first letter of the last name remained in upper case.

I opened the .csv file in Excel and used the proper() function to perform the conversion. Excel provides 3 functions, upper, lower, and proper to change the case of text.

Example: JOHN Smith is in cell A1 of an Excel worksheet

=UPPER(A1) will change the text to all uppercase, i.e. JOHN SMITH

=LOWER(A1) will change the text to all lowercase, i.e. john smith

=PROPER(A1) will change the case to suit a proper name, i.e. John Smith

There were about 1,500 entries in the worksheet, so I didn't want to type a formula in each cell. Instead, I created another column immediately to the right of the one containing the name by clicking on Insert then Columns in Excel. The first cell containing a name was B2. In C2, I put the formula =proper(b2). Then I clicked in the C2 cell to select it. I then held the left mouse button down and extended the highligted area down to the last row containing a name. Since the last such row was row 1482, I highlighted cells C2 through C1482. When I had all of the cells highlighted, I released the mouse button. I then hit Ctrl-D to copy the formula down through all of the higlighted cells (the formula is automatically incremented as it is copied). That resulted in the following formulas in column C.

CellFormula
B2=PROPER(B2)
B3=PROPER(B3)
......
B1481=PROPER(B1481)
B1482=PROPER(B1482)

I then resaved the file in csv format and closed it. I then reopened it in Excel. Since it was saved in CSV format, column C had the names with the correct capitalization now without any formula attached to them. I then deleted column B, which had the names in all capital letters. I then resaved the file.

Note: If you have a name in the form "JOHN S SMITH III", proper will convert the name to "John S Smith Iii", so you may need to scan through the list of names for such instances.

References:

  1. Properly Capitalize Text with "Proper"
    Lega Andrew - law for the rest of us
  2. text case conversion in excel
    Excel Lesson (97 and 2002)
    CastleJB.com

[/os/windows/office/excel] permanent link

Fri, May 16, 2008 4:19 pm

Displaying Line Numbers in Vi

To turn on the display of line numbers in the vi editor, use the following command:

:set number

To turn off the dispaly of line numbers, use the command below:

:set nonumber

[/software/editors/vi] permanent link

Fri, May 16, 2008 3:20 pm

Delete Lines Containing or Not Containing a String Using Vi

To delete all lines containing a string or all lines not containing a particular string, you can use the global search options in the Vi editor.

Global Search

:g/string/command
command affects lines containing string
:v/string/command
command affects lines not containing string

To delete all lines containing "foo" you could use the following command:

:g/foo/d

To delete all lines not containing "foo" you could use the following command:

:v/foo/d

References:

  1. vi Reference Card
    JILA

[/software/editors/vi] permanent link

Thu, May 15, 2008 11:00 pm

Comcast and Cox Continue to Block BitTorrent Traffic

A report by Germany's Max Planck Institute reveals that Comcast and Cox Communications are blocking BitTorrent traffic throughout the day, despite Comcast's claims that it only throttles BitTorrent Traffic during peak network hours. Comcast also claims that its throttling of BitTorrent traffic is imperceptible to its customers. It is likely true that most of Comcast's customers won't realize that degraded performance for BitTorrent transfers are occurring because Comcast is actively throttling that traffic.

References:

  1. Cox, Comcast Accused of More BitTorrent Blocking
    By Roy Mark
    May 15, 2008
    eWeek.com

[/network/p2p] permanent link

Tue, May 13, 2008 11:13 pm

Xming X Server for Windows

If you need X server software for a Microsoft Windows system, the Xming X Server is a free, open source implementation of an X server.

The software can be downloaded from SourceForge.net: Xming X Server for Windows. Download and install the Xming installer and the Xming-fonts installer. You can use the /silent or /verysilent command-line parameters for an unattended installation.

[/network/x] permanent link

Tue, May 13, 2008 10:21 pm

Apache AllowOverride AuthConfig Directive

You can control access to directories on an Apache webserver by placing .htaccess files in those directories and creating .htpasswd files containing userids and passwords required to access the directories. But Apache won't use those .htaccess and .htpasswd files unless you modify Apache's httpd.conf configuration file, which will likely be at /etc/httpd/conf/httpd.conf on a Linux system.

To permit usage of those files to control access to directories on the webserver, edit httpd.conf and replace the AllowOverride None in the <Directory /> section with AllowOverride AuthConfig.

#
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>

You can use the .htaccess and .htpasswd method without changing the AllowOverride None line in the following section of httpd.conf.

#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
#   Options FileInfo AuthConfig Limit
#
    AllowOverride None

References:

  1. Authentication, Authorization and Access Control
    The Apache HTTP Server Project
  2. Using Apache realms to password-protect your website
    Last modified: January 09 2006
    Linux/Mac Web, Database, Email, DNS Server Administration and Security Howtos
  3. USING .HTACCESS & HTPASSWD TO PROTECT YOUR FILES FROM UNAUTHORIZED ACCESS
    BigNoseBird.Com

[/network/web/server/apache] permanent link

Sun, May 11, 2008 9:46 pm

Changing Ports Used by Eudora

You can change the ports used by Eudora for outgoing or incoming email from the standard SMTP and POP3 ports, which are 25 and 110, respectively. To do so, close Eudora then move the esoteric.epi file from Eudora Pro\extrastuff up one directory to Eudora Pro, presuming that you installed Eudora in \Program Files\Eudora Pro. Then take the following steps:
  1. Click on Tools.
  2. Scroll down to Ports.
  3. You can then put in a port number, e.g. 587 in the SMTP field, so that Eudora would connect to port 587 on the SMTP server rather than the default port of 25.
  4. Click on the OK button.

Note: tested with Eudora 4.2.2

References:

  1. Esoteric.epi / Esoteric Settings (Windows)
    Eudora
  2. Changing Ports for Sending/Receiving (Win)
    Eudora

[/network/email/clients/eudora] permanent link

Sun, May 11, 2008 9:10 pm

Eudora and SMTP AUTH

Many email servers require senders to authenticate with the server by some mechanism, such as by providing a userid and password, when attempting to send email through the email server that is not destined for an email address residing on the server itself.

If you are attempting to send an email message using Eudora and you see a message similar to the one below, then the SMTP server that Eudora has been configured to use for outgoing email likely requires authentication.

Can't send to 'someone@example.com'. The server gives this reason: '550 5.7.1
<someone@example.com>... Relaying denied. Proper authentication required.'.

Version 4.2.2 of Eudora supports authentication when sending email. If you have a Windows 4.x version of Eudora, you can upgrade it to version 4.2.2 by downloading ep4xto422.exe from the updater422 folder on the Qualcomm FTP site. Version 4.2.0 doesn't support authenticating when sending email, though the help files indicate that it does, according to Eudora Pro 4.x - SMTP Auth . If you don't know which version of Eudora you are running, you can click on Help and then About in Eudora. You should see "Version 4.2.2" for that version.

To enable authentication when sending in Eudora 4.2.2, you must edit the eudora.ini file. Close Eudora, if it is open, and add the following two lines below the [Settings] line in eudora.ini file.

SMTPAuthRequired=1
SMTPAuthAllowed=1

Then, when you reopen Eudora, SMTP authorization should be enabled.

Note: there are different methods of authenticating with an email server. If you see a message similar to the following, the email server does not support the authentication method used by Eudora.

<Dominant>, Connecting to the Mail Server..., [05:24:13 PM]
Can't find a supported authentication mechanism for sending messages, and you've
specified to require authentication.

For instance, Eudora 4.2.2 doesn't support the Plain and Login methods.

You can determine which authentication methods a server supports by using telnet to connect to port 25 on the server, which is the standard SMTP port. After you issue an HELO or EHLO command and some name for the system from which you are connecting, e.g. "laptop" or "mysystem.example.com", you should see AUTH listed as one of the commands the server understands with the authentication methods it supports listed immediately after AUTH on the same line.

telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 example.com ESMTP Sendmail 8.13.8/8.13.8; Sun, 11 May 2008 17:28:54 -0400
ehlo laptop
250-example.com Hello localhost.localdomain [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-DELIVERBY
250 HELP

In the example above, the email server only supports the LOGIN and PLAIN methods, which resulted in Eudora complaining that it "Can't find a supported authentication mechanism for sending messages, and you've specified to require authentication."

According to Negotiating an SMTP AUTH Authentication Mechanism, "The standard Eudora client (downloadable from www.eudora.com) tries to use CRAM-MD5 by default."

If an email server supports CRAM-MD5 and DIGEST-MD5, you would see the following, if you connected to port 25 on the server, after you issued an helo or ehlo command..

250-AUTH DIGEST-MD5 CRAM-MD5

References:

  1. Eudora Pro 4.x - SMTP Auth
    jellico.com, Inc.
  2. Negotiating an SMTP AUTH Authentication Mechanism
    By Weldon Whipple
    Technoids.org

[/network/email/clients/eudora] permanent link

Sat, May 10, 2008 10:33 pm

Adding Another MIME Type to Apache

I posted a Microsoft Agent .acs file on my Apache webserver. I tried to download the file to a Windows XP system with a web browser, but when I opened the URL, the browser attempted to display the file rather than giving me the option to download it.

To rectify the problem, I had to add another MIME type to the Apache webserver httpd.conf file. I edited /etc/httpd/conf/httpd.conf and added an AddType line for the .acs file extension.

#
# AddType allows you to add to or override the MIME configuration
# file mime.types for specific file types.
#
#AddType application/x-tar .tgz
AddType application/octet-stream .acs

I then restarted the Apache webserver with apachectl restart. Afterwards when I visited the URL again, I was prompted as to whether I wanted to download the file.

References:

  1. Apache Module mod_mime
    The Apache Server Project
  2. Help: Unable to serve XBAP from Apache?
    Posted: August 29, 2006
    Vista Forums

[/network/web/server/apache] permanent link

Sat, May 10, 2008 7:51 pm

Using Clamav-Milter With Sendmail

For a CentOS 5.1 email server, I wanted to check email passing through the server with Clam AntiVirus I installed the clamav-milter package for sendmail with yum install clamav-milter. I had previously installed support for the RPMForge repository as described in RPMForge Packages and Yum Priorites, which allowed me to use yum to download and install clamav and clamav-milter on the system. Since clamav, clamav-db, and clamd were dependencies for clamav-milter, they were installed as well when I ran yum install clamav-milter.

After the packages were installed, I check the ClamAV definitions with the freshclam command.

# freshclam -V
ClamAV 0.93/6688/Wed Apr  9 10:40:38 2008

I verified that the version of sendmail on the system provides milter support with sendmail -d0 < /dev/null | grep MILTER. If sendmail provides milter support, MILTER will be listed in the output. Sendmail 8.13 enables MILTER support by default. See Clam AntiVirus Milter Setup and Debugging for details on how to add MILTER support for prior versions.

# sendmail -d0 < /dev/null | grep MILTER
                MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6

According to Clam AntiVirus Milter Setup and Debugging, the libmilter* library must be installed on the system to use clamav-milter, so I checked for the presence of libmilter files with locate libmilter, but none were listed. The instructions suggested that if the library is not installed, one should "go to the Sendmail source directory, change into the libmilter subdirectory and run the install script." But there was no sendmail source directory on the system, since sendmail had been installed through a package when I initially set up the system. Since the instructions also stated "Some operating systems provide MILTER support via a port or package", I thought I would just proceed to see what happened.

The next step listed was to configure clamav with --enable-milter . I presumed that was already taken care of when I installed the clamav-milter package, so I proceeded to the "configure clamd.conf" step. I checked /etc/clamd.conf, but didn't make any changes.

The installation of the clamav-milter package placed two files in /etc/init.d.

# ls -l /etc/init.d/clam*
-rwxr-xr-x 1 root root 1258 Mar  7  2007 /etc/init.d/clamav-milter
-rwxr-xr-x 1 root root 1130 Nov  1  2006 /etc/init.d/clamd

It also installed and turned on two system services.

# chkconfig --list clamd
clamd           0:off   1:off   2:on    3:on    4:on    5:on    6:off
# chkconfig --list clamav-milter
clamav-milter   0:off   1:off   2:on    3:on    4:on    5:on    6:off

I started the Clam AntiVirus daemon with /etc/init.d/clamd

# vi /etc/init.d/clamd
# /etc/init.d/clamd start
Starting Clam AntiVirus Daemon:                            [  OK  ]

You then need to configure sendmail for clamav-milter support. If you try launching clamav-milter first, you will get the error shown below:

# /etc/init.d/clamav-milter start
Starting Clamav Milter Daemon: clamav-milter: socket-addr (local:/var/clamav/clm
ilter.socket) doesn't agree with sendmail.cf
                                                           [FAILED]

So I put the following line as the last line in /etc/mail/sendmail.mc

INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav-milter.sock, F=T, T=S:4m;R:4m')

I then rebuilt the sendmail.cf file from sendmail.mc with the following command:

m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

When I tried restarting sendmail, though, I received a warning message:

# /etc/init.d/sendmail restart
Shutting down sm-client:                                   [  OK  ]
Shutting down sendmail:                                    [  OK  ]
Starting sendmail: WARNING: Xclmilter: local socket name /var/run/clamav/clmilte
r.sock missing
                                                           [  OK  ]
Starting sm-client:                                        [  OK  ]

I then looked in /etc/sysconfig/clamav-milter and saw the following:

### Simple config file for clamav-milter, you should
### read the documentation and tweak it as you wish.

CLAMAV_FLAGS="
    --config-file=/etc/clamd.conf
    --force-scan
    --local
    --max-children=10
    --noreject
    --outgoing
    --quiet
"
SOCKET_ADDRESS="local:/var/clamav/clmilter.socket"

Since according to the SOCKET_ADDRESS in that file, clmilter.socket was expected in /var/clamav, I modified the line I added to the end of /etc/mail/sendmail.mc to be as shown below:

INPUT_MAIL_FILTER(`clmilter', `S=local:/var/clamav/clmilter.socket, F=T, T=S:4m;R:4m')

I then rebuilt the sendmail.cf file from sendmail.mc, restarted clamav-milter, and restarted sendmail.

# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
# /etc/init.d/clamav-milter restart
Stopping Clamav Milter Daemon:                             [FAILED]
Starting Clamav Milter Daemon: Your LANG environment variable is set to 'en_US.U
TF-8'
This is known to cause problems for some clamav-milter installations.
If you get failures with temporary files, please try again with LANG unset.
LibClamAV Error: cl_cvdhead: Can't open file /var/clamav/daily.inc/daily.info
Loaded ClamAV version 0.93, clamav-milter version 0.93
ClamAV: Protecting against 280776 viruses
                                                           [  OK  ]
# /etc/init.d/sendmail restart
Shutting down sm-client:                                   [  OK  ]
Shutting down sendmail:                                    [  OK  ]
Starting sendmail:                                         [  OK  ]
Starting sm-client:                                        [  OK  ]

The "failed" for the restart of clamav-milter was probably because it wasn't started at the time; so I could have used clamav-milter start. I also saw an error message regarding "LibClamAV Error: cl_cvdhead: Can't open file /var/clamav/daily.inc/daily.info", but when I sent a test message to an account on another system, I saw "X-Virus-Scanned: ClamAV version 0.93, clamav-milter version 0.93" in the message's headers. I saw the same header in a message I sent from the account on the other system to the one running ClamAV. I also saw the header "X-Virus-Status: Clean". So ClamAV appeared to be scanning incoming and outgoing email.

References:

  1. Clam AntiVirus Milter Setup and Debugging
    Jeremy Mates's Domain
  2. Installing clamav-milter on FreeBSD
    Ring of Saturn Internetworking

[/network/email/sendmail] permanent link

Fri, May 09, 2008 10:03 pm

Scheduling a Backup Task in Symantec Ghost 7.5

  1. On the View menu, click Scheduler. All scheduled tasks will appear.
  2. On the Task menu, click New Task.
  3. Expand the Tasks folder.
  4. Select the task that you want to schedule, then click on the OK button.
  5. On the Schedule tab, set the date, time, and frequency with which to execute the task.

    Ghost Console Scheduled Task

  6. On the Task tab, in the Run as field, type the user name of the person who is running the task. The default is the logged on user.
  7. Click on the Set Password button.
  8. In the Password field, type your password. You must type a password to run the task. The password is confirmed when the task runs.
  9. In the Confirm field, type your password again to confirm that it is entered correctly.
  10. Click on the OK button.

[/os/windows/utilities/backup/ghost] permanent link

Wed, May 07, 2008 9:21 pm

Online Tools to Check MX Records

Two webpages offering online tools to look up MX record information for a domain are listed below:

Check MX Records for Email Tool - Live2Support.com
MX Lookup - MXToolbox.com

[/network/dns] permanent link

Wed, May 07, 2008 6:00 pm

Remote Web Workplace Users

A user in a domain with a Windows Small Business Server (SBS) 2003 domain controller told me that she could establish a VPN from home by entering her userid, password, and domain information, but then when she opened her browser and pointed it to the SBS 2003 server and tried to establish a "Remote Web Workplace" connection, her userid and password wouldn't be accepted, though she was using the same ones as for the VPN connection. She would see the error message below:

The user name or password is incorrect. Verify that CAPS LOCK is not on, and then retype the current user name and password. If you receive this message again, contact your system administrator to ensure that you have the correct permissions to use the Remote Web Workplace.

In checking on the problem, I found her account was not a member of the "Remote Web Workplace Users" group. The procedure for adding an account to that group is listed below.

  1. Click on Start.
  2. Select Administrative Tools.
  3. Select Activer Directory Users and Computers.
  4. Under the domain name, select My Business, Users, SBSUsers, and then the user's account or, under the domain name, select Users and the user's account, if it is located there instead.
  5. Right-click on the user's account and select Properties.
  6. Click on the Member Of tab.
  7. The user should already be a member of Domain Users. You need to click on the Add button.
  8. In the "Enter the ojbect names to select" field, type Remote Web Workplace.
  9. Click on the Check Names button. You should then see "Remote Web Workplace Users" appear in the field underlined.
  10. Click on OK.
  11. Click on OK again to close the "Properties" window for the user's account.

[/os/windows/server2003] permanent link

Tue, May 06, 2008 10:58 pm

Sendmail Anti-Spam Blacklist Feature

To reduce the amount of spam reaching user's inboxes, I made some modifications to the /etc/mail/sendmail.mc file on a Linux server running sendmail.

The sendmail.mc already had the line FEATURE(`blacklist_recipients')dnl. The blacklist_recipients feature turns on the ability to block incoming mail for certain recipient usernames, hostnames, or addresses. For example, you can block incoming mail to user nobody, host foo.mydomain.com, or guest@bar.mydomain.com. These specifications are put in the /etc/mail/access file.

Immediately below that line, I added the following lines to use the McFadden Associates E-Mail Blacklist, the Spamhaus Block List, and the Passive Spam Block List.

FEATURE(`dnsbl', `bl.csma.biz', `550 Spam Block: mail from $&{client_addr} refused - See http://bl.csma.biz/')dnl
FEATURE(`dnsbl', `sbl.spamhaus.org', `550 Spam Block: mail from $&{client_addr} refused - See http://www.spamhaus.org/sbl/')dnl
FEATURE(`dnsbl', `psbl.surriel.com', `550 Spam Block: mail from $&{client_addr} refused - see http://psbl.surriel.com/')dnl

I removed the "dnl" from the beginning of the following line, which "uncomments" the directive, to allow the system to accept email from users who have authenticated by a trusted mechanism defined by TRUST_AUTH_MECH (see Sendmail Authorization for Outgoing Email).

dnl FEATURE(delay_checks)dnl

I didn't want a user's email to be rejected because the user's system received a dynamically assigned IP address previously assigned to a system sending out spam, which I've seen happen previously. By using the delay_checks feature, you can have sendmail skip the check_mail and check_relay rulesets, if the sender has been authenticated by a "trusted" mechanism, such as by sending the user's userid and password to the server when sending email.

I then regenerated the sendmail.cf file from the sendmail.mc file and restarted sendmail with the commands below.

m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
/etc/init.d/sendmail restart

References:

  1. Sendmail cf/README - Features
    sendmail.org
  2. Sendmail cf/README - Anti-Spam Configuration Control sendmail.org
  3. Passive Spam Block List (PSBL) Added
    MoonPoint Support
  4. Sendmail Authorization for Outgoing Email
    MoonPoint Support
  5. McFadden Associates E-Mail Blacklist
  6. Spamhaus Block List
  7. Passive Spam Block List

[/network/email/sendmail] permanent link

Mon, May 05, 2008 10:23 pm

Outlook 2002 Email Messages Not Opening

I found that when I double-clicked on email messages in Outlook 2002 on a user's system, they would not open. I couldn't open a message by right-clicking on the message and choosing Open either. I was able to eliminate the problem by turning off the Google Desktop add-in within Outlook, which can be done by the following steps:
  1. Click on Tools.
  2. Select Options.
  3. Click on the Other tab.
  4. Click on the Advanced Options button.
  5. Click on the Add-in Manager button.
  6. Uncheck "Google Desktop Search Outlook Addin".
  7. Click on OK.
  8. Click on Com Add-ins.
  9. Uncheck "Google Desktop Outlook Toolbar.
  10. Click on OK.
  11. Click on OK again.
  12. Click on OK to close the Options window.

[/network/email/clients/outlook] permanent link

Mon, May 05, 2008 7:37 pm

Sendmail Authorization for Outgoing Email

A CentOS 5.1 email server wasn't allowing email clients, such as Outlook, to relay email through it by providing a userid and password for authorization for outgoing email. I configured an email client, SimpleCheck, to use the same userid and password when sending email as for checking incoming email. I configured it to use the "plain" authorization method when sending email. That didn't work, nor did using "login" or "CRAM-MD5" for the authorization method. I would get an error message stating "'PLAIN' authorization is not supported by the server" when I used the "plain" authorization method. I got similar messages for the other authorization methods.

The server was running sendmail, which supports SMTP AUTH as defined in RFC 2554 which is based on SASL.

The Cyrus SASL package should be installed to enable sendmail to support the AUTH command for authorization. I checked on whether it was installed with rpm -qi cyrus-sasl. I saw it was installed. I then tried sendmail -d0.1 -bv root | grep SASL and saw NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS. The "SASLv2" in the output confirmed that support for SASL was present.

But when I connected to the SMTP port by telnet, I didn't see the AUTH command listed when I issued an ehlo command. And I received messages that the "plain", "login", "cram-md5", and "digest-md5" authorization methods weren't supported when I issued auth commands for those authentication methods.

# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 example.com ESMTP Sendmail 8.13.8/8.13.8; Tue, 6 May 2008 10:34:34 -0400
ehlo laptop
250-example.com Hello localhost.localdomain [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-DELIVERBY
250 HELP
AUTH LOGIN
504 5.3.3 AUTH mechanism LOGIN not available
AUTH PLAIN
504 5.3.3 AUTH mechanism PLAIN not available
AUTH CRAM-MD5
504 5.3.3 AUTH mechanism CRAM-MD5 not available
AUTH DIGEST-MD5
504 5.3.3 AUTH mechanism DIGEST-MD5 not available
quit

When I used the testsaslauthd command to check that the saslauthd daemon was installed and running properly, I saw that it was working properly.

# testsaslauthd -s smtp -u jdoe -p HerPassword
0: OK "Success."

You can test SASL support with the testsaslauthd command by specifying a username and its associated password on the system with -u username -p password. The -s service option specifies a particular service. Common service names are "imap", "sieve", and "smtp".

I then looked at /etc/mail/sendmail.mc. I saw define(`confAUTH_OPTIONS', `A')dnl, which provides a list of options for SMTP AUTH was not commented out, so I left it as is. I left the "dnl" at the beginning of the following line, which appeared later in the file. The p option in it would result in sendmail not accepting the PLAIN and LOGIN AUTH methos unless they were protected by a security latyer, such as is provided by STARTTLS.

dnl define(`confAUTH_OPTIONS', `A p')dnl

The sendmail AUTH_OPTIONS options are as follows:

      AuthOptions
                [no short name] List  of  options  for  SMTP
                AUTH  consisting  of  single characters with
                intervening white space or commas.

                    A   Use the AUTH= parameter for the MAIL FROM
                        command only when authentication succeeded.
                        This can be used as a workaround for broken
                        MTAs that do not implement RFC 2554 correctly.
                    a   protection from active (non-dictionary) attacks
                        during authentication exchange.
                    c   require mechanisms which pass client credentials,
                        and allow mechanisms which can pass credentials
                        to do so.
                    d   don't permit mechanisms susceptible to passive
                        dictionary attack.
                    f   require forward secrecy between sessions
                        (breaking one won't help break next).
                    p   don't permit mechanisms susceptible to simple
                        passive attack (e.g., PLAIN, LOGIN), unless a
                        security layer is active.
                    y   don't permit mechanisms that allow anonymous login.

                The first option applies to  sendmail  as  a
                client, the others to a server.  Example:

                    O AuthOptions=p,y

                would  disallow  ANONYMOUS as AUTH mechanism
                and would allow PLAIN and LOGIN  only  if  a
                security  layer (e.g., provided by STARTTLS)
                is already active.  The  options  'a',  'c',
                'd',  'f',  'p', and 'y' refer to properties
                of the selected SASL  mechanisms.   Explana-
                tions  of  these  properties can be found in
                the Cyrus SASL documentation.

I removed "dnl" from beginning of the following 2 lines to uncomment them:

dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

The relevant lines were then as follows:

define(`confAUTH_OPTIONS', `A')dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

I then rebuilt the sendmail.cf file from the sendmail.mc file using m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf. I then restarted sendmail with /etc/init.d/sendmail restart.

When I then used telnet to connect to the SMTP port, port 25, on the server, I saw AUTH listed when I issued the ehlo command.

# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 example.com ESMTP Sendmail 8.13.8/8.13.8; Tue, 6 May 2008 13:44:58 -0400
ehlo laptop
250-example.com Hello localhost.localdomain [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-DELIVERBY
250 HELP

Testing with SimpleCheck, I was then able to send a message with it configured to use the PLAIN or the LOGIN authorization mechanism.

References:

  1. SMTP AUTH in sendmail 8.10-8.13
    sendmail.org
  2. Cyrus SASL for System Administrators
    SEPP Application Catalog
  3. sendmail AUTH_OPTIONS
    lists.freebsd.org Mailing Lists
  4. Using SMTP AUTH and STARTTLS with sendmail
    A quick start guide for Red Hat/Fedora Linux
    joreybump.com

[/network/email/sendmail] permanent link

Sun, May 04, 2008 11:11 pm

Configuring Dovecot

I needed to provide POP3 email service on a CentOS system. The default POP server under Red Hat Enterprise Linux is /usr/lib/cyrus-imapd/pop3d and is provided by the cyrus-imapd package. But that package was not installed on the system. Another IMAP and POP3 package available for CentOS systems is Dovecot, which provies an open source IMAP and POP3 server for Linux/UNIX-like systems. I checked to see if dovecot was installed with rpm -qi dovecot. It was. I then checked on whether it was active. It was not.

# chkconfig --list dovecot
dovecot         0:off   1:off   2:off   3:off   4:off   5:off   6:off

I turned it on so that it would be operational after the next reboot with chkconfig dovecot on.

# chkconfig dovecot on
[root@frostdragon ~]# chkconfig --list dovecot
dovecot         0:off   1:off   2:on    3:on    4:on    5:on    6:off

I then started the service with service dovecot start.

# service dovecot start
Starting Dovecot Imap:                                     [  OK  ]

I could then see that the system was listening on the imap, imaps, pop3, and pop3s ports.

# netstat -a | grep imap
tcp        0      0 *:imaps                     *:*                         LISTEN
tcp        0      0 *:imap                      *:*                         LISTEN
[root@frostdragon archive]# netstat -a | grep pop3
tcp        0      0 *:pop3s                     *:*                         LISTEN
tcp        0      0 *:pop3                      *:*                         LISTEN

Dovecot can be configured to handle mailboxes for system users, i.e. for accounts on the system or for virtual users. Since the majority of people who would be using the server for email would have no need to log into the system and since I wanted to be able to have john@example.com and john@anotherexample.com, I chose to configure Dovecot for virtual users.

The Dovecot Wiki has this to say about usernames and domains:

Usernames and domains

Dovecot doesn't care much about domains in usernames. IMAP and POP3 protocols currently have no concept of "domain", so the username is just something that shows up in your logs and maybe in some configuration, but they have no direct functionality.

So although Dovecot makes it easier to handle "user@domain" style usernames (eg. %n and %d variables), nothing breaks if you use for example "domain%user" style usernames instead. However some authentication mechanisms do have an explicit support for realms (pretty much the same as domains). If those mechanisms are used, the username is changed to be "user@realm".

And of course there's no need to have domains at all in the usernames.

I followed the instructions in Simple Virtual User Installation. I didn't need to create a dovecot user, since one already existed in /etc/passwd. I did need to create a vmail user account and group, which is used to access the mail for all users.

# grep dovecot /etc/passwd
dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin
# useradd -u 103 -c Dovecot vmail

The above useradd command created the vmail user and group and automatically created a /home/vmail directory owned by vmail:vmail, under which the email for all users is stored. [Note: you may want to use a UID greater than 500 rather than 103 as in the example above to avoid the problem noted below where the dovecot configuration file by default only permits a UID greater than 500]

I created /var/log/dovecot.log and /var/log/dovecot-info.log and changed the owner and group for those files to vmail.

# touch /var/log/dovecot.log /var/log/dovecot-info.log
# chown vmail /var/log/dove*; chgrp vmail /var/log/dove*;

I then edited /etc/dovecot.conf and changed the settings for the log files.

Original

# Use this logfile instead of syslog(). /dev/stderr can be used if you want to
# use stderr for logging (ONLY /dev/stderr - otherwise it is closed).
#log_path =

# For informational messages, use this logfile instead of the default
#info_log_path =

Modified

# Use this logfile instead of syslog(). /dev/stderr can be used if you want to
# use stderr for logging (ONLY /dev/stderr - otherwise it is closed).
log_path =  /var/log/dovecot.log

# For informational messages, use this logfile 
info_log_path = /var/log/dovecot-info.log

The default line in /etc/dovecot.conf for plaintext authentication is as follows:

#disable_plaintext_auth = no

Since disable_plaintext_auth has a default value of "no", I didn't have to uncomment that line.

I created a directory for the dovecot password file with mkdir /etc/dovecot and then set up a password file in /etc/dovecot/passwd. I changed the protection on the file with chmod 600 /etc/dovecot/passwd, so that only root would have access, since I don't want others with accounts on the system to be able to read the contents of the file. I created entries in the passwd file with entries like the following:

jdoe@example.com:{PLAIN}HerPassword

I then modified the checkpassword section of /etc/dovecot.conf

Original

  # checkpassword executable authentication
  # NOTE: You will probably want to use "userdb prefetch" with this.
  # http://wiki.dovecot.org/PasswordDatabase/CheckPassword
  #passdb checkpassword {
    # Path for checkpassword binary
    #args =
  #}

Modified

  # passwd-like file with specified location
  # http://wiki.dovecot.org/AuthDatabase/PasswdFile
  passdb passwd-file {
    # Path for passwd-file
    args = /etc/dovecot/passwd
  }

I then restarted dovecot with service dovecot restart. I then tested dovecot by using telnet to connect to port 110, the pop3 port, on the system. I could connect to port 110, but didn't get any response to the user and pass commands. I looked in /var/log/dovecot and saw the following errors recorded:

dovecot: May 04 13:35:26 Error: Temporary failure in creating login processes, slowing down for now
dovecot: May 04 13:35:26 Error: imap-login: imap-login: error while loading shared libraries: libsepol.so.1: failed to map segment from shared object: Cannot allocate memory
dovecot: May 04 13:35:26 Error: imap-login: imap-login: error while loading shared libraries: libsepol.so.1: failed to map segment from shared object: Cannot allocate memory
dovecot: May 04 13:35:26 Error: pop3-login: pop3-login: error while loading shared libraries: libsepol.so.1: failed to map segment from shared object: Cannot allocate memory
dovecot: May 04 13:35:26 Error: pop3-login: pop3-login: error while loading shared libraries: libsepol.so.1: failed to map segment from shared object: Cannot allocate memory
dovecot: May 04 13:35:26 Error: pop3-login: pop3-login: error while loading shared libraries: libsepol.so.1: failed to map segment from shared object: Cannot allocate memory
dovecot: May 04 13:35:26 Error: child 30454 (login) returned error 127
dovecot: May 04 13:35:26 Error: child 30455 (login) returned error 127

At Redhat Dovecot error while loading shared libraries: libsepol.so.1: failed to map segment from shared object: Cannot allocate memory, I found a suggestion to edit /etc/dovecot.conf and modify the login_processes_size line so that it is login_process_size = 64. The writer states on that webpage that "This error is not related to shared libraries. You need to set maximum process size in megabytes. If you don't use login_process_per_connection you might need to grow this."

When I looked in /etc/dovecot.conf, I saw the following line:

#login_process_size = 32

I removed the "#" and changed the line to login_process_size = 64 . I then restarted dovecot with service dovecot restart. I no longer saw the error messages in the /var/log/dovecot.log file.

When I again checked email for accounts by using telnet 127.0.0.1 110, I was able to check an account, jsmith, listed in /etc/passwd, but not the jdoe@example.com account listed in the /etc/dovecot/passwd file I created.

# telnet 127.0.0.1 110
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
+OK Dovecot ready.
user jdoe@example.com
+OK
pass HerPassword
-ERR [IN-USE] Internal login failure. Refer to server log for more information.
Connection closed by foreign host.
[root@frostdragon log]# telnet 127.0.0.1 110
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
+OK Dovecot ready.
user jsmith
+OK
pass HisPassword
+OK Logged in.
stat
+OK 0 0
quit
+OK Logging out.
Connection closed by foreign host.

When I looked in /etc/dovecot.conf, I saw dovecot: May 04 14:03:20 Error: auth(default): userdb(jdoe@example.com,::ffff:127.0.0.1): user not found from userdb.

I then realized I also needed to modify the "userdb static" section of /etc/dovecot.conf. I made the following changes:

Original

  # static settings generated from template
  # http://wiki.dovecot.org/UserDatabase/Static
  #userdb static {
    # Template for the fields. Can return anything a userdb could normally
    # return. For example:
    #
    #  args = uid=500 gid=500 home=/var/mail/%u
    #
    #args =
  #}

Modified

  # static settings generated from template
  # http://wiki.dovecot.org/UserDatabase/Static
  userdb static {
    # Template for the fields. Can return anything a userdb could normally
    # return. For example:
    #
    #  args = uid=500 gid=500 home=/var/mail/%u
    #
    args = uid=vmail gid=vmail home=/home/vmail/%u
  }

I then restarted dovecot with service dovecot restart. But I still couldn't check email for the virtual user account jdoe@example.com. In the /var/log/dovecot.log file, I saw dovecot: May 04 14:34:19 Error: Logins with UID 103 (user jdoe@example.com) not permitted (see first_valid_uid in config file)

When I checkd the /etc/dovecot.conf, I found the following:

# Valid UID range for users, defaults to 500 and above. This is mostly
# to make sure that users can't log in as daemons or other system users.
# Note that denying root logins is hardcoded to dovecot binary and can't
# be done even if first_valid_uid is set to 0.
#first_valid_uid = 500
#last_valid_uid = 0

I then realized, since I created the vmail account with a UID of 103, that the dovecot configuration file was preventing a login for it, because it was less than 500. I could have changed the first_valid_uid value in dovecot.conf, but I decided to delete the vmail account and its associated home directory and then recreate it with a UID greater than 500. I then restarted dovecot

# userdel vmail
# rm -rf /home/vmail
# useradd -u 502 -c "Dovecot Virtual Users" vmail 
# service dovecot restart

I was then able to check email for both user accounts on the system and virtual user accounts. I saw that dovecot created a /home/vmail/jdoe@example.com directory under /home/vmail.

At this point, though I could login to the POP3 port, port 110, and get dovecot to accept the userid and password for a virtual user, sendmail would return a "user unknow" message, if I tried to send email to a virtual user, because sendmail knew nothing about the dovecot virtual users. So using the instructions in Dovecot LDA with Sendmail as a starting point, I took the steps below.

I created the file /usr/share/sendmail-cf/mailer/dovecot.m4 and put the lines below in it:

######################*****##############
###   DOVECOT Mailer specification                              ###
##################*****##################
Mdovecot,   P=/usr/local/libexec/dovecot/deliver, F=DFMPhnu9,
                 S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP/HdrFromSMTP,
                 T=DNS/RFC822/X-Unix,
                 A=deliver -d $u

In /etc/mail/sendmail.mc, I had the following two lines:

MAILER(smtp)dnl
MAILER(procmail)dnl

I added MAILER(dovecot)dnl after those two lines. I then regenerated the sendmail.cf file using the m4 command.

# m4 /etc/mail/sendmail.mc > /etc/mailsendmail.cf

Unfortunately, that did not resolve the issue with virtual users. I still haven't been able to get that working.

References:

  1. Chapter 23. Email
    CentOS
  2. Basic Configuration
    Dovecot Wiki
  3. Virtual Users
    Dovecot Wiki
  4. Simple Virtual User Installation
    Dovecot Wiki
  5. Passwd-file
    Dovecot Wiki
  6. Redhat Dovecot error while loading shared libraries: libsepol.so.1: failed to map segment from shared object: Cannot allocate memory
    nixCraft Insight Into Linux Admin Work
  7. Dovecot LDA with Sendmail
    Dovecot Wiki

[/network/email/dovecot] permanent link

Sun, May 04, 2008 6:39 pm

Adding a New VIP Service to a NetScreen Firewall

To add a new Virtual IP (VIP) service to a NetScreen firewall, such as the NetScreen-5GT, through the Web management user interface (WebUI) for the firewall, take the following steps:
  1. Login into the firewall using a web browser.
  2. Click on Network.
  3. Click on Interfaces.
  4. For the Untrust interface, click on Edit.
  5. In the Properties line at the top of the webpage, you will see VIP. Click on VIP.
  6. If you see an Add/Modify VIP Entry field with no VIP services listed beneath it, select "Same as the untrusted interface IP address" and click on Add, otherwise proceed to the next step.
  7. Click on the New VIP Service button
  8. The Virtual IP field should show the IP address for the Untrust interface. Put the appropriate value in the Virtual Port field, e.g. 110 for POP3. Select the appropriate service for the Map to Service field, e.g "POP3(110)" for POP3. For the Map to IP value, put in the IP address for the internal server for which you want to provide access to this service, e.g. 192.168.10.24, if that was the IP address for the POP3 server behind the firewall.
  9. Click on the OK button.

Once the VIP service is configured, you need to set up a new firewall rule, aka policy, to permit traffic from the outside of the firewall through to the inside for this new service.

To do so, take the following steps:

  1. Click on Policies at the left side of the webpage.
  2. For the From field, select "Untrust" and select "Trust" for the To field.
  3. Click on the New button.
  4. On the next webpage, put a name of your choosing in the Name field, e.g. POP3 for a POP3 service. You don't need to change the Source Address, but for the Destination Address, select "VIP(untrust)" from Address Book Entry for the Desinstion Address. For Service, you can select "POP3" for this example.
  5. If you want logging turned on for this policy, check Logging.
  6. If you want "counting" turned on for this policy, click on the Advanced button and then check the Counting checkbox then click on the OK button.

[/security/firewalls/netscreen] permanent link

Sun, May 04, 2008 5:07 pm

Configuring Sendmail to Handle Email for Multiple Domains

If you need sendmail to handle email for alternate domain names, you can add those domain names to /etc/mail/local-host-names. E.g., suppose the server on which sendmail is running is someexample.com. Sendmail will accept email addresses to someone@someexample.com, but would reject email for someone@example.com. But, if you want sendmail to also handle email for example.com addresses, e.g. you are going to have the server act as an Mail exchanger (MX) server for example.com, you would add example.com to /etc/local-host-names:
# local-host-names - include all aliases for your machine here.
example.com

Then create the local-host-names.db file with makemap hash /etc/mail/local-host-names < /etc/mail/local-host-names . When you restart sendmail, which you can do with /etc/init.d/sendmail restart, sendmail will then accept email for example.com addresses.

Be aware that if you have an account jsmith which previously would receive email addressed to jsmith@someexample.com, that email addressed to jsmith@example.com will now go there as well.

[/network/email/sendmail] permanent link

Sat, May 03, 2008 9:17 pm

Configuring Sendmail to Use a Smart Host

I needed to configure a sendmail server that had a dynamic IP address to route email out through an SMTP server belonging to an ISP, since otherwise some email servers might reject email from that sendmail server. Some email servers will compare a sending email server's IP address to lists of addresses known to be assigned by ISP's as dynamic IP addresses. By doing so, ISP's hope to block spam from home user's PCs that have been compromised and put to use as zombie systems by spammers.

The steps below can be taken on a Linux system running sendmail to have it send email via a "smart host" server. In essence, instead of the sendmail server sending email directly to other email servers, it transmits all email to another server, the "smart host", which handles the task of transmitting the received email to the recipients' servers.

In /etc/mail/sendmail.mc, look for the following section:

dnl # Uncomment and edit the following line if your outgoing mail needs to
dnl # be sent out through an external mail server:
dnl #
dnl define(`SMART_HOST', `smtp.your.provider')dnl
dnl #

Remove the dnl from the beginning of the dnl define(`SMART_HOST', `smtp.your.provider')dnl line and replace smtp.your.provider with the smart host you will be using, e.g. mail.example.com.

define(`SMART_HOST', `mail.example.com')dnl

In /etc/mail/access add the following line, substituting the actual SMTP server you will need to use for mail.example.com and your actual username and password on the smart host server for myloginname and mypasswd:

Authinfo:mail.example.com "U:myloginname" "P:mypasswd" "M:Plain"

Then regenerate the /etc/mail/access.db file with makemap hash /etc/mail/access </etc/mail/access. Regenerate /etc/mail/sendmail.cf with m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf. Then restart sendmail with service sendmail restart or /etc/init.d/sendmail restart.

Once you have taken the above steps, you can send a test message from the system. Sending one to a test email address on another system that will allow you to view the message headers is ideal. At the destination, look at the message headers for the email you sent. You should see it passing through the smart host.

When I sent out a test message after making the changes above, the message didn't reach the destination. I checked the mail queue with mailq and saw the message had not gone out because of an "AUTH failure".

# mailq
                /var/spool/mqueue (1 request)
-----Q-ID----- --Size-- -----Q-Time----- ------------Sender/Recipient-----------
m43M1HT8032701       31 Sat May  3 18:01 <johnsmith@myserver.com>
                 (Deferred: Temporary AUTH failure)
                                         <melvin@example.com>

I had sendmail attempt to send the queued message immediately and display information on its progress with sendmail -q 0 -v (the -v provides "verbose" information).

# sendmail -q 0 -v

Running /var/spool/mqueue/m43M1HT8032701 (sequence 1 of 1)
<melvin@example.com>... Connecting to smtp.atlanticbb.net. via relay...
220 ECHO Labs SMTP Service - MX01
>>> EHLO myserver.com
250-BL-106 says EHLO to 72.45.13.244:1097
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-AUTH=LOGIN
250 AUTH LOGIN
>>> QUIT
221 BL-106 closing connection
<melvin@example.com>... Deferred: Temporary AUTH failure
Closing connection to smtp.atlanticbb.net.

In this case I was using smtp.atlanticbb.net as the smart host. I could see it supports an AUTH type of "LOGIN", but I didn't see "PLAIN" listed. I edited /etc/mail/access, replacing "M:Plain" with "M:Login".

Authinfo:smtp.atlanticbb.net "U:myloginname" "P:mypasswd" "M:Login"

I then ran makemap hash /etc/mail/access < /etc/mail/access again. Then when I had sendmail process the mail queue immediately again, the message was successfully transmitted.

# sendmail -q 0 -v

Running /var/spool/mqueue/m43M1HT8032701 (sequence 1 of 1)
<melvin@example.com>... Connecting to smtp.atlanticbb.net. via relay...
220 ECHO Labs SMTP Service - MX02
>>> EHLO myserver.com
250-BL-206 says EHLO to 72.45.13.244:2430
250-8BITMIME
250-PIPELINING
250-AUTH=LOGIN
250-AUTH LOGIN
250 ENHANCEDSTATUSCODES
>>> AUTH LOGIN
334 VXNlcm4hcWU6
>>> bW9vbnBvbW40
334 UGFzc2dvdmQ6
>>> MVN0b2A1Njd=
235 Authed. Go on.
>>> MAIL From:<jsmith@myserver.com>
250 MAIL FROM accepted
>>> RCPT To:<melvin@example.com>
>>> DATA
250 Recipient Accepted - Will relay per rbIP
354 continue.  finished with "\r\n.\r\n"
>>> .
250 OK D4/2C-23466-1B9EC184
<melvin@example.com>... Sent (OK D4/2C-23466-1B9EC184)
Closing connection to smtp.atlanticbb.net.
>>> QUIT
221 BL-206 closing connection

[/network/email/sendmail] permanent link

Sat, May 03, 2008 4:59 pm

Alpine on CentOS

I've been using Pine from the University of Washington as my email client for a long time. Pine is an acronym for Program for Internet News & Email. But Pine is no longer under development. The University of Washington has developed a successor package, Alpine, which it has released under the Apache License. When I set up a CentOS 5.1 system, I decided to install Alpine on it.

Alpine is available through RPMForge, a repository for Linux packages in the RPM format. To install Alpine, I downloaded the rpmforge-release package from RPMforge/Using and then installed it with rpm.

# rpm -Uhv rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

That placed two new files, mirrors-rpmforge and rpmforge.repo in /etc/yum.repos.d. I installed the yum-priorities plugin as described in RPMForge Packages and Yum Priorites and set the RPMForge repository to a lower priority than the default CentOS repository.

I installed Alpine with yum install alpine.

  1. Alpine E-Mail Client Released -- Don't Call it a Comeback
    By Michael Calore
    December 21, 2007
    Wired Blogs
  2. Alpine Messaging System
    University of Washington
  3. RPMForge

[/network/email/clients/alpine] permanent link

Sat, May 03, 2008 4:53 pm

RPMForge Packages and Yum Priorites

I wanted to be able to use yum to install packages from the RPMForge repository. Instructions for installing RPMForge support on a CentOS Linux system can be found at Installing RPMforge.

First, install the yum-priorities package with yum install yum-priorities. This plugin allows repositories to have different priorities. Packages in a repository with a lower priority can't be overridden by packages from a repository with a higher priority even if the repository with the higher priority has a later version of the package. As the Installing RPMForge webpage states you should "Beware that some packages are newer than the official CentOS version and you should not blindly install those packages. Before you replace a CentOS package you should make sure that will not break anything important. In most cases you can revert any mistakes but it is best to avoid the mess." By usng the yum-priorities plugin, you help avoid that problem.

Next verify that yum-priorities is enabled by ensuring that the following lines are present in /etc/yum/pluginconf.d/priorities.conf :

[main]
enabled = 1

The yum repository information is stored in /etc/yum.repos.d.

cd /etc/yum.repos.d
# ls -l
total 16
-rw-r--r-- 1 root root 2049 Nov 22 20:32 CentOS-Base.repo
-rw-r--r-- 1 root root  622 Nov 22 20:32 CentOS-Media.repo

I added priority=1 as the last line in the following sections of CentOS-Base.repo:

[base]
[updates]
[extras]

I added priority=2 as the last line in the [centosplus] section, which now contains the following lines:

[centosplus]
name=CentOS-$releasever - Plus
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
priority=2

I installed the rpmforge-release package with rpm -Uhv rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm, which created two new files mirrors-rpmforge and rpmforge.repo in /etc/yum.repos.d. I edited rpmforge.repo and added priority = 11 at the end of the file.

Repositories with lower priority numbers are considered to have a higher priority than than those with higher numbers. E.g. if repository A has priority=4 associated with it while repository B has priority=5 associated with it, repository A has a higher priority than repository B.

References:

  1. Installing RPMForge
    CentOS Wiki
  2. yum-plugin-priorities
    CentOS Wiki

[/os/unix/linux/centos] permanent link

Fri, May 02, 2008 6:23 pm

Return Microsoft Word to Single-Spacing

If you are using Microsoft Word and it is double-spacing text when you want it to single-space text, you can hit the Shift and Enter keys simultaneously at the end of lines to get Word to single-space the lines or you can take the following steps to have all of the text in the document single-spaced*:
  1. Inside the document, hit the Ctrl and A keys simultaneously to highlight all of the existing text.
  2. Click on "Format" at the top of the Word window.
  3. Select "Paragraph".
  4. Change the line spacing to "single".
  5. Change the "before" and "after" values to "0 pt".
  6. Click on "OK".

*Written for Word 2003

[/os/windows/office/word] permanent link

Fri, May 02, 2008 12:58 pm

10-Gigabit Ethernet

There is an ITBusinessEdge article, Full Steam Ahead to 10 GbE, published on April 28 that mentions there are a lot of advances helping bring 10-Gigabit Ethernet (10 GbE) into the mainstream. One of those mentioned is 10GBASE-T, which permits the use of unshielded twisted-pair (UTP) cabling. The article states that "While this technology is still in limited deployment, more vendors and devices with reduced power requirements are expected by the end of the year."

[/network/cabling] permanent link

Thu, May 01, 2008 8:10 pm

Microsoft Working with Law Enforcement to Squash Botnets

An April 29 InfoWorld article, Microsoft botnet-hunting tool helps bust hackers, mentions that Microsoft has been working with law enforcement agencies to help shut down botnets. It mentions "In February, the Sûreté du Québec used Microsoft's botnet-buster to break up a network that had infected nearly 500,000 computers in 110 countries, according to Captain Frederick Gaudreau, who heads up the provincial police force's cybercrime unit." A half of a million computers in a botnet is an incredible number. Captain Gaudreau attributed his agency's success in the case against the botnet operators to the use of a tool Microsoft provided that keeps tabs on botnets.

[/security/botnets] permanent link

Mon, Apr 28, 2008 9:08 pm

Configuring Microsoft Exchange to Use a Smart Host

If a Microsoft Exchange server doesn't have a PTR record, other email servers may reject email from the Exchange server when they are unable to perform a reverse lookup on the IP address for the Exchange server. A workaround for this problem is to use a "smart host" to route outgoing email from the Exchange server.

[ More Info ]

[/network/email/exchange] permanent link

Sun, Apr 27, 2008 8:30 pm

Store.Exe Consuming Excessive Memory

On a Microsoft Exchange 2003 server, I've found Task Manager reporting high memory utilization. When I sort the running processes by memory utilization in the Task Manager (click on the Performance tab then click on the Processes column header to sort them), I see store.exe consuming over 500 MB. This is happening at the moment on a Sunday evening when few of the systems in the domain even have Outlook open to check email. The CPU utilization is low, less than 10% at the moment when I am seeing the 500 MB memory usage.

I've been seeing memory utilization jumping up to high values a lot lately. Rebooting the system resolves the problem, but I don't want to be rebooting the Exchange server every day. I can also reduce the memory utilization by selecting Run and typing services.msc to bring up the services list, I can then right-click on Microsoft Exchange Information Store and stop the service and then restart it. I then see store.exe using about 20 MB of memory when I check its utilization with the Windows Task Manager

The Microsoft Exchange Information Store service manages the Microsoft Exchange Information Store, which includes mailbox stores and public folder stores. If the service is stopped, mailbox stores and public folder stores on the computer become unavailable, so it needs to be restarted immediately after stopping it.

References:

  1. Store.exe High Memory Utilization
    August 10, 2005
    Tech Support, Manuals & Troubleshooting for Consumers
  2. Memory leak in Store.exe - pub1.edb GIGANTIC
    Server Watch Forums

[/network/email/exchange] permanent link

Sat, Apr 26, 2008 10:18 pm

Blosxom Calendar Plugin on 64-bit System

I found that the Calendar plugin for Blosxom stopped working when I moved my blog from a 32-bit Redhat Linux system to a 64-bit CentOS Linux system. Nothing would appear within the blog. When I checked the error log for the website, I saw the following:
[Sat Apr 26 21:53:00 2008] [error] [client 192.168.0.44] calendar debug 1:
start() called, enabled
[Sat Apr 26 21:53:00 2008] [error] [client 192.168.0.44] calendar debug 1:
filter() called
[Sat Apr 26 21:53:00 2008] [error] [client 192.168.0.44] Byte order is not
compatible at ../../lib/Storable.pm (autosplit into
../../lib/auto/Storable/_retrieve.al) line 331, <DATA> line 32, at
/home/jsmith/www/blosxom/plugins/calendar line 322
[Sat Apr 26 21:53:00 2008] [error] [client 192.168.0.44] Premature end of
script headers: blosxom

At [ic] HELP !FreeBSD 5.3 Box With newest version of perl storable problem , I saw the following:

You appear to have a perl configured to use 64 bit integers in its scalar
variables.  If you have existing data written with an earlier version of
Storable which this version of Storable refuses to load with a

   Byte order is not compatible

error, then please read the section "64 bit data in perl 5.6.0 and 5.6.1"
in the Storable documentation for instructions on how to read your data.

(You can find the documentation at the end of Storable.pm in POD format)

That revealed that the problem was linked to the fact that I am now using a 64-bit operating system.

I decided to see if an upgrade Storable module was available.

# cpan upgrade Storable

/usr/lib/perl5/5.8.8/CPAN/Config.pm initialized.


CPAN is the world-wide archive of perl resources. It consists of about
100 sites that all replicate the same contents all around the globe.
Many countries have at least one CPAN site already. The resources
found on CPAN are easily accessible with the CPAN.pm module. If you
want to use CPAN.pm, you have to configure it properly.

If you do not want to enter a dialog now, you can answer 'no' to this
question and I'll try to autoconfigure. (Note: you can revisit this
dialog anytime later by typing 'o conf init' at the cpan prompt.)

Are you ready for manual configuration? [yes]

I entered "no" to the prompt regarding whether I was ready for manual configuration, which resulted in the autoconfigure process proceeding.

I then checked Storable again.

# cpan Storable
CPAN: Storable loaded ok
Going to read /root/.cpan/Metadata
  Database was generated on Sat, 26 Apr 2008 17:29:46 GMT
Storable is up to date.

I checked the version of the module with perlmodver. The version was 2.18.

But the problem still remained. Taking a look at the code in the calendar plugin, I realized it was reading a file, .calendar.cache in the plugins/state directory. I had not noticed the file previously, because I had checked the directory's contents only with ls. I saw it with ls -a. The calendar plugin reads the contents of that file. I had copied the file from the old 32-bit system to the new 64-bit system when I copied the plugins directory and its subdirectores. When I deleted the .calendar.cache file from the state directory and then tried accessing the blog again, the calendar plugin recreated it, but this time it was in the proper 64-bit format that the Storable.pm module was expecting, so I was now able to view the blog with the calendar functionality now working.

Further information on the issue can be found near the end of the Storable.pm file (look in /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/Storable.pm).

Perl 5.6.x introduced the ability to optional configure the perl interpreter to use C's C<long long> type to allow scalars to store 64 bit integers on 32 bit systems. However, due to the way the Perl configuration system generated the C configuration files on non-Windows platforms, and the way Storable generates its header, nothing in the Storable file header reflected whether the perl writing was using 32 or 64 bit integers, despite the fact that Storable was storing some data differently in the file. Hence Storable running on perl with 64 bit integers will read the header from a file written by a 32 bit perl, not realise that the data is actually in a subtly incompatible format, and then go horribly wrong (possibly crashing) if it encountered a stored integer. This is a design failure.

Storable has now been changed to write out and read in a file header with information about the size of integers. It's impossible to detect whether an old file being read in was written with 32 or 64 bit integers (they have the same header) so it's impossible to automatically switch to a correct backwards compatibility mode. Hence this Storable defaults to the new, correct behaviour.

What this means is that if you have data written by Storable 1.x running on perl 5.6.0 or 5.6.1 configured with 64 bit integers on Unix or Linux then by default this Storable will refuse to read it, giving the error I<Byte order is not compatible>. If you have such data then you you should set C<$Storable::interwork_56_64bit> to a true value to make this Storable read and write files with the old header. You should also migrate your data, or any older perl you are communicating with, to this current version of Storable.

If you don't have data written with specific configuration of perl described above, then you do not and should not do anything. Don't set the flag - not only will Storable on an identically configured perl refuse to load them, but Storable a differently configured perl will load them believing them to be correct for it, and then may well fail or crash part way through reading them.

[/network/web/blogging/blosxom] permanent link

Sat, Mar 08, 2008 4:34 pm

Turning on Display of Account at Welcome Screen

I had turned off the display of an account at the Windows XP welcome screen (see Hiding an Account from the Welcome Screen) and needed to turn it back on temporarily.

I checked the setting of the account from the command line with the reg query command. The account for which I had hidden the account from the welcome screen display was the administrator account in this case.

C:\Documents and Settings\Administrator>reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\SpecialAccounts\UserList" /v Administrator

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\SpecialAccounts\UserList
    Administrator       REG_DWORD       0x0

The value of zero for HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\SpecialAccounts\UserList\Administrator means the account is not shown on the welcome screen.

I turned the display of that account back on with the reg add command.

C:\Documents and Settings\Administrator>reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\SpecialAccounts\UserList" /v Administrator /t REG_DWORD /d 1
Value Administrator exists, overwrite(Y/N)? y

The operation completed successfully

I had to reboot for the administrator account to be displayed with the other accounts on the system at the welcome screen. The picture chosen for the administrator account was then shown with those for the other accounts, allowing one to click on it to logon.

[/os/windows/xp] permanent link

Sat, Mar 08, 2008 12:19 pm

Rdesktop on Solaris 10

I wanted to be able to use rdesktop, which is an open source client for Windows NT Terminal Server and Windows 2000/2003 Terminal Services, on an Intel-architecture Solaris 10 system, so I downloaded the x86 Solaris 10 version of rdesktop from Sunfreeware.com.

rdesktop-1.5.0-sol10-x86-local.gz Rdesktop is a client for Windows terminal servers - installs in /usr/local. You will also need to install libiconv, openssl-0.9.8f, and to obtain /usr/local/lib/libgcc_s.so.1 you will need to have installed libgcc-3.4.6 or gcc-3.4.6 or higher.

Since one of the requirements for rdesktop 1.5.0 was libiconv , I installed it. I checked the version of gcc on the system. It was 3.4.3.

# /usr/sfw/bin/gcc -v
Reading specs from /usr/sfw/lib/gcc/i386-pc-solaris2.10/3.4.3/specs
Configured with: /builds/sfw10-gate/usr/src/cmd/gcc/gcc-3.4.3/configure --prefix=/usr/sfw --with-as=/usr/sfw/bin/gas --with-gnu-as --with-ld=/usr/ccs/bin/ld --without-gnu-ld --enable-languages=c,c++ --enable-shared
Thread model: posix
gcc version 3.4.3 (csl-sol210-3_4-branch+sol_rpath)

Version 3.4.6 was listed as a requirement, but I thought version 3.4.3 would likely suffice.

Another requirement listed for rdesktop 1.5.0 was openssl-0.9.8f. I checked the version of OpenSSL on the system with openssl version. OpenSSL 0.9.7d was already on the system.

# /usr/sfw/bin/openssl version
OpenSSL 0.9.7d 17 Mar 2004 (+ security patches to 2006-09-29)

After installing rdesktop 1.5.0, I checked to see if it would run with the exiting 0.9.7d version of OpenSSL, but I received an error message when I attempted to run it.

# /usr/local/bin/rdesktop -0 gna.insursol.com
ld.so.1: rdesktop: fatal: libcrypto.so.0.9.8: open failed: No such file or directory
Killed

I checked to see what OpenSSL package was already on the system and saw the following:

# pkginfo | grep -i openssl
system      SUNWopenssl-commands             OpenSSL Commands (Usr)
system      SUNWopenssl-include              OpenSSL Header Files
system      SUNWopenssl-libraries            OpenSSL Libraries (Usr)
system      SUNWopenssl-man                  OpenSSL Manual Pages
system      SUNWopensslr                     OpenSSL (Root)

I checked for further information on the SUNWopenssl-commands package and saw the following:

# pkginfo -l SUNWopenssl-commands
   PKGINST:  SUNWopenssl-commands
      NAME:  OpenSSL Commands (Usr)
  CATEGORY:  system
      ARCH:  i386
   VERSION:  11.10.0,REV=2005.01.21.16.34
   BASEDIR:  /
    VENDOR:  Sun Microsystems, Inc.
      DESC:  OpenSSL Commands (Use)
    PSTAMP:  on10-patch-x20061222002936
  INSTDATE:  Feb 03 2008 21:00
   HOTLINE:  Please contact your local service provider
    STATUS:  completely installed
     FILES:        5 installed pathnames
                   3 shared pathnames
                   3 directories
                   2 executables
                 634 blocks used (approx)

I decided to download and install the OpenSSL 0.9.8f package from Sunfreeware.com.

# gunzip openssl-0.9.8f-sol10-x86-local.gz
# pkgadd -d ./openssl-0.9.8f-sol10-x86-local

But, when I attempted to run the new version, which is installed in /usr/local/ssl, I received an error message.

# /usr/local/ssl/bin/openssl version
ld.so.1: openssl: fatal: libgcc_s.so.1: open failed: No such file or directory
Killed

I checked to see what versions of libgcc_s.so were installed on the system and where they were located.

# find / -name libgcc_s.so\*
/usr/sfw/lib/amd64/libgcc_s.so.1
/usr/sfw/lib/libgcc_s.so
/usr/sfw/lib/libgcc_s.so.1

Since libgcc_s.so was located in /usr/sfw/lib, I then set LD_LIBRARY_PATH to point to that directory. I was then able to successfully run the version of openssl in /usr/local/ssl/bin .

# LD_LIBRARY_PATH=/usr/sfw/lib
# export LD_LIBRARY_PATH
# /usr/local/ssl/bin/openssl version
OpenSSL 0.9.8f 11 Oct 2007

I was then able to use rdesktop on the Solaris 10 system to log into a Windows Small Business Server (SBS) 2003 system as the administrator.

# /usr/local/bin/rdesktop -0 u administrator a.example.com

Note: if you use the above method of setting LD_LIBRARY_PATH and exporting it to run rdesktop, you will need to do so each time you open a new terminal window.

[/os/unix/solaris] permanent link

Fri, Mar 07, 2008 7:46 pm

fping

I needed to determine the IP addresses of all the hosts on a LAN from a Solaris 10 system. I knew that all of them will respond to pings. To do so, I used fping. The fping program will allow you to quickly ping a range of hosts.

fping (Maintained by Thomas Dzubin)

fping is a ping(1) like program which uses the Internet Control Message Protocol (ICMP) echo request to determine if a host is up. fping is different from ping in that you can specify any number of hosts on the command line, or specify a file containing the lists of hosts to ping. Instead of trying one host until it timeouts or replies, fping will send out a ping packet and move on to the next host in a round-robin fashion. If a host replies, it is noted and removed from the list of hosts to check. If a host does not respond within a certain time limit and/or retry limit it will be considered unreachable.

Unlike ping, fping is meant to be used in scripts and its output is easy to parse.

I downloaded the Intel architecture version of fping for Solaris 10 from Sunfreeware.com and installed it.

# gunzip fping-2.4b2-sol10-intel-local.gz
# pkgadd -d ./fping-2.4b2-sol10-intel-local

The following packages are available:
  1  SMCfping     fping
                  (intel) 2.4b2

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: 1

Processing package instance  from 

fping(intel) 2.4b2
ZeroHype Technologies Inc.
Using  as the package base directory.
## Processing package information.
## Processing system information.
   3 package pathnames are already properly installed.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.
## Checking for setuid/setgid programs.

Installing fping as 

## Installing part 1 of 1.
/usr/local/doc/fping/COPYING
/usr/local/doc/fping/ChangeLog
/usr/local/doc/fping/INSTALL
/usr/local/doc/fping/README
/usr/local/man/man8/fping.8
/usr/local/sbin/fping
[ verifying class  ]

Installation of  was successful.

Program usage information is shown below:

# /usr/local/sbin/fping -h

Usage: /usr/local/sbin/fping [options] [targets...]
   -a         show targets that are alive
   -A         show targets by address
   -b n       amount of ping data to send, in bytes (default 56)
   -B f       set exponential backoff factor to f
   -c n       count of pings to send to each target (default 1)
   -C n       same as -c, report results in verbose format
   -e         show elapsed time on return packets
   -f file    read list of targets from a file ( - means stdin) (only if no -g specified)
   -g         generate target list (only if no -f specified)
                (specify the start and end IP in the target list, or supply a IP netmask)
                (ex. /usr/local/sbin/fping -g 192.168.1.0 192.168.1.255 or /usr/local/sbin/fping -g 192.168.1.0/24)
   -i n       interval between sending ping packets (in millisec) (default 25)
   -l         loop sending pings forever
   -m         ping multiple interfaces on target host
   -n         show targets by name (-d is equivalent)
   -p n       interval between ping packets to one target (in millisec)
                (in looping and counting modes, default 1000)
   -q         quiet (don't show per-target/per-ping results)
   -Q n       same as -q, but show summary every n seconds
   -r n       number of retries (default 3)
   -s         print final stats
   -t n       individual target initial timeout (in millisec) (default 500)
   -u         show targets that are unreachable
   -v         show version
   targets    list of targets to check (if no -f specified)

If I wanted to determine what hosts in the 192.168.1.0 to 192.168.1.255 range exist and can be pinged, I could use the command fping -g 192.168.1.0 192.168.1.255.

# /usr/local/sbin/fping -g 192.168.1.0 192.168.1.255
192.168.1.0 is alive [<- 192.168.1.44]
192.168.1.1 is alive
192.168.1.6 is alive
192.168.1.7 is alive
192.168.1.33 is alive
192.168.1.44 is alive
192.168.1.255 is alive [<- 192.168.1.44]
192.168.1.2 is unreachable
192.168.1.3 is unreachable
192.168.1.4 is unreachable
192.168.1.5 is unreachable
192.168.1.8 is unreachable
192.168.1.9 is unreachable
192.168.1.10 is unreachable
<text snipped>
192.168.1.30 is unreachable
192.168.1.31 is unreachable
192.168.1.32 is unreachable
192.168.1.34 is unreachable
192.168.1.35 is unreachable
<text snipped>
192.168.1.40 is unreachable
192.168.1.41 is unreachable
192.168.1.42 is unreachable
192.168.1.43 is unreachable
192.168.1.45 is unreachable
<text snipped>
192.168.1.252 is unreachable
192.168.1.253 is unreachable
192.168.1.254 is unreachable

If I don't want anything displayed for IP addresses where there was no response, I could use fping -a -g <start address> <end address>, as in the example below.

# /usr/local/sbin/fping -a -g 192.168.1.0 192.168.1.255
192.168.1.0 [<- 192.168.1.44]
192.168.1.1
192.168.1.5
192.168.1.7
192.168.1.37
192.168.1.44
192.168.1.255 [<- 192.168.1.44]

The 192.168.1.0 and 192.168.1.255 addresses are network and broadcast addresses respectively, not hosts responding to ping packets. The 192.168.1.44 address is the address of the system from which I ran the ping command.

[/os/unix/solaris] permanent link

Fri, Mar 07, 2008 7:04 pm

Solaris Release Number

If you need to know the release number for Solaris 10 on a system, then you can check /etc/release. You will see something like the following there:


                        Solaris 10 6/06 s10x_u2wos_09a X86
           Copyright 2006 Sun Microsystems, Inc.  All Rights Reserved.
                        Use is subject to license terms.
                             Assembled 09 June 2006

At this time, the current marketing release is Solaris 10 8/07.

[/os/unix/solaris] permanent link

Tue, Mar 04, 2008 10:59 pm

Symantec AntiVirus VBN Files

The qextract.exe utility can be used to extract quarantined files from the VBN files Symantec AntiVirus Corporate Edition 8.0 and 8.1 (and possibly other versions) creates when it quarantines infected files.

[ More Info ]

[/security/antivirus/symantec] permanent link

Sun, Mar 02, 2008 1:56 pm

F-Secure Rescue CD 2.00

I've been using an AVG Rescue CD to boot Windows systems from a CD, rather than the copy of Windows installed on the system's hard drive, and then perform an antivirus scan of the system. The AVG Rescue CD provides a Windows GUI for performing scans and I've found it works very well. The cost is currently $149.95 in U.S. dollars.

Searching for other rescue CD's, I also found one from F-Secure, which uses a Knoppix LiveCD to boot a system to perform an antivirus scan of the system. You can use it to boot a Windows system to check the system for viruses without booting into a possibly infected copy of the Windows operating system. F-Secure Rescue CD 2.00 is free and can update itself over the network, if a DHCP server is available on the network to provide it with IP configuration information. You don't need to understand Linux to use the software; you are presented with prompts to walk you through the process of scanning a system.

[ More Info ]

[/security/antivirus/f-secure] permanent link

Sat, Mar 01, 2008 7:17 pm

Pins 4 and 5 in RJ-45 Cabling

I put a connector on an unterminated RJ-45 cable to connect a new system to a LAN. I used the T568B standard (see Twisted Pair Connectors for an explanation of the differences between T568A and T568B) for the order of the pins in the connector. I use a ByteBrothers TVR10/100 for cable testing. I plugged the end of the cable onto which I had just placed a connector into the remote unit and plugged the main unit into the patch panel at the other end of the able using one of the cables that came with the TVR10/100 test devices. The remote unit showed all 4 pairs were ok, but at the remote unit, as the LEDs cycled green, I saw that the 4,5 pair was skipped. I disconnected the remote unit and found that the 4,5 LED was still lit on the main unit, which was odd.

I double-checked the connector I had put on the cable; it looked fine. I punched down the end at the patch panel again without pulling the cable out of the punchdown block, but the problem remained. I then wondered whether I really needed pins 4 and 5 working for a 10 Mbs or 100 Mbs Ethernet connection. Turns out I didn't. I ran a patch cable from the port on the patch panel to the network switch and plugged the other end of the cable into my laptop; the network connection worked.

The manual for the TVR10/100 LAN Tester provides the following information on the cable pairs required for 10 Mbs and 100 Mbs Ethernet connections.

If a cable problem disables data communications at 100 MB/s.
The problem could be caused by not enough connected pairs: 10Base-T data communications only requires two pair cables. There are two 100Base-T standards, one requires two pair cables and the other requires four wire pair cables. If a two pair cable is used, when four pair cables is required, a slow 10 MB/s connection will be permanently established. The cable problem could be caused by inverted pairs. A pair exists, but the pins are inverted (e.g. 1,2 is 2,1). Or the problem could be the cabling is not rated for 100 MB/s speeds ("category 5" cable).


LAN TypeCable Pairs Required
10Base-T1,2 3,6  
100Base-T (Type 1 or TX) 1,23,6  
100Base-T (Type 2 or T4) 1,23,64,5 7,8


As shown in the above table, 10Base-T or 100Base-T (Type 1 or TX) LAN ports use two pair cables. 100Base-T (Type 2 or T4) LANs require all four pairs. It is best to use and install Category 5 cables with all four pairs to ensure compatibility with all three types of Base-T LANs.

If there is a short or open on pairs 1, 2 and 3,6 all communications will be prevented. If there is a short or open on pairs 4,5 or 7,8 the data rate may drop to 10 MB/s.

A faulty cable with missing or faulty pairs 4,5 or 7,8 may cause the data rate on that cable to drop to 10 MB/s If this faulty cable is between a PC and hub, all data going to and from that single PC will be at a slow rate. If the faulty cable is between two hubs then communications will some times be quick and other times it will be slow. Communications between PC connected to the same hub will be quick. Communications betwen a PC on one hub across a faulty cable to a PC on another hub will be slow. This type of problem can be very difficult to find without a TVR10/100.

So, I should probably fix the problem when I have time, even though the cable provides network connectivity at the moment.

There is a clear explanation of how to build an RJ-45 Ethernet cable at Building a RJ-45 Ethernet cable of a specific length (light version) . A source explaining the difference between 568A and 568B standards is Twisted Pair Connectors. How to wire Ethernet Cables is another good reference for Ethernet cables.

[/network/cabling] permanent link

Sun, Feb 24, 2008 11:22 pm

Memory Upgrade for Gateway PC Model Number MFATXPN1 ESX 500S P04

I upgraded the memory in a Gateway PC model number MFATXPN1 ESX 500S P04 (that is the model number listed on the back of the computer). The system, which was running Windows XP Professional, had only 256 MB of memory installed.

The following memory module was already in the system:

MT8VDDT3264AG-265C4, PC2100U-25330-A1
US        BZABW72029   200303
256MB, DDR, 266MHz, CL2.5V

The BIOS memory information was as follows:

BIOS Settings
BIOS VersionRG84510A.15A.0021.P11
 
Processor TypeIntel (R) Pentium (R) 4
Processor Speed2 GHz
System Bus Speed400 MHz
System Memory Speed266 MHz
 
Cache RAM512 KB
 
Total Memory255 MB
Memory Bank 0256 MB (DDR 266)
Memory Bank 1Not Installed

I installed the following PNY memory module in the second of the two memory slots in the system.

PNY 512MB
DDR
PC2700
333MHz / 266 MHz
OPTIMA&trade Memory

The following information was on a sticker on the module:

512MB,DDR DIMM,Q
  ASSY. IN TAIWAN
64WQD-T PO135492

The package had "MD0512SD1-333-BB" on it above the UPC. The UPC was 7 51492 34983 1.

When I booted into Windows and ran winver, it showed "Physical memory available to Windows: 784,176KB".

I ran a 30 minute test of the memory with Windows Memory Diagnostic Beta. No errors were found in the 3 passes of the diagnostic program that were run.

[/hardware/pc/memory] permanent link

Sun, Feb 24, 2008 10:44 pm

Memory Upgrade and Sound Card installation in Gateway E2300 PC

I upgraded the memory in a Gateway PC model number MATXHDS MDW E 2300 (that is the model number listed on the back of the computer; a sticker on the side of the computer lists the model number as E2300). The system, which was running Windows XP Professional, had only 256 MB of memory installed.

BIOS Utility - Main
 
BIOS VersionBF86510A.15A.0080.P18
 
Processor TypeIntel(R) Celeron(R) CPU
Processor Spped2.8 GHz
Systm Bus Speed533 MHz
System Memory Speed333 MHz
 
L2 Cache RAM256 KB
Total Memory256 MB
Memory ModeSingle Channel
  Memory Channel A Slot 0256 MB (DDR333)
  Memory Channel A Slot 1Not Installed
  Memory Channel B Slot 0Not Installed
  Memory Channel B Slot 1Not Installed

I also needed to install a sound card, since the on-board audio stopped working. I changed the BIOS settings for the on-board audio support from "enabled" to "disabled". The option is listed under Advanced then Peripheral Configuration in the BIOS Setup Utility.

I checked the Crucial Memory site for information on the memory that the system will support.

ManufacturerGateway
Product LineE Series
ModelE2300 (4 DIMM slots)

The Crucial Memory site providded the following information at Computer memory upgrades for Gateway E-2300 Series (4 DIMM Slots)

Maximum Memory:4096MB
Standard Memory256 or 512 removable
Slots: 4 (2 banks of 2)

Although the memory can be installed one module at a time, the best performance comes from using matched pairs of modules.

Each memory slot can hold DDR PC3200, DDR PC2700 with a maximum of 1 GB per slot.*

*Not to exceed manufacturer supported memory.

The Crucial Memory site also had the following series of questions and answers regarding memory for the system:

Q: Will my system recognize the maximum upgrade?

A: Possibly

How much memory your Windows OS will recognize depends on which version of Windows you are running. 32-bit versions of Windows will see (and utilize) only 3GB or 3.5GB. To utilize more memory, install a 64-bit version of your OS. More information about OS memory maximums can be found at http://www.crucial.com/kb/answer.aspx?qid=4251.

Q: What memory goes into my computer, and will a faster speed be backward-compatible?

A: DDR memory with support for DDR PC3200,DDR PC2700 speeds.

Because DDR memory is backward-compatible, you can safely upgrade your system with any of the guaranteed-compatible DDR speeds listed below, even if your manual calls for PC1600 or PC2100 speeds. [DDR PC3200 and DDR PC2700 modules were listed below the statement]

Q: How much memory can my computer handle?

A: 4096MB

Adding the maximum amount of memory will improve performance and help extend the useful life of your system as you run increasingly demanding software applications in the future.

Q: Do I have to install matching pairs?

A: Yes

Your system requires that you install memory in pairs.

The system had a 256 MB memory module in Channel A DIMM0. That module had the following information on a sticker on it.:

Hynix KOREA 03
PC2700U0430
256MB DDR 333MHz CL2.5
HYMD232646B8J-J AA-A

I put the following memory in the system:

Kingston Technology
Value RAM
KVR333/1GR

The module had a sticker on it with the following information:

Kingston
Technology
KVR
KVR333/1GR
7406170726622.5V
Warranty Void if Removed

The Crucial Memory site indicated that memory must be installed in matching pairs, but I wasn't sure if that applied just to modules inserted in the same channel, i.e., I wasn't sure if I could install the 1 GB module in Channel B, since the 256 MB module was in channel A. I put the new module in Channel B DIMM0. When I powered on the system, I saw "1264MB System RAM" but then received the error message "Dual-channel operation requires identical paired DIMMs installed across both memory channels." I then tried the new 1 GB module in Channel A DIMM1. Again I saw "1264MB System RAM" and the same error message, so I removed the 256 MB module and moved the 1 GB module to Channel A DIMM0. This time when I powered on the system I saw "1008 System RAM" followed by "Keyboard Error" and then "Memory Size Decrease". I powered the system off and on and didn't see the keyboard or "memory size decrease" messages again, though the system did display "1008 System RAM" again.

When I checked the BIOS configuration, I saw the following:

BIOS Utility - Main
 
BIOS VersionBF86510A.15A.0080.P18
 
Processor TypeIntel(R) Celeron(R) CPU
Processor Spped2.8 GHz
Systm Bus Speed533 MHz
System Memory Speed333 MHz
 
L2 Cache RAM256 KB
Total Memory1024 MB
Memory ModeSingle Channel
  Memory Channel A Slot 01024 MB (DDR333)
  Memory Channel A Slot 1Not Installed
  Memory Channel B Slot 0Not Installed
  Memory Channel B Slot 1Not Installed

When I selected the Advancecd tab in the BIOS Setup Utility and then chose Video Configuration, I saw the following:

Video Configuration
Primary Video Adapter [AGP]
Frame Buffer Size [ 16MB]

Presumably, the remaining 16 MB of the 1024 MB module is being allocated to the frame buffer, which is why the system is reporting 1,008 MB during the Power-on Self-test (POST) process.

When I booted into Windows and ran winver, I saw "Physical memory available to Windows: 1,030,896 KB".

I had also installed a Dynex model DX-SC51 sound card in PCI slot 1 at the same time I installed the memory. When I checked on the sound card, Windows Media Player reported "Windows Media Player cannot play the file because there is a problem with your sound device. There might not be a sound device installed on your computer, it might be in use by another program, or it might not be functioning properly."

Under the Device Manager, I saw "Unknown device" listed under display adapters, but no new audio device listed. When I tried to install the Dynex driver, I saw the warning message "Undetermine Card! Please do not click cancel on device manager!" Clicking on OK there produced another warning message "OS not support!"

I opened the case and checked the sound card. I found it wasn't seated fully in its slot. I reseated the card. When I rebooted and logged in as the adminsitrator, the Found New Hardware Wizard appeared. I inserted the CD that came with the sound card. The wizard indicated it found a Multimedia Audio Controller, an Envy24 Family Audio Controller WDM. After the sotware was installed, I was able to play music files on the system and hear sound from the speakers.

I ran a memory test on the new memory module with Windows Memory Diagnostic Beta. I let the test run for an hour and 30 minutes. The diagnostic program completed 22 passes with no errors found.

[/hardware/pc/memory] permanent link

Sun, Feb 24, 2008 11:51 am

Switching Rdesktop from Full-Screen to Windowed Mode

Rdesktop is free, open-source, software that provides the capability for remotely controlling a Microsoft Windows system from a Linux or Unix system.

I sometimes encounter a problem where I can't see the taskbar at the bottom of the Windows display or the bottom of windows displayed on the remote Windows system due to differences in the resolution for the screen on the Linux/Unix system and the resolution of the Windows system. The problem can be resolved by specifying the -f option when starting rdesktop, so that you get a full screen display., e.g. rdesktop -0 -f -u jsmith 192.168.0.44. But what do you do when you wish to put the remote session in a window rather than have it occupy the full screen without disconnecting? You can hit the Ctrl-Alt-Enter keys simultaneously to switch to a windowed view. You can also use Ctrl-Alt-Enter to switch to a full-screen view, if you didn't start redesktop with the -f option.

References:

  1. Rdesktop
    Rdesktop.Org
  2. Controlling a Windows System from a Linux System
    January 12, 2006
    MoonPoint Support

[/os/windows/software/remote-control/rdp] permanent link

Sat, Feb 23, 2008 11:34 pm

Ghost Console Waiting for Console Services

On a system with Symantec Ghost 7.5, I tried starting the Ghost Console, but it hung with the following message:

Wait...

Waiting for console services to start


Cancel
 

When I checked the Ghost services (click on Start, select Run, type services.msc and hit Enter), I found the Symantec Ghost COnfiguration Server was started, but not the Symantec Ghost Database Service, which had a manual startup type. I double-clicked on Symantec Ghost Database Service and clicked on the Start button to start it. I received the error message below:

Services
Warning symbol Could not start the Symantec Ghost Database Service service on Local Computer.

Error 2: The system cannot find the file specified.

OK
 

The "path to executable" value was C:\Program Files\Symantec\Ghost\bin\dbserv.exe. When I checked, I found there was no C:\Program Files\Symantec\Ghost directory. I believe it wasn't recovered when a disk drive problem occurred previously. To correct the problem, I reinstalled Symantec Ghost. I chose the Repair option during the installation. At the end of the repair operation, I saw the error message below:

Symantec Ghost Configuration Server
Warning symbol 08001 [Sybase][ODBC Driver][Adaptive Server Anywhere]Unable to connect to
database server: Database server not running

Error 2: The system cannot find the file specified.

OK
 

So I tried the Remove option to "Remove Symantec Ghost Corporate Edition from your computer". After deinstalling the software, I reinstalled it. The Symantec Ghost Console then started without a problem. And when I checked the running services, I saw that both Symantec Ghost Configuration Server and Symantec Ghost Database Service were started.

I didn't see the client systems in the default machine group, so thought I had to add the client systems back into the console. When I tried to reinstall the client software on a system, the installation failed. When I checked the RemoteInstall.log, I saw the reason listed as "Remotely Installed Client is installed on this machine."

To resolve the problem I restored the privkey.crt, pubkey.crt, and C:\Program Files\Symantec\Ghost directory from a Ghost backup I had from some time ago.

To backup those files and that directory or restore over them, you should close the Ghost Console, if you have it open, and stop the running Ghost services. You can stop the Ghost services by clicking on Start, then selecting Run and typing the following command and hitting Enter. You need to include the double quotes where shown below.

"c:\program files\symantec\ghost\ngserver.exe" -stop

If you check the running services, you should then see both Symantec Ghost Configuration Server and Symantec Ghost Database Service are stopped.

I then restored the privkey.crt, pubkey.crt, and C:\Program Files\Symantec\Ghost directory from the backup. Afterwards, I ran the command "c:\program files\symantec\ghost\ngserver.exe" -start to restart the Symantec Ghost services. I then saw the systems in the default machine group I had been using previously for the Ghost backups.

References:

  1. How to move the Symantec Ghost Solution Suite 1.x Console to a different computer or retain Console settings during a reinstall
    Document ID: 2001050812540225
    Last Modified: 11/08/2007
    Date Created: 05/08/2001
    Operating System(s): DOS, Windows 95, Windows 98, Windows NT, Windows 2000, Windows ME
    Product(s): Symantec Ghost 7.0, Symantec Ghost 7.5, Symantec Ghost 8.0, Symantec Ghost 8.2, Symantec Ghost Solution Suite 1.0, Symantec Ghost Solution Suite 1.1
    Release(s): Ghost 7.0 [All Releases], Ghost 7.5 [All Releases], Ghost 8.0 [All Releases], Symantec Ghost 8.2 [All Releases], Symantec Ghost Solution Suite 1.0 [All Releases], Symantec Ghost Solution Suite 1.1
    Symantec Corporation

[/os/windows/utilities/backup/ghost] permanent link

Sat, Feb 23, 2008 2:21 pm

Bopup Scanner

Bopup Scanner is a freeware network scanner that displays active computers with user names logged into the computers (NetBIOS), MAC and IP addresses. Bopup Scanner also recognizes and shows HTTP (Web) servers running on remote computers (TCP ports 80, 8080), if you select the option to have it scan for webservers, quickly detects online computers, and allows you to browse shared resources of a remote computer. You can save the results of a scan to a text file.

Bopup Scanner will perform a NetBIOS scan of a network, which will show Windows systems on the network. The program first tries to ping an address it is scanning. So, if you were watching its scan with a sniffer, you would see an ARP request for the IP address. If there is a reply to the ARP request, an ICMP echo request is sent to the IP address. If an echo reply is received, Bopup Scanner will then check for a response from the scanned IP address on UDP port 137. Port 137 is associated with the NetBIOS Name Service commonly used on systems running the Microsoft Windows operating system. The NetBIOS Name Service is typically how Windows computers find out information concerning the networking features offered by a computer, such as system name, file shares, etc.

Because it is only scanning for responses to NetBIOS Name Service requests, Bopup Scanner will show a red circle for IP addresses where it received no response to a NetBIOS Name Service query, even though there may be a system at that address. E.g. there may be a Linux system, networked copier, router, etc. at the address.

Regarding installation of the software, there is no installation procedure for the program. You simply run scanner.exe. When you first run it, it will create the following registry entries:

Keys added: 5
-------------
	HKEY_CURRENT_USER\Software\B Labs
	HKEY_CURRENT_USER\Software\B Labs\Bopup Scanner
	HKEY_CURRENT_USER\Software\Bopup Scanner
	HKEY_CURRENT_USER\Software\Bopup Scanner\Scanner
	HKEY_CURRENT_USER\Software\Bopup Scanner\Scanner\Settings

After starting the program, click on the Refresh button with the green arrows next to it on the toolbar menu to begin a scan of the subnet the system is on.

Bobup Scanner 2.0.6 scan

If you wish to check on whether a webserver is running on any of the scanned IP addresses, click on Options and check "Scan for HTTP servers (80, 8080 ports)".

You can save the results to a text file by clicking on Actions and selecting Save list.

The developer, B-Labs Software, also offers other software that can be used for secure instant messaging.

Download Bopup Scanner

Developer Website
MoonPoint Support (may not be the most current version)

[/network/tools/scanning/bopupscanner] permanent link

Thu, Feb 21, 2008 12:34 pm

Internet Explorer Crash Recovery

An area in which Opera is far superior to Internet Explorer as a web browser is crash recovery. Internet Explorer, even in version 7.0, does not provide any crash recovery features. In Opera, should the browser or system crash, when you reopen the browser, you can go back to exactly where you were prior to the crash. You can have all of your tabs reopened and even move backwards through the prior URLs you visited in each tab. In contrast, Internet Explorer offers no crash recovery features. Since I've often encountered probelms with Internet Explorer crashing or hanging, I find the lack of any crash recovery features in the browser to be a major drawback to using Internet Explorer.

So, I decided to look for an add-on that might add similar functionality for Internet Explorer. I found a free add-on, IE7Pro, that offers that functionality as well as other enhancements for Internet Explorer. The developer states "IE7Pro includes Tabbed Browsing Management, AD Blocker, Flash Block, Super Drag Drop, Crash Recovery, Proxy Switcher, Mouse Gesture, Tab History Browser, Inline Search, User Agent Switcher, Webpage Capturer, Greasemonkey like User Scripts platform, User Plug-ins and many more power packed features. You can customize not just internet Explorer, but even your favorite web site according to your need and taste using IE7Pro."

During the installation, which uses a Nullsoft Install System v2.33 installation program, you are given the option to select default settings, which are shown below:

Please select default settings:

[x] Enable ADblock
[ ] Enable Userscripts
[ ] Enable Plugins
[X] Enable Spelling Checker
[ ] Set EasyHome as Homepage

At the end of the installation, you are requested to set the default search engine to be IEPro's Google based search, to help finance further development of the software, but you don't have to do so. Selecting that option is certainly a small measure that you can take to make continued development of the software possible.

To simulate a system crash, I powered off the system. When I restarted the system and opened Internet Explorer, I saw a "Crash Recovery" window stating "Your last session crashed, Please review and open last URLs. All of the Internet Explorer 7 tabs I had open previously were listed and checked to be reopened. I could deselect tabs I didn't want reopened, if I wished. There were also Select All and Select None buttons. I chose to reopen all of the tabs I had open previously. Unfortunately, unlike Opera's crash recovery feature, I couldn't click on the backwards arrow button in Internet Explorer to view my history of previously visited sites in any tab. So, IE7Pro definitely offered an improvement over the total lack of crash recovery features in Internet Explorer, but also falls far short of the built-in crash recovery features of Opera.

Download Sites
IE7Pro.com
MoonPoint (may not be the most current version)

References:

  1. IE7Pro User Guide
    IE7Pro.com
  2. IE7Pro FAQ
    IE7Pro.com

[/network/web/browser/ie] permanent link

Tue, Feb 19, 2008 11:27 pm

Counting Non-Blank Cells in a Spreadsheet and Using Multiple Criteria for Counting

Either the counta or countif functions can be used to count the number of cells that are not blank in a spreadsheet.

E.g., suppose you have the following information in a spreadsheet

 AB
1 applemaple
2  oak
3 plumbirch
4 birch
5apricot 

The function counta(A1:A5) would count those cells that aren't empty in cells A1 to A5 yielding 3. The function countif(B1:B5,"*") would also count those cells that contain text in cells B1 to B5, yielding 4 as well.

Note: counta will count cells that have formulas in them even though those formulas may amount to nothing appearing in the cell, i.e. they evaluate to "".

If you wanted to count the number of cells that contained specific text, e.g. birch, you could use countif(B1:B5,"birch"), which would yield 2. The count is case insensitive, i.e., if one of the cells contained "BIRCH", instead of "birch", the count would still be equal to two.

If you wanted to count the number of cells that contained "birch" in column B and "plum" in column A, then countif won't work, since you can only specify one criteria with it. You could use sum instead. E.g. sum((B1:B5="birch")*(A1:A5="plum")), which yields 1. The * in this case "ands" the two conditions. Note: You have to hit the Ctrl, Shift, and Enter keys simultaneously when you've typed the formula in order to enter it. If you don't, you will see a #value appear in the cell. This type of formula is considered to be an "array" formula or CSE formula, since it requires the Ctrl-Shift-Enter keys to be hit to enter it. When it is entered, you will see {} appear around the formula.

References:

  1. Excel -- Worksheet Functions -- Count Cells
    Last updated: November 11, 2006
    Contextures -- Microsoft Office Consulting
  2. Excel Developer Tip: Summing and Counting Using Multiple Criteria
    Excel Developer Tip Archives

[/os/windows/office/excel] permanent link

Mon, Feb 18, 2008 8:30 am

Symantec AntiVirus Server Could Not Collect Log Data From Client

On a Symantec AntiVirus Corporate Edition 8.1 server, I tried checking the logs for a client system through the Symantec System Center by unlocking the server group, right-clicking on a client system, selecting All Tasks, Symantec AntiVirus, Logs, and Scan History. I received a message that the log data couldn't be collected from the selected computer.

Symantec AntiVirus Management Snap-In
Symantec AntiVirus could not collect all the log data from the selected computer(s).

Please verify that Symantec AntiVirus is running on these computers.

OK
 

I received the same message if I tried viewing any log.

Symantec has a knowledgebase article on the problem at Error: "Symantec AntiVirus could not collect all the log data from the selected computer(s) . . ." when viewing client logs in Symantec System Center . I followed the steps listed in that article.

I could ping the IP address of the system and ping -a 192.168.0.7 showed the hostname associated with the address. I could also ping the server from the client system using ping and ping -a, which confirmed network connectivity and the ability to do reverse lookups on the IP addresses to get host names.

I checked for the presence of any .cer server group root certificate on the server and the client. I didn't see any .cer file on either system, but nor did I see a certificate on a client for which I could successfully check log files from the antivirus server, so I didn't think that was the source of the problem.

I could successfully start the Symantec AntiVirus Client program on the client system. It showed the correct server name. Though nothing was listed for "group", nothing was listed for "group" on a system I could successfully query from the server, either.

And from the server, I could query the client and see that the Symantec rtvscan.exe program was running.

C:\>tasklist /s 192.168.0.7 /fi "imagename eq rtvscan.exe"

Image Name                     PID Session Name        Session#    Mem Usage
========================= ======== ================ =========== ============
Rtvscan.exe                   1760                            0     46,604 K

When I checked the Windows XP firewall settings on a system I could successfully query from the antivirus server, I saw a firewall rule listed for User Datagram Protocol (UDP) port 2967, which the Symantec RTVScan program uses. I checked the firewall rules on the system I couldn't successfully query with the command netsh firewall show portopening. I did not see a rule for RTVScan, so I created one from the command line using the command netsh firewall set portopening protocol = UDP port = 2967 name = "Symantec AntiVirus Client Management" mode = ENABLE scope = CUSTOM 192.168.0.33 (IP address 192.168.0.33 corresponds to the IP address of the antivirus server).

When I tried checking the antivirus log files from the server again, I still could not do so. Looking at the firewall rules on the client with netsh firewall show portopening verbose = enable (you have to specify the verbose option to see the scope of rules), I saw that I had mistyped the IP address of the server when I created the RTVScan rule with the netsh command. So I re-entered the netsh firewall set portopening protocol = UDP port = 2967 name = "Symantec AntiVirus Client Management" mode = ENABLE scope = CUSTOM 192.168.0.33 command exactly as before with the exception that this time I specified the IP address correctly.

I was then able to check the virus history and other logs on the client from the Symantec System Center.

References:

  1. Error: "Symantec AntiVirus could not collect all the log data from the selected computer(s) . . ." when viewing client logs in Symantec System Center
    Document ID: 2003032010404748
    Last Modified: 11/15/2006
    Date Created: 03/20/2003
    Operating System(s): Windows 2000, Windows Server 2003 32-bit Edition, Windows 98, Windows Me, Windows NT 4.0 SP6a, Windows 2000 Professional, Windows XP Professional
    Product(s): Symantec AntiVirus Corporate Edition 10.0, Symantec AntiVirus Corporate Edition 8.0, Symantec AntiVirus Corporate Edition 9.0, Symantec Client Security 3.0, Symantec AntiVirus 10.1, Symantec Client Security 3.1
    Release(s): SAV 10.0 [All Releases], SAV 8.0 [All Releases], SAV 9.0 [All Releases], Symantec Client Security 3.x [All versions], Symantec AntiVirus 10.1, Symantec Client Security 3.1
    Symantec Corporation
  2. Allow Rtvscan Access Through Windows XP Firewall
    April 9, 2007
    MoonPoint Support
  3. Configuring Windows XP Firewall for Symantec Antivirus Client
    April 9, 2007
    MoonPoint Support

[/security/antivirus/symantec] permanent link

Sun, Feb 17, 2008 11:45 pm

Unable to Unlock Symantec AntiVirus Server Group

I was unable to unlock the server group on a Symantec AntiVirus Corporate Edition 8.1 server. I was also unable to start the Symantec AntiVirus Server service or update the virus definitions on the server. I discovered the problem was due to corrupt virus definitions.

[ More Info ]

[/security/antivirus/symantec] permanent link

Sun, Feb 17, 2008 8:18 pm

Encoding Spaces in URLs

If you have a filename that includes spaces, you should encode the URL that you use for any links to the document, i.e. %20 should be used wherever a space occurs in the filename.

You can go to URL Encoding to see a list of characters that should be encoded, such as the space character. You can also plug in a URL there and have it converted to a browser safe version.

[/network/web/browser] permanent link

Sun, Feb 17, 2008 5:41 pm

IP and Domain Name Reputation Sites

An IP address may be added to a DNS Blacklist (DNSBL), if spam is detected as emanating from that IP address. You can check for the presence of an IP address on various blacklists using the MxToolBox Email Blacklist Check, which currently checks 124 blacklists, or at individual blacklist sites, such as MAPS.

You can check on whether an IP address has been associated with attacks on other systems at DShield or myNetWatchman by performing an IP lookup.

You can also obtain information on the "reputation" for a site at Barracuda Central by performing a lookup on either an IP address or a domain name. Barracuda Networks sells widely used spam firewall devices, so a poor reputation listing at Barracuda Central may lead to email from an IP address listed there, or with a domain name in the body of email messages being found there, being blocked by those using Barracuda Networks security devices.

Another reputation site is TrustedSource. You can lookup an IP address there and see a graph of activity associated with that site. If you see red bars on the graph, those represent malicious activity associated with the IP address on the days for which those bars appear.

[/network/Internet/domains] permanent link

Sun, Feb 17, 2008 4:46 pm

Locating Cybersquatters Capitalizing on a Variant of Your Domain

Cybersquatters may buy domains similar to yours hoping to take advantage of someone mistyping your domain name or to mislead someone into thinking a domain name in a URL belongs to a legitimate company or organization. For instance many people might visit microsoft.com, so a cybersquatter might buy micrsoft.com, which has a missing "o", so that someone making a typo that left out that "o" would be directed to the cybersquatter's site instead, where the cybersquatter may have nothing but ads, hoping to get money generated from those viewing those ads. If millions of people visit microsoft.com every week, the cybersquatter will probably get a signifiant amount of traffic from such a typo.

Or perhaps you own example.com. The cybersquatter may purchase example.net, if it is available. Someone seeing example.net in an email may think the domain belongs to your company and visit a site that might have nothing but ads, perhaps even risque ones, or the site might try to infect visitors with adware/spyware, which might harm your company's reputation, even though you don't own the domain name and have no control over the site.

CitizenHawk helps you locate potential cybersquatter sites for your domain name.

[/network/Internet/domains] permanent link

Sun, Feb 17, 2008 12:54 pm

Configure Sendmail to Listen on All Addresses

If you can't connect to the SMTP port on a system, i.e. port 25, from external hosts, but you can connect from the system itself, then you need to comment out a line in sendmail.mc that restricts connections to the local loopback address, 127.0.0.1.

I.e., if you can use telnet 127.0.0.1 25 and see the sendmail banner, but when you use telnet 192.168.0.44 25 (presuming 192.168.0.44 is the IP address for the mail server), you get "connection refused" messages, then the default configuration option in sendmail.mc is likely preventing the connection by causing sendmail to only listen on the loopback address.

# telnet 192.168.0.44 25
Trying 192.168.0.44...
telnet: connect to address 192.168.0.44: Connection refused
telnet: Unable to connect to remote host: Connection refused

To resolve the problem, look for the following lines in sendmail.mc , which on a Linux system will likely be in the /etc/mail directory.

dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

Edit the sendmail.mc file from the root account. Put a dnl # at the beginning of the DAEMON_OPTIONS line to comment out the line.

dnl # DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

Then issue the following commands:

m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
/etc/init.d/sendmail restart

The first command rebuilds the .cf configuration file from the modified .mc file. The second restarts sendmail so that it is using the new configuration file.

[/network/email/sendmail] permanent link

Fri, Feb 15, 2008 7:02 pm

216-115-223-200.expertcity.com HTTPS Access

While monitoring a LAN with Show Traffic, a network monitoring application for Windows systems, I noticed two systems contacting 216.115.223.200 [ 216-115-223-200.expertcity.com ] on port 443 (HTTPS).

Show Traffic detection of traffic to 216.115.223.200

Since the communications occurred at 18:30 when the employees using those systems would have gone home, I did a Google search on the FQDN, 216-115-223-200.expertcity.com, which was associated with that address. A McAfee SiteAdvisor webpage linked the site with GoToMeeting, i.e. legitimate software on the users' systems. That webpage stated "When we installed and ran GoToMeeting 2.0.0.127 (gotomeeting.exe), the following network servers were contacted." It then listed the following addresses:

216-115-222-200.expertcity.com
216-115-223-200.expertcity.com

[/os/windows/network/monitoring/show_traffic] permanent link

Fri, Feb 15, 2008 5:08 pm

Show Traffic 1.6.0

While looking for an application to monitor network traffic that would run under Microsoft Windows, I came across Show Traffic. The author came across Trafshow for Linux and decided to create a program with equivalent functionality for Windows.

The program provides a GUI interface for monitoring the traffic seen at a particular network interface. It displays statistics for the bytes transferred for connections between various systems and the bandwidth used for those individual connections.

[ More Info ]

[/os/windows/network/monitoring/show_traffic] permanent link

Wed, Feb 13, 2008 10:53 pm

Configuring SNMP on a Netopia R7220-T Router

To configure SNMP on a Netopia R7220-T router, take the following steps:

  1. From the main menu, select System Configuration.
  2. 
                               Netopia R7220-T v4.6.2
    
    
                         Easy Setup...
    
                         WAN Configuration...
    
                         System Configuration...
    
                         Utilities & Diagnostics...
    
                         Statistics & Logs...
    
                         Quick Menus...
    
                         Quick View...
    
    
    
    
    
    Return/Enter displays options for the system.
    You always start from this main screen.

    From the System Configuration menu, select SNMP (Simple Network Management Protocol)....

    
                                  System Configuration
    
    
                         Network Protocols Setup...
                         Filter Sets...
                         IP Address Serving...
    
                         Date and Time...
    
                         Console Configuration...
    
                         SNMP (Simple Network Management Protocol)...
    
                         Security...
    
                         Upgrade Feature Set...
    
    
    
                         Logging...
    
    Return/Enter to set up basic SNMP options (Community Strings, Traps, etc.).

    From the SNMP Setup window, specify the desired SNMMP configuration.

    
                                      SNMP Setup
    
    
             System Name:
             System Location:
             System Contact:
    
    
             Read-Only Community String:        public
             Read/Write Community String:
    
             Authentication Traps Enable:       Off
    
             IP Trap Receivers...
    
    
    
    
    
    
    
    
    Configure optional SNMP parameters from here.

    You can put in whatever name you would like to use for the router in the System Name field, e.g. Netopia Router and then hit Enter to advance to the next field, where you can specify the location, e.g. 1020 Maple Street. Hit Enter to fill in the System Contact field. The default read-only community string is public. To prevent others from accessing information from the router, you can provide another community string. You can provide a read/write community string as well, if you like. If you want authentication traps sent to another device, enable authentication traps and specify IP trap receivers. Otherwise, you can leave these as is.

    You can return to the main menu, if you wish, by hitting the Escape key until to back up through the menus.

    If you want a free program to monitor the router via SNMP from a Windows system, try PRTG Traffic Grapher. It is fairly straight-forward to set up and can even install its own webserver on the system on which you install it. If you already have webserver software running on the system on which you install it using port 80, PRTG will automatically set up its own webserver at port 8080. Or you can choose a different port, if you prefer. You can specify userids and passwords granted access to the webserver, where the PRTG graphs are displayed.

    [/hardware/network/router/netopia] permanent link

Wed, Feb 13, 2008 9:25 pm

FTP Attacks from 221.130.187.49 and 202.57.128.159

The system became unresponsive for a time. I ran kripp and found two systems conducting FTP brute-force password guessing attempts.

ftp password :: frostdragon.com -> 202.57.128.159.sta.isp-thailand.com :: anna :: poiuyt [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: purple [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: ranger [F]
ftp password :: frostdragon.com -> 202.57.128.159.sta.isp-thailand.com :: anna :: 111111 [F]

ftp password :: frostdragon.com -> 221.130.187.49 :: james :: purple [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: ranger [F]
ftp password :: frostdragon.com -> 202.57.128.159.sta.isp-thailand.com :: anna :: 111111 [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: 123go [F]
ftp password :: frostdragon.com -> 202.57.128.159.sta.isp-thailand.com :: anna :: 000000 [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: Airhead [F]
ftp password :: frostdragon.com -> 202.57.128.159.sta.isp-thailand.com :: anna :: oracle [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: Braves [F]
ftp password :: frostdragon.com -> 202.57.128.159.sta.isp-thailand.com :: anna :: library [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: Sparky [F]
ftp password :: frostdragon.com -> 202.57.128.159.sta.isp-thailand.com :: anna :: linux [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: angela [F]
ftp password :: frostdragon.com -> 202.57.128.159.sta.isp-thailand.com :: anna :: unix [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: brandy [F]
ftp password :: frostdragon.com -> 202.57.128.159.sta.isp-thailand.com :: anna :: amanda [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: cindy [F]

I blocked the 221.130.187.49 system with route add 221.130.187.49 reject . I then checked DShield to learn if it has been observed attacking other systems. The DShield report for 221.130.187.49 showed it was first reported engaged in hostile activity on 2008-02-11 and the last reported incident was today 2008-02-13. The IP address is a Chinese address. When I checked the IP Details for the ports the system was attacking, I found it was listed only for port 21 attacks, i.e. FTP attacks.

It was also listed at myNetWatchman. The Incident Detail report for that IP address at myNetWatchman showed the system had been attacking other systems on port 21 and port 22 (SSH) as well from February 5, 2008 onwards.

I then checked the second system attacking, which was 202.57.128.159.sta.isp-thailand.com. The IP address for it is 202.57.128.159. Note: a reverse lookup on 202.57.128.159 yields a Fully Qualified Domain Name (FQDN) of 202.57.128.159.sta.isp-thailand.com, but a forward lookup on 202.57.128.159.sta.isp-thailand.com does not yield an IP address.

I ran an nmap scan of it to see what operating system it was running. I got the following results:

# nmap -P0 -O 202.57.128.159

Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Insufficient responses for TCP sequencing (1), OS detection may be less accurate
Interesting ports on 202.57.128.159.sta.isp-thailand.com (202.57.128.159):
(The 1588 ports scanned but not shown below are in state: closed)
Port       State       Service
21/tcp     open        ftp
80/tcp     open        http
111/tcp    open        sunrpc
135/tcp    filtered    loc-srv
137/tcp    filtered    netbios-ns
199/tcp    open        smux
443/tcp    open        https
445/tcp    filtered    microsoft-ds
3306/tcp   open        mysql
4444/tcp   filtered    krb524
8009/tcp   open        ajp13
8080/tcp   open        http-proxy
10000/tcp  open        snet-sensor-mgmt
Remote operating system guess: Linux Kernel 2.4.0 - 2.5.20

Nmap run completed -- 1 IP address (1 host up) scanned in 173 seconds

Visting http://202.57.128.159/ with a browser showed "Welcome to web4.thaibestserver.net".

When I checked DShield for any reports on hostile activity for that IP address, which is a Thai address, I found it was first reported engaged in hostile activity on 2008-02-08 with the most recent report dated 2008-02-09 (see IP Info (202.57.128.159)). The IP Details 202.57.128.159 report showed all of the incidents to be FTP attacks.

There was also an Incident Detail report for it at myNetWatchman, which also showed the system engaged in FTP attacks from February 6 onwards.

I blocked it with route add 202.57.128.159 reject. I also turned off the FTP service on the system, since it isn't needed at the moment.

[/security/attacks] permanent link

Wed, Feb 13, 2008 3:41 pm

PrimoPDF Producing Zero Byte Files

I installed PrimoPDF 3.0 on a system. PrimoPDF provides free PDF converter software that will allow you to "print" documents to a PDF file. After installing the software, I could print to PDF files without a problem from the administrator account from which I installed the software, but when I printed to a PDF file using the PrimoPDF "printer", I would receive the error message below:

Adobe Reader
Adobe Reader could not open 'http.pdf' because it is either not a supported file
type or because the file has been damaged (for example, it was sent as an
email attachment and wan't correctly decoded).

OK
 

When I checked the PDF files produced by PrimoPDF, I found they were always zero bytes in size. When the files were being produced I would hear an error beep.

An Error after converting posting at the PrimoPDF Forums, suggested giving the Users group on the system full control of the directory into which PrimoPDF is installed.

From the Windows Explorer, I right-clicked on the directory under Program Files into which I had installed PrimoPDF and chose Properties. I saw that the Users group had only read access, i.e. only the read & execute, list folder contents, and read permissions were granted to the Users group for that folder.

Note: you can use the cacls command to check permission from the command line, e.g. cacls "\program files\primopdf", if the installation directory was \program files\primopdf. You will see BUILTIN\Users:(OI)(CI)R. The R at the end indicates that the Users group on the system, to which all normal user accounts belong, has only read access to that directory.

If you are logged into an account that is a member of the Administrators group on the system, you can right-click on the directory and choose Properties to reset the security permissions. Click on the Security tab, then select the Users group under "group or user names", then grant Full Control.

Since I was logged into a normal user account at the time I encountered the problem and had a lot of windows open and didn't want to have to close all of them, logoff, logon as an administrator, logoff, logon to my user account again, and then reopen all of the applications and files I previously had open, I used the cacls command to reset the permissions. To use that method, you need to take the following steps, if you are currently logged into an unprivileged user account.

  1. Open a command prompt window as the Administrator. On Windows XP systems, you can do so by going to C:\WINDOWS\system32\ and right-clicking on cmd.exe while holding down the shift key (if you don't hold down the shift key at the same time, you won't see the "run as" option). Then select Run as. Click on The following user and put in Administrator, or some other account with administrator access, for the user name, and enter the appropriate password. Then hit Enter or click on OK. A command prompt window will open with Administrator credentials.
  2. Enter the command cacls "\program files\primopdf" /E /G Users:F to give all users of the system full control of the directory where you installed PrimoPDF, presuming that you installed it in \program files\primopdf. Granting full control of the directory means they can add or delete files in that directory. The Users group will still only have "read" access to the dll and exe files in the directory, though. The /E means "edit the existing Access Control List (ACL) rather than creating a new one and the /G grants access for the account or accounts specified as a parameter. The F at the end grants "full" access. You can enter cacls /? for help with the cacls command. You will see something like "processed dir: C:\program files\PrimoPDF", if the command is successfully executed.

[/os/windows/software/pdf] permanent link

Tue, Feb 12, 2008 9:43 pm

Smart Network Data Services for Tracking Email to Hotmail.com Addresses

Microsoft offers Smart Network Data Services, which allows someone to view data on email transmitted from IP addresses for which he or she is resonsible to hotmail.com email addresses. Microsoft describes the service as follows:

Smart Network Data Services (SNDS) is a revolutionary Windows Live Mail initiative designed to allow everyone who owns IP space to contribute to the fight against spam, malware, viruses, and other internet evils, and to protect e-mail and the internet as a valued communications, productivity and commerce tool. Windows Live Mail and MSN Hotmail, with over 250 million active user accounts world-wide, is in a unique position to collect and analyze e-mail activity data. By providing that data to service providers, most of whom wouldn.t otherwise have access to any such data, they are empowered to use their relationship with their customers to react and take repair actions, such as preventing spam from originating within their IP space. The overarching goal of SNDS is to make the Internet a better, safer place. Working together, Windows Live Mail and service providers can make their respective customers happier and more satisfied with the various services we all provide.

To request a Smart Network Data Services account, go to SNDS - Request Access. Enter the IP address or address range for which you are responsible and for which you wish to track email being sent to Hotmail.com addresses.

When you click on Submit you will see the message "We've determined that the following email addresses are associated with the specified network in an appropriately authoritative way. Please choose one that you can receive mail at and we will send instructions for completing the signup process to that address." You may then see 4 addresses similar to those below:

abuse@yourdomain.com 
noc@isp1.net 
noc@isp2.net 
postmaster@yourdomain.com

Two of the addresses will be of the form abuse@yourdomain.com and postmaser@yourdomain.com, assuming that a reverse DNS lookup on a provided IP address yields "yourdomain.com".

A "whois" lookup will also be done on a provided IP address using the relevant registrar, which, if you are in the U.S. will likely be the American Registry for Internet Numbers (ARIN). The "OrgTechEmail" address listed for the IP address may be used as one of the possible addresses, e.g. noc@isp1.net, if that was the "OrgTechEmail" listed for the ISP.

You can see further information on how the email addresses are derived at SNDS - FAQ.

If you have PTR record in DNS that points back to yourdomain.com, and wish to use one of those email addresses, make sure that you have valid abuse@yourdomain.com and postmaster@yourdomain.com email addresses.

What data does SNDS provide?

The data provided by SNDS is meant to provide as broad a picture of an IP's mail sending behavior as necessary for the system's consumers to be able to stop spam.  It reports on a variety of characteristics of mail traffic.  The data points provided are designed to be difficult or impossible for spammers to avoid differentiating themselves from well-behaved mailers.  Similarly however, data isn't provided on IPs that send very little mail because they (currently) account for a negligible amount of spam.  For each IP within the ranges that the user has been authorized, the following data is provided:

An email message is sent to the address you specified. You will need to go to a link provided in that email message to grant access to the data to a Windows Live ID account, such as a hotmail.com email address, you specified when you requested an account.

Once you have confirmed access, you can view data at SNDS - View Data There you will see a calendar where you can select dates for which to view data. You have the option to change your settings to allow access your data as a .CSV file without the need for browser-based authentication technologies such as Windows Live™ ID. This facilitates access to your data via your own automated scripts or programs.

I didn't see any data listed for an IP address I specified. I know email is sent from that address to hotmail.com users, but the volume of traffic is fairly low. The SNDS - FAQ states that "data isn't provided on IPs that send very little mail because they (currently) account for a negligible amount of spam."

[/network/email/spam] permanent link

Tue, Feb 12, 2008 8:42 pm

Viewing Exchange Logs in Excel

The email log files for a Microsoft Exchange server can be analyzed with Microsoft Excel. Exchange stores the log entries in a text file, which can be imported in Excel for analysis.

[ More Info ]

[/network/email/exchange] permanent link

Tue, Feb 12, 2008 12:30 pm

IP on LASHBACK DNS Blocklist

An IP address for a site had gotten on some blocklists, apparently due to an infected system at the site. I went to the MxToolBox Email Blacklist Check page, which currently checks for the presence of an IP address on 124 blacklists. I checked on whether the IP address was present on any of the lists queried by the MxToolBox blacklist check tool. It was on the LASHBACK blacklist, with the reason listed as "Sender has sent to LashBack Unsubscribe Probe accounts Return codes were: 127.0.0.2", but no others.

I requested a delisting from their Unsubscribe Blacklist Support page. When I looked up the address at LASHBACK, I found it was listed. When I requested it be delisted at 12:30 PM, I was notified that it would be removed within 1 hour. When I had checked for the address on the MxToolBox Email Blacklist Check page, I had seen a TTL value of 3594, which is 59.9 minutes, listed for it for the LASHBACK list.

[/network/email/blacklist] permanent link

Mon, Feb 11, 2008 9:03 pm

System Not Recognizing EasyShare printer dock plus

A user told me that she was no longer able to communicate with her Kodak EasyShare C340 camera, which she plugs into a Kodak EasyShare printer dock plus.

The following steps can be taken to see if the system is recognizing the presence of the printer dock.

  1. Click on Start.
  2. Select All Programs.
  3. Select Kodak.
  4. Select Kodak EasyShare printer dock.
  5. Select Kodak printer dock firmware updater. When the application opens, you should see the printer name listed along with the current firmware version number as shown below.

    Kodak printer dock firmware updater

In this case nothing was listed under "Printer Name" nor under "Firmware Version Number". I unplugged the USB cable from the computer and plugged it back in. I then saw the message below:

USB Device Not Recognized

One of the USB devices attached to this computer has malfunctioned, and Windows does not recognize it. For assistance in solving this problem, click this message.

I tried plugging the device into two other USB ports with the same results. I unplugged the cable from the printer dock and powered it off. I plugged the cable back in and powered it on. I then heard noises from the unit and when I exited the Kodak printer dock firmware updater program and restarted it, I saw entries listed under "Printer Name" and "Firmware Version Number"

[/hardware/camera] permanent link

Sun, Feb 10, 2008 9:45 pm

Use Custom Filter with Netopia R7220-T Router

A Netopia R7220-T router has built-in firewall capabilities. It comes with two filter sets preconfigured, "Basic Firewall" and "NetBIOS", but you can create your own custom filters. To use a custom filter you have created, take the following steps.
  1. From the main menu, select Quick Menus and hit Enter.

    
                               Netopia R7220-T v4.6.2
    
    
                         Easy Setup...
    
                         WAN Configuration...
    
                         System Configuration...
    
                         Utilities & Diagnostics...
    
                         Statistics & Logs...
    
                         Quick Menus...
    
                         Quick View...
    
    
    
    
    
    Return/Enter displays options for the system.
    You always start from this main screen.

  2. From the Quick Menu, select Change Connection Profiles and hit Enter.

    
                                       Quick Menu
    
     Connection Profiles          Line Configuration     IP Setup
     Add Connection Profiles                             IP Address Serving Setup
     Change Connection Profiles                          IP Filter Sets
     Delete Connection Profiles   Backup Config          Static Routes
     WAN Default Profile                                 Network Address Translation
    
                                                         IPX Setup
                                                         IPX Filters & Filter Sets
    
    
    
    
     Console Configuration        TFTP
     SNMP Setup
    
    
    
    
    
    
    This menu allows you to visit most configuration screens.

  3. When your connection profile, e.g. Easy Setup Profile, appears hit enter to accept it for editing.

    
                                       Quick Menu
             +-Profile Name---------------------IP Address----IPX Network-+
     Connecti+------------------------------------------------------------+
     Add Conn| Easy Setup Profile               192.168.6.25              | Setup
     Change C|                                                            |
     Delete C|                                                            |
     WAN Defa|                                                            |anslation
             |                                                            |
             |                                                            |
             |                                                            |er Sets
             |                                                            |
             |                                                            |
             |                                                            |
             |                                                            |
     Console |                                                            |
     SNMP Set|                                                            |
             |                                                            |
             |                                                            |
             |                                                            |
             +------------------------------------------------------------+
    
    
    Up/Down Arrow Keys to select, ESC to dismiss, Return/Enter to Edit.

  4. Select IP Profile Parameters... and hit Enter.

    
                                 Change Connection Profile
    
             Profile Name:                      Easy Setup Profile
             Profile Enabled:                   Yes
    
             Data Link Encapsulation...         RFC1483
    
    
             IP Enabled:                        Yes
             IP Profile Parameters...
    
             IPX Enabled:                       No
    
    
             Interface Group...                 Primary
    
    
    
    
    
    
    Return accepts * ESC cancels * Left/Right moves insertion point * Del deletes.
    Modify Connection Profile here. Changes are immediate.

  5. Select Filter Set... and hit Enter.

    
                                IP Profile Parameters
    
    
             Address Translation Enabled:       Yes
             IP Addressing...                   Numbered
    
             NAT Map List...                    Easy-PAT List
             NAT Server List...                 Easy-Servers
    
             Local WAN IP Address:              192.168.6.25
             Local WAN IP Mask:                 255.255.254.0
    
    
    
             Filter Set...                      NetBIOS Filter
             Remove Filter Set
    
             Receive RIP:                       Both
    
    
    
    Return/Enter to select Filter Set (Firewall) for this profile.
    Configure IP requirements for a remote network connection here.

  6. Select the custom filter set you created, e.g. "Custom", if that was the name you used, and hit Enter.

    
                                IP Profile Parameters
    
                              +-----------------------------------+
             Address Translati+-----------------------------------+
             IP Addressing... | Basic Firewall                    |
                              | NetBIOS Filter                    |
             NAT Map List...  | Custom                            |
             NAT Server List..|                                   |
                              |                                   |
             Local WAN IP Addr|                                   |
             Local WAN IP Mask|                                   |
                              |                                   |
                              +-----------------------------------+
    
             Filter Set...                      NetBIOS Filter
             Remove Filter Set
    
             Receive RIP:                       Both
    
    
    
    
    Up/Down Arrows to select, then Return/Enter; ESC to cancel.

  7. Hit Esc to go back to the prior IP Profile Parameters menu. You should now see whatever name you used for your custom filter listed on the same line as Filter Set....

    
                                IP Profile Parameters
    
    
             Address Translation Enabled:       Yes
             IP Addressing...                   Numbered
    
             NAT Map List...                    Easy-PAT List
             NAT Server List...                 Easy-Servers
    
             Local WAN IP Address:              66.159.76.25
             Local WAN IP Mask:                 255.255.254.0
    
    
    
             Filter Set...                      Custom
             Remove Filter Set
    
             Receive RIP:                       Both
    
    
    
    Toggle to Yes if this is a single IP address ISP account.
    Configure IP requirements for a remote network connection here.

  8. You can then keep hitting Esc until you get back to the main menu or just disconnect from the router

[/hardware/network/router/netopia] permanent link

Sun, Feb 10, 2008 4:39 pm

Colasoft MAC Scanner 1.1

If you need to determine the Media Access Control (MAC) addresses on a LAN using a Windows system, Colasoft provides a tool, MAC Scanner, which you can use to scan all IP addresses in a subnet to obtain a list of the MAC, aka hardware addresses, associated with those IP addresses. The results can be exported to a text or Comma Separated Value (CSV) file.

[/os/windows/software/network/scanner] permanent link

Sun, Feb 10, 2008 2:02 pm

Dell PowerConnect 3024 - Finding MAC Addresses

To determine the Media Access Control (MAC) addresses of devices connected to a Dell PowerConnect 3024 switch, take the following steps:
  1. Select Address Manager from the main menu.

                                   PowerConnect 3024
                                       Main Menu
    
    
    
    
                                 a. System Manager
                                 b. Port Manager
                                 c. Address Manager
                                 d. Spanning Tree
                                 e. VLAN and CoS Setup
                                 f. Port Trunking
                                 g. Port Mirroring
                                 h. SNMP Management
                                 i. Multimedia Support
                                 j. Statistics
                                 k. Save Configuration
    
    
    
    
    
    Hit  to configure Static Address Table or Address Aging Time
                                                    <Ctrl-L> Refresh  <Ctrl-W> Save

  2. Select Dynamic Addresses from the Address Manager menu.

                                   PowerConnect 3024
                                    Address Manager
    
    
    
    
    
    
    
                       a. Static Addresses
                       b. Dynamic Addresses
                       c. Address Aging
                       d. Static Multicast Groups Administration
                       e. Static Multicast Groups Membership
    
    
    
    
    
    
    
    
    Hit <Enter> to view Dynamic Addresses
    <ESC> Back                                      <Ctrl-L> Refresh  <Ctrl-W> Save

You will then see the MAC addresses that have been seen by the switch for each port. Ports with no device attached will not be listed. If nothing is listed for a port at the time you check, though, that does not necessarily mean that no device is attached to that port, only that no activity has been seen on that port recently. A system could be attached to the port, but turned off, or may be on, but has not communicated with another device over the network recently.

If the switch is seeing multiple MAC addresses on a port, as it would if there is another switch or hub plugged into the port, which itself has multiple systems plugged into it, it will show all of the MAC addresses. In the example below, 5 addreses are listed for port 6 and 4 addresses are listed for port 16. There is another switch connected to port 6 and a hub connected to port 16.

                               PowerConnect 3024
                       Address Manager/Dynamic Addresses

             Dynamic Address Learning is: Enabled
    Port:      VLAN ID:      MAC Address:                   Query  Next  Prev
    Port    VLAN     MAC Address             Port    VLAN     MAC Address
--------------------------------------------------------------------------------
    1:3     1     00:0c:f1:c8:99:09          1:16    1     00:09:6b:19:38:a5
    1:4     1     00:13:20:97:de:e4          1:20    1     00:16:01:41:72:3b
    1:5     1     00:1d:09:0a:5d:55
    1:6     1     00:11:11:64:ec:bc
    1:6     1     00:13:20:97:e2:cf
    1:6     1     00:13:72:3b:4a:b6
    1:6     1     00:16:76:96:cb:1e
    1:6     1     00:17:a4:26:88:d5
    1:7     1     00:11:11:5e:b5:90
    1:8     1     00:11:11:a8:9c:b0
    1:15    1     00:30:18:aa:70:a5
    1:16    1     00:00:74:ad:e8:c6
    1:16    1     00:00:c5:7c:08:7c
    1:16    1     00:06:25:b5:b4:62

Hit <Space> to Enable or Disable Dynamic Address Learning
<ESC> Back                                      <Ctrl-L> Refresh  <Ctrl-W> Save

If you see a MAC address which you don't recognize, you can lookup up the manufacturer of the network adapter associated with that address at Vendor/Ethernet MAC Address Lookup and Search, which may help you identify what type of device is connected on the port showing that MAC address. For instance, when I look up 00:09:6b:19:38:a5, I see the vendor listed as "IBM Corporation". When I look up 00:17:a4:26:88:d5, I see "Global Data Services (may now be Hewlett-Packard, HP)" listed and, in this case, the device is an HP K5400 printer.

References:

  1. Vendor/Ethernet MAC Address Lookup and Search
    Coffer.com

[/hardware/network/switch/dell] permanent link

Sat, Feb 09, 2008 8:22 pm

Setting IP Information From the Command Line

On a Windows system, you can use the netsh interface ip set command to configure IP parameters for the system from the command line.

E.g. the command netsh interface ip set address name="Local Area Connection" static 192.168.0.66 255.255.255.0 192.168.0.1 1 could be used to set the IP address to a static value of 192.168.0.66 with a subnet mask of 255.255.255.0 and a default gateway of 192.168.0.1.

[ More Info ]

[/os/windows/commands] permanent link

Fri, Feb 08, 2008 10:16 pm

Uploading Blocked Files to a SharePoint Server

On a Windows Small Business Server (SBS) 2003 system, I tried uploading an exe file to the SharePoint server, but saw the following displayed when I attempted to upload it.

Form Validation Error

Please correct the information you provided by following these steps, then submit the information again:

The following steps can be taken to allow the upload of an .exe file. Similar steps can be followed to allow the upload of other blocked files.

  1. Click on Start.
  2. Select All Programs.
  3. Select Administrative Tools.
  4. Select SharePoint Central Administration.
  5. Under Security Configuration, click on Manage blocked file types.
  6. Delete exe from the list and click on OK.

[/os/windows/sharepoint] permanent link

Thu, Feb 07, 2008 8:01 pm

Determining Version of Microsoft Exchange

To determine what version of Microsoft Exchange is running on a system, you can take the following steps:
  1. Click on Start.
  2. Select All Programs.
  3. Select Microsoft Exchange.
  4. Select System Manager. Note: the System Manager is applicable if you have Exchange Server 2000 and later. For Exchange Server 5.5 and earlier, you will need to run Exchange Administrator.
  5. Click Servers. You will then see the version displayed. For Exchange Server 2000, the version is 6.0; for Exchange Server 2003, the version is 6.5.

Exchange server version

You can also determine the version number, by going to C:\Program Files\Exchsrver\bin, right-clicking on store.exe, selecting Properties, and clicking on the Version tab.

Store.exe properties

Clicking on Product version will show the version of the Exchange software. In the case shown above, the file version is listed as 6.5.7651.61 while the product version is 6.5. The digits after the 6.5 in the file version don't necessarily match the build version displayed using the first method.

Note: the version number you see using the above methods may not necessarily be the same version number you would see displayed if you telnet to port 25 on the Exchange server. E.g. the above method of determining the version of Exchange running on a system shows it to be 6.5 (Build 7638.2: Service Pack 2), but if I telnet to port 25 on that same Exchange server, I see the following:

220 example.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at
Wed, 13 Feb 2008 19:07:30 -0500

I.e. the "ESMTP MAIL Service" version is not the same as the version number for the Exchange server software on the system, so you can't infer that the version number you see displayed when you connect to port 25 on the system is the Exchange server version number.

References:

  1. How to tell which software version your computer is using
    Published: June 18, 2004
    Microsoft Corporation

[/network/email/exchange] permanent link

Wed, Feb 06, 2008 9:38 pm

HPProduct Assistant Installation Failure

While checking a user's Windows XP system, I found that every time I logged into it a window opened for the installation of HPProductAssistant.

HPProductAssistant
Please wait while Windows configures HPProductAssistant

Cancel
 

Then another HPProductAssistant window would appear stating "The feature you are trying to use is on a CD-ROM or other removalable disk that is not available" and asking me to "Insert the 'HPProductAssistant' disk and click OK" with "1" appearing in the "use source" field. When I clicked on the browse button, I saw it was looking for hpproductassistant.msi.

If I clicked on the Cancel button, I would see the error message below:

HPProductAssistant
Error 1706.No valid source could be found for product
HPProductAssistant. The Windows Installer cannot
continue.

OK
 

If I clicked on OK, which was the only option, the process would just repeat. Clicking on the Cancel button at the point where it prompted for the HPProductAssistant installation file, just kept the process repeating as well. I had to kill the application through the Task Manager to stop it.

When I checked on what process was associated with the HPProductAssistant in the Task Manager by right-clicking on HPProductAssistant under the Applications tab in the Task Manager and selecting Go To Process , I found it was hpqtra08.exe That file is associated with "HP Digital Imaging Monitor" software and is located in C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

When I went to Start, All Programs, and Startup, I found "HP Digital Imaging Monitor" listed there. It was probably put there during the installation of software for the user's printer. HP will install a lot of other software in addition to a printer driver when you use the HP-provided installation disc for one of their printers. Since it wasn't working and I doubted the user had any need for it, I clicked on Start, All Programs and Startup then right-clicked on "HP Digital Imaging Monitor and selected Delete to get rid of the entry from the startup group. I rebooted the system to verify that the problem would no longer occur; it did not.

References:

  1. Wait while Windows configures HPProductAssistant???
    Yahoo! Answers
  2. How to remove hpqtra08 error
    file.net

[/os/windows/processes] permanent link

Sun, Feb 03, 2008 7:36 pm

Determing the Package to Which a File Belongs

If you wish to determine what package a file belongs to under Solaris, you can use the command pkgchk -l -p /path/file. E.g. to determine the package to which the openssl program located in /usr/sfw/bin belongs, the following command could be used:

# pkgchk -l -p /usr/sfw/bin/openssl
Pathname: /usr/sfw/bin/openssl
Type: regular file
Expected mode: 0555
Expected owner: root
Expected group: bin
Expected file size (bytes): 318668
Expected sum(1) of contents: 16493
Expected last modification: Jan 26 21:01:01 2006
Referenced by the following packages:
        SUNWopenssl-commands
Current status: installed

From the above information, I can see the file belongs to the package SUNWopenssl-commands. I can get further information on that package, such as the date the package was installed with the command pkginfo -l SUNWopenssl-commands.

# pkginfo -l SUNWopenssl-commands
   PKGINST:  SUNWopenssl-commands
      NAME:  OpenSSL Commands (Usr)
  CATEGORY:  system
      ARCH:  i386
   VERSION:  11.10.0,REV=2005.01.21.16.34
   BASEDIR:  /
    VENDOR:  Sun Microsystems, Inc.
      DESC:  OpenSSL Commands (Use)
    PSTAMP:  on10-patch-x20060126144406
  INSTDATE:  Jul 08 2006 23:31
   HOTLINE:  Please contact your local service provider
    STATUS:  completely installed
     FILES:        5 installed pathnames
                   3 shared pathnames
                   3 directories
                   2 executables
                 634 blocks used (approx)

References:

  1. Solaris find out a package which a file belongs to
    nixCraft - Insight Into Linux Admin Work

[/os/unix/solaris/commands] permanent link

Sun, Feb 03, 2008 11:08 am

Internet Explorer Shortcut Keys

I use Furl to save copies of webpages I've found interesting. Furl creates an online bookmarks or "favorites" list for you. If you make your Furl archive public, others can also have access to your links. You also get an online archived copy of the webpage you've "furled". So if the webpage disappears or the website where it resided is inaccessible for some other reason the next time you want to view it, you have a stored copy at Furl.

But sometimes I run into difficulty with multi-page news articles. I don't want to have to furl each page individually. Some websites offer a "print" function, so that you can display a copy of all pages of the article at once to send them to the printer at once. But often, when the window opens that displays the entire article for printing, I don't see the Internet Explorer (IE) menubar with "File, Edit, View, Favorites, Tooks, and Help" on it. The link to furl pages is under "Favorites", so I don't then have access to that link.

One alternative is to right-click on the "print" version of the webpage, choose "Properties" and then copy the URL for the webpage, which you can paste into another IE window with the menubard displayed to access the page. Another method is to hit the Ctrl and "I" keys simultaneously, which will bring up the IE Favorites box.

Other IE shortcut keys to view and explore web pages are listed below:

To do this                                Press this key
----------------------------------------------------------------------
Display Internet Explorer Help or to      F1
display context Help about an item in 
a dialog box

Toggle between full-screen and other      F11
views in the browser

Move forward through the items on a       TAB 
Web page, the Address box, or the 
Links box

Move through the items on a Web page,     SHIFT+TAB
the Address box, or the Links box

Go to your Home page                      ALT+HOME

Go to the next page                       ALT+RIGHT ARROW

Go to the previous page                   ALT+LEFT ARROW or BACKSPACE

Display a shortcut menu for a link        SHIFT+F10

Move forward between frames               CTRL+TAB or F6

Move back between frames                  SHIFT+CTRL+TAB

Scroll toward the beginning of a          UP ARROW
document 

Scroll toward the end of a document       DOWN ARROW

Scroll toward the beginning of a          PAGE UP
document in larger increments

Scroll toward the end of a document       PAGE DOWN
in larger increments

Move to the beginning of a document       HOME

Move to the end of a document             END

Find on this page                         CTRL+F

Refresh the current Web page              F5 or CTRL+R

Refresh the current Web page, even if     CTRL+F5
the time stamp for the Web version and 
your locally stored version are the same  

Stop downloading a page                   ESC

Go to a new location                      CTRL+O or CTRL+L

Open a new window                         CTRL+N

Close the current window                  CTRL+W

Save the current page                     CTRL+S

Print the current page or active frame    CTRL+P

Activate a selected link                  ENTER

Open the Search box                       CTRL+E

Open the Favorites box                    CTRL+I

Open the History box                      CTRL+H

In the History or Favorites boxes,        CTRL+click
open multiple folders

References:

  1. Internet Explorer Keyboard Shortcuts
    Article ID : 306832
    Last Review : May 7, 2007
    Revision : 2.3
    Microsoft Help and Support

[/network/web/browser/ie] permanent link

Fri, Feb 01, 2008 9:41 pm

Removing a Package

Removing a package that has been installed on a Solaris system is handled by the pkgrm command, which must be run from the root account. E.g. pkgrm SMCx11vnc would remove the previously installed x11vnc package from a system. The output produced from running the command appears below.

# pkgrm SMCx11vnc

The following package is currently installed:
   SMCx11vnc  x11vnc
              (sparc) 0.7

Do you want to remove this package? [y,n,?,q] y

## Removing installed package instance <SMCx11vnc>
## Verifying package <SMCx11vnc> dependencies in global zone
## Processing package information.
## Removing pathnames in class <none>
/usr/local/share/x11vnc/classes/index.vnc
/usr/local/share/x11vnc/classes/VncViewer.jar
/usr/local/share/x11vnc/classes
/usr/local/share/x11vnc
/usr/local/share <shared pathname not removed>
/usr/local/man/man1/x11vnc.1
/usr/local/man/man1
/usr/local/man
/usr/local/doc/x11vnc/TODO
/usr/local/doc/x11vnc/README
/usr/local/doc/x11vnc/NEWS
/usr/local/doc/x11vnc/INSTALL
/usr/local/doc/x11vnc/ChangeLog
/usr/local/doc/x11vnc/COPYING
/usr/local/doc/x11vnc/AUTHORS
/usr/local/doc/x11vnc
/usr/local/doc <shared pathname not removed>
/usr/local/bin/x11vnc
/usr/local/bin <shared pathname not removed>
## Updating system information.

Removal of <SMCx11vnc> was successful.

References:

  1. Remove a Solaris package with pkgrm
    November 28, 2005
    tech-recipes - Your cookbook of tech-tutorials

[/os/unix/solaris/commands] permanent link

Fri, Feb 01, 2008 8:40 pm

Pkginfo Command

On Solaris systems, the pkginfo command can be used to obtain information on installed packages. It is somewhat aking to the rpm and similar commands on Linux systems.

usage:
pkginfo [-q] [-pi] [-x|l] [options] [pkg ...]
pkginfo -d device [-q] [-x|l] [options] [pkg ...]
where
  -q #quiet mode
  -p #select partially installed packages
  -i #select completely installed packages
  -x #extracted listing
  -l #long listing
  -r #relocation base
and options may include:
  -c category, [category...]
  -a architecture
  -v version

If you just issue the command pkginfo, you will see list of all of the installed packages on the system with a one-line listing per package.

# pkginfo
system      CADP160                          Adaptec Ultra160 SCSI Host Adapter
Driver
application CFWWine                          WINE
system      HPFC                             Agilent Fibre Channel HBA Driver
system      NCRos86r                         NCR Platform Support, OS Functional
ity (Root)
system      SK98sol                          SysKonnect SK-NET Gigabit Ethernet
Adapter SK-98xx
system      SKfp                             SysKonnect PCI-FDDI Host Adapter
application SMChtdig                         htdig
<text snipped>
system      SUNWzlib                         The Zip compression library
system      SUNWzoner                        Solaris Zones (Root)
system      SUNWzoneu                        Solaris Zones (Usr)
system      SUNWzsh                          Z shell (zsh)
system      SYMhisl                          Symbios 895A, 896 and 1010 SCSI driver

If you are just interested in a particular package, you can use pkginfo pkgname where pkgname is the relevant package. But you need to bear in mind that the name assigned to the package may have SUNW in front of it or may not otherwise be exactly what you expect. E.g., suppose I want to know whether the zlib package is installed, because I want to install some other package that lists the zlib software as a dependency. If I use the command pkginfo zlib, I see the following:

# pkginfo zlib
ERROR: information for "zlib" was not found

Using pkginfo | grep -i pkgname will likely be better, unless you are certain of the package name.

# pkginfo | grep -i zlib
system      SUNWzlib                         The Zip compression library

Now I see the package name for the zlib package is SUNWzlib and I could use that command with the pkginfo command, but I want see any more information unless I use the -l option to get a long listing.

# pkginfo SUNWzlib
system      SUNWzlib The Zip compression library
# pkginfo -l SUNWzlib
   PKGINST:  SUNWzlib
      NAME:  The Zip compression library
  CATEGORY:  system
      ARCH:  i386
   VERSION:  11.10.0,REV=2005.01.08.01.09
   BASEDIR:  /
    VENDOR:  Sun Microsystems, Inc.
      DESC:  The Zip compression library
    PSTAMP:  sfw10-x20050108014620
  INSTDATE:  Jul 08 2006 23:00
   HOTLINE:  Please contact your local service provider
    STATUS:  completely installed
     FILES:       13 installed pathnames
                   4 shared pathnames
                   4 directories
                   2 executables
                 424 blocks used (approx)

The long listing shows me the version of zlib installed, which in this case is version 11.10.0. I also see the installation date was July 8, 2006 at 11:00 P.M.

References:

  1. Solaris: list installed packages with pkginfo
    November 28, 2005
    tech-recipes - Your cookbook of tech-tutorials

[/os/unix/solaris/commands] permanent link

Thu, Jan 31, 2008 4:59 pm

Make wget Pretend to Be Internet Explorer

I have a script that I manually run to download a particular webpage based on a parameter that I submit to the script. The script downloads the webpage with wget then parses the webpage for specific information and displays only that information. The script had been running fine until today, but produced an error message when I ran it today. When I checked the information being retrieved by wget, I found that instead of the desired webpage, I was getting "Sorry. This page may not be spidered."

When a browser retrieves a webpage, it sends a set of values to the webserver. Those values, which are called "headers", include a "user-agent" header that identifies the browser to the server. E.g. a particular version of Internet Explorer may identify itself as "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)".

Some websites may use the user-agent header for statistical purposes, e.g. to determine which browsers are most commonly used to access the website. Such information may help a web developer tailor the site to the ones most commonly used to view the site. Or the the website developer can use the information to tailor its output to the browser being used by a particular user. E.g., if a browser doesn't support a particular feature used in the code on the website, the website software can present the viewer with an alternative webpage.

Wget identifies itself as "wget x.y.z", where x.y.z is the version of wget in use, e.g. "wget 1.8.2". So, if you retrieve a webpage with wget, the webserver might see User-Agent: Wget/1.8.2" as one of the headers submitted to it by the browser.

In this case the website, where the page resided I wanted to access, was seeing User-Agent: Wget/1.8.2" and denying access to the page. Fortunately, you can use the --user-agent argument for wget to specify that wget announce itself to a webserver as any browser you might wish to emulate.

-U agent-string
       --user-agent=agent-string
           Identify as agent-string to the HTTP server.

           The HTTP protocol allows the clients to identify themselves using a
           "User-Agent" header field.  This enables distinguishing the WWW
           software, usually for statistical purposes or for tracing of proto-
           col violations.  Wget normally identifies as Wget/version, version
           being the current version number of Wget.

           However, some sites have been known to impose the policy of tailor-
           ing the output according to the "User-Agent"-supplied information.
           While conceptually this is not such a bad idea, it has been abused
           by servers denying information to clients other than "Mozilla" or
           Microsoft "Internet Explorer".  This option allows you to change
           the "User-Agent" line issued by Wget.  Use of this option is dis-
           couraged, unless you really know what you are doing.

I had wget pretend to be Internet Explorer by using the command below:

wget --user-agent="Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" --quiet --output-document=$outfile $url

After editing my script to use the --user-agent option, the script was able to download the webpage as before, placing the output in the file designated by the $outfile variable in the script and using the URL I specified as an argument to the script.

References:

  1. Masquerading Your Browser
    By Eric Giguere
    September 19, 2003
    Updated October 28, 2004
    ericgiguère.com resources for software developers

[/network/web/tools/wget] permanent link

Sun, Jan 27, 2008 10:44 pm

Upgrade of Apache From Version 2.0.39 to Version 2.0.59

A scan of a Solaris 7 system found several vulnerabilities for Apache on the system. Most of them appeared to be due to the version of Apache on the system not being up-to-date. I checked the version of Apache running on the system by using telnet to connect to port 80 and then issuing the HEAD / HTTP/1.0 command.
# telnet 127.0.0.1 80
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
HEAD / HTTP/1.0

HTTP/1.1 200 OK
Date: Fri, 25 Jan 2008 03:29:30 GMT
Server: Apache/2.0.39 (Unix)
Last-Modified: Thu, 29 Nov 2007 04:39:44 GMT
ETag: "89124-5df-e729c400"
Accept-Ranges: bytes
Content-Length: 1503
Connection: close
Content-Type: text/html; charset=ISO-8859-1

Connection closed by foreign host.

The version was 2.0.39, so it was out-of-date. You can also check the version with the apachectl command.

# /usr/local/apache2/bin/apachectl -v
Server version: Apache/2.0.39
Server built:   Jun 26 2002 01:03:14

Version 2.0.59 is the current version listed at Sunfreeware.com - SPARC/Solaris 7 Packages.

The dependencies statement for Apache 2.0.59 listed libiconv as a dependency and stated "you may need /usr/local/lib/libgcc_s.so.1 either from the libgcc-3.3 or gcc-3.3.2 or higher packages." When I checked the version of gcc with gcc -v, I saw it was 3.0.4. So I first upgraded libiconv.

I installed libiconv 1.11 on a Sun SPARC Solaris 7 system. I obtained the package from Sunfreeware.com - SPARC/Solaris 7 Packages.

# gunzip libiconv-1.11-sol7-sparc-local.gz
# pkgadd -d libiconv-1.11-sol7-sparc-local

The following packages are available:
  1  SMCliconv     libiconv
                   (sparc) 1.11

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: all

Processing package instance <SMCliconv> from </home/jdoe/libiconv-1.11-sol7-sparc-local>

libiconv
(sparc) 1.11
Bruno Haible
Using </usr/local> as the package base directory.
## Processing package information.
## Processing system information.
   12 package pathnames are already properly installed.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.

The following files are already installed on the system and are being
used by another package:
  /usr/local/bin/iconv
  /usr/local/doc/libiconv/ABOUT-NLS
  /usr/local/doc/libiconv/AUTHORS
  /usr/local/doc/libiconv/COPYING.LIB
  /usr/local/doc/libiconv/ChangeLog
  /usr/local/doc/libiconv/DESIGN
  /usr/local/doc/libiconv/INSTALL.generic
  /usr/local/doc/libiconv/NEWS
  /usr/local/doc/libiconv/NOTES
  /usr/local/doc/libiconv/PORTS
  /usr/local/doc/libiconv/README
  /usr/local/doc/libiconv/README.djgpp
  /usr/local/doc/libiconv/README.os2
  /usr/local/doc/libiconv/README.woe32
  /usr/local/doc/libiconv/THANKS
  /usr/local/include/iconv.h
  /usr/local/include/libcharset.h
  /usr/local/lib/libcharset.a
  /usr/local/lib/libcharset.la
[Hit <RETURN> to continue display]

  /usr/local/lib/libcharset.so.1.0.0
  /usr/local/lib/libiconv.la
  /usr/local/lib/libiconv.so
  /usr/local/lib/libiconv.so.2
  /usr/local/man/man1/iconv.1
  /usr/local/man/man3/iconv.3
  /usr/local/man/man3/iconv_close.3
  /usr/local/man/man3/iconv_open.3

* - conflict with a file which does not belong to any package.

Do you want to install these conflicting files [y,n,?,q] y
## Checking for setuid/setgid programs.

Installing libiconv as <SMCliconv>

## Installing part 1 of 1.
/usr/local/bin/iconv
/usr/local/doc/libiconv/ABOUT-NLS
/usr/local/doc/libiconv/AUTHORS
/usr/local/doc/libiconv/COPYING.LIB
/usr/local/doc/libiconv/ChangeLog
/usr/local/doc/libiconv/DESIGN
/usr/local/doc/libiconv/INSTALL.generic
/usr/local/doc/libiconv/NEWS
/usr/local/doc/libiconv/NOTES
/usr/local/doc/libiconv/PORTS
/usr/local/doc/libiconv/README
/usr/local/doc/libiconv/README.djgpp
/usr/local/doc/libiconv/README.os2
/usr/local/doc/libiconv/README.woe32
/usr/local/doc/libiconv/THANKS
/usr/local/include/iconv.h
/usr/local/include/libcharset.h
/usr/local/include/localcharset.h
/usr/local/lib/libcharset.a
/usr/local/lib/libcharset.la
/usr/local/lib/libcharset.so.1.0.0
/usr/local/lib/libiconv.la
/usr/local/lib/libiconv.so <symbolic link>
/usr/local/lib/libiconv.so.2 <symbolic link>
/usr/local/lib/libiconv.so.2.4.0
/usr/local/lib/preloadable_libiconv.so
/usr/local/man/man1/iconv.1
/usr/local/man/man3/iconv.3
/usr/local/man/man3/iconv_close.3
/usr/local/man/man3/iconv_open.3
/usr/local/man/man3/iconvctl.3
/usr/local/share/doc/iconv.1.html
/usr/local/share/doc/iconv.3.html
/usr/local/share/doc/iconv_close.3.html
/usr/local/share/doc/iconv_open.3.html
/usr/local/share/doc/iconvctl.3.html
[ verifying class <none> ]

Installation of <SMCliconv> was successful.

Since libintl was listed as a dependency for libiconv, I tried to determine if libintl on the system was the latest version. I looked for libiintl files on the system. I found several.

# find / -name libintl\* -print
/usr/lib/sparcv9/libintl.so
/usr/lib/sparcv9/libintl.so.1
/usr/lib/libintl.so
/usr/lib/libintl.so.1
/usr/lib/libintl.a
/usr/include/libintl.h
/usr/share/man/sman4/libintl.4
/usr/local/lib/gcc-lib/sparc-sun-solaris2.7/3.0.4/include/libintl.h

When I looked in /usr/include/libintl.h, I saw it was version 1.12, so I upgraded libintl to the 3.4.0 version from Sunfreeware.com - SPARC/Solaris 7 Packages.

# gunzip libintl-3.4.0-sol7-sparc-local.gz
# pkgadd -d libintl-3.4.0-sol7-sparc-local

The following packages are available:
  1  SMClintl     libintl
                  (sparc) 3.4.0

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:

Processing package instance <SMClintl> from </home/jdoe/libintl-3.4.0-sol7-sparc-local>

libintl
(sparc) 3.4.0
FSF
Using </usr/local> as the package base directory.
## Processing package information.
## Processing system information.
   2 package pathnames are already properly installed.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.
## Checking for setuid/setgid programs.

Installing libintl as <SMClintl>

## Installing part 1 of 1.
/usr/local/include/libintl.h
/usr/local/lib/libintl.a
/usr/local/lib/libintl.la
/usr/local/lib/libintl.so <symbolic link>
/usr/local/lib/libintl.so.3 <symbolic link>
/usr/local/lib/libintl.so.3.4.0
/usr/local/lib/libintl.so.8 <symbolic link>
/usr/local/lib/libintl.so.8.0.2
[ verifying class <none> ]

Installation of <SMClintl> was successful.

I then upgraded gcc.

# gunzip gcc-3.4.6-sol7-sparc-local.gz
# pkgadd -d gcc-3.4.6-sol7-sparc-local

The following packages are available:
  1  SMCgcc     gcc
                (sparc) 3.4.6

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:

Processing package instance <SMCgcc> from </tmp/testing/gcc-3.4.6-sol7-sparc-local>

gcc
(sparc) 3.4.6
FSF
Using </usr/local> as the package base directory.
## Processing package information.
## Processing system information.
   10 package pathnames are already properly installed.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.

The following files are already installed on the system and are being
used by another package:
* /usr/local/bin/c++
* /usr/local/bin/cpp
* /usr/local/bin/g++
* /usr/local/bin/g77
* /usr/local/bin/gcc
* /usr/local/bin/gccbug
* /usr/local/bin/gcov
* /usr/local/bin/sparc-sun-solaris2.7-c++
* /usr/local/bin/sparc-sun-solaris2.7-g++
* /usr/local/bin/sparc-sun-solaris2.7-gcc
* /usr/local/info <attribute change only>
* /usr/local/info/cpp.info
* /usr/local/info/cppinternals.info
* /usr/local/info/g77.info
* /usr/local/info/gcc.info
* /usr/local/lib/libgcc_s.so.1
* /usr/local/lib/libiberty.a
* /usr/local/lib/libstdc++.a
* /usr/local/lib/libstdc++.la
[Hit <RETURN> to continue display]

* /usr/local/lib/libsupc++.a
* /usr/local/lib/libsupc++.la
* /usr/local/man/man1/cpp.1
* /usr/local/man/man1/g++.1
* /usr/local/man/man1/g77.1
* /usr/local/man/man1/gcc.1
* /usr/local/man/man1/gcov.1
* /usr/local/man/man7 <attribute change only>
* /usr/local/man/man7/fsf-funding.7
* /usr/local/man/man7/gfdl.7
* /usr/local/man/man7/gpl.7
* /usr/local/share/locale <attribute change only>
* /usr/local/share/locale/be <attribute change only>
* /usr/local/share/locale/be/LC_MESSAGES <attribute change only>
* /usr/local/share/locale/ca <attribute change only>
* /usr/local/share/locale/ca/LC_MESSAGES <attribute change only>
* /usr/local/share/locale/da <attribute change only>
* /usr/local/share/locale/da/LC_MESSAGES <attribute change only>
* /usr/local/share/locale/de <attribute change only>
* /usr/local/share/locale/de/LC_MESSAGES <attribute change only>
[Hit <RETURN< to continue display]

* /usr/local/share/locale/el <attribute change only>
* /usr/local/share/locale/el/LC_MESSAGES <attribute change only>
* /usr/local/share/locale/es <attribute change only>
* /usr/local/share/locale/es/LC_MESSAGES <attribute change only>
* /usr/local/share/locale/fr <attribute change only>
* /usr/local/share/locale/fr/LC_MESSAGES <attribute change only>
* /usr/local/share/locale/ja <attribute change only>
* /usr/local/share/locale/ja/LC_MESSAGES <attribute change only>
* /usr/local/share/locale/nl <attribute change only>
* /usr/local/share/locale/nl/LC_MESSAGES <attribute change only>
* /usr/local/share/locale/sv <attribute change only>
* /usr/local/share/locale/sv/LC_MESSAGES <attribute change only>
* /usr/local/share/locale/tr <attribute change only>
* /usr/local/share/locale/tr/LC_MESSAGES <attribute change only>

* - conflict with a file which does not belong to any package.

Do you want to install these conflicting files [y,n,?,q] y
<text snipped>
/usr/local/share/locale/tr/LC_MESSAGES/gcc.mo
[ verifying class <none> ]

Installation of <SMCgcc> was successful.

I then downloaded the 2.0.59 version of Apache and installed it.

# gunzip apache-2.0.59-sol7-sparc-local.gz
# pkgadd -d apache-2.0.59-sol7-sparc-local

The following packages are available:
  1  SMCap2059     apache
                   (sparc) 2.0.59

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:

Processing package instance <SMCap2059> from </home/jdoe/apache-2.0.59-sol7-sparc-local>

apache
(sparc) 2.0.59
The Apache Group
Using </usr/local/apache2> as the package base directory.
## Processing package information.
## Processing system information.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.

The following files are already installed on the system and are being
used by another package:
* /usr/local/apache2/bin <attribute change only>
* /usr/local/apache2/bin/ab
* /usr/local/apache2/bin/apachectl
* /usr/local/apache2/bin/apr-config
* /usr/local/apache2/bin/apu-config
* /usr/local/apache2/bin/apxs
* /usr/local/apache2/bin/checkgid
* /usr/local/apache2/bin/dbmmanage
* /usr/local/apache2/bin/envvars
* /usr/local/apache2/bin/envvars-std
* /usr/local/apache2/bin/htdbm
* /usr/local/apache2/bin/htdigest
* /usr/local/apache2/bin/htpasswd
* /usr/local/apache2/bin/httpd
* /usr/local/apache2/bin/logresolve
* /usr/local/apache2/bin/rotatelogs
* /usr/local/apache2/build <attribute change only>
* /usr/local/apache2/build/config_vars.mk
* /usr/local/apache2/build/instdso.sh
[Hit <RETURN> to continue display]

<text snipped>

* /usr/local/apache2/manual/vhosts/index.html.en
* /usr/local/apache2/manual/vhosts/ip-based.html
* /usr/local/apache2/manual/vhosts/mass.html
* /usr/local/apache2/manual/vhosts/name-based.html
* /usr/local/apache2/manual/vhosts/name-based.html.en
* /usr/local/apache2/modules <attribute change only>
* /usr/local/apache2/modules/httpd.exp

* - conflict with a file which does not belong to any package.

Do you want to install these conflicting files [y,n,?,q] y

[ verifying class <none> ]

Installation of <SMCap2059> was successful.

When I tried to restart Apache to run the new version, I received the message below:

# ../bin/apachectl restart
Syntax error on line 344 of /usr/local/apache2/conf/httpd.conf:
Invalid command 'Order', perhaps mis-spelled or defined by a module not included in the server configuration

When I checked what was at line 344, I found Order allow,deny.

<Directory "/usr/local/apache2/htdocs">
<text snipped>
#
# Controls who can get stuff from this server.
#
    Order allow,deny
    Allow from all

</Directory>

I commented out the "order" and "allow" lines to see what would happen. I then received an error message concerning the UserDir command in httpd.conf.

I checked the compiled-in modules for Apache with httpd -l and saw the following:

# ../bin/httpd -l
Compiled in modules:
  core.c
  prefork.c
  http_core.c
  mod_so.c

The order command requires the mod_access module to be loaded in Apache. It was apparently compiled into the previous version I had running on the system, but it isn't compiled into the current version, so I added LoadModule access_module /usr/local/apache2/modules/mod_access.so to /usr/local/apache2/conf/httpd.conf.

#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
LoadModule access_module /usr/local/apache2/modules/mod_access.so

Note: the location of mod_access.so and other modules may be in a different location on other systems, e.g. under Linux it may be at /etc/httpd/modules/mod_access.so. I also discovered later that I should have put LoadModule auth_module /usr/local/apache2/modules/mod_auth.so in as well to address this error as shown at Adding Modules to httpd.conf With Apache 2.

When I added the mod_access.so line and ran apachectl restart, I then received the error message below:

# ../bin/apachectl restart
Syntax error on line 354 of /usr/local/apache2/conf/httpd.conf:
Invalid command 'UserDir', perhaps mis-spelled or defined by a module not 
included in the server configuration

I then added the line LoadModule userdir_module /usr/local/apache2/modules/mod_userdir.so below the LoadModule access_module /usr/local/apache2/modules/mod_access.so line in httpd.conf. That eliminated the error related to the UserDir command, but I then saw another module related error message.

# ../bin/apachectl restart
Syntax error on line 382 of /usr/local/apache2/conf/httpd.conf:
Invalid command 'DirectoryIndex', perhaps mis-spelled or defined by a module not included in the server configuration

I added LoadModule dir_module /usr/local/apache2/modules/mod_dir.so beneath the other LoadModule statements and reran apacectl restart. The error message for DirectoryIndex was eliminated and I got further in the configuration file, but I received another error message when I restarted Apache.

# ../bin/apachectl restart
Syntax error on line 403 of /usr/local/apache2/conf/httpd.conf:
Invalid command 'TypesConfig', perhaps mis-spelled or defined by a module not included in the server configuration

So I then added LoadModule mime_module /usr/local/apache2/modules/mod_mime.so and attempted again to restart Apache. The next error message is shown below.


# ../bin/apachectl restart
Syntax error on line 456 of /usr/local/apache2/conf/httpd.conf:
Invalid command 'LogFormat', perhaps mis-spelled or defined by a module not included in the server configuration

I then added LoadModule log_config_module /usr/local/apache2/modules/mod_log_config.so. When I attempted to restart Apache, I then saw the message below.

# ../bin/apachectl restart
Syntax error on line 506 of /usr/local/apache2/conf/httpd.conf:
Invalid command 'Alias', perhaps mis-spelled or defined by a module not included in the server configuration

I then added LoadModule alias_module /usr/local/apache2/modules/mod_alias.so, which led to the next error message.

# ../bin/apachectl restart
Syntax error on line 576 of /usr/local/apache2/conf/httpd.conf:
Invalid command 'IndexOptions', perhaps mis-spelled or defined by a module not included in the server configuration

I then added LoadModule autoindex_module /usr/local/apache2/modules/mod_audoindex.so and attempted to restart Apache again.

# ../bin/apachectl restart
Syntax error on line 724 of /usr/local/apache2/conf/httpd.conf:
Invalid command 'LanguagePriority', perhaps mis-spelled or defined by a module not included in the server configuration

I added LoadModule negotiation_module /usr/local/apache2/modules/mod_negotiation.so to address that error.

# ../bin/apachectl restart
Syntax error on line 908 of /usr/local/apache2/conf/httpd.conf:
Invalid command 'BrowserMatch', perhaps mis-spelled or defined by a module not included in the server configuration

I then added LoadModule setenvif_module /usr/local/apache2/modules/mod_setevnif.so and attempted to restart again with apachectl restart. At last it restarted without an error message. Yeah! Except when I tried telnet 1270.0.1 80 to connect to the default HTTP port on the local loopback address, it failed.

# telnet 127.0.0.1 80
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused

When I looked in /usr/local/apache2/logs/error_log, I saw the following:

[Sun Jan 27 22:09:30 2008] [notice] SIGHUP received.  Attempting to restart
Syntax error on line 219 of /usr/local/apache2/conf/httpd.conf:
module access_module is built-in and can't be loaded

So I removed LoadModule access_module /usr/local/apache2/modules/mod_access.so from httpd.conf.

But then I got the Invalid command 'Order' error message again.

# ../bin/apachectl restart
Syntax error on line 352 of /usr/local/apache2/conf/httpd.conf:
Invalid command 'Order', perhaps mis-spelled or defined by a module not included in the server configuration

I put LoadModule access_module /usr/local/apache2/modules/mod_access.so and added LoadModule auth_module /usr/local/apache2/modules/mod_auth.so below it.

# ../bin/apachectl restart
httpd not running, trying to start

I tried connecting to port 80 on the loopback address again. This time I was successful. I entered the command HEAD / HTTP/1.0 and hit return a couple of times. Apache then responded with information showing me that version 2.0.59 was running at last.

I now have the following module section in httpd.conf

#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
LoadModule access_module /usr/local/apache2/modules/mod_access.so
LoadModule auth_module /usr/local/apache2/modules/mod_auth.so
LoadModule userdir_module /usr/local/apache2/modules/mod_userdir.so
LoadModule dir_module /usr/local/apache2/modules/mod_dir.so
LoadModule mime_module /usr/local/apache2/modules/mod_mime.so
LoadModule log_config_module /usr/local/apache2/modules/mod_log_config.so
LoadModule alias_module /usr/local/apache2/modules/mod_alias.so
LoadModule autoindex_module /usr/local/apache2/modules/mod_autoindex.so
LoadModule negotiation_module /usr/local/apache2/modules/mod_negotiation.so
LoadModule setenvif_module /usr/local/apache2/modules/mod_setenvif.so

References:

  1. Adding Modules to httpd.conf With Apache 2
    Posted:2005-03-01
    Network Administration Tools: GNU/Linux, Windows 2003, Windows 2000, NT, and more...

[/os/unix/solaris/network] permanent link

Sun, Jan 27, 2008 7:00 pm

Installing RealVNC 4.1.2 under Windows

I installed the free edition of RealVNC 4.1.2 on a Windows XP system. Windows Defender 1.1.1593 was installed on the system and popped up a warning when I started the installation of RealVNC.

Windows Defender 1.1.1593 alert at RealVNC installation

To get Windows Defender to accept RealVNC, select "always allow" for the action and then click on "Apply Actions".

When you are configuring RealVNC during installation, under the Connections tab in RealVNC, you can set the ports or retain the default ports that will be used for listening for connections, if you are installing the server portion of the software so you can connect remotely to the system you are installing it on. The default values are shown below:

Accept connections on port: 5900
Disconnect idle clients after (seconds): 3600

Serve Java viewer via HTTP on port: 5800

Under Access Control in the Connections section, you can check "Only accept connections from the local machine", if you wnat to require access to be through an SSH connection.

If you install the server portion of the software to run as a service on the Windows system, but don't want it to start automatically, click on the Windows Start button, select Run and type services.msc. Find "VNC Server Version 4" within the services list, double-click on it and change the startup type from "automatic" to "manual", then click on OK.

References:

  1. Malicious Software Encyclopedia: RemoteAccess:Win32/RealVNC
    Published: September 12, 2006
    Microsoft Corporation

[/os/windows/software/remote-control/vnc] permanent link

Sun, Jan 27, 2008 6:01 pm

mshta.exe

The file mshta.exe in c:\windwows\system32 is part of the Windows operating system. Known file sizes on Windows XP are 29184 bytes, 30720 bytes, 45568 bytes, 24064 bytes, and 26624 bytes. The description assigned to it by Microsoft is "Microsoft HTML Application Host". The program is needed to execute .HTA (Hypertext Application) files, which allow applications to be run from HTML documents.

On a Windows XP Tablet PC Edition system with Service Pack 2 installed, I see the following information for the file when I right-click on it and select Properties:

Size:44.5 KB (45,568 bytes)
Created:Thursday, August 23, 2001, 7:00:00 AM
Modified:Monday, August 13, 2007, 6:32:30 PM
File version:7.0.5730.13

At Introduction to HTML Applications (HTAs), Microsoft states the the following in regards to why someone would use HTAs:

Historically, programming languages like C++ and Microsoft Visual Basic have provided the object models and access to system resources that developers demand. With HTAs, Dynamic HTML (DHTML) with script can be added to that list. HTAs not only support everything a Web page does - namely HTML, Cascading Style Sheets (CSS), scripting languages, and behaviors - but also HTA-specific functionality. This added functionality provides control over user interface design and access to the client system. Moreover, run as trusted applications, HTAs are not subject to the same security constraints as Web pages. As with any executable file, the user is asked once, before the HTA is downloaded, whether to save or run the application; if saved to the client machine, it simply runs on demand thereafter. The end result is that an HTA runs like any executable (.exe) written in C++ or Visual Basic.

The .HTA file type can become infected by malware. It is important to note that, as fully trusted applications, HTAs can carry out actions that Internet Explorer would never permit in a Web page. Microsoft also states "In HTAs, the restrictions against allowing script to manipulate the client machine are lifted. For example, all command codes are supported without scripting limitations (see command id). And HTAs have read/write access to the files and system registry on the client machine."

Execution of .HTA files by mshta.exe can be debugged with the Microsoft Script Editor, MSE7.exe.

References:

  1. mshta.exe Windows process - What is it?
    file.net
  2. mshta.exe - mshta - Process Information
    Uniblue™ ProcessLibrary™
  3. File Extension .HTA Details
    FILExt - The File Extension Source
  4. .HTA File Extension
    FileInfo.net
  5. Introduction to HTML Applications (HTAs) - Windows Internet Explorer
    Microsoft Developer Network

[/os/windows/processes] permanent link

Mon, Jan 21, 2008 10:47 pm

Generating a New Encryption Key with BlackBerry Desktop Manager

If you get the message "Current Encryption Key is out of date. A new encryption key will have to be generated.", when attempting to synchronize your BlackBerry with the BlackBerry Desktop Manager you must generate a new encryption key.

Messages are encrypted prior to being sent between the BlackBerry Desktop Manager software and your BlackBerry. The encryption key for the BlackBerry Desktop Manager and the BlackBerry's own encryption key must match in order for messages to be decrypted at the receiving end. Encryption keys can be manually or automatically generated.

If you are using the BlackBerry Desktop Manager for synchronization, take the following steps to generate a new encryption key:

  1. Connect the BlackBerry device to the computer.
  2. In BlackBerry Desktop Manager, double-click Redirector Settings.
  3. In the Redirector Settings window, click the Security tab.
  4. Select Generate keys manually, then click Generate. The Generating New Key window will appear.
  5. Move the mouse around until the Generating New Key window closes. The random mouse movements help randomize the encryption key. When the window closes, a new encryption key has been generated.
  6. If you want to be prompted to generate a new encryption key every 31 days, select Generate keys automatically.
  7. Click Apply, then click OK.

References:

  1. Encryption keys
    Doc ID : KB00171
    Last Modified : 2007-03-22
    Research In Motion Limited
  2. Generate a new encryption key
    Doc ID : KB02740
    Last Modified : 2007-06-07
    Research In Motion Limited

[/network/email/blackberry] permanent link

Tue, Jan 15, 2008 8:41 pm

Moving WinAmp Playlists from One Computer to Another

WinAmp 5.51 stores its playlists in its Plugins\ml directory, which will usually be C:\Program Files\Winamp\Plugins\ml. The individual playlists will be in .m3u8 files with names like plfxxxx.m3u8 and plfE454.m3u8 where xxxx is a combination of letters and numbers, e.g. plf7501.m3u8. The mapping between the name you give the list and those names is in a playlists.xml file in the same directory.

Sample Playlists.Xml File

<?xml version="1.0" encoding="UTF-16"?>
<playlists playlists="2">
<playlist filename="plfE454.m3u8" title="Xmas - Hilary Duff - Santa Claus Lane" id="{C0112AC9-0575-422F-B216-9A104962C563}" songs="11" seconds="2200"/>
<playlist filename="plf7501.m3u8" title="Xmas - The Time-Life Treasury Of Christmas" id="{3463FBFD-C77E-44BD-BC13-6044D2E6BEE7}" songs="45" seconds="8327"/>
</playlists>

So, if you want to copy your playlists from one system to another, copy the .m3u8 files and the playlists.xml files from the first system to the second system.

But what if the music files, e.g. your .mp3 files, are not in the same directory on the second system as the first system? Then you will need to edit each .m3u8 file and update the reference to the actual location of the music files. E.g. if the files were on drive C:\MP3s on the first system, but drive D:\MP3s on the second system, you will need to do a global search and replace on C:\MP3s substituting D:\MP3s for it. You can use any text editor, such as Notepad, which comes with Windows, since the .m3u8 files are just text files.

References:

  1. Lost playlist
    Posted on July 30, 2006
    WINAMP.COM | Forums

[/os/windows/software/audio/winamp] permanent link

Thu, Jan 10, 2008 3:45 pm

Changing the Background Color for a Table in Microsoft Word 2000

To change the background color in a table in Microsoft Word 2000, take the following steps:
  1. Right-click somewhere in the table.
  2. Choose Table Properties.
  3. Click on the Borders and Shading button.
  4. Select the color you want for the table's background under Fill.
  5. Click on OK.
  6. Click on OK again.

If you want to change the background color for just one cell in the table, take the same steps as above, but before you click on OK after selecting the fill color, change the value in the Apply to field from "table" to "cell".

If you want to change the background color for an entire row in the table, the steps are basically the same, but you need to highlight all the cells in the row before selecting Table Properties.

  1. Right-click somewhere in the table.
  2. Choose Table Properties.
  3. Click on the Table tab.
  4. Click on the Borders and Shading button.
  5. Select the color you want for the table's background under Fill.
  6. Click on OK.
  7. Click on OK again.

[/os/windows/office/word] permanent link

Wed, Jan 09, 2008 10:10 pm

Unable to Backup HP Laptop with Ghost 2003

When I attempted to backup the hard drive in an HP laptop with Norton Ghost 2003, I received the following error message:
Error
There is no valid Source Drive to choose (11032)

OK
 

I tried another Norton Ghost 2003 boot diskette, but had the same results.

I then tried a PartImage Is Not Ghost (PING) boot CD. During the boot process I saw the following:

ata1: port is slow to respond, please be patient (Status 0x80)
ata1: softreset failed (device not ready)

PING dropped me to a shell prompt, since that was the option I picked for when it completed, without giving me a chance to start the backup. I powered the system off and on and rebooted. I did not see the messages noted above then and I was able to backup the system to an external USB disk drive.

I then tried again with a Norton Ghost 2003. This time Norton Ghost saw the drive, but when I attempted to backup the drive, I received the error below:

Application Error 29089
Write to image failed
If this problem persists, contact Symantec Technical Support
at http://service.symantec.com

OK
 

I tried again with a boot diskette that I had created using the Norton Ghost Boot Wizard just a couple of days ago, since the first time I used a boot CD that I had created a couple of years ago. The results were the same, however.

The next night I backed up the system with PING again and, afterwards, tried a Norton Ghost 2003 boot disc with the USB 1.1 drivers provided by Symantec with Ghost 2003.

PartTypeIDDescription Volume
Label
Size
in MB
Data Size
in MB
1Primary07 NTFSNo name 7631614802
     Free2 

     Total76319 14802

This time I saw the error message "File Name ? (546)". When I clicked on OK, I saw the message below:

Internal Error 36000
An internal inconsistency has been detected
If this problem persists, contact Symantec Technical Support
at http://service.symantec.com

OK
 

When I was dropped to a command prompt, though, I saw the following:

ABORT: 29089, Write to image file failed

ABORT: 36000, A GeneralException occurred

[/os/windows/utilities/backup/ghost] permanent link

Wed, Jan 09, 2008 8:11 pm

Determining Version of a PDF File

If you examine the contents in the first few byes of a PDF file, you will see the PDF format version listed. E.g. you will see something such as the following:

Hex: 25 50 44 46 2D 31 2E
ASCII: %PDF-1.

The bytes shown might be %PDF-1.4 (Hex 25 50 44 46 2D 31 2E 34), if the version is 1.4.

But there are cases where the information in the first few bytes of the file can be overridden by information appearing later in the file. Derek Clegg states at Re: How do you determine PDF version that "The version of a PDF file isn't solely determined by the first few bytes of the PDF; in PDF 1.4 and later, the version specified at the start of the PDF file can be overridden by a / Version entry in the document's catalog. (See section 3.4.1 of the PDF 1.5 specification for more info.) This is why Quartz PDF files always start with %PDF-1.3 but may, in fact, be PDF 1.4 or later."

The PDF version number determines features incorporated into the format. For instance version 1.4 was the first first to support transparency and metadata. Some older PDF viewers may not be able to view PDF files written in a newer PDF format. A listing of versions and features is available at Create better PDFs by understanding the formats.

On a Unix or Linux system, you can use the od command to view the first few bytes of a PDF file.

# od -c -N 10 EBIA_ERISA_3rdQtr2007.pdf
0000000   %   P   D   F   -   1   .   4  \n   %
0000012

The \n that appears after the "1.4" is just a newline character.

Though Windows doesn't come with a hexadecimal editor, there are free hexadecimal editors available for Windows systems as well that will allow you to view those first few bytes in the PDF file.

References:

  1. PDF Developer Center: PDF reference
    Adobe Systems Incorporated
  2. Re: How do you determine PDF version?
    By: Derek Clegg
    Date: February 21, 2006
    Apple Mailing Lists
  3. Create better PDFs by understanding the formats
    By James Dempsey
    December 14, 2006
    Creative Guy

[/software/file_formats/pdf] permanent link

Tue, Jan 08, 2008 4:16 pm

Removing Windows Messenger 4.7

I used the Windows Update function in Internet Explorer on a Windows XP system to check for patches for a laptop. Including optional hardware and software patches, there were 63 available. I chose to download and install them all. Windows Messenger 4.7 was among those available; I hadn't paid attention to the fact it was among those to be installed. It was the first one installed. I saw a Windows Firewall notice pop up asking me whether I wanted to continue to block Windows Messenger. I did, but the system gave me a Blue Screen of Death (BSOD) when I attempted to block it.

When the system rebooted, Windows Messenger 4.7 opened. I didn't want the software on this laptop anyway. So I opened the Control Panel (Click on Start, select Settings, then Control Panel). Under Add or Remove Programs in the Control Panel, I chose Add/Remove Windows Components. Windows Messenger was unchecked and had a size of 0.0 MB listed, so I couldn.t uninstall it that way. I was able to remove it using the steps below, however:

  1. Close Messenger if it is running. If you see an icon for it at the lower-right hand corner of your screen, right-click on it and choose Exit.
  2. Click on the Start button.
  3. Select Run.
  4. In the Open field of the window that appears, copy and paste RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove
  5. When you see the confirmation prompt below, choose "Yes" after closing any of the referenced programs, if they are open.

    To remove Messenger, you must first exit from it: Click the Messenger icon in the taskbar, then Exit. Please also close all other programs that display your contact list (for example, Internet Explorer, Outlook, Outlook Express, MSN Explorer). Make sure to close programs for all users signed in to this computer. Do you want to continue?

You will see a notice appear stating Windows Messenger has been removed when the uninstall process completes.

If you don't want to remove Windows Messenger 4.7, but just want to stop it from running automatically when you login to a system, instead of following the procedure above, open Windows Messenger and take the following steps:

  1. Click on Tools.
  2. Select Options.
  3. Click on the Preferences tab.
  4. Uncheck "Run this program when Windows starts".
  5. Click on OK.

References:

  1. How to remove Windows Messenger 4.7 permanently
    By Darrell Norton
    Posted: March 10, 2004
    Darrell Norton's Blog
  2. How do I get rid of Messenger 4.7?
    By Leo Notenbom
    Posted: May 28, 2004
    Ask Leo! Tech Questions? Get Answers!

[/network/chat] permanent link

Tue, Jan 08, 2008 12:18 pm

AntiVirus Reconnaissance

In analyzing the backend code associated with the Pushdo Trojan downloader, security guru Joe Stewart found that the malware being distributed would log the hard drive serial number on a victim's computer. He speculates that perhaps the malware is checking the hard drive serial number in order to check whether it is running on a Virtual Machine (VM). If the malware logs the same serial number for what would otherwise appear to be separate machines, then it is likely that it is running on a VM. Since antivirus companies use VM's to analyze malware in controlled environments, the knowledge that the malware is running on a VM might be of interest to the malware developer or distributor for that reason.

Some malware attempts to kill or disable antivirus software processes. Pushdo does not. It merely reports back to its controlling server on which antivirus software it has detected on the victim's sysetm. Pushdo compares all of the processes running on the sysetm with its own list of antivirus and personal firewall process names and then provides a report to its controller listing the ones it has found.

In checking the Pushdo controller server, Stewart found malware samples with rootkit characteristics, which allow malware to hide from antivirus and antispyware software, and also evidence of a spam botnet.

References:

  1. Inside a Modern Malware Distribution System
    By Ryan Naraine
    December 21, 2007
    eWeek.com

[/security/malware] permanent link

Tue, Jan 08, 2008 9:50 am

Internet Usage Statistics

If you want to see statistics on Internet usage for various parts of the world, check Internet Usage World Status - Internet and Population Statistics, a "website featuring up to date world Internet Usage, Population Statistics and Internet Market Research Data, for over 233 individual countries and world regions."

[/network/Internet] permanent link

Mon, Jan 07, 2008 11:20 pm

Folders Could Not Be Opened

On a Windows XP system that was in a domain using a Microsoft Exchange server, whenever a user attempted to use Outlook 2003, Outlook would start to open then crash. The error message displayed was "the set of folders could not be opened." I confirmed that the user's Outlook .ost file still existed and that the user had appropriate access permissions. I also ran the scanost utility that Microsoft provides with Office to verify the integrity of the user's OST file. It did not find any problems with the file. I found the problem was on the Exchange server. The mail store was not loaded due to inconsistencies in it after a system crash. When I repaired the mail store and the Exchange server was running properly again, the user was able to open Outlook normally.

I don't know why this problem only occurred on this user's system. Outlook 2003 opened normally on other users' systems. They were not able to access email on the Exchange server and Outlook indicated they were disconnected from the Exchange server, but they were at least able to access email, contacts, etc. that were stored in their OST offline storage files.

References:

  1. Repair an .ost or .pst file in Outlook
    Office Online Home Page
  2. Repairing Outlook PST File Corruption at 2 GB Limit
    MoonPoint Support
  3. Using ScanOST to Repair OST Files
    MoonPoint Support

[/network/email/clients/outlook] permanent link

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo