I thought he was likely using Office 2013, but I wanted to verify that was the version he was using. The .docx files we were exchanging became a standard Word format starting with Office 2007. They are in an Office Open XML format, which is a zipped, XML-based file format developed by Microsoft; information about the formats can be found in the Microsoft Office 2007 article Introducing the Office (2007) Open XML File Formats. Prior to Office 2007, Microsoft used proprietary file formats based on the OLE Compound File Binary Format.¹

You can check the version of Word that was last used to edit a document by unzipping the docx file; you can use the unzip command from a shell prompt on a Mac OS X system. If your unzip program isn't opening it, you may have to rename it changing the .docx extension to .zip, but that's not needed for the OS X unzip utility. When you unzip the docx file, there will be a docProps directory with an app.xml file within it. In that file you will see a number between AppVersion tags, e.g., as shown below:

To translate that number into the commonly used version number, the table below can be used:

If you are interested in the usage for the other documents within the .docx container file, see the ForensicsWiki article Word Document (DOCX). The contents of the Word document can be found in word/document.xml when you examine the files within the .docx file.

Since I saw 15.0000 as the AppVersion in the file he sent, I could tell that he was, indeed, using Office 2013. In .docx files I saved from Word 2008, I saw 12.0000 as the AppVersion number within app.xml.

To resolve the problem, instead of copying and pasting the diagram from PowerPoint into the Word document, I saved it as a JPEG image from within PowerPoint. Then chose "Insert", then "Picture", then "From File" within Word to insert the diagram as a picture instead. When I viewed the document with embedded diagram afterwards in Word for Office 2007 and 2010 it looked the same as it did in Word 2008 on the Mac, though it had also looked ok in those Microsoft Windows applications when I used the pasted PowerPoint version. The embedded JPG file also looked the same in Apache OpenOffice Writer 4; it had not appeared when I viewed the document there previously and when I had viewed the PowerPoint file in OpenOffice Impress, the diagram looked quite different with most of the text missing and small circles beneath the network clouds in the diagram.

References:

1. Microsoft Office: File formats and metadata
   Date accessed: December 31, 2014
   Wikipedia, the free encyclopedia
   
2. Which Version of Microsoft Word created a given document?
   Date: August 25, 2013
   By: Gergely Herendi
   Super User
3. Word Document (DOCX)
   ForensicsWiki

[/os/windows/office/word] permanent link

<?php

$thisfile = pathinfo($_SERVER['PHP_SELF']);

echo "Last modified: ".date("l F j, Y g:i A",
filemtime($thisfile["basename"]));

?>

I verified the time zone was set correctly at the operating system level with the timedatectl command, so I realized the issue must be with PHP itself. I checked the location of the PHP configuration file, php.ini and found it was located at /etc/php.ini.

$ locate php.ini
/etc/php.ini
/usr/share/doc/php-common-5.4.16/php.ini-development
/usr/share/doc/php-common-5.4.16/php.ini-production

I logged into the root account and checked the contents of the /etc/php.ini file. I found that the timezone was not set in the file:

So I removed the semicolon which was making the date.timezone line into a comment and set the time zone to be the appropriate one for Eastern Time (ET).

I then restarted the Apache web server software with the apachectl restart command, which fixed the problem.

[/languages/php] permanent link

[root@localhost ~]# timedatectl list-timezones
Africa/Abidjan
Africa/Accra
Africa/Addis_Ababa
Africa/Algiers
Africa/Asmara
Africa/Bamako
Africa/Bangui
Africa/Banjul
Africa/Bissau
Africa/Blantyre
Africa/Brazzaville
Africa/Bujumbura
Africa/Cairo
Africa/Casablanca

<text snipped>

Pacific/Pitcairn
Pacific/Pohnpei
Pacific/Port_Moresby
Pacific/Rarotonga
Pacific/Saipan
Pacific/Tahiti
Pacific/Tarawa
Pacific/Tongatapu
Pacific/Wake
Pacific/Wallis

For a system in the Americas, the following time zones are recognized:

[root@localhost ~]# timedatectl list-timezones | grep America
America/Adak
America/Anchorage
America/Anguilla
America/Antigua
America/Araguaina
America/Argentina/Buenos_Aires
America/Argentina/Catamarca
America/Argentina/Cordoba
America/Argentina/Jujuy
America/Argentina/La_Rioja
America/Argentina/Mendoza
America/Argentina/Rio_Gallegos
America/Argentina/Salta
America/Argentina/San_Juan
America/Argentina/San_Luis
America/Argentina/Tucuman
America/Argentina/Ushuaia
America/Aruba
America/Asuncion
America/Atikokan
America/Bahia
America/Bahia_Banderas
America/Barbados
America/Belem
America/Belize
America/Blanc-Sablon
America/Boa_Vista
America/Bogota
America/Boise
America/Cambridge_Bay
America/Campo_Grande
America/Cancun
America/Caracas
America/Cayenne
America/Cayman
America/Chicago
America/Chihuahua
America/Costa_Rica
America/Creston
America/Cuiaba
America/Curacao
America/Danmarkshavn
America/Dawson
America/Dawson_Creek
America/Denver
America/Detroit
America/Dominica
America/Edmonton
America/Eirunepe
America/El_Salvador
America/Fortaleza
America/Glace_Bay
America/Godthab
America/Goose_Bay
America/Grand_Turk
America/Grenada
America/Guadeloupe
America/Guatemala
America/Guayaquil
America/Guyana
America/Halifax
America/Havana
America/Hermosillo
America/Indiana/Indianapolis
America/Indiana/Knox
America/Indiana/Marengo
America/Indiana/Petersburg
America/Indiana/Tell_City
America/Indiana/Vevay
America/Indiana/Vincennes
America/Indiana/Winamac
America/Inuvik
America/Iqaluit
America/Jamaica
America/Juneau
America/Kentucky/Louisville
America/Kentucky/Monticello
America/Kralendijk
America/La_Paz
America/Lima
America/Los_Angeles
America/Lower_Princes
America/Maceio
America/Managua
America/Manaus
America/Marigot
America/Martinique
America/Matamoros
America/Mazatlan
America/Menominee
America/Merida
America/Metlakatla
America/Mexico_City
America/Miquelon
America/Moncton
America/Monterrey
America/Montevideo
America/Montserrat
America/Nassau
America/New_York
America/Nipigon
America/Nome
America/Noronha
America/North_Dakota/Beulah
America/North_Dakota/Center
America/North_Dakota/New_Salem
America/Ojinaga
America/Panama
America/Pangnirtung
America/Paramaribo
America/Phoenix
America/Port-au-Prince
America/Port_of_Spain
America/Porto_Velho
America/Puerto_Rico
America/Rainy_River
America/Rankin_Inlet
America/Recife
America/Regina
America/Resolute
America/Rio_Branco
America/Santa_Isabel
America/Santarem
America/Santiago
America/Santo_Domingo
America/Sao_Paulo
America/Scoresbysund
America/Sitka
America/St_Barthelemy
America/St_Johns
America/St_Kitts
America/St_Lucia
America/St_Thomas
America/St_Vincent
America/Swift_Current
America/Tegucigalpa
America/Thule
America/Thunder_Bay
America/Tijuana
America/Toronto
America/Tortola
America/Vancouver
America/Whitehorse
America/Winnipeg
America/Yakutat
America/Yellowknife

For a system on the east coast of the U.S., the appropriate time zone would be "America/New_York". You can see the current timezone setting with the command timedatectl with no parameters.

[root@localhost ~]# timedatectl
      Local time: Tue 2014-12-30 00:15:02 EST
  Universal time: Tue 2014-12-30 05:15:02 UTC
        RTC time: Tue 2014-12-30 05:15:02
        Timezone: America/New_York (EST, -0500)
     NTP enabled: yes
NTP synchronized: yes
 RTC in local TZ: no
      DST active: no
 Last DST change: DST ended at
                  Sun 2014-11-02 01:59:59 EDT
                  Sun 2014-11-02 01:00:00 EST
 Next DST change: DST begins (the clock jumps one hour forward) at
                  Sun 2015-03-08 01:59:59 EST
                  Sun 2015-03-08 03:00:00 EDT

If you need to change the time zone, you can enter the command with a set-timezone parameter, e.g., timedatectl set-timezone America/New_York.

You can use the ntpdate package to synchronize your system with a Network Time Protocol (NTP) server. You can check if the package is installed with the command rpm -qi ntpdate. You will see details on the package, if it is installed. If it is not installed, you will see "package ntpdate is not installed".

References:

1. How To Configure Server Timezone In CentOS 7
   By: Richard W
   Date: September 14, 2014
   Liberian Geek

[/os/unix/linux/centos] permanent link

[ More Info ]

[/reviews/software/windows/network/icmp] permanent link

[ More Info ]

[/reviews/software/windows/network/ssh] permanent link

[ More Info ]

[/hardware/pc/UEFI] permanent link

• Client Computer Backups
• Folder Redirection
• File History Backups
• Users
• Company

If you have a second internal drive or another partition on the primary drive you can move the folders with these steps.

[/os/windows/server2012] permanent link

MD5: 5ee4c7ad57248b5e791dcfd39d9e54e3
SHA-1: 1f3fbf9cd23f864a2acc6b7a6a8e6a9eb94b5c52

I was then able to verify those hashes with postings from Server 2012 Essentials RTM (SHA-1 from October 11, 2012) and Server 2012 Essentials RTM Page 2 (MD5 and SHA-1 from December 8, 2012) postings at My Digital Life Forums , which gave me the confidence to use that .iso file for the installation of the server software, since the hashes matched ones posted for the 2012 version of the software distributed by Microsoft. Such hashes are commonly used to verify that a file is exactly the same as it was when provided by the original software developer and has not been modified.

When I installed Windows Server 2012 from the DVD I burned from that ISO file, I was able to use the product key I had.

[/os/windows/server2012] permanent link

[ More Info ]

[/os/unix/linux/Clonezilla] permanent link

I tried downloading a Microsoft Word .docx attachment to an email and saw the same Security Alert window, which stated "Your current security settings do not allow this file to be downloaded."

The setting, which applies to all files rather than a particular type of file such as a Microsoft Word document, can be changed through the following steps in Internet Explorer (IE) 11:

1. Click on Tools.
2. Select Internet Options.
3. Click on the Security tab.

   

4. Select the Internet zone, which is the left-most zone in the row of icons representing the four zones: Internet, Local intranet, Trusted sites, and Restricted sites.
5. Click on the Custom level button.
6. In the Security Settings - Internet Zone window that opens, scroll down through the settings list until you see Downloads. For the File download option, change it from "Disable" to "Enable"

   

7. Click on the radio button next to "Enable".
8. Click on OK.
9. When asked "Are you sure you want to change the settings for this zone?", click on Yes.
10. Click on the OK button to close the Internet Options window.

[/network/web/browser/ie] permanent link

[ More Info ]

[/security/malware] permanent link

The file, which Malwarebytes identified as Trojan.Agent, was csrss.exe was located in her %TEMP% directory, i.e., C:\Users\Pamela\AppData\Local\Temp. There is a legitimate Microsoft Windows file named csrss.exe, but that file is located in C:\Windows\System32. The legitimate file on her system is 7,680 bytes in size and has a time stamp of 0/7/13/2009 08:39 PM. When I checked the one Malwarebytes Anti-Malware was identifying as malware, I saw it had the same size and time stamp.

C:\Windows>dir %TEMP%\csrss.exe
 Volume in drive C is OS
 Volume Serial Number is 4445-F6ED

 Directory of C:\Users\Pamela\AppData\Local\Temp

07/13/2009  08:39 PM             7,680 csrss.exe
               1 File(s)          7,680 bytes
               0 Dir(s)  864,839,192,576 bytes free

I uploded the one Malwarebytes Anti-Malware flagged as malicious to Google's VirusTotal site, which analyzes uploaded files with many antivirus programs to determine if they are safe or potentially dangerous. I had the site reanalyze the file, which had been scanned previously. Zero of the fifty-four antivirus programs used by the site to scan the file identified it as malware. The SHA256 hash listed for the file is cb1c6018fc5c15483ac5bb96e5c2e2e115bb0c0e1314837d77201bab37e8c03a - see the report.

I ran a binary file comparison between the two files using the Microsoft Windows fc utility. It found no differences between the two copies of csrss.exe.

C:\Windows>fc /b %TEMP%\csrss.exe c:\windows\system32\csrss.exe
Comparing files C:\USERS\PAMELA\APPDATA\LOCAL\TEMP\csrss.exe and C:\WINDOWS\SYSTEM32\CSRSS.EXE
FC: no differences encountered

I had previously placed md5deep, which can be downloaded from md5deep and hashdeep, and its associated utilities on the system. I used the 64-bit version, since the system was running the 64-bit version of Microsoft Windows 7, of sha256deep to check the SHA-256 hash for the version of the csrss.exe file in C:\Windows\System32. It reported the same SHA-256 hash as VirusTotal listed for the copy of the file I uploaded from the users %TEMP% directory. I also checked the MD5, Tiger, and Whirlpool hashes for both files. For both files the MD5 hash was 60c2862b4bf0fd9f582ef344c2b1ec72 The Tiger hash function yieled a hash of 42e263a5861a1e3b8e411fec97994a32d2cdfc04cf54ab4b for both. The Whirlpool hash was def1e95668f22e06b605093df41d3bb635e7096860bb0adb6c405be49e723fb2497a8a2b64ca5d25519c4ba00c75facb0421bebc4df24f7c9918e0bb85f4c8f4 for both files.

So I've no reason to suspect that the file in the %TEMP% directory is any different than the one in the C:\Windows\Temp directory. I thought that perhaps the only reason Malwarebytes Anti-Malware flagged it to be quarantined is that it was an exe file in the user's AppData\Local\Temp directory. It is possible that I copied the file there previously when I was checking on various files on the system when trying to eliminate a source of malware infection on the system and that an update to Malwarebytes Anti-Malware now has it mark any file in that directory as malware. I had Malwarebytes Anti-Malware quarantine the file and then copied another legitimate Microsoft Windows exe file, write.exe and also the csrss.exe file from \C:\Windows\System32 into that directory just to see if Malwarebytes Anti-Malware would flag them as malicious. It again detected csrss.exe as malicious, but did not report the write.exe file I copied into that directory from C:\Windows\system32 as malicious, so it doesn't seem to be judging all .exe files in that folder as potential threats, just certain ones.

[/security/antivirus/Malwarebytes] permanent link

Checking other postings's to the author's site, I found "Do NOT paraphrase when calling tech support", which links to an email he sent to a user regarding the user's paraphrasing an error message for the Eudora email client, a program I once used many years ago and which users I supported once used. I can certainly emphasize with his posting; many years ago when I was a sysadmin for a Digital Equipment Corporation (DEC) VMS system, a user contacted me about a problem with one of her databases on the system. She gave me the error message and, since DEC very nicely provided documentation for the database software listing possible error messages and steps to take to rectify the problem associated with a particular error message, I referred to that documenation and found it listed an error message that was a very close match to the one the user gave me. After spending a couple of hours checking all of the possibilities listed for that error message, I contacted the user and had her recreate the problem. When she then read me the exact error message, I realized it was quite different than what she had paraphrased from memory previously. Once I had the exact error message, it only took me a few minutes to fix the problem, but I had wasted hours on the problem before that because she hadn't written down the exact message, but gave me a paraphrased version. One user takes snapshots of error messages on her computer screen with her phone now and sends them to me; that's very helpful, since I can see the window containing the error message and its exact contents.

I also found his "Why cats save humans from house fires" amusing, though the smoke alarm has almost never gone off in our house due to food preparation. It did go off one time when I put the tea kettle on the stove to heat water for tea and then went into another room to work on a computer. I didn't hear the tea kettle whistling; when the smoke alarm went off I went into the kitchen and found that all of the water in the tea kettle had boiled off and there was a burning puddle of plastic next to the tea kettle due to the plastic on the handle melting. Our cats didn't like the blaring smoke alarms throughout the house.

In another posting by Felix, I found an adapter that will also be useful to me, since it supports both IDE, aka PATA, drives as well as SATA hard disk drives listed in his a "Product Plug!" posting for a "Ultra USB 2.0 to IDE/SATA Cable for 2.5-Inch/ 3.5-Inch / 5.25-Inch Drive with Power Adapter", which he notes is a "a USB to any-kind-of-hard-drive adapter. That is, it's got a USB plug on one end, and all the kinds of hard drive connector mashed together on the other end. I just ordered one, because this is going to save me so much time disassembling USB enclosures". His link was to the ULT40112 on the TigerDirect.ca site, i.e., the Canadian site for TigerDirect; it is available in the U.S. from TigerDirect.com. I have devices that provide USB connectivity for hard drives that aren't in an enclosure, but none that support both IDE, aka PATA, and SATA drives.

Unfortunately, the plug on the Asian Power Devices WA-24E12 (output 12V 2A) power adapter I found near the drive that I thought went with the drive would not plug into the drive, even though according to information I found elsewhere online it should have worked for that drive. Another 12V 2A adapter, model ADS-24F-12 1224GPCU, I tried from another Seagate external USB disk drive enclosure did connect easily, though.

Seagate® Expansion™ External Data Sheet

[/hardware/storage/Seagate] permanent link

You will need to complete fields on the form for the following information:

• Serial Number
• Product Number / Model Number
• Country

If the warranty is expired, you will see "Warranty is expired for the entered Product/Serial". You won't see the date that the warranty expired on.

[/hardware/storage/Seagate] permanent link

E.g., if I put sailormoonworld.com, which was registered in 1998, in the search field, I can see a list of all of the DNS servers that translated the fully qualified domain name (FQDN) to an IP address since WhoISrequest began tracking name server changes in 2002. The history information for that particular domain shows that registration for the domain name lapsed in 2013 and the domain name was picked up by a domain name squatter then. The domain name squatter let the domain registration lapse in the summer of 2014. I re-registered the domain name for the original owner, a family member, in October.

You can also view such information through the DNS History site, which notes "Here at DNS History we have been crawling DNS records since 2009, our index currently contains over 200 million domains and discovering over a billion DNS records."

If I put sailormoonworld.com in the Doman Search field on that site, though, it does not have any information on it, though it does have information on moonpoint.com, though that information was last updated on 2010-08-11, so that site's information does not appear to be as comprehensive nor as up-to-date as the information provided through the WhoISRequest site.

You can also find past name server and registration information through the who.is Search Domain DNS and Name Server Information page. When you put a domain name in the search field, and click on "Search DNS and Name Servers", you will see information on the domain, such as name servers, SOA record, DNS records, including the mail exchanger (MX) servers for the domain. If you click on the History tab above that information, you will see past domain name registrars and name servers associated with the domain.

If you wish to see prior IP addresses associated with a domain name, you can use ViewDNSInfo IP History. I noticed when I checked sailormoonworld.com with its tool, though, that it is not showing a change made near the end of October for that domain. The last change it shows was for 2014-07-05. The site also has a lot of other tools, e.g. Google Pagerank Checker, etc.

[/network/dns] permanent link

[ More Info ]

[/os/windows/explorer] permanent link

C:\Users\Administrator>net localgroup administrators
Alias name     administrators
Comment        Administrators have complete and unrestricted access to the computer/domain

Members

-------------------------------------------------------------------------------
Administrator
JDoe
mayberry\Administrator
mayberry\Domain Admins
SvcCOPSSH
The command completed successfully.

[/os/windows/commands] permanent link

C:\Program Files\SSH\OpenSSH\bin>ssh -c 3des jdoe@192.168.0.15
no matching cipher found: client 3des-cbc server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
C:\Program Files\SSH\OpenSSH\bin>ssh -c blowfish jdoe@192.168.0.15
no matching cipher found: client blowfish-cbc server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com

When I tried connecting from the SBS 2003 system to another system, to which I could successfully connect with the OpenSSH SSH client, when I specified the -v option for debugging output with ssh -v jdoe@example.com, I saw the following:

debug1: Remote protocol version 2.0, remote software version OpenSSH_6.4
debug1: match: OpenSSH_6.4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none

I upgraded PuTTY on the client system from version 0.58 to 0.63. I then no longer received the message about no matching cipher being found, but, instead saw another "PuTTY Fatal Error" window open, this time with the message "Network error: Software caused connection abort". I saw the same error message when I used PuTTY's plink utility from the command line.

C:\Program Files\Network\SSH\PuTTY>plink -ssh jdoe@192.168.0.15
Using username "jdoe".
jdoe@192.168.0.15's password:
FATAL ERROR: Network error: Software caused connection abort

I installed Bitvise SSH Client (Tunnelier) 6.08 and tried connecting with that client. Like with PuTTY, after I authenticated with the SSH server, I was immediately disconnected. I saw the following from Tunnelier:

First key exchange completed using ecdh-sha2/nistp521. Session encryption:
aes256-ctr, MAC: hmac-sha2-256, compression: none. Attempting password authentication.
Authentication completed.
The SSH2 session has terminated with error. Reason: FlowSocketReader: Error
receiving bytes. Windows error 10054: An existing connection was forcibly closed
by the remote host.

When I was able later to connect to the system running Copssh via RDP for troubleshooting after the user had left for the day, I checked its status log, which you can do on a Windows 7 system by the following steps:

1. Click on Start.
2. Select All Programs.
3. Select Copssh.
4. Select Copssh Control Panel.
5. Under the Status tab, you will see an icon that looks like a piece of paper with one edge folded down. You may also see something like "6 events last 15 minutes" next to it. Double-click on that icon.

   

When I checked the log, I saw many "fatal: mm_request_receive: read: Connection reset by peer" messages. There was a "Received SIGHUP; restarting" entry hours later.

2014.12.12 23:26:23 - Received SIGHUP; restarting.
2014.12.12 18:30:02 - fatal: mm_request_receive: read: Connection reset by peer

Seeing that, I tried establishing a connection with PuTTY again and was then able to log in by SSH successfully.

But then when I tried logging in remotely by SSH two days later the problem was back. I restarted the service within the Copssh Control Panel by clicking on the green button next to "Service is running" to stop the service. When the button turned red, I clicked on it again to restart the service, but that didn't resolve the problem; I still got the "Network error: Software caused connection abort" message when I tried connecting via PuTTY 0.63 and I saw the "fatal: mm_request_receive: read: Connection reset by peer" message in the Copssh log for evey connection attempt. Though I didn't expect it to resolve the problem, I tried the "net stop" and "net start" commands from a command prompt.

C:\Users\Administrator>net stop "OpenSSH SSHD"
The Openssh SSHD service is stopping.
The Openssh SSHD service was stopped successfully.


C:\Users\Administrator>net start "OpenSSH SSHD"
The Openssh SSHD service is starting.
The Openssh SSHD service was started successfully.

But that did work. I was then able to successfully log into the system via SSH.

[/os/windows/network/ssh/copssh] permanent link

1. Insert the CD in the CD/DVD drive in the system.
2. Start the Windows Media Player application.
3. On the left pane of the Windows Media Player window, navigate to the location of the CD/DVD drive, which should be displaying the album as shown below where the album is identified as "unknown album"

   

4. Right-click on the CD in the left pane of the window and choose "Rip CD to library. As the CD is "ripped", you should see the status displayed under "Rip status" near the top of the window; status information is also displayed in the lower, right-hand side of the window.

   

   The status under "Rip status" should change to "Ripped to library" at the completion of the rip process.

On a Microsoft Windows 7 system, you should then see the name of the album in your music folder under Libraries\Music or C:\Users\Username\Music\, where Username is the name for the account under which you logged into the system, if you look for it using the Windows Explorer. If the album/artist could not be identified by Windows Media Player, you may see an "Unknown artist" folder with an "Unknown album" folder within it. From the Windows Explorer, you can right-click on the folder names and change them, if you wish.

[/os/windows/software/audio-video/WMP] permanent link

[ More Info ]

[/os/windows/software/network/dns] permanent link

[ More Info ]

[/os/unix/linux] permanent link

Checking on the application that was creating the window, I found it to be "Dell Stage", which was software preinstalled on the system, which I uninstalled.

[ More Info ]

[/os/windows/software] permanent link

[ More Info ]

[/security/malware] permanent link

Renaming the log file requires stopping the DNS server service, which can be done with the command net stop "DNS Server". If you try to move the file without stopping the service, you will receive the message below:

D:\Logs\DNS>move dns.log dns_old.log
The process cannot access the file because it is being used by another process.
        0 file(s) moved.

After the file is moved/renamed, the DNS server service can be restarted with net start "DNS Server".

The location of the DNS log file is stored in the Windows Registry. A REG QUERY command can be used to obtain the current location for the file as explained at Determing the location of a Microsoft Windows DNS log file from a command prompt. After the location and name of the file is determined, the DNS server service can be stopped, then the current log file can be renamed, and the DNS server service can be restarted, creating a new log file with the name and at the location indicated by the registry entry.

The batch file is shown below and is available here.

@echo off

REM Name: rotatednslog.bat
REM Version: 1.0
REM Created: December 6, 2014
REM Last Modified: December 6, 2014
REM
REM: Location of latest version: 
REM: http://support.moonpoint.com/downloads/computer_languages/mswin_batch/rotatednslog.bat
REM
REM Description: When scheduled to run at the end of each day, this batch
REM file will roate the DNS server log. The DNS server service will be
REM stopped temporarily, so the current DNS log can be renamed to a log file
REM with the name DNS_YYYYMMDD.log, where YYYY is the year, MM the month, and
REM DD the day. The DNS server service will then be restarted creating a
REM new DNS log file. The current location of the DNS log file is obtained
REM from the Windows Registry.

REM Required for substituting the contents of a variable in string subsitution
REM employed to insert the contents of the date variable YYYYMMDD in the log
REM file name.

SETLOCAL ENABLEDELAYEDEXPANSION

REM Windows Registry key holding the location of the DNS log file

SET regkey="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters"

REM Registry value needed from the above key

SET regvalue="LogFilePath"

REM Extract only the file location from the output of the reg query command

FOR /F "tokens=3" %%G IN ('reg query %regkey% /v LogFilePath ^| find %regvalue%') DO set logfile=%%G

REM Set the variable YYYYMMDD to today's date in YYYYMMDD format where
REM YYYY = 4-digit year, MM is month (1-12), and DD is day (1-31)

SET YYYYMMDD=%DATE:~10,4%%DATE:~4,2%%DATE:~7,2%

REM Set the name for the rotated log file to have "_YYYYMMDD.log" at the
REM end of the file name.  Need to use delayed expansion.

SET renamedlog=!logfile:.log=_%YYYYMMDD%.log!

REM Stop the DNS server service

NET STOP "DNS Server"

REM Move the log file to its new location with its new name.
REM Since you cannot specify a new drive or path for your destination file with
REM the RENAME command, I'm using the MOVE command, instead, in case I may
REM wish to update this batch script to move the file to another drive and/or
REM directory.

MOVE %logfile% %renamedlog%

REM Restart the DNS server service

NET START "DNS Server"

If it is run from a command prompt, you will see the following output:

C:\Program Files\Utility\Scripts>rotatednslog
The DNS Server service is stopping.
The DNS Server service was stopped successfully.

        1 file(s) moved.
The DNS Server service is starting.
The DNS Server service was started successfully.

Since I would like the batch file to execute at the end of each day, I scheduled it to run at 23:59 (11:59 PM) Monday through Sunday with the command at 23:59 /every:m,t,w,th,f,s,su "C:\program files\utility\scripts\rotatednslog.bat (specify the location for the batch file).

C:\Program Files\Utility\Scripts>at 23:59 /every:m,t,w,th,f,s,su "C:\program files\utility\scripts\rotatednslog.bat"
Added a new job with job ID = 5

I could have used 00:00 to run the batch job at midnight, but I set it to run 1 minute before midnight to be sure that the date inserted in the name of the file is the one for the day that has just ended rather than the date of the new day.

If you want to see the details of scheduled batch jobs, you can just enter at without any parameters at the command line and hit return. You will then see all the scheduled batch jobs. There may be gaps in the ID numbers if some batch jobs have been deleted.

C:\Documents and Settings\Administrator>at
Status ID   Day                     Time          Command Line
-------------------------------------------------------------------------------
        1   Each M T W Th F S       7:30 PM       d:\backups\daily.bat
        2   Each Su                 7:30 PM       d:\backups\weekly.bat
        5   Each M T W Th F S Su    11:59 PM      "C:\program files\utility\scripts\rotatednslog.bat"

If you wish to delete a scheduled batch job you can use at id /delete, where id is the numeric ID assigned to a batch job. E.g., the rotatednslog batch job above could be deleted with at 5 /delete.

[/network/dns/windows] permanent link

Other modifiers you can use in expansion are as follows:

Combinations of modifiers and qualifiers that you can use to get compound results are shown in the table below:

In the examples above, you can use other batch paramters besides %1 and PATH. Cmd.exe provides the batch parameter expansion variables %0 through %9.

Batch parameters can't be manipulated in the same manner that you can manipulate environment variables. You can't search and replace values or examine substrings within them. You can, however, assign the parameter to an environment variable and then manipulate the environment variable.

So, if I wanted just the file name dns.log from d:\logs\dns.log, I could use the following in a batch file:

@echo off
call :getfilename "d:\logs\dns.log"
exit /b

REM Determine just the file name

:getfilename
echo %~nx1

If I have the above batch commands in a file called test.bat, I would see the following when I ran it.

C:\Users\JDoe>test.bat
dns.log

If there is a Windows Registry key containing the file location and I want to query that key and extract just the file name, I could use commands such as the following if the file location was stored in LogFilePath for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters:

@echo off

REM Regkey is set to the registry key containing the location of the DNS log 
REM file

set regkey="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters"

REM Regvalue is set to the value that is desired from the above registry key

set regvalue="LogFilePath"

REM log_file_location is set to contain the complete path to the log file nad
REM its name, e.g., d:\logs\dns\dns.log

FOR /F "tokens=3" %%G IN ('reg query %regkey% /v LogFilePath ^| find %regvalue%') DO set log_file_location=%%G

call :getfilename %log_file_location%
exit /b

REM Determine just the file name

:getfilename
echo %~nx1

References:

1. Using batch parameters
   Microsoft Corporation
2. Determing the location of a Microsoft Windows DNS log file from a command prompt
   Date: November 22, 2014
   MoonPoint Support

[/os/windows/commands] permanent link

$ tcpdump
tcpdump: no suitable device found

The problem can be addressed by changing the ownership or permissions of the Berkeley Packet Filter (BPF) file in /dev. The default permissions and ownership are shown below:

$ ls -l /dev/bpf*
crw-------  1 root  wheel   23,   0 Nov 30 22:42 /dev/bpf0
crw-------  1 root  wheel   23,   1 Dec  4 21:45 /dev/bpf1
crw-------  1 root  wheel   23,   2 Dec  4 15:39 /dev/bpf2
crw-------  1 root  wheel   23,   3 Nov 30 22:41 /dev/bpf3

To resolve the problem, I changed the ownership of the bpf0 file to the account I was using:

$ sudo chown jdoe /dev/bpf0
Password:

I also checked to see what the designation was for the wireless adapter in the system. It was en1.

$ networksetup -listallhardwareports

Hardware Port: Bluetooth DUN
Device: Bluetooth-Modem
Ethernet Address: N/A

Hardware Port: Ethernet
Device: en0
Ethernet Address: d4:9a:20:0d:e6:cc

Hardware Port: FireWire
Device: fw0
Ethernet Address: d4:9a:20:ff:fe:0d:e6:cc

Hardware Port: Wi-Fi
Device: en1
Ethernet Address: f8:1e:df:d9:2b:66

VLAN Configurations
===================

I then tried again to run tcpdump specifying the wireless interface; this time I received a "You don't have permission to capture on that device message with a reference to bfp1, so I changed the ownership on that file as well. I was then able to observe traffic with tcpdump.

$ sudo chown jdoe /dev/bpf0
$ tcpdump -i en1
tcpdump: en1: You don't have permission to capture on that device
((no devices found) /dev/bpf1: Permission denied)
$ sudo chown jdoe /dev/bpf1
$ tcpdump -i en1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en1, link-type EN10MB (Ethernet), capture size 65535 bytes

I changed the ownership back to root on /dev/bpf0 to see if I could still run tcdump, but when I did so I was no longer able to observe network traffic with tcpdump.

$ sudo chown root /dev/bpf0
$ tcpdump -i en1
tcpdump: en1: You don't have permission to capture on that device
((no devices found) /dev/bpf0: Permission denied)

I could have just changed ownership of all of the bpfx files in /dev initially with sudo chown jdoe /dev/bbf*, but I wanted to determine if I only needed to change a specific one for the wireless interface, en1. Alternatively one can expand the permissions on those files, e.g., one can use sudo chmod 644 /dev/bpf*. When the system is rebooted the permissions/ownership will be reset, so you will have to take the same steps to run tcpdump subsequent to a reboot of the system.

I specifically wanted to check on DNS queries, so, after changing the ownership for the bpf file back to the account I was using, I specified port 53, but saw no data.

$ tcpdump -i en1 'port 53'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

I wasn't able to observe the DNS traffic until I ended the VPN connection I was using when I ran the command. Once I disconnected from the VPN, I was able to check on the DNS queries from the system and the responses from a DNS server.

References:

1. Tcpdump Permission Denied on OS-X
   Date: June 12, 2007
   MoonPoint Support
2. Managing Wi-Fi from the terminal command line under OS X
   Date: February 28, 2014
   MoonPoint Support
3. No Interfaces Available In Wireshark Mac OS X
   Date: January 31, 2010
   langui.sh Languishing since 2008.

[/os/os-x] permanent link

When I checked a MacBook Pro running, OS X 10.8.4, I saw output indicating it was vulnerable, i.e., I saw "vulnerable" displayed when the command was run. The check can be performed by opening a Terminal window and entering the code. The terminal application is in Applications/Utilities.

$ env x='() { :;}; echo vulnerable' bash -c 'echo this is a test'
vulnerable
this is a test

A bash shell prompt could be otained by a malicious remote user if Remote Login was enabled and Guest Access was also enabled, though, hopefully, if Remote Login was enabled, Guest Access would not be enabled. Of course, a malicious person could also gain access to the system remotely if Remote Login is enabled and a weak password is present for an account on the system that is allowed remote access.

A OS X system could also be vulnerable if it is functioning as a web server and there are scripts present on the server that would allow an attacker to provide any input he wishes that could be executed as code by the script.

Apple released a fix for the vulnerability for OS X systems on September 29, 2014.

After the laptop was upgraded to OS X 10.8.5 and security updates were applied, I didn't see "vulnerable" displayed when the code was executed.

$ env x='() { :;}; echo vulnerable' bash -c 'echo this is a test'
this is a test

And when I tested the related vulnerability CVE-2014-7169, the date was no longer displayed.

$ env X='() { (a)=>\' sh -c "echo date"; cat echo
date
cat: echo: No such file or directory

A system that has been patched for both CVE-2014-6271 and CVE-2014-7169 will simply echo the word "date" and the file "echo" will not be created, as shown above.

References:

1. Shellshock Vulnerability: What Mac OS X users Need to Know | The Mac Security Blog
   By Derek Erwin
   Date: September 26, 2014
   Intego - Mac Antivirus & Security
2. Shellshock (software bug)
   Wikipedia

[/security/vulnerabilities/multios] permanent link

[ More Info ]

[/network/email/clients/outlook] permanent link

[/os/windows/win8] permanent link

[/network/routers/actiontec/MI424WR] permanent link

[/network/web/browser/chrome] permanent link

[/security/antivirus/mcafee] permanent link

[ More Info ]

[/os/windows/commands/batch] permanent link

[ More Info ]

[/reviews/software/windows/network/ssh] permanent link

C:\>date /t
Sat 11/22/2014

C:\>echo %date%
Sat 11/22/2014

You can reformat the representation of the date that is stored in the %date% environment variable, however. I wanted the date in the form yyyymmdd, so that I could stick that at the end of filenames to represent the rotation date for a log file. You can use a command like the one below where a variable, YYYYMMDD is set to hold the reformatted date (the variable name can be anything you like, e.g., mydate, etc., but that name reminds me of the format I'm using for the date.

C:\>set YYYYMMDD=%DATE:~10,4%%DATE:~4,2%%DATE:~7,2%

C:\>echo %YYYYMMDD%
20141122

The substring arguments to extract the elements of the date string are in the format %variable:~startposition,numberofchars%, so if the "S" in Saturday in the string "Sat 11/22/2014" is at position 0, the 10th character is the "2" of 2014 and I want 4 characters, i.e., "2014", so %DATE:10,4% will give me those characters. Or you can also think of the first number as the numer of characters to be skipped, i.e., %variable:~num_chars_to_skip,numberofchars%. I can then append %DATE:~4,2% to get "11" for the month followed by %DATE:~7,2% to extract the day, i.e., "22" if the date is November 22, 2014 represented in the %DATE% variable as "Sat 11/22/2014".

References:

1. How to append a date in batch files
   Posted: May 14, 2009
   stackoverflow
2. Extracting a Substring from a String under Microsoft Windows
   MoonPoint Support

[/os/windows/commands] permanent link

[ More Info ]

[/security/malware] permanent link

C:\>reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters /v LogFilePath

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
    LogFilePath    REG_SZ    d:\logs\dns\dns.log

You can reduce the output displayed to just the line containing the log file location by piping the output of the reg query command into the find command.

C:\>reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters /v LogFilePath | find "LogFilePath"
    LogFilePath    REG_SZ    d:\logs\dns\dns.log

If you wish to see just the log file location and not the other information returned by the reg query command, you can use a FOR /F loop command such as the following:

C:\>for /f "tokens=3" %g in ('reg query "HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters" /v LogFilePath ^| find "LogFilePath"') do @echo %g 
d:\logs\dns\dns.log

C:\>

The FOR /F loop breaks up a line of output from the command that is being processed into items, called "tokens" that are separated by space on the lines of output from the command. In this case, I'm only interested in the third token on the line of output, which is the location of the DNS log file. The output that is being processed is the result of piping the output of the reg query command into the find command. Since the pipe symbol, i.e., the vertical bar character |, has a special meaning for the Windows operating system, you need to place an "escape character", which for Windows is the caret symbol, ^, immediately before it. You also need to put the at symbol, @, before the echo command to avoid seeing the echo command itself as output.

If you wish to use a batch file to execute the commands to find the log file location, you need to replace the %g with %%g as shown below.

@echo off
FOR /F "tokens=3" %%G IN ('reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters" /v LogFilePath ^| find "LogFilePath"') DO echo %%G

The registry key and the value to be queried can also be placed in environment variables that can be modified, if you wish to query other registry keys, instead of the one for the DNS log file location, so that it is easier to see what needs to be changed for such other queries.

@echo off

REM Name: queryreg.bat
REM Version: 1.0
REM Created: November 22, 2014
REM Last Modified: November 22, 2014
REM
REM Description: Displays just the value of a registry key from a
REM "reg query regkey /v regvalue" command omitting the additional
REM information that is output by the command

set regkey="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters"
set regvalue="LogFilePath"

FOR /F "tokens=3" %%G IN ('reg query %regkey% /v LogFilePath ^| find %regvalue%') DO echo %%G

Download: queryreg.bat

[/network/dns/windows/logging] permanent link

[ More Info ]

[/network/dns/windows] permanent link

[ More Info ]

[/network/dns/windows] permanent link

[ More Info ]

[/os/windows/software/security/firewall] permanent link

I opened the Copssh control panel on the system and clicked on the Users tab. I had been trying to login with a domain account, but found that the activated users list showed only two local accounts on the system, but no domain accounts. When I clicked on the Add button to add a new user, I found that for the "Domain" setting, the only option I could choose was the local system, since its name appeared, but there was no other value to select in the drop-down list. When I tried using one of the listed accounts for the user name and password, I was able to successfully log in by SSH.

[/os/windows/network/ssh/copssh] permanent link

[ More Info ]

[/security/malware] permanent link

[ More Info ]

[/network/web/browser/firefox] permanent link

You don't need to go through an install process to use the program, though an installer is available for download from the developer's website. If you don't want to go through an installation process, simply download the zip file containing the executable program from the developer's website and unzip the contents of the zip file. Within the zip file are 3 files:

Note: File sizes are for version 1.32, which is the current version.

The wul.chm file is a Compiled HTML Help file.

When you run wul.exe by double-clicking on it, you will see a list of installed Windows updates, aka "patches". On Microsoft Window 98, ME, 2000, and Windows XP you will see a list of files associated with the patch in the lower pane of the WUL window. On Microsoft Windows 8, 7, Vista, and 2008 systems there is no information on files installed by the update in the lower pane.

By default, the list of installed updates is ordered by name, but you can click on the column headers to sort by other criteria. E.g., you can click on the column header Installation Date to sort by date the patch was installed.

You can right-click on an entry in the upper pane of the window and choose "Properties" to see more details as shown in the example below, for the installed patch.

The utility can also be run from the command line with the following options:

Command-Line Options

[/os/windows/software/utilities/nirsoft] permanent link

[/network/web/browser] permanent link

Method 1

1. Click on the Windows Start button, normally at the lower left-hand corner of the screen.
2. Select All Programs. Scroll down until you see the Java group, then select it and "Configure Java" within it. You will then see a Java Control Panel window appear.

   

3. Click on the About button in the Java Control Panel window. An About Java window will appear telling you the version of Java that is installed on the system.

   

Method 2

Obtain a command prompt by clicking on the Windows Start button then typing cmd and hitting return. At the command prompt type java -version and hit return.

C:\>java -version
java version "1.8.0_25"
Java(TM) SE Runtime Environment (build 1.8.0_25-b18)
Java HotSpot(TM) Client VM (build 25.25-b02, mixed mode, sharing)

The version information displayed above is "1.8.0_25". The first method displayed "Version 8 Update 25" for the same version. The number after the underscore in the output from the command line, i.e. "25", is the build number for that version. A version can have many build numbers before the developer increments the version number.

You can determine what version of Java is the latest or download the latest version from www.java.com.

[/software/java] permanent link

I verified that the php-mysql package was installed with rpm -qi php-mysql.

# rpm -qi php-mysql
Name        : php-mysql
Version     : 5.4.16
Release     : 23.el7_0.3
Architecture: x86_64
Install Date: Tue 11 Nov 2014 08:26:15 PM EST
Group       : Development/Languages
Size        : 237259
License     : PHP
Signature   : RSA/SHA256, Fri 31 Oct 2014 10:24:56 AM EDT, Key ID 24c6a8a7f4a80eb5
Source RPM  : php-5.4.16-23.el7_0.3.src.rpm
Build Date  : Fri 31 Oct 2014 09:07:27 AM EDT
Build Host  : worker1.bsys.centos.org
Relocations : (not relocatable)
Packager    : CentOS BuildSystem <http://bugs.centos.org>
Vendor      : CentOS
URL         : http://www.php.net/
Summary     : A module for PHP applications that use MySQL databases
Description :
The php-mysql package contains a dynamic shared object that will add
MySQL database support to PHP. MySQL is an object-relational database
management system. PHP is an HTML-embeddable scripting language. If
you need MySQL support for PHP applications, you will need to install
this package and the php package.

I created a PHP test page with the following code:

<html>
<head>
<title>PHP Test</title>
</head>

<body>

<h2>A test page</h2>

<?php echo "<p>Hello world</p>"; ?>

<?php phpinfo(); ?>

</body>
</html>

"Hello world" was displayed by the PHP echo command and the information from the phpinfo function was also displayed. I searched through the results displayed for references to "MySQL" and found mysql and mysqli sections, including the following:

mysql

Since it appeared that PHP support for MySQL was present, I restarted Apache with apachectl restart, though I didn't expect that to resolve the problem. But when I refreshed the web page afterwards, the information from the MySQL database was displayed. Apparently, I should have restarted Apache after I ran the systemctl start mariadb.service to start the MariaDB database service yesterday. MariaDB is a fork of MySQL.

References:

1. Fatal error: Call to undefined function mysql_connect()
   Date: May 16, 2012
   stackoverflow
2. Resolving a Fatal error: Call to undefined function mysql_connect() in RedHat
   By: Shailesh N. Humbad
   Created: October 18, 2004
   Last Modified: July 24, 2011
   Somacon
   Articles on web development, software, and hardware

[/software/database/mysql] permanent link

ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (111)

It took me awhile to figure out that since I was using MariaDB, a fork of MySQL, that I needed to enter the following 3 commands to enable, run, and secure the MariaDB service.

systemctl start mariadb.service
systemctl enable mariadb.service
mysql_secure_installation

[ More Info ]

[/software/database/mysql] permanent link

filename = raw_input("Enter file name: ")
with open(filename) as input_file:
    for i, line in enumerate(input_file):
        print line,
print "{0} line(s) printed".format(i+1)

The script will prompt me for the name of the file to be checked and will loop through that file displaying each line from it, printing the total number of lines at the end of the file.

The comma after the print line statement prevents a newline from being printed, so each file name will be printed immediately below the preceding one without a blank line between them. If the comma was not there, a blank line would be printed between each line containing a file name.

The {0} references the first positional argument in the format statement, which in the case above refers to "i+1". The .format(value) at the end of the line tells python how to format the output. So the count of the number of lines in the file, which will be i plus 1, will be printed after the for loop completes.

If each line in the file is a directory path and file name, e.g.,:

./security/vulnerabilities/windows/wmf-vulnerability-exploited.php
./security/vulnerabilities/windows/kb908519_embedded-web-font.php
./security/antivirus/avast/avast-ie9/index.php
./network/Internet/domains/domain-reputation-check.php


then I can use import os.path, time to import modules that that will will allow me to obtain the time stamps for the files.

import os.path, time

filename = raw_input("Enter file name: ")
with open(filename) as input_file:
    for i, line in enumerate(input_file):
        print line,
        line = line.rstrip('\r\n')
        print "last modified: %s" % time.ctime(os.path.getmtime(line)),
        print "created: %s" % time.ctime(os.path.getctime(line))
print "{0} line(s) printed".format(i+1)

Since the input file was created on a Linux system each line ends with a newline character, which is represented by "\n". So I have to strip off the trailing newline at the end of each file name in the input file with the rstrip function. If the input file was created on a Windows system, I would have to strip off a carriage return, which is represented by "\r". By using rstrip('\r\n'), any carriage return or newline characters will be stripped from the end of each line in the input file, so the script will work on Mac OS, Mac OS X, Microsoft Windows, or Unix/Linux systems.

I see output such as the following when I run the python script:

$ python checkfile.py
Enter file name: checkfiles2_php.txt
./security/vulnerabilities/windows/wmf-vulnerability-exploited.php
last modified: Mon Jan  9 15:45:00 2006 created: Tue Oct 14 10:21:03 2014
./security/vulnerabilities/windows/kb908519_embedded-web-font.php
last modified: Wed Jan 11 23:42:00 2006 created: Tue Oct 14 10:21:03 2014
./security/antivirus/avast/avast-ie9/index.php
last modified: Sat Aug 11 17:22:14 2012 created: Tue Oct 14 10:21:05 2014
./network/Internet/domains/domain-reputation-check.php
last modified: Sun Oct  6 13:30:27 2013 created: Tue Oct 14 10:21:12 2014

The creation times displayed above are the time I copied files from an old drive to a new drive.

References:

1. python looping through input file
   Date: July 30, 2013
   stackoverflow
2. Python trailing comma after print executes next instruction
   Date: October 24, 2010
   stackoverflow
3. 6.1. string — Common string operations
   Python 3.4.2 documentation
4. Python string formatting: % vs. .format
   Date: February 22, 2011
   stackoverflow
5. How can I remove (chomp) a newline in Python?
   Date: November 8, 2008
   stackoverflow
6. How to get file creation & modification date/times in Python?
   Date: October 25, 2008
   stackoverflow

[/languages/python] permanent link

find . -name "*.php" -exec grep "noindex" {} /dev/null \;

Since "*" has a special meaning for the shell, you will need to include it within quotes or precede it with the backslash escape character as shown below:

$ find . -type f -name \*.php -exec grep -l "noindex" {} \;

If I wished to search all files, not just those ending with ".php", I can use a command similar to the following one.

find . -type f -exec grep "noindex" {} \;

The -type f instructs find to only check regular files and not other objects such as directory names.

If I want to send the results to an output file, I could just append a >outputfile_name to the end of the line, but that will also produce output indicating that the output file itself is being checked.

$ find . -type f -exec grep "noindex" {} \; >checkfiles.txt
grep: input file ‘./checkfiles.txt’ is also the output

To avoid that issue, you can use the --exclude argument.

$ find . -type f -exec grep -l --exclude checkfiles.txt "noindex" {} \; >checkfiles.txt

I can also use just the grep command, as shown belown:

$ grep -rwl . -e "noindex" --include=\*.php

The -r option tells grep to search recursively; the "." is indicating that the search should be started in the current directory. The -w indicates that I want exact word matches, e.g., " noindex ", not "nonindex" or "noindexes". The -l option indicates that I don't want to see the lines on which the word occurs, just the file names for those files in which it is found. The -e option provides the pattern that grep should search on and the --include option tells grep which files it should search within.

       -r, --recursive
              Read  all  files  under  each  directory, recursively, following
              symbolic links only if they are on the command  line.   This  is
              equivalent to the -d recurse option.

       -w, --word-regexp
              Select  only  those  lines  containing  matches  that form whole
              words.  The test is that the matching substring must  either  be
              at  the  beginning  of  the  line,  or  preceded  by  a non-word
              constituent character.  Similarly, it must be either at the  end
              of  the  line  or  followed by a non-word constituent character.
              Word-constituent  characters  are  letters,  digits,   and   the
              underscore.

       -l, --files-with-matches
              Suppress  normal  output;  instead  print the name of each input
              file from which output would normally have  been  printed.   The
              scanning  will  stop  on  the  first match.  (-l is specified by
              POSIX.)

      -e PATTERN, --regexp=PATTERN
              Use  PATTERN  as  the  pattern.   This  can  be  used to specify
              multiple search patterns, or to protect a pattern beginning with
              a hyphen (-).  (-e is specified by POSIX.)

       --include=GLOB
              Search only files whose base name matches GLOB  (using  wildcard
              matching as described under --exclude).

References:

1. Finding a String with a Recursive Grep
   Date: March 10, 2007
   MoonPoint Support
2. How can I use grep to show just filenames (no in-line matches) on linux?
   Date: July 9, 2011
   stackoverflow

[/os/unix/commands] permanent link

C:\>netsh firewall show state

Firewall status:
-------------------------------------------------------------------
Profile                           = Domain
Operational mode                  = Enable
Exception mode                    = Enable
Multicast/broadcast response mode = Enable
Notification mode                 = Enable
Group policy version              = Windows Firewall
Remote admin mode                 = Disable

Ports currently open on all network interfaces:
Port   Protocol  Version  Program
-------------------------------------------------------------------
22     TCP       Any      (null)
1900   UDP       Any      (null)
2869   TCP       Any      (null)

IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at http://go.microsoft.com/fwlink/?linkid=121488 .

I checked on what applications had the three listed ports open with netsh firewall show portopening.

C:\>netsh firewall show portopening

Port configuration for Domain profile:
Port   Protocol  Mode    Traffic direction     Name
-------------------------------------------------------------------
22     TCP       Enable  Inbound               Copssh
1900   UDP       Enable  Inbound               Windows Live Communications Platf
orm (SSDP)
2869   TCP       Enable  Inbound               Windows Live Communications Platf
orm (UPnP)

Port configuration for Standard profile:
Port   Protocol  Mode    Traffic direction     Name
-------------------------------------------------------------------
22     TCP       Enable  Inbound               Copssh
1900   UDP       Enable  Inbound               Windows Live Communications Platf
orm (SSDP)
2869   TCP       Enable  Inbound               Windows Live Communications Platf
orm (UPnP)

IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at http://go.microsoft.com/fwlink/?linkid=121488 .

I also checked to see what programs were allowed by firewall rules.

C:\>netsh firewall show allowedprogram

Allowed programs configuration for Domain profile:
Mode     Traffic direction    Name / Program
-------------------------------------------------------------------
Enable   Inbound              McAfee Shared Service Host / C:\Program Files\Comm
on Files\McAfee\Platform\McSvcHost\McSvHost.exe
Enable   Inbound              LifeTray.exe / C:\Program Files (x86)\Microsoft Li
feCam\LifeTray.exe
Enable   Inbound              LifeExp.exe / C:\Program Files (x86)\Microsoft Lif
eCam\LifeExp.exe
Enable   Inbound              LifeEnC2.exe / C:\Program Files (x86)\Microsoft Li
feCam\LifeEnC2.exe
Enable   Inbound              LifeCam.exe / C:\Program Files (x86)\Microsoft Lif
eCam\LifeCam.exe
Disable  Inbound              Internet Explorer / C:\program files (x86)\interne
t explorer\iexplore.exe
Enable   Inbound              Dropbox / C:\Users\JSmith.mayfield\AppData\Roaming
\Dropbox\bin\Dropbox.exe

Allowed programs configuration for Standard profile:
Mode     Traffic direction    Name / Program
-------------------------------------------------------------------

IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at http://go.microsoft.com/fwlink/?linkid=121488 .

Since I need to be able to ping the system from other systems on the LAN for troubleshooting, I verified that ICMP echo requests and replies were not going to be blocked by the firewall.

C:\>netsh firewall show icmpsetting

ICMP configuration for Domain profile:
Mode     Type  Description
-------------------------------------------------------------------
Enable   2     Allow outbound packet too big
Enable   8     Allow inbound echo request

ICMP configuration for Standard profile:
Mode     Type  Description
-------------------------------------------------------------------
Enable   2     Allow outbound packet too big

IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at http://go.microsoft.com/fwlink/?linkid=121488 .

I saw that "allow inbound echo request" was enabled and I was able to ping the system from the domain controller.

References:

1. Obtaining Information About the Windows XP Firewall from the Command Line
   Date: March 1, 2006
   MoonPoint Support

[/security/firewalls/windows] permanent link

Attackers also routinely use name dictionaries to break into systems with any accounts that have weak passwords. E.g., an attacker may use a name dictionary to pick names to use as the userid. Let's say the first name in the name dictionary is Aaron. The attacker might then use a word dictionary to try every word in the English language, or some other language, as a possible password for an account with the userid of aaron. If an aaron account doesn't exist on the system or has a strong password, once the attacker has gone through every word in the word dictionary or whatever other password list he is using, he will then go onto the next name in his name dictionary, e.g., perhaps Abe. The attacker will proceed in this manner until he finds an account with a weak password he can compromise or exhausts all possible combinations of names for accounts and words to use for possible passwords. Of course it would take a human an inordinate amount of time to type all such possible userid and password combinations, but an attacker will let a program make such guesses for him. He merely needs to start the program and let it run. His program may be able to check many thousands of userid and password combinations in minutes.

If the system isn't monitored for such brute-force password attempts, an attacker can run unchecked for days. Even if he can't get in, he will be using bandwidth to/from the system under attack as well as CPU cycles, etc., so may slow down access to the system for legitimate users. I've seen periods where a system has been under attack from 5 such attackers in different countries at once.

On CentOS Linux, you can check the /var/log/secure log to find instances of such attacks.

# grep 'Failed password' /var/log/secure | tail -5
Oct 28 09:47:43 frostdragon sshd[32246]: Failed password for root from 123.125.219.130 port 11859 ssh2
Oct 28 09:47:47 frostdragon sshd[32249]: Failed password for root from 123.125.219.130 port 13894 ssh2
Oct 28 09:47:52 frostdragon sshd[32253]: Failed password for root from 123.125.219.130 port 15886 ssh2
Oct 28 09:47:56 frostdragon sshd[32256]: Failed password for root from 123.125.219.130 port 17740 ssh2
Oct 28 09:48:01 frostdragon sshd[32259]: Failed password for root from 123.125.219.130 port 19477 ssh2

You can see the number of failed ssh login attempts from various login addresses with the command grep 'Failed password' /var/log/secure | grep sshd | awk '{print $11}' | sort | uniq -c - the IP address from which the failed login attempt was made is the 11th item on the line.

If you pipe the output of the awk command into sort, you can sort the output by IP address; uniq -c will then provide you the count of failed SSH login attempts from particular IP addresses.

# grep 'Failed password' /var/log/secure | grep sshd | awk '{print $11}' | sort | uniq -c
      1 101.227.71.40
    409 117.27.158.71
      2 117.27.158.91
     84 122.225.109.104
    315 122.225.109.108
    232 122.225.109.118
    321 122.225.109.197
    247 122.225.109.212
    115 122.225.109.217
    458 122.225.97.103
    309 122.225.97.108
     96 122.225.97.110
    377 122.225.97.117
    478 122.225.97.120
    121 122.225.97.83
     63 122.225.97.84
     81 122.225.97.88
     36 122.225.97.98
    382 123.125.219.130

I can see from the above output from that command that there were 382 failed ssh login attempts from the 123.125.219.130 address at the time I ran the command.

From a search on that IP address at the American Registry for Internet Numbers (ARIN), I found the address was part of a block of addresses managed by the Asia Pacific Network Information Centre (APNIC) . A whois search on the APNIC site showed the IP address is part of a large block of addresses, 123.112.0.0 - 123.127.255.255, allocated to an organization in Beijing, China. I often see attacks from IP addresses allocated to entities in China.

You can manually block further attempts to compromise a system in this manner using a route reject command or through the firewall software on the system. The default firewall software for CentOS 7 is FirewallD. You can configure it through a Graphical User Interface (GUI), which can be opened using the command firewall-config or through a command line interface at a shell prompt by using the command firewall-cmd. I blocked the IP address from any access to the system using the command below, though by the time I blocked it, the login attempts had ceased:

# firewall-cmd --add-rich-rule="rule family='ipv4' source address='123.125.219.130' reject"
success

The block can be viewed through the graphical interface for FirewallD by running firewall-config. E.g., in this case under "Rich Rules" for the public zone, I can see the blocked IP when starting the application after issuing the firewall-cmd command.

The command above will put in place a firewall rule that will apply to the default firewall zone, but will only remain until the firewall service is restarted, e.g., with a system reboot. To put in place a permanent block, I could have used the commands below. Instituting a permanent change requires a restart of the firewall service, though.

firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='123.125.219.130' reject"
systemctl restart firewalld.service

To have a block apply to a specific firewall zone, e.g., the public zone, I could use the commands below.

firewall-cmd --permanent --zone='public' --add-rich-rule="rule family='ipv4' source address='123.125.219.130' reject"
systemctl restart firewalld.service

The output of the grep command run against /var/log/secure displayed above was sorted by IP address; if you, instead, would like to sort the output by count of failed login attempts you can pipe the output of the commands above into sort again adding the -n argument to sort by the number that appears first on each line.

# grep 'Failed password' /var/log/secure | grep sshd | awk '{print $11}' | sort | uniq -c | sort -n
      1 176.222.201.154
      1 85.132.71.83
      1 91.220.131.33
      1 a
      1 pi
      1 ubnt
      2 client
      4 ubuntu
      4 usuario
     27 git
     48 122.225.97.117
     64 221.228.205.196
     71 61.174.51.223
     78 admin
    129 122.225.97.79
    191 122.225.109.198
    237 122.225.97.116
    268 117.27.158.88
    306 113.200.188.55
    336 117.27.158.89

I can see from the above output that the greatest number of failed SSH login attempts made on the day I ran the command, which was November 9, 2014, were made from 117.27.158.89. Checking the APNIC site again, I see that IP address is also assigned to an entity in China.

If you want to reverse the sorting order, so that the largest number appears first, simply add the -r argument to the last sort command.

# grep 'Failed password' /var/log/secure | grep sshd | awk '{print $11}' | sort | uniq -c | sort -nr
    336 117.27.158.89
    306 113.200.188.55
    268 117.27.158.88
    237 122.225.97.116
    191 122.225.109.198
    129 122.225.97.79
     78 admin
     71 61.174.51.223
     64 221.228.205.196
     48 122.225.97.117
     27 git
      4 usuario
      4 ubuntu
      2 client
      1 ubnt
      1 pi
      1 a
      1 91.220.131.33
      1 85.132.71.83
      1 176.222.201.154

In the above output, some of the failed entries are associated with userids the attacker attempted to use to login. E.g., for the case of the usuario one, I can see that the illegitimate login attempts where that name was used for the userid orginated from the 221.228.205.196 IP address. There is no account on the system with that userid. The IP address is also assigned to an entity in China.

# grep usuario /var/log/secure
Nov  9 10:53:01 localhost sshd[23516]: Invalid user usuario from 221.228.205.196
Nov  9 10:53:01 localhost sshd[23516]: input_userauth_request: invalid user usuario [preauth]
Nov  9 10:53:03 localhost sshd[23516]: Failed password for invalid user usuario from 221.228.205.196 port 52710 ssh2
Nov  9 10:53:04 localhost sshd[23568]: Invalid user usuario from 221.228.205.196
Nov  9 10:53:04 localhost sshd[23568]: input_userauth_request: invalid user usuario [preauth]
Nov  9 10:53:06 localhost sshd[23568]: Failed password for invalid user usuario from 221.228.205.196 port 53534 ssh2
Nov  9 10:53:07 localhost sshd[23654]: Invalid user usuario from 221.228.205.196
Nov  9 10:53:07 localhost sshd[23654]: input_userauth_request: invalid user usuario [preauth]
Nov  9 10:53:10 localhost sshd[23654]: Failed password for invalid user usuario from 221.228.205.196 port 55193 ssh2
Nov  9 10:53:12 localhost sshd[23657]: Invalid user usuario from 221.228.205.196
Nov  9 10:53:12 localhost sshd[23657]: input_userauth_request: invalid user usuario [preauth]
Nov  9 10:53:14 localhost sshd[23657]: Failed password for invalid user usuario from 221.228.205.196 port 56072 ssh2

To count just by IP address so that the login failurers for particular usernames don't appear in the output, I can put another grep command, one that will filter the output of the prior grep command so any lines of output from it are eliminated if they contain "invalid user", before the awk command.

# grep 'Failed password' /var/log/secure | grep sshd | grep -v "invalid user" | awk '{print $11}' | sort | uniq -c | sort -n
      1 176.222.201.154
      1 85.132.71.83
      1 91.220.131.33
     48 122.225.97.117
     64 221.228.205.196
     71 61.174.51.223
    129 122.225.97.79
    191 122.225.109.198
    237 122.225.97.116
    268 117.27.158.88
    306 113.200.188.55
    336 117.27.158.89

If you wish to see what userids are being used most frequently for the failed login attempts, the string of commands entered above need to be modified to search for the userids used in failed login attempts. The above commands don't show the most commonly used userid, which is root, since almost all Unix/Linux systems will have a root account.

For failed login attempts the lines that appear in the output are slightly different depending upon whether the userid used exists on the system. E.g., if the account doesn't exist on the system, as in the case for client and git below, the lines appear as follows:

Nov  9 10:34:14 localhost sshd[21745]: Failed password for invalid user client f
rom 91.220.131.33 port 60223 ssh2
Nov  9 10:52:00 localhost sshd[23204]: Failed password for invalid user git from
 221.228.205.196 port 60513 ssh2

If the account does exist, e.g., the root account, then the lines have the following format:

Nov  9 04:58:50 localhost sshd[21319]: Failed password for root from 122.225.97.
79 port 7951 ssh2

The sed command can be used to strip out the "invalid user" from lines to make the format of those lines containing "invalid user" the same as for those for valid userids on the system. You can then use the awk command to display the contents of the 9th entry on the line, which is the userid used.

# grep "sshd.*: Failed password for" /var/log/secure | sed 's/invalid user //' | awk '{print $9}' | sort | uniq -c | sort -n
      1 a
      1 operator
      1 pi
      1 ubnt
      2 client
      4 ubuntu
      4 usuario
     27 git
     78 admin
   1844 root

The output from a check of the /var/log/secure file shows that the most common user name used in attempts to log into the system by attackers is root.

References:

1. Firewalld - Block an IP Address
   By: up2long
   Date: February 26, 2014
   Fedoraforum.org

[/network/ssh] permanent link

In the list of preference options that appear, scroll down until you see javascript.enabled.

You will need to double-click on the javascript.enabled line to change the value from "false" to "true" to enable javascript support. You can disable javascript support by double-clicking on the line to toggle the status to false, if it is set to true and you wish to disable it.

Once you have reenabled JavaScript, you should be able to successfully display webpages that rely upon it.

[/network/web/browser/firefox] permanent link

# grep resuming /var/log/httpd/error_log
[Sun Nov 09 03:29:02.631763 2014] [mpm_prefork:notice] [pid 20663] AH00163: Apac
he/2.4.6 (CentOS) configured -- resuming normal operations

[/network/web/server/apache] permanent link

# perl -e shell -MCPAN
Terminal does not support AddHistory.

cpan shell -- CPAN exploration and modules installation (v1.9800)
Enter 'h' for help.

cpan[1]> install YAML

Once it is installed you can view documentation on it by issuing the command perldoc YAML. If you just want to see if it is installed, you can issue that command. If it is, you will see the documentation. If it isn't installed, you will see a message "No documentation found" followed by the module name.

You can also use the -l argument to perldoc, which will report the location of the Plain Old documentation, abbreviated pod, file for the module, if one is present or also report "No documentation found", if the module can't be found. Be sure to capitalize "YAML" or you will see the "No documentation found" message.

# perldoc -l yaml
No documentation found for "yaml".
# perldoc -l YAML
/usr/local/share/perl5/YAML.pod

[/languages/perl] permanent link

# crontab -e
no crontab for root - using an empty one
crontab: installing new crontab
"/tmp/crontab.wpnAYC":3: bad minute
errors in crontab file, can't install.
Do you want to retry the same edit?

I had also seen "bad day-of-week", instead of "bad minute" when editing the file previously. I typed "y" to retry and then realized the source of the problem, which I thought at first from the error message was some error in the first five entries on the line that specify when a cron job should run. Instead, the problem was because when I copied and pasted the contents of the old file into the new file, entries that had wrapped around to a new line on the screen were now on two lines whereas before they were only on one line. E.g., for the output above, line 3, which was the one referenced for "bad minute" was really the continuation of line 2, but it was now, because of my copy and paste operation, on line 3 with no time specified, but instead the end part of the command line. I edited those lines where that had occurred, so though they wrapped around on the screen each entry was one continuous line. I was then able to save the file successfully and then view the crontab file with crontab -l Since I had SELinux enabled on the system, I checked the security context for the cron file and saw the following.

# ls -Z /var/spool/cron/root
-rw-------. root root unconfined_u:object_r:user_cron_spool_t:s0 /var/spool/cron/root

References:

1. Cron
   Wikipedia, The Free Encyclopedia
2. Cron and Crontab usage and examples
   Date: May 4, 2014
   Pantz.org Technical Reference Site
3. How to Backup Crontabs of All Users on CentOS, RHEL, Ubuntu & Dabian
   By: Rahul Kumar
   Date: April 2, 2014
   TecAdmin.net

[/os/unix/linux/centos] permanent link

Forbidden

You don't have permission to access / on this server.

When I looked in the error log for the site, I saw the following:

Checking the public_html directory and the directories beneath it, I saw that owner, group, and world all had "execute" access, i.e., the capability to search through the directories.

$ ls -ld public_html
drwxrwxr-x. 14 jdoe jdoe 4096 Nov  5 21:04 public_html

But, checking the user's home directory I found there was no access to it except for the owner. When I changed that access to grant search access to other accounts in the same group and all accounts, then the website became visible.

$ chmod ga+x /home/jdoe
$ ls -ld /home/jdoe
drwx--x--x. 13 jdoe jdoe 4096 Nov  5 21:17 /home/jdoe

You can check the permissions on a directory and the directories above it up to the root directory with just one command using the namei -m command in the form namei -m /path_to_directory/dirname. E.g.:

$ namei -m /home/jdoe/public_html
f: /home/jdoe/public_html
 drwxr-xr-x /
 drwxr-xr-x home
 drwx--x--x jdoe
 drwxrwxr-x public_html

[/network/web/server/apache] permanent link

# usermod --shell /sbin/nologin jasmith

[/os/unix/linux/sysmgmt] permanent link

Task 'jasmith@example.com - Receiving' reported error (0x800CCC92) : 'Your e-mail server rejected your login. Verify your user name and password for this account in Account Settings. The server responded: -ERR [AUTH] Plaintext authentication disallowed on non-secure (SSL/TLS) connections.'

At first I thought the tech who upgraded the system had made some change to Outlook on the system, but I eventually realized that the email server using dovecot for POP3 email access was denying access, because the system had a new IP address. The user was using POP3, port 110, for downloading email and I had previously added the old IP address to the login_trusted_networks line in /etc/dovecot/dovecot.conf file on the email server. By adding an IP address or IP address range to that line, you can configure dovecot to allow users to login using an unencrypted userid and password, i.e., plaintext authentication, from the specified IP address or range of addresses. The relevant section in dovecot.conf is shown below:

# Space separated list of trusted network ranges. Connections from these
# IPs are allowed to override their IP addresses and ports (for logging and
# for authentication checks). disable_plaintext_auth is also ignored for
# these networks. Typically you'd specify your IMAP proxy servers here.
login_trusted_networks = 192.168.0.0/24 192.168.1.0/24 172.45.55.82

In the case above, the server will accept plaintext passwords from any system in the 192.168.0.0/24 address range, i.e., 192.168.0.0 to 192.168.0.255, the 192.168.1.0/24 address range, and from the specific IP address 172.45.55.82, which was the user's IP address. After updating her IP address in the file, I restarted dovecot with service dovecot restart.

The system uses sendmail for sending email and I also had to update /etc/mail/access to include her IP address, since the change to the dovecot configuration file allowed her to download her email, but sendmail would still not except any email sent from her computer, since relaying was permitted from her old email address, but not her new one. I added her IP address and a comment line to the /etc/mail/access file.

# J. A. Smith
172.45.55.82                           RELAY

I then used makemap hash to generate an updated /etc/mail/access.db file.

# makemap hash /etc/mail/access </etc/mail/access

She was then able to send as well as receive email; I didn't need to restart sendmail.

[/network/email/dovecot] permanent link

1. Hit Alt-T to bring up the Tools menu.
2. Select Account Settings.
3. An Account Settings window will open showing you all of the email accounts you have set up. Scroll down to the bottom of the list of accounts where you will see Outgoing Server (SMTP), which you should select by clicking on it.
4. You will then see an Add button that you can click on to add an additional SMTP server for outgoing email.
5. Complete the fields for the SMTP server, including "Description", "Server Name" and "Port", which will likely be 25 or 587. If you need to authenticate with the server when sending email, select the appropriate authentication method and provide a user name, if needed.

   

6. Click on the OK button.
7. If you wish any of the email accounts you have set up in Thunderbird to use that SMTP server, select an account you wish to have use that outgoing email server by right-clicking on it, e.g. jdoe@example.com, and picking Settings. For the "Outoging Server (SMTP)" value, which you will see with the email address selected, i.e., don't click on "Server Settings" or any other option below the address, select the new server and click on OK.

References:

1. Multiple SMTP servers - Thunderbird
   mozilaZine

[/network/email/clients/thunderbird] permanent link

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at webmaster@example.com to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.

Checking the httpd error log, I saw the following entries for the problem:

[Sun Nov 02 11:31:21.399775 2014] [cgi:error] [pid 18794] [client 94.228.34.209:55416] AH01215: Can't locate CGI.pm in @INC (@INC contains: /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at /home/jdoe/public_html/blog/blosxom line 92.
[Sun Nov 02 11:31:21.399911 2014] [cgi:error] [pid 18794] [client 94.228.34.209:55416] AH01215: BEGIN failed--compilation aborted at /home/jdoe/public_html/blog/blosxom line 92.
[Sun Nov 02 11:31:21.401265 2014] [cgi:error] [pid 18794] [client 94.228.34.209:55416] End of script output before headers: blosxom

When I searched the system for CGI.pm, I found it was not present.

# find / -name CGI.pm -print 2>/dev/null
#

The file was present on a backup from the CentOS 5 system at /usr/lib/perl5/5.8.8/CGI.pm.

Since it wasn't installed, I tried installing it.

# perl -e shell -MCPAN
Can't locate CPAN.pm in @INC (@INC contains: /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .).
BEGIN failed--compilation aborted.

But that failed because CPAN.pm wasn't installed, either.

# find /usr/lib/perl5 -name CPAN.pm -print 2>/dev/null
# whereis CPAN.pm
CPAN:[root@frostdragon conf]# locate CPAN.pm
#

So I installed the perl-CPAN package with yum.

# yum install perl-CPAN

After the installation, I checked on the package and the location of CPAN.pm.

# rpm -qi perl-CPAN
Name        : perl-CPAN
Epoch       : 0
Version     : 1.9800
Release     : 283.el7
Architecture: noarch
Install Date: Sun 02 Nov 2014 12:02:15 PM EST
Group       : Development/Languages
Size        : 762403
License     : GPL+ or Artistic
Signature   : RSA/SHA256, Fri 04 Jul 2014 12:15:45 AM EDT, Key ID 24c6a8a7f4a80eb5
Source RPM  : perl-5.16.3-283.el7.src.rpm
Build Date  : Tue 17 Jun 2014 01:42:20 PM EDT
Build Host  : worker1.bsys.centos.org
Relocations : (not relocatable)
Packager    : CentOS BuildSystem <http://bugs.centos.org>
Vendor      : CentOS
URL         : http://www.perl.org/
Summary     : Query, download and build perl modules from CPAN sites
Description :
Query, download and build perl modules from CPAN sites.
# whereis CPAN.pm
CPAN: /usr/share/man/man3/CPAN.3pm.gz
#

I was then able to install CGI.pm.

#  perl -e shell -MCPAN

CPAN.pm requires configuration, but most of it can be done automatically.
If you answer 'no' below, you will enter an interactive dialog for each
configuration option instead.

Would you like to configure as much as possible automatically? [yes] yes

 <install_help>

Warning: You do not have write permission for Perl library directories.

To install modules, you need to configure a local Perl library directory or
escalate your privileges.  CPAN can help you by bootstrapping the local::lib
module or by configuring itself to use 'sudo' (if available).  You may also
resolve this problem manually if you need to customize your setup.

What approach do you want?  (Choose 'local::lib', 'sudo' or 'manual')
 [local::lib] sudo

Autoconfigured everything but 'urllist'.

Now you need to choose your CPAN mirror sites.  You can let me
pick mirrors for you, you can select them from a list or you
can enter them by hand.

Would you like me to automatically choose some CPAN mirror
sites for you? (This means connecting to the Internet) [yes] yes
Trying to fetch a mirror list from the Internet
Fetching with LWP:
http://www.perl.org/CPAN/MIRRORED.BY

Looking for CPAN mirrors near you (please be patient)
........................... done!

New urllist
  http://cpan-du.viaverio.com/
  http://mirror.cogentco.com/pub/CPAN/
  http://httpupdate25.cpanel.net/CPAN/

Autoconfiguration complete.

commit: wrote '/root/.cpan/CPAN/MyConfig.pm'

You can re-run configuration any time with 'o conf init' in the CPAN shell
Terminal does not support AddHistory.

cpan shell -- CPAN exploration and modules installation (v1.9800)
Enter 'h' for help.

cpan[1]>

At the cpan[1] prompt, I entered install CGI. Note: You need to use uppercase letters, not "cgi"

After the installation completed, I typed "exit" at the CPAN prompt. I was then able to reload the page in the browser without getting the "Internal Server" error; I did not have to restart Apache.

References:

1. Perl CGI:Can't locate CGI.pm
   Date: June 5, 2005
   LinuxQuestions.org
2. perl CPAN not installed by default
   Date: February 4, 2012
   DirectAdmin

[/languages/perl] permanent link

If you would like to have Safari automatically reopen all the prior tabs and windows when you restart Safari, click on the gear icon at the top right-hand corner of the browser window, then select Preferences, then select "All windows from last session" instead of "A new window" for the value for "Safari opens with".

[/network/web/browser/safari] permanent link

To login to Evernote, click on that icon and hold the button down until the login window appears.

Once you've logged in, you can click on the button again to save web pages as an article, simplified article, full page, bookmark, or screenshot.

[/network/web/browser/safari] permanent link

I could then copy files from the drives to an external USB drive using xcopy, but the user had over 900,000 files in her My Documents directory and xcopy only copied about 800,000 of those. I wanted to try another method of copying the files to see if that would be more successful, but there were no other utilities available to me from the command prompt that I thought would be more successful.

I created a boot disc on another Windows 8 system using MustangPEBuilder 2 ADK, which allowed me to boot into a Windows GUI, but without the appropriate driver added I haven't yet been able to access the data in the user's My Documents directory with it. I have been able to add Windows applications, such as IrfanView, but I haven't figured out yet how to get some other applications I want to use added nor a driver that will allow me to access the RAID drives.

[/os/windows/mustang] permanent link

The unregistered version has a limitation preventing you from saving an image greater than 300 MB, but in my case that was not an issue since the image size was 175 MB.

I did purchase the software though, since it worked well and I often deal with much larger ISO files. When you purchase the software, you will receive a zip file by email containing a .reg file, which will provide you a temporary license. Extract the .reg file from the .zip file, and double-click on it to create the registry entries to register the software. You should later receive a permanent serial number.

The steps to take to insert or replace a file within an existing ISO file using MagicISO are listed below:

1. Select File.
2. Select Open.
3. Browse to the location of the ISO file you wish to modify and open it.
4. If you have a Windows Explorer window open side-by-side with the Magic ISO Maker window, you can drag the file you want to insert into the ISO file over into the Magic ISO Maker window and into the directory there where you wish to insert the copy of the file into the ISO file. If a file by that name already exists, a "Query for overwriting" window will appear notifying you that the file already exists and asking if you want to overwrite it. You can click on the Yes button to overwrite the file.
5. Click on File then Save as to save the update to the ISO file in a new ISO file, since you can't save to the ISO file you have open within Magic ISO Maker.

VirusTotal analysis of Setup_MagicISO.exe on 2014-08-09

[/os/windows/utilities/MagicISO] permanent link

$ ls /Library/Printers/PPDs/Contents/Resources | grep -i LaserJet | grep 40
HP Color LaserJet CM4540 MFP.gz
HP Color LaserJet CM6040 MFP.gz
HP Color LaserJet CP4005.gz
HP Color LaserJet CP4020 CP4520 Series.gz
HP LaserJet 400 M401.gz
HP LaserJet 400 M401dne.gz
HP LaserJet 400 MFP M425 Fax.ppd.gz
HP LaserJet 400 MFP M425.gz
HP LaserJet 4000 Series.gz
HP LaserJet 4050 Series.gz
HP LaserJet 4240.gz
HP LaserJet 9040 9050 MFP.gz
HP LaserJet 9040.gz
HP LaserJet M9040 M9050 MFP.gz
HP LaserJet P4010_P4510 Series.gz

The HP LaserJet 4000 Series.gz file seemed appropriate. I then used the command below to add the printer:

The printer then appeared in the list of available printers under System Preferences/Print & Scan and I was able to print to it.

The lpadmin command can be used to configure CUPS printers. CUPS is a modular printing system often found on Unix and Linux operating systems. Apple's OS X opertaing system is a Unix-based graphical interface.

The options for the lpadmin command, which can be used to configure CUPS printers, are listed below:

    -p = Printer name (queue name if sharing the printer)
    -v = IP address or DNS name of the printer
    -D = Description of the printer (appears in the Printers list)
    -L = Location of the printer
    -P = Path to the printer PPD file to use for the printer
    -E = Enable this printer to accept print jobs

The text specified with the -D option is the description that I see for the printer when I check Print & Scan under System Preferences.

[/os/os-x] permanent link

To use the program, you need to extract the unRAR.exe file from the file you download. You can do so by simply double-clicking on the unrarw32.exe file you downloaded. You will then be prompted for a directory into which the unRAR.exe file should be extracted.

The default installation directory is C:\Program Files(x86)\Unrar. If you don't have access to install files in that directory on a system, you can place it anywhere, e.g. in "My Documents". So you don't need administrator level access to a system to put the utility on a system or run it on a system. There is only the one file, Unrar.exe file that you need. to use the software.

If you see a Program Compatibility Assistant window appear stating "This program might not have installed correctly, you can simply click on "This program installed correctly" to have the Unrar.exe file placed in the directory you chose, if you have the appropriate access to place files in that directory..

You can see the options availble for the program by typing unrar at a command prompt in the directory in which you extracted unrar.exe.

C:\Users\joe\Documents\bin>unrar

UNRAR 5.00 freeware      Copyright (c) 1993-2013 Alexander Roshal

Usage:     unrar <command> -<switch 1> -<switch N> <archive> <files...>
               <@listfiles...> <path_to_extract\>

<Commands>
  e             Extract files without archived paths
  l[t[a],b]     List archive contents [technical[all], bare]
  p             Print file to stdout
  t             Test archive files
  v[t[a],b]     Verbosely list archive contents [technical[all],bare]
  x             Extract files with full path

<Switches>
  -             Stop switches scanning
  @[+]          Disable [enable] file lists
  ac            Clear Archive attribute after compression or extraction
  ad            Append archive name to destination path
  ag[format]    Generate archive name using the current date
  ai            Ignore file attributes
  ap<path>      Set path inside archive
  c-            Disable comments show
  cfg-          Disable read configuration
  cl            Convert names to lower case
  cu            Convert names to upper case
  dh            Open shared files
  ep            Exclude paths from names
  ep3           Expand paths to full including the drive letter
  f             Freshen files
  id[c,d,p,q]   Disable messages
  ierr          Send all messages to stderr
  inul          Disable all messages
  ioff          Turn PC off after completing an operation
  kb            Keep broken extracted files
  n<file>       Additionally filter included files
  n@            Read additional filter masks from stdin
  n@<list>      Read additional filter masks from list file
  o[+|-]        Set the overwrite mode
  oc            Set NTFS Compressed attribute
  or            Rename files automatically
  ow            Save or restore file owner and group
  p[password]   Set password
  p-            Do not query password
  r             Recurse subdirectories
  ri<P>[:<S>]   Set priority (0-default,1-min..15-max) and sleep time in ms
  sl<size>      Process files with size less than specified
  sm<size>      Process files with size more than specified
  ta<date>      Process files modified after <date> in YYYYMMDDHHMMSS format
  tb<date>      Process files modified before <date> in YYYYMMDDHHMMSS format
  tn<time>      Process files newer than <time>
  to<time>      Process files older than <time>
  ts<m,c,a>[N]  Save or restore file time (modification, creation, access)
  u             Update files
  v             List all volumes
  ver[n]        File version control
  vp            Pause before each volume
  x<file>       Exclude specified file
  x@            Read file names to exclude from stdin
  x@<list>      Exclude files listed in specified list file
  y             Assume Yes on all queries

C:\Users\joe\Documents\bin>

To extract the contents of a .rar file, use the e argument to unrar followed by the name of the rar file.

C:\Users\joe\Documents\bin>unrar e %USERPROFILE%\Downloads\ST0044_9e8d3db5
2aa4e60904a3676eb33f763.rar

UNRAR 5.00 freeware      Copyright (c) 1993-2013 Alexander Roshal


Extracting from C:\Users\joe\Downloads\ST0044_9e8d3db592aa4e60904a3676eb33763.rar

Extracting  ST0044_BlacX Duet 5G Snow Editon_manual_12071201.pdf      OK
All OK

[/software/utilities/file/rar] permanent link

All sessions are stored in the sessions folder inside your profile directory and can be moved around as with any other file. On a Microsoft Windows 8 system, the sessions folder is in %APPDATA%\Mozilla\Firefox\Profiles\profiledir\sessions. You can find the value of %APPDATA% at a command prompt by issuing the command echo %APPDATA%.

C:\>echo %APPDATA%
C:\Users\JDoe\AppData\Roaming

C:\Users\JDoe\AppData\Roaming\Mozilla\Firefox\Profiles\nqp8058i.default\sessions

To get to that folder, simply select "Open Session Folder" in Session Manager's menu (might not work on all OSes), which you can get to in Firefox on Microsoft Windows by using the Alt-T key combination to show the Tools menu, then selecting Session Manager. Session Manager also allows you to reopen the 10 last closed windows and tabs. You do not need to restart Firefox after installing the Session Manager add-on to begin using it.

To save the Firefox session at any time, take the following steps on a Microsoft Windows system (applies to Firefox 31.0 and Session Manager 0.8.1.5):

1. Use Alt-T key combination to bring up the Tools menu. Alternatively, you can click on the blue floppy disk icon that is placed on the Firefox address bar when you install Session Manager. That icon appears to the left of another icon that is a red cross in a white box which will allow you to reopen recently closed tabs or windows.

   

2. Select Session Manager.
3. Select Session Manager again.
4. Select Save Session.
5. A window will open where you can name the session you are about to save.

   

   Provide a name for the session you wish to save in the "Name" field, which could be the date or anything you like. You can uncheck any tabs you don't want saved for the session.

6. Click on Save Session. Note: when you click on it, it may appear that nothing is happening, but don't click again, give it a few seconds to complete the save.

To load a saved session, go through the same steps to bring up Session Manager, but instead of selecting Save Session select Load Session. You will then see a list of any saved sessions.

If Firefox crashes or you reboot the system without closing Firefox, you will see a window like the one below when you open Firefox, which will give you the option of restoring Firefox to the state it was in when it crashed or from a prior saved session.

References:

1. Session Manager
   Add-Ons
2. Session Manager
   mozdev.org

[/network/web/browser/firefox/addons/sessionmgr] permanent link

SELECT `message` FROM `chatroommessages` WHERE `message` LIKE '%Groot%';

The percent signs at the beginning and end of the text indicate that any other text can occur before and after that text, so if a message contained "I am Groot!", it would be selected. The "%" will match any number of characters, including zero characters.

You can search for words or phrases with any other text occurring before or after the text you are seeking:

SELECT `message` FROM `chatroommessages` WHERE `message` LIKE '%only a test%';

If you want to use a wildcard that represents only one character rather than zero or more characters, you can use the underscore character.

SELECT `message` FROM `chatroommessages` WHERE `message` LIKE '%test_r%';

The above SQL query would look for all messages that contained any text before "test", followed by any one character, an "r", and then any number of other characters. So the above query would find any of the following:

Hopefully I don't run out of Testor's Dull coat.
my test results were inconclusive.
I am currently a beta tester.

The case of the text doesn't matter. E.g., it doesn't matter that I used all lowercase letters in "test" when I issued the SQL query. The query would find "TEST" with all uppercase letters as well. So the message contained "Testor" with a capital "T" was also found.

If you need to search for an occurrence of a wildcard character, e.g., you need to find "30%", then you would need to use a backslash, \, as an "escape character" to take away the special meaning of the percent sign in a query.

SELECT `message` FROM `chatroommessages` WHERE `message` LIKE '30\%';

That will restrict the search to finding only messages containing "30%", whereas if you used LIKE 30% rather than LIKE 30\%, the search would also return any messages containing "300", "3000", "30132", etc.

References:

1. 12.5.1 String Comparison Functions
   MySQL Documentation: MySQL Reference Manuals

[/software/database/mysql] permanent link

To use XXMkLink, download the zip file and extract XXMKLINK.EXE from within it to an appropriate directory on a hard drive. You can then run that program without any parameters to see options available for it.

C:\>"\Program Files\Utilities\XXMKLINK"

XXMkLink     ver 1.00    (c)2005 Copyright  Pixelab, Inc.


=========== Syntax =======================

xxmklink spath opath [ arg [ wdir [ desc [ mode [ icon[:n] ]]]]] [switches...]

  where  spath     path of the shortcut (.lnk added as needed)
         opath     path of the object represented by the shortcut
         arg       argument string (use quotes with space, see below)
         wdir      path of the working directory (for "Start in")
         desc      description string (shown in Shosrtcut's Properties)
         mode      display mode (1:Normal [default], 3:Maximized, 7:Minimized)
         icon[:n]  icon file [with optional icon index value n]

         Currently, the following switches are supported

         /p        prompts before action
         /q        no output when successful (quiet)

  Note:  Switches (whose first character is always slash) can be placed in
         any position of the command argument.  A string that starts with
         a slash as a non-switch argument must be surrounded by a pair of
         double-quotes (").  It is recommended that the XXMKLINK's switches
         be placed before or after the non-switch arguments for clarity.

         Make sure that each element is surrounded by a pair of
         double-quotes (") if embeded space is present.

         The third field (arg) is for the argument string for the object
         (typically a program that requires command arguments) that must
         be entered as one string here, even if it has many parts that are
         separated by spaces and possibly with double-quote characters.

         When double-quoted string has an embedded double-quote,
         add a backslash in front of each embedded double-qoute.

         Use an empty string (two consecutive double-quotes) as a
         place holder since this command syntax is sensitive to the
         order of the field, optional switches cannot alter the
         pre-determined order as defined by the program.

         When an invalid display mode is specified (not 1, 3 nor 7),
         the default (Normal Window) value will be used.

         When the icon specifier does not point to an existing file,
         the icon field will be ignored.

  E.g.   mklink "c:\Program Files\mydir\My Shortcut.lnk" c:\boot.ini
           (At least two arguments are always needed.)

         mklink c:\myauto c:\autoexec.bat "/q" . "I say \"Hello.\"" "desc..."
           (In this example, the third argument string, "/q" was entered
            as a quoted string.  If it were without the quotation marks,
            it would be treated as the xxmklink switch, /q, not the argment
            string for the object program.)

At a minimum, the following two arguments are needed to the program to create a shortcut:

spath - path and filename for the shortcut; if you don't add a .lnk at the end of spath, one will be added automatically, since all shortcuts must have a .lnk extension.

opath - path and filename of the object represented by the shortcut, i.e. the location and name for the file or program for which you are creating the shortcut.

E.g., suppose I wanted to create a shortcut on the desktop for the account under which I'm currently logged into the system that points to the WinSCP program, winscp.exe. I could use the following command, if the xxmklink.exe file is in C:\Program Files\Utilities and the winscp.exe program is in c:\program files (x86)\network\SSH\WinSCP\. If I was logged into the JDoe account, the environment variable %USERPROFILE% would equate to C:\Users\JDoe.

C:\>"\Program Files\Utilities\xxmklink" %USERPROFILE%\Desktop\WinScp.lnk "c:\program files (x86)\network\SSH\WinSCP\winscp.exe"

XXMkLink     ver 1.00    (c)2005 Copyright  Pixelab, Inc.

The shortut created as follows

Shortcut path:     C:\Users\JDoe\Desktop\WinScp.lnk
Target object:     c:\program files (x86)\network\SSH\WinSCP\winscp.exe
Arguments;
Working Directory:
Description:
Display Mode:      Normal Window (1)
Icon file:

If I then hit the Windows key and the "D" key simultaneously, I would then see the WinSCP shortcut on the desktop.

Security information for current version of XXMkLink, which is 1.00

[/os/windows/utilities] permanent link

Once you click on that icon, another small window will pop up which contains a tab labeled SQL history.

Click on that tab to see the recently entered SQL commands

[/network/web/tools/phpmyadmin] permanent link

Folder C:\winpe_x86 exists. Move, rename or delete and try again. Program will terminate.

When I clicked on OK, the Mustang PEBuilder window closed. The C:\winpe_x86 directory gets created during the process by which Mustang PEBuilder 2 creates the .iso file. The directory and its contents are normally deleted after the ISO file is created. When it has not been deleted and I had previously seen the error message, I was able to delete the C:\winpe_x86 folder and all its contents and restart the process of building an ISO file without a problem. But this time I received "access denied" messages when attempting to delete some of the directories and files within it.

The problem was due to the directories and files being owned by TrustedInstaller. To remedy the problem, I took the following steps:

1. Right-click on a directory that can't be deleted and choose Properties.
2. Click on the Security tab.
3. Click on the Advanced button.
4. The owner will be listed as TrustedInstaller; click on Change then in the "Enter the object name to select" field, type Administrators.
5. Click on OK.
6. Click on the checkbox next to "Replace owner on subcontainers and objects" to check the box.
7. Click on the Apply button.
8. In the "Permission entries" list, make sure Administrators have "Full control".
9. Check the checkbox for "Replace all child object permission entries with inheritable permission entries from this object. When notified that this will replace explicity defined permissions on all descendants of this object with inheritable permissions, click on Yes.
10. Click on the Apply button.
11. You can now close the "Advanced Security Settings" window by clicking on OK.
12. You can click on OK again to close the Properties window for the directory.

You should now be able to delete the directory and all subdirectories and files within it.

References:

1. Windows 7 - How to Delete Files Protected by TrustedInstaller
   Help Desk Geek

[/os/windows/utilities/diagnostic/mustang] permanent link

SMFPacks Shoutbox 1.0.3 was shown in the packages list, but there was no option to install or uninstall it, only options to "List Files" or "Delete". But there was a configuration page for it within the forum software. That page showed that Shoutbox was disabled.

I found in the Packages directory for the forum there was a SMFPacks_Shoutbox.zip file. When I unzipped the file and checked the package-info.xml for it, I saw the following in the installation section for 1.x versions of SMF:

<!-- 1.1.x -->
<install for="1.1-1.1.99">

There was an installation section for 2.0.x versions of SMF as well:

<!-- 2.0.x -->
<install for="2.0">

Since it did not list a range of version numbers, I went to Admin, then Package Manager and then clicked on the Advanced link at the bottom of the list of mods. I then changed the Emulate Version value from 2.0.8 to 2.0 and clicked on the Apply button. I was then able to uninstall SMFPacks Shoutbox 1.0.3 and delete the files associated with it. I then clicked on the Advanced link again at the bottom of the list of mods, clicked on Revert beneath Emulate Version, and then clicked on the Apply button to put Emulate Version back to its original value.

[/network/web/forums/smf] permanent link

CREATE TABLE db2.table LIKE db1.table;
INSERT INTO db2.table SELECT * FROM db1.table;

[/software/database/mysql] permanent link

$ mysqlshow -u jdoe -p
Enter password:
+--------------------+
|     Databases      |
+--------------------+
| information_schema |
| jdoedbf            |
| test               |
| tokyo              |
+--------------------+

$ mysqlshow -u jdoe -p products

If you need to find a table with particular text in the name, you can pipe the output of the mysqlshow command into grep. E.g., if you were looking for a table in a database named "products" with many tables that contained "cat" as part of the name of the table, you could use something like the following:

$ mysqlshow -u jdoe -p products | grep cat

[/software/database/mysql] permanent link

$ sleep 10; scrot test.png

The above command would give you 10 seconds to minimize the terminal window and any other open windows you didn't want to see in the screenshot. The results of the screenshot would be stored in the directory from which the command was run in the file test.png. Or you can use the scrot command's own delay parameter, -d or --delay followed by the number of seconds of delay you wish to give yourself before scrot captures the screen, e.g., scrot -d 10.

For help on the utility issue the command scrot --help.

scrot --help
Usage : scrot [OPTIONS]... [FILE]
  Where FILE is the target file for the screenshot.
  If FILE is not specified, a date-stamped file will be dropped in the
  current directory.
  See man scrot for more details
  -h, --help                display this help and exit
  -v, --version             output version information and exit
  -b, --border              When selecting a window, grab wm border too
  -c, --count               show a countdown before taking the shot
  -d, --delay NUM           wait NUM seconds before taking a shot
  -e, --exec APP            run APP on the resulting screenshot
  -q, --quality NUM         Image quality (1-100) high value means
                            high size, low compression. Default: 75.
                            For lossless compression formats, like png,
                            low quality means high compression.
  -m, --multidisp           For multiple heads, grab shot from each
                            and join them together.
  -s, --select              interactively choose a window or rectangle
                            with the mouse
  -u, --focused             use the currently focused window
  -t, --thumb NUM           generate thumbnail too. NUM is the percentage
                            of the original size for the thumbnail to be,
                            or the geometry in percent, e.g. 50x60 or 80x20.
  -z, --silent              Prevent beeping

  SPECIAL STRINGS
  Both the --exec and filename parameters can take format specifiers
  that are expanded by scrot when encountered.
  There are two types of format specifier. Characters preceded by a '%'
  are interpreted by strftime(2). See man strftime for examples.
  These options may be used to refer to the current date and time.
  The second kind are internal to scrot  and are prefixed by '$'
  The following specifiers are recognised:
                  $f image path/filename (ignored when used in the filename)
                  $m thumbnail path/filename
                  $n image name (ignored when used in the filename)
                  $s image size (bytes) (ignored when used in the filename)
                  $p image pixel size
                  $w image width
                  $h image height
                  $t image format
                  $$  prints a literal '$'
                  \n prints a newline (ignored when used in the filename)
  Example:
          scrot '%Y-%m-%d_$wx$h_scrot.png' -e 'mv $f ~/images/shots/'
          Creates a file called something like 2000-10-30_2560x1024_scrot.png
          and moves it to your images directory.

This program is free software see the file COPYING for licensing info.
Copyright Tom Gilbert 2000
Email bugs to <scrot_sucks@linuxbrit.co.uk>

You can also type man scrot to see information on use of the utility.

References:

1. Scrot
   Wikipedia, the free encyclopedia
2. The Tom Gilbert Blog
   

[/os/unix/linux/utilities/graphics] permanent link

1. Click on File.
2. Select Create.
3. Select Screenshot.
4. When the GIMP screenshot window opens, you will have the option of selecting the area for the screenshot.

   Area

   • Take a screenshot of a single window
     [ ] Include window decoration
   • Take a screenshot of the entire screen
     [ ] Include mouse pointer
   • Select a region to grab

   Delay [ 0 ] seconds

   At the end of the delay, click in a window to snap it.

5. When you have selected the option you want, click on the Snap button.

If you choose to take a screenshot of a single window, the cursor will change to something similar to a "+". Move the cursor over the appropriate window and that window will be pasted into a GIMP window when you click on the window. Note: make sure you don't have any windows overlapping the one you wish to capture, otherwise you may see a portion of an overlapping window in the screenshot.

If you don't want to capture the border around a window, scrollbars for the window, and any application menu at the top of the window, uncheck "Include window decoration.

If you choose "Take a screenshot of the entire screen", a snapshot will be taken of the entire screen including the GIMP window.

If you select a region to grab, the cursor will change as above. You can then click in one corner of the area of the screen you wish to include in the snapshot then drag the mouse to a diagonal corner while holding the mouse button down. When you release the button, the area selected will be captured.

Once you have the screen shot, you can create a GIF, JPG, PNG, etc. image file from the screenshot by clicking on File and selecting Export.

[/software/graphics/gimp] permanent link

To determine the default browser from the command line, you can use the command reg query HKEY_CLASSES_ROOT\http\shell\open\command /ve.

C:\>reg query HKEY_CLASSES_ROOT\http\shell\open\command /ve

HKEY_CLASSES_ROOT\http\shell\open\command
    (Default)    REG_SZ    "C:\Program Files\Network\Web\Mozilla Firefox\firefox.exe" -osint -url "%1"

If you just wanted a true or false result for determining whether Firefox is the default browser, you could pipe the output of the reg query command to the find command as below. A result of 0 means "false", i.e., Firefox is not the default browser and a result of 1 means it is the default browser.

C:\>reg query HKEY_CLASSES_ROOT\http\shell\open\command /ve | find /c /i "firefox"
1

Reference:

1. How Does Your Browser Know that It’s Not The Default?
   Date: March 23, 2007
   The New Old Thing | Absurdity in Its Fullest

[/network/web/browser] permanent link

$ launchctl unload -w /Library/LaunchAgents/net.juniper.pulsetray.plist
$ sudo launchctl unload -w /Library/LaunchDaemons/net.juniper.AccessService.plist
Password:
$ osascript -e 'tell application "Junos Pulse" to quit'

The account I was logged in under had adminisrator level access, so I simply provided its password at the password prompt above.

When I reopened Junos Pulse afterwards, it wasn't showing any available connections, so I closed it and then issued the commands below.

$ sudo launchctl load -w /Library/LaunchDaemons/net.juniper.AccessService.plist
$ launchctl load -w /Library/LaunchAgents/net.juniper.pulsetray.plist

When I then reopened the Junos Pulse application through the Finder, I saw the VPN connection I normally use and was able to successfully establish a VPN connection. And I was able to disconnect without a problem afterwards.

[/os/os-x] permanent link

SHOW GRANTS;
SHOW GRANTS FOR CURRENT_USER;
SHOW GRANTS FOR CURRENT_USER();

E.g., if logged into MySQL as the user joe:

mysql> show grants;
+----------------------------------------------------------------------------------------------------+
| Grants for joe@localhost                                                                           |
+----------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'joe'@'localhost' IDENTIFIED BY PASSWORD '75ac044c66d44642'                  |
| GRANT ALL PRIVILEGES ON `family`.* TO 'joe'@'localhost'                                            |
| GRANT ALL PRIVILEGES ON `partslist`.* TO 'joe'@'localhost'                                         |
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ON `tokyo`.`tokyo` TO 'joe'@'localhost'               |
+----------------------------------------------------------------------------------------------------+
4 rows in set (0.00 sec)

To show databases for which the user has access, the show databases command can be used:

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| family             |
| partslist          |
| tokyo              |
+--------------------+
4 rows in set (0.00 sec)

To see which users have access to a particular database, you use the command select user from mysql.db where db='dbname';, where dbname is the name of the relevant database, if you are logged into an account with administrator privileges, e.g., as root. E.g. for a database named partslist:

mysql> select user from mysql.db where db='partslist';
+------+
| user |
+------+
| joe  |
+------+
1 row in set (0.01 sec)

[/software/database/mysql] permanent link

mysqldump -u user -p database > dump.sql

The -p option will prompt you for the password for the user. E.g., supposing the user name is jdoe and the database is named jdoe_db:

$ mysqldump -u jdoe -p jdoe_db > dump.sql
Enter password:

Then, on a Unix/Linux/ system, you can use the grep command to search for lines in the dump.sql file produced by the mysqldump command for "DROP TABLE IF EXISTS" and then pipe that output into another grep command that searches only for lines containing the particular string in the table name that you want to key on for dropping tables. E.g., suppose you want to drop all tables that have example as part of the table name:

$ grep "DROP TABLE IF EXISTS" dump.sql | grep example > drop.sql

You can check the drop.sql file output by the above commands to verify that only the particular tables you wish to drop will be removed from the database.

$ more drop.sql

DROP TABLE IF EXISTS `example_settings`;
DROP TABLE IF EXISTS `example_smileys`;
DROP TABLE IF EXISTS `example_spiders`;

If you are satisfied that only the tables you want removed from the database will be deleted from the database, you can then issue the command:

mysql -u user -p database < drop.sql

E.g., for the example above, you could use:

$ mysql -u jdoe -p joe_db < drop.sql
Enter password:

The dump.sql and drop.sql files can then be deleted.

[/software/database/mysql] permanent link

UPDATE fles SET Directory = Concat('/', Directory);

[/software/database/mysql] permanent link

1. Click on Tools.
2. Select Category List.
3. Click on the Add Category button.
4. Type a name for the new category in the Category Name field.
5. Select the Subcategory of radio button and pick a business category, such as "Supplies (Business)". Add a description if you like.
6. Click on the Tax Reporting tab and make any changes, if any are needed, there.
7. Click on OK.
8. Right-click on the new category in the category list, then select the Expense radio button, rather than the Subcategory of one.
9. Click on OK.
10. Click on Done to close the Category List window.

The category will remain as a business category after the change.

[/financial] permanent link

[/os/windows/win8] permanent link

1. Open Firefox.
2. Use Alt-T, i.e., the Alt and T keys simultaneously, to bring up the tools menu.
3. Select Options.
4. Click on the Advanced tab.
5. Click on the Make Firefox the default browser button.

   

6. At the Set Default Programs window which then opens, click on Firefox.

   

7. Click on Set this program as default.
8. Click on the OK button. You can then close the Default Programs window.
9. You should now see "Firefox is currently your default browser" in the Options window where the Make Firefox the default browser button appeared previously.

   

   Click on the OK button in the Options window.

Note: applies to Firefox 28 as well as earlier versions.

[/network/web/browser/firefox] permanent link

C:\Users\JDoe>reg query HKEY_CURRENT_USER\Software\Intuit\QuickBooksCommon\QBFinder

HKEY_CURRENT_USER\Software\Intuit\QuickBooksCommon\QBFinder
    0    REG_SZ    c:\users\jdoe\documents\quickbooks\csi\c.s.i.qbw|23|professional
    1    REG_SZ    c:\users\jdoe\documents\quickbooks\moonpoint\moonpoint.qbw|23|professional

The .qbw files displayed would be ones you could select by clicking on them from the "No Company Open" window inside QuickBooks. The "|23|professional" at the end can be ignored, if you only want to know the file names and locations. The directory path and file names displayed can then be used to backup any relevant QuickBooks files to another location for archiving, for instance, without needing to open QuickBooks.

[/financial] permanent link

[/financial] permanent link

[ More Info ]

[/reviews/software/windows/utilities/pdf] permanent link

NAME
       date - print or set the system date and time

SYNOPSIS
       date [OPTION]... [+FORMAT]
       date [-u|--utc|--universal] [MMDDhhmm[[CC]YY][.ss]]

DESCRIPTION
       Display the current time in the given FORMAT, or set the system date.

       -d, --date=STRING
              display time described by STRING, not ‘now’

There were several format options available to me.

I wanted to determine the day of the week for May 30, 2005, so I could use YYYYMMDD, i.e., 20050530 for the date with any of those format parameters.

$ date --date="20050530" +%a
Mon
$ date --date="20050530" +%A
Monday
$ date --date="20050530" +%u
1
$ date --date="20050530" +%w
1

A calendar can be displayed at a shell prompt using the cal command as well that will show you the day of the week for a date using ASCII characters, e.g.:

$ cal 05 2005
      May 2005
Su Mo Tu We Th Fr Sa
 1  2  3  4  5  6  7
 8  9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31

From that calendar, I can see that May 30 in 2005 was a Monday.

[/os/unix/commands] permanent link

$ bless --info --getBoot
/dev/disk0s2

If you are interested in more details for that drive, you can use the diskutil info command followed by the drive's designation. E.g.:

$ diskutil info /dev/disk0s2
   Device Identifier:        disk0s2
   Device Node:              /dev/disk0s2
   Part of Whole:            disk0
   Device / Media Name:      Customer

   Volume Name:              Macintosh HD
   Escaped with Unicode:     Macintosh%FF%FE%20%00HD

   Mounted:                  Yes
   Mount Point:              /
   Escaped with Unicode:     /

   File System Personality:  Journaled HFS+
   Type (Bundle):            hfs
   Name (User Visible):      Mac OS Extended (Journaled)
   Journal:                  Journal size 24576 KB at offset 0x1119b000
   Owners:                   Enabled

   Partition Type:           Apple_HFS
   OS Can Be Installed:      Yes
   Media Type:               Generic
   Protocol:                 SATA
   SMART Status:             Verified
   Volume UUID:              A140B2C6-4C4F-3B14-B179-C1A7FE0325D4

   Total Size:               249.2 GB (249199599616 Bytes) (exactly 486717968 512-Byte-Blocks)
   Volume Free Space:        56.4 GB (56438132736 Bytes) (exactly 110230728 512-Byte-Blocks)
   Device Block Size:        512 Bytes

   Read-Only Media:          No
   Read-Only Volume:         No
   Ejectable:                No

   Whole:                    No
   Internal:                 Yes
   Solid State:              No

[/os/os-x] permanent link

I found the service yesterday when the W3C service wasn't responding. One warning I received for a submitted page was for the lack of a language specification within the <HTML> start tag. The warning was:

I had been including the following within the <head> section:

<meta name="language" content="english">

The OnlneWebCheck.com validator noted in regards to it, though:

Though the W3C validation service had never issued any warnings nor errors related to the lack of inclusion of the language attribute within the <HTML> tag or use of the meta tag, at the W3C site at Specifying the language of content: the lang attribute webpage, I found:

The recommendation made for assisting search engines and browsers to determine the language for webpages is to include the language attribute within the <html> tag as shown below:

Or for XHTML:

So, I decided to modify the template that I use for pages to include the language attribute within the <html> tag, i.e., to use <html lang="en">, and to include the attribute within the <html> tag for Blosxom's head.html file.

If a page is in another language than English, the appropriate code can be chosen from the ISO 639-1 two-letter language codes. ISO 639-1 defines abbreviations for languages. In HTML and XHTML they can be used in the lang and xml:lang attributes.

[/network/web/design] permanent link

[ More Info ]

[/network/web/services/google] permanent link

<style type="text/css">
   .padded {padding-left: 10px; padding-right: 10px;}
</style>

You can then apply the class "padded" to each td in the table.

[ More Info ]

[/network/web/design] permanent link

http://support.moonpoint.com/blog/blosxom/2014/03//RS=%5EADAZpNNfKrcEOr1DFixlJAHJ_euLow-/2014/03/04/2014/03/2014/03/01/

They had "RS=" and "euLow-" followed by repetitions of the year and month in the URL. I knew that the links had been appearng normally, so I suspected the problem was caused when I posted an entry this morning. Sometimes when I've worked on something previously, but not yet posted it, I will change the time on the file associated with the entry to point to the date and time I worked on it or when I edit an entry I may set its time stamp to the original date and time after I've finished editing it. I had done that this morning, so I suspected there was a problem with the calendar's cache file, .calendar.cache, which is located in the Blosxom plugins state directory, plugins/state. The file can be deleted; it will be recreated automatically when the Blosxom blog is viewed again. I deleted the file and refreshed the page in the browser with which I was viewing the site and all of the links for the calendar then appeared normally.

[/network/web/blogging/blosxom] permanent link

[ More Info ]

[/network/web/tools] permanent link

$ systemsetup -getnetworktimeserver
Network Time Server: ntp.example.com
$ cat /etc/ntp.conf
server ntp.example.com minpoll 12 maxpoll 17
server time.apple.com

The minpoll and maxpoll values specify the minimum and maximum poll intervals for querying the time server as a power of 2 in seconds. So, for the example above, where the time server is ntp.example.com, the minimum interval is 2 to the power of 12 or 4,096 seconds, which is a little over an hour (1.14 hours). The minimum interval defaults to 6, which equates to 2 to the power of 6, which is 64 seconds. The maximum interval defaults to 10, i.e. 2 raised to the power 10, which is 1,024 seconds. The upper limit for the value is 17, which is 36.4 hours. A secondary time server is also shown in the example above. The secondary time server could be used when the primary one is unavailable.

[/os/os-x] permanent link

If you move the cursor over the cell with the green border, you will see the name of the other user displayed, or your own logged in name, if you have the worksheet open multiple times. You can also put the cursor over the green squares at the top right area above the spreadsheet to see those names. If the worksheet was open more than twice, e.g., if it was open 3 times, you would see additional green boxes corresponding to the number of other open instances of it.

[/network/web/services/google] permanent link

[More Info ]

[/os/os-x/software/office] permanent link

[Mon Mar 24 08:15:07 2014] [error] [client 221.11.108.10] File does not exist: / home/jdoe/public_html/ctscms
[Mon Mar 24 08:15:12 2014] [error] [client 221.11.108.10] File does not exist: /home/jdoe/public_html/plus, referer: http://support.moonpoint.com/plus/search.php?keyword=as&typeArr[111%3D@`\\'`)+and+(SELECT+1+FROM+(select+count(*),concat(floor(rand(0)*2),(substring((select+CONCAT(0x7c,userid,0x7c,pwd)+from+`%23@__admin`+limit+0,1),1,62)))a+from+information_schema.tables+group+by+a)b)%23@`\\'`+]=a

There is no ctscms file nor directory, nor do I use a search.php file, nor even have a directory named plus on this web site, so the queries seemed suspicious.

Performing a Google search on the attempted query to search.php, which appears to be an SQL query, I found links to a number of sites in the Chinese language. E.g., dedecms plus / search.php latest injection vulnerability (translated to English).

The query I saw in the Apache error log appeared to be an SQL injection attack. In Arrays in requests, PHP and DedeCMS, an InfoSec Handlers Diary Blog entry, I found the following in relation to an SQL injection attack used against /plus/download.php, which is a PHP script associated with the DedeCMS Content Management System (CMS):

And this definitely looks malicious. After a bit of research, it turned out that this is an attack against a known vulnerability in the DedeCMS, a CMS written in PHP that appears to be popular in Asia. This CMS has a pretty nasty SQL injection vulnerability that can be exploited with the request shown above.

So I blocked any further access to the server hosting this site from that IP address using a route reject command.

# route add 221.11.108.10 reject
[root@frostdragon ~]# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
221.11.108.10   -               255.255.255.255 !H    0      -        0 -
171.216.29.9    -               255.255.255.255 !H    0      -        0 -

The 221.11.108.10 IP address is allocated to an entity in China. I blocked another Chinese IP address, 171.216.29.9 two days ago.

Additionally, as you can see in the log at the top, the User Agent string has been set to WinHttp.WinHttpRequest, which indicates that this request was created by a script or an attack tool executed on a Windows machine.

When I checked the Apache CustomLog to see what user agent string was submitted with the queries to this site, I saw it was "Googlebot/2.1", so the attacker appears to be using an updated script. that misidentifies itself as Googlebot. The Internet Storm Center blog entry was posted 6 months ago and discusses a log entry from September 5, 2013. The log entry posted in that article shows a source IP address of 10.10.10.10, which is a private IP address substituted in the article for the actual IP address from which the attack originated.

I saw the following in my log:

221.11.108.10 - - [24/Mar/2014:08:15:07 -0400] "GET /ctscms/ HTTP/1.1" 404 291 "
-" "Googlebot/2.1 (+http://www.google.com/bot.html)"
221.11.108.10 - - [24/Mar/2014:08:15:12 -0400] "GET /plus/search.php?keyword=as&
typeArr[111%3D@`\\'`)+and+(SELECT+1+FROM+(select+count(*),concat(floor(rand(0)*2
),(substring((select+CONCAT(0x7c,userid,0x7c,pwd)+from+`%23@__admin`+limit+0,1),
1,62)))a+from+information_schema.tables+group+by+a)b)%23@`\\'`+]=a HTTP/1.1" 404
 299 "http://support.moonpoint.com/plus/search.php?keyword=as&typeArr[111%3D@`\\
'`)+and+(SELECT+1+FROM+(select+count(*),concat(floor(rand(0)*2),(substring((sele
ct+CONCAT(0x7c,userid,0x7c,pwd)+from+`%23@__admin`+limit+0,1),1,62)))a+from+info
rmation_schema.tables+group+by+a)b)%23@`\\'`+]=a" "Googlebot/2.1 (+http://www.go
ogle.com/bot.html)Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, a
pplication/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-power
point, application/msword, */*"

References:

1. Stopping an Attacker with the Route Reject Command
   MoonPoint Support
   Date: April 15, 2007
2. Arrays in requests, PHP and DedeCMS
   Internet Storm Center
   By: Bojan, ISC Handler

[/security/attacks] permanent link

If you wish to display the current ordinal date in a spreadsheet, such as a Microsoft Excel or a Google Sheets worksheet you can use the formula below:

=TEXT(TODAY() ,"yyyy")&TEXT((TODAY() -DATEVALUE("1/1/"&TEXT(TODAY(),"yy"))+1),"000")

That formula will insert the current day in Julian format with a four-digit year. E.g. for March 23, 2014, it would result in 2014082 appearing in the cell where the forumla is used, since March 23, 2014 is the 82^nd day of 2014. If you just wish to display the day of the year and not the year, you can use the formula below:

=TEXT((TODAY() -DATEVALUE("1/1/"&TEXT(TODAY(),"yy"))+1),"000")

That forumula will display 082 in the cell in which the formula is used.

References:

1. Insert Julian dates
   Support - Office.com

[/os/windows/office/excel] permanent link

The markup validation service allows you to submit a URL for a webpage to be checked by the service or to upload an HTML file to be checked for incorrect HTML code. If the code in a webpage is incorrect, you may not see the results you expect for the webpage when it is displayed in a browser or it may display incorrectly in some browsers used by visitors to the page. The W3C tool will notify you of the types of errors on the page and the line numbers on which they are found. You can match those lines numbers with the appropriate lines in the code in browsers that allow you to view the source code of a page.

You can provide a URL to the link checker tool and it will determine if any of the links on the webpage are invalid.

The CSS validation service allows you to check the validity of Cascading Style Sheets (CSS) used on webpages to control the appearance and formatting of the pages. You can provide a URL for a CSS or upload a CSS file to be verified.

The W3C Feed Validation Service will check the syntax of Atom or RSS feeds. E.g., if you use RSS to publish updated information on blog entries, you can provide the URL for the index.rss file on your site.

The W3C provides other tools as well at Quality Assurance Tools. All of the software developed at the W3C is Open Source / Free software, which means that you can use the software for free and download the code, if you wish. You can also modify the code to suit your own purposes, if you wish.

There is also a paid W3C Validator Suite™, if you wish to have the W3C validate an entire site automatically rather than you validating pages individually.

Note: the W3C validation services can't check pages that require authentication, but can only check pages that are accessible from the Internet without passwords or files that you upload to be checked.

[/network/web/design] permanent link

After implementing the firewall rules, I reconnected the network cable to the system.

Since accessing http://virustotal.com redirects one to http://www.virustotal.com, I wasn't able to access the VirusTotal website until I added the IP address 74.125.34.4 to the list of destination IP addresses the infected system was allowed to access through the firewall. Even though I could then access the site's webapge and select a file to upload, I was unable to actually upload a file that I wanted to check for malware.

So I then added the IP address for the Jotti's malware scan website to the permitted outbound access list for the infected system. I was able to access it with a web browser on the system and upload a suspect file to have it scanned by the 22 antivirus programs the site currently uses to scan uploaded files.

[/security/scans] permanent link

[Sat Mar 22 15:23:58 2014] [error] [client 171.216.29.98] PHP Notice: Undefined index: HTTP_USER_AGENT in /home/jdoe/public_html/index.php on line 39
[Sat Mar 22 15:23:58 2014] [error] [client 171.216.29.98] PHP Notice: Undefined index: HTTP_USER_AGENT in /home/jdoe/public_html/index.php on line 46
[Sat Mar 22 15:23:58 2014] [error] [client 171.216.29.98] attempt to invoke directory as script: /home/jdoe/public_html/blog/

The error was occurring because of PHP code in the file that checks the value for HTTP_USER_AGENT.

I found that the IP address, which is allocated to a system in China, is listed at the Stop Forum Spam site as being associated with someone trying to post spam into forums today - see 171.216.29.98. And when I checked Apache's CustomLog to check the user agent for the browser the user or software program running at the site might be using to identify itself, I found that the log entries indicated that it wasn't providing user agent information, which browsers and web crawlers normally provide. The log also showed that other than that one file at the site's document root, the user or program accessing the site only queried a directory that has "forums" as part of the path. I have blog entries posted on forum software, so that may have prompted the visit to the site from that IP address, if the person or program is looking for sites where he or it can post forum spam.

I checked the "reputation" of the IP address at other sites that provide information on whether an IP address has been noted to be associated with malicous activity and found the following:

1. Site: WatchGuard Reputation Authority
   Rating: Bad
   Reputation Score: 95/100
   Comment: The score indicates the overall ReputationAuthority reputation score, including the name and location of the ISP (Internet Service Provier), for the specified address. A score of 0-50 indicates a good to neutral reputation. 51-100 indicates that threats have been detected recently from the address and the reputation has been degraded.
2. Site: Barracuda Reputation
   Reputation: Poor
   Comment:
   
3. Site: McAfee Trusted Source
   Reputation: Unrated
   Comment:
4. Site: Check Your IP Reputation - Miracare of Mirapoint
   Reputation: High Risk
   Comment: This IP address is used for sending Spam on a regular basis
5. Site: BrightCloud Security Services URL/IP Lookup
   Reputation: High Risk
   Comment: Location - Chengdu, China. Spam Sources found. Webroot IP Reputation is listed as "High Risk", but lower down on the page the status assigned to the address is "Moderate Risk".

To stop any futher access to the server from that IP address, from the root account, I used the route command to reject access by the IP address.

# route add 171.216.29.9 reject

Note: the command is valid on a Linux system, but though the route command is available on a Microsoft Windows system, that operating system doesn't support the "reject" parameter.

The blocked route can be seen by issuing the route command with no parameters.

# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
171.216.29.9    -               255.255.255.255 !H    0      -        0 -

If I ever want to permit access to the server from that IP address again, I could use route del 171.216.29.9 to permit access from that address.

References:

1. Stopping an Attacker with the Route Reject Command
   MoonPoint Support
   Date: April 15, 2007

[/security/scans] permanent link

[ More Info ]

[/network/web/crawlers] permanent link

The original purpose of a favicon was to provide a small icon, commonly 16 x 16 pixels, that a browser would associate with a website when a user bookmarked the site. Today, browsers typically display a page's favicon in their address bar and sometimes also in the browser's history display as well as using it in association with a bookmark. Those browsers that provide a tabbed document interface (TDI) also typically display the favicon next to a page's title on a tab for the site with which the favicon is associated.

I had an icon I had used years ago, but decided I liked the crescent moon icon, I found at favicon.cc better. That site provides a tool that will allow you to create your own favicon. It also provides many free icons that you can download.

To use the icon file, you can simply place the favicon.ico in the root directory of the website where browsers can automatically locate it. Or you can place it elsewhere on the site and specify its location by inserting the following code within the head section of the HTML code for a page, substituing the relative path from the website's document root for YOUR_PATH.

<link href="/YOUR_PATH/favicon.ico" rel="icon" type="image/x-icon" />

Something like the following is also acceptable. I.e., in addition to specifying the file's location you can can also give the file a name other than favicon.ico.

<link rel="icon" href="http://example.com/myicon.ico" />

The file also does not have to be a .ico file. See the file format support section of the Wikipedia Favicon article for other image file formats that are supported by various browsers.

[/network/web/browser] permanent link

If you see squares or question marks instead of the symbols, you may need an appropriate language pack installed to display the symbols.

[/network/web/html] permanent link

Redirect 301 /dir1/dir2/example.html /dir1/dir2/example.php

In the Apache error log for the website, I saw the following:

[Wed Mar 19 21:05:17 2014] [alert] [client 192.168.0.10] /home/jdoe/public_html/dir1/dir2/dir3/.htaccess: AuthUserFile not allowed here, referer: http://support.moonpoint.com/dir1/dir2/example.php

That error log entry was created when I clicked on a link I had in example.php to access a file in the directory dir3, which was below the one in which example.php was located.

To allow the redirect to work, I had inserted the following code in the VirtualHost section for the website within Apache's /etc/httpd/conf/httpd.conf file.

<Directory /home/jdoe/public_html/dir1/dir2>
    AllowOverride FileInfo
</Directory>


The .htaccess file for controlling access to the subdirectory dir1/dir2/dir3 had worked fine until I created another .htaccess file above it in dir2 for the redirect. The one for controlling access to dir3 with a username and password was similar to the following:

AuthUserFile /home/jdoe/public_html/.htpasswd-test
AuthGroupFile /dev/null
AuthName Testing
AuthType Basic
Require user test1


Because it contained AuthUserFile and AuthGroupFile, but I didn't specify AuthConfig within the <Directory> section for the virtual host in the httpd.conf file, but only FileInfo for AllowOverride, the authorization control no longer worked. When I changed the AllowOverride line to that shown below and restarted Apache with apachectl restart then both the redirect for the file in dir2 and the HTTP basic access authentication method for files in the subdirectory dir3 beneath dir2 both worked.

<Directory /home/jdoe/public_html/dir1/dir2>
    AllowOverride AuthConfig FileInfo
</Directory>

I had forgotten that by limiting AllowOverride to just FileInfo for dir2, I was effectively nullifying any other type of overrides in any subdirectores beneath it.

References:

1. Apache Core Feartures
   Apache HTTP Server Project

[/network/web/server/apache] permanent link

C:\Users\JDoe>netsh
netsh>wlan
netsh wlan>show drivers

Interface name: Wi-Fi

    Driver                    : Realtek RTL8188E Wireless LAN 802.11n PCI-E NIC
    Vendor                    : Realtek Semiconductor Corp.
    Provider                  : Realtek Semiconductor Corp.
    Date                      : 2/27/2013
    Version                   : 2007.10.227.2013
    INF file                  : C:\windows\INF\oem13.inf
    Files                     : 2 total
                                C:\windows\system32\DRIVERS\rtwlane.sys
                                C:\windows\system32\drivers\vwifibus.sys
    Type                      : Native Wi-Fi Driver
    Radio types supported     : 802.11n 802.11b 802.11g
    FIPS 140-2 mode supported : No
    802.11w Management Frame Protection supported : Yes
    Hosted network supported  : Yes
    Authentication and cipher supported in infrastructure mode:
                                Open            None
                                WPA2-Personal   CCMP
                                Open            WEP-40bit
                                Open            WEP-104bit
                                Open            WEP
                                WPA-Enterprise  TKIP
                                WPA-Personal    TKIP
                                WPA2-Enterprise TKIP
                                WPA2-Personal   TKIP
                                WPA-Enterprise  CCMP
                                WPA-Personal    CCMP
                                WPA2-Enterprise CCMP
                                Vendor defined  TKIP
                                Vendor defined  CCMP
                                Vendor defined  Vendor defined
                                Vendor defined  Vendor defined
                                WPA2-Enterprise Vendor defined
                                WPA2-Enterprise Vendor defined
                                Vendor defined  Vendor defined
                                Vendor defined  Vendor defined
    Authentication and cipher supported in ad-hoc mode:
                                Open            None
                                Open            WEP-40bit
                                Open            WEP-104bit
                                Open            WEP
                                WPA2-Personal   CCMP
    IHV service present       : Yes
    IHV adapter OUI           : [00 e0 4c], type: [00]
    IHV extensibility DLL path: C:\windows\system32\Rtlihvs.dll
    IHV UI extensibility ClSID: {6c2a8cca-b2a2-4d81-a3b2-4e15f445c312}
    IHV diagnostics CLSID     : {00000000-0000-0000-0000-000000000000}

netsh wlan>

Or you can issue the netsh wlan show drivers command at the command prompt to have the information shown and be immediately returned to the command prompt.

[/os/windows/commands] permanent link

find . -name "*.html"

The subdirectory path will be included in the output along with the file names.

If you wish to have a count of the number of such files, you can use either of the two commands below:

find . -name "*.html" | grep -c .
find . -name "*.html" | wc -l

Note: if you use the grep command, be sure to include the dot after the -c.

[/os/unix/commands] permanent link

Method 1

Note: this method applies for Firefox 27 and may not apply to all other versions.

1. Click on Firefox at the upper, left-hand corner of the Firefox window to access its menu.

   

2. Select History.
3. Select Clear Recent History.

   

4. If the site was accessed within the last hour, you can leave "time range to clear" set at "Last Hour"; if not, you may need to change the value to a longer period. With Details visible, you can clear the checkmarks for all the items, except Active Logins, if you wish.

   

5. Click on the Clear Now button.

Method 2

Note: This method may work for some other browsers as well as Firefox, but won't work for Internet Explorer. An advantage to this method is it is applied to just the particular website. It doesn't cause Firefox to forget the credentials for any other websites.

With some browsers, you can specify the credentials to use to access a webpage protected by basic authenticaion by putting the userid and password in the URL for the page with http://user:pass@www.example.com, substituting a username for the site for "user" and a password that goes with that username for "pass" in the address line, e.g. http://bob:mypassword@www.example.com.

If you put http://abc@www.example.com/some-page.html in the address bar for the webpage some-page.html that is protected by the basic authentication method, then the browser can be caused to forget a valid set of credentials previously used to access that page that Firefox remembers and will normally reuse until you exit from Firefox. You will be prompted by the website for a new set of valid credentials, allowing you to enter a new user name and passwrod to access the page or cause your browser to forget the previously valid ones.

[/network/web/browser/firefox] permanent link

cut -d: -f1 /etc/passwd

[/os/unix/commands] permanent link

For a column of numbers from A2 to A66, the following forumlas could be used:

[/network/web/services/google] permanent link

[/hardware/network/router/netgear] permanent link

COUNTIFS( criteria_range1, criteria1, [criteria_range2, criteria2, ... criteria_range_n, criteria_n] )

As an example, suppose I have the following worksheet in a spreadsheet:

Number represents work request numbers associated with various projects. Column C has dates for when the work requests were approved with today's date being March 14, 2014. Column D indicates whether the requests have been funded with a "Y" for "yes" and a "N" for "no".

If I wished to count the number of work requests funded today, I could use the formula =COUNTIF(C2:C10,TODAY()) in cell B11. COUNTIF works because I have only one criteria. But, if I wanted to count the number that were approved and funded today, then I would need to use COUNTIFS rather than COUNTIF. I could use the formula =COUNTIFS(C2:C10,TODAY(),D2:D10,"Y") in cell B12.

[/os/windows/office/excel] permanent link

C:\Users\JDoe>netsh
netsh>wlan
netsh wlan>show networks mode=Bssid

Interface name : Wi-Fi
There are 5 networks currently visible.

SSID 1 : 558935
    Network type            : Infrastructure
    Authentication          : WPA2-Personal
    Encryption              : CCMP
    BSSID 1                 : 0c:54:a5:48:19:e5
         Signal             : 81%
         Radio type         : 802.11n
         Channel            : 1
         Basic rates (Mbps) : 1 2 5.5 11
         Other rates (Mbps) : 6 9 12 18 24 36 48 54

SSID 2 : Haze
    Network type            : Infrastructure
    Authentication          : WPA2-Personal
    Encryption              : CCMP
    BSSID 1                 : 94:44:52:5a:54:54
         Signal             : 83%
         Radio type         : 802.11n
         Channel            : 11
         Basic rates (Mbps) : 1 2 5.5 11
         Other rates (Mbps) : 6 9 12 18 24 36 48 54

SSID 3 : 08FX02038916
    Network type            : Infrastructure
    Authentication          : Open
    Encryption              : WEP
    BSSID 1                 : 00:18:3a:8a:01:c5
         Signal             : 49%
         Radio type         : 802.11g
         Channel            : 6
         Basic rates (Mbps) : 1 2 5.5 11
         Other rates (Mbps) : 6 9 12 18 24 36 48 54

SSID 4 : linksys
    Network type            : Infrastructure
    Authentication          : Open
    Encryption              : None
    BSSID 1                 : 00:13:10:fa:ef:a3
         Signal             : 45%
         Radio type         : 802.11g
         Channel            : 6
         Basic rates (Mbps) : 1 2 5.5 11
         Other rates (Mbps) : 6 9 12 18 24 36 48 54

SSID 5 : Hickox
    Network type            : Infrastructure
    Authentication          : Open
    Encryption              : WEP
    BSSID 1                 : 0c:d5:02:c5:e8:8c
         Signal             : 48%
         Radio type         : 802.11g
         Channel            : 11
         Basic rates (Mbps) : 1 2 5.5 11
         Other rates (Mbps) : 6 9 12 18 24 36 48 54

netsh wlan>

[/os/windows/commands] permanent link

C:\Users\JDoe>netsh
netsh>wlan
netsh wlan>show interfaces

There is 1 interface on the system:

    Name                   : Wi-Fi
    Description            : Realtek RTL8188E Wireless LAN 802.11n PCI-E NIC
    GUID                   : d79cd37a-fe78-482b-b23e-af4953ba9f6b
    Physical address       : 48:d2:24:68:e1:aa
    State                  : connected
    SSID                   : Haze
    BSSID                  : 94:44:52:5a:54:54
    Network type           : Infrastructure
    Radio type             : 802.11n
    Authentication         : WPA2-Personal
    Cipher                 : CCMP
    Connection mode        : Auto Connect
    Channel                : 11
    Receive rate (Mbps)    : 72
    Transmit rate (Mbps)   : 72
    Signal                 : 100%
    Profile                : Haze

    Hosted network status  : Not available

netsh wlan>

The signal strength for the wireless connection is shown on the Signal line, e.g., 100% in the case above. The wireless connection is using the 802.11n wireless network standard, which is one of the 802.11 standards.

[/os/windows/commands] permanent link

5.10.83.52 - - [12/Mar/2014:00:32:23 -0400] "GET /blog/blosxom/<a%20href=/<a%20h ref=/<a%20href=/2008/05/01/2008/03/2008/05/05/network/email/clients/outlook/2008 /10/network/email/sendmail/2008/07/network/email/clients/outlook/2008/05/25/2008 /12/2008/05/18/2008/05/03/index.html?advanced_search=1 HTTP/1.1" 200 12080 "-" " Mozilla/5.0 (compatible; AhrefsBot/5.0; +http://ahrefs.com/robot/)"

They seem to be getting erroneous URLs reflecting a directory structure related to dates that doesn't exist on the system. The URLs appear to be related to the find plugin, since its search option includes code for "advanced_search=1", so I've edited the Perl code for that plugin to include rel="nofollow" at the end of the URL generated for the advanced search capability.

The orignal code was:

<a href="$blosxom::url/$path_withflavour?advanced_search=1">Advanced Search</a>

The line is now:

<a href="$blosxom::url/$path_withflavour?advanced_search=1" rel="nofollow">Advanced Search</a>

Adding rel="nofollow" to a URL tells search engines, such as Google's search engine not to follow any link that includes the nofollow parameter.

The following meta tag can be included in the head section of the HTML code for a page to tell search engines not to follow any links on a page.

<meta name="robots" content="nofollow">

But there may be instances, such as this case for me, where a webpage designer wants only some links on a page not to be followed to their destination by search engines.

The attribute can also be added to individual links if you don't want to vouch for the content of the page to which the link points. E.g., adding it to links placed in comments by those commenting on a page will allow visitors to go to the linked page, but search engines that adhere to the nofollow parameter won't use the link to increase their ranking of the page to which the link points, which may discourage some comment spammers.

The rel="nofollow" option for links was developed as a way to combat link spam. In January 2005, Google, Yahoo! and MSN announced that they would support use of the "nofollow" tag as a way to deter link spam. Microsoft's MSN Spaces and Google's Blogger blogging services joined the effort to utilize the tag to discourage link spamming At that time a number of blog software providers, including Six Apart, WordPress, Blosxom, and blojsom, also joined the effort by supporting use of the tag.

References:

1. Use rel="nofollow" for specific links
   Google Webmaster Tools
2. Wipedia ponders joining search engines in fight against spam
   By: Michael Snow
   Date: January 24, 2005

[/network/web/blogging/blosxom] permanent link

$ system_profiler SPDisplaysDataType
Graphics/Displays:

    NVIDIA GeForce 9400M:

      Chipset Model: NVIDIA GeForce 9400M
      Type: GPU
      Bus: PCI
      VRAM (Total): 256 MB
      Vendor: NVIDIA (0x10de)
      Device ID: 0x0863
      Revision ID: 0x00b1
      ROM Revision: 3448
      gMux Version: 1.8.8
      Displays:
        Color LCD:
          Display Type: LCD
          Resolution: 1440 x 900
          Pixel Depth: 32-Bit Color (ARGB8888)
          Main Display: Yes
          Mirror: Off
          Online: Yes
          Built-In: Yes

    NVIDIA GeForce 9600M GT:

      Chipset Model: NVIDIA GeForce 9600M GT
      Type: GPU
      Bus: PCIe
      PCIe Lane Width: x16
      VRAM (Total): 512 MB
      Vendor: NVIDIA (0x10de)
      Device ID: 0x0647
      Revision ID: 0x00a1
      ROM Revision: 3448
      gMux Version: 1.8.8

In the example above, the video resolution for the MacBook Pro on which I ran the command is 1440 x 900. The Screen Information page at BrowserSpy.dk will also report a system's screen resolution, if you visit that page using a browser on the system. In this case it reports a width of 1440 and a height of 900 pixels for the MacBook Pro.

[/os/os-x] permanent link

The plugin has been contributing a lot of entries in the site's error log that appear to be related to normal behavior for the plugin. I've been ignoring them, since the plugin has been working fine and the entries seem to be more informatonal in nature than reflective of a problem with the plugin. E.g., I see a lot of entries similar to the following:

[Sun Mar 09 23:59:19 2014] [error] [client 10.0.90.23] calendar debug 1: start() called, enabled
[Sun Mar 09 23:59:20 2014] [error] [client 10.0.90.23] calendar debug 1: filter() called
[Sun Mar 09 23:59:20 2014] [error] [client 10.0.90.23] calendar debug 1: Using cached state
[Sun Mar 09 23:59:20 2014] [error] [client 10.0.90.23] calendar debug 1: head() called
[Sun Mar 09 23:59:20 2014] [error] [client 10.0.90.23] calendar debug 1: head() done, length($month_calendar, $year_calendar, $calendar) = 3947 1212 5229

I finally decided I should stop the production of those entries, though, so I could more readily see log entries that are significant. So I looked at the Perl code for the plugin. On line 30, I see the following:

$debug_level    = 1 unless defined $debug_level;

The debug surboutine is on lines 49 through 56 and is as follows:

sub debug {
    my ($level, @msg) = @_;

    if ($debug_level >= $level) {
        print STDERR "$package debug $level: @msg\n";
    }
    1;
}

On line 517, I see the following comment.

C<$debug_level> can be set to a value between 0 and 5; 0 will output
no debug information, while 5 will be very verbose.  The default is 1,
and should be changed after you've verified the plugin is working
correctly.

Since the plugin has been working for a long time and I don't need to see the debugging information, I set the value for debug_level on line 30 to zero instead of one.

$debug_level    = 0 unless defined $debug_level;

That has stopped the insertion of the calendar plugin entries in the Apache error log file with no effect on the calendar's functionality.

[/network/web/blogging/blosxom] permanent link

[ More Info ]

[/network/web/server/apache] permanent link

You then need to take the following steps:

1. Click on Game.
2. Select Configuration.
3. Select All Configuration.
4. Uncheck the checkbox next to "Echo My Input In" under Output Window.

   

5. Make sure the value for the number of lines to keep under Command History is not set to 0, but is set to the number of commands you want to keep in the history; the default value is 1,000 lines..
6. Click on OK.

You should then be able to see commands you type in the command history window that you can open with Ctrl-H. If you want to save the setting so that you don't have to change it the next time you connect to the MUSH, click on File and select Save World Details.

Instructions appy to version 4.84.

[/gaming/mushclient] permanent link

$ mdfind -name Waterfalls.mp3
/Users/jdoe/Music/iTunes/iTunes Media/Music/Bob Weir/Relax With Soothing Waterfalls/01 Soothing Waterfalls.mp3
/Users/jdoe/Downloads/Waterfalls.mp3

You can specify just part of the file name and the search is not case specific, i.e., "waterfall" and "Waterfall" are deemed identical.

$ mdfind -name waterfall
/Users/jdoe/Downloads/Waterfalls.mp3
/Users/jdoe/Music/iTunes/iTunes Media/Music/Bob Weir/Relax With Soothing Waterfalls/01 Soothing Waterfalls.mp3
/Users/jdoe/Music/iTunes/iTunes Media/Music/Bob Weir/Relax With Soothing Waterfalls
/Library/Desktop Pictures/Eagle & Waterfall.jpg

As shown in the above example, directories whose names contain the string on which you are performing the search, i.e., "waterfall" in the above case, will also be returned.

If you just want a count of files and directories containing a particular string, such as "waterfall" in the name, you can add the -count parameter.

$ mdfind -count -name waterfall
4

If you want to limit the search to a particular directory you can use the -onlyin parameter.

$ mdfind -name waterfall -onlyin "/Library/Desktop Pictures/"
/Library/Desktop Pictures/Eagle & Waterfall.jpg

[/os/os-x] permanent link

$ sw_vers
ProductName:	Mac OS X
ProductVersion:	10.8.3
BuildVersion:	12D78

If you are only interested in the ProductName, ProductVersion , or BuildVersion, you can specify arguments that will restrict the output to just that informaton.

$ sw_vers -productName
Mac OS X
$ sw_vers -productVersion
10.8.3
$ sw_vers -buildVersion
12D78

You can also get the OS X version number using the system_profiler command.

$ system_profiler SPSoftwareDataType | grep "System Version"
      System Version: OS X 10.8.3 (12D78)

[/os/os-x] permanent link

afplay Waterfalls.mp3

You can terminate the playing of the audio file using Ctrl-C. You can specify that the audio file only be played for a specific number of seconds using the -t or --time argument. E.g., the following command would play the specified MP3 file for 10 seconds and then terminate afplay:

afplay --time 10 Waterfalls.mp3

For help on the command use afplay -h.

$ afplay -h
Usage:
afplay [option...] audio_file

Options: (may appear before or after arguments)
  {-v | --volume} VOLUME
    set the volume for playback of the file
  {-h | --help}
    print help
  { --leaks}
    run leaks analysis
  {-t | --time} TIME
    play for TIME seconds
  {-r | --rate} RATE
    play at playback rate
  {-q | --rQuality} QUALITY
    set the quality used for rate-scaled playback (default is 0 - low quality, 1 - high quality)
  {-d | --debug}
    debug print output

[/os/os-x] permanent link

$ afinfo Waterfalls.mp3
File:           Waterfalls.mp3
File type ID:   MPG3
Num Tracks:     1
----
Data format:     2 ch,  44100 Hz, '.mp3' (0x00000000) 0 bits/channel, 0 bytes/packet, 1152 frames/packet, 0 bytes/frame
                no channel layout.
estimated duration: 3642.644850 sec
audio bytes: 72852897
audio packets: 139445
bit rate: 160000 bits per second
packet size upper bound: 1052
maximum packet size: 523
audio data file offset: 2228
optimized
audio 160637484 valid frames + 528 priming + 2628 remainder = 160640640
----

The command will tell you the bit rate and the estimated duration if you choose to play the file. In the example above, the MP3 bitrate is 160 kbit/s, which is a mid-range bitrate quality for an MP3 file. Common bitrates for MP3 files are as follows:

• 32 kbit/s – generally acceptable only for speech
• 96 kbit/s – generally used for speech or low-quality streaming
• 128 or 160 kbit/s – mid-range bitrate quality
• 192 kbit/s – a commonly used high-quality bitrate
• 320 kbit/s – highest level supported by MP3 standard

The estimated playing time of the MP3 file in the example above is 3642.644850 sec. You can convert that to minutes from the command line by passing a command to python to convert seconds to minutes.

$ python -c "print 3642.644850 / 60"
60.7107475

If you wanted to convert that to hours, you could just divide by 60 minutes per hour by adding another "/ 60" at the end of the command.

$ python -c "print 3642.644850 / 60 / 60"
1.01184579167

If you just want to know the bit rate, you can pipe the output of afinfo through grep and awk:

$ afinfo Waterfalls.mp3 | grep "bit rate" | awk '{print $3}'
160000

If you just want to know the duration in seconds, you can use the following commands:

$ afinfo Waterfalls.mp3 | grep "estimated duration" | awk '{print $3}'
3642.644850

If you want the value in minutes you can also use awk to print that value instead.

$ afinfo Waterfalls.mp3 | grep "estimated duration" | awk '{print $3 / 60 , "minutes"}' 
60.7107 minutes

[/os/os-x] permanent link

DuckDuckGo gets its results from over one hundred sources, including DuckDuckBot (our own crawler), crowd-sourced sites (like Wikipedia, which are stored in our own index), Yahoo! (through BOSS), Yandex, WolframAlpha, and Bing.

DuckDuckGo's page states they apply their own algorithm to rank results obtained from other search engines upon which they rely for data.

One of the search engines mentioned was Yandex. The Yandex search engine, Yandex Search, can be accessed at www.yandex.com. According to the Wikipedia articles for Yandex and Yandex Search the company operates the largest search engine in Russia with about 60% market share in Russia with its search engine generating 64% of all Russian web search traffic in 2010. The article on the company also states:

Yandex ranked as the 4th largest search engine worldwide, based on information from Comscore.com, with more than 150 million searches per day as of April 2012, and more than 50.5 million visitors (all company's services) daily as of February 2013.

The article also indicates Yandex is heavily utilized in Ukraine and Kazakhstan, providing nearly a 1/3 of all search results in those countries and 43% of all search results in Belarus.

When I searched the logs for this year for this website, I found quite a few entries indicating the site had been indexed by the Yandex web crawler. I.e., there were many entries containing the following:

"Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)"

In the homepage for this site, I include PHP code to notify me whenever Google's Googlebot indexes the site, so I updated that code to include a check that will lead to an email alert being sent to me whenever the YandexBot indicates the site, also.

<?php
$email = "me@example.com";
if( eregi("googlebot", $_SERVER['HTTP_USER_AGENT']) )
{
    mail($email, "Googlebot Alert",
            "Google just indexed your following page: " .
            $_SERVER['REQUEST_URI']);
}

if( eregi("YandexBot", $_SERVER['HTTP_USER_AGENT']) )
{
    mail($email, "Yandex Alert",
            "Yandex just indexed your following page: " .
            $_SERVER['REQUEST_URI']);
}

?>

[/network/web/search] permanent link

accessing deleted wikipedia pages -site:wikipedia.org

If you wish to include only results for a particular site, then you would put the site's name after the word site, e.g., if I wished to search just moonpoint.com, I could use the following:

accessing deleted wikipedia pages site:moonpoint.com

If you restrict searches using the site option, if you use a domain name such as moonpoint.com, results will also be returned for any domain names that include the specified domain name at the end of the domain name, e.g., in this case anything on www.moonpoint.com or support.moonpoint.com would also be returned. The same is true when using the -site option, i.e., no results would be returned for en.wikipedia.org or www.wikipedia.org in the first example.

[/network/web/search] permanent link

[ More Info ]

[/security/antivirus/f-secure] permanent link

root@Microknoppix:/# netstat -a | grep ssh
root@Microknoppix:/#

You can also check to see if it is running by using the command service --status-all. If there is a plus sign next to ssh, it is running. If, instead, there is a minus sign, it is not running.

root@Microknoppix:/# service --status-all
 [ - ]  acpid
 [ - ]  bootlogd
 [ - ]  bootlogs
 [ ? ]  bootmisc.sh
 [ ? ]  checkfs.sh
 [ - ]  checkroot.sh
 [ ? ]  console-screen.sh
 [ ? ]  console-setup
 [ ? ]  cpufrequtils
 [ ? ]  cron
 [ ? ]  cryptdisks
 [ ? ]  cryptdisks-early
 [ + ]  dbus
 [ + ]  ebtables
 [ ? ]  etc-setserial
 [ - ]  fsaua
 [ ? ]  fsrcdtest
 [ - ]  fsupdate
 [ ? ]  fsusbstorage
 [ ? ]  gpm
 [ ? ]  hdparm
 [ - ]  hostname.sh
 [ ? ]  hwclock.sh
 [ ? ]  hwclockfirst.sh
 [ ? ]  ifupdown
 [ ? ]  ifupdown-clean
 [ ? ]  kexec
 [ ? ]  kexec-load
 [ ? ]  keyboard-setup
 [ ? ]  keymap.sh
 [ ? ]  killprocs
 [ ? ]  klogd
 [ ? ]  knoppix-autoconfig
 [ ? ]  knoppix-halt
 [ ? ]  knoppix-reboot
 [ ? ]  knoppix-startx
 [ ? ]  loadcpufreq
 [ ? ]  lvm2
 [ ? ]  mdadm
 [ ? ]  mdadm-raid
 [ ? ]  module-init-tools
 [ ? ]  mountall-bootclean.sh
 [ ? ]  mountall.sh
 [ ? ]  mountdevsubfs.sh
 [ ? ]  mountkernfs.sh
 [ ? ]  mountnfs-bootclean.sh
 [ ? ]  mountnfs.sh
 [ ? ]  mountoverflowtmp
 [ ? ]  mtab.sh
 [ + ]  network-manager
 [ ? ]  networking
 [ - ]  nfs-common
 [ - ]  nfs-kernel-server
 [ + ]  open-iscsi
 [ - ]  portmap
 [ ? ]  pppstatus
 [ ? ]  procps
 [ ? ]  rc.local
 [ - ]  rmnologin
 [ - ]  rsync
 [ ? ]  screen-cleanup
 [ ? ]  sendsigs
 [ ? ]  setserial
 [ - ]  smartmontools
 [ - ]  ssh
 [ - ]  stop-bootlogd
 [ - ]  stop-bootlogd-single
 [ ? ]  sudo
 [ ? ]  sysklogd
 [ ? ]  udev
 [ ? ]  udev-mtab
 [ ? ]  umountfs
 [ ? ]  umountiscsi.sh
 [ ? ]  umountnfs.sh
 [ ? ]  umountroot
 [ - ]  urandom

On a Microknoppix system, such as may be present on a Rescue CD or other live CD or DVD, the SSH server software may not even be present on the CD or DVD. You can use the apt-cache search command followed by a regular expression, in this case ssh, to determine if the package is present on the system.

root@Microknoppix:/# apt-cache search ssh
libssl0.9.8 - SSL shared libraries
sshstart-knoppix - Starts SSH and sets a password for the knoppix user
openssh-client - secure shell (SSH) client, for secure access to remote machines

In the case above, I can see that only an SSH client is present. If I run the sshstart-knoppix command, I will be prompted to set a password for the knoppix account on the system, but, since the SSH server package is not present, the command won't actually start an sshd service.

If the SSH server service is not running and the SSH server package is not installed, first you need to install the SSH server software. To do so you may need to add an appropriate package repository, such as http://us.debian.org/debian to the file /etc/apt/sources.list. E.g., you will need to do so when using the F-Secure 3.16 Rescue CD.

If you attempt to install the openssh-server package and see the results below, then you need to add an appropriate repository to /etc/apt/sources.list so the system can find the package and download it.

root@Microknoppix:/# apt-get install openssh-server
Reading package lists... Done
Building dependency tree...
Reading state information... Done
Package openssh-server is not available, but is referred to by another package.
This may mean that the package is missiong, has been obsoleted, or
is only available from another source

E: Package 'openssh-server' has no installation candiate
root@Microknoppix:/#

You can add the http://us.debian.org/debian repository to the end of the file by using the cat command. Type cat >> /etc/apt/sources.list (make sure you use two greater than signs so as to append to the file rather than overwrite it) then type deb http://http.us.debian.org/debian stable main contrib non-free and then hit Enter. Then hit the Ctrl and D keys simultaneously, i.e., Ctrl-D. Next issue the command apt-get update. When that command has completed, issue the command apt-get install openssh-server. When informed of the amount of additional disk space that will be needed and them prompted as to whether you wish to continue, type "Y". When prompted "Install these packages without verification [y/N]?", enter "y".

When the command completes you can then issue the command netstat -a | grep ssh to verify that the system is listening on the SSH port, which is normally TCP port 22.

root@Microknoppix:/# netstat -a | grep ssh
tcp        0      0 *:ssh                   *:*                     LISTEN     
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN

If you issued the command apt-cache search openssh-server at this point, you would see the following:

root@Microknoppix:/# apt-cache search openssh-server
openssh-server - secure shell (SSH) server, for secure access from remote machines

Use the passwd command to set the password for the knoppix account, which you can use for remote logins.

root@Microknoppix:/tmp# passwd knoppix
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

Hit Return to continue.

Once the SSH server service is running, you should be able to connect to the system remotely with an SSH client on another system. To determine what IP address you should use for the connection, you can issue the command ifconfig. You should see an inet addr line that will provide the system's current IP address. It will typically be in the information provided for the eth0 network interface. The l0 interface is the local loopback interface, which will have an IP address of 127.0.0.1. You can use that address to verify that the SSH connectivity is working from the local system, but not for a remote login.

root@Microknoppix:/# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:18:f3:a6:01:8a  
          inet addr:192.168.0.40  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::218:f3ff:fea6:18a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:334286 errors:0 dropped:0 overruns:0 frame:0
          TX packets:262393 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:289663552 (276.2 MiB)  TX bytes:183570787 (175.0 MiB)
          Interrupt:23 Base address:0xc000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:24 errors:0 dropped:0 overruns:0 frame:0
          TX packets:24 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:2331 (2.2 KiB)  TX bytes:2331 (2.2 KiB)

To login remotely via SSH, use knoppix for the login account and provide the password you entered above for that account when prompted for the password. Once you have logged in under the knoppix account, you can obtain a Bash shell prompt for the root account using the command sudo bash.

knoppix@Microknoppix:~$ sudo bash
root@Microknoppix:/home/knoppix#

If you then need to stop, start, or restart the service, you can do so using /etc/init.d/ssh followed by the appropriate parameter.

root@Microknoppix:/# /etc/init.d/ssh
[info] Usage: /etc/init.d/ssh {start|stop|reload|force-reload|restart|try-restar
t|status}.

The configuration file for the SSHD service is /etc/ssh/ssh_config. You can change values by removing the comment character, #, from the beginning of a line and chaning the default value on the line, then stopping and restaring the service. Note: stopping the sshd service won't disconnect an existing SSH connection, so you can remotely restart the service with /etc/init.d/ssh restart without being disconnected.

[/os/unix/linux/knoppix] permanent link

$ find . -name \*man\*
./man
./manual.txt

Note: the backslashes before the asterisks are "escape characters", i.e., they tell the shell not to interpret the asterisk before the find command sees it - see What is the difference between \*.xml and *.xml in find command in Linux/mac. Another alternative is to enclose the *man* within double quotes.

$ find . -name "*man*"
./man
./manual.txt

But, if I only want to find items that have "man" in the name which are directories, I could use the following to specify I only want to see items where the file is of type directory ("d" represents directory and "f" represents a regular file):

$ find . -name \*man\* -type d
./man

By default, the find command will use a logical and for the two conditions, i.e., both conditions must be met. I could explicitly state I want to "and" the two conditions with a -a, but it isn't necessary to do so in this case.

$ find . -name \*man\* -a -type d
./man

But what if I want to to specify a logical "or", i.e. that I want results returned where either of two conditions are met? E.g., suppose I want to find all files where the filename contains man or guide. Then I need to use a -o parameter.

$ find . -name "*man*" -o -name "*guide*"
./man
./manual.txt
./guide.txt

Suppose I only wanted to see only files with man or guide in the filename that are "regular" files and not any directories. I could use -type f to specify that I only want to see regular files.

$ find . -name "*man*" -o -name "*guide*" -type f
./man
./manual.txt
./guide.txt

As you can see, the directory man is still returned. To get the results I want, i.e., to not have the directory man appear in the results, I need to enclose the "or" condtions within parentheses.

$ find . \( -name "*man*" -o -name "*guide*" \) -type f
./manual.txt
./guide.txt

Note: you also need to "escape" the meaning of ( and ) by preceding them with the backslash escape character. Otherwise, you will get an "unexpected token" error message.

$ find . (-name "*man*" -o -name "*guide*") -type f
-bash: syntax error near unexpected token `('

And you need to put a space after the left parenthesis and before the right parenthesis or you will receive an "invalid predicate" error message.

$ find . \(-name "*man*" -o -name "*guide*"\) -type f
find: invalid predicate `(-name'

As another example, suppose I want to find all HTML or PHP files that contain the word "Geek" within them when the HTML files have a .html extension and the PHP files have a .php extension on the file names. Then I need to use a -o between the conditions to specify that I want to see results if the file has an extension of .html or .php.

$ find . \( -name "*.php" -o -name "*.html" \) -exec grep -i "Geeks" {} /dev/null \;
./temp.php:1Geeks
./temp.html:2Geeks

Whenever a file has a name that ends in .html or .php, the file contents are sent to the grep command for examination. To specify that I want to use a logical or, the -o is placed between -name "*.php" and -name "*.html". Again, I also have to include the two conditions within parentheses to ensure that the "or" condition is checked before sending the results to grep for examination of the contents of the files. If the parentheses aren't used, I would only see one of the files returned.

$ find . -name "*.php" -o -name "*.html" -exec grep -i "Geeks" {} /dev/null \;
./temp.html:2Geeks

[/os/unix/commands] permanent link

10
20
30
40
50
1
2
3
4
5

The contents of the file can be piped into the awk command with the cat command and then summed by awk.

$ cat numbers.txt | awk '{sum+=$1} END {print sum}'
165

If the numbers are not in the first column in the file, but were in the second column instead, you can adjust $1 to be the relevant column instead. E.g, if the file contents looked like the following with the numbers in the second column, then you would use $2 instead.

Dave 10
Bill 20
Joe 30
Mary 40
Maria 50
Howard 1
Sam 2
Lisa 3
Karen 4
Nina 5

$ cat numbers.txt | awk '{sum+=$2} END {print sum}'
165

If you know the numbers always occur in specific colum positions in the file, e.g., in positions 10 to 15, you could also use the cut command instead of the cat command. E.g., if you file contained:

Dave     10
Bill     20
Joe      30
Mary     40
Maria    50
Howard    1
Sam       2
Lisa      3
Karen     4
Nina      5

$ cut -c10-11 numbers.txt | awk '{sum+=$1} END {print sum}'
165

[/os/unix/commands] permanent link

$ networksetup -listallnetworkservices
An asterisk (*) denotes that a network service is disabled.
Bluetooth DUN
Ethernet
FireWire
Wi-Fi

To determine the hardware interface supporting Wi-Fi connections you can use the command networksetup -listallhardwareports.

$ networksetup -listallhardwareports

Hardware Port: Bluetooth DUN
Device: Bluetooth-Modem
Ethernet Address: N/A

Hardware Port: Ethernet
Device: en0
Ethernet Address: d4:9a:20:0d:e6:ec

Hardware Port: FireWire
Device: fw0
Ethernet Address: d4:9a:20:ff:fe:0d:e6:ec

Hardware Port: Wi-Fi
Device: en1
Ethernet Address: f8:1e:df:d9:2b:66

VLAN Configurations
===================

In the case above, the Wi-Fi interface is en1.

To get information on the status of the system's Wi-Fi connection, you can use the command networksetup -getinfo Wi-Fi.

$ networksetup -getinfo Wi-Fi
DHCP Configuration
IP address: 192.168.0.5
Subnet mask: 255.255.255.0
Router: 192.168.0.1
Client ID: 
IPv6: Automatic
IPv6 IP address: none
IPv6 Router: none
Wi-Fi ID: f8:1e:df:d9:2b:66

To find if the system is currently connected to a wireless network and the network name for the current wireless connection, you can use networksetup -getairportnetwork <device name> where device name is the network interface on the system that supports WiFi connections. E.g.:

$ networksetup -getairportnetwork en1
Current Wi-Fi Network: Copernicus

If you stipulate a network interface that is not a WiFi interface, you will get an error message indicating the interface is not a Wi-Fi interface as shown below:

$ networksetup -getairportnetwork en0
en0 is not a Wi-Fi interface.
** Error: Error obtaining wireless information.

If you wish to to turn the Wi-Fi connection on or off from a shell prompt, you can use the networksetup -setairportnetwork command.

$ networksetup -setairportpower en1 off
$ networksetup -getairportnetwork en1
You are not associated with an AirPort network.
Wi-Fi power is currently off.
$ networksetup -setairportpower en1 on
$ networksetup -getairportnetwork en1
Current Wi-Fi Network: Copernicus

[/os/os-x] permanent link

/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport scan

For example:

$ /System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport scan
                            SSID BSSID             RSSI CHANNEL HT CC SECURITY (auth/unicast/group)
                           SC8QR f8:e4:fb:ea:29:5d -86  11      Y  -- WPA2(PSK/AES,TKIP/TKIP) 
                    08FX02038916 00:18:3a:8a:01:c5 -80  6       N  -- WEP
                  Norman Netgear 84:1b:5e:2d:c9:16 -79  6       Y  -- WPA2(PSK/AES/AES) 
                          558935 0c:54:a5:48:19:e5 -16  1       Y  -- WPA(PSK/AES,TKIP/TKIP) WPA2(PSK/AES,TKIP/TKIP) 
                          Hickox 0c:d5:02:c5:e8:8e -80  11      N  -- WEP
                            Haze 94:44:52:5a:54:54 -33  11      Y  -- WPA(PSK/AES/AES) WPA2(PSK/AES/AES) 
                     David's Net ec:1a:59:8d:dd:61 -80  11      Y  -- WPA2(PSK/AES/AES) 

The SSID is the "Service Set Identification", which is a 1 to 32 byte string that represents the "network name". The SSID allows you to identify a network to which you may wish to connect. Sometimes a person setting up a wireless router may choose to not have the SSID broadcast. In that case you wouldn't see the SSID in the list even though the network is available for connections if you know the SSID.

The BSSID is the "Basic Service Set Identification". Each Basic Service Set is identified by a BSSID. For a BSS operating in infrastructure mode, the BSSID is the media access control (MAC) address of the wireless access point (WAP), which is generated by combining the 24-bit Organizationally Unique Identifier, which identifies the manufacturer, and the manufacturer's assigned 24-bit identifier for the radio chipset in the WAP. The BSSID is the formal name of the BSS and is always associated with only one BSS. The SSID is the informal human name of the BSS which is more easily remembered by humans.

You can determine the manufacturer from the BSSID by searching the IEE-SA - Registration Authority MA-L Public Listing. Take the first six digits of the BSSID and replace the colons with dashes and then put the result, which will be in the form of xx-xx-xx in the "Search for" field. E.g., in the case of the wireless network above identified as "David's Net", the BSSID is ec:1a:59:8d:dd:61, so you would search using ec-1a-59, which would show the wireless device was manufacturered by Belkin International Inc., a company that make wireless routers for the home market. For the network identified as "Norman Netgear", searching on 84-1b-5e shows the manufacturer is, indeed, Netgear.

If you just want the names of the available networks, i.e., the SSIDs, you can use the same command and then pipe its output to the cut command. Since the SSID will be the first 32 characters on each line, you will need to cut out the first 32 characters from each line.

$ /System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport scan | cut -c1-32
                            SSID
                           SC8QR
                    08FX02038916
                  Norman Netgear
                          558935
                          Hickox
                            Haze
                     David's Net

[/os/os-x] permanent link

[ More Info ]

[/os/windows/software/utilities] permanent link

If the article was deleted some time between February and September 2008, you may be able to find it on Deletionpedia at deletionpedia.dbatley.com Deletionpedia is an archive that contains 62,224 pages which were deleted from the English-language Wikipedia between February and September 2008. If you know the title of the article that was deleted, you can browse "Pages deleted after more than 1000 days on Wikipedia" or " Pages edited more than 200 times" by their alphabetical listings. If you know the date the article was deleted which, if you have the Wikipedia URL for the article, can be found by visiting the URL for the article on Wikipedia, you can find it by searching Deletionpedia by Pages by deletion date.

Deletionpdedia's own search feature is disabled and the site suggests you use Google to search Deletionpedia. However, I've found that approach is likely to miss articles stored on Deletionpedia. E.g., Deletionpedia contains the article Elvis sightings (deleted 03 Jul 2008 at 10:12), yet if you search the site using Google with Elvis sightings site:deletionpedia.dbatley.com, no results are returned. Incidentally, Wikipedia does now contain an Elvis sightings article.

Interestingly, though Wikipedia now contains a Deletionpedia article, that article was itself once deleted from Wikipedia.

Another site Fixed Reference: Snapshots of Wikipedia provides access to articles archived in April and July of 2004.

Because Fixed Reference and Deletionpedia only provide access to articles from two years, 2004 for Fixed Reference and 2008 for Deletionpedia, their usefulness for accessing deleted articles is very limited. Another alternative is to search the Internet Archive at archive.org. The Internet Archive is a non-profit digital library with the stated mission of "universal access to all knowledge." It also archives pages found on the World Wide Web (WWW). The archived pages, which are created for a website when the Internet Arhive periodically scans the site, are accessible through its Wayback Machine. The name is a reference to the time machine used by Mr. Peabody, a talking dog, and his human companion, Sherman, in the cartoon series The Rocky and Bullwinkle Show to visit famous events in history. You can choose to "Browse History" to search for an archived copy of the page deleted from Wikipedia, if you know its URL. If the page was archived by the Internet Archive multiple times over a period of time, which could span years, you can view the page as it was on the particular days it was archived.

Another place you can check for deleted Wikipedia pages or pages that have disappeared from any website is Archive.is, which aims to be "your personal Wayback Machine!" The site can be freely used by anyone to take a "snapshot" of a webpage that will always be online even if the original page disappears. So, if someone else has archived a particular webpage for which you are searching, you may find it at Archive.is. You can also use the site to archive pages you may want to access later that could disappear from the original site or to make the pages available should the original site disappear from the web.

[/reference] permanent link

[ More Info ]

[/software/projmgmt] permanent link

Kai's Power Tools (KPT) was developed by Kai Krause, but sold to Corel Corporation . Kai also developed Live Picture, Bryce, Kai's Power Show, Kai's Power Goo, Convolver, Kai's Photo Soap and Poser. He pioneered user interface elements in his software such as soft shadows, rounded corners, and translucency.

References:

1. Is the Paintshop Pro X6 KPT Collection Compatible with the 64 Bit version of Paintshop Pro X6?
   Corel Discovery Center

[/os/windows/software/graphics/corel/psp] permanent link

If you need to get the information from a command line interface, e.g., from a terminal or SSH session, you can't get it directly using the system_profiler command, but you can use information provided by that command to look up the information online.

$ system_profiler SPHardwareDataType
Hardware:

    Hardware Overview:

      Model Name: MacBook Pro
      Model Identifier: MacBookPro5,3
      Processor Name: Intel Core 2 Duo
      Processor Speed: 3.06 GHz
      Number of Processors: 1
      Total Number of Cores: 2
      L2 Cache: 6 MB
      Memory: 4 GB
      Bus Speed: 1.07 GHz
      Boot ROM Version: MBP53.00AC.B03
      SMC Version (system): 1.48f2
      Serial Number (system): W89491TF64C
      Hardware UUID: FDE9B14D-E531-569F-A1EF-D0D0D0D0D0D0
      Sudden Motion Sensor:
          State: Enabled

You can use the model identifier information to look up information on when the model was manufactured using Lookup Mac Specs by Serial Number, Order, Model, & EMC Number, Model ID @ EveryMac.com.

If you just want the model identifier, you can use awk to isolate that information.

$ system_profiler SPHardwareDataType | awk '/Model Identifier/ {print $3}'
MacBookPro5,3

When I looked up MacBookPro5,3, I saw 3 entries with a "subfamily" of Mid-2009 15" listed for each. All 3 were introduced on June 8, 2009 and discontinued on April 13, 2010. Using the processor speed information provided by system_profiler, I could narrow the selection down to a specific MacBook Pro "Core 2 Duo" and see the standard RAM and hard disk size for that model.

You can also enter the last 3 characters of a 11 character serial number to obtain that information from the site. Though, in my case I saw an iPhone and several desktop systems listed as well as one laptop model, though, since I knew it was a laptop, I knew which one was the appropriate one.

[/os/os-x] permanent link

1. Click on VMWare Fusion at the top left of the VMWare window.
2. Select "Preferences".
3. Select "Keyboard & Mouse".
4. Click on the "Mouse Shortcuts" tab.

   

5. Uncheck "Secondary Button"; you can then close the "Keyboard & Mouse" window.

You can then select multiple items on a form by holding down the Control key while left clicking on items. If you want to go back to the default configuration afterwards, you can go back to the "Mouse Shortcuts" tab and click on the "Restore Defaults" button or just recheck the "Secondary Button" checkbox, which is associated with the mouse shortcut "Control - Primary Button".

[/os/os-x] permanent link

[ More Info ]

[/os/windows] permanent link

[ More Info ]

[/video/offliberty] permanent link

[/os/windows/win8] permanent link

1. Click on Format.
2. Select Conditional formatting....
3. I could then select "Date is before" in the first field and "today" in the next field. I could then check "Background" and select the color red for the background color for the cell once the date in the cell has been passed.
4. Once you've set up the rule or rules for the cell or range of cells, clik on Save rules.

The cell will then have the normal color as long as the date stored in the cell is before today's date. Once the date in the cell matches today's date or is before the date of viewing, the cell background color will turn red.

Note: You can ensure that Google knows the cell contains a date by clicking on Format, selecting Number, and then More formats, which will allow you to pick a particular format you wish to use for dates, such as 2008-09-26, 9/26/08, etc.

[/network/web/services/google] permanent link

[/ebook] permanent link

[ More Info ]

[/ebook] permanent link

[/hardware/network/router/cisco] permanent link

I receive an inordinate amount of spam every day and waste a lot of time purging it from my inbox, so by creating an email alias, which I can easily do, since I manage the email server that processes my email, I can simply invalidate any alias when I notice I'm receiving a lot of spam with a particular alias I created in the "to" field. E.g., if I created an alias Acme_2014@example.com that points to Me@example.com and start receiving spam to Acme_2014@example.com, I know that the Acme Corporation sold my email address to a spammer or had a compromise of their server holding my account information.

Since Acme_2014 is not an email address that a spammer who employs name dictionaries to distribute spam might use, I can be sure that the source of the email is using the email address I gave to the Acme Corporation. If I used an address such as abe, bill, or zachary@example.com, I couldn't be certain, since some spammers try sending email to a domain using every name from a name dictionary. I also wouldn't use acme@example.com, since that is a word in an English language dictionary, so spammers using a dictionary for building email addresses might use it.

I can easily create aliases on my email server, but there are a number of online services that will allow you to create such aliases to thwart spammers. E.g., with such a service you might be able to create an alias acme_2014@spamblock1.com that points to me@example.com, if me@example.com is the email address you normally use.

If you wanted to communicate with Acme Corporation by email, you might need to use the alias you used in the "from" field of email you send to them. To do so in Thunderbird 24.2.0, right-click on your account, which should be located at the top of the left pane of the Thunderbird window. E.g., you may see me@example.com there. Select Settings, then put the alias in the Email Address field and, if needed, set the Your Name field appropriately, then click on OK. Once you have sent the email you needed to send to the Acme Corporation you can change the settings back to those you normally use.

[/network/email/clients/thunderbird] permanent link

1. Click on the Start button.
2. Type cmd and hit enter to open a command prompt window.
3. At the command prompt window, type runas /user:administrator mmc. Note: if the system is part of a Microsoft Windows domain and you wish to use the domain administrator account, put the domain name followed by a backslash after user: and before administrator. E.g., runas /user:mydomain\administrator mmc.
4. When prompted for the administrator password, enter it.
5. In the Console Root window that opens, click on File and select compmgmt.
6. In the Computer Management window that opens, you will then see Disk Management under Storage.

[/os/windows/win7] permanent link

As I usually do in such cases, I reported the calling number to the U.S. Federal Trade Commission's National Do Not Call Registry website, since my home phone number is in that registry, thus telemarketers shouldn't be calling my number. Unfortunately, many telemarketers ignore the list, apparently feeling that nothing will be done to them if they ignore the list. Perhaps that is true; I don't know how limited the FTC's resources may be for pursuing such companies. I can only hope that if enough complaints are filed for a particular number that the FTC will investigate and at least fine a few of them, though I'd like to see such companies put out of business.

I think anyone who would answer such a call and provide a credit card number to the caller is either a fool or extremely naive, since providing credit card information to an unknown caller may provide an opportunity to a scammer to use that information to use the credit card information for nefarious purposes. But since I've frequently received such calls, apparently such telemarketers/scammers find a fair number of people willing to do so.

[/phone] permanent link

[/network/web/browser] permanent link

Do you want to run this application?

Name: NCAppController
Publisher: Juniper Networks, Inc.

Do you want to download, install, and/or execute software from the following server?

Product Name: Network Connect
Software Name: NetworkConnect.app

When I click on "Yes", I see a "[Network Connect] Error" window open stating "An error occurred while extracting one of the Network components." The only option available is "OK" and the VPN connection is not established.

According to Connections to Juniper Network Connect VPN failing in Safari 6.1 and Safari 7, this problem also occurs with Safari 7 on OS X 10.8 (Mountain Lion). The author of that article states:

Based on what I’m seeing, it looks like Safari 6.1 and Safari 7 introduced a new sandbox for browser plug-ins, replacing the previous Java whitelist. At this time, it does not appear that Juniper’s software is able to work with this sandbox.

I can establish the VPN connection by going to the Applications directory in the Finder and double-click on Network Connect, which starts the Network Connect 7.4.0 application, then put in my username and password for the VPN and establish a connection by that means without a problem.

[/os/os-x] permanent link

If you wish to specify an exit node in a particular country, you can use the country code for the country established by the International Organization for Standardizaton. Two characters are used to represent the country code in an online address, e.g. us for the United States, dk for Denmark, gb for Great Britain, etc. You can find the complete list of country codes at ISO 3166-1-alpha-2 code. The country code to be used for the exit note must be placed in the torrc configuration file used by the Tor browser bundle. Look for the torrc file in the Data/Tor directory beneath the directory in which you installed the Tor Browser Bundle. You can edit it with a text editor, such as Notepad on a Microsoft Windows system. Put the following line at the end of the file where cc represents the country code:

ExitNodes {cc}

E.g., for a United States exit node, you would use:

ExitNodes {us}

To confirm the exit node location, restart the Tor browser, if it is running, and visit a site such as WhatIsMyIp. Note: if there is a problem accessing an exit node in the selected country or if you entered an invalid country code, you may find that you don't get past the "Connecting to the Tor network" window when you start the Tor browser. In that case, you may need to select a different country code. Also, some online services may block access from all known Tor exit nodes, since some people use Tor for malicious purposes rather than simply for online privacy. E.g., Wikipedia does not allow editing of articles when an editor is accessing Wikipedia via the Tor network.

Also note that the Tor Project does not recommend specifying an exit node. At Tor FAQ: Can I control which nodes (or country) are used for entry/exit? you will find:

We recommend you do not use these — they are intended for testing and may disappear in future versions. You get the best security that Tor can provide when you leave the route selection to Tor; overriding the entry / exit nodes can mess up your anonymity in ways we don't understand.

But that option is available, if you wish to use it, at least as of version 3.5 of the Tor Browser Bundle.

[/network/web/browser/tor] permanent link

Firefox is already running, but it is not responding. To open a new window, you must first close the existing Firefox process, or restart your system.

This message can appear even when the Firefox browser provided with the Tor browser bundle isn't running as you can see by using the Windows Task Manager to check for running processes, if the the software was placed under the C:\Program Files (x86) directory, even if you run the software from an account with administrator privileges. The software apparently needs to write to files in the directory where it has been installed, but can't do so. If you install it to the Desktop or under the Documents directory for the account from which you will be running it, you won't see the message.

[/network/web/browser/tor] permanent link