Category Archives: geeky

Network port troubleshooting with Perl

Posted on by
Reply

Recently I had a need to test network communication between two different services over a specific port for a clustered application.  Since I didn’t want to have to initiate an application failover just to test the network communication, I decided to use a simple Perl script to listen for inbound communication on the cluster node being tested from the development environment.

What the code does is to open a specific port for listening.  I used the basic telnet client to send traffic from the source machine (client) to the destination machine (server).

Here are the code listings for the script for both Solaris 10 and AIX 6.1.

Solaris 10

#!/usr/bin/perl -w
 
use strict;
use warnings;
use IO::Socket;
 
# Local host bind address (hostname/ipaddr)
my $LOCALADDR = 10.0.0.1
# Local host bind port
my $PORT = 10240;
 
my $sock = new IO::Socket::INET (
    LocalHost => $LOCALADDR,
    LocalPort => $PORT,
    Proto => 'tcp',
    Listen => 1,
    Reuse => 1,
);
 
die "Could not create socket: $!\n" unless $sock;
 
my $new_sock = $sock->accept();
while(<$new_sock>) {
    print $_;
}
 
close($sock);

AIX 6.1

#!/usr/bin/perl -w
 
use strict;
use warnings;
 
use IO::Socket;
use Net::hostent;              # for OO version of gethostbyaddr
 
# Local host bind address (hostname/ipaddr)
my $LOCALADDR = 10.0.0.1
# Local host bind port
my $PORT = 10240;
 
my $server = IO::Socket::INET->new(
    Proto => 'tcp',
    LocalHost => $LOCALADDR,
    LocalPort => $PORT,
    Listen => 1,
    Reuse => 1 )
or die "can't setup server";
 
print "SERVER Waiting for client connection on port $PORT\n";
 
my $new_sock = $server->accept();
while(<$new_sock>) {
    print $_;
}
 
close($server);

Patch Solaris 10 over NFS

Posted on by
Reply

One of the things that many system administrators encounter in the quest for maintaining up-to-date servers is the need to apply regular maintenance releases.  With some operating systems, Mac OS X for instance, the patches are released in two forms:

  • a delta update, which contains only the changes necessary to bring the system up-to-date from the current running release level
  • a combo (cumulative, full, etc.) update, which contains all changes for the current release branch

If you are lucky enough to be using an OS that gives you delta updates then you may not ever run into an issue where you don’t have enough internal drive space to update the OS.  However, if you are running an OS, like Solaris, that uses cumulative clusters then this becomes more interesting.

One situation I recently encountered was a need to patch a Solaris 10 Sparc system that did not have sufficient internal drive space to store the unzipped patch cluster for patching the system in single-user mode.  (You are patching in single-user mode right?)

The most obvious question would be: why not add another drive?  Another obvious question might be: why not patch from cd/dvd?  Well, adding a new drive to this system was not a viable solution since there were no available drives to install.  Installing from DVD would have been a possible solution, if the patches had been unzipped and burned to disc prior to the maintenance window.

The next available option was to install the patches over the network.  When patching a machine in single-user mode this becomes a little more problematic, since network resources and services are not generally available unless the server has been brought up in a multi-user mode.

After bringing the server up in single-user mode the next step was to start SSH and NFS so that the patch cluster could be installed over the NFS share.  Generally with Solaris 10 all you would need to do is execute the following command for both SSH and NFS client:

svcadm enable &lt;service name&gt;

Unfortunately with single-user mode this will fail to work, since the dependent services are not auto-started.  To accomplish this in single-user mode you need to add the -r flag which instructs svcadm to start the service and recursively start the dependent services.  If you want a little more checking, also add the -s flag which tells svcadm to wait for each service to enter an online or degraded state before returning.  Below are the commands for starting SSH and NFS along with the output of a service check to show the state after the command was executed.

SSH

# svcadm enable -rs svc:/network/ssh:default
Reading ZFS config: done.
# svcs -a | grep ssh
online         15:49:26 svc:/network/ssh:default

NFS

# svcadm enable -rs svc:/network/nfs/client:default
# svcs -a | grep nfs
disabled       15:11:34 svc:/network/nfs/cbd:default
disabled       15:11:34 svc:/network/nfs/mapid:default
disabled       15:11:35 svc:/network/nfs/server:default
online         15:50:35 svc:/network/nfs/status:default
online         15:50:35 svc:/network/nfs/nlockmgr:default
online         15:50:35 svc:/network/nfs/client:default
uninitialized  15:11:37 svc:/network/nfs/rquota:default

After this was done all that was left was to mount the exported file system and run the patch cluster installation script.  Since the cluster was not local to the system it took a little longer to install the cluster, but other than that everything went smoothly.

iPhone Ringtones on HTC Thunderbolt

Posted on by
Reply

As a recent switcher from the Apple iPhone to an HTC Thunderbolt, there have been a few things that I have been sorting out with the usage of my new phone. I will be detailing some more of my adventures later, however one of the important things to me was how to retain the custom ringtones that I had created using GarageBand.

On the Mac custom ringtones are stored by default in the Ringtones directory within your iTunes Music directory.

iTunes ringtone file location

The m4r files are really just AAC files with a custom extension that tells iTunes and iOS that it is a ringtone.  They are not DRM formatted files or special Apple files, just ordinary AAC files.  All you need to do to make them playable on Android is to change the file extension to either m4a or aac.

This is a real bonus since Android 2.2.1 will play AAC files with no problem (see http://developer.android.com/guide/appendix/media-formats.html)

Once I found this piece of information out, the only hurdle was to get the ringtones into a location that was used on my phone.  Ideally I would be able to save them to the SD Card to save on the internal storage space and to eliminate the chance of a new software update (or a custom ROM installation) to wipe them out.

It turns out that in Android there is a whole host of pre-defined locations for various data types.  As defined on the Android Developer Network:

Music/ – Media scanner classifies all media found here as user music.

Podcasts/ – Media scanner classifies all media found here as a podcast.

Ringtones/ – Media scanner classifies all media found here as a ringtone.

Alarms/ – Media scanner classifies all media found here as an alarm sound.

Notifications/ – Media scanner classifies all media found here as a notification sound.

Pictures/ – All photos (excluding those taken with the camera).

Movies/ – All movies (excluding those taken with the camcorder).

Download/ – Miscellaneous downloads.

With regards to the storage internal to the system, then, this would make the location for the ringtones be as follows:

/system/media/audio/ringtones/

The external storage location for ringtones would be:

/mnt/sdcard/media/audio/ringtones/

Once I had the filetype and location it was simple enough to mount the SD Card of my Thunderbolt and create the appropriate directory structure then copy the re-named file over.

Then open the ringtones settings pane on the Thunderbolt and voila the new ringtones are available.

Enable P3P support in Firefox

Posted on by
Reply

In Outlook Live browser cookie issues, I discussed the issues surrounding cookie usage and the Outlook Live service.  As you may remember, one of the problems surrounding turning off the blind support of third-party cookies is the check that is performed at logout.  If the check doesn’t pass then you will get a warning message.

The fix for this from the MS perspective is to enable third-party cookies.  One of the main reasons to not follow this is for better privacy while browsing the Internet.  As with most computer security, web browser security is often a trade-off between usability and security.  You have to know what to set things to to achieve a balance between good security and acceptable annoyance.  Many users install ad-blockers, flash blockers, disable Javascript, etc.  These are good tactics, but they also introduce browsing annoyances since the very technologies these plug-ins disable are what makes the web experience interesting and fun.  For more on browser security check out Securing Your Web Browser at CERT.

Fortunately, in this particular case the solution is relatively easy.  Since Mozilla gives us the ability to configure the browser directly, we can change how Firefox handles cookies.

First you will need to open Firefox and go to the site about:config to edit the settings.  This is not really a website, but a method provided to directly configure some browser settings.  You will be presented with a warning box, just click the button.

Navigate to the configuration editor

Configuration editing warning message

Next, in the filter box type network.cookie, this will narrow the list displayed down to only the ones dealing with cookies.  One of the settings to be changed already exists, the other will have to be added.

Filtering the preferences list

Narrowed down preference list

The setting that you want to change is:

  • network.cookie.cookieBehavior

Change network.cookie.cookieBehavior to have a setting of 3, enabling the change, by double clicking on the number in the Value column and entering the new value in the dialog box.

To add the new preference, right click in the window and select Integer from the New submenu.

Adding a new preference entry

Enter network.cookie.p3plevel in the dialog box that appears. Set the value to be 3 in the second dialog box.  There is no save function, the changes take effect immediately, just close you browser tab/window.

After making these changes you will now be able to successfully navigate the Outlook Live site and logout without getting the warning message.  You will also be better protected from nefarious third-party cookies.

If you want to change the preferences back to the defaults, simply open the preferences for Firefox and click the checkbox next to Accept third-party cookies.

Apparently this functionality was part of Firefox 2 but was subsequently removed after someone complained about the size of the code required to implement it (a total of 60k in what is now a 56.9MB, at least that’s the size of the application on Mac OS X).  In reading through the comments in the Bugzilla post, I fail to see where anyone makes a decent argument for reducing end-user security.  For more on all of this, check out the references section of this post.

These changes were implemented on Mac OS X 10.6.4 using Firefox 3.6.11, but it should be pertinent to Windows and Linux as well.

References

  1. http://blog.psych0tik.net/?tag=p3p
  2. https://bugzilla.mozilla.org/show_bug.cgi?id=225287

Outlook Live browser cookie issues

Posted on by
1

Windows Live logout error messageIn June of 2010, Valdosta State University transitioned to using Microsoft’s Live@EDU service for our e-mail.  This is Microsoft’s competing product line with Google’s Apps for Education service.  There were many reasons why we chose the Microsoft service which I won’t get into here, suffice it to say, that was the decision that was made.

While I don’t use the web interface all that much, when I do use it on Safari 5 for the Mac, I have noticed an oddity.  After you login to the system and do whatever you plan to do that session, to logout you should click the “Sign Out” link.  Seems standard enough, right?  Well, not exactly.  On Safari on the Mac I have noticed that I get an error when the signout process is attempted.  When testing Firefox 3.6.11, I found I wasn’t receiving the error screen and the signout process completed successfully.

After delving more into this it turns out that the problem is third-party cookies.  The default settings in Safari are very restrictive.  They are also all or none.  There is no exception list to the privacy settings for browser cookies in Safari, unlike Firefox. Also, it turns out that if you change the settings in Firefox to match the restrictive settings in Safari you get the same error screen.

In order to find out what site was causing the problem I cleared all the cookies for Safari, then enable the setting to always allow cookies.  After comparing the list of cookies that were set, I found one listed for the domain passport.com that did not show up in the cookie list when Safari is set to accept cookies only from sites that I visited.

Cookie listing for Safari on the Mac with 3rd party allowed

Further investigation using the Live HTTP Headers add-on in Firefox revealed the following for that domain:

http://loginnet.passport.com/ThirdPartyCookieCheck.srf?ct=1287943985
 
GET /ThirdPartyCookieCheck.srf?ct=1287943985 HTTP/1.1
Host: loginnet.passport.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://login.live.com/logout.srf?lc=1033&amp;nossl=1&amp;lc=1033&amp;ru=https://login.microsoftonline.com/login.srf%3Flc%3D1033%26ct%3D1287943985%26rver%3D6.1.6206.0%26id%3D260563%26wa%3Dwsignoutcleanup1.0%26nossl%3D1%26wreply%3Dhttps:%252F%252Foutlook.com%252Fowa%252F%253Frealm%253Dvaldosta.edu&amp;id=12&amp;wa=wsignout1.0
 
HTTP/1.1 302 Found
Connection: close
Date: Sun, 24 Oct 2010 18:13:05 GMT
Server: Microsoft-IIS/6.0
PPServer: PPV: 30 H: BAYIDSLGN1F57 V: 0
Content-Type: text/html; charset=utf-8
Expires: Sun, 24 Oct 2010 18:12:05 GMT
Cache-Control: no-cache
Pragma: no-cache
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Set-Cookie: MSPP3RD=2832116359; domain=.passport.com;path=/;HTTPOnly= ;version=1
Content-Length: 0
Location: http://loginnet.passport.com/ThirdPartyCookieCheck.srf?tpc=2832116359&amp;lc=1033
----------------------------------------------------------
http://loginnet.passport.com/ThirdPartyCookieCheck.srf?tpc=2832116359&amp;lc=1033
 
GET /ThirdPartyCookieCheck.srf?tpc=2832116359&amp;lc=1033 HTTP/1.1
Host: loginnet.passport.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://login.live.com/logout.srf?lc=1033&amp;nossl=1&amp;lc=1033&amp;ru=https://login.microsoftonline.com/login.srf%3Flc%3D1033%26ct%3D1287943985%26rver%3D6.1.6206.0%26id%3D260563%26wa%3Dwsignoutcleanup1.0%26nossl%3D1%26wreply%3Dhttps:%252F%252Foutlook.com%252Fowa%252F%253Frealm%253Dvaldosta.edu&amp;id=12&amp;wa=wsignout1.0
Cookie: MSPP3RD=2832116359
 
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Sun, 24 Oct 2010 18:13:06 GMT
Pragma: no-cache
Content-Type: image/gif
Expires: Sun, 24 Oct 2010 18:12:06 GMT
Server: Microsoft-IIS/6.0
PPServer: PPV: 30 H: BAYIDSLGN1F50 V: 0
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Content-Encoding: gzip
Vary: Accept-Encoding
Transfer-Encoding: chunked

Continuing the investigation, I decided to force Firefox to ask me about each cookie that was going to be set.  This makes a dialog show up for each cookie attempt giving me the option to deny it, allow it only for the current session, or always allow.  After walking through the tortorous process of a complete login/logout session, it turns out that two cookies are being set for the domain passport.com with each of them set to expire at the end of the session.  More detail on the cookie can be seen in the screen shot of the cookie detail (provided by the plugin Add N Edit Cookies) shown below:

Detail on the contents of the passport domain cookie

So, the next step was to fire up my VM and see how all this worked on the Windows side of things.  I figured that since we had not been deluged with user requests concerning this that the browsers on the Windows side of the equation were handling it all differently. Firefox on Windows is configured out of the box just like Firefox on Mac OS X.  So, as I expected the operation was the same as well. If you allow for third-party cookies, then it works fine, if you don’t then you get the error screen.

The interesting development is the settings for Internet Explorer.  Bear in mind that I am using Windows 7 and Internet Explorer 8, but the settings should be fairly similar on Windows XP and between versions 7 and 8.  The default setting in IE8 is to all third-party cookies, but (and this is the key) only if they have a compact privacy policy (P3P).  This is the setting that makes the big difference.

Default privacy settings for Internet Explorer 8

It turns out that neither Firefox nor Safari support P3P headers by default.  In fact there doesn’t appear to be any support for them in Safari at all.  Configuring Firefox to support them requires some advanced editing of the main configuration file.

I haven’t found any adverse effects to the workings of Outlook Live when using Safari, but it is rather annoying that this occurs.

References

  1. http://en.wikipedia.org/wiki/HTTP_cookie#Third-party_cookies
  2. http://squeeville.com/2010/02/03/third-party-cookies-in-safari-internet-explorer/
  3. http://anantgarg.com/2010/02/18/cross-domain-cookies-in-safari/