Checking OS X services using Nagios : arfore dot com

My last two posts, Starting NRPE via launchd and Nagios NRPE on OS X Server 10.5, concerned getting NRPE to run on OS X Server 10.5 and having it startup at system boot.

However, this is only part of the battle.  Once you have Nagios monitoring setup on your server you also need to have some nice options for checking the availability of your running services.

Tim Wilson from the Savvy Technologist, wrote an NRPE plugin that helps out with this.  The plugin check_osx_services does an excellent job of checking on the status for many services running on 10.5 Server.

The documentation on the plugin at the NagiosExchange site is pretty thorough.  One thing that is not mentioned is that you will need to run the check_osx_services script as superuser since it calls the system level command serveradmin which must be run as root.

The Digital Divide Hits the Airwaves : arfore dot com

This next week the Senate is expected to vote on legislation to delay the transition of broadcast television in the United States from analog signals to digital signals.

The initial deadline was to have been February 17, 2009, however some in Congress as well as President Obama claim that more time is needed due to the fact that evidence has shown that consumers are not prepared. The new legislation sets a deadline for the switch to June 12, 2009, however broadcasters can switch over to digital prior to that deadline if they so choose.

While I am sure that enough money was not provided to fund the coupon program, and that the whole information campaign has been bungled from the beginning, I don’t think that extending the deadline is really going to do any good. The consumers have been seeing ads from both the federal government as well as their local cable providers informing them about the transition and what they can do. Changing this deadline is not going to help any.

No matter when they switch the deadline to consumers are going to be left out in the cold. Sometimes you have to pull the band-aid off fast in order to lessen the long term pain.

Linksys range extender open a hole in their own security : arfore dot com

So, a friend of mine was setting up a Linksys WRE54G Range Extender on her wireless network to eliminate a dead spot in her house.

She had issues with the Windows-based setup utility because it hardcodes the TCP/IP settings on the computer due to the fact it assumes that your network won’t be setup to work with the device out of the box.  After that failed, and spending a while on the phone with a hapless Linksys tech support person, we finally got it configured via the web interface.

So everything is going fine until she notices that the MAC filter that was configured on the WRT54G was no longer effective.

It turns out that when you setup the WRE54G to work it invalidates the purpose of your MAC filtering.  All traffic sent through the range extender is automatically flagged as OK.

From a Linksys forum post:

As a result, Wireless MAC Filtering on the main wireless router or access point will have no effect on clients connecting through a WRE54G Range Expander.

You have to wonder who makes the decisions on options with stuff like this.  The Linksys tech I was chatting with online about this said that the best solution would be to enable WPA security, but their user guide for device specifically recommends doing MAC address filtering in addition to the encryption, except for the fact that you can’t.

Good game Linksys.

WPA2 bug in Network Manager not fixed

Over the weekend I setup a Ubuntu 8.04 installation in my apartment.  The main purpose was to have a box to use to connect to my Tivo, but I am also going to use it to play with Java servlet and jsp development.

Of course none of this is any fun without Internet access.  So I started configuring my Linksys pci wireless adapter.  Turns out that the longstanding bug that affects the WPA2 passphrase store in Gnome Network Manager is still not fixed.

What happens is that you go in to Network Manager and configure your network, enter the SSID, and passphrase.  Everything looks great right?  But when you reboot the machine the connection doesn’t come back up.

And when you go look at the properties of the connection it doesn’t remember that you set it for WPA2 Personal instead of just WPA.  You have to re-configure it two more times before it begins working again.

There are couple of ways to fix this

  1. hand code the wpa_supplicant files and set it all up manually
  2. use a replacement for Network Manager

I chose to use the second route, since I really didn’t feel like hand configuring the stuff.  I must be getting lazy in my old age.

The replacement that I found recommended by several others is called Wicd.  One of the nicest features is this “No Gnome dependencies (although it does require GTK), so it is easy to use in XFCE, Fluxbox, Openbox, Enlightenment, etc.”

What web apps do you use?

There are many really nice web apps out there now. Some of them are designed for pure entertainment, others are designed for tracking personal information, and still others serve a clear design purpose.

Here are a couple that I like:

  • My Mile Marker – a nice app that helps you track your car’s mpg over time.
  • Wufoo – an online html form builder. They have a number of pre-designed templates that you can choose from and alter.
  • Typetester – an online font comparison app that helps you see what your online content will look like in various fonts.

What web apps are out there that you use or find particularly interesting?

Tags: Technology · Web Apps

Indigo Girls at Chastain

The concert was at Chastain park Amphitheatre in Atlanta, GA, Saturday, September 13, 2008.

The venue was pretty packed. It was interesting that a large contingent of the handicapped spaces were parallel parking.

I should have taken a real camera with me since the iPhone’s camera was unequipped to handle the lighting situation.  Missy Higgins was the opening act.  It was great to hear some of the old songs, as well as three new tracks from the new album which is set to be released in February 2009.  They gave us the actual names of two of the new songs, but not the third one, which they said had only been played six times previously.

Emily made a comment that it was really great to play on stage at Chastain, where she had attended quite a few concerts herself.  They also sang Happy Birthday for Marie, one of the friends of Amy’s nephew, who was attending her first concert at Chastain.

A few of Amy’s younger relatives came out on stage and sang a chorus of This Little Light of Mine at the end of Let It Ring, during the encore.

The set list from the concert as played is:

Pendulum Swinger Ozilline Fill It Up Again Yield Power of Two Wish You Were Here Run Money Made You Mean The Wood Song Moment of Forgiveness

Fleet of Hope from the new album

Go Happy Birthday for Marie Prince of Darkness

Sugar Tongue from the new album

Yield Heartache for Everyone Get out the Map

Weary of the World  from the new album (they didn’t give us the actual song name on this one)

Watershed Shame on you

Closer to Fine

Encore Fly Away Let It Ring – Amy Ray from Prom

Galileo

Import WebCT Cert

At work we run the WebCT Vista course management system by Blackboard.

Recently I was requested to figure out how to import the security certificate from the command line so that we could add this to the login script used for our campus computers. The main reason behind this was to eliminate the need for the user to have to manually agree to the security certificate when browsing to the CMS.

Normally when you want to create a Java keystore, you would use the keytool program located in $JAVA_HOME/bin. If you run this program to import a certificate without specifying a location for the keystore it tries to create one named .keystore in the user profile home directory.

However, when the JRE actually imports a certificate it doesn’t put it in this file. After some investigation, it turns out that the JRE imports certificates into a file named trusted.certs which is located in the following directory

C:\Documents and Settings\USERNAME\Application Data\Sun\Java\Deployment\security\

In order to import a certificate into a keystore you need to vital pieces of information:

  1. the keystore name
  2. the keystore password

The problem here is that this keystore is being automatically created by the JRE. It turns out that this keystore has a password that is an empty string. What this means is that when you import a certificate you have to specify the password by using the storepass parameter with a value “”.

For example if the certificate that you want to import has a name and path of

c:\Blackboard.cer

the command to import the certificate for the user jdoe would be

keytool.exe -import -noprompt -keystore C:\Documents and Settings\jdoe\Application Data\Sun\Java\Deployment\security\trusted.certs -storepass "" -file c:\Blackboard.cer

Update 2008-04-09:

I have also found how to do this on Mac OS X. According to the developer documents, the JVM on Mac OS X uses the user’s default keychain to store this type of certificate instead of using a file-based keystore like the other OS.

In order to store the certificate in the user’s login keychain you can import it via the command line tool certtool that is installed on the OS.

The command to import this certificate from the command line is

certtool i path/to/cert/file k=~/Library/Keychains/login.keychain

If you want to have this happen at login for each user who might login, then you could implement this via a login hook. For more on this, take a gander at the article 301446 in the Apple knowledgebase.

Music Video Friday No. 8

Today we have a quartet of house/electronica/dance music.

We have two live performances and two videos. First we have a live performance of Sasha and John Digweed in Buenos Aries. Next up is a video of the song From Paris to Berlin from the group Infernal. Then we have a live performance from Ultra Music Festival 2004 of Paul Oakenfold spinning Southern Sun. The last video in the lineup is Future Sound of London’s Amoeba.

Sasha and John Digweed
Live in Buenos Aries

Infernal
From Paris to Berlin

Paul Oakenfold
Southern Sun – Live at Ultra Music Festival 2004

Future Sound of London
Amoeba

arfore dot com » Mac OS X

Posted on April 14th, 2007

So, I hate developers. Wait, let me clarify: I hate developers who can’t think through the user experience.

When an uninstaller is written it really should remove all file associated with the application.

Case in point, recently I moved to a Windows Mobile-based smartphone, so I needed to cross-grade to Missing Sync for Windows Mobile from the PalmOS version.

Posted on April 12th, 2007

Why is it that some of the essential tools that are used on a daily basis are missing from OS X?

Today I wanted to use wget and found that it was missing.

arfore dot com » Archive for Mac OS X

Posted by: Andy Fore in Mac OS X

Why is it that some of the essential tools that are used on a daily basis are missing from OS X?

Today I wanted to use wget and found that it was missing.

Fortunately, this is a very easy thing to fix. All you have to do is download the source code from the GNU page on the wget project, then follow the standard compile steps:

  1. unpack the source
  2. ./configure
  3. make
  4. sudo make install

Note: The compiled binary is placed in /usr/local/bin so you will need to add this to your path. This process varies depending on what shell you are using, but the default shell in 10.4.9 is bash.

Posted by: Andy Fore in Sayings

Every now and then I will utter a saying that I grew hearing or using that makes my assistants wonder.

Today I happened to use the saying If wishes were horses, beggars would ride in reference to one of my assistants wish that the timesheet process here was all done electronically instead of the paper system that we have.

She wondered where I get these things from. I thought it was a pretty common saying, but I had never actually investigated where it originated, so I went googling.

The first reference I found was from Bartleby.com which listed the meaning behind the saying according to the New Dictionary of Cultural Literacy as:

If wishing could make things happen, then even the most destitute people would have everything they wanted.

While this was nice, I already knew what it meant, so I went googling some more for the origin of the phrase. It turns out that it is a line from a Mother Goose nursery rhyme, entitled If Wishes Were Horses:

If wishes were horses, beggars would ride. If turnips were watches, I would wear one by my side. And if “ifs” and “ands” Were pots and pans,

There’d be no work for tinkers!

Ref: apples4theteacher.com

Posted by: Andy Fore in Environmental

So according to a study commissioned by Mayor Bloomberg, the greenhouse gas emissions of New York City in 2005 was on par with all of Ireland or Portugal.

You have to love it when a city produces as much environmentally destructive elements as an entire country.

The most interesting part was the fact that it’s mostly from the buildings and not the average citizen. The claim that the mass transit system is what make the citizens less polluting.

I wonder how much less the entire U.S. would produce if we took mass transit more seriously?

Ref: Greenhouse Gas Study: 1 Percent From NYC

Posted by: Andy Fore in Photography

A nice post on Amazing Filtered Things shows a whole bunch of photos of nuclear blasts.

My favorite is the one with the observers in the foreground.

Posted by: Andy Fore in Culture

Johnny Hart, the creator of the B.C. comic strip died at the age of 76 on Saturday, April 7, 2007.

This really sucks. B.C. was a really great comic strip.

For more check out the story on PressConnect.

Check out the B.C. strip on comics.com.

Posted by: Andy Fore in Gaming, Adobe Contribute

Recently I ran into a situation where I had to change the username and password that Contribute uses for the SFTP operations.

I don’t have my stuff setup to use individual SFTP logins, since I am doing away with direct shell access to the webroot and dislike manually updating permissions for people.

I found out that there is a hidden password policy in the Contribute Publishing System with regards to what it will pass as the SFTP password.

I tend to use mixed-case as well as punctuation and numbers in my passwords. When I put the new password in, the system seemed to take it. Unfortunately, this was only an appearance, since it borked when I closed Contribute and opened it back up.

Apparently it doesn’t like the use of an ampersand in the password. And since the password is stored in an unusual encryption scheme I was unable to recover from this without recreating my entire connection to the particular webserver I was managing.

Stay tuned for a post on the steps to recreate the connection without losing all you data, as well as a utility to help in case of problems.

Posted by: Andy Fore in Poetry

The Gypsy Violin
by Munda

The compelling violin lures With an irresistible yearn Dance, dance, please dance for me

I can no longer adjourn!

Ethereal notes float from its strings Caressing like a lover’s hand Sensual music, Angel’s touch

Leading the way to wonderland

Embracing with utter delight Craving, beckoning me Tempting my lonely heart

Dance, dance on my melody!

Faster, faster the music escapes Without compassion to body or soul Seducer of lonely hearts

Until dancing is my only goal

Faces gyrate while I dance on passion Flashes of fire in the corner of my eyes The violin plays like never before

Until I become one and loneliness dies

With a final cry and a final touch The violin stops, the music ends Leaving behind an emptiness

We’ll meet again, my violin friend

ref. url: The Gypsy Violin

Posted by: Andy Fore in Poetry

When You Are Old
by William Butler Yeats

When you are old and gray and full of sleep And nodding by the fire, take down this book, And slowly read, and dream of the soft look

Your eyes had once, and of their shadows deep;

How many loved your moments of glad grace, And loved your beauty with love false or true; But one man loved the pilgrim soul in you,

And loved the sorrows of your changing face.

And bending down beside the glowing bars, Murmur, a little sadly, how love fled And paced upon the mountains overhead,

And hid his face amid a crowd of stars.

ref. url: When You Are Old

Posted by: Andy Fore in Copyright

So, according to a story on Reuters, the Free Software Foundation (FSF) is evaluating whether or not to ban Novell from didtributing future versions of their Linux OS.

“The community of people wants to do anything they can to interfere with this deal and all deals like it. They have every reason to be deeply concerned that this is the beginning of a significant patent aggression by Microsoft,” Eben Moglen, the Foundation’s general counsel, said on Friday.

Apparently they might use their lock on the intellectual property rights to key pieces of the opern-source OS to achieve this.

My questions:

  1. Exactly how are they going to achieve this, if the software is open-source?
  2. Which version of the GPL are they going to claim that permits this?
  3. How does this action promote the goals of the FSF which according to their About Us page include: “our worldwide mission to preserve, protect and promote the freedom to use, study, copy, modify, and redistribute computer software, and to defend the rights of all free software users.”?

Has Richard Stallman lost his ever-loving mind? He wants people to use Linux. And not just as the OS they run on their servers, but as an everyday OS. He wants people to stop using DRM on their electronically available downloads, as evidenced by the campaign to stomp out DRM.

If Novell wants to enter into a business agreement that results in commercial support and interoperability with the non-free software juggernaut Microsoft, then how is this bad for Linux?

Just because RS doesn’t like Billy Gates and his commercial giant, doesn’t mean that he needs to start by using the same tactics he stands against when someone gets in bed with MS and Linux at the same time.

Shame on you RS, put your money where you values are. If you want people to use open-source then don’t use bullying tactics to keep it from happening.

UPDATE: according to a story at Linux-Watch, the Reuters story is misleading. Apparently the patent agreement is completely legal under GPL v2, but they are working on a language for the next GPL v3 draft that will make it a violation of the license. I say again: why is this MS/Novell deal bad for Linux? And as the Linux-Watch story points out, the current Linux kernel developers don’t like GPL v3 and apparently have no plans to move from GPL v2.

Posted by: Andy Fore in Poetry

Who is She?
by Gabriel Rosenstock

Who is this goddess of yours? Who is she?

‘Pure fantasy, I wager.’

‘Is she not clear to you?’
‘No, she is not.’

‘Clearer than day is she
‘ clearer than night …’

‘Not clear to me …’

‘Day in night is she
‘ night in day …’

‘I see her not …’

‘Look inside yourself!’

‘Difficult …’

‘Then look at her frost

covering the grass.’

ref. url: Who is She? In English and Gaelic