The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,470 other followers

Archive for the ‘Development’ Category

MikroTik PoE: automatically power cycle and reboot device when it becomes unresponsive.

Posted by jpluimers on 2021/09/24

In the past I had these manual scripts to power-cycle a hung RaaspberryPi device:

/interface ethernet poe set ether5 poe-out=off
/interface ethernet poe set ether5 poe-out=forced-on

or on one line:

/interface ethernet poe set ether5 poe-out=off; /interface ethernet poe set ether5 poe-out=forced-on

I am going to try this script for the port having a Raspberry Pi on it (note: this requires a 48V power brick for the Mikrotik!) on RouterOS version 6.48.3 (stable):

/interface ethernet
set [ find default-name=ether5 ] comment="RaspberryPi" poe-out=\
    forced-on power-cycle-ping-address=192.168.124.38 power-cycle-ping-enabled=\
    yes power-cycle-ping-timeout=2m

The above has not worked for a long time as per [Wayback] No POE Power Cycle @ hEX POE – MikroTik:

But it might be fixed as of [Wayback] RouterOS version v6.47.3[stable] as per [Wayback] MikroTik Routers and Wireless – Software: 6.47.3 (2020-Sep-01 05:24):

*) poe – fixed “power-cycle” functionality on RB960GSP;

Similar issues exist on RB760iGS/Hex S, and there the fix requires new hardware in addition to firmware as per [Wayback] POE OUT issue on ether5 rb760igs (no power) – MikroTik

Note that I did disassemble both of these routers for inspection and there are obvious changes to the hardware to correct the PoE problems – most notably a completely different relay, capacitor and some minor circuit design changes.

If it still fails, I might try

[Wayback] No POE Power Cycle @ hEX POE – MikroTik: workaround script

:local ipPing ("x.x.x.x")
:local pingip
#
# pingip below RUNS and sets the variable
# to number of successful pings ie 3 means 3 of 45 success
# can also use ($pingip > 1) or ($pingip >= 1) both TESTED
# ($pingip >= 1) means if only 1 or 0 pings do the IF, not the ELSE
#
:log info ("ping CHECK script IS RUNNING NOW")
# first delay 90 b4 ping test incase this is running at POWER UP
:delay 90
:set pingip [/ping $ipPing count=45]
:if ($pingip <= 3) do={ :log warning (">95% lost ping LOSS to isp GW IP x.x.x.x via ether5 so DO POE powerCYCLE")
  /interface ethernet poe set ether5 poe-out=off
  :delay 12
  /interface ethernet poe set ether5 poe-out=auto-on
  :delay 10
  :log warning ("ether5 POE HAS BEEN TURNED BACK ON")
  :delay 90
  /system script run emailPOEresult
} else={
  :log warning ("PoeCyclePINGcheck ELSE ran so no ping loss detected by script")
}

Based on:

Read the rest of this entry »

Posted in Development, Hardware Development, Internet, MikroTik, Power User, Raspberry Pi, Routers | Leave a Comment »

5 days before the Let’s Encrypt’s Root Certificate is expiring!

Posted by jpluimers on 2021/09/24

Only 5 days left to take a close look at both your web-clients (including back-end clients!) and servers to prevent potential Let’s Encrypt mayhem.

Last week, [Wayback] Scott Helme published about [Wayback/Archive.is] Let’s Encrypt’s Root Certificate is expiring!

Let’s Encrypt has done loads of work over the past lustrum to prevent trouble like cross-signing, issuing the successor certificates, and more.

The problem is that people like you and me have refrained from keeping their clients and servers up-to-date, so some security issues will occur. Hopefully they are limited to non-functioning communication and not leaking of data.

It is about this DST Root CA X3 certificate, used by the vast majority of Let’s Encrypt certificates, [Wayback/Archive.is] Certificate Checker: CN=DST Root CA X3, O=Digital Signature Trust Co.:

DST Root CA X3
Certificate Trusted anchor certificate
Subject DN CN=DST Root CA X3, O=Digital Signature Trust Co.
Issuer DN CN=DST Root CA X3, O=Digital Signature Trust Co.
Serial Number 44AFB080D6A327BA893039862EF8406B
Valid  to  Key RSAPublicKey (2048 bit)
SHA1 Hash DAC9024F54D8F6DF94935FB1732638CA6AD77C13 MD5 Hash 410352DC0FF7501B16F0028EBA6F45C5
SKI C4A7B1A47B2C71FADBE14B9075FFC41560858910 AKI

Quoting Scott, these clients likely will fail, so need attention:

  • OpenSSL <= 1.0.2
  • Windows < XP SP3
  • macOS < 10.12.1
  • iOS < 10 (iPhone 5 is the lowest model that can get to iOS 10)
  • Android < 7.1.1 (but >= 2.3.6 will work if served ISRG Root X1 cross-sign)
  • Mozilla Firefox < 50
  • Ubuntu < 16.04
  • Debian < 8
  • Java 8 < 8u141
  • Java 7 < 7u151
  • NSS < 3.26
  • Amazon FireOS (Silk Browser)

On the server side, you can help Android devices by using a Let’s Encrypt certificate that is cross-signed with the ISRG Root X1 certificate [Wayback/Archive.is] Certificate Checker: CN=ISRG Root X1, O=Internet Security Research Group, C=US:

ISRG Root X1
Certificate
Subject DN CN=ISRG Root X1, O=Internet Security Research Group, C=US
Issuer DN CN=DST Root CA X3, O=Digital Signature Trust Co.
Serial Number 4001772137D4E942B8EE76AA3C640AB7
Valid  to  Key RSAPublicKey (4096 bit)
SHA1 Hash 933C6DDEE95C9C41A40F9F50493D82BE03AD87BF MD5 Hash C1E1FF07F9F688498274D1A18053EABF
SKI 79B459E67BB6E5E40173800888C81A58F6E99B6E AKI C4A7B1A47B2C71FADBE14B9075FFC41560858910

Via [Archive.is] Scott Helme on Twitter: “There are only 10 days left until the Let’s Encrypt root certificate expires and there are still questions over what the impact will be! Full details here: …” which links to the above article showing a nice graph of the current Let’s Encrtypt root certificate setup:

–jeroen

Posted in Communications Development, Development, Encryption, https, HTTPS/TLS security, Internet protocol suite, Let's Encrypt (letsencrypt/certbot), Power User, Security, Software Development, TCP, TLS, Web Development | Leave a Comment »

Howto create C-Header for Delphi/Free Pascal/Lazarus DLL – data types – Stack Overflow

Posted by jpluimers on 2021/09/23

From a long time ago, but got a request for it a while ago is [WayBack/Archive.is] Howto create C-Header for Delphi/Free Pascal/Lazarus DLL – data types – Stack Overflow:

I have used the below construct to generate header files compatible with the C-mode compiler of Visual C++ 6 from Delphi 5 code when Delphi had the -JPH switch (see notes below).
Note that I have not used this since Delphi 5, but the switch has since then been expanded:
Somewhere along the line, the [WayBackJPHNE switch has been added to the dcc32 command-line compiler:
  -JPHNE = Generate C++ .obj file, .hpp file, in namespace, export all
It certainly does not handle all types, and you will need quite a bit of [Archive.isHPPEMIT and [Archive.isEXTERNALSYM directives.
It generates the .hpp files to import the DLL that was written in Delphi.
Notes from the Delphi 5 era:
{ Visual C++ 6 does not like nested structs/unions the way that BC++ can handle them.
  Visual C++ 6 requires the "typedef" to be present AND the typename AFTER the struct definition.
  You will see this when defining TConversationId, TReturnKey and other types that depend on nested structs/unions

  The trick is to perform these steps each and every time this unit changes:
    - Generate this unit once with all the EXTERNALSYM disabled.
      - Then the DCC32 -JPH will generate the basic structs for them.
    - Copy all the nested struct and union definitions to this file
    - Embed the definitions with (*$HPPEMIT '' *)
    - Append the typename at the end of the struct definition
    - Enable all the EXTERNALSYM again
    - Regenerate the HPP files by using DCC32 -JPH
  To make this process easier, we have introduced two new conditional defines:
    - BCB - disable EXTERNALSYM, disable HPPEMIT
    - VC6 - enable EXTERNALSYM, enable HPPEMIT

  A similar thing is with these constructions that VC6 does not like those either:
    - short strings (BCB defines them as "SmallString<##>" which VC6 does not like).
    - short integers (BCB defines them as "Shortint" so we have included an HPPEMIT for that)
}

{$ifdef win32}
  { important! Makes sure that the all enumerated types fit in exactly one byte each! }
  {$Z1}

  { force the C/C++ HPP header files to have the C/C++ compiler pack structure elements on byte boundaries }
  {$ifdef BCB}
    {$HPPEMIT '#pragma option push -a1' }
  {$endif BCB}
{$endif win32}

And the download (hopefully I have converted it to git by then):

The link to the converter is now [Archive.is] bitbucket.org/jeroenp/wiert.me/src/default/Native/… – Delphi Coder

–jeroen

Posted in Delphi, Delphi 5, Development, Software Development | Leave a Comment »

Chocolatey: forcing a certain package version and pinning it at that version

Posted by jpluimers on 2021/09/23

For my future self.

Due to an issue with choco-cleaner versions [WayBack] 0.0.6 and [WayBack] 0.0.7, I needed to ensure it was installed as version [WayBack] 0.0.5.2 and keep it that version.

Not sure if this is the canonical way, but this worked:

choco uninstall --yes choco-cleaner
choco install --yes choco-cleaner --version 0.0.5.2
choco pin add --name=choco-cleaner --version 0.0.5.2
choco pin list

This worked to revert:

choco pin remove --name=choco-cleaner
choco pin list
choco upgrade --yes choco-cleaner

Aftere this upgrade, choco-cleaner version 0.0.7.1 shows a nice error message when the environment variable %ChocolateyToolsLocation% fails to exist.

In that case calling RefreshEnv.cmd will create that environment variable.

Related:

–jeroen

Read the rest of this entry »

Posted in .NET, Chocolatey, CommandLine, Development, Power User, PowerShell, PowerShell, Scripting, Software Development, Windows | Leave a Comment »

Select-Object versus Write-Output: “The input object cannot be bound to any parameters for the command either because the command does not take pipeline input or the input and its properties do not match any o f the parameters that take pipeline input.”

Posted by jpluimers on 2021/09/23

I bumped in the error [WayBack] “The input object cannot be bound to any parameters for the command either because the command does not take pipeline input or the input and its properties do not match any of the parameters that take pipeline input.” when using [WayBack] Write-Output where [WayBack] Select-Object worked just fine.

This happened when playing around with detecting empty Chocolatey .nupkg package files.

$LibPath = Join-Path $env:ChocolateyInstall 'lib'
$NupkgFilter = '*.nupkg'

Get-ChildItem -Path $LibPath -Recurse -Filter $NupkgFilter | 
    Where-Object {($_.Length -eq 0) -and ($_.BaseName -eq "hg")} | 
        Sort-Object LastWriteTime | 
            Select-Object BaseName

<#
Get-ChildItem -Path $LibPath -Recurse -Filter $NupkgFilter | 
    Where-Object {($_.Length -eq 0) -and ($_.BaseName -eq "hg")} | 
        Sort-Object LastWriteTime | 
            Write-Output BaseName
## Write-Output : The input object cannot be bound to any parameters for the command either because the command does not take pipeline input or the input and its properties do not match any of the parameters that take pipeline input.
#>

Get-ChildItem -Path $LibPath -Recurse -Filter $NupkgFilter | 
    Where-Object {($_.Length -eq 0) -and ($_.BaseName -eq "hg")} | 
        Sort-Object LastWriteTime | 
            ForEach-Object { Write-Output $_.BaseName }

The output is also slightly different, hinting on the root cause:

BaseName
--------
hg      
hg

The above shows that Select-Object selects a list of BaseName properties (italic part), whereas Write-Output shows a single BaseName property content (bold part).

Read the rest of this entry »

Posted in .NET, CommandLine, Development, PowerShell, PowerShell, Scripting, Software Development | Leave a Comment »

 
%d bloggers like this: