The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,862 other subscribers

apache links for log formats, log kinds, etc

Posted by jpluimers on 2017/01/27

Am I the only one who thinks Apache logging configuration is a mess? Especially when you look at the templates shipping with various *nix distros?

Files like vhost-ssl.template and vhost.template using different ways of logging for the same thing make me cringe. This apart from ordering of configuration between the files being different, some lines doing tab-indent and others doing space-indent and non-matching spaces-per-tab settings between the files.

The apache wiki examples have different issues.

How can you expect mere mortals getting vhost configuration right when the provided templates are so bad?

Given the move towards SSL/TLS, mortals like me won’t easily get it right either.

A few things I think that should be done:

  • For vhosts, standardise on vhost_combined, not  combined.
  • Favour CustomLog over TransferLog.
  • Make a choice: either log in a Catch All log file, or put each vhost log in different files (now it’s different for the SSL and normal template).
  • If using separate log files per vhost, then include a vhost reference in the log filenames.
  • Add a vhost_ssl_combined in addition to ssl_combined.
  • Document ErrorLog in the same place as CustomLog and TransferLog.
  • Provide templates for combining regular and SSL vhost configs which currently is hard.
  • Make timestamps in logging formats the same. They are different between ssl_combined and the others. Don’t you hate that? What happened to ISO-8601?

–jeroen

Posted in *nix, Apache2, Linux, openSuSE, Power User, SuSE Linux | Leave a Comment »

Multiple wifi access points / seamless handoff – Spiceworks

Posted by jpluimers on 2017/01/27

These seem to be the brands to look into:

  • Ubiquiti
  • Meraki
  • Ruckus

Source: Multiple wifi access points / seamless handoff – Spiceworks

–jeroen

Posted in Internet, Power User, Ubiquiti, WiFi | Leave a Comment »

inversepath/usbarmory: USB armory: open source flash-drive-sized computer

Posted by jpluimers on 2017/01/26

Source: Inverse Path - USB armory

Source: Inverse Path – USB armory

usbarmory – USB armory: open source flash-drive-sized computer

Roughly EUR 100 excluding, SD card, host adapter and enclousure.

Source: inversepath/usbarmory: USB armory: open source flash-drive-sized computer

Since I was talking about security anyway…. this is a nice toy for breaking open laptops or desktops when the administrator forbade the installation of software, or you want software on it executed. This is often the case with company devices, e.g. the laptops which are supplied by banks to their 3rd party suppliers. Outsourcing is cool, remember?

This is a computer on a stick which can run a Linux kernel. In combination with some USB gadget kernel modules, it can be configured to authenticate itself as any device. All you need to do is plug it in, and iterate by brute force through the device identifiers until you hit one which is accepted to be used. Store the statically linked software you want to install or run on the stick beforehand, and here you go. So if you ever need a SSH client on a “secure” Windows laptop… putty.exe FTW.

Posted by Ralf Ramge – Google+

–jeroen

via: Since I was talking about security anyway…. this is a nice toy for breaking open laptops or desktops when the administrator forbade the installation of… – Kristian Köhntopp – Google+

Posted in *nix, Hardware, Pen Testing, Power User, Security, USB | Leave a Comment »

fixing a Mac home `brew update` that has permission errors (after that I could install plantuml)

Posted by jpluimers on 2017/01/26

I had this occurring on my system:

RetinaMBPro1TB:~ jeroenp$ brew update
error: unable to unlink old 'Library/ENV/pkgconfig/10.11/libcurl.pc' (Permission denied)
error: unable to unlink old 'Library/ENV/pkgconfig/10.11/libxml-2.0.pc' (Permission denied)
error: unable to unlink old 'Library/ENV/pkgconfig/10.11/sqlite3.pc' (Permission denied)
To restore the stashed changes to /usr/local run:
  'cd /usr/local && git stash pop'
Already up-to-date.

This is how I solved it:

RetinaMBPro1TB:~ jeroenp$ ls -al /usr/local | grep -w Library
drwxr-xr-x+ 11 jeroenp  admin   374 Mar  9 19:33 Library
RetinaMBPro1TB:~ jeroenp$ sudo chown -R $USER /usr/local/Library/
Password:
RetinaMBPro1TB:~ jeroenp$ brew update
To restore the stashed changes to /usr/local run:
  'cd /usr/local && git stash pop'
Updated Homebrew from d32996d to 638d755.
==> New Formulae
...
==> Updated Formulae
...
==> Renamed Formulae
...
==> Deleted Formulae
...
RetinaMBPro1TB:~ jeroenp$

The above solution is based on major python problems · Issue #48301 · Homebrew/homebrew

After that, I could install plantuml (which requires java, just so you know) so now I can create SVGs from it locally:

plantuml -tsvg PSO.network-diagram.PlantUML.txt

Note I had to edit the formula so it installs plantuml-8037 or higher (the git version back then installed plantuml-8031) as it fixed a namespace bug. Since plantuml releases often, be prepared to do some version fiddling.

–jeroen

Posted in *nix, *nix-tools, Apple, Development, Diagram, Home brew / homebrew, Java, Java Platform, Mac, Mac OS X / OS X / MacOS, Mac OS X 10.5 Leopard, Mac OS X 10.6 Snow Leopard, MacBook, MacBook Retina, MacBook-Air, MacBook-Pro, MacMini, OS X 10.10 Yosemite, OS X 10.8 Mountain Lion, OS X 10.9 Mavericks, PlantUML, Power User, Software Development, UML | Leave a Comment »

QCon London 2017 | Software Development Conference

Posted by jpluimers on 2017/01/26

Need to check this out:

Register now for QCon London, a practitioner-driven conference designed for team leads, architects and project management, that tracks innovation in enterprise software.

Source: QCon London 2017 | Software Development Conference

Posted in Conferences, Development, Event, Software Development | Leave a Comment »

Coding width – via “Is it common to print out code on paper?” – Programmers Stack Exchange

Posted by jpluimers on 2017/01/25

I don't often read code, but when I do, I print it.

I don’t often read code, but when I do, I print it.

For I a very long time, I’ve been formatting code until about 130 characters width and recently remembered out why:

… remember printing in landscape allowed 132 characters.At Uni, I used to regularly print my code on green bar paper…

Source: Is it common to print out code on paper? – Programmers Stack Exchange

It got back memories of working on VT102 terminals and Hercules Graphics Cards adapters doing VAX-VMS (FORTRAN and Pascal) and DOS (Turbo Pascal) programming. The VT102 could do 132 columns (the VT52 only 80) and it was no coincidence that most HGC could do 132 columns as well.

Printing was usually on green-bar paper (in Dutch “zebra-papier”) which was 132 columns wide in landscape form on most line printers.

–jeroen

via: #dailygadellaa – Jeroen Wiert Pluimers – Google+

Read the rest of this entry »

Posted in Development, Power User, Software Development | 1 Comment »

Some notes and links on hacking a Philips TVs TCP ports

Posted by jpluimers on 2017/01/25

In my case this is about a Philips 42PFL7676H TV, but this likely applies to many Philips TVs from the 2009-2012 era.

According to nmap, these ports are open:

PORT STATE SERVICE REASON VERSION
1925/tcp open unknown syn-ack
2323/tcp open 3d-nfsd? syn-ack
49153/tcp open upnp syn-ack Philips Intel UPnP SDK 1.4 (Philips Smart TV; UPnP 1.0; DLNADOC 1.50)

TCP port 1925 is actually implementing the jointSPACE REST API over HTTP which has some nice documentation (also locally on your TV).

PCremote implements this and is easy to install: just download (or git clone) the html locally or to a web-server and try it, or even easier: browse to the www.netdata.be/tv site. You can even use it on your Raspberry Pi. There is also support for jointSPACE it in agocontrol.

Two nice threads about it from the Philips support forum:

TCP port 2323 seems to be the voodooport which should enable you to do DirectFB Voodoo.

Jean-Marc Harvengt (software engineer at Philips) showed a nice demo (see video below) on using VooDoo. I wish he had published the source code.

TCP port 49153 also hosts an HTTP server. The base URL I could find information about is 192.168.71.115:49153/nmrDescription.xml It seems that nmrDescription.xml has to do with DLNA and upnp.

Later on I found that my brothers 32PFL7675H TV should also support JointSPACE, but that it had to be activated:

AFTER upgrading to the new firmware, jointSPACE NEEDS TO BE ACTIVATED by entering the following digits sequence while watching TV (WatchTV activity): “5646877223

Source: jointSPACE TVs Developers

Before activation, only port was open 49153. After that, port 2323 was open as well. But the www.netdata.be/tv app doesn’t work on this TV. This does work however: Philips MyRemote – Android Apps on Google Play

–jeroen

Read the rest of this entry »

Posted in Communications Development, Development, Hardware Interfacing, HTTP, Internet protocol suite, REST, TCP | Leave a Comment »

Using the github version of certbot (formerly letsencrypt) to get Let’s Encrypt certificates

Posted by jpluimers on 2017/01/24

The Let’s Encrypt certbot (formerly letsencrypt) had some trouble on my machinery.

When trying to test if Apache default default · Issue #3307 · certbot/certbot and opensuse Tumbleweed: Each time I run certbot, a line with Listen 443 gets added to /etc/apache2/httpd.conf · Issue #3364 · certbot/certbot were fixed, I had to run certbot directly using specific github branches.

Normally certbot queries https://pypi.python.org/pypi/certbot/json to install the latest sanctioned version of itself. Which means this won’t work to run the version from github:

git clone https://github.com/certbot/certbot.git
cd certbot
./cerbot-auto <<command-line-parameters>>

But the below does:

git clone https://github.com/certbot/certbot.git
cd certbot
git checkout -b <<branch-name>>
./letsencrypt-auto-source/letsencrypt-auto --os-packages-only
./tools/venv.sh
source venv/bin/activate
cerbot <<command-line-parameters>>

The last statement will run ./venv/bin/certbot but you can also hard-code that (or perform which certbot to verify the directory is on the pat).

I used it to test with this branch:

git checkout -b origin/osrelease_like

The above are basically steps to setup a virtualenv as mentioned in Developer Guide — Certbot 0.9.0.dev0 documentation.

To undo, just run this from the certbot directory:

deactivate
rm -rf venv

The first statement will adjust your path and the second get rid of the virtual environment including all packages that were downloaded in it.

If you forgot to remove the venv directory, there might be old versions hanging around named like venv.1470590779.bak where the number in the middle is the number of seconds since unix epoch (1970-01-01 00:00:00 UTC) which you might want to remove as well.

Inside the venv environment you can use all kinds of Python tools, for instance:

  • Perform pip install ipdb after which you can add import ipdb;ipdb.set_trace() to any source line to break right into the Python debugger. There, it will drop you into debug console, which is pretty much fully fledged Python interpreter.
  • Run pip freeze to show all installed Python packages.

While testing, you can use the --test-cert or --staging command-line-options to use the Let’s Encrypt staging-environment this prevent running into the live environment rate limits (the main ones at time of writing are a Duplicate Certificate limit of 5 certificates per week and a Certificates per Registered Domain limit of 20 per week, whichever limit is lower).

–jeroen

Posted in *nix, Encryption, Let's Encrypt (letsencrypt/certbot), Linux, openSuSE, Power User, Security, SuSE Linux | Leave a Comment »

Interactive Rebase with SourceTree – via: Atlassian Blogs

Posted by jpluimers on 2017/01/24

Interesting read:

SourceTree is the middleman between you and Git, making it really easy to change your commit history through a simple user interface. You can drag and drop commits to reorder them or squash them, you can delete commits, reword the commit messages, edit them, or just leave them be.

More details at Atlassian Blogs: Interactive Rebase with SourceTree

Posted in Development, DVCS - Distributed Version Control, git, Software Development, Source Code Management, SourceTree | Leave a Comment »

Convert FRITZ!Box 7360 to Managed Switch (or even Access Point) having it’s own IP address: Setting up the FRITZ!Box as an IP client – via AVM International

Posted by jpluimers on 2017/01/23

This was a tad difficult to find as I searched for “Convert Fritz!Box to Switch” instead of “Convert Fritz!Box to Access Point”.

Since I had an old Fritz!Box 7360 lying around (from my ADSL era) and wanted to extend the cabled LAN for my brothers Fritz!Box 7490 with some low-bandwidth devices (max 100 megabit/second) I searched for Switch. My bad.

Oh I had to factory reset it as well as I forgot the management credentials. The AVM help on this is cumbersome: Loading the FRITZ!Box factory settings | FRITZ!Box 7360 | AVM International but the xs4all help includes a web-reset procedure as part of Internet: Reset procedures van mijn FRITZ!Box 7360 which translates to:

  1. Switch off the Fritz!Box (as this procedure needs to be done within 10 minutes of switching it on)
  2. Connect LAN2 to your computer
  3. Switch on the Fritz!Box
  4. Wait for a DHCP IP or (if you know the IP addresses) configure IP manually
  5. Go to the web-interface URL
  6. Indicate you forgot your password:

    Forgot your password?

    Forgot your password?

  7. Indicate you want a factory reset:

    Restore Factory Settings

    Restore Factory Settings

Anyway: with the above steps it becomes a Managed Switch (and if you don’t disable WiFi: Access Point too) that uses the primary internet connection as DHCP server (so it gets an IP address itself as well which means you can manage it).

Read the rest of this entry »

Posted in ADSL, Fritz!, Fritz!Box, Internet, Power User | Leave a Comment »

« Previous Entries
Next Entries »