Saturday, December 23, 2006

KB925398 Security Update for Windows Media Player 6.4

This is another set of patches that has some sort of conflict with CYGWIN running SSHD. it is enough to stop the SSHD service when the updates "hang" on the windows media update.

Thursday, December 21, 2006

Fixing orphaned users in SQL 2000

Here it is as I keep forgetting how to do it and every time I google it I get a different result...

Use db_name
go
sp_change_users_login 'update_one', 'user_name', 'user_name'

SQL 2005 full transaction log (Or how I almost cried)

Background:

SQL 2005 Express Edition with a full transaction log, the normal procedure that I would use for this (a development environment) would be to detach the DB, rename the transaction log to "trans_log.ldf.old" or similar, reattach the DB and go about my normal business.

Not so today, what happened was that the transaction log hit the limit with users still attached, tried to kill them off a-la SQL 2000 enterprise manager using the detach GUI and then hitting the clear users button without actually detaching the DB (sly dog).

This doesn't work in SQL 2005 (express edition at least) so I restarted the SQL2005EXPRESSservice and found that it had indeed detached the DB anyway.

What I had to do to resolve this:

Open up the "Attach Database" GUI window, select the transaction log in the lower pane and hit the remove button.
Hit the script button at the top
Go back to Management Studio and run the new script.
Bish-bosh your DB is now re-attached.

N.B. For some reason if you try to use the GUI window it barfs saying the transaction log is full, even if you have removed the transaction log .ldf from the database files...

Wednesday, October 11, 2006

Pound as a Proxy

We have been using Pound as a proxy to protect a ColdFusion Application server from the internet and limit its exposure to malicious traffic.

I think it is a very good system even though we aren't using it to its full potential yet, from what I have read about it it is able to do load-balancing and clustering and other cool stuff.


It can be a bit of a pain to get it to stop and start as a Daemon but other than that it is very good. It also handles the SSL for the servers behind it, as a standard Win32 Apache 2.0 installation doesn't come with the SSL component, any of the other servers that use SSL and Apache2/Win32 has to have an additional module added and configured, which to be honest is a bit of a pain.

To get pound to do SSL, its a matter of installing openssl, generating your keys and CSRs and certificates, then putting the key and Certificate into one file with a .pem extension and pointing the pound config at it! Restart Pound and you are laughing.

A word of warning, make sure to match up the key to the certificate and that the key is not password protected (see this blog post for more info) as well as that you are not allowed to have any trailing spaces in the .pem file, it makes Pound barf and it is not at all easy to debug when you get the config wrong. A bit of a hint (in Debian at least) is that if Pound doesn't start correctly, the bash prompt will be on the same line as Pound Restarting like

Pound Restarting:servername:/etc/init.d#

I found the above useful but other than that Pound is no help when it comes to finding out what is wrong.

Thursday, October 05, 2006

Exporting Protected .mov files with Quicktime

As you have probably seen, there are several video clips on this blog of the Apple Ad Spoofs provided courtesy of youTube and the great fuys at www.truenuff.com.

I managed to get the real .mov files by going into the source code for their page and downloading them using wget. I got a copy of Quicktime Pro 7 and realised that I could have these clips on my mobile if i could just export them as I had done plenty of times before for other files.
What happened was a bit of a pain, the export and save as options were greyed out and unselectable. I did a bit of googling and found out about protected .mov files and here is how to make them "unprotected"

  1. Download "dumpster" from apple
  2. Install it and run from your applications or utilities folder (doesnt matter where you put it) it looks like it doesnt do anything but if you check your dock there is a new icon there
  3. make a copy of your .mov file (Justin Casey)
  4. Drag the .mov file to the dumpster icon in the dock and a debug window will appear
  5. Scroll right to the bottom and there will be a key called NSAV
  6. Expand this and there will be two entries on one row $0000 and $0001
  7. Change the $0001 to $0000 and hit Apple + S or save the file in the menu.
  8. Open up your new unprotected .mov file and your export/save options are now enabled!
this does open up the quasi-legal/moral issue of what to do (or not to do) with these files.
I only unprotected it so I could view it on my phone and show other people, not to distribute it or profit from it in anyway, I think this is Fair Use but if anyone has a problem with it I will of course comply with any reasonable requests.


Keep up the good work Truenuff.com!

Monday, August 21, 2006

What your Browser reveals about you

Here
I use a mix of Safari, Firefox 1.5.0.x, Camino, IE 6.0 and Opera, I would try and use Camino normally but sometimes it breaks web pages and I have to open them in Safari/Firefox/Opera. I only use IE when absolutely necessary for testing page compatibility and I had IE 7 installed and took it out because it hurt my eyes. Think Opera V4 with bad icons....

Tuesday, August 08, 2006

Automating SQL 2005 Express Edition Backups

SQL2005 Express Edition w/ Management Studio Express looks like it is a very nice DB and management console, it falls down in one place (that I can see) and that is it is missing the maintenance Wizard that was found on SQL 2000.

Now I cant complain as it is a free application and a small stored procedure can restore most of the functionality as regards backups.

Not all the procedures that are required are activated by default and it is very simple to re-activate them. simply copy and paste this code into a text editor and save it as c:/enableprocs.sql

sp_configure 'show advanced options', 1;
GO
RECONFIGURE;
GO
sp_configure 'Ole Automation Procedures', 1;
GO
RECONFIGURE;
GO
sp_configure 'xp_cmdshell', 1
GO
RECONFIGURE
GO

Now execute this command from a "run" prompt
sqlcmd -S .\SQLExpress -i c:\enableprocs.sql

this enables the Ole Automation Procedures and the XP_CMDshell.

Get the expressmaint.sql script here

extract the script and save the .sql file to c:\expressmaint.sql

execute this command

sqlcmd -S .\SQLExpress -i c:\expressmaint.sql

This installs the expressmaint stored procedure which is necessary for this backup method.

PARAMETERS

@database Y NONE
The target database for the maintenance operation. Valid values are a single database name, ALL_USER which will process all user databases and ALL_SYSTEM which will process all system databases
@optype Y NONE

The type of maintenance operation to be performed. Valid values are

  • DB - Full Database Backup
  • DIFF - Differential Database Backup
  • LOG - Log Backup
  • CHECKDB - Database Integrity Check
  • REINDEX - Rebuild all indexes
  • REORG - Reorganize all indexes
@backupwith N NULL
Specify additional backup options as documented in BOL for the BACKUP WITH command
@backupfldr N NULL
The base folder to write the backups to. Sub folders will be created for each database
@verify N 1
Indicates whether to verify the backup file.
Valid values are 1 and 0 with 1 = TRUE and 0 = FALSE
@verifywith N NULL
Specify additional verify options as documented in BOL for the VERIFY WITH command
@dbretainunit N NULL
The unit of measure for the @dbretainval parameter. Valid values are minutes, hours, days, weeks, months and copies. The combination of these two parameters determines how long or how many copies of old backup files are kept
@dbretainval N 1
The time period or number of copies of old backups to keep
@report N 1
Indicates whether to produce a report of the maintenance carried out.
Valid values are 1 and 0 with 1 = TRUE and 0 = FALSE
@reportfldr N NULL
The folder where maintenance reports are written to if @report = 1
@rptretainunit N NULL
The unit of measure for the @rptretainval parameter. Valid values are minutes, hours, days, weeks, months and copies. The combination of these two parameters determines how long or how many copies of old reports are kept
@rptretainval N 1
The time period or number of copies of old reports to keep
@checkattrib N 0
Indicates whether to check the archive bit on a backup file before deleting it. This is a safety check to prevent deletion of files that have not been backed up onto tape.
Valid values are 1 and 0 with 1 = TRUE and 0 = FALSE
@delfirst N 0
Indicates whether to delete old backups prior to doing the current backup. This is not advisable but can be useful if disk space is limited.
Valid values are 1 and 0 with 1 = TRUE and 0 = FALSE
@debug N 0
Indicates whether print out debug information such as the commands generated and the contents of the temporary tables used in the procedure.
Valid values are 1 and 0 with 1 = TRUE and 0 = FALSE
This is the script that I use to backup all user databases, save it as  fullbackup.sql in c:\
exec expressmaint
@database = 'ALL_USER',
@optype = 'DB',
@backupfldr = 'd:\backups',
@reportfldr = 'd:\reports',
@verify = 1,
@dbretainunit = 'weeks',
@dbretainval = 1,
@rptretainunit = 'weeks',
@rptretainval = 1,
@report = 1

If you look at the parameters you will see that it backups all user databases, it puts the backups in d:/backups and the reports in d:/reports
it also retains reports and backups for 1 week.

Then just set up a scheduled task in windows to run
sqlcmd -S .\SQLExpress -i c:\fullbackup.sql
on whatever schedule you like. I recommend daily backups if not every 12hrs.

Monday, July 31, 2006

Trusted Computing

This is a video demonstrating some of the ideas behind "Trusted Computing" from an industry and a personal standpoint.

I like the idea of trusted computing, in that I will choose what to "trust" in as much as if i decide to make a device do something it wasnt designed to do, I can "trust" it and let it operate alongside whatever else I have plugged in.

In the case of industry Trusted Computing will take this away, it will restrict innovation and limit the spread of ideas, it will affect the 2nd hand hardware market as each device could be restricted to its original purchaser.

Thursday, July 27, 2006

Another Funny Video

Found out today how to post youTube videos on blogger, so have gone a bit nuts. This one has been doing the rounds for a while, but it still makes me laugh

Funny Mac Videos

These are some of the funniest mac videos that I have found so far, I hope that they make some more.

Networking:





Gaming:




Performance:


Tuesday, March 28, 2006

Installation of Debian on a Dell Poweredge 715n

As promised here is a detailed installation guide for debian on a PE715n NAS, in my case I am using it as a high capacity mirrored offsite backup (one onsite, matching one in a different office)

I'm still working on ironing out some of the bugs in my atrocious grammar so don't expect this to be the final version.

Installing Debian on a Dell Poweredge 715n NAS

This device is a 1u headless (no keyboard, mouse or monitor) computer, PIII 1ghz w/ 256MB RAM and 4 IDE HDDs accessible through the front bezel. It is designed to be installed using the Dell OpenManage and Kickstart software to install windows, this isn’t the easiest solution in the world, I wasn’t able to get access to the machine to configure it using this method after 4-5hrs work but was able to install debian within an hour of setting to the task (I Was much quicker the second time round)

This document is intended to explain the process for anyone that is interested or has one of these boxes to install and want a free O/S on it.

This install was performed via PXE,

The PXE (Preboot eXecution Environment) as described in the [ftp://download.intel.com/labs/manage/wfm/download/pxespec.pdf specification (v2.1)] published by Intel and Systemsoft is an environment to bootstrap computers using a network interface card independently of available data storage devices (like hard disks) or installed operating systems (like GNU/Linux). ...

This method requires an additional PC with a network port and a serial port. I used two separate machines (desktop w/ serial connection and network connection) and a laptop with a network connection for logging in to the server via SSH post-installation and getting more information off the internet!

The hardware setup is as follows.

Requirements

Crossover RJ45 network cable

Null-Modem serial cable

Active network connection (DHCP server preferred but not essential)

PC w/serial port and network connection

Step 1: configure Host PC for PXE environment

  1. get tftpd32 from http://tftpd32.jounin.net
  2. unzip this to any folder
  3. get the Debian net install from http://ftp.us.debian.org/debian/dists/unstable/main/installer-i386/current/images/netboot/
    download the netboot.tar.gz file and the pxelinux.0 file
  4. extract the netboot.tar.gz file to a folder called tftpboot and copy the pxelinux.0 file to this directory as well
  5. run tftpd32 and go to the settings button (centre at bottom of window)
  6. make sure the following boxes are ticked
    TFTP server, Syslog Server, DHCP Server, Save syslog message, PXE Compatibility, Show Progress bar. Set TFTP Security to none and set the base directory to where you extracted the netboot.tar.gz file, click on ok to return to the main menu
  7. on the DHCP server tab enter the following
    IP pool starting address: 192.168.1.1
    Size of pool: 10
    Bootfile: pxelinux.0
    WINS/DNS Server: 0.0.0.0
    Default Router: 0.0.0.0
    Mask: 255.255.255.0
    Domain name:
    Additional Option: 0
  8. click on save (vertical box to right of options)
  9. Set the “Current Directory” to the directory where you extracted netboot.tar.gz
  10. Exit tftpd32 and start it again
  11. Connect the network port on the PXE host pc to the 1st net interface on the powervault using the crossover cable and connect the serial cable as well
  12. in the tftpboot/debian-installer/i386/ directory there is a folder called pxelinux.cfg.serial-9600 copy the “default” file contained within to the tftpboot/pxelinux.cfg directory and open this file in your preferred text-editor (I used notepad as it was the only one installed on this PC)
  13. do a search and replace for 9600 and replace it with 115200
  14. Start hyperterminal or your preferred terminal emulator with the following parameters
    Bits per second: 115200
    Data bits: 8
    Parity: None
    Stop bits: 1
    Flow control: Xon/Xoff



Step 2: Setup the Powervault

  1. Power on the server and on the host computer hyperterminal window you will see the serial output of the boot process, there will be a prompt “Press F2 for Setup function” when you see this immediately press F2 (also try ESC+2), the boot will appear to continue but it will bring up a blue menu. Select option 3 “Reinstallation”, the server will bring up the message “This option will be carried out when the server reboots”, press Y to confirm this
  2. the server will reboot and after about 2-3 min will bring up a prompt(it may be a bit hard to read depending on your terminal emulator) press enter here and the debian installation process will begin.

Step 3: The debian installation pt.1 (Basics)

  1. Plug in the other network connection to the second Ethernet port on the server
  2. Select the default language (English)
  3. The next window will be the network setup, select eth1 as the primary (eth0 is the port connected to the crossover cable) if you have a DHCP server it should pick it up automatically, otherwise you will have to setup up your connection manually

Step 4: The debian installation pt. 2 (partitioning and LVM)

  1. At the partitioning options screen, select the manual method.
  2. On the next screen remove any existing partitions from all the drives
  3. create a new 100MB partition on the first drive, formatted as EXT3 and with a mount point of /boot
  4. create a new partition on the same drive for the remaining space, use these drives as “physical volume for LVM”
  5. create new partitions on the rest of the drives of %100 and used as “physical volume for LVM”
  6. on the main partitioning screen select the Configure LVM and select yes at the prompt (write partition changes to disk)
  7. select Modify Volume Groups
  8. add all the partitions available
  9. give it a meaningful name (PV715 in my case)
  10. select Modify Logical Volumes > Create Logical Volume
  11. give it the name “swap” press enter and select the Volume group it should belong to, in this case there is only one
  12. make it 1GB in size and use the “leave” option to return to the main menu
  13. repeat steps 10 – 12 for the following details
    a name of system and a capacity of 9GB
    a name of backups and 100% of the remaining capacity
  14. return to the partitioning menu and edit the LVM partitions at the bottom of the list, format them all as EXT3 except for the Logical Volume named swap, format it as swap. Mount the “system” Logical Volume as / and the backups Logical Volume as /backups
  15. select “write partition changes to disk” and let the installer format the drives.

Step 5: The debian installation pt. 3 (Finishing touches)

  1. When it prompts for what kind of system to install remove all options using the spacebar, the only one selected initially is standard setup, this includes an X-server amongst other things and is not necessary for a poweredge installation.
  2. let the installation complete and give it the required information, Root password, and the initial user account.
  3. When the installation completes altogether you will be presented with a login prompt on Hyperterminal on the host computer.
  4. Login using the standard user account and su to root, apt-get install the following options to make management easier: sudo vim nano jed ssh
  5. edit the /etc/network/interfaces file and give the server a static IP address on eth0 (initially)
  6. edit the /etc/sudoers file and add in any users that are to have SU privileges.
  7. do /etc/init.d/networking restart and the installation is complete!

Friday, March 24, 2006

Deploying ColdFusion 5 and MX7 on the same server

I have now successfully installed and have running CF5 and MX7 on the same server using multiple instances of Apache with different configuration files so that they run on different port numbers and each have their own administrator.
This was done so that a single laptop could be used to demo several different applications that the company I work for developed under CF5 and MX7, normally we would just use a dedicated demo serve but where the laptop is going there is no guarantee of connecting to them.

Apparently this is quite simple using Multiple instances of ColdFusion MX and MX7, but in this case it had to be CF5 which proved to be a bit of a pain. I initially thought about using IIS for CF5 with Apache running the MX7 side of things, but as IIS is the Server of the Beast I wanted to go for an all Apache installation.

The machine I started with had Apache 2.0.55 already installed and running CF5 so I will take it from there (see my earlier posts on how to get this working as Macromedia/Adobe dont officially support this combination)

INSTALLATION STEPS

1. Create a new Apache httpd.conf configuration file (copy and paste the CF5 httpd.conf if you like) in a subdirectory of Apache's "conf" folder , I called mine MX7 as this is what will be running on it. I also decided to subdivide the document roots for CF5 sites and for MX7 sites, this is not necessary but I found it made a confusing task a bit more manageable.

2. Create a new folder in your Apaches installation's conf folder (default installation will be c:\Program Files\Apache Group\Apache2\conf) name the folder MX7 and copy the httpd.conf file from the Apache conf folder into here.

3. Edit the httpd.conf file in the MX7 directory using your fave text editor, and amend the following lines

Listen 80 -> Listen 8080
ServerName servername:80 -> ServerName servername:8080
NameVirtualHost 127.0.0.1:80 -> NameVirtualHost 127.0.0.1:8080

make sure that the mod_rewite module is enabled in the LoadModule section(uncomment it in most Apache 2 installations)

4. Create a new VirtualHost with these details


ServerAdmin admin@server.com
DocumentRoot "Path/to/where/CFMX7/Administrator/is/going"
ServerName admin.localhost.com
ErrorLog logs/admin.localhost.com-error_log
CustomLog logs/admin.localhost.com-access_log common
RewriteEngine On
RewriteCond %{SERVER_PORT} !^8080$
RewriteRule ^/(.*) http://admin.localhost.com:%{SERVER_PORT}/$1 [L,R]


Make sure that the DocumentRoot exists!

Add this to your hosts file so

127.0.0.1 admin.localhost.com


5. Install CFMX7 Enterprise edition and select Multiserver configuration when prompted. It willask you for the Apache Binary (c:\Program Files\Apache Group\Apache2\bin\apache.exe) and the location of the configuration files (c:\Program Files\Apache Group\Apache2\conf\mx7) It may complain about a pre-existing installation but you can safely ignore this as this is a copy of the CF5 enabled httpd.conf. When asked where the CFAdministrator is to be installed, give it the location you specified as the DocumentRoot in Step 4

6. Open up a "run" prompt and use the following command (assuming default installation paths etc.)

"C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -f "C:\Program Files\Apache Group\Apache2\conf\mx7\httpd.conf"

Make sure to leave the quotes in for a change! You can also create a shortcut with the same parameters for easy access.

7. Go to "http://admin.localhost.com:8080/cfide/administrator" in your favourite browser and you should get the usual CFAdministrator prompt. You will however be asked about migration, you want to skip this step using the "skip" button as your installation has to exist alongside your CF5 installation and you copied a httpd.conf file that had been modified for CF5.

8. Your demo server is now ready to run applications for CF5 and MX7, now its time to add those VirtualHosts and DSNs to the CFAdministrators.


ADMINISTRATION

Administering CF5 (adding Applications and DataSources)

Edit your CF5 Apache configuration (I'll give you a hint, its not the one in the MX7 subdirectory)
and add a new VirtualHost in the normal way, you can copy and paste the example if you do not have any set up.
Add this directive inside the VirtualHost, I'm not sure if it is necessary for all installations but it was in my case so I am including it here for the sake of completeness.

DirectoryIndex index.cfm

This tells Apache to look for the index.cfm file as the index page, I also specify this in the general directive area.

The installation that I was preparing had a MSSQL server running on localhost, so I was using this as my Datasource.
When adding a DSN I had to add it using the CF5 CFadministrator and then go into Control Panel > Administrative Tools > Data Sources (ODBC) and amend the appropriate entry to make it point to the correct location and enable the connection

Administering CFMX7 (adding Applications and DataSources)

This is slightly more complicated as it is a non-standard deployment of CFMX7.
Firstly make sure that the MX7 enabled instance of Apache is running, if it is not, start it using the command shown above.

To add a new Application to Apache open up the MX7 httpd.conf file (found in the MX7 subdirectory if you followed these instructions) and add a VirtualHost, simply copy and paste the one you created for the CFAdministrator and change the following lines


ServerAdmin admin@server.com
DocumentRoot "Path/to/where/Application/is/located"
ServerName url.for.site
ErrorLog logs/url.for.site-error_log
CustomLog logs/url.for.site-access_log common
RewriteEngine On
RewriteCond %{SERVER_PORT} !^8080$
RewriteRule ^/(.*) http://url.for.site:%{SERVER_PORT}/$1 [L,R]


Once this is done and saved you can exit the MX7 Apache instance and restart it.

In my case I had to add the SQL server DBs as ODBC data sources and then add them in to CFadministrator that way instead of just adding them directly. I won't cover this here because if you are reading this far you obviously know your way around a server install.

There are a few additional notes that were important when running these installations.

If you need to restart the CF5 Apache instance (i.e. when adding a new application) it is necessary to stop the MX7 Instance and then restart CF5 and then start the MX7 instance again.

In the CF5 CFadministrator, Datasources that you added under MX7 will appear, but if you press "verify all connections" they will fail the check, this has the disadvantage that you cannot have a datasource in CF5 with the same name as an MX7 datasource.

If I was to do this installation again I would do some stuff differently, I would install MX7 first and give it port 80, this is down to the fact that in order to install CF5 along with Apache2 it is necessary to configure the httpd.conf file manually, I would also copy the httpd.conf file before installing CFMX7, this should stop it from complaining about migrating settings etc, also if I did install MX7 first, CF5 might barf when it sees the newer directives, I don't know for sure if it would do this, but better safe than sorry.

When the install was done, some of the applications didnt work straight away but this was down to the paths to the files and the URLs being slightly different.

I hope that this is of some use to someone else that comes across it. Next time I will probably try it using a VirtualMachine running Linux or Windows 2000 server edition, hopefully it would be a very tidy solution as the instances would run totally independently! That is an experiment for another day (Saturday, maybe?)

I have another fairly long post coming up detailing a headless install of a Dell Poweredge 715n NAS, using only a crossover network cable and a DB9 serial cable. Stay tuned!

Tuesday, January 31, 2006

SSHD Broken under Cygwin

A word of warning, be very, very careful when changing permissions of anything that Cygwin uses, in fact don't even think about doing it because more likely than not you will break it.

I came across this problem today when I changed the ownership on a Cygwin directory from SYSTEM to Administrators.

This broke SSH and the service would not start, it fails with the message "The service did not start or respond in a timely manner" or some nonsense like that.

The way to fix this is as follows

1. delete the file /var/log/sshd.log
2. open a bash shell and cd to /var
3. chown SYSTEM.none empty
4. chmod 0600 empty
5. cd to /etc and do
6. chown SYSTEM.none ssh*key
7. chmod 0600 ssh*key

you should now be able to start the SSH Daemon by either net start sshd or cygrunsrv -S sshd or starting it through services.msc

Tuesday, January 03, 2006

WOOOO!!! MAC WOOOO!!!

well this Christmas has got to be one of the best ever!
My fantastic wife made it so special for me it almost felt like being a child again, being shooed off to bed so that the presents could be laid out when we came down in the morning and all that.

She also managed to get me my mac mini and a few other bits and pieces without me realising it. This you might think would be simple but normally nothing happens in our house without me knowing about it, probably down to my unceasing need to know everything, even if it is none of my business!

When I unwrapped it on christmas morning there were a few choice words spoken, mostly unrepeatable...

Needless to say that it is one of the nicest bits of engineering that I have had the pleasure of using; OS X is such a joy to use, everything seems to fall to hand without thinking about it. It just seems to come naturally, even to someone with an almost exclusively windows background.

Expose just makes life so much more manageable and iPhoto is amazing. I havent had to install a single driver for any of the peripherals that I have hooked up to it. I still have to get used to some of its quirks like CTRL + "end" does not take you to the end of the line, only the end of the word.

And the fact that I am using a windows keyboard so I need to memorise which windows key maps to which Apple key.

Networking was picked up out of the box and just worked, even our strange VPN connection.

Anyway, I think I need a full day just to play around with it and learn more about where things go and how the permissions work.
I have spent far too long already messing about with the dock, the genie effect is so mesmerising...