Peace. Love. Hope. Strength. Solidarity. Persistence.

Peace, Hope, Love. Do not despair. (Or rather, feel free to work through any disappointment and despair, but then progress to more productive thoughts.) Let us be the leaders we need, those that can have compassion, can share with others, can fight for our rights and freedoms and defend the rights and freedoms of others. Let us be positive and willing to live in this world, talking with our family, friends, and neighbors; discussing divisive issues in a civil manner, and trying to see where the other person is coming from regarding a divisive issue, and then also standing beside each other in strength and solidarity where we agree.

It is difficult, to be sure – there are many issues that have two (or more) “sides” to them where no side is completely in the wrong. How do we work through these things and come to a conclusion aside from “agree to disagree”? I say we need to keep talking. Try to understand why each person has the view they do, and see where you can agree with some or all of their points while pointing out your own concerns, and how those concerns run counter to the other view, even though you see and respect that view, too. Perhaps we can come to agreement on how to move forward in a way that is for the benefit of all, and incorporates the ideas of both those “sides.”

Above all, please do not immediately jump into an “Us” vs. “Them” mindset. Even if someone is screaming their opposing view in your face – they came to that view through their own experiences and knowledge in this world. Perhaps you can learn something from them. Perhaps you can eventually teach them something about how you came to your view. But if you immediately jump to a “Oh s/he is one of THEM,” then nothing will ever be accomplished except division and negativity.

Let us all try to come together.

Two of my friends expressed sentiments regarding Donald Trump winning the presidential election that I’d like to share (I’ve gotten their permission):

From Jessi Mae:

I can’t help but feel angry at people who spent this campaign talking about how they were going to hold their noses and vote this year. We needed hope and optimism, like we had with Obama. What we got was Donald Trump as president.

But it is done now, and we can’t change the past. I’m going to let myself be angry and upset, but only for a little while. We have things to do.

Please, let’s just love each other a little bit more. Let’s show the bullies of the world what we can do when we lift each other up, rather than tearing each other down. Let’s lie a little less. Let’s not be afraid to be a little vulnerable.

Now, our jobs are more important than ever. We must be the change we NEED to see in this world. Our children are watching.

From Liam O’Shea:

Well, I didn’t vote for him, but we’ve managed to chose Trump as the next President. Personally, while I don’t think there’s a nuclear holocaust in the offing, i do feel we’re likely to regress in some key areas (science, education, environment, civil rights), but there may still be room for some good to occur, and hey, i could always be way wrong (but i don’t think i am).

This result really shouldn’t be a surprise. During the democratic primary, one of the big talking points was that there was no likely scenario in which Clinton beats Trump. The view was that only Sanders could do it. Democrats chose Hilary, and that narrative suddenly changed to Trump has no path to 270. That new narrative persisted until last week, when all of a sudden, there’s a very narrow gap in the polling numbers.

I still don’t see any coherent policy from President-Elect Trump, and I honestly don’t believe he understands how government actually works. That could mean the first two years of his presidency are mired in learning how things are done and sounding out policy. That might actually work to our benefit as a nation – if only one thing can get done at a time, then judging fallout from new policy should be a little easier, which could make Presidential policy course corrections easier (or more easily highlight the need for changes at Mid-Term)

Depending on who you talk to, this election is either a ringing endorsement of Democracy (when everyone gets out to vote, the corrupt political establishment can be overcome), or it can paint democracy in a very damning light (Look what happens when everyone is given an equal say in how everything is done – a lunatic gets elected by appealing to the fears and divisive nature of society), and I honestly think there’s truth in both sides of that argument.

Going back to my statement from yesterday, if you aren’t content with the results of yesterday’s election, then begin today the process of identifying your upcoming incumbents. Learn the platforms. If you come across negative press (or really positive press even) citing a sound bite or quoting only a small portion of a talk, go looking for the source. Read the speech transcript, read their opinion papers, etc. Get to know what is going on around you and look for opportunities to change.

In the meantime, your countrymen-and-women are not your enemies. They aren’t sub human, or scum, or slime, for holding different opinions or having differing priorities when it comes to education, healthcare, or social policy. It also isn’t ok to lord over someone that some other candidate was elected. Be Adult about this stuff.

Tone down the “I’m leaving” rhetoric. Emigration only helps lock in whatever path we’re now on.

For better or worse, this is now the world we live in. Democrats, pick your battles. Republicans, be true to the citizens that elected you and those that didn’t, and remember that our founders were agents of compromise, if nothing else.

Fix VolumeUp|VolumeDown|Mute/Unmute keyboard keys in Lubuntu

Mostly for my own reference; to get the Volume Up/Volume Down/{Mute|Unmute} keys to work on my Microsoft Natural Ergonomic Keyboard 4000 in Lubuntu (Ubuntu with LXDE/Openbox), I had to modify the lubuntu-rc.xml file to indicate the correct commands to execute when those keys were pressed.

Initially, I thought that the system wasn’t identifying the keys correctly, so I was using the xev tool to see what keycode was being sent to the system, but I found that the system already understood the keys properly. (They were identified as XF86AudioRaiseVolume, XF86AudioLowerVolume, and XF86AudioMute.)

The problem was that I am using the pulse audio daemon and the incorrect commands were being executed to adjust volume/mute/etc.

So, I edited ~/.config/openbox/lubuntu-rc.xml, looking for “volume” and commenting out the old command, substituting in the correct command as follows:

    <!-- Keybinding for Volume management -->
    <keybind key="XF86AudioRaiseVolume">
      <action name="Execute">
        <!-- <command>amixer -q sset Master 3%+ unmute</command> -->
        <command>amixer -D pulse set Master 3%+ unmute</command>
      </action>
    </keybind>
    <keybind key="XF86AudioLowerVolume">
      <action name="Execute">
        <!-- <command>amixer -q sset Master 3%- unmute</command> -->
        <command>amixer -D pulse set Master 3%- unmute</command>
      </action>
    </keybind>
    <keybind key="XF86AudioMute">
      <action name="Execute">
        <!-- <command>amixer -q sset Master toggle</command> -->
        <command>amixer -D pulse set Master toggle</command>
      </action>
    </keybind>

Then I ran the command openbox --reconfigure to reload the configuration file.

Success!

OpenSSH internal-sftp chroot logging on Ubuntu

I’m putting this here mainly to store it for myself, so these are going to be rough notes until I have time or inclination to review and edit this post.

Note: this solution was formulated on a server running Ubuntu Server 14.04 LTS

To setup sftp chroot directories for sftp-only users, and yet still log all actions & transfers like a “xferlog”, you need to somehow get the chrooted user to be allowed to write log data into the main syslog daemon.

First of all, you need the following in your sshd_config, and make certain to pay attention to the “ForceCommand” line, as I was missing that at first, and therefore, you are not changing the logging for the chroot users, just the non-chroot users:

Subsystem sftp internal-sftp -l VERBOSE -f LOCAL6

# Next section restricts users in sftpusers group to chrootDirectory

Match Group sftpusers
  ChrootDirectory %h
  ForceCommand internal-sftp -u 002 -l VERBOSE -f LOCAL6
  AllowTcpForwarding no
  PermitTunnel no
  X11Forwarding no

Now, you want to have a line like this in your /etc/rsyslog.d/50-default.conf or other /etc/rsyslog.d/*.conf file, in order to direct the sftp verbose logs to a specific file:

local6.*			/var/log/sftp.log

Then, you have a couple of options on how to proceed. The first way I got working was to add another listening socket in the rsyslogd config, with this line:

$AddUnixListenSocket /home/username/dev/log

You could also use this method:

mkdir /home/username/dev
touch /home/username/dev/log
chmod 511 /home/username/dev
chattr +i /home/username/dev
mount --bind /dev/log /home/username/dev/log

Either one should work for you – the question is how you want to handle the situation, especially if you have either a large number of users, or a constantly changing user base; you’ll have to orchestrate either adding the special mount point and then having a lot of extra mounts, or adding a lot of extra listening socket files in rsyslogd. I leave it to you to decide which is better for your situation.

I also saw a method that didn’t work for me, but was for HP-UX, and might work for Solaris, too, over here: http://community.hpe.com/t5/Security/ssh-subsystem-internal-sftp-chroot-and-logging/td-p/5272802

Import Xen VM from .xva file via cmd-line or GUI

Importing a Xen VM from a .xva file

Import/Restore a Xen VM from a backed-up image file, likely a backup taken of a VM prior to the destruction of said VM for any reason.

Import via command line (faster and preferred method)

This method took 2:33 (2 minutes 33 seconds) to import a VM that had an 8GB HDD, of which 6 GB was used

  1. Ensure you have mounted the location with the .xva file. For instance, if it is a remote NFS store, you may want to check the current mount points, or execute:

    mount -t nfs 10.1.1.250:/mnt/backups/xenbackups /mnt/backup
    
  2. Take note of the filename & path that you will use for restoration/import, such as:

    /mnt/backup/Test-VM-2016-02-17_12-23-01.xva
    
  3. If you don’t have shared storage in your Xen Pool, or if you wish to place the VM on a specific server or Storage Repository (SR), execute the command:

    xe sr-list
    

    which will produce output such as this:

                uuid ( RO): 73a394e5-2a60-a13d-9c42-4987d81c1a77
          name-label ( RW): DVD drives
    name-description ( RW): Physical DVD drives
                host ( RO): XEN-SRV-4
                type ( RO): udev
        content-type ( RO): iso
    
                uuid ( RO): 3b3346b2-d08a-90a8-bc13-321e0fe988d9
          name-label ( RW): Removable storage
    name-description ( RW): 
                host ( RO): XEN-SRV-4
                type ( RO): udev
        content-type ( RO): disk
    
                uuid ( RO): 69659292-ca18-3875-8c3b-1c9873db1dc0
          name-label ( RW): Local storage
    name-description ( RW): 
                host ( RO): XEN-SRV-4
                type ( RO): lvm
        content-type ( RO): user
    

    Take note of the uuid of the “Local Storage” of the host on which you wish to place the VM. In this case, if we want to place the VM on “XEN-SRV-4,” then we will need the uuid “69659292-ca18-3875-8c3b-1c9873db1dc0

  4. Using the uuid & filename from above, you can then execute the vm-import command thus, preferably on the physical host where you are importing the VM, to minimize network traffic and potential slowdowns caused by passing packets from one server to another unnecessarily:

    xe vm-import filename=/mnt/backup/Test-VM-2016-02-17_12-23-01.xva sr-uuid=69659292-ca18-3875-8c3b-1c9873db1dc0
    

    If you want or need to retain the VIF MAC addresses (such as for a VM that gets its IP Address via DHCP), ensure that you specify the preserve=true option such as:

    xe vm-import filename=/mnt/backup/Test-VM-2016-02-17_12-23-01.xva sr-uuid=69659292-ca18-3875-8c3b-1c9873db1dc0 preserve=true
    
  5. If you wish to have the VM start automatically when the Hypervisor/Host boots, ensure you re-enable the autostart option, as it does not get restored when importing a VM from a file. For that, you’ll need the uuid of the VM (xe vm-list can help you there) and then you need to execute:

    xe vm-param-set uuid=<UUID-OF-VM> other-config:auto_poweron=true
    

Import via Windows XenCenter GUI (slower method)

This method took 22:40 (22 minutes 40 seconds) to import a VM that had an 8GB HDD, of which 6 GB was used, an order of magnitude slower than the command-line method above

  1. First, map a drive to the location with the backups (For instance, map X: to \\backups.my.domain\xenbackups) which you can optionally do via the GUI, or with command line:

    net use x: \\backups.my.domain\xenbackups /user:<USERNAME>
    
  2. Take note of the filename & path that you will use for restoration/import, such as:

    X:\Test-VM-2016-02-17_12-23-01.xva
    
  3. Right-click on the physical host you wish to place the VM onto (such as XEN-SRV-4), then select Import…

  4. Click Browse… to select the file containing the image you wish you import (X:\Test-VM-2016-02-17_12-23-01.xva) then click Next

  5. Select the Home Server for the VM (XEN-SRV-4 in this case), then click Next

  6. Select the storage for the VM HDD(s), which if you don’t have shared storage, will be the Local Storage of the Home Server, then click Import >

  7. Select final networking settings and finalize the import. The VM should start automatically after the import is complete.

  8. If you wish to have the VM start automatically when the Hypervisor/Host boots, you’ll need to ensure you re-enable the autostart option, as it does not get restored when importing a VM from a file. For that, you’ll need the to login to the shell (SSH/terminal) of one of the Xen Hosts, and will need the uuid of the VM (xe vm-list can help you there) and then from the shell, you need to execute:

    xe vm-param-set uuid=<UUID-OF-VM> other-config:auto_poweron=true
    

Girls, please do <whatever> “Like a Girl”

Doing something “Like a Girl” is not an insult in my mind, and it shouldn’t be one in the public consciousness, either. If someone tells my daughter, Abby, that she does something “like a girl,” I want her to reply with the attitude “Heck yeah, I do!” and show them how a girl can kick butt at whatever it is.

From Elite Daily: These Young Girls Prove That Doing Things ‘Like A Girl’ Isn’t A Bad Thing

 

Flash plugin crashing in Firefox on Windows 8 with StackHash_fa66 error

As of today, 2014-01-07, I am running Firefox 26.0 on Windows 8 with the Adobe Flash Plugin 11,9,900,170.

For the past few weeks, whenever I attempted to load a site that utilizes the flash plugin, I would receive an application crash error with the following details:

Problem signature:

  Problem Event Name:                        APPCRASH

  Application Name:                             FlashPlayerPlugin_11_9_900_170.exe

  Application Version:                           11.9.900.170

  Application Timestamp:                    529b79bf

  Fault Module Name:                          StackHash_fa66

  Fault Module Version:                        0.0.0.0

  Fault Module Timestamp:                 00000000

  Exception Code:                                  c00001a5

  Exception Offset:                                PCH_1C_FROM_ntdll+0x0002DC34

  OS Version:                                          6.2.9200.2.0.0.256.48

  Locale ID:                                             1033

  Additional Information 1:                  fa66

  Additional Information 2:                  fa6696398de2b9f98383d7a3bf5c3ea1

  Additional Information 3:                  fa66

  Additional Information 4:                  fa6696398de2b9f98383d7a3bf5c3ea1

 

Read our privacy statement online:

  http://go.microsoft.com/fwlink/?linkid=190175

 

If the online privacy statement is not available, please read our privacy statement offline:

  C:\Windows\system32\en-US\erofflps.txt

And I found tips all over the ‘Net for how to resolve it, but most of them advised to reinstall the Flash plugin, which I had done many times to no avail, or to perform an application repair from the Control Panel, which was also not helpful in my case. I finally found the answer, via a mention of mms.cfg in this Mozilla support forum post: https://support.mozilla.org/en-US/questions/969522?esab=a&s=uac&r=3&as=s, and then the details via this forum page from Adobe: http://forums.adobe.com/thread/1018071?tstart=0

The fix for me was to simply disable Adobe Flash’s Protected Mode via editing C:\Windows\SYSWOW64\Macromed\Flash\mms.cfg and adding the line:
ProtectedMode=0
then saving & closing the file, restarting Firefox, and reloading the Flash plugin (via visiting a site that uses Flash and activating the plugin.)

I don’t believe this to be the “Correct” fix, and this will need to be revisited in the near future, but there is definitely some type of incompatibility with Firefox 26.0, Windows 8, and Flash 11.9 (and according to the first forum post I linked up, Flash 11.8, as well. Users of other operating systems appear to have this problem at times, too, including Windows Vista, Mac OS X (not sure which version), and at least one Linux user (not sure which distro, version, or any other details.) — This informs me (anecdotally) that this may be inherent in some part of the Flash libraries, not the host OS.)

Regardless, that is how I solved it, and it took my considerable time to find the correct fix for me, so I am posting this here to help with Google searches for either the StackHash error code “StackHash_fa66” or “fa6696398de2b9f98383d7a3bf5c3ea1” or for searches on the DLL error code “PCH_1C_FROM_ntdll+0x0002DC34”

Best of luck to you!

AutoMySQLBackup authentication error

Note: If using automysqlbackup to backup all your MySQL databases on a Linux host, and you are getting the error:

ERROR 1045 (28000): Access denied for user ‘automysqlbackup’@’localhost’ (using password: YES)

even though you test it on the command line and can successfully login as the automysqlbackup user (or whichever user you are using for backups), make certain that the password for that user (‘automysqlbackup’ in my case) does not have any shell metacharacters, such as # or $, etc., or find the proper way to quote the password in the configuration file for automysqlbackup. (perhaps it is single quotes, perhaps double quotes…I did not test it, as I was “on the clock”, per se, and just removed the shell metacharacters from my password.)

See these two posts for more information:

http://www.baselogic.com/blog/system-administration/error-1045-28000-access-denied-for-user-userlocalhost-using-password-yes/

http://bytes.com/topic/mysql/answers/141960-strange-authentication-trouble-about-mysqldump-error-1045-a

Serving static content through the ASP.NET handler on Windows 2003 / IIS 6.0

I recently had the need to process static file types (particularly *.html and *.pdf files) through the .NET processor/Framework on a Windows 2003 / IIS 6.0 server for the purpose of redirecting certain URLs. Having done this in the past, I knew I simply needed to add an application mapping for each file extension to the .NET processor. (Read more about that at Microsoft’s page for How to: Configure an HTTP Handler Extension in IIS – in this case, for the last step, we want to make certain that “Verify that file exists” is NOT checked, because we want to redirect URLs for files that do not exist on the filesystem, therefore, you don’t want to check for the existence of those files.)

And it should Just Work™. (Provided you set up your redirect module properly, etc.)

 

IT. DOES. NOT. WORK.

 

Well, let me clarify: It worked in the case that I had a redirect setup for a file that did not exist on the filesystem. So, the actual redirect worked great. (yay!) However,

HOWEVER . . .

If there was a file on the filesystem with extension .html or .pdf that DID exist and I DID want to serve up to the client, it did NOT work. All I got was the error “The connection was reset”

Upon examination of the problem, IIS just drops/resets the connection without sending any content to the client web browser, which is what causes this error. (Now, this worked just fine in Windows 2000 / IIS 5, so I was perplexed at this behavior.)

 

On Win2K3, IIS 6, in the master web.config file (usually “C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\web.config“), under the section “<system.web><httpHandlers>” the next to last handler is “<add path="*" verb="GET,HEAD,POST" type="System.Web.DefaultHttpHandler" validate="true" />

That handler is what is supposed to serve up any content that is not handled by some other predefined .NET handler, such as the Page Builder handler for .aspx pages, for instance. IIS should use this “System.Web.DefaultHttpHander” to basically dump the content of the file to the IO Stream feeding your web browser’s connection to the server.

Unfortunately, this does not work properly on my default installs of Windows 2003 Web Edition.

 

To work around this problem, you need to redefine the http handler for your specific file types, or for the wildcard type. You can do this in a site specific web.config, or you can modify the system web.config to be what I consider to be “correct.”

In your site web.config, use the following:

  <system.web>
    <httpHandlers>
      <add path="*.html" verb="*" type="System.Web.StaticFileHandler" validate="true" />
      <add path="*.pdf" verb="*" type="System.Web.StaticFileHandler" validate="true" />
    </httpHandlers>
  </system.web>

Or to cover the wildcard extension (all files, with, or without, extensions):

  <system.web>
    <httpHandlers>
      <add path="*" verb="*" type="System.Web.StaticFileHandler" validate="true" />
    </httpHandlers>
  </system.web>

And that will solve the problem for your site.

To solve it for your entire web server, though, AT YOUR OWN RISK (there may be unknown repercussions!!!), just change that “next to last” httpHandler in the system “C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\web.config” to use “System.Web.StaticFileHandler” instead of “System.Web.DefaultHttpHandler”.

Thanks very much to this resource at Microsoft.com: You receive a “Page cannot be displayed” error message when you use an ASP.NET application to open an .htm file or another static file that is hosted in IIS 6.0

What’s the worst that could happen?

Watch this. Regardless of how you feel about global climate change, this video could help you choose a path of action to the future. Watch it and decide for yourself how you should live.

Greg Craven’s website

For people citing the whole “Climategate” issue where it was thought that data was falsified by scientists, read the Wikipedia article on the whole thing, as there is tons of data there, including the fact that several organizations took a good look at the data and methods used by those scientists and found that there was no misconduct.