Trying out Electron


Within the next year or so I would like to be using Linux as my full-time desktop. To get there I need to find a development platform that lets me create small, stand-alone, cross-platform GUI tools. While scripts are great, sometimes things can be a lot easier with a GUI.

One contender for this development framework role comes in the form of electron: a cross-platform development framework that lets you build desktop applications using HTML, CSS and JavaScript. I decided to take it for a spin and used it to create a small tool to examine a note taking database I exported from an old BlackBerry app.


BlackBerry Noted app - Database Viewer


As part of my continued migration to Android from BlackBerry OS 10 (and to try and pick a framework for cross-platform application development), I created a tool in both Electron as well as Qt variants to read and extract notes from the old Notepad application I used to use on BB 10 devices (Noted - Written by a friend of mine). While the user interface for this tool is not very sophisticated (especially the Electron version), it gets the job done.


Electron: Cannot find module 'app'


While attempting to use electron to write a cross-platform utility, I ran into an unexpected problem: The application would error out with a few weird messages like these:

  • App threw an error during load
    Error: Cannot find module 'app'
    at Module._resolveFilename (module.js:455:15)


  • App threw an error when running [TypeError: Cannot read property 'on' of undefined]
    A JavaScript error occurred in the main process
    Uncaught Exception:
    TypeError: Cannot read property 'on' of undefined


NextCloud / OwnCloud freezes or hangs on importing a large ICS file


This week marks a bittersweet end to my use of BlackBerry smartphones: I retired my BB Priv. BlackBerry no longer makes a device that I can advocate for or recommend. Part of my migration to a new device involves exporting an old device-local calendar that I have been carrying around since BB OS 7. The export went well (plenty of utilities on the app store will let you export a calendar) and I was left with a 16,000 line ICS file that I wanted to migrate.

The problem I ran into is that NextCloud hangs when it tries to process such a large calendar file and does not give any indication about the trouble it has (The web UI would hang with the words Import Scheduled).


OpenVAS gsad service: disable weak ciphers


I've been experimenting with OpenVAS for a few months now in my home lab. While the tool can be a bit fiddly at times it has found legitimate issues that would have been difficult for me to identify manually.

One interesting thing to note is that when OpenVAS scans itself (at least for installs that I've performed) is that it defaults to allowing certain weak ciphers. There is general guidance on how to lock-down the ciphers to a more secure configuration - it just requires some massaging if you run OpenVAS as a service which starts on boot.


BlackBerry Password keeper to KeePass Tool


I used to be a big BlackBerry fan and have used the company's devices for about 5 years. While BB10 was awesome, The BB Priv and it's android implementation were lacking. I recently migrated to a new Android device and faced a dilemma: what do I do with the over 600 passwords that have accumulated in the BB standard 'Password Keeper' tool?

To address this password migration situation I created the BB to KeePass Converter. This tool converts CSV exports from the BlackBerry Password Keeper tool and processes what it can (there are limitations) to save someone the hassle of re-entering all their passwords


Online Bash Regex Checker


A few years ago I needed a quick way to check if regular expressions would work in a Bash Shell, so I setup regexraptor.net. Over time I stopped using the site as the platforms I needed to automate were not super bash-heavy, yet the site carried on.

Fast Forward 4 years: Online Bash Regex Checker is one of the top searched for posts on Bored Wookie. The site is pretty bare-bones, but if you need to check a regular expression to see if it will work in a modern bash shell, why not take a look?


How to Interact with the LogRhythm SOAP API using Ruby


I recently had the opportunity to interact with the LogRhythm SOAP API. LogRhythm is a SIEM/IDS solution that has components which run on both Windows and Linux. They provide an HTTP/SOAP interface which allows for interacting with the system via well-defined API calls. This API runs in Windows/IIS.

My goal was to use ruby to interact with this API as part of a security data aggregation script I needed to execute. This article describes a couple things which helped me on my way to success.


NetScreen Admin MTU Setting and RST, Retransmissions & ICMP Type 3, Code 4 messages


Last time I posted something it had to do with troubleshooting MTU mis-match issues using Wireshark. Today I'd like to post some clarity for administrators who have Juniper NetScreen devices somewhere in their network back-bone.

I spent a lot of time poring through books, blog posts and 'kb' documents to understand what the NetScreens in my environment were doing. The end result was that we were able to alter the configuration of one of the devices to resolve the MTU mis-match issue (ICMP Type 3, Code 4 and tcp retransmissions / RST packets captured via WireShark).


MTU Mismatch and TCP Retransmissions


We had a mysterious issue in our network that caused certain SSH sessions and HTTPS/TLS sessions to fail intermittently. Some machines were unable to communicate at all while other machines could occasionally and sporadically establish a connection that would fail at inopportune times.

I performed a comprehensive analysis of our networking infrastructure and router configurations and captured PCAP files to gather enough data to root cause the problem. The core problem was an MTU mis-match between our gigabit network and our 100-megabit VPN tunnel.


Unlock hidden Synaptics Touch Pad settings in windows 10


I was working on a ZBook G3 the other day and ran into an infuriating issue with its Synaptics Touch Pad: The touch sensitivity out-of-the-box was set so high that when I slowly moved the cursor it would get jittery and not respond.

While examining specific trackpad details, I found that I have a Synaptics LuxPad V1.3 device that communicates using an SMB port (whatever that is!)

In investigating this further I found that the Synaptics driver hides the 'advanced settings' from windows 10 users for some inexplicable reason. Once enabled I was able to fine-tune the trackpad settings to be more bearable.


How to use the ruby Net::SSH gem to automate a NetScreen SSG


I recently had to automate the configuration of a NetScreen SSG device and decided to use ruby along with the net ssh gem to accomplish this.

The trouble is that when I use the basic ssh connection / command syntax listed on the github page I get an empty string back as a result, no matter what command I execute.

There is a way to automate ssh commands via the the channel api, though!

Updated May 21st, 2016: The NetScreen device is a far more wiley device than I had originally anticipated, so my original solution ended up not working. I dug deep and found a better way to automate the netscreen device.


NFS Exports on Centos 7 to ESXi


I spent a couple hours troubleshooting NFS today. The backup server I setup in 2010 is wearing out so I upgraded to a shiny new T320 (on sale!) and set out to reconfigure my NFS backup datastore to point to the new backup server.

Since I haven't played around with NFS in ages, I had forgotten what a joy it could be /s

In the end everything worked once I got the configuration straightened up, so yay!


pfSense Community Update: radiusd won't start in GUI


I've used pfSense in certain parts of my network for several years now. While there is occasionally a hiccup, most of the time the product works perfectly for my needs. Today I updated my installations to the latest update which re-brands the web console as "pfSense Community Edition". After the update I was unable to start the Radius service via the web console.


Configure a Centos 7 Samba Server to Use a Secure LDAP Authentication


I'm in the midst of re-implementing our network. Phase 1 entailed standing up a new OpenLDAP Server. Phase 2 involves setting up a new Samba server that can take user and groups from LDAP and use them to assign share permissions.

This guide will show how to take a Centos 7 Samba installation and configure it to talk securely to an LDAP server for authentication.

I will also cover how to get SMB3 transport encryption setup and working.


Configure Centos 7 and OpenLDAP for secure connections


As part of a network infrastructure refresh I ended up rebuilding our OpenLDAP and Samba servers so they would play nicely with each other. Configuring OpenLDAP is a non-trivial exercise which required examining dozens of web pages and PDFs to get the information I needed to complete my task.

Unfortunately, most resources out there on the internet revolve around configuring the slapd.conf file, which isn't a viable solution when standing up a new server given that OpenLDAP uses a newer and much more confusing system to store its settings.

This guide will walk through setting up OpenLDAP server that communicates using a self-signed certificate (LDAPS over port 636) and that has the appropriate schema files which allow a separate samba server to leverage OpenLDAP for share permissions (configuring Samba is a different article for another day!)


ldapadd: invalid format (line 16) entry: ""


While setting up a new OpenLDAP server (v2.4.40) I encountered an error message while running ldapadd to configure my base directory tree:

[rtrz@tehbox config_n_stuff]# ldapadd -x -W -D "cn=Manager,dc=domain,dc=tld" -f /var/prototypes/ldap_config/dit.domain.tld.ldif
Enter LDAP Password:
adding new entry "dc=domain,dc=tld"

ldapadd: invalid format (line 16) entry: ""


The solution to the problem was to remove the tab from line 16 of my ldif file. Apparently OpenLDAP does not like whitespace on blank or empty lines. Go figure.


rsyslog ommail doesn't work with SELinux enabled


I setup a new Centos 7 box yesterday and configured rsyslog to send me an email whenever there is a successful authentication attempt. The funny thing was that no email would get sent when rsyslog was run as a service, yet when I ran it directly from the command line it seemed to work correctly.

In digging deeper I found that SELinux was blocking syslog from sending emails and was able to resolve it with a few configuration changes.


Disable Karabiner for apps run through Codeweavers Crossover


At my new job we use a lot of Macs, so I have been reacquainting myself with OS X. To help me feel more at home I've been using Karabiner to remap keystrokes in ways that help Linux/Windows users like myself be more comfortable.

After moving to a MacBook I find I still need the occasional windows application to be productive so I use Codeweavers CrossOver. Not surprisingly, Karabiner doesn't care what application is running and performs its remapping regardless of the application being run.

I needed my Home/End keys to work correctly both inside and outside the Crossover environment so I reconfigured Karabiner to allow for this.


Windows 10 will not connect to WPA2 Enterprise after November update


I updated my laptop recently to find that my wifi connection stopped working. I run a pfSense machine which runs a FreeRADIUS server to handle authentication (with a goal of avoiding Microsoft's wifi credential sharing nonsense) and it looks like a recent MS update causes that to stop working.


How to fix the broken Tilde and Back-Tic keys in VMware Fusion


I installed VMware Fusion Pro recently and tried to use the Tilde key in debian, ubuntu, kali and windows Virtual machines without success. When I would try to type the ` or ~ keys I would get < and >, which was infuriating when working at a linux command prompt.

In digging around I eventually found a way to resolve the issue, I just wish it was easier.


Brew Update Error: Failure while executing: git stash pop --quiet


After updating to OS X El Capitan (Mac OS 10.11) I tried to update brew and got a couple lovely errors:

Error: The /usr/local directory is not writable.
Even if this directory was writable when you installed Homebrew, other
software may change permissions on this directory. Some versions of the
"InstantOn" component of Airfoil are known to do this.

You should probably change the ownership and permissions of /usr/local
back to your user account.
  sudo chown -R $(whoami):admin /usr/local

 

-- And this one --

 

Error: Failure while executing: git stash pop --quiet


Error: Failed to build gem native extension for ffi on Mac OS X


I'm starting a new ruby project to run my LED Lightboard using this gem from github. After following the instructions to add the dream-cheeky-led gem to the gemfile I ran bundle and found this error:

/Users/rioncarter/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/mkmf.rb:456:in `try_do': The compiler failed to generate an executable file. (RuntimeError)
You have to install development tools first.
    from /Users/rioncarter/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/mkmf.rb:587:in `try_cpp'
    from /Users/rioncarter/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/mkmf.rb:1067:in `block in have_header'
    from /Users/rioncarter/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/mkmf.rb:918:in `block in checking_for'
    from /Users/rioncarter/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/mkmf.rb:351:in `block (2 levels) in postpone'
    from /Users/rioncarter/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/mkmf.rb:321:in `open'
    from /Users/rioncarter/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/mkmf.rb:351:in `block in postpone'
    from /Users/rioncarter/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/mkmf.rb:321:in `open'
    from /Users/rioncarter/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/mkmf.rb:347:in `postpone'
    from /Users/rioncarter/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/mkmf.rb:917:in `checking_for'
    from /Users/rioncarter/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/mkmf.rb:1066:in `have_header'
    from extconf.rb:16:in `<main>'

extconf failed, exit code 1

Gem files will remain installed in /Users/rioncarter/.rvm/gems/ruby-2.1.4/gems/ffi-1.9.10 for inspection.
Results logged to /Users/rioncarter/.rvm/gems/ruby-2.1.4/extensions/x86_64-darwin-14/2.1.0-static/ffi-1.9.10/gem_make.out
An error occurred while installing ffi (1.9.10), and Bundler cannot continue.
Make sure that `gem install ffi -v '1.9.10'` succeeds before bundling.


BB10, QNetworkAccessManager and TLS 1.2: watch out


This will be quick: I just wasted several hours troubleshooting why QNetworkAccessManager was not connecting to one of my webservices. Apparently the version of Qt that ships with Black Berry 10 does not support TLS 1.1 or 1.2, which really rains on my parade. You can see the enumeration of supported SSL protocols here and how it tops out at TLS 1.0.

For reference, this is the error message I was getting. I don't know why it doesn't contain any useful information:

INFO        "Error: Connection closed status: "

QT 5 supports TLS 1.2, so I hope that we get that goodness in the platform before it gets completely androidized.


New Cordova project fails to build in Visual Studio 2015: Could not create the Java Virtual Machine


I've been playing around with Visual Studio's cross-platform capabilities over the last couple days and decided to try a 'raw' Cordova project to see if it fits my needs better than the other options I've explored (Xamarin, ionic). Visual studio abstracts most of the complexity away which is nice most of the time, but what if you run into a problem?

In my case I ran into a few cryptic error messages when I tried to build and run my Cordova app on a real Android device from within Visual Studio:

MSB3073 The command "platforms\android\cordova\clean.bat" exited with code 1.

Could not create the Java Virtual Machine.

A fatal exception has occurred. Program will exit.

(As it turns out, these messages aren't super helpful. The resolution lies in further troubleshooting)