Within the next year or so I would like to be using Linux as my full-time desktop. To get there I need to find a development platform that lets me create small, stand-alone, cross-platform GUI tools. While scripts are great, sometimes things can be a lot easier with a GUI.
As part of my continued migration to Android from BlackBerry OS 10 (and to try and pick a framework for cross-platform application development), I created a tool in both Electron as well as Qt variants to read and extract notes from the old Notepad application I used to use on BB 10 devices (Noted - Written by a friend of mine). While the user interface for this tool is not very sophisticated (especially the Electron version), it gets the job done.
While attempting to use electron to write a cross-platform utility, I ran into an unexpected problem: The application would error out with a few weird messages like these:
- App threw an error during load
Error: Cannot find module 'app'
at Module._resolveFilename (module.js:455:15)
- App threw an error when running [TypeError: Cannot read property 'on' of undefined]
TypeError: Cannot read property 'on' of undefined
This week marks a bittersweet end to my use of BlackBerry smartphones: I retired my BB Priv. BlackBerry no longer makes a device that I can advocate for or recommend. Part of my migration to a new device involves exporting an old device-local calendar that I have been carrying around since BB OS 7. The export went well (plenty of utilities on the app store will let you export a calendar) and I was left with a 16,000 line ICS file that I wanted to migrate.
The problem I ran into is that NextCloud hangs when it tries to process such a large calendar file and does not give any indication about the trouble it has (The web UI would hang with the words Import Scheduled).
I've been experimenting with OpenVAS for a few months now in my home lab. While the tool can be a bit fiddly at times it has found legitimate issues that would have been difficult for me to identify manually.
One interesting thing to note is that when OpenVAS scans itself (at least for installs that I've performed) is that it defaults to allowing certain weak ciphers. There is general guidance on how to lock-down the ciphers to a more secure configuration - it just requires some massaging if you run OpenVAS as a service which starts on boot.
I used to be a big BlackBerry fan and have used the company's devices for about 5 years. While BB10 was awesome, The BB Priv and it's android implementation were lacking. I recently migrated to a new Android device and faced a dilemma: what do I do with the over 600 passwords that have accumulated in the BB standard 'Password Keeper' tool?
To address this password migration situation I created the BB to KeePass Converter. This tool converts CSV exports from the BlackBerry Password Keeper tool and processes what it can (there are limitations) to save someone the hassle of re-entering all their passwords
A few years ago I needed a quick way to check if regular expressions would work in a Bash Shell, so I setup regexraptor.net. Over time I stopped using the site as the platforms I needed to automate were not super bash-heavy, yet the site carried on.
Fast Forward 4 years: Online Bash Regex Checker is one of the top searched for posts on Bored Wookie. The site is pretty bare-bones, but if you need to check a regular expression to see if it will work in a modern bash shell, why not take a look?
I recently had the opportunity to interact with the LogRhythm SOAP API. LogRhythm is a SIEM/IDS solution that has components which run on both Windows and Linux. They provide an HTTP/SOAP interface which allows for interacting with the system via well-defined API calls. This API runs in Windows/IIS.
My goal was to use ruby to interact with this API as part of a security data aggregation script I needed to execute. This article describes a couple things which helped me on my way to success.
Last time I posted something it had to do with troubleshooting MTU mis-match issues using Wireshark. Today I'd like to post some clarity for administrators who have Juniper NetScreen devices somewhere in their network back-bone.
I spent a lot of time poring through books, blog posts and 'kb' documents to understand what the NetScreens in my environment were doing. The end result was that we were able to alter the configuration of one of the devices to resolve the MTU mis-match issue (ICMP Type 3, Code 4 and tcp retransmissions / RST packets captured via WireShark).
We had a mysterious issue in our network that caused certain SSH sessions and HTTPS/TLS sessions to fail intermittently. Some machines were unable to communicate at all while other machines could occasionally and sporadically establish a connection that would fail at inopportune times.
I performed a comprehensive analysis of our networking infrastructure and router configurations and captured PCAP files to gather enough data to root cause the problem. The core problem was an MTU mis-match between our gigabit network and our 100-megabit VPN tunnel.
I was working on a ZBook G3 the other day and ran into an infuriating issue with its Synaptics Touch Pad: The touch sensitivity out-of-the-box was set so high that when I slowly moved the cursor it would get jittery and not respond.
While examining specific trackpad details, I found that I have a Synaptics LuxPad V1.3 device that communicates using an SMB port (whatever that is!)
In investigating this further I found that the Synaptics driver hides the 'advanced settings' from windows 10 users for some inexplicable reason. Once enabled I was able to fine-tune the trackpad settings to be more bearable.
I recently had to automate the configuration of a NetScreen SSG device and decided to use ruby along with the net ssh gem to accomplish this.
The trouble is that when I use the basic ssh connection / command syntax listed on the github page I get an empty string back as a result, no matter what command I execute.
There is a way to automate ssh commands via the the channel api, though!
Updated May 21st, 2016: The NetScreen device is a far more wiley device than I had originally anticipated, so my original solution ended up not working. I dug deep and found a better way to automate the netscreen device.
I spent a couple hours troubleshooting NFS today. The backup server I setup in 2010 is wearing out so I upgraded to a shiny new T320 (on sale!) and set out to reconfigure my NFS backup datastore to point to the new backup server.
Since I haven't played around with NFS in ages, I had forgotten what a joy it could be /s
In the end everything worked once I got the configuration straightened up, so yay!
I've used pfSense in certain parts of my network for several years now. While there is occasionally a hiccup, most of the time the product works perfectly for my needs. Today I updated my installations to the latest update which re-brands the web console as "pfSense Community Edition". After the update I was unable to start the Radius service via the web console.
I'm in the midst of re-implementing our network. Phase 1 entailed standing up a new OpenLDAP Server. Phase 2 involves setting up a new Samba server that can take user and groups from LDAP and use them to assign share permissions.
This guide will show how to take a Centos 7 Samba installation and configure it to talk securely to an LDAP server for authentication.
I will also cover how to get SMB3 transport encryption setup and working.
As part of a network infrastructure refresh I ended up rebuilding our OpenLDAP and Samba servers so they would play nicely with each other. Configuring OpenLDAP is a non-trivial exercise which required examining dozens of web pages and PDFs to get the information I needed to complete my task.
Unfortunately, most resources out there on the internet revolve around configuring the slapd.conf file, which isn't a viable solution when standing up a new server given that OpenLDAP uses a newer and much more confusing system to store its settings.
This guide will walk through setting up OpenLDAP server that communicates using a self-signed certificate (LDAPS over port 636) and that has the appropriate schema files which allow a separate samba server to leverage OpenLDAP for share permissions (configuring Samba is a different article for another day!)
While setting up a new OpenLDAP server (v2.4.40) I encountered an error message while running ldapadd to configure my base directory tree:
[rtrz@tehbox config_n_stuff]# ldapadd -x -W -D "cn=Manager,dc=domain,dc=tld" -f /var/prototypes/ldap_config/dit.domain.tld.ldif
Enter LDAP Password:
adding new entry "dc=domain,dc=tld"
ldapadd: invalid format (line 16) entry: ""
The solution to the problem was to remove the tab from line 16 of my ldif file. Apparently OpenLDAP does not like whitespace on blank or empty lines. Go figure.
I setup a new Centos 7 box yesterday and configured rsyslog to send me an email whenever there is a successful authentication attempt. The funny thing was that no email would get sent when rsyslog was run as a service, yet when I ran it directly from the command line it seemed to work correctly.
In digging deeper I found that SELinux was blocking syslog from sending emails and was able to resolve it with a few configuration changes.
At my new job we use a lot of Macs, so I have been reacquainting myself with OS X. To help me feel more at home I've been using Karabiner to remap keystrokes in ways that help Linux/Windows users like myself be more comfortable.
After moving to a MacBook I find I still need the occasional windows application to be productive so I use Codeweavers CrossOver. Not surprisingly, Karabiner doesn't care what application is running and performs its remapping regardless of the application being run.
I needed my Home/End keys to work correctly both inside and outside the Crossover environment so I reconfigured Karabiner to allow for this.
I updated my laptop recently to find that my wifi connection stopped working. I run a pfSense machine which runs a FreeRADIUS server to handle authentication (with a goal of avoiding Microsoft's wifi credential sharing nonsense) and it looks like a recent MS update causes that to stop working.
I installed VMware Fusion Pro recently and tried to use the Tilde key in debian, ubuntu, kali and windows Virtual machines without success. When I would try to type the ` or ~ keys I would get < and >, which was infuriating when working at a linux command prompt.
In digging around I eventually found a way to resolve the issue, I just wish it was easier.
After updating to OS X El Capitan (Mac OS 10.11) I tried to update brew and got a couple lovely errors:
Error: The /usr/local directory is not writable.
Even if this directory was writable when you installed Homebrew, other
software may change permissions on this directory. Some versions of the
"InstantOn" component of Airfoil are known to do this.
You should probably change the ownership and permissions of /usr/local
back to your user account.
sudo chown -R $(whoami):admin /usr/local
-- And this one --
Error: Failure while executing: git stash pop --quiet
I'm starting a new ruby project to run my LED Lightboard using this gem from github. After following the instructions to add the dream-cheeky-led gem to the gemfile I ran bundle and found this error:
/Users/rioncarter/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/mkmf.rb:456:in `try_do': The compiler failed to generate an executable file. (RuntimeError)
You have to install development tools first.
from /Users/rioncarter/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/mkmf.rb:587:in `try_cpp'
from /Users/rioncarter/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/mkmf.rb:1067:in `block in have_header'
from /Users/rioncarter/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/mkmf.rb:918:in `block in checking_for'
from /Users/rioncarter/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/mkmf.rb:351:in `block (2 levels) in postpone'
from /Users/rioncarter/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/mkmf.rb:321:in `open'
from /Users/rioncarter/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/mkmf.rb:351:in `block in postpone'
from /Users/rioncarter/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/mkmf.rb:321:in `open'
from /Users/rioncarter/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/mkmf.rb:347:in `postpone'
from /Users/rioncarter/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/mkmf.rb:917:in `checking_for'
from /Users/rioncarter/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/mkmf.rb:1066:in `have_header'
from extconf.rb:16:in `<main>'
extconf failed, exit code 1
Gem files will remain installed in /Users/rioncarter/.rvm/gems/ruby-2.1.4/gems/ffi-1.9.10 for inspection.
Results logged to /Users/rioncarter/.rvm/gems/ruby-2.1.4/extensions/x86_64-darwin-14/2.1.0-static/ffi-1.9.10/gem_make.out
An error occurred while installing ffi (1.9.10), and Bundler cannot continue.
Make sure that `gem install ffi -v '1.9.10'` succeeds before bundling.
This will be quick: I just wasted several hours troubleshooting why QNetworkAccessManager was not connecting to one of my webservices. Apparently the version of Qt that ships with Black Berry 10 does not support TLS 1.1 or 1.2, which really rains on my parade. You can see the enumeration of supported SSL protocols here and how it tops out at TLS 1.0.
For reference, this is the error message I was getting. I don't know why it doesn't contain any useful information:
INFO "Error: Connection closed status: "
QT 5 supports TLS 1.2, so I hope that we get that goodness in the platform before it gets completely androidized.
I've been playing around with Visual Studio's cross-platform capabilities over the last couple days and decided to try a 'raw' Cordova project to see if it fits my needs better than the other options I've explored (Xamarin, ionic). Visual studio abstracts most of the complexity away which is nice most of the time, but what if you run into a problem?
In my case I ran into a few cryptic error messages when I tried to build and run my Cordova app on a real Android device from within Visual Studio:
MSB3073 The command "platforms\android\cordova\clean.bat" exited with code 1.
Could not create the Java Virtual Machine.
A fatal exception has occurred. Program will exit.
(As it turns out, these messages aren't super helpful. The resolution lies in further troubleshooting)