uHOWTO: NTP in Windows 2003 – manual intervention required

Atomic Clock Up to Windows 2000, using an NTP server as the time source was as simple as entering the server address in the Time/Date control panel. From 2003 onwards, you must follow the procedure detailed in KB816042 to configure the Windows Time service to use an external time source.

Paraphrasing:

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type=”NTP”
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags=5
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer=1
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters=”pool.ntp.org,0×1″
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\SpecialPollInterval=900
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxPosPhaseCorrection=3600
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxNegPhaseCorrection =3600
  • net stop w32time && net start w32time

You may replace pool.ntp.org above for any other server (or servers, space-separated) with “,0×1″ after each host name. And keep an eye in the Event Log after you restart the service.

Posted in General, SysAdmin

MySQL fails after upgrade to 5.1 on Debian Squeeze

Are you running Debian Squeeze?
Did you upgrade to mysql-server-5.1 ?
Are you getting a message like this?

Starting MySQL database server: mysqld . . . . . . . . . . . . . . failed!

Did you read /usr/share/doc/mysql-server-5.1/README.Debian.gz ?
Go read it again and this time *comment out* skip-bdb in /etc/mysql/my.cnf:

perl -i.bak -pe ‘s/^(skip-bdb)/#$1/’ /etc/mysql/my.cnf
Posted in Debian, General, Linux, SysAdmin Tagged with: , ,

Missing vmnetcfg.exe?

It turns out that from VMware Player 3.0 onwards, vmnetcfg.exe is included in the installer package but is not installed by default, so configuring NAT or additional network interfaces is next to impossible. Luckily, Tony has devised a solution for this particularly annoying problem.

Posted in General

Link: JSESSIONID considered harmful

Craig Condit makes a strong case against JSESSIONID in JSESSIONID considered harmful. And I just learned that it is disabled by default in Grails 1.1.

Posted in Code, General, Java, Security Tagged with: , ,

uHOWTO: Force script recompilation in embedded Perl Nagios

nagiosI just implemented elwell’s notify_via_jabber and it did not work at first. I got the following message in nagios.log:

[1237223883] **ePN failed to compile /usr/local/bin/notify_via_jabber: “Can’t locate Net/XMPP.pm in @INC (@INC contains: /etc/perl /usr/local/lib/perl/5.8.8 /usr/local/sh
are/perl/5.8.8 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.8 /usr/share/perl/5.8 /usr/local/lib/site_perl .) at (eval 1) line 14,
BEGIN failed–compilatio” at /usr/lib/nagios2/p1.pl line 157.

I promptly apt-get installed libnet-xmpp-perl but the problem persisted — with the exact same error message. But Net::XMPP was now there!!
Well it happens that Embedded Perl Nagios (ePN) caches the compiled script and does not try to recompile it until its timestamp changes. So I touched(1) the script and this time the dependency was resolved correctly and the script was compiled sucessfully.

This is probably documented somewhere, but I could not find any reference to this kind of problem with Nagios cached scripts so I tought I would share this simple recipe.

Posted in General

A dubious cure for shyness

paxil As it turns out, there is a “cure” for shyness. Seth Stevenson’s story “Extroverted Like Me” is a journey into the world of coolness through chemical aids but it quickly turns into a cautionary tale for those willing to overcome their social awkwardness through the use of mood-altering drugs.
Chocolate still seems safe.

Posted in General

U2 360º

In other news, I just got my tickets for U2s’ first concert of the 360º tour in Barcelona!!! *Yay!*. Thanks, Jordi!

Posted in Blog, General

uHOWTO: Recover an empty Podcast playlist in iTunes

PodcastOur main iTunes box had flaky RAM -a heck of a problem to debug by itself- so it used to BSOD quite a lot during the past couple of months. One of the most common side effects was that the iTunes Podcast playlist would appear empty every now and then. Luckily this is addressed in the Apple Knowledge Base and the solution amounts to using File|Add Folder to Library to add the {iTunes Music folder}/podcast folder to the library. Then you will have to re-activate your subscriptions by pressing the “Subscribe” button for all your favorite podcasts.

Posted in Gadgets, General, iPod, iTunes, Software

uHOWTO: Recover stuck modified keys from VMware Player or Workstation

If you use VMware Player or VMware workstation under Linux and you’re an alt-tab fan like me, you might end up with stuck modifier keys, so you can’t use keys like Ctrl, Alt or Shift outside of VMware. Xiao Feng has written a nice script to recover from this annoying condition without having to reboot, and I tought I’d share it with everyone out there:

#!/bin/sh
# Xiao Feng’s "Recovering from stuck modifier keys caused by VMware"
# http://bitubique.com/tutorials/recovering-from-stuck-modifier-keys
/usr/bin/xmodmap<< fixme
clear shift
add shift = Shift_L Shift_R
clear lock
add lock = Caps_Lock
clear control
add control = Control_L Control_R
clear mod1
add mod1 = Alt_L Alt_R
clear mod2
add mod2 = Num_Lock
clear mod3
clear mod4
add mod4 = Super_L Super_R
clear mod5
add mod5 = Scroll_Lock
fixme

xset r on
xset m 3.5 4
xset b off
xset s off
Posted in General, Linux, sh, SysAdmin, Tech Tagged with: , , ,

uHOWTO: Speed up RAID resync

So you’re tired of watching the grass grow while your Linux RAID2 array rebuilds itself. Let’s take care of it:

$ echo 10000 > /proc/sys/dev/raid/speed_limit_min

This should give you a 10x speedup over the 1000kB/sec default — subject to the limitations of your actual bus bandwidth, of course.

Posted in Debian, Linux, SysAdmin

A brief note about Spamhaus Policy Block List

After getting in closer-than-usual acquaintance with my mail server logs I thought I’d share a brief note I found in the Spamhaus PBL FAQ:

The first thing to know is: THE PBL IS NOT A BLACKLIST.

Oh, and since you’re already there you may want to linger a bit in this warning:

WARNING! Some post-delivery filters use “full Received line traversal” or “deep parsing”, where the filter reads all the IPs in the Received lines. Legitimate users, correctly sending good mail out through their ISP’s smarthost, will have PBL-listed IPs show up in the first (lowest) Received header where their ISP picks it up. Such mail should not be blocked! So, you should tell your filters to stop comparing IPs against PBL at the IP which hands off to your mail server! That last hand-off IP is the one which PBL is designed to check. If you cannot configure your filters that way, then do not use PBL to filter your mail. Instead, you may wish to use sbl-xbl.spamhaus.org, but even that may have unacceptable “false positive” filtering, for example when a an exploited end-user machine sends legitimate mail out through the ISP smarthost, or when the dynamic assignment changes the IP to an uninfected machine. Do not use PBL or XBL if you do not understand the issues of “deep parsing”.

(Emphasis mine)
So if your top-of-the-line multi-thousand-dollar antispam appliance starts blocking all my email just because there’s a dynamic IP address somewhere in the header and there’s no freaking way to turn it off please go ask for a refund. And stop bouncing my messages.
Oh and by the way the default SpamAssassin configuration in Debian assigns a 0.905 score if the last hop is in PBL.

score RCVD_IN_PBL 0 0.509 0 0.905

header RCVD_IN_PBL              eval:check_rbl(‘zen-lastexternal’, ‘zen.spamhaus.org.’, ’127.0.0.1[01]‘)

And yes, SpamAssassin does the right thing and checks only the *last* external address — I’ve seen the code:

package Mail::SpamAssassin::PerMsgStatus;

    # If name is foo-lastexternal, check only the Received header just before
    # it enters our internal networks; we can trust it and it’s the one that
    # passed mail between networks

So once again kudos to Open Source — and Common Sense.

Posted in Debian, General, Linux, Rant, SysAdmin, Tech

DiskAid: access the files in your iPhone or iPod Touch

A few weeks ago I upgraded my wife’s iPod Touch to 2.1, and I just can’t believe that iTunes won’t let you backup your content even if it means a paid firmware upgrade. I would have used PodsBlitz to back it up, except that Apple decided that it would be a good idea to strip off the disk mode from the iPod Touch.
I decided that there was nothing to be done for the music files: I would have copy the files manually after the upgrade, hoping to replicate my wife’s original selection as closely as possible. But that iPod also has a few of my daugther’s favorite movies… I rightly believed we could have a problem there. I’ve been converting her favorite DVDs for a year, and I carelessly deleted the converted files from the PC a long time ago leaving two options: either invest a few afternoons re-converting those DVDs, or somehow get those files out of the iPod and restore them later.
After a few google searches I stumbled upon a couple of promising projects that some day may grant you unrestricted access to the media residing in your iPod Touch, but those just refused to work in my wife’s PC. A few more queries later I found DigiDNA DiskAid, a nice little utility that speaks the iPod’s obscure file transfer protocol over USB and that lets you copy files back and forth. It’s far from perfect — it wiill only show the physical filename instead of the “real”, tag-based one, and it only does alphabetical sorting, even when sorting by file size. This made hunting for those movie files kind of annoying — annoying but *possible*, which is a lot more that can be said for Apple’s tools.

Posted in Gadgets, Hack!, iPod, Rant, Tech

uHOWTO: Use your N95 8G as a bluetooth modem under Linux with Telcel


For completeness, here’s a followup to my post about using a Nokia N95 as a bluetooth modem under Linux. This is a working wvdial configuration for use with Telcel in Mexico.
Remember to enter your SIM’s PIN in pin-telcel, and refer to my previous post for complete instructions.

[Dialer pin-telcel]
Modem = /dev/rfcomm0
Baud = 460800
Init1 =AT+Cpin=XXXX

[Dialer telcel]
Phone = *99***1#
Username = telcel
Password = telcel
Stupid Mode = 1
Dial Command = ATDT
Check Def Route = on
Dial Attempts = 3
Modem = /dev/rfcomm0
Baud = 460800
Init2 = ATZ
Init3 = ATQ0 V1 E0 S0=0 &C1 &D2 +FCLASS=0
Init4 = AT+CGDCONT=1,”IP”,”internet.itelcel.com”
ISDN = 0
Modem Type = Analog Modem

To use it, enter

# wvdial vodafone-pin
# wvdial vodafone

Enjoy!

Posted in Debian, Gadgets, General, Linux, Nokia N95 8G, SysAdmin, Tech Tagged with: , , , , , ,

HOWTO: Use your Nokia N95 Cellphone as a Bluetooth modem for Linux

Did you know that you can use your data-enabled N95 to get a thethered Internet connection from Linux? The access mode and speed will depend on your actual coberture, and as usual YMMV, but I’ve been using this setup for a few months and it works fine.

$ sudo -s
# apt-get install bluetooth bluez-pin bluez-utils kdebluetooth wvdial

Now in user mode use KBlueMon to find out the Bluetooth address of your device and write it down.
Then go ahead and initiate an OBEX file transfer to make sure that you can actually link to your phone and to establish a trust relationship. In your phone add the Laptop to your trusted device list, so it won’t nag you whenever you establish a link.
Now edit /etc/bluetooth/rfcomm.conf :

rfcomm0 {
bind yes;
device 00:21:09:XX:XX:XX;
channel 2;
}

Replace your own device address after “device”.
Now edit /etc/wvdial to add these two entries:

[Dialer pin-vodafone]
Modem = /dev/rfcomm0
Baud = 460800
Init1 =AT+Cpin=XXXX

[Dialer vodafone]
Phone = *99***1#
Username = vodafone
Password = vodafone
Stupid Mode = 1
Dial Command = ATDT
Check Def Route = on
Dial Attempts = 3
Modem = /dev/rfcomm0
Baud = 460800
Init2 = ATZ
Init3 = ATQ0 V1 E0 S0=0 &C1 &D2 +FCLASS=0
Init4 = AT+CGDCONT=1,”IP”,”ac.vodafone.es”
ISDN = 0
Modem Type = Analog Modem

You can give them any name you want. I have defined several providers, to avoid confusions and to use the provider at hand. Replace the “XXXX” in Init1 with your SIM’s PIN.
Now to use them restart the Bluetooth subsystem:

# /etc/init.d/bluetooth restart

And use wvdial to dial out:

# wvdial vodafone-pin
# wvdial vodafone

You should get an Internet link, complete with an IP, a default route and a couple of DNS servers. If it doesn’t, reboot your phone liberally.
Please note that this might get expensive quite quickly unless you get a data plan from your provider. Go ahead and make their day.
Enjoy!

Posted in Debian, General, Linux, Nokia N95 8G, SysAdmin, Tech Tagged with: , , , ,

Assign a consecutive number to each row in a mySQL table

Say that you need to add a unique index to an existing catalog table, so you decide to add a new column with a consecutive number in it. You may make it an auto_increment column, but that would work only for new inserts. How would you populate the column for the exisiting rows?
If you’re using mySQL you may try this little recipe:
First let’s add the column that we’ll use later as primary key.

ALTER TABLE mytable ADD COLUMN id integer first;

Now we declare a counter and use it to populate each row.

SET @i = 0;
UPDATE mytable SET id=(@i:=@i+1);

Finally, we transform the new column into the primary key.

ALTER TABLE mytable MODIFY COLUMN id integer AUTO_INCREMENT PRIMARY KEY;

There you go. A new auto-increment primary key that has been correctly populated for all existing rows.

Posted in General

Solved mysterious Firefox 3.0.1 crashes

A few months ago I installed a Firefox 3 beta in my Linux laptop to… well you know, just to fool around. And it crashed spectacularly. I tried again with RC1. No such luck. When 3.0 came around I installed it in several machines –including my wife’s– but it still refused to run in mine.
Today I decided I had enough and ran FF under strace and generally whacked it around hoping to make it work without much luck. I finally decided to apt-get install iceweasel 3.0.1 expecting to have apt-get iron out any possible library conflict but the problem persisted. If anything Firefox crashed even harder because Debian’s Iceweasel does not include Mozilla’s Crash Reporter — it suggests that you install bug-buddy instead. I obligued dutifully and much to my surprise, bug-buddy’s crash report had an extensive and very useful stack trace that revealed libpango as the real culprit.

#0 0xffffe410 in __kernel_vsyscall ()
#1 0xb7db91ab in waitpid () from /lib/i686/cmov/libc.so.6
#2 0xb6382865 in gnome_gtk_module_info_get () from /usr/lib/libgnomeui-2.so.0
#3 0xb7113e2d in XRE_LockProfileDirectory () from /usr/lib/iceweasel/xulrunner/libxul.so
#4
#5 0xb2d94c77 in TtfUtil::GetNameInfo () from /usr/lib/libgraphite.so.3
#6 0xb2d94ebb in TtfUtil::Get31EngFamilyInfo () from /usr/lib/libgraphite.so.3
#7 0xb2d940bc in gr::Font::UniqueCacheInfo () from /usr/lib/libgraphite.so.3
#8 0xb2d9308c in gr::Font::initialiseFontFace () from /usr/lib/libgraphite.so.3
#9 0xb2d93278 in gr::Font::RenderRangeSegment () from /usr/lib/libgraphite.so.3
#10 0xb2dbeeb0 in gr::RangeSegment::RangeSegment () from /usr/lib/libgraphite.so.3
#11 0xb383899e in graphite_PangoGlyphString (text=0xbfb73e88 ” Ã<8A>ø¶”, length=1, xftfont=0xb36e6000, glyphs=0xb2cad800, language=0xb7b58a94 “en”) at pangographite.cpp:183
#12 0xb38393c0 in graphite_engine_script_shape (engine=0xb2c35a80, font=0xb36e6000, text=0xbfb73e88 ” Ã<8A>ø¶”, length=1, analysis=0xbfb73e94, glyphs=0xb2cad800) at graphite-module.c:155
#13 0xb6c89e9a in pango_coverage_new () from /usr/lib/libpango-1.0.so.0
#14 0xb6c9c94a in pango_shape () from /usr/lib/libpango-1.0.so.0
#15 0xb7897e96 in gfxPangoFontGroup::SetGlyphs () from /usr/lib/iceweasel/xulrunner/libxul.so
*snip!*

After zapping libpango I had a working Iceweasel and a few seconds later I was running FF 3.0.1 as well. Now I will check the status of my 23 installed extensions (or at least of those I just can’t live without) and consider Firefox 3.0.1 seriously for my everyday browsing.

Posted in General

X forwarding through SSH in HP-UX

If you try to do X forwarding by SSHing to an HP-UX host, you may get the dreaded “Can’t get IP address for X11 DISPLAY.” error. This is more common than you might think, and the reason is that an out-of-the box installation of HP-UX has four or five /etc/nsswitch.conf *examples* for you to install, but not an actual /etc/nsswitch.conf file. I guess this is buried somewhere on the documentation — hey, it might even be a FAQ, but I guess that shipping with a reasonable default wouldn’t hurt.
Well anyway, the following minimal /etc/nsswitch.conf should do for the vast majority of scenarios I can imagine:

# echo “hosts: files dns” > /etc/nsswitch.conf

Now SSH X forwarding should work and a myriad other disasters waiting to happen will surely be averted.

Posted in General, SysAdmin Tagged with: , , , ,

update…where id in (select…) and mySQL ERROR 1093

What’s wrong with this picture?

mysql> UPDATE IGNORE flight SET intl=1 WHERE id IN (SELECT f.id AS id FROM flight f LEFT JOIN airport a ON a.id=f.origin WHERE a.country<>‘mx’ FOR UPDATE);
ERROR 1093 (HY000): You can‘t specify target table ‘flight‘ for update in FROM clause

This construct is invalid in mySQL
According to the manual,

You can use a subquery for assignment within an UPDATE statement because subqueries are legal in UPDATE and DELETE statements as well as in SELECT statements. However, you cannot use the same table (in this case, table t1) for both the subquery’s FROM clause and the update target.

The equivalent multi-table update does the same and works as intended:

UPDATE flight f LEFT JOIN airport a ON a.id=f.origin SET f.intl=1 WHERE a.country<>‘mx’;
Posted in Code, General, SQL

Farewell to Arthur C. Clarke

Arthur C. ClarkeI just found out -thorugh an email from Thinkgeek, of all ways- that Arthur C. Clarke has passed away.
2001 was a mesmerizing experience for me when I first saw it. I think I was about 8 years old then. A few years later I got to read 2010, 2061, 3001, the Rama series, and many, many of his stories and novels. One of my dearest possessions is a volume of his collected works that I got as a birthday gift from my brother.
I admire Arthur’s foresight and his use of technology to collaborate with people in the other side of the earth, through fax first and through email later. I remember my surprise when I read in a magazine that he was an avid user of PC computer program that allowed him I to explore the surface of Mars from the comfort of his desktop. Moreover, I was frankly amazed when I learned in high school that he was not only a prolific science fiction writer: I found out that he actually devised the use of satellites in geosynchronous orbit to relay radio signals, thus launching the global, instant-communications era that we live in today. As a member of a geographically-distributed family, I can’t be more grateful.
And in regards to his extraordinary vision, bouncing a radio signal off a satellite in high orbit might have seemed like a fantasy for most laypeople back in the 40s, just like the concept of a space elevator -another Clarke invention- might seem outrageously outlandish to the vast majority of people today. But I trust that we might live to see one in our lifetime. While fact checking these sad news, I found a video with Arthur C. Clarke’s reflections on his 90th birthday. I am not ashamed to say that tears come to my eyes listening to his words.
My heart mourns the loss of an extraordinary science fiction writer, but my mind celebrates the life of an extraordinary scientist.
Farewell, Sir!

Posted in Science, Tech

Prodigy Infinitum, SMTP through port 25, botnets and such

dsl.jpgAfter pulling my hair for a couple of days I just realized that my DSL provider is blocking all outgoing connections to port 25 with an ICMP Unreachable packet, which translates as a totally bogus “no route to host” message (An ICMP RST would be more kosher, BTW). The only explanation that comes to my mind is that Telmex has finally realized that it has become one of the largest botnet hosts in the world and decided to do something about it. This is a terrible inconvenience for me, because I run a backup MX at my home office and all the email I write while I’m at home is relayed through it. And now it believes that it has been cut out from the Internet, and is suffering from Internet withdrawal syndrome. Oh, and all attempts to use an external relay -like my primary MTA or the office’s- through port 25 fail as well, so I have had to set up an elaborate workaround *just to send email*.
*Argh!* I hate to pay up for those ignorant Windows home users.
Add to that the fact that i get 800KBps tops in a 2GBps line, and recurrent reports of arbitrary bandwidth capping and Infinitum stops looking like a good alternative for home broadband. I’ll have to look for a cost-effective alternative, but after experiencing 20MBps/20EUR in Europe I’m afraid that I’ve been spoiled for life.
In the meantime, if you were expecting a mail from me in the last five days or so, I’m sorry to say that it is either on its way or lost forever.
Anyway… Merry Christmas!
Update 20080104: AJ Gibson points out in a comment that Telmex is willing to remove the block from your account if you are willing to jump through a few hoops. Just go to http://www.telmex.com/mx/asistencia/correoelectronico/faq_puerto_25.html and follow the instructions there. I registered yesterday and today I can connect back to external SMTP servers again. As mentioned in the comments, YMMV.

Posted in Living, Mexico, Rant, Security, SysAdmin, Tech Tagged with: , , , ,

About me

I am a certified Software Architect, System Administrator, Entrepreneur and Open Data advocate, with 19 years experience building Internet-enabled software, from electronic banking to B2B marketplaces.
If you want to use the Internet as a competitive advantage, look at my resume for more information or hire me.