Archive for the ‘Computers’ Category

Looking for: “java.lang.NoClassDefFoundError: org/apache/tools/ant/BuildListener”

Saturday, August 28th, 2010

When trying to put together a jar file on Ubuntu Lucid with gant, I got this:

java.lang.NoClassDefFoundError: org/apache/tools/ant/BuildListener
        at java.lang.Class.getDeclaredMethods0(Native Method)
        at java.lang.Class.privateGetDeclaredMethods(Class.java:2427)
        at java.lang.Class.getMethod0(Class.java:2670)
        at java.lang.Class.getMethod(Class.java:1603)
        at org.codehaus.groovy.tools.GroovyStarter.rootLoader(GroovyStarter.java                  :99)
        at org.codehaus.groovy.tools.GroovyStarter.main(GroovyStarter.java:130)
Caused by: java.lang.ClassNotFoundException: org.apache.tools.ant.BuildListener
        at org.codehaus.groovy.tools.RootLoader.findClass(RootLoader.java:156)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
        at org.codehaus.groovy.tools.RootLoader.loadClass(RootLoader.java:128)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:248)
        ... 6 more

After also installing the ant package everything worked fine…

RoundCube email hangs on “Sending message…”

Sunday, August 16th, 2009

While configuring one of my clients RoundCube installation in combination with Plesk, it would work almost OK, except that when sending mails RoundCube would hang at the spinner with “Sending message…”.
After some digging it turns out that the Plesk-bundled PEAR module directory was before the RoundCube bundled PEAR modules directory. Both contain Mail_Mime, but the Plesk version was older and did not contain the getMessage() function.
Something similar to this will pop up in apache errorlog:
PHP Fatal error: Call to undefined method rcube_mail_mime::getMessage() in /usr/share/psa-horde/program/steps/mail/sendmail.inc on line 492

This was fixed by changing the include_path so that the RoundCube modules come first for this specific vhost.

Don’t know what else will break further up the chain however ;-)

Running Secunia PSI as non-admin

Saturday, February 21st, 2009

Your machine was compromised (again!) by malware you caught up somewhere on the web. Sick and tired of it you went looking for a solution and after reading my religious Non-Admin HOWTO you decided to bite the bullet and downgrade yourself to the Users group. To keep all your applications up-to-date you installed Secunia PSI, which seems to work fine, but unfortunately it only runs with admin privileges:

The Secunia PSI can only be run by an Administrator. Please log in with Administrative privileges and try running the application again.

You seem to have to choices, both of which suck:

  • Be admin and run the PSI. You system is ready to be screwed but you do know about vulnerable 3rd party apps
  • Be non-admin, and don’t run the PSI. You are saver but you don’t know about vulnerable 3rd party apps. PSI only starts with admin privs so you log in with your admin account once a week and do a scan.

Secunia says it is designed this way so though luck for you. Damn!

However, using RUNAS there is a middle-of-the-road way to have the best of both worlds:

Edit your Secunia startup shortcut C:\Documents and Settings\Joe Average\Start Menu\Programs\Startup\Secunia PSI and change the target to:

runas /user:administrator /env /savecred "C:\Program Files\Secunia\PSI\psi.exe --start-in-tray"

(While you’re at it, consider moving the shortcut to the All Users settings)

Now you can be non-admin and run PSI :-)

Fixing the Apache “unable to include…” localised errors

Monday, November 10th, 2008

Apache includes a nice feature that displays localised errors. This makes use of Server Side Includes (SSI).
When you use PHP and have it also parse .html documents, your localised errors are broken. In fact, because the initial error will generate new errors, it becomes a mess. You typically see this in your error log:

unable to include "include/top.html" in parsed file /usr/share/apache2/error/HTTP_NOT_FOUND.html.var
unable to include "include/bottom.html" in parsed file /usr/share/apache2/error/HTTP_NOT_FOUND.html.var

I fixed this by using a new extension .err for the error documents.
Snippet from my apache2.conf:

    AllowOverride None
    Options FollowSymlinks Includes

    AddType text/html err
    AddOutputFilter Includes err

    AddHandler type-map var
    Order allow,deny
    Allow from all
    LanguagePriority en cs de es fr it nl sv pt-br ro
    ForceLanguagePriority Prefer Fallback

Then go into /usr/share/apache2/error and rename all files to have .err.var extension (instead of .html.var):

rename 's/\.html\.var/\.err\.var/g' *

Rename the tree files in includes dir:

rename 's/\.html/\.err/g' includes/*

Finally recursively replace the strings in the type-map files too:

perl -pi -e 's/\.html/\.err/g' *

You /usr/share/apache2/error tree now looks something like this:

contact.err.var
HTTP_BAD_GATEWAY.err.var
HTTP_BAD_REQUEST.err.var
HTTP_FORBIDDEN.err.var
HTTP_GONE.err.var
HTTP_INTERNAL_SERVER_ERROR.err.var
HTTP_LENGTH_REQUIRED.err.var
HTTP_METHOD_NOT_ALLOWED.err.var
HTTP_NOT_FOUND.err.var
HTTP_NOT_IMPLEMENTED.err.var
HTTP_PRECONDITION_FAILED.err.var
HTTP_REQUEST_ENTITY_TOO_LARGE.err.var
HTTP_REQUEST_TIME_OUT.err.var
HTTP_REQUEST_URI_TOO_LARGE.err.var
HTTP_SERVICE_UNAVAILABLE.err.var
HTTP_UNAUTHORIZED.err.var
HTTP_UNSUPPORTED_MEDIA_TYPE.err.var
HTTP_VARIANT_ALSO_VARIES.err.var
include
README

Now your localised errors should be back again, and you logs will not be flooded anymore.

Brute-forcing pksc12 passphrases with OpenSSL

Monday, August 25th, 2008

For some project I needed to recover the password that was used to encrypt a PKCS12 key.

I found a nice patch for openssl by Aion but that did not compile on any of my machines.

After some trial and error, I was able to compile it under Debian Woody. For your convenience, I have put the openssl binary online. It runs on i386 linux systems.

Usage:

./openssl pkcs12 -in mycert.p12 -aion /usr/share/dict/words

Remember: it is ancient OpenSSL-0.9.7c so full of security bugs, hence only use it to recover lost passwords.

Rename VMware Virtual machines on ESX

Friday, August 8th, 2008

Ever wanted to rename a virtual machine and found out that the “Rename” option merely renames the “friendly name” in VirtualCenter? You could clone the VM to a new one with the proper name, but that requires a lot of downtime usually.
There is a quicker way:

  1. Shut down the VM
  2. Choose “Remove from inventory”
  3. Log into the ESX console and cd to the place where your VM is
  4. Rename the directory
  5. Rename all the files in the directory
  6. Change the names in the vmdk, vmsd, vmx, and vmxf files
  7. Browse the datastore and add the new vmx to the inventory

Or:

cd /vmfs/volumes/vmfs-data6
mv OldVM NewVM
cd NewVM
rename OldVM NewVM *
perl -pi -e 's/OldVM/NewVM/g' NewVM.vm*

XP Service Pack 3 breaks FAST

Tuesday, July 15th, 2008

After slipstreaming Service Pack 3 into my Windows XP Professional CD image, you cannot use FAST (File and Settings Transfer Wizard) to import a backup made with FAST on a XP SP2. Attempting to do so will yield this error:

Your migration store was created with a previous version of File and Settings Transfer Wizard.

This is of course not very nice. Especially not if you reinstalled the machine in question.

The fix is to apply hotfix 896344 on the old XP SP2 machine, and then make a backup using FAST.
This backup will be suitable for restoration on a SP3 machine.

The microsoft page on this hotfix only mentions this issue to apply to x64 Edition, however is also applies to pre-SP3 versions of FAST.

Mozilla Marktplaats tralies bug

Wednesday, July 9th, 2008



Sinds jaren bestaat er een bug in de code van Marktplaats.nl, waardoor de boel bij het verwijderen van een advertentie blijft hangen in een soort gevangenis met grijze tralies. Het maakt niet uit wat je doet op de site — uitloggen, inloggen, zoeken, het scherm blijft een traliepatroon. Het enige dat helpt is het venster/tab sluiten.

Deze bug is ook al jaren geleden gefiled maar tot op heden is er nog niets mee gebeurd.
Ik liep er toevallig weer eens tegen aan vandaag. Dit gebeurt met Firefox 3.0 – ik had gehoopt dat de bug niet meer op zou treden met deze versie maar helaas.

Windows XP for power users

Tuesday, June 17th, 2008

Windows Vista has been released over 18 months ago, and my initial reaction was that this operating system is the most bloated, sluggish crap ever released by Microsoft. Everyone was hoping that Service Pack 1 would relieve some of the pain, but unfortunately Microsoft failed to put any significant performance improvements in. I have come to the conclusion that Vista stays crap and should not be used by any self respecting computer user. It might be an option for the average clueless users that have no notion of security, but anyone beyond that experience level, especially power users like system administrators, should not use any flavour of Vista, but Windows XP Professional.

XP has its limitations too, but with the right kind of measures it can be a very good and safe computer experience. Some of these measures and guidelines:

Always do a clean install

Whatever computer you want to start using, always reinstall it before putting it into service. It might sound strange but this holds especially true for new machines that come with XP preinstalled. Vendors like Dell and HP are known for putting huge amounts of crap on their machines. Software vendors want to sell their stuff to customers, and make deals with PC manufacturars to put trial versions on new PC’s. This means that a new PC is in fact partly sponsored by the software companies. It is easy to see that this strategy is not in the best interest of the actual user of the PC.
It is not uncommon for new PC’s to come with 3 different (incompatible) virus scanners installed, 2 different CD/DVD burning programs, a couple of firewall programs, and loads of other crap.
The way to get rid of this is not to uninstall everything, but wipe everything and reinstall. It is recommended to slipstream the latest Service Pack into your installation CDROM (SP3 at the moment), to avoid trouble installing it afterwards. A possible loophole is the drivers — these usually reside somewhere on disk — so please take care to save these onto a USB stick first.

Don’t install driver packs, but manually point to INF files

Another trap users tend to fall in, is to click the binary installers of the various drivers. While this is not a huge problem, things potentially can get screwed up during this step:

  • Wireless drivers that disable the Windows Wireless Zero Configuration (WZC) service. This is known to happen with Intel cards, and some of the Sitecom cards. Having a custom wireless configuration tool bloats your system and makes debugging very hard.
  • Drivers that install all kinds of management applications. Examples of this are vendor specific control panels for video, audio, etc. The standard Windows control panels are perfectly capable of controlling everything. Only install if you absolutely need their functionality

A convenient way to circumvent this is to extract the actual drivers by opening the installer binary with 7-Zip, and then point Windows at those drivers files.

Dont’ run as Adminstrator

The University of Michigan has a good paper on how to do this. The introduction speaks for itself:

You’ve heard it a thousand times: “Don’t run as admin”. Yet you continue to tempt fate. You log in with admin credentials and surf the wild wild web through whatever minefield it takes you. You open email and attachments with abandon, confident in the fact that you’ve never been hacked before. Yet every once in a while, your heart starts to beat a little faster. Perhaps it happens when you land on some web site you didn’t expect, or when you double click on that unsolicited email or launch some video clip that your friend sent you. Your heart accelerates because you know, deep down, it’s just a matter of time before you do get hacked. And then, because you’re logged in with administrative credentials, you know the price could be big. If you’re lucky, only your ego will be bruised. Worse, the integrity of your system will be compromised and personal as well as private University information will belong to someone else. In fact, it’s entirely feasible that your system has already been compromised and you’re not even aware of it. How do you know that it hasn’t?

If you’re pushing your luck by logging in with administrative credentials, then read this paper. We’ll illuminate the “tips and tricks” necessary to start running as user. You’ll feel better running in a less privileged context, and you’ll be making a critical contribution to the security posture of your unit and the University.

I have been non-admin for half a year now and I have no problems whatsover using my computers. However, right after installation of system you typically spent some time configuring it:

  • installing applications
  • installing printers
  • installing backup scripts
  • customising system options
  • configuring network settings and VPN connections
  • configuring power options

A practical recommendation is to leave yourself Admin until you have installed and configurated your system to the extent that you do not need admin rights during dayly use. This is usually a few weeks after installation. At that point, make yourself a regular user, and switch to Admin only if needed. There is a small list of issues that require manual intenvention, but it can be done, and it is recommended to spent some time figuring out how to fix them, instead of becoming admin again. The Michigan University PDF already contains some practical tips for some of these issues, but I ran into some additional problems that weren’t covered there.

Usually you can right-click and select Run as… to run stuff as admin. You can also use the poormans sudo for Windows: runas. However, you have to type an awkward string each time:

runas /user:administrator regedit

To make things more convenient and appeal more to the power user, place a textfile with this content in your WINDOWS directory and name it sudo.bat ;-) :


RUNAS /USER:Administrator "%*"
EXIT

Now you press Windows-R -> “sudo regedt32″ and off you go!
When you are admin, you can directly run MMC files, but when using sudo or runas you need to supply the application as well. For instance to run the Group Policy Editor, you would run sudo mmc gpedit.msc

Here is an overview of common admin tasks and how to conveniently run them. Note that sometimes there is not option to right-click and select “Run as…”, so you have run commands from a shell (you are not afraid of that anyway aren’t you?).

Formatting removable media Can be fixed with GPO
Configure printers Shift-Click on printer -> Run as… -> Configure
Configure networking Add yourself to Network Configurators group
Group Policy Editor sudo mmc gpedit.msc
Add/Remove Programs sudo control appwiz.cpl
Teletubby user control panel sudo control userpasswords
Normal user control panel sudo control userpasswords2
complete Control Panel sudo control

More examples of how to run specific Control Panel item are listed on http://support.microsoft.com/kb/192806/.

Probably the last option is the best compromise between usability and amount of typing.

Try to stick with default options

Just because it is possible to customize about every aspect of the operating system and the user interface doesn’t mean that you should do so. Some of these customisations lead to poor performance. A good example in this respect is installing 12 Mb desktop wallpaper images. The default theme however (teletubby style) is eligable for replacement. For best results, choose the “Windows Classic” style, and after that choose “Adjust for best performance” in the Visual Effects Tab of the Performance Options.

Areca releases driver for VMware

Monday, June 16th, 2008

Areca has just released a beta driver for use with VMware ESX 3.5 :-)

This means that finally all the advantages of the Areca hardware can be used to build VMware systems.

I consider the Areca’s one of the best (if not the best) professional SATA RAID controllers out there.

I have used Dell servers a lot, because they offer more bang for the buck. However, Dell keeps on using crappy RAID controllers that are full of bugs. Over the last few years, it happened several times that Dell servers went down because of RAID controller problems, such as bugs in firmware.
I got really depressed by looking at the firmware history of their shitty PERC controllers – they started out the naming scheme with letters but they had to revert to another scheme as soon as the past the 27th firmware update. How’s that for mature code. Oh, and almost every update is labeled critical by Dell.
The PERC controllers that ship with Dell servers perform OK-ish, but they are hard to manage, they don’t have cool features like online RAID level migration, and at the time did not offer SATA RAID.
Luckily we have an IBM Fibre Channel box to store our data on, so if one of the Dells goes down again (you it will once you’ve seen the driver and firmware history) we don’t risk loosing too much data.

It was very frustating to be forced to buy servers that contain sub-optimal hardware when you know there is much better kit out there. But now, with the Areca drivers available I can create a multi-terabyte 1U VMware server for our disaster recovery plan.

When I get my hands on an Areca controller I will see how VMware behaves with that – to be continued.