Archive for Computer Science

Importing Existing Keys and SSL Certificates Into Apache Tomcat

I rarely use Tomcat, but one of my clients is a Java guy and, as makes logical sense, uses Tomcat to serve the applications he writes. One of which required an SSL certificate. It’s no problem to create a new key, CSR, and import the certificate and certificate authority chains, but what if we already have an existing key and certificate for the same domain?

In our case, we had Apache serving the non-application stuff (in PHP, natch) on ports 80 and 443, with Tomcat on 8000 and 8443 (take that, Plesk!), and already had a certificate issued for the domain on the Apache side. Since the stuff used by Apache was in PEM format, I’ve added one of the steps required to convert it to PKCS12, which is what we’ll use for the Java keystore. These instructions are taken from a CentOS box, so you may need to make some modifications for other operating systems. It’s only here to serve as a guideline (and for my own future reference, primarily, because I know damned well I’ll forget again next year).

First, we need to concatenate the key, certificate (granted us by the CA) and the CA bundle into one single file. This is done most simply like so:
cat your_domain.key your_domain.crt your_ca_bundle.crt > your_domain.key_crt_bundle.pem

Next, we convert the concatenated PEM data into PKCS12:
openssl pkcs12 -export -out your_domain.key_crt_bundle.p12 -in your_domain.key_crt_bundle.pem

Create a password for the resultant PKCS12 file, and remember the password for a moment. Because you’ll need it when you import this PKCS12 into your Java keystore using the following command:
keytool -importkeystore -srckeystore your_domain.key_crt_bundle.p12 \
-srcstoretype pkcs12 -destkeystore your_domain.key_crt_bundle.jks -deststoretype jks

You’ll need to create a new password for the keystore, and then enter the password for the PKCS12 you created two steps back.

Then, edit your Tomcat server.xml file and define the full path and filename of the newly-created keystore, as well as your keystore’s password. In our case, the default location was /etc/tomcat6/server.xml. If you don’t know how to configure Tomcat6 for SSL at all, that’s beyond the scope of this particular post, and you will need to do some research. Also, do not pass GO!. Do not collect $200. And may God have mercy on your soul.

Finally, restart Tomcat doing the good ol’-fashioned service tomcat6 restart (or equivalent), and you should be good to go. And, if not…. sucks to be you.

Horribly Slow Speeds On USB Stick, Ubuntu 12.04LTS (100KB/s?!?)

23426115i_01

I just finished building a new server for the house here and downloaded the latest build of Ubuntu Server 12.04LTS. My desktop is running an upgraded version of the same (but Desktop, not Server edition). Trying to create a USB boot disk to install on the new box was painfully slow: it was going to take 2.5 days.

After searching all over the web to see what others thought, checking the USB settings in my BIOS, and even rebooting for the sake of a potential fix chalked-up to voodoo, I realized the answer. Checking the USB stick’s partition, it was – unsurprisingly – FAT32. Once I dropped the partition (the stick was brand-new, just opened the package) and created a new ext4 partition in its place, I created my new USB boot disk in 38 seconds. That’s much more like it.

Bash ‘for’ Loop and Filenames With Spaces

A quick post for my own future reference, primarily.

After banging me face off the desk for a while trying to figure out how to batch-convert a heaping spoonful of space-laden-named Excel files to CSV for a project I’m doing for my wife, I found a solution in the $IFS environment variable. Thus:

#!/bin/bash
IFSTMP=$IFS;
IFS=$(echo -en "\n\b");
for i in $(ls -1 *.xls); do
xls2csv $i > $i.csv 2>/dev/null;
done;
IFS=$IFSTMP;

Easy as pie. And I don’t mean like a mince pie or something that many folks don’t even like, but like convincing toddler to eat a chocolate cream pie. Yeah, that easy.

Announcing the Release of the System Detonation Library for PHP

As discussed somewhat at length in a rapidly-devolving thread on the PHP General mailing list, I am in favor of a function that, when called, will initiate on the host system a self-destruct sequence.  Well, being a nice, sunny, spring Friday morning, I decided to offer just that:

Introducing the first public release of the System Detonation Library for PHP.

This useless extension provides one function with one purpose: to cause your server to explode.  Due to the obvious hazards involved, including (but not limited to) loss of hardware, limbs, and potentially life and liberty, this has only been tested on one single occasion, using a PC with Ubuntu 10.10 and a heavily-modified SVN version of PHP 5.3.6.  Thankfully, as the test was successful, there were no serious injuries.

Firstly, you may download the package here.

Second, as a very basic course on the compilation and installation of this unofficial PHP extension, here are some simple instructions for Linux users.  All others are on their own, and this may (read: probably) will not work anyway…. which is a shame, because I know plenty of Windows boxes that should have the right to self-destruct as well.

  1. Download the package above.
  2. Extract it: tar -zxf detonate-0.2.tar.gz
  3. Change to the newly-created directory where the files are located: cd detonate-0.2/
  4. Build the wrappers for your version of the Zend/PHP API: phpize (NOTE: on Ubuntu-built packages, this command may be: phpize5)
  5. Build the necessary makefiles for your system: ./configure –with-detonate
  6. Compile the code: make
  7. Install the binary (as root, or using sudo): make install
  8. Edit your php.ini to load the newly-installed extension by adding this line: extension=detonate.so
  9. If you plan to use it via the CLI, you’re done.  For use on the web, remember to reload/restart your web server.
  10. Create a basic PHP script with the following: <?php detonate(); ?>
  11. Check your insurance coverage.
  12. Run the script created in Step #10.

And that’s all there is to it.  Feel free to install this on all of your systems and use it as a replacement for exit or die() in your scripts.  Because, unlike die(), this function will absolutely get the point across, once and for all.

Replacing One Character In A String With A Random Character

Just an hour or so ago, Ron Piggot asked a question on the PHP General mailing list. The original question was how he could replace a single matching character in a string containing multiple matches with another random character.  I mocked up a working example in about five minutes or so.  It’s far from perfect, and not very elegant, but it’ll work as a starting point of reference.

The code I sent back in reply follows:


Windows Server Says, “Network Cable Unplugged” When It’s Not?!?

Once again, stuck managing a Windows box. Yeah, I know, I’ll whine, bitch, moan, and cry you a river another time.

The Problem: Using the secondary NIC (PNET/VLAN), I found a lock of packet collision during negotiation, handshaking, and identification, causing Windows to give up and basically say, “well, since it’s not working, the cable must physically have been removed, because there’s no way I could ever be wrong.”

Wro…. err…. incorrect, Windows. (You’re wrong.)

The Discoveries: The truth was, at least in my case, that it wasn’t properly handling the gigabit capabilities of the card on the box. I’m not the administrator for these machines (though they’re housed in our datacenter), so I can’t be certain that nothing had changed recently, but their staff said nothing at all had been modified. Perhaps that really was the case, and nothing had been changed — Windows has been known to do stranger things than this, of course, sometimes out of the blue.

The Solution (for my case): Go to the screen where you can view your network adapters (your version of Windows dictates the path of navigation, hence the ambiguity). Next, right-click the adapter with the “Network Cable Unplugged” message and click “Properties.” Click the appropriate button to configure the network adapter. Then click the tab on that dialog for “Settings” or something of the like (sorry, but I logged out in a hurry, so this is from memory), and you’ll see a list of parameters on the left, with their values on the right. Find one related to speed and duplex, and if you see it set to “Auto” or similar, drop it to “100Mbps Full Duplex” and click OK. Close the properties dialog by clicking “OK” and see if the settings are already bringing the network adapter back online. If not, disable and re-enable the adapter, and – if it was indeed the same issue – you should be back online within a few seconds.

Elance “Skills Assessment” Tests — HA!

Sometime in 2000 or 2001, I was asked to create a skills assessment for senior-level relational database management systems experts for a very young Brainbench. I was not alone: the company selected a total of four of us, all given the assignment of coming up with forty-five multiple-choice problems related to the general concepts of RDBMS. It took me about two days to complete the task, and a few weeks later, when the test went into a public beta, folks could take the test and vote on the quality of the questions. The results of the votes were not shown to the public, and we (the consultants who created the questions) were not privy to the voting statistics either. Several weeks after that, the test became official, and I aced it: every one of the forty-five pages were from my packet.

Despite being rather proud of myself for a relatively small accomplishment, I was actually really surprised; the quality of the submissions from the other consultants was all – in my opinion – very, very good. In fact, I felt more as though some of my own paled in comparison. It seemed that all of the other submissions were by folks who really understood the topic thoroughly, and were masters in their field. In fact, I did later learn that I was the only one of the four hired who did not have a computer science degree. Talk about humbling.

Today I decided to take a few skills assessment tests on Elance – a leading online freelance marketplace – on a variety of technical subjects. Included in the ones I took were tests to evaluate one’s comprehension of Linux and Amazon Web Services.

I was disgusted.

The grammar was horrible. The content was filled with fluff and trash. The questions weren’t representative of someone’s working knowledge on the subject — in fact, some even took text from “About Us” sections that described the company, not the service provided. And in the Linux test specifically, there were cases of areas where multiple answers were correct, but only one could be chosen; other times where no answer was technically correct, but a choice had to be selected. The most appalling of it all: questions on obscure, unnecessary things like “Which of the following software packages is used to create a closed-circuit television system?” I had to look that one up after the fact. I didn’t take a test on how to set up a video system, I took a test on Linux skills. I highly doubt the MSCE or MVP tests ask for the steps of motion tweening in Flash.

It was quite obvious that the tests were created by folks with limited knowledge on the subject matter. In fact, it was probably completed – at least in majority – by the lowest bidder, who may very well have been a non-native-English administrative assistant. Hell, nowadays, anyone with Internet access thinks they have the skills and marketability to work as a professional freelancer. Some do…. most – and I really mean MOST – do not. These so-called “skills assessment” tests were proof-positive of that; they’re a joke, and folks serious about testing the skills of others would be ashamed to have them as the representation of their own knowledge on a given subject.

Granted, I can’t speak for all of the tests. There are many available, and on a wide variety of topics. I’m sure that some are much better than others, and that some of those may actually be very good at gauging an individual’s skill on the matter. Now they just need to try to get that same quality across the board.

Because if I can take a test on something of which I admittedly have almost zero knowledge, be more confused by the spelling and sentence structure of almost every single question and option, score a barely-passing 65%, yet still be in the “Top 10%” of all test-takers, something must be wrong.

Skype and Google Earth Causes X To Crash On Ubuntu 10.10

[UPDATED 19-JAN-2010 – Thanks to Drew (in the comments) for bringing up the fact that this is only for 64-bit versions of Ubuntu. The filenames would indicate that, but no sense wasting your time if you’re looking for a 32-bit solution. Well, at least not yet. I may do a 32-bit build if there’s a need, but it seems as though the official repos may now have the patched versions. Have you gotten an official solution that resolved the issues? Feel free to let me know in the comments.]

After months of dealing with the mouse getting stuck between monitors, blinking like crazy and freezing all but remote SSH administration of my Ubuntu 10.04 (Lucid) desktop with triple-head monitor setup, I gave up and upgraded to 10.10 (Maverick) in hopes that it would fix the issues. I didn’t know if it did or not, because it introduced new errors. Worst of all: any time I would launch Skype, the screens would go black and X would crash in a segfault and restart. The same was true of Google Earth and of at least all Qt applications on the desktop. It took a good thirty-six hours before I traced everything back and came up with a solution. So now I’m running 10.10, which not only has a couple of minor improvements, but also seems to have finally fixed the mouse-locking issue. Hooray!

My issue turned out to be rooted in an issue with Xinerama on X with multiple monitors on an x86_64 box running the final stable of Ubuntu 10.10 (Maverick). If you have the same issues (Skype crashes X), try downloading the following file (routed through my company’s URL service so that it’s easier to share):

http://links.parasane.net/fvsq

The filename is xorg_crash_fix_debs_and_NVIDIA_driver_x86_64.tar.bz2, with the following hashes:

MD5: fe2fa5684a0f051d552bd7d0b4ee6f6a
SHA1: 0edea79d4832ce31954e29991405a67403732639

Applying it is simple (provided you have experience in knowing how to resolve your own dependencies, if any are missing). If you’d like to nip it in the bud before getting started, here’s an all-inclusive list of all packages of which I’m aware that you should have installed or which may be needed to finish this process without errors (feel free to pick and choose on your own, if you’re more comfortable doing a minimalist installation):

sudo apt-get install debhelper quilt bison flex xutils-dev x11proto-bigreqs-dev x11proto-composite-dev x11proto-damage-dev x11proto-xinerama-dev x11proto-randr-dev x11proto-record-dev x11proto-render-dev x11proto-resource-dev x11proto-scrnsaver-dev x11proto-video-dev x11proto-xcmisc-dev x11proto-xf86bigfont-dev x11proto-xf86dga-dev x11proto-xf86vidmode-dev x11proto-dri2-dev libxfont-dev libxkbfile-dev libpixman-1-dev libpciaccess-dev libgcrypt-dev nettle-dev libudev-dev libselinux1-dev x11proto-xf86dri-dev x11proto-gl-dev libxmuu-dev libxrender-dev libxi-dev x11proto-dmx-dev libdmx-dev libxpm-dev libxaw7-dev libxmu-dev libxtst-dev libxres-dev libxv-dev libxinerama-dev devscripts build-dep xserver-xorg-core

The steps to installing the fixed binaries are:

  • Drop to an alternative TTY prompt: Press CTRL+ALT+F1
  • Download the package file: wget http://links.parasane.net/fvsq -O xorg_crash_fix_debs_and_NVIDIA_driver_x86_64.tar.bz2
  • Uninstall your current NVIDIA drivers: sudo nvidia-uninstall
  • Decompress the file linked above: tar -xjvf xorg_crash_fix_debs_and_NVIDIA_driver_x86_64.tar.bz2
  • Change to the newly-created directory: cd xorg_crash_fix_debs_and_NVIDIA_driver_x86_64/
  • Install the core and common packages: sudo dpkg -i xserver-xorg-core_1.9.0-0ubuntu7_amd64.deb xserver-common_1.9.0-0ubuntu7_all.deb xvfb_1.9.0-0ubuntu7_amd64.deb
  • Set execution permissions on the included NVIDIA driver: chmod 0755 ./NVIDIA-Linux-x86_64-260.19.21.run
  • Execute the new NVIDIA driver: sudo ./NVIDIA-Linux-x86_64-260.19.21.run
  • Reboot the system: sudo shutdown -r now

You should now have a fully-working X system again. And if you upgraded because of the mouse-hang issues, you should be in good shape there, too!

NOTE: It should be VERY obvious, but this comes with absolutely no warranty or guarantee whatsoever, and you’re completely responsible for any issues that arise, directly and/or indirectly, from usage of these packages or instructions, et cetera. You know the drill by now, I’m sure.

SSH Client On Ubuntu Desktop Timing Out

It would happen again and again and again…. I’d walk away from the computer (yeah, on rare occasions that happens), or I’d flip to another terminal and get sidetracked there:

Write failed: Broken pipe

Son of a bitch! And why the hell don’t I remember to vi in screen until moments like this?!?

Well, unless I keep ‘top’ open or run a while [ 1 ]; do echo -n '';sleep 30; done, it continues to drop out without fail. And an interesting (to me) fact that I’ve actually recorded: I spend more than 60% of my day on the command line.

Logically, the first things I tried were to add /etc/ssh/ssh_config parameters for both KeepAlive and TCPKeepAlive, but that still had no positive effect. Then I started to dig deeper into the issue to see what other options I had. There were no network problems or abnormally-high numbers of dropped packets or shards, it would happen regardless of whether it was WiFi, 3G, or LAN cabled, and all other network services and applications were working just fine — including things like telephony, which was perfectly clear. I knew that it had to be a timeout issue, and since it wasn’t restricted to just a single server (or even to just thirty or forty servers, for that matter), nor was it an issue until I [finally] switched from Mandriva to Ubuntu, it had to be a local problem.

I dug and dug and dug, almost all the way to Virtual China, and finally found my Holy Grail:

ServerAliveInterval

Right now, I’m using ServerAliveInterval 120 and, for the first time since the issue reared its ugly head, I’ve been able to keep SSH sessions open and idle overnight. Hoorayings for Internets funs again and stuffs! Now maybe I can stop losing time on this and go back to only dealing with the issue of my mouse getting stuck between screens with Xinerama

Binding Windows Key to KDE Menu In KDE4

Seems to be a lot of confusion in KDE4 as to how to bind the Windows key on a standard keyboard to the KDE menu. Well, let’s make the solution brief:

1.) Drop to a command prompt (such as konsole).
2.) Type: xev
3.) Press the Windows key (either side, or both sides individually) and notice the number assigned to the ‘keycode’ identifier.
4.) Create (or edit) your .Xmodmap profile file. Example: vi ~/.Xmodmap
In your .Xmodmap profile, add the following, where ### is your keycode from above, and save the file:
keycode ###=F13
5.) Back at the command line, activate the above by typing: xmodmap -e ‘keycode ###=F13’
6.) Right-click the KDE menu and click “Application Launcher Menu Settings” from the menu that appears.
7.) Click “Keyboard Shortcut”.
8.) Click the button with the picture of the wrench on the “Keyboard Shortcut” screen and press the Windows key. You should see F13 appear in the box.
9.) Move your mouse out of the box and click the “OK” button to close the dialog and activate the key.
10.) Press the Windows key and see the menu pop up as expected. NOTE: You can’t tap it again to close the window. Instead, you’ll need to press the ESC key or click elsewhere.

NOTE: The above is done for brevity. A good lesson to learn from this is that ‘xev’ is a useful tool, and ‘xmodmap’ is your friend. Oh, and that the KDE folks still haven’t gotten their crap entirely straight with KDE4 as of version 4.2.4 (the version in which this was tested).

There are also other ways. In fact, I did the following for my Mandriva 2009.1 + KDE 4.2:

cat << EOT >> ~/.kde4/Autostart/bindWindowsKey.sh
xmodmap ‘keycode 133=F13’;
xmodmap ‘keycode 134=F14’;
xmodmap ‘keycode 135=F15’;
EOT

Now to figure out why Plasma keeps interfering and disabling the damn thing when I restart X or relaunch the session…. maybe I’ll post back here later.