LI Tech Blog

PostgreSQL 9 bytea_output and CGI::Session

jgraham — Mon, 02 Jan 2012 03:53:08 +0000

PostgreSQL 9 introduces a new bytea output format, hex. This new format can cause problems for programs expecting the traditional output format.

I ran into this problem with several perl scripts using CGI::Application::Plugin::Session. I had just upgraded a database server from PostgreSQL 8.3 to 9.1. The scripts could connect to the but would report errors like the following:

	Error executing class callback in prerun stage: No session object!
	This module depends on CGI::Application::Plugin::Session!
	(or you need to use the -dont_use_session config parameter) at ...

It turns out that the culprit was the new hex output format used by PostgreSQL 9.x. CGI::Session was unable to decode the resulting data and would fail to load existing sessions.

The fix is easy. Simply use the following command to set the bytea output format for a given database:

	ALTER DATABASE database SET bytea_output = 'escape';

Additional details can be found in the Client Connection Defaults section of the PostgreSQL documentation.

Deleting DigiNotar’s Root Certificate on Mac OS X

jgraham — Thu, 01 Sep 2011 00:15:44 +0000

Recently a number of fraudulent SSL certificates for high profile websites, including Google, were obtained from the Dutch Certificate Authority DigiNotar.
These certificates could be used to impersonate or intercept legitimate services.
One method for dealing with this situation is to mark DigiNotar’s root certificate as untrusted.
Unfortunately due to a bug in Mac OS X DigiNotar signed EV certificates will still appear to be valid.
To work around this one can delete the certificate from the system trust roots with the following command:

	security delete-certificate -Z \
	 	C060ED44CBD881BD0EF86C0BA287DDCF8167478C \
		/System/Library/Keychains/SystemRootCertificates.keychain

Kerberos over TCP on OS X 10.7 (Lion)

jgraham — Wed, 31 Aug 2011 23:46:34 +0000

With the release of Mac OS X 10.7 (Lion) Apple has switched from MIT Kerberos to Heimdal Kerberos.

By default Heimdal will attempt to communicate with KDCs over UDP.
In some cases it is desirable to default to TCP.
Heimdal can be instructed to prefer TCP by prepending the KDC hostnames in /etc/krb5.conf with tcp/.
For example:

	[realms]
		EXAMPLE.COM = {
			kdc = tcp/kerberos-1.example.com:88
			kdc = tcp/kerberos-2.example.com:88
		}

OS X DirectoryService UUID case sensitivity

jgraham — Thu, 19 Aug 2010 16:42:50 +0000

I recently ran into an issue where some new users with LDAP based accounts did not see any CUPS shared printers.
The solution turned out to be case sensitivity of the apple-generateduid attribute.

Launching the Console application would result in a continuous stream of Error: failed to register for new message notifications messages.

To fix this I just wrote up a quick perl script that scanned for apple-generateduid attributes in LDAP that were not up-cased and the issues vanished.

Xerox Phaser 6120 on Mac OS X 10.6 “Snow Leopard”

jgraham — Fri, 04 Sep 2009 18:20:51 +0000

Update: It appears that Xerox is now distributing a 10.6 “Snow Leopard” driver package on their website.

According to the Xerox website the Phaser 6120 is not supported in Snow Leopard. However if one downloads the custom PPD file from the OpenPrinting database the printer works perfectly.

Full instructions follow:

On the 6120 page:

http://www.openprinting.org/show_printer.cgi?recnum=Xerox-Phaser_6120

Right click on Custom PPD to the right of Recommended driver and choose Download Linked File As….

In System Preferences -> Print & Fax click the + to add a new printer. Select your printer, wait for the system to choose “Generic PostScript Printer” under Print Using. Change Print Using to Other… and browse to the file you downloaded. The value in Print Using will change to Phaser 6120 PS. Click Add, check any options you have installed on your printer, click Continue and you are done.

On my system everything works correctly when printing over the network. I didn’t test USB but I have no reason to doubt that this driver will work for USB as well.

Creating an empty git branch and pushing it remotely

jgraham — Sat, 08 Aug 2009 20:49:38 +0000

Say you wanted to create an empty branch of an existing git repository. That is a new branch with no history, say to track your project docs.

Be sure that you don’t have any pending changes in your workspace before executing these commands.

$ cd ~/my-git-repo
$ git symbolic-ref HEAD refs/heads/docs
$ git rm –cached -r .
$ rm -fr *
$ git commit –allow-empty -m “Initialized docs branch.”
$ git push origin docs

Checking for DNS Poisoning Vulnerability

jgraham — Tue, 15 Jul 2008 23:45:28 +0000

Just a quick way to test and see if your DNS servers are vulnerable to the latest DNS Cache Poisoning vulnerability (CVE-2008-1447).

From: https://www.dns-oarc.net/oarc/services/porttest

$ dig @4.2.2.3 +short porttest.dns-oarc.net TXT

Replacing 4.2.2.3 with the IP address of your DNS server(s).

Bookmarks Not Synchronizing Over .Mac In 10.5.3

jgraham — Fri, 16 May 2008 00:35:30 +0000

After a recent security update I noticed that my bookmarks were no longer synchronizing over .Mac between any of my systems. To fix the issue I had to unregister and reregister Safari’s sync client. Open a terminal and run: /Applications/Safari.app/Contents/SafariSyncClient.app/Contents/MacOS/SafariSyncClient --unregistersyncclient com.apple.Safari This will return NO, then run /Applications/Safari.app/Contents/SafariSyncClient.app/Contents/MacOS/SafariSyncClient --register which should return YES.

Rebuilding Software RAID Arrays in OS X 10.5 Leopard

jgraham — Thu, 10 Apr 2008 12:09:38 +0000

While moving some data between drives today I decided to test the drive build functionality of my external RAID array.
I have an IOI FWBU2SATA35DMR Firewire/USB enclosure with two 500GB SATA drives in a RAID 1 configuration. Following the instructions I powered down the array, removed one of the disks, powered it back up, wrote some data, powered the array down and reinstalled the second drive. To my dismay instead of rebuilding the second disk the drive would begin the rebuild (indicated by the status lights) and then immediately return to 1 good 1 failed. I let this run for a good 12 hours without luck.

So I decided that for my needs the software RAID supplied by OS X would be sufficient. Off to Disk Utility to build the set. Disk Utility allows you to create a mirrored RAID array in a degraded state (preserving any data on the drive) and then add members to the array and rebuild. I created the initial array with a single partition member and then attempted to add the second partition only to receive Unrecognized Filesystem.

I guessed that this was an issue with the Disk Utility interface and not the underlying software RAID so I decided to give it a try from the command line. Sure enough it worked right away. Here are the commands to add a disk or partition to an existing software RAID array:

Be very careful when running these commands! If the wrong device is selected you can easily destroy an entire disk of data!

Get a list of device names with:

# diskutil list

Next find the Unique ID for your RAID array:

# diskutil checkRAID

Finally, add the new member to the array. Replace AAAAAAAA-BBBB-CCCC-DDDD-EEEEEEEEEEEE with the Unique ID obtained above and diskXsX with the appropriate device:

# diskutil addToRAID member /dev/diskXsX AAAAAAAA-BBBB-CCCC-DDDD-EEEEEEEEEEEE

The array should automatically begin to rebuild itself. You can check by re-issuing the diskutil checkRAID command. The rebuild status will automatically be shown if Disk Utility is launched.

Random blank/black X sessions with GDM on a Dell GX280 running CentOS 5

jgraham — Thu, 06 Mar 2008 12:15:08 +0000

While upgrading a lab of Dell GX280 systems to CentOS 5 today I ran into a bit of a snag. Seemingly at random when the system initially started or returned to the GDM login screen the user would get a black screen. The system still responded on the network, could be switched to VTs and the GDM screen would correctly display after a few gdm-restart commands. I found this bug report but no solution. I did notice that when the screen was blank if the mouse was moved up, till it the cursor (were it visible) would hit the top of the screen, the GDM screen would pop up and function normally.

I fully realize that this is very hackish and should not be used as a long term solution but it works in this case to eliminate user confusion until a real fix is found. All instructions assume file paths and conventions in CentOS but should work with minor modifications anywhere else this problem is encountered.

A bit of searching turned up xdotool, a command for simulating keyboard and mouse input using the X11 XTEST module.

I created an RPM spec file that will download and build and xdotool package, available here: http://pastie.textmate.org/162710

Once xdrtool is installed do the following:

Edit your /etc/X11/xorg.conf, add Load "xtest" to the Module section
Copy /etc/gdm/Init/Default to /etc/gdm/Init/:0
Edit /etc/gdm/Init/:0 to include something similar to this towards the bottom:
```
(sleep 1 ; xdotool mousemove 0 0 ; sleep 1 ; xdotool mousemove 640 450) &
```

This will cause the pointer to jump to the upper left corner of the screen and then back to the center just after GDM starts. At the moment this appears to reliably work around the problem.