Monday, September 4, 2017

Firewall Blocked Github: Connection refused

When I am at work, I encountered the following error while attempting to access Github,

ssh: connect to host github.com port 22: Connection refused
This could be the result that the corporate firewall blocked the SSH service (TCP port 22). In this case, we can inform the ssh client to use port 443 instead according to this Stack Overflow post. To do this, we add the following configuration for the ssh client,

cat >> ~/.ssh/config << END

Host github.com
  Hostname ssh.github.com
  Port 443

END
For me to use ssh to connect to Github, the Github official documentation turns out to be very helpful.

Tuesday, August 29, 2017

Running Out-dated JNLP Program

When attempted to launch the remote control JNLP Web Start program from a computer server, I encountered an error:

Unsigned application requesting unrestricted access to system
The following resource is signed with a weak signature algorithm MD5withRSA and is treated
as unsigned: http://192.168.1.5:80/Java/release/Win64.jar

The screen shot is also included,


The error is the result that Java has updated and the MD5withRSA should not be used any more. One work around is to temporary enable the MD5withRSA. One may change the Java security configuration by editing the java.security file. In my case, the file is C:\Program Files\Java\jre1.8.0_141\lib\security\java.security. You will find a line that disables a few algorithms, such as,

jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024

We can now simply comment out the line by adding a # at the beginning the line. The line should become,

#jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
In addition, you may need to launch the Java Console, and add the site, in my case, http://192.168.1.5 in the "Exception Site List".

Monday, August 28, 2017

Finding a Disk's Serial Number in FreeNAS

When a harddisk pool in FreeNAS encounters many errors, FreeNAS would report errors. In this case, we need to figure out which physical disk may have problem. The following steps help us find out serial numbers of the disk,, in conjunction with the BIOS information, we may figure which physical disk has problem.

# show a list of disks with their GPT IDs
zpool status
# show the mapping beetween GPT IDs and device names
glabel status
# from above two steps, we can know which physical device may have 
# problem, e.g., /dev/ada5p2
sudo  smartctl -a /dev/ada5 | grep "Serial Number"

Friday, August 25, 2017

SeLinux Setting for Mercurial Web Access

If you use the Mercurial Revision Control System or HG, you may set up a Mercurial CGI Server integrating with a HTTP server, such as the Apache HTTP server so that you can provide read and write access via HTTPS.

The Mercurial official website provides a well-written documentation for this. However, you may run into the 501 Internal Server Error when you try to browse the repository via the Web or encounter the 500 Permission Denied Error when you try to push your local changes to the remote Mercurial repository via the HTTPS protocol. These errors often occur when you have SeLinux enabled.

The following provides a simple script to set up the proper SeLinux context for Mercurial repositories.

Assume the parent directory of all your Mercurial repositories is in the environment variable HG_PARENT_DIR, the Apache HTTP server is run as user belonging to group stored in environment variable HTTP_GROUP, and you wish the user whose username's value in environment variable HG_USER to manage all your Mercurial repositories. You can set up the proper SeLinux context using the following commands on a Linux shell by initially assigning hguser, apache, and /home/hg to environment variables HG_USER, HG_GROUP, and HG_PARENT_DIR.

HG_USER=hguser
HTTP_GROUP=apache
HG_PARENT_DIR=/home/hg
chown -R ${HG_USER}:${HTTP_GROUP} $HG_PARENT_DIR$
chmod -R ug+rw  $HG_PARENT_DIR$
chcon -R -t httpd_content_t $HG_PARENT_DIR$
find $HG_PARENT_DIR$ -name .hg -exec chcon -R -t httpd_sys_content_rw_t {} \;
find $HG_PARENT_DIR$ -name \*.cgi -exec chcon -t httpd_sys_script_exec_t {} \;
The above script does not give the HTTP Web server process any more permissions than necessary, but does give and confine the required permissions to your Mercurial repositories.

Tuesday, August 15, 2017

Getting SSL Certificates Using ACME Clients

Previously I discussed the growing importance of SSL and HTTPS, in particular, how they may help protect user privacy. To run an application that supports SSL or HTTPS, one must obtain a SSL certificate. Although SSL certificates have become less costly and some vendors even offer free SSL certificates, there are still a few barriers for many users, such as, a user still needs to manage renewal, suspension, and installation of SSL certificates, and very few vendors provide free SSL certificates. Recently, the development of "Automatic Certificate Management Environment (ACME) protocol" has made the adoption SSL or HTTPS and acquiring SSL more easily.

The following example demonstrates the steps to use an ACME client, the certbot to acquire and install certificates for an Apache HTTP Server instance at a CentOS 7 system.
  1. Install CentOS 7
  2. This step and the steps that follow are done at the CentOS 7 system. Install Apache HTTP Server with mod_ssl.
    
        sudo yum install httpd mod_ssl
        
  3. Enable and start the HTTP service.
    
      sudo systemctl enable httpd.service
      sudo systemctl start httpd.service
      
  4. Enable the EPEL repository.
    
      sudo rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
      
  5. Install certbot, an ACME client from the EPEL repository.
    
       sudo yum install certbot-apache
      
  6. Acquire SSL certificates from "Let's Encrypt", and install them at the Apache HTTP server.
    
      sudo certbot --apache
      
  7. The certificates are set to expire in 90 days. Therefore, we need to set up an automatic renewal, which can be done either in a systemd/Timers or a cron job. Below is a cron job. However before proceeding to schedule a renewal job, we can test the renewal via the following,
    
      certbot renew --dry-run
      
  8. We now schedule the renewal job twice a day as advised by the "Let's Encrypt" site.
    "If you're setting up a cron or systemd job, we recommend running it twice per day (it won't do anything until your certificates are due for renewal or revoked, but running it regularly would give your site a chance of staying online in case a Let's Encrypt-initiated revocation happened for some reason). Please select a random minute within the hour for your renewal tasks."
    Following the advice, a cron job runs twice is added via crontab -e as root.
    
      0 5,17 * * * /bin/certbot renew > /var/log/certbot.log 2>&1
      
  9. To test your HTTPS site, you may use SSLLab's service. For instance, if you site is www.example.com, you can point your browser to https://www.ssllabs.com/ssltest/analyze.html?d=www.example.com&latest

Except the certbot, there are many other ACME clients. See the Let's Encrypt site for a recommended list.

Monday, August 14, 2017

Does My Internet Service Provider Block Port 80?

If you are like me who runs a little web server at home, you may encounter this problem, that is, regardless how you try, you simply cannot get port forwarding to work for port 80 while port forwarding functions fine for any other ports at home. It turns out that I am not alone. For instance, this Linux Questions thread states,
"Turns out Cablevision (my provider) 'blocks' port forwarding on their routers, so they say."

Yes, and indeed, that is what they say. My current Internet Service Provider (ISP) is Optimum. It states on their customer service site,
"Because Port 80 is often used by malicious software, including viruses and worms, Optimum, like many ISPs (Internet Service Providers), blocks this port for all standard Optimum customers."
Fortunately, it also provides a solution in the same page,
"
  1. Go to www.optimum.net.
  2. Sign in with your Optimum ID and password
  3. Place your cursor on and click the 'Internet' header
  4. Under 'Port Configuration' click on 'Settings'
  5. Under Port 80, click on the slider to turn On or turn Off.
"



This post serves as a reminder that you may want to check with your ISP if you struggle to get port forwarding to work for port 80 at home, and it may save you a few hours.

Setting up no-ip Service on Fedora Linux 26

It is simple to set up the no-ip dynamic DNS service. The steps are as follows,

$ sudo yum install noip
$ sudo noip2 -C
$ sudo systemctl enable noip.service
$ sudo systemctl start noip.service

In the above, the first step is to install the noip client, the second step is to configure the noip client, the third step is to enable the noip service, and the last step is to start the service. Since the service is enabled, when the system is rebooted, the noip service will be automatically started. One important reminder, do not forget to create your domain name at noip.

Sunday, August 13, 2017

Changing Windows Network Type via Editing Windows Registrar

Sometimes I need to change the network type of an Ethernet or a WiFi adapter on my Windows hosts. The network type is referred to the categories of a network adapter, and the category can be either "private" or "public". These two categories of networks can be set up with different access controls. According to my experience, it has been difficult to change the network type via the Windows Graphical User Interface that sometimes change from version to version and release to release, and it is much easier to change it via either the PowerShell Command Line or the Windows Registrar,

The steps to change the network type by editing the Windows Registrar are as follows,

  1. Run regedit
  2. Locate the following Registrar key,
    
            HKEY_LOCAL_MACHINE –> SOFTWARE 
                               –> Microsoft 
                               –> Windows NT 
                               –> CurrentVersion 
                               –> NetworkList 
                               –> Profiles
         
  3. Search or go through each profile to locate the profile that corresponds to the network adapter you wish to change the network type. I finds that it is easy to locate the adapter based on the "Description" field.
  4. Then change the Category value. Set the value as 0 to assign the adapter as a "Public" network, 1 a "Private" network, and 2 a "Domain" network.
The reference of this note is "4 Ways To Change Network Type In Windows 10 (Public, Private or Domain)".

Monday, July 17, 2017

Listing Queries Runing in PostgreSQL DBMS

To see which queries are being executed by a user in PostgreSQL DBMS, one may use the following query,


SELECT 
       usename, application_name, state, query 
FROM
       pg_stat_activity 
WHERE 
       usename='my_user_name';
where my_user_name should be actual username being queried about.

Thursday, June 22, 2017

PostgreSQL on Windows: psql complains "no equivalent in encoding"

I am running a PostgreSQL 9.6 server instance on Windows 10 host. When I issue a query via psql on the Windows 10 host, I encounter the following error message,

ERROR:  character with byte sequence 0xd0 0x9c in encoding "UTF8" 
has no equivalent in encoding "WIN1252"

When I query the client_encoding, I get the encoding indeed as WIN1252, shown as follows,

mydb=> show client_encoding;
 client_encoding
-----------------
 WIN1252
(1 row)

I find that the issue disappears and the display of query results appears to be fine. The following is an example to set client_encoding,

mydb=> SET client_encoding = 'UTF8';
SET

Sunday, June 18, 2017

Windows Defender Interferes with PostgreSQL on Windows 10

I am running a PostgreSQL database server on a Windows 10 host for development. I noticed that Windows Defender sometimes interferes with PostgreSQL and results the PostgreSQL services being terminated.

More specifically,  when you have a database transaction running and the Windows Defender starts to scan, the Windows Defender would label PostgreSQL transaction log as a threat as illustrated in the screenshot captured below. It shows that Windows Defender labels a PostgreSQL transaction log as a "Exploit:HTML/IframeRef", which is clearly a false alarm. Windows Defender would next quarantines the threat and the transaction log becomes inaccessible to the PostgreSQL service.


If you examine services in the Windows 10 host, you will see that the PostgreSQL service is terminated as illustrated in the screenshot below. At this time, any query to the PostgreSQL database results in failure.


The solution is to exclude the PostgreSQL transaction log directory from Windows Defender's scan. Microsoft explains how this can be done in this page.

Tuesday, June 13, 2017

PosgreSQL on Windows: could not find a "psql" to execute

I installed PostgreSQL 9.6.3 on a Windows host. After I had run batch file pg_env.bat on the host, I encountered the following error message when I ran psql

could not find a "psql" to execute
psql: could not find own program executable

It turns out that the quotation marks for path of the PostgreSQL binary from the batch file pg_env.bat is the culprit. For instance, the pg_env.bat batch file on my Windows host has the following content,

@ECHO OFF
REM The script sets environment variables helpful for PostgreSQL

@SET PATH="C:\Program Files\PostgreSQL\9.6\bin";%PATH%
@SET PGDATA=L:\stackoverflow\Data
@SET PGDATABASE=postgres
@SET PGUSER=postgres
@SET PGPORT=5432
@SET PGLOCALEDIR=C:\Program Files\PostgreSQL\9.6\share\locale

To correct the problem, we need to remove the quotation marks from the "SET PATH" line, i.e., to change the file to the following,

@ECHO OFF
REM The script sets environment variables helpful for PostgreSQL

@SET PATH=C:\Program Files\PostgreSQL\9.6\bin;%PATH%
@SET PGDATA=L:\stackoverflow\Data
@SET PGDATABASE=postgres
@SET PGUSER=postgres
@SET PGPORT=5432
@SET PGLOCALEDIR=C:\Program Files\PostgreSQL\9.6\share\locale

Sunday, May 7, 2017

Mounting Logical Volume Management (LVM) Volumes

I have two hard drives from an old Linux machine. These hard drives were under one Logical Volume Management volume. On another Linux host, I found these tools were very useful to get the data out.

  • Scan LVM volumes

    sudo lvscan

  • Activate LVM volumes

    modprobe dm-mod
    vgchange -ay

  • List and remove mapped LVM devices

    dmsetup ls
    dmsetup remove <device>

    where an example of "device" can be VolGroup00-LogVol01

Troubleshooting

When you see an error message like the following when you try to mount a volume,


# mount /dev/VolGroup00/LogVol00 mnt/
  mount: /dev/mapper/VolGroup00-LogVol00 is write-protected, mounting read-only
  mount: /dev/mapper/VolGroup00-LogVol00: can't read superblock

One solution that has worked for me many times is to remove the mapped LVM devices using the command we discussed in the above. For instance,

# dmsetup remove VolGroup00-LogVol00

If you perform a lvscan, you will find that the volume is inactive,

# lvscan
  inactive          '/dev/VolGroup00/LogVol00' [459.53 GiB] inherit

To activate the volume, we can run the following

vgchange -ay

Now you shall see that the volume is active,

# lvscan
  ACTIVE            '/dev/VolGroup00/LogVol00' [459.53 GiB] inherit

We can now mount the volume,

# mount /dev/VolGroup00/LogVol00 mnt/


Thursday, May 4, 2017

Windows Explorer Appears to Get Stuck at Canceling Copying Files

When I tried to cancel copying a large set of files at a Windows 10 system, it appears that Windows got stuck at canceling it forever. Below I saw,

which shows this "Canceling - 10% complete" indicator forever even after I closed the window. When I tried to copy a different file, this indicator stayed. This is actually not that the Windows tried to cancel copying forever. It is instead that Windows Explorer somehow kept some internal canceling state.

At present, the solution to address this are a few. The following two appear to work.
  • Reboot the system. This is a heavy-handed solution.
  • Terminate the Windows Explorer process, and restart the Windows Explorer process.

Monday, May 1, 2017

Finding Encrypted Files or Folders on Windows NTFS Partitions

Windows NTFS supports Windows Encrypting File System (EFS),which means some files or folders can be encrypted. In more than one occasion, I have lost access to files or folders while I copied them to external hard drives. Perhaps, one strategy is to list files or folders that are encrypted, and we can then decide what to do with them. This can be easily achieved on Windows Command Prompt via the following command,

cipher /S:D:\ /H | findstr "^E"

In the above example, we are looking for encrypted files on drive D:\. Command cipher lists all files and folders, and indicates whether the files or the folders are encrypted. The switch /H is to instruct cipher to look for hidden or system files as well. Command findstr allows us to use Regular Expression, and In "^E", "^" indicates the beginning of a line and "E" indicates that the file or the folder is encrypted.

Resetting Windows NTFS Ownership and Permission to Default

I moved an external hard drive from from one computer to another, and discovered that I could not access to any of the folders. The file system is NTFS. As suggested by this post, I completed the following steps to set all folders to the Windows default from Windows Command Prompt as an Administrator, and regained access to the files.

takeown /F D: /R /D
icacls "_Files" /reset /T 

The first command above is to take the ownership. The noticeable effect of the second command is to assign full access to everyone.

Tuesday, April 18, 2017

Heavy Disk Activity after Suspending a VMWare Virtual Machine Instance

I observed heavy disk activity when I suspended a VMware virtual machine instance. The VMware software is VMware Player 7.1.4 and the virtual machine instance is a Windows XP instance. The disk activity is so heavy that it almost renders the host machine non-responsive for a quite while. After some research online, I found these configuration options to be helpful,

mainMem.useNamedFile = "false"
mainMem.writeZeroes = "true"


You can apply these two configuration options in two different manners.
  • Apply them to a specific virtual machine instance by adding these two lines to the virtual machine configuration file, i.e., a .vmx file.
  • Apply them as the global and default options for all virtual machine instances by adding these two lines to VMware software's configuration file. For VMWare Player, it is %PROGRAMDATA%\VMWare\VMware Player\config.ini. If the file does not exist, you should create it. For other versions of VMware software, see this VMware KnowledgeBase article.

To understand why and how these may address the heavy disk activity issue and whether you should use these options, the following are a few excellent references that I came across in my research.
  1. VMware Workstation and Very High VMEM Fragmentation
  2. Maximize VMWare images performance
  3. Write Activity to .vmem file even though the VM is suspended
  4. Why does my PC slow down to a crawl when VMware Player is suspending to .vmem file?

Wednesday, March 29, 2017

Python script runs fine, but PyDev in Eclipse complains "Undefined variable from import"

Time and time again, PvDev in Eclipse complains "Undefined variable from import" when you tries to instantiate or import a class that you know exists.

An example is the multiprocessing.Process, and another pymc.Binomial. What may puzzle you is that the Python script runs fine in Eclipse or on Terminal. The problem is the result that some classes are dynamically generated at runtime.

PyDev actually has a solution to address this issue as discussed in its FAQ. The solution is via "Forced buildin libs" as discussed in its manual.

To add the multiprocessing and pymc package as buildin libraries, we do the following.

  1. Go to: window > preferences > PyDev > Interpreter - (Python/Jython/IronPython).
  2. Choose the interpreter you have installed in your computer.
  3. Select "Forced Buildins".
  4. Choose "New", add "multiprocessing", and confirm it.
  5. Choose "New" again, add "pymc", and confirm it. 

Note that you may have to restart Eclipse to see the effect.

Tuesday, March 28, 2017

Fixing Missing Battery Icon Problem on a Windows 10 Laptop

On a Windows 10 laptop, somehow the battery icon disappeared from the System Tray in the Taskbar. Two methods suggested in a Microsoft Answers post and in a TenForums post worked for me.

Method 1.
  1. Open the "Device Manager" from the Control Panel or the Settings menu, disabled and then re-enabled "AC Adapter" and "ACPI Compliant Control Method Battery".

Method 2.
  1. Run the Group Policy Editors gpedit.msc as Administrator 
  2. Navigate to expand "User Configuration", "Administrative Templates", and then "Start Menu and Taskbar", locate "Remove the battery meter", choose "Disable". 
  3. Restart the computer.

Wednesday, March 22, 2017

Fixing Problem that Windows Mail App Account Settings Are Out of Date

I use Windows Mail app to access my Hotmail email account. It suddenly started complaining about "Account settings are out of date". The Mail app would ask you to "Fix" it, guide you to "Update" account information. It appears that the "fixing" process is successful. However, it does not fix the problem. It does not appear to even fix the problem when I delete the account and add it back in. Eventually I find out that I need to choose the right option other than the email type option list superficially seems to suggest when I add the account back in. Below are the steps.

  1. Click on the "Settings" button on bottom of the left pane
  2. Click on "Manage Account" from the "Settings" menu
  3. Click on "Add Account" from the "Manage Account" menu
  4. Select "Exchange, Office 365". Note that on the face value, the first option, "Outlook.com, live.com, Hotmail, MSN" seems to be the choice we should choose, after all the email account in question is a Hotmail account. In fact, for many users, the first option is not the right option because Microsoft  has gradually migrate Hotmail accounts to "Office 365". 
  5. Enter a Hotmail address and password



Friday, March 17, 2017

Converting SVG to PDF on Linux Command Line

A number of tools available for converting a SVG to a PDF file on Linux command line, for instances,
  • rsvg-convert
    
           $ sudo apt-get install librsvg2-bin
           $ rsvg-convert -f pdf -o mygraph.pdf mygraph.svg
        
  • ImageMagick
    
           $ sudo apt-get install imagemagick
           $ convert mygraph.svg mygraph.pdf
        
  • Inkscape
    
           $ sudo apt-get install inkscape
           $ inkscape mygraph.svg --export-pdf=mygraph.pdf
        

A few others include GhostPDL and CairoSVG. Each of these tools has its own limitations, particularly, supported SVG features. My limited use points to that Inkspace appears to have the most supported features.

Thursday, March 9, 2017

Websites for Testing Regular Expressions

Below is a list of websites that I use to test regular expressions.


Wednesday, February 15, 2017

Visualizing and Learning Programming, Data Structures and Algorithms.

This post bookmarks resources for visualizing and learning programming, data structures and algorithms.

Web-based Intergrated Development Environments (IDEs)

A number of Web-based IDEs have been made available. Although they are not as sophisticated as desktop IDEs, such as Microsoft Visual Studio and Eclipse, they are quite convenient to share some code. This post serves as a bookmark for a few Web-based IDEs that I came across. 

Monday, February 13, 2017

Rendering Jupyter Notebooks (IPython Notebook) on Github Pages Sites

There are a number of solutions to render Jupyter notebooks on Github Pages sites.

  • Convert Jupyter notebooks to static html pages using nbconvert. For example, we have a Jupyter notebook file, my_example.ipynb. We run nbconvert as follows,
    
      jupyter nbconvert --to html --template full 2017-02-01-112657.ipynb 

    The above produce a whole HTML document including HTML header. If you wish to embed the notebook into your own page, you may use option basic as follows,
    
      jupyter nbconvert --to html --template basic 2017-02-01-112657.ipynb 
  • Another method is to use a Pelican extension, see ipynb_reader.
  • You can also use Jupyter's nbviewer service. See the following example and examine the URL.

    Example using nbviewer

Note that Github can now render a Jupyter notebook from its repository view. However, that is different from viewing a Jupyter notebook on a Github Pages site.