Comparing Traffic Policing and Traffic Shaping for Bandwidth Limiting - Cisco

Comparing Traffic Policing and Traffic Shaping for Bandwidth Limiting - Cisco:



'via Blog this'

[Openvas-discuss] Errors adding SMB credentials into openvas6

Had a problem storing credentials in Openvas as part of BackBox.

Turns out the /etc/openvas/gnupg directory is missing by default.



[Openvas-discuss] Errors adding SMB credentials into openvas6:



'via Blog this'

Tor project key expired in BackBox

I use BackBox Linux quite a lot to check for issues in local systems that I look after.
Went to update it today, after not using it for a while, to find that the signing GPG key for the Tor project had expired and I couldn't download updates for that part.

Found the answer here:
https://trac.torproject.org/projects/tor/ticket/12994

These commands fixed it for me:

gpg --keyserver keys.gnupg.net --recv 886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -

Chrome no longer the quickest browser?

Did some totally unscientific web browser speed testing using Peacekeeper:

• http://peacekeeper.futuremark.com/

I got the following results (best to worst):

• 4632 Firefox Nightly v36.0a1(2014-11-14)
• 4379 Firefox Nightly v36.0a1(2014-11-14)
• 3920 Chrome v39.0.2171.62 
• 3709 Maxthon v4.4.1.5000
• 3319 Firefox v33.1 **
• 3306 Firefox v33.1.1 **
• 3194 SeaMonkey v2.30
• 2276 Internet Explorer v11.0.14 *

Totally unscientific means there was no control over that which was running in the background, the tests were only done once with no averaging and some of the browsers are beta or dev versions rather than all being stable versions.

Firefox and Firefox Nightly were tested twice as there were updates waiting, so I carried out one test before the update and one test after.

I was surprised IE11 was last, but it noticeably struggled in the Canvas tests in particular.

The following problems were encountered:

• * Internet Explorer 11 does not support Theora or WebM videos
• ** Firefox stopped and issued a script warning on Dcom Tree page and the scripts had to be stopped for the test to continue

Test machine was an HP ProBook 4740s running Windows 8.1 with all current patches.

How to downgrade your Z10 back to the carrier supplied OS

Re: BB10/Z10 OS downgrade - BlackBerry Support Community Forums:



How to downgrade your Z10 back to the carrier supplied OS.



'via Blog this'

MessageSave for Microsoft Outlook. Archive, Backup, Save Outlook Email Messages

An Outlook plugin for archiving emails outside of Outlook.

Not database based, but could still be useful?



MessageSave for Microsoft Outlook. Archive, Backup, Save Outlook Email Messages:



'via Blog this'

How to install Numix GTK Theme and Icons on Ubuntu 14.10 | Ubuntu Tutorial and How To

How to install Numix GTK Theme and Icons on Ubuntu 14.10 | Ubuntu Tutorial and How To:



'via Blog this'

13.10 - Chrome won't start from the launcher - Ask Ubuntu

13.10 - Chrome won't start from the launcher - Ask Ubuntu:

For me in 14.10 using 39.0.2171.36 beta (64-bit), a Chrome extension, Google Mail Checker Plus Classic, had created a google-chrome.desktop entry in ~/.local/share/applications.

I renamed this to google-chrome.mailchecker.desktop, logged out and then in, and my launcher worked again.
'via Blog this'

Ubuntu 14.10 Install VirtualBox Guest Additions

I've had reasonable results with Ubuntu running under VirtualBox by using the repository VirtualBox Guest utilities.

Install Synaptic from a terminal using:

$ sudo apt-get install synaptic

Once installed, run synaptic using:

$ sudo synaptic

Search for the package virtualbox-guest-utils and select it for installation. It will a few other packages for installation, and after a reboot it will be fine.

You can get some more up to date utils by installing from the ISO image, but this requires installing some pre-requisites first.

You can find that info here:

http://virtualboxes.org/doc/installing-guest-additions-on-ubuntu/

I haven't tested this for a while, but you need the following pre-requisite packages:

• build-essential
• module-assistant

You also need to prepare the system to build modules using:

$ sudo m-a prepare

You can also avoid rebuilding modules manually by installing dkms.

Ubuntu 14.10 Fast TSC Calibration Failed

This seems to be a fairly cosmetic issue, and I found a partial answer here:

https://stackoverflow.com/questions/18055593/fast-tsc-calibration-failed

For me, the timer output type was acpi_pm:

$ cat /sys/devices/system/clocksource/clocksource0/available_clocksource
acpi_pm

I edited /etc/default/grub using:

$ sudo vi /etc/default/grub

I changed:

GRUB_CMDLINE_LINUX=""

To:

GRUB_CMDLINE_LINUX="clocksource=acpi_pm" 

I then regenerated the grub.cfg using:

$ sudo grub-mkconfig -o /boot/grub/grub.cfg

After a reboot all was good.

Ubuntu 14.10 Desktop Released

Get it here:
http://www.ubuntu.com/download/alternative-downloads

Release notes:
https://wiki.ubuntu.com/UtopicUnicorn/ReleaseNotes

LibreOffice 4.3.2 Released

Get it here:
https://www.libreoffice.org/download/libreoffice-fresh/?type=win-x86&version=&lang=en-GB

Release notes:
https://www.libreoffice.org/download/release-notes/

LibreOffice 4.3.2 (2014-09-25) - Fresh Branch

This is the third release from the 4.3 branch of LibreOffice which contains new features and program enhancements. As such, the version is stable and is suitable for all users. This version may contain a few annoying bugs which will be fixed in the next bugfix versions to come.

General notes on features and enhancements are contained in this release. For a detailed list, please check our complete release notes here.

The following notes apply:

• This release is bit-identical to 4.3.2 Release Candidate 2 — you don't need to download or reinstall if you have that version already.
• This version still contains a few annoying bugs, as listed here.
• quickstarter on windows has been removed.

General notes/notes from the 4.3 line:

• Mac version doesn't bundle the MediaWiki extension.
• The distribution for Windows is an international build, so you can choose the user interface language that you prefer.
• Help content is available via an online service, or alternatively as a separate install.
• Our Windows binaries are digitally signed by The Document Foundation.
• For Windows users that have Apache OpenOffice installed, we advise uninstalling that beforehand. The two programs register the same file type associations and will conflict when the Quickstart feature is installed and enabled.
• If you run Linux, the GCJ Java variant has known issues with LibreOffice; we advise to use OpenJDK instead.
• Some menu entries have changed or been added. If something appears to be missing, that may be due to the use of customized menu settings from your previous LibreOffice installation.

3PAR Users Group › View topic - How to Unexport a VVol from one host at a time.

3PAR Users Group › View topic - How to Unexport a VVol from one host at a time.:



'via Blog this'

Install CentOS 7 Into VirtualBox

1. Create VM

• 16GB Dynamic Drive
• 2 vCPU
• 2GB RAM
• PAE
• 128MB Video
• 3D Acceleration

2. Install OS

• Attach DVD Image
• Start VM
• Right-Ctrl is the default host key (to free mouse and keyboard)
• Test Media (Optional) or Install
• Choose Language 
• Software Selection - Development and Creative Workstation
• Installation Destination - Select disk and automatic partitioning
• Network and Hostname - Enable and configure required NIC and Hostname
• Begin Installation
• Set root password
• Create your non-root user (make user administrator)
• Wait :)
• Reboot
• Accept license
• Finish configuration
• Configure Kdump
• Logon

3a. Patch (GUI)

• You only need to do 3a. or 3b. not both as for all the following (a) and (b) sections.
• Need to update before compiling Guest Additions else newly downloaded software will not match existing versions
• Applications > System Tools > Software Update
• Install Updates
• Reboot

3b. Patch (CLI)

• sudo yum update
• Reboot

Sections 4 and 5 are optional - There are no RHEL\CentOS7 DKMS modules available yet, but I have left these sections in for reference.

4a. Add RPMForge repo (GUI)

• Download latest RPMforge release from http://pkgs.repoforge.org/rpmforge-release
• As of writing for x86 this is http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm
• Open using Package Installer 
• Install when offered

4b. Add RPMForge repo (CLI)

• Download repo RPM using wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm
• install rpm -i rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm

5. Install DKMS

• sudo yum install dkms

6. Install development tools

• sudo yum groupinstall “Development Tools”
• sudo yum install kernel-devel

7. Install Guest Additions

• There appears to be a bug with building the additions from the addition CD
• Details here: https://www.virtualbox.org/ticket/12638
• Matthew Casperson has kindly made a patched version in his blog 
• Download
• Extract using bunzip2
• Extract using tar
• Install using sudo ./install.sh

Apple iOS 7.1.2 Released: Update Patches Mail Encryption Bug And Activation Lock Flaw

Apple iOS 7.1.2 Released: Update Patches Mail Encryption Bug And Activation Lock Flaw:



'via Blog this'

LVM2 file systems on Linux

1. Create a partition to hold the LVM2 file system. You can use the whole disk, but this is not recommended. You can use fdisk on disks smaller than 2TB, but will need to use parted on larger disks.
Make sure you use partition type 0x8e for LVM.

2. Create the physical volume:
sudo pvcreate /dev/sdb1
sudo pvscan 

3. Create the volume group:
sudo vgcreate volume_group_name /dev/sdb1
sudo vgdisplay volume_group_name

5. Create a 500 MB volume:
sudo lvcreate -L500 -nvolume_name volume_group_name
sudo lvdisplay volume_group_name

6. Make a file system:
sudo mkfs -t ext4 /dev/mapper/volume_group_name-volume_name

7. Create a mount point:
sudo mkdir /path_to_mount

8. Mount file system:
sudo mount /dev/mapper/volume_group_name-volume_name /path_to_mount

Post Heartbleed security advisory

https://www.openssl.org/news/secadv_20140605.txt



6 New Vulnerabilities:

OpenSSL Security Advisory [05 Jun 2014]
========================================

SSL/TLS MITM vulnerability (CVE-2014-0224)
===========================================

An attacker using a carefully crafted handshake can force the use of weak
keying material in OpenSSL SSL/TLS clients and servers. This can be exploited
by a Man-in-the-middle (MITM) attack where the attacker can decrypt and 
modify traffic from the attacked client and server.

The attack can only be performed between a vulnerable client *and*
server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers
are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users
of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.

OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za.
OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m.
OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h.

Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and
researching this issue.  This issue was reported to OpenSSL on 1st May
2014 via JPCERT/CC.

The fix was developed by Stephen Henson of the OpenSSL core team partly based
on an original patch from KIKUCHI Masashi.

DTLS recursion flaw (CVE-2014-0221)
====================================

By sending an invalid DTLS handshake to an OpenSSL DTLS client the code
can be made to recurse eventually crashing in a DoS attack.

Only applications using OpenSSL as a DTLS client are affected.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za
OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.

Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.  This
issue was reported to OpenSSL on 9th May 2014.

The fix was developed by Stephen Henson of the OpenSSL core team.

DTLS invalid fragment vulnerability (CVE-2014-0195)
====================================================

A buffer overrun attack can be triggered by sending invalid DTLS fragments
to an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.

Only applications using OpenSSL as a DTLS client or server affected.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za
OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.

Thanks to Jüri Aedla for reporting this issue.  This issue was
reported to OpenSSL on 23rd April 2014 via HP ZDI.

The fix was developed by Stephen Henson of the OpenSSL core team.

SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198)
=================================================================

A flaw in the do_ssl3_write function can allow remote attackers to
cause a denial of service via a NULL pointer dereference.  This flaw
only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is
enabled, which is not the default and not common.

OpenSSL 1.0.0 users should upgrade to 1.0.0m.
OpenSSL 1.0.1 users should upgrade to 1.0.1h.

This issue was reported in public.  The fix was developed by
Matt Caswell of the OpenSSL development team.

SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)
===============================================================================
 
A race condition in the ssl3_read_bytes function can allow remote
attackers to inject data across sessions or cause a denial of service.
This flaw only affects multithreaded applications using OpenSSL 1.0.0
and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the
default and not common.

OpenSSL 1.0.0 users should upgrade to 1.0.0m.
OpenSSL 1.0.1 users should upgrade to 1.0.1h.

This issue was reported in public.  

Anonymous ECDH denial of service (CVE-2014-3470)
================================================

OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a
denial of service attack.

OpenSSL 0.9.8 users should upgrade to 0.9.8za
OpenSSL 1.0.0 users should upgrade to 1.0.0m.
OpenSSL 1.0.1 users should upgrade to 1.0.1h.

Thanks to Felix Gröbert and Ivan Fratrić at Google for discovering this
issue.  This issue was reported to OpenSSL on 28th May 2014.

The fix was developed by Stephen Henson of the OpenSSL core team.

Other issues
============

OpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for
CVE-2014-0076: Fix for the attack described in the paper "Recovering
OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
Reported by Yuval Yarom and Naomi Benger.  This issue was previously
fixed in OpenSSL 1.0.1g.


References
==========

URL for this Security Advisory:
http://www.openssl.org/news/secadv_20140605.txt

Note: the online version of the advisory may be updated with additional
details over time.

'via Blog this'

How to install CentOS into VirtualBox (Including Guest Additions)

1. Create VM

• 16GB Dynamic Drive
• 2 vCPU
• 2GB RAM
• PAE
• 128MB Video
• 3D Acceleration

2. Install OS

• Attach DVD Image
• Start
• Test Media (Optional)
• Right-Ctrl is the default host key (to free mouse and keyboard)
• Basic storage devices
• Use All Space
• Desktop Install
• Create your non-root user
• Put this user in wheel group so they can use sudo
• Use su - and then visudo to uncomment wheel group in sudoers

3. Configure network

• Network cards are unconnected by default
• Connect using network manager (right-click icon at top of screen and edit connection)
• If you need to clone VM, remove or edit network card entry in /etc/udev/rules.d/70-persistent-net.rules and remove card in Network Manager

4a. Patch (GUI)

• You only need to do 4a. or 4b. not both!
• Need to update before compiling Guest Additions else newly downloaded software will not match existing versions
• System > Administration > Software Update

• First update to update the updater
• Second update to update the OS
• Reboot

4b. Patch (CLI)

• sudo yum update
• Reboot

5a. Add RPMForge repo (GUI)

• Download latest RPMforge release from http://pkgs.repoforge.org/rpmforge-release
• As of writing for x86 this is http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
• Open using Package Installer
• Install when offered

5b. Add RPMForge repo (CLI)

• Download repo RPM  using wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
• install rpm -i rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm

6a. Install DKMS (GUI)

• System > Administration > Add/Remove Software
• Search for dkms
• Install accepting dependencies

6b. Install DKMS (CLI)

• sudo yum install dkms

7a. Install development tools (GUI)

• System > Administration > Add/Remove Software
• Expand Development and then expand Development tools
• Select all packages and then apply

7b. Install development tools (CLI)

• sudo yum groupinstall “Development Tools”

8a. Install Guest Additions (GUI)

• Insert Guest Additions CD image (Devices > Insert Guest Additions CD Image…)
• Click Open Autorun Prompt > OK > Run
• Eject CD
• Reboot

8b. Install Guest Additions (CLI)

• Insert Guest Additions CD image (Devices > Insert Guest Additions CD Image…)
• Cancel pop-up
• cd /media/VBOXADDITIONS_4.x.xx_xxxxx/
• sudo ./VBOXLinuxAdditions.run
• cd /
• Eject CD

• Reboot

Fun with file systems

I've identified a need to replicate some file system information in Linux for a number of reasons:

1. Primary to secondary site for DR purposes
2. As above but with file locking for limited live-live operation
3. As above but with record locking for full live-live operation (thinking SAMBA shares here)

I've identified a number of file system features that will let me do this, so I'm going to have a geeky day looking at them:

1. B-tree file system (BTRFS)
2. Logical volume manager (LVM)
3. A. N. Other cluster file system

I think BTRFS is going to be to slow for virtual machines, and LVM has the advantage of running different file systems inside the container sysyem. The might be other options such as rsync but I would really like the solution to be as independent of the applications being replicated as possible (don't want to run rsync in a virtual machine for example).

Any suggestions greatly received, but I'm off to get CentOS in Oracle VM VirtualBox installed for a starting point.

Maxthon Labs Private Beta

I've been test Maxthon browser for quite some time and I find it feature rich with some good Desktop to Mobile synchronisation capabilities. Apparently they are working on a new product in prvate beta. Want a chance to try it? http://lnc.hr/x6WaV

Magic Quadrant for Cloud Infrastructure as a Service

Magic Quadrant for Cloud Infrastructure as a Service:



'via Blog this'

Microsoft Security Bulletin MS14-021 - Critical

Microsoft Security Bulletin MS14-021 - Critical:

This is the Zero Day exploit for IE.

'via Blog this'

Audit File Access & Protect Data From Theft With ByStorm FileSure

Audit File Access & Protect Data From Theft With ByStorm FileSure:

Allows auditing and permissions overide (enforcement).

'via Blog this'

0000430: OpenVAS GreenBone Security Assistant (webUI) - MantisBT

0000430: OpenVAS GreenBone Security Assistant (webUI) - MantisBT: "texlive-latex-extra"

Had problems getting Greenbone Security Assistant OpenVAS in BackLinux v3.13 producing reports in PDF format.

Found a Kali Linux bug indicating that the package texlive-latex-extra had to be installed in order to produce PDF reports.

It's an extra 650MB+ of stuff to install but it did fix the PDF report issue.

'via Blog this'

How to change the port and IP for Greenbone OpenVAS on BackLinux

By default, Greenbone OpenVAS on BackLinux v3.13 listens on port 9293 on the loopback address (127.0.0.1).

To change this, edit the /etc/default/greenbone-security-assistant and change the GSA_ADDRESS and GSA_PORT lines.

Changing these to 0.0.0.0 and 443 respectively, will make the GUI available on the standard HTTPS port. You'll only be able to do this as long as your have nothing else listening on that port.

You can confirm what ports are in use by using netstat -ant.

BASH script to wrap around Heartbleed scanner

The following script wraps around the Heartbleed scanner talked about in the previous post to scan all IP addresses within a file and output the results to a log.
I know it's basic, but it works - I'd be very happy if someone could come up with a script that would accept a subnet in CIDR format and scan all IP's with that subnet. Something like "hbscan 172.16.1.0/24"

Step-by-step:

1. Create a ~/heartbleed
2. Copy the Heartbleed binary into the folder created at (1)
3. Copy the script below into the ~/heartbleed direcotry and call it something like hbscan
4. Make hbscan runnable (chmod 755 hbscan)
5. Copy file(s) containing the IP addresses you wish to scan into ~/heartbleed
6. Create a ~/heartbleed/scans directory
7. Scan the networks using './hbscan filewithips'

Here's the script I used:

#!/bin/bash
E_BADARGS=65
logs=~/heartbleed/scans
today=`date +%F`
if [ -z "$1" ]; then
  echo " Usage: `basename $0` list"
  exit $E_BADARGS
fi
if [ ! -d $logs/$today ]; then
  echo "[*] Creating $logs/$today"
  mkdir $logs/$today
fi
hosts=$1
touch $logs/$today/$hosts
while read -r host
do
  echo "[*] Scanning $host..."
  ~/heartbleed/Heartbleed $host 2>> $logs/$today/$hosts
done < $hosts
echo "[*] Scans completed."

That script was frankenstiened from:
http://www.commondork.com/2013/07/06/bash-script-to-scan-subnets-with-nmap/

Heartbleed scanner on Ubuntu

This works for Ubuntu.

1.Install Bazaar and Go v1.0 (required for godeb):
sudo apt-get install bzr

sudo apt-get install golang

2. Install godeb (required for Go 1.2):

http://technosophos.com/2013/21/02/go-1-2-on-ubuntu-12-10.html

mkdir ~/gopath

GOPATH=~/gopath

export GOPATH

cd $GOPATH

go get launchpad.net/godeb

sudo apt-get remove golang
sudo apt-get autoremove

3. Install godeb (required forGo 1.2)

sudo bin/godeb install

3. Get and compile Heartbleed:

https://github.com/FiloSottile/Heartbleed

go get github.com/FiloSottile/Heartbleed

go install github.com/FiloSottile/Heartbleed

4. Run it:

bin/Heartbleed serverip[:port]

Here is a BASH script you can use to scan a list of IP addresses instead of a single one:
http://blog.thefoleyhouse.co.uk/2014/04/bash-script-to-wrap-around-heartbleed.html

Quick Fixed VHD Creation Tool - Ben Armstrong - Site Home - MSDN Blogs

Quick Fixed VHD Creation Tool - Ben Armstrong - Site Home - MSDN Blogs:



Allows for the creation of non-zeroed Hyper-V fixed size disks.



'via Blog this'

Statistics – YouTube

Statistics – YouTube:



'100 Hours of video uploaded to YouTube every minute'



'via Blog this'

Windows XP End of Service

Windows XP End of Service:



Are you running XP?

Love it.



'via Blog this'

WPA2 Wireless Security Crackable WIth "Relative Ease" - Slashdot

WPA2 Wireless Security Crackable WIth "Relative Ease" - Slashdot:

More WiFi Woes...



'via Blog this'

Thieves Reaching for Linux—"Hand of Thief" Trojan Targets Linux #INTH3WILD » Speaking of Security - The RSA Blog and Podcast

Thieves Reaching for Linux—"Hand of Thief" Trojan Targets Linux #INTH3WILD » Speaking of Security - The RSA Blog and Podcast:



So, not as safe on Linux as was thought?



'via Blog this'

Upgrade Bitcoin to v0.9.0

Bitcoin v0.9.0 is out, now with an x64 version for Windows. You should probably upgrade if you don't want to lose your billions in Bitcoins?
https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-0.9.0.md

Brightness control from Linux using grub parameter

Brightness on my HP Probook 4740s requires a Grub parameter to work properly.
Edit /etc/defaults/grub to add "acpi_backlight=vendor acpi_osi=Linux" to the GRUB_CMDLINE_LINUX_DEFAULT line.
Then run "grub-update".
Thanks:
http://forums.opensuse.org/showthread.php/485869-OpenSUSE-brightness-control-problem-on-HP-ProBook-4740s

Securing SQL Server connections with a certificate

I had an issue trying to get a SQL server to use a certificate to secure a connection with SSL.
The certificate was selected in SQL configuration manager but when the SQL service was restarted, it would fail with an EventID 26104 indicating it couldn't read find the certificate.

After a bit of googling, I found this:
http://nickstips.wordpress.com/2010/09/08/sql-ssl-and-sql-server-2008-service-doesnt-start-error-code-2146885628/

Turns out, if you run your SQL server under a non-privileged account as per best practice, the account can't read the private key of the certificate.

Altering the certificate permissions to allow your SQL server to read the certificate private key allows the SQL server to start.

Sharing or collaborating with government documents | Standards Hub

UK Goverment proposes open standard for sharing information: ODT, ODS, TXT, CSV, PDF, HTML.

Sharing or collaborating with government documents | Standards Hub:

'via Blog this'

Citrix Receiver 13 on Linux

Seems to be quite broken on any form of Ubuntu, but I have managed to install on Fedora 20 i686 (Mate) with some success:

sudo yum install libpng12 xerces-c
sudo rpm -Uvh ICAClient-13-0.0.256735-0.i386.rpm ctxusb-2.4.256735-1.i386.rpm
cd /opt/Citrix/ICAClient
./selfservice

Backup or move your Google data

https://www.google.com/takeout allows you to backup or move your Google data. Visit the site, sign-in and then choose what to archive and in what format.

I was surprised to learn that I've got 8GB, but that is all my emails, attachments, videos etc.

The data will be available as a downloadable archive, but you can visit the site again in the future as required.

Java 7 update 51 blocks Citrix receiver for Java

Reports of users being unable to use the Java client for Citrix from Citrix Access Gateway (CAG) are caused by a security update Oracle have applied to Java.

Information available from the Citrix forums here:
http://discussions.citrix.com/topic/346128-java-7-update-51-due-for-release-in-january-2014-will-block-receiver-for-java-101/

Citrix have release a patched version (v10.1.007) which is available here:
http://www.citrix.com/downloads/citrix-receiver/other-platforms/receiver-for-java-101.html

Kasperky AV support for Server 2012 R2 and Windows 8.1

This is now supported in Kaspersky Endpoint Security 10 Maintenance Release 1.
More info (and download) here:
http://support.kaspersky.co.uk/10578

Word KB2837593 patch causing 100% CPU useage

Updating an image for a VMWare View VDI Desktop, I applied all of the recent Microsoft Office 2010 patches. However, when the desktops were refreshed, all started three copies of Winword.exe running under the System account. One of these copies of Word was using 100% which created mayhem on the VDI platform.

I've removed KB2837593 from the VMWare View VDI desktop image and the platform seems to have stabilised. We aren't seeing this on our Citrix XenDesktop platform, but this also doesn't have the KB2837593 patch applied yet.

Has anyone else seen this? Please feedback if you have.

Unity Tweak now available for Ubuntu

Running the following commands will install Unity Tweak into Ubuntu for you: 

sudo add-apt-repository ppa:freyja-dev/unity-tweak-tool-daily

sudo apt-get update && sudo apt-get install unity-tweak-tool

Thanks to OMG Ubuntu for the instructions:

http://www.omgubuntu.co.uk/2013/02/introducing-unity-tweak-tool

Thanks to PupptLinuxWorld for the heads up:

https://www.youtube.com/watch?v=7SWM4YFO2gA

Matching users from a CSV against Active Directory using PowerShell

I am trying to match users I have in a CSV with two columns (givenName and sn) against active directory.


The following script produces no output at all, not even an error:
Import-Csv input.csv | foreach {Get-ADUser -LDAPFilter "(&(givenName=$_.givenName)(sn=$_.sn))"}


The components work individually:

• Import-Csv input.csv
• Get-ADUser -LDAPFilter "(&(givenName=karl)(sn=foley))"
• Import-Csv input.csv | foreach {write-host $_.givenName,$_.sn}

I've also verified that there are no extra characters in the csv using:
Import-Csv input.csv | foreach {write-host $_.givenName,$_.givenName.length,$_.sn,$_.sn.length}


What am I doing wrong please?

[all variants] AMD/Intel Hybrid Graphics works

How to setup AMD\Intel Hybrid graphics for Ubuntu:

[all variants] AMD/Intel Hybrid Graphics works:


'via Blog this'

Win8/Hyper-V: “What Works and What Doesn’t” Edition | Rob Seder's Blog - ARCHIVE

Win8/Hyper-V: “What Works and What Doesn’t” Edition | Rob Seder's Blog - ARCHIVE:

Allow Hyper-V on Windows 8 to share your WiFi adaptor for network access.
1. Create an internal switch.
2. Allow the WiFi adaptor to be shared.
3. Connect the WiFI adaptor to the internal network switch.

'via Blog this'

How To Integrate Dropbox & Google Drive Into Office 2013

How To Integrate Dropbox & Google Drive Into Office 2013:

'via Blog this'

Install vmwaretools on SLES 11 | BioliZards.be

Install vmwaretools on SLES 11 | BioliZards.be:

Key commands to run before the main install:

    yast2 -i gcc
    yast2 -i kernel-source

'via Blog this'

UbuntuUpdates - PPA: GetDeb Apps

UbuntuUpdates - PPA: GetDeb Apps:

I had some problems getting the new version of Vuze to run on Ubuntu 12.04 and after having tried many things came across teh following PPA information.

Vuze wouldn't display web or search content because of missing libraries and misconfiguration. The following lines allow you to install Vuze5 as a package:

wget -q -O - http://archive.getdeb.net/getdeb-archive.key | sudo apt-key add -

sudo sh -c 'echo "deb http://archive.getdeb.net/ubuntu precise-getdeb apps" >> /etc/apt/sources.list.d/getdeb.list'"

sudo apt-get update

sudo apt-get install vuze

More info here:
http://www.ubuntuupdates.org/ppa/getdeb_apps?dist=precise

'via Blog this'

Disable Autodiscover in Outlook

I guess if I was to decribe my email setup in the terms of a relationship, then "it's complicated" would be an apt description.

One major issue that I have is Outlooks Autodiscover feature which is supposed to help Outlook discover the correct Exchange servers to connect to.

This works fine if I am connected to my work LAN or VPN, but if I want to look at my offline cached email, Outlook insists on connecting me to my organisations main email servers. Problem is, my email account is not there, and I have no valid Exchange login for there, so Outlook continually prompts me for credentials which will never work, oh, and the button to "never ask for these credentials again" doesn't work either.

Best or only option I have found for stopping this prompt is to enter a fake autodiscover address into my local hosts file. I enter the following line:

127.0.0.1    autodiscover    autodiscover.myworkdomain.com

You'll have to replace "myworkdomain.com" with whatever matches your work email address.

How does that work for you?

Re: FAQ(16): Using HTTP protocol in SDM - HP Enterprise Business Community

Re: FAQ(16): Using HTTP protocol in SDM - HP Enterprise Business Community:

This post explains how to force the use of HTTP with HP SoftPaq Download Manager (SDM) instead of the default passive FTP.

Use the switch /FORCEHTTP.

This solved the errors I was getting with SDM saying it could not access ftp.hp.com with v3.4.10.0.
It immediately downloaded v3.4.11.0, so maybe it's fixed in this version anyway?

Wireshark showed the passive FTP failing with v3.4.10.0.

'via Blog this'

Pidgin with OTR - Secure Instant Messaging | Security In A Box

Pidgin with OTR - Secure Instant Messaging | Security In A Box:

'via Blog this'

Windows Reading List 0x80073cb

Can't install the Windows Reading List update from the Windows Store in Windows 8.1 Preview.
I'm not sure what it is, why I need it, or why it won't install.
Anyone?

Windows 8.1 Preview - Google Talk will not connect

I use two factor authentication with my Google Apps, and while Google Talk was working fine before the install of Windows 8.1 preview, it stopped after it was installed.

Going to accounts.google.com and generating a new passpharse didn't help, but I found this:
http://answers.microsoft.com/en-us/windows/forum/windows8_1_pr-performance/windows-81-preview-google-talk-will-not-connect/9ec2038f-2dad-444b-a280-1e599cd1900e

I uninstalled Google Talk, and Google Talk plugin for Chrome and re-installed Google Talk from here:
http://dl.google.com/googletalk/googletalk-setup-en-GB.exe

I also reinstalled the Google Chrome voice and video plugin by starting a video call with a contact.

All seems to be working fine now.

Windows 8.1 Preview with Intel Express 4

Looks like Microsoft removed support from Intel Express 4 laptop graphics with the new Windows 8.1 preview as all I was able to get was a standard video adaptor.

I lived with the crippled Intel Express 4 graphics support in Windows 8, as any attempt to run DRM videos failed with the hacked Windows 7 drivers available out there.

However, I tried again and Sky and NetFlix are definately working fine. (Although I'm not to worried about Sky having fallen out with them regarding Sky Go and thier decision to charge for it!)

Thanks to the guys at Eight Forums for the answer:
http://www.eightforums.com/graphic-cards/4418-mobile-intel-series-4-intel-hd-graphics-1st-generation.html

I wouldn't recommend removing the Test Mode logo - That looks like it is designed solely for Windows 8.

Install Windows 8.1 Preview - 0xC1900101 - 0x4000D

Trying to update on-line or with a downloaded CD of Windows 8.1 preview gave me the following problem - Bluescreen on startup follwed by system reverting to Windows 8.

This blog post pointed me in the right direction:
http://iampaulh.blogspot.co.uk/2013/06/windows-81-preview-fails-to-install.html

This site pointed me to an uninstall option for AKSDF.SYS:
http://www.pulsonix.com/faq.aspx?KB090025

 I'm not sure when this was installed (this was originally an update from Windows 7) but the following applications were installed on the same day:

• Microsoft Expression 4 video encoder

• DVD Flick (Open source DVD Authoring)

• Pinnacle video drivers (to support Pinnacle studio on the iPad)

Removing these applications didn't remove the Sentinal SafeNET driver, but thanks to the Pulsonix site, I was able to find a command line uninstaller.

1. Visit the SafeNet Downloads site
2. Download the Sentinel HASP/LDK - Command Line Run-time Installer
3. Extract it
4. Open a CMD prompt as an administrator
5. From the extracted files directory, run haspdinst -info and you should see the installed version you have, and the installer version enabled
6. Run haspdintst -r to remove
7. Run haspdinst -info again to confirm removal

I didn't try the upgrade by upgrading the SafeNet driver, just removing it.

I'm not really sure what the SafeNet software does, it's all rather vague on the site - Anyone know?

"SafeNet has more than 25 years of experience in delivering innovative and reliable software licensing and entitlement management solutions to software and technology vendors worldwide. Easy to integrate and use, innovative, and feature-focused, the company’s family of Sentinel® Software Monetization Solutions are designed to meet the unique license enablement, enforcement, and management requirements of any organization, regardless of size, technical requirements or organizational structure."

Now, just the Intel Express 4 Video driver issue to crack.

Installing AWS Toolkit For Eclipse (Eclipse v3.8)

I found a couple of pre-requisites for installing AWS SDK for Eclipse 3.8.
Just add the following as software update sources for Eclipse (Help > Install new software...)

Android SDK Plugin for Eclipse:
https://dl-ssl.google.com/android/eclipse/

Data Tools Plaftorm Enablement Extender SDK:
http://download.eclipse.org/releases/indigo/

You can then install AWS Toolkit for Eclipse:
http://aws.amazon.com/eclipse/

Can't connect facebook to online accounts in 13.04 - Ask Ubuntu

Looks like Facebook are pushing external messaging clients to a non-https page for authentication - Not good!

As a workaround, you can add the following line:
<setting name="AllowedSchemes" type="as">['https','http']</setting>

To the file:
/usr/share/accounts/providers/facebook.provider

I suggest you save a copy of the original file first as any small typo will break it forever.

My file now looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<provider id="facebook">
<name>Facebook</name>
<icon>facebook</icon>
<translations>account-plugins</translations>
<domains>.*facebook\.com</domains>
<plugin>generic-oauth</plugin>
<template>
  <group name="auth">
  <setting name="method">oauth2</setting>
  <setting name="mechanism">user_agent</setting>
    <group name="oauth2">
      <group name="user_agent">
      <setting name="Host">www.facebook.com</setting>
      <setting name="AuthPath">/dialog/oauth</setting>
      <setting name="RedirectUri">https://www.facebook.com/connect/login_success.html</setting>
      <setting name="Display">popup</setting>
      <setting type="as" name="Scope">['publish_stream','read_stream','status_update','user_photos','friends_photos','xmpp_login']</setting>
      <setting name="ClientId">302061903208115</setting>
      <setting name="AllowedSchemes" type="as">['https','http']</setting>
      </group>
    </group>
  </group>
</template>
</provider>

Kudos to Ankit Shah at:

Can't connect facebook to online accounts in 13.04 - Ask Ubuntu:

Not really a long term answer, Facebook need to sort it!

'via Blog this'

Internet Explorer 9 Navigation blocked due to invalid certificate 1024 bit

Had a problem where IE9 would not open a web page, whereas IE10 would. Web page is the management site for an HP StorOnce B6200 appliance.

Looks like the StorOnce appliance is using a 1024 bit public key, and IE9 doesn't like this. The certificate is self signed, and you get the normal error, but the "Continue to this website (not recommended)." link is not available:

I did some Googling and found this.

I ran certutil -setreg chain\EnableWeakSignatureFlags 8.

I didn't have to reboot, just logged out and in, and the Web page changed:

I will investigate a longterm fix of adding a proper certificate (we have internal certificate servers) or public certificate. I'll also approach HP about icreasing the public key length from 1024 to 2048 bits.

How IE8 catagorises Top Level Domains

Found an interesting issue between IE7 and IE8 (and above) to do with how IE categorises Top Level Domains (TLD).

Why does this list matter? Because it controls what domains you can use with wildcards in site to zone assignments within group policy.

If your domain is on the list - You can't use it with a wildcard.

You can see what the list is by using the following URL in IE8 or IE9:
res://urlmon.dll/ietldlist.xml

Does anyone know what it is in IE10?

Thanks to the following article for helping us along the road of discovery:
http://blog.gerv.net/2009/11/ie_8_and_the_public_suffix_list/

CentOS disable c6-media repo

How to disable CentOS c6-media repo:

http://www.centos.org/modules/newbb/viewtopic.php?topic_id=33037&forum=56


Link:

https://www.centos.org/modules/newbb/viewtopic.php?topic_id=32282&forum=55&post_id=138053#forumpost138053

Answer from TrevorH:

Edit the file /etc/yum.repos.d/CentOS-Media.repo and make sure that the line enabled = says 0

Remove old kernels from Redhat

Found this useful article:
http://www.if-not-true-then-false.com/2012/delete-remove-old-kernels-on-fedora-centos-red-hat-rhel/

It shows how to remove old kernals manually and automatically from Redhat based distros.

Reason for un-mountability: the original volume has some extents online

I've raised a support request, but thought I'd post this here to see if anyone else has seen the same issue on ESXi 5.1,914609.

We are implementing an HP Cloud Matrix system with ESXi 5.1 as one of the supported Hypervisors. Part of the delivered solution is HP Matrix Recovery Management which allows us to failover services to a DR site that has the VMFS volume synched across two 3Par V400 SANS.

As we understand it, the HP official guide to passing changes from the primary to DR site is to export the configuration, failover the storage, and then import the conifguration at the remote site. There is another way of doing this through the use of storage snapshots (we have tested this fine with Hyper-V):

1. Create a RW Virtual Volume copy of the RO LUN at the remote site
2. Unexport the RO LUN from the remote VMWare hosts
3. Export the RW LUN to the remote VMware hosts
4. Mount this RW LUN
5. Import the configuration
6. Unexport the remote RW LUN
7. Export the remote RO LUN
8. Delete the RW LUN

This process works fine on Hyper-V using CSV disks, but has the following problem on ESXi 5.1; When the LUN is changed, it is detected as a snapshot (as expected), but the snapshot is not mountable because the VMHost thinks it is already online:

~ # esxcli storage vmfs snapshot list
51128c21-f07c4a24-4e24-00215a9b20f7
   Volume Name: Vv_prim_vmfs_cloud_repl.02
   VMFS UUID: 51128c21-f07c4a24-4e24-00215a9b20f7
   Can mount: false
   Reason for un-mountability: the original volume has some extents online
   Can resignature: true
   Reason for non-resignaturability:
   Unresolved Extent Count: 1
~ # esxcli storage vmfs snapshot mount -l "Vv_prim_vmfs_cloud_repl.02"
Unable to mount this VMFS volume due to the original volume has some extents online


The only solution we have found is to reboot ALL the VM hosts in the remote cluster. They ALL then report the following, and can mount the volume:

~ # esxcli storage vmfs snapshot list
51128c21-f07c4a24-4e24-00215a9b20f7
   Volume Name: Vv_prim_vmfs_cloud_repl.02
   VMFS UUID: 51128c21-f07c4a24-4e24-00215a9b20f7
   Can mount: true
   Reason for un-mountability:
   Can resignature: true
   Reason for non-resignaturability:
   Unresolved Extent Count: 1
~ # esxcli storage vmfs snapshot mount -l "Vv_prim_vmfs_cloud_repl.02"
~#

We have tried various vmkfstools commands to release the LUN etc, but they don't seem able to see the LUN even though we can see the device for the volume.

Is this something you have seen before?

Is there anything you can suggest?