Author: halfgaar (Page 6 of 26)

Halfgaar is Wiebe. Wiebe is a contributing author on this weblog. He also has a lot of stuff (such as long, in-depth articles) on his personal website.

Wiebe's day job is as a senior software developer and system administrator at YTEC.

In his free time, he built the free, open-source FlashMQ software. Together with Jeroen and Rowan, he is now building a managed MQTT hosting business around his open masterpiece.

Blackberry Enterprise Server issues

June 19, 2013 / halfgaar

I’ve had some issues with my Blackberry Enterprise Server. Some users say their mail is not synced. Others are reporting calendars being messed up. Just jotting down some memory aids.

First, I had this error in the BBAS log:

org.jboss.remoting.CannotConnectException: Can not get connection to server. Problem establishing socket connection for InvokerLocator [sslsocket:

This KB article suggests it would fix itself after 24 hours, but that was not the case. I have about a month worth of BBAS logs full of that error. The log files grow to about 100 MB per day. It started around May 23.

Restarting the Blackberry Administrator Services (two services) seemed to have fix that, but in turn, I got this error in the BBAS log:

javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown

It is explained in this KB article. It mentions two causes: one is different server pool name across your servers. That can’t be, because I only have one. The other was still being investigated, and there was no time frame available for a solution:

This is a previously reported issue that is being investigated by our development team. No resolution time frame is currently available.

I tried logging into the webconsole at “https://hostname.domain.com:3443/webconsole/login”, but it always said my password was wrong. I had this before, so I once again restarted the Blackberry Administration Services (two of them), but this time by stopping them both and starting them manually (not using the restart function). I could log in again.

Also, it seems there is no more flooding of errors in the BBAS log. There are still exceptions occurring, but that seems to be a common thing with BES. The errors above are gone.

I don’t know if this is a permanent solution, because I had to restart these services once before, but for now it works.

Also, I started out looking at this because users reported calendar issues (appointments disappearing, being canceled, etc). But I doubt this has anything to do with it. Some users also still had e-mail syncing problems. Because that first KB article mentioned device reconciliation (Blackberry term for device syncing), maybe those errors are related to that. But, it’s very hard to test, because my own test phone worked fine.

Checking SMART status on a 3Ware controller with smartctl

June 17, 2013 / halfgaar

A RAID controller hides the physical disks from the operating system, so it’s harder to query the SMART data. Luckily, smartctl has a way to do it:

smartctl -a -d 3ware,1 /dev/twa0

Change the 1 to the drive number in question, starting at 0.

Adding foreign key constraints to PowerDNS default schema

June 12, 2013 / halfgaar

In an earlier post I made, I described how to manually create the SQL schema, because it didn’t itself. When I installed Power DNS 3.1-4 on a Raspberry Pi, I noticed it had created the scheme itself this time. However, it did not make the foreign key constraints. This is dumb. I regularly need to remove domains from the DB and I don’t want stale or incorrect references as a result.

To create them by hand:

alter table records add foreign key (domain_id) references domains(id) on delete cascade;
alter table cryptokeys add foreign key (domain_id) references domains(id) on delete cascade;
alter table domainmetadata add foreign key (domain_id) references domains(id) on delete cascade;

It must be a bug that this was omitted, because I got the original scheme from the PowerDNS website. Question is, is this a bug in the Rasbian/Debian package, or in PowerDNS?

Privacy? Can you pay with that?

June 7, 2013 / halfgaar

Dutch articles, but there are English sources in it:

Xen VM: Frag is bigger than frame

June 6, 2013 / halfgaar

Our Xen VM’s crashed at some point. This had to do with network traffic, apparently. My source link is dead. Only posting the workaround:

/sbin/ethtool -K eth0 tso off gso off

Design: The Scourge of the Web

June 2, 2013 / halfgaar

When the printing press was invented, we had the understanding that text is best read when contrast is high. They didn’t use black ink on paper for nothing. I bet they didn’t even consider any other color.

Then came the mass legions of web designers, and these self-anointed experts of visual attractiveness keep no HTML element from their rightful aesthetic salvation, regardless of pragmatic considerations. In other words, do these designers even read? Or is everything just a shape with a color?

I was again confronted with this when reading the Mozilla site. It uses a white background, with text in the color “rgb(109, 117, 129)”. In other words, not even gray, but lighter than gray.

So, when you’re reading a privacy policy, which would you choose? This:

or this:

Time to install Blacken: “It seems to be fashionable these days to use faded text on many web sites. Some sites are so faded that they are unreadable. This extension will change the colour of grey text back to black so that it is easier to read.”

Creative Audigy 2 ZS design flaws

May 9, 2013 / halfgaar

I would really like to know what the designers at Creative Labs have in mind when they design sound cards. Their cards seem to be broken by design. The Live card was bad enough with its random collection of DACs and DPS’s, but the Audigy 2 ZS seems no better. Aside from the fact that it’s advertised as 96 kHz and 24 bit, which it isn’t, it has serious design issues. I had some sound anomalies, so I decided to measure and test. I found:

The output for LFE and center actually should output LFE and center on separate channels, but it outputs them mono, in the center channel… This makes it impossible to connect to an external amplifier and have it apply the proper 10 dB boost on the LFE signal.
The LFE and Center channel distort at maximum gain (or minimum attenuation: 0 dB), which is easily heard by sine testing. I had to reduce all channels by 3.2 dB to avoid distortion.
The center and LFE channels are 6 dB quiter than the other channels when they’re all the same in the mixer. With a test tone, all channels measured 0.78V, while LFE or center measured 0.39V. That is, LFE measured 0, center measured 0.39V with both center and LFE signal.
The LFE/center output has a significantly louder noise floor than the other channels.

Really, what monkey designs this?

Distracted by the Boston bombing, CISPA passes the house on April 18th 2013

April 27, 2013 / halfgaar

CISPA allows the U.S. government to request information from private corporations about you without a warrant, without ever telling you. Furthermore, it protects these corporations against any legal recourse.

The world being distracted by the Boston bombing, the bill passed the U.S. house of representatives on April the 18th. It’s not signed into law yet, however.

Stop CISPA now.

Postfix, SASL and rimap: making sure the domain is not stripped from the user name

April 23, 2013 / halfgaar

When you want to use your IMAP account as authentication for Postfix, you can set the SASL mechanism to “rimap”. However, by default, it will not supply the realm (domain) and therefore will authenticate with an incomplete username (john instead of john@bla.com).

To fix that, you need to add “-r” to the options in /etc/default/saslauthd (in Debian based distro’s):

OPTIONS="-r -c -m /var/run/saslauthd"

SSHFS on Windows

March 25, 2013 / halfgaar

Just as a jot, a tool to access SSH shares via SSHFS on Windows: win-sshfs. It gives you a drive letter, instead of fiddling with separate tools to access files.