Debian-Linux: start / stop / restart / status mingle init script

I have created and shared the following init script for Mingle 3.x

http://community.thoughtworks.com/posts/4c5c087474

Hope it helps :)

HOWTO: SSL your Mingle 3.5.x instance (including free SSL)

Following on from my self.documentation post on Java and its keytool, I shared a HOWTO on the mingle community for SSL'ing a Mingle instance.

HOWTO: SSL your Mingle 3.5.x instance (including free SSL)

Hope it helps someone and saves a little time!

Java Key and Certificate Management - Using an existing private key

problem: You want to use your existing private key and cert

It is not immediately obvious how to do this with Java's keytool. It took me a good while to figure out, so I'm documenting here.

solution: Java 6 can treat a PKCS12 file as a keystore

With Java 6 keytool, one can import a PKCS12 file as a keystore, here are the steps I used.

First, convert PEM format key/cert to a PKCS12 format cert

$ openssl pkcs12 -export -in thedomain.com.crt -inkey thedomain.com.key -out thedomain.com.p12

Then use keytool to import the PKCS12 cert

$ keytool -importkeystore -destkeystore thedomain.com.keystore -srckeystore thedomain.com.p12 -srcstoretype PKCS12 -alias 1

My understanding is, that if you have access to a version 6 keytool, then one can use the generated file keystore from 6 on older Java versions, but don't quote me on that.

Related: Generating a 2048 bit RSA private key and CSR

It worth mentioning that, if your just looking to generate a 2048 bit key/cert with keytool, to get a CSR for an SSL certificate authority, then you'd want to use something like this:

$ keytool -genkey -keyalg RSA -keysize 2048 -keystore thedomain.com.keystore -alias thealias

Then to get the CSR:

$ keytool -keyalg RSA -keystore thedomain.com.keystore -alias thealias -certreq -file thedomain.com.csr

Then when you get the cert back from the CA, import with keytool:

$ keytool -importcert -trustcacerts -keystore thedomain.com.keystore -alias thealias -file thedomain.com.crt

Free class 1 SSL

I have used these methods to get free SSL class 1 protection from http://www.startssl.com.

citation:

Props to:
NCSA CyberSecurity @ University of Illinois
Graham Leggett @ Cunning blog
Knowledge Base @ Comdo

Windows 7 taskbar pinned items stop working (after windows update?)

problem: After a few windows updates this week and the subsequent reboot, none of my taskbar pinned shortcuts or items worked!

The message was "Can't open this item" for each one of my pinned taskbar items.

The icons displayed just fine and the right click function worked as expected but launching the pinned items with left click gave the aforementioned message :(

Did I just get hit by a Microsoft's Patch Tuesday drive-by?

Feel free to skip right to the solution, the rest of the info is background/context.

Further reading

As a disclaimer, I have been getting weird issues with missing dll's of late, and have been forced to use the sfc /scannow command a few times in recent weeks. At first I thought this was after a few blue screens, due to playing with my RAM voltages, to ensure they were as low as possible... however now I'm wondering if there is a bigger issue somewhere.

Its possible that the so far unknown issue that has been causing these dll's to go missing or get corrupt, could of also hosed my taskbar items? I'm not sure, I would of imagined if I had an issue like that, things would be blowing up all over the place? It might not be related.

Worthy of note, a item in my Library also vanished at the same time as my pinned items... which was easily enough restored, but definitely odd.

In recent weeks, I've started to use Windows 7 Sleep function, e.g. at night when I have a lot open or if I know I'm walking away for a while. Since forever I've avoided sleep/suspend mode on windows because its always caused issues that need a reboot to fix. Perhaps sleeping is still a major no-no?

My main OS drive is also an SSD, so I'm wondering if there is something up with that, or perhaps SSD's don't like sleep mode, because up until now, the SSD has been working exactly as expected.

Oh the joys! I will post an update if anything worthwhile should arise on any of that.

solution: make shortcuts in \User Pinned\TaskBar

What I ended up doing to fix things, after not finding much help via the search engines:

1. Locating where the taskbar stuff is kept
   %USERPROFILE%\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar
2. This location was empty for me :(
3. So I manually created program shortcuts with the same names as my pinned items.
4. Things started to magically work again.

To get the exact name of the pinned item, I SHIFT+RIGHT CLICKED a pinned item and chose properties, to see the name of the item. Then copy & pasted that as the name of the related item in the aforementioned path.

Hope that helps someone out!

sudo everything as anyone without a password prompt

problem: you can sudo as root without a password but not other users

You want to be able to sudo from any host, as any user (and/or group), any command, without being prompted for your password. Right now you don't get the pw prompt for root, but you do get prompted for other users (and/or groups).

This is in part, due to the most commonly known and distributed NOPASSWD sudoers cfg. Its easy to tweak it to give you NOPASSWD for _EVERYTHING_. I personally find the sudoers config and man very hard to follow. What about you? It was only through looking at other cfg's online and trial and error, that I was able to figure out the right syntax.

solution: update sudoers cfg

Its easy when you know how! Right?

#user    host    (user:group)    tag         cmd
kyle     ALL=    (ALL:ALL)       NOPASSWD:   ALL

In English "On any host, as any user or group, allow kyle to run any command without a password". I hope this proves useful again one day!

Are you loosing your angle brackets? - php and libxml2

problem: php processes some xml and your angle brackets in said xml vanish!

TLDR: use the CDATA tag to wrap your character data to avoid having angle brackets vanish.

I encountered this bug for the first time when I was importing a Cacti xml graph template via the Cacti web UI. On the surface everything seems to go well with the import process but then nothing was graphing and looking deeper, it was clear the config for the graph(s) was broken, due to missing < > angle brackets.
The brackets we're correctly encoded in the xml, it seems that somewhere between php and certain version of libxml the encoded angle brackets get stripped out.

Online there are a few bug reports but no single central bug id that I could find on this. One of the more useful shares online was a bug detail report for a closed google code project which provides Cacti mysql templates. Here is the bug detail, very useful info from Elan there.

During my search for solutions, it seemed likely that a bug was regressed or introduced in libxml, but that isn't certain. It would seem that the latest stable php 4.2 on Debian squeeze and libxml2 (as of writing 2.7.8.dfsg-2+squeeze3) still has the bug.

There is also some useful info on a bug report for MediaWiki project, entitled: Import strips angle brackets on some installations (libxml2 entity bug). To summarise, the consensus seems to be that its an upstream but with libxml2. The evidence I have found would agree with this.

Currently my systems are pinned on PHP 4.2 packages, perhaps this bug is not a factor in non pinned Debian squeeze systems?

impact: wastes time - fixing things that shouldn't really be broken.

solution: use the XML CDATA tag

I can provide is a way of easily checking if your set up has the bug or not. Props to Elan for this.

$ php -r '$p = xml_parser_create(); xml_parse_into_struct($p, "<path_php_binary>", $vals, $index); print_r($vals);'

A system suffering from the bug will include the output:

[value] => path_php_binary

A system NOT suffering from the bug will output:

[value] => <path_php_binary>

Now add the CDATA tag and see if the bug goes away? You don't even need to use entities when using the CDATA tag.

$ php -r '$p = xml_parser_create(); xml_parse_into_struct($p, "<![CDATA[<path_php_binary>]]>", $vals, $index); print_r($vals);'

citation:

Props to:
Elan Ruusamae for their bug detail report on the mysql cacti templates project.

testing for interactivity in a bash script

problem: you want to know if your bash script is being run interactively or not

This can be very useful to know, for example, if you want to programmatically determine if you should output to stdout, OR only to a log file because your script is running non-interactively.

When a script is running interactively, it means a stdout is present and one can output things to stdout and the user will see them.

When a script is running non-interactively, for example when cron runs a script, stdout does not exist.

solution: check if stdout is a tty

As with so many things, there is more than one solution, but this one seems to be rock solid and very portable.

is_interactive() { if [ -t 1 ]; then return 0; else return 1; fi }

As The Advanced Bash-Scripting Guide points out, for a complete test, one needs to check if stdout could be a socket too. Here is is the improved check:

is_interactive() { if [[ -t 1 || -p /dev/stdout ]]; then return 0; else return 1; fi }

I hope you enjoy and have fun tuning to your needs.
FYI. I tested the functions with cron and ssh on Debian squeeze (6.0.4) and bash 4.1.5.

citation:

Props to:
The Advanced Bash-Scripting Guide