HDD Repair, not for the faint of heart

Salvaging and scrubbing hard drives from a couple of retired machines, one threw hard disk drive errors repeatedly and ended up in the “Repair” pile. Got to it this week, following the instructions at:

How To Fix / Repair Bad Blocks In Linux

and was successfully able to mark the bad block and force the drive to work around it. New large-capacity drives have “spare” sectors allocated for this purpose and all drives will have a few flaws, so this drive can be put back into production, as long as it is monitored and any future problems dealt with quickly. As always, all hardware will fail, and a thoughtful backup strategy (on another spindle, on another machine, in another location, in a different time zone, on a different planet) is important.

What’s on your network?

This article in ZDNet points to flaws in Microsoft’s SMB file sharing systems (“Windows networking”) that are, unfortunately, faithfully reproduced in Samba:

http://www.zdnet.com/article/its-not-just-windows-anymore-samba-has-a-major-smb-bug/

See also:

https://access.redhat.com/security/cve/CVE-2017-7494

This means that an old Samba server you have could be be misused as a vector for malware to get a foothold on systems where local Windows machines could get infected. Over the weekend, I went through and cleaned out, updated, reconfigured, or blocked access at some of my client sites.

I also took a long look at our in-house dev network for stuff that could be a problem and found a couple of issues:

– An old Western Digital NAS device was running an *ancient* version of Linux and Samba, and unfortunately is no longer being supported by the manufacturer (last update, 2012). In addition to basic SMB file serving, it supplied media streaming over various protocols and offered ftp (turned off). Despite being in fine shape, mechanically and electronically, I had to turn it off, because, even though the source code is available (yeah, GPL), cross-compiling and rebuilding an ARM 2.6 kernel and utilities into a modern version, and getting it to work on an unsupported device is more effort than I have time for.

– A couple of our networked printers shipped from the factory with all their protocols turned on, even if not configured nor active: SNMP, Web server,  SMB, FTP, tftp, LPD, Raw port, IPP, AirPrint, Web Services, Google Cloud Print, SMTP, mDNS and LLMNR, several of which I had to look up. Surely, there could be no flaws there! And, to boot, two of them were running older versions of firmware, also worth updating.

I am a strong skeptic of the IOT marketing that drops devices into your home/office network that communicate with “the cloud” and can be run from your cellphones, or likely anyone else’s. Unlike PCs with firewalls, intrusion detection, malware scanners and intentionally secure devices like routers, IOT devices are trying to “Just Work” and security might not be in mind.

I knew this was the case for things like “Smart” TVs and voice-recognition devices, but it hadn’t dawned on me that printers would also be in that category.

Be careful out there.

Managing broken links

My WordPress site has thousands of links to other web servers. Inevitably, these links grow old and many get lost. I use the excellent and highly recommended Broken Link Checker for WordPress to scan all the blog posts, and flag the links that aren’t working. It sends me an email each morning. There are many reasons why a link wouldn’t work, and a variety of error messages that can result: the request could time out because the web server is down, the network is having a bad day, or the site is no longer available. The request for the link could be rejected, redirected, of forbidden with a variety of error results, some transient and some permanent. If I think the link is down permanently, I can try to find an archive.org archive of the page (which the plugin helps to find) or remove the links as irretrievably gone.

A broken link displayed visually.

Broken Link

When the plugin discovers a broken link, it wraps the link in an HTML element that allows you to highlight the error in a variety of ways. I’ve chosen a red wavy underline to highlight the broken link, and automatically added the text “(Broken link)” to the link. For links that I’ve reviewed and decided they are not only broken, but gone forever, I use a different highlight: an orange dotted underline followed by “(link removed)”. If the reader floats their mouse over the removed link, it will display a caption showing where the link used to go.

All this magic is performed thanks to the plugin, and a little bit of styling. The plugin allows the author to specify their own styles, and I’ve chosen to use the following CSS to create the effect:

.broken_link, a.broken_link {
    -webkit-text-decoration-line: underline;
    -webkit-text-decoration-color:red;
    -webkit-text-decoration-style: wavy;
    text-decoration-line: underline;
    text-decoration-color:red;
    text-decoration-style: wavy;
}
.broken_link::after, a.broken_link::after {content: ' (link broken)';}

How do you learn to type such gobbledegook? Search the web, view other sites whose styles you like, and do your research. In this case, the text-decoration advanced styles (line, color and style) are fairly recent additions to most browsers. You can check on the appropriateness of using new styles at sites like caniuse.com, which can tell you which browsers and browser versions support the styles you’d like to apply. At the link above, you’ll s

Removed Link

Removed Link

ee the style won’t work in Microsoft’s Internet Explorer and Edge, which are another good reason not to use them. The style is supported in the most recent version of FireFox and Chrome, which is good enough for me. I also recommend looking at the “Usage relative” link on caniuse.com, as that shows what version people are actually using, rather than the latest cutting edge version. In this case, caniuse tells me that Google Chrome and IOS’ Safari work better with the -webkit- prefix, so that’s why the style is repeated with and without the prefix.

(Yes, the text-decoration has a shortened form which combines the color, line and effect in a single shortcut line:

.broken_link, a.broken_link {-webkit-text-decoration: red wavy underline;}

but I prefer the longer form, at least until I’m more familiar with the new styles, and the browser compatibility issues.)

ddclient fails with timeouts or errors

Recently, I’ve had to move around some of the TR&A infrastructure, and I’m testing out a couple of dynamic DNS providers. I’m using the classic ddclient software on Linux to update the providers with the IP address of these resources as they change. I ran into a couple of kinks getting ddclient to work properly on modern, recent Linux distros:

1. SSL errors: everything on the internet ought to be in SSL these days, to eliminate entire classes of Man-in-The-Middle attacks. Verifying that the SSL certificate is actually valid requires additional software not always available on some client sites, so this post has a work-around to silence the error:

https://sourceforge.net/p/ddclient/mailman/message/30409393/

2. Timeouts: some network infrastructures just don’t seem to be willing to access the same web site every ten minutes to check on the external IP address., and return a timeout. To work around this, I used the simple hack described here:

Working around ddclient’s “bad hostname” and “network is unreachable” problems

Finally, I’ve set up the dynamic DNS names (something like, but not: example.no-ip.com ) as CNAME synonyms to one of my utility domains that has excellent DNS support. This way, any code I used in batch files, scripts or configuration files can reference the stable example.mydomain.com even if I need to change the CNAME from one dynamic DNS provider to another. This is so much easier than having to scramble around a dozen different client installations to see where I may have used a DNS provider that’s no longer working for me.

A couple of quick references

Handy to have a blog to post bookmarks to. A little security research last week brought up:

6 Free Ransomware Decryption Tools

and:

The Ultimate Malware Removal Guide: 

The wonderful Boing-Boing posted an article on “How to prepare to join the Internet of the dead” — no, not a fun zombie adventure, but a sobering look at the online chaos that occurs when someone dies, and some good suggestions on how to prepare for the inevitable. Read it, and think about building a plan. Or a legacy drawer. In the referenced Locus article, Cory points out that “by 2050 more than half of the Internet’s users will be dead.” Be one of the happy ones.

Quick Updates

Things are cranking along here at TR&A.

Ted’s just completed a project migrating a client off an older server whose software was no longer updateable onto a shiny new virtual machine. Moving software from old to new presents a number of challenges. The services provided by the OS get updated, renamed and replaced, so some basic features need to be recoded. Server software has been updated, so it’s unwise to just bulk-copy old configuration files to new, but rather review the settings and make changes appropriate for the new software.

Security has been an area of rapid change in the past few years, a situation that will likely continue to accelerate. Firewall technologies, intrusion detection systems, and malware detection need careful review, not simply upgrades.

Thank you for your understanding!

Please excuse our dust during our remodel!

I’ll be taking down the current web server for a well-deserved retirement and bringing up a new machine in its place. Please be patient during this transition as some services may not be available during the transition. I’ll do my best to make these downtimes as short as possible. If something seems to be down for a long time, don’t hesitate to drop me a line and let me know. We all dread the “it looks fine to me!” episodes. Thanks for your support and understanding.

Send and Receive Your Email with Gmail

Book cover for 'Send and Receive Your Domain Email with Gmail'

Book cover

Another book from Hentzenwerke Publishing available from Amazon: “Send and Receive Your Domain Email with Gmail.”

Whil tackles a number of different ways in which you can use Google’s Email facilities to send and receive email just as if you were running a big company and were paying for someone to host your own domains email server, without the overhead, administration or security hassles.

Whil sets up a couple of different situations: one person with a bunch of domains, several people on one domain, several people several domains, and goes through ways these can be configured via your ISP and Google to allow you access to email all in one Inbox or separately. There are also some very useful asides.

Check it out at: https://www.amazon.com/Send-Receive-Domain-Email-Gmail/dp/1930919107

SQLite book available in paperback!

Using SQLite in VFP book cover

Breaking through the 2 Gb barrier — get it?

In 2015, Whil Hentzen wrote and published an ebook on using SQLite with Visual FoxPro. I reviewed and edited the book. Now it has been republished from electronic to paper version.

It’s an interesting proposal: not using SQLite as the actual database for an application, but rather as an intermediary store when importing an impossibly large data set into the very limited native database size of Visual FoxPro (255-ish columns, 2 Gb max!).

Check out the book available via Amazon: Using SQLite to Bypass the 2 GB .DBF Filesize Limit (Amazon Affiliate Link)

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.