Salvaging and scrubbing hard drives from a couple of retired machines, one threw hard disk drive errors repeatedly and ended up in the “Repair” pile. Got to it this week, following the instructions at linoxide.com (search for ‘bad blocks’) and was successfully able to mark the bad block and force the drive to work around it. New large-capacity drives have “spare” sectors allocated for this purpose and all drives will have a few flaws, so this drive can be put back into production, as long as it is monitored and any future problems dealt with quickly. As always, all hardware will fail, and a thoughtful backup strategy (on another spindle, on another machine, in another location, in a different time zone, on a different planet) is important.
Archive | 2017
FireFox’s built-in screengrab utility
Eric Meyer points out a great little utility for taking screengrabs, screen-sized or full-page, using one of the two consoles built into FireFox’s included Developer Tools.
Essential Tool: Firefox’s screenshot Command
Update: With FireFox 67 (and likely a few previous versions), a screenshot tool is available off the drop-down menu that appears when you click the ellipsis (…) at the left end of the address textbox. Options include a full-page save, the visible window save, or a region of the screen.
What’s on your network?
This article in ZDNet points to flaws in Microsoft’s SMB file sharing systems (“Windows networking”) that are, unfortunately, faithfully reproduced in Samba:
http://www.zdnet.com/article/
See also:
https://access.redhat.com/
This means that an old Samba server you have could be be misused as a vector for malware to get a foothold on systems where local Windows machines could get infected. Over the weekend, I went through and cleaned out, updated, reconfigured, or blocked access at some of my client sites.
I also took a long look at our in-house dev network for stuff that could be a problem and found a couple of issues:
– An old Western Digital NAS device was running an *ancient* version of Linux and Samba, and unfortunately is no longer being supported by the manufacturer (last update, 2012). In addition to basic SMB file serving, it supplied media streaming over various protocols and offered ftp (turned off). Despite being in fine shape, mechanically and electronically, I had to turn it off, because, even though the source code is available (yeah, GPL), cross-compiling and rebuilding an ARM 2.6 kernel and utilities into a modern version, and getting it to work on an unsupported device is more effort than I have time for.
– A couple of our networked printers shipped from the factory with all their protocols turned on, even if not configured nor active: SNMP, Web server, SMB, FTP, tftp, LPD, Raw port, IPP, AirPrint, Web Services, Google Cloud Print, SMTP, mDNS and LLMNR, several of which I had to look up. Surely, there could be no flaws there! And, to boot, two of them were running older versions of firmware, also worth updating.
I am a strong skeptic of the IOT marketing that drops devices into your home/office network that communicate with “the cloud” and can be run from your cellphones, or likely anyone else’s. Unlike PCs with firewalls, intrusion detection, malware scanners and intentionally secure devices like routers, IOT devices are trying to “Just Work” and security might not be in mind.
I knew this was the case for things like “Smart” TVs and voice-recognition devices, but it hadn’t dawned on me that printers would also be in that category.
Be careful out there.
Managing broken links
My WordPress site has thousands of links to other web servers. Inevitably, these links grow old and many get lost. I use the excellent and highly recommended Broken Link Checker for WordPress to scan all the blog posts, and flag the links that aren’t working. It sends me an email each morning. There are many reasons why a link wouldn’t work, and a variety of error messages that can result: the request could time out because the web server is down, the network is having a bad day, or the site is no longer available. The request for the link could be rejected, redirected, of forbidden with a variety of error results, some transient and some permanent. If I think the link is down permanently, I can try to find an archive.org archive of the page (which the plugin helps to find) or remove the links as irretrievably gone.
When the plugin discovers a broken link, it wraps the link in an HTML element that allows you to highlight the error in a variety of ways. I’ve chosen a red wavy underline to highlight the broken link, and automatically added the text “(Broken link)” to the link. For links that I’ve reviewed and decided they are not only broken, but gone forever, I use a different highlight: an orange dotted underline followed by “(link removed)”. If the reader floats their mouse over the removed link, it will display a caption showing where the link used to go.
All this magic is performed thanks to the plugin, and a little bit of styling. The plugin allows the author to specify their own styles, and I’ve chosen to use the following CSS to create the effect:
.broken_link, a.broken_link { -webkit-text-decoration-line: underline; -webkit-text-decoration-color:red; -webkit-text-decoration-style: wavy; text-decoration-line: underline; text-decoration-color:red; text-decoration-style: wavy; } .broken_link::after, a.broken_link::after {content: ' (link broken)';}
How do you learn to type such gobbledegook? Search the web, view other sites whose styles you like, and do your research. In this case, the text-decoration advanced styles (line, color and style) are fairly recent additions to most browsers. You can check on the appropriateness of using new styles at sites like caniuse.com, which can tell you which browsers and browser versions support the styles you’d like to apply. At the link above, you’ll s
ee the style won’t work in Microsoft’s Internet Explorer and Edge, which are another good reason not to use them. The style is supported in the most recent version of FireFox and Chrome, which is good enough for me. I also recommend looking at the “Usage relative” link on caniuse.com, as that shows what version people are actually using, rather than the latest cutting edge version. In this case, caniuse tells me that Google Chrome and IOS’ Safari work better with the -webkit-
prefix, so that’s why the style is repeated with and without the prefix.
(Yes, the text-decoration has a shortened form which combines the color, line and effect in a single shortcut line:
.broken_link, a.broken_link {-webkit-text-decoration: red wavy underline;}
but I prefer the longer form, at least until I’m more familiar with the new styles, and the browser compatibility issues.)
ddclient fails with timeouts or errors
Recently, I’ve had to move around some of the TR&A infrastructure, and I’m testing out a couple of dynamic DNS providers. I’m using the classic ddclient software on Linux to update the providers with the IP address of these resources as they change. I ran into a couple of kinks getting ddclient to work properly on modern, recent Linux distros:
1. SSL errors: everything on the internet ought to be in SSL these days, to eliminate entire classes of Man-in-The-Middle attacks. Verifying that the SSL certificate is actually valid requires additional software not always available on some client sites, so this post has a work-around to silence the error:
https://sourceforge.net/p/ddclient/mailman/message/30409393/
2. Timeouts: some network infrastructures just don’t seem to be willing to access the same web site every ten minutes to check on the external IP address., and return a timeout. To work around this, I used the simple hack described here:
http://mcqueeney.com/blog/working-around-ddclients-bad-hostname-and-network-is-unreachable-problems/
Finally, I’ve set up the dynamic DNS names (something like, but not: example.no-ip.com ) as CNAME synonyms to one of my utility domains that has excellent DNS support. This way, any code I used in batch files, scripts or configuration files can reference the stable example.mydomain.com even if I need to change the CNAME from one dynamic DNS provider to another. This is so much easier than having to scramble around a dozen different client installations to see where I may have used a DNS provider that’s no longer working for me.
A couple of quick references
Handy to have a blog to post bookmarks to. A little security research last week brought up:
6 Free Ransomware Decryption Tools
and:
The Ultimate Malware Removal Guide:
The wonderful Boing-Boing posted an article on “How to prepare to join the Internet of the dead” — no, not a fun zombie adventure, but a sobering look at the online chaos that occurs when someone dies, and some good suggestions on how to prepare for the inevitable. Read it, and think about building a plan. Or a legacy drawer. In the referenced Locus article, Cory points out that “by 2050 more than half of the Internet’s users will be dead.” Be one of the happy ones.
Quick Updates
Things are cranking along here at TR&A.
Ted’s just completed a project migrating a client off an older server whose software was no longer updateable onto a shiny new virtual machine. Moving software from old to new presents a number of challenges. The services provided by the OS get updated, renamed and replaced, so some basic features need to be recoded. Server software has been updated, so it’s unwise to just bulk-copy old configuration files to new, but rather review the settings and make changes appropriate for the new software.
Security has been an area of rapid change in the past few years, a situation that will likely continue to accelerate. Firewall technologies, intrusion detection systems, and malware detection need careful review, not simply upgrades.