Code Blog

Displaying 1-5 of 46 results.
2017/06/30 MacOSX

I was thinking about playing a bit of Go online again but the popular Korean Tygem Go server only has software support for Windows OS. I could have run it in Windows Parallells for Mac in a virtual computer but I found this link describing how to run it directly in Mac OS via Wineskin.

https://www.evernote.com/shard/s287/sh/00099ac5-5169-4ed9-865c-3b2a744e78b9/d5a37226328312b4

It works well for me, I'm currently running Mac OS Sierra v. 10.12.5. Wineskin is a utility to manage Wine engine versions and create wrappers so it appears like a normal Mac application.

2017/06/09 MacOSX,Printers

I had to do this after each big update of MacOS (latest being MacOS Sierra), so it is quite annoying. However I managed to get the printer working again (its a really good printer btw).

Step 1: Delete the current Canon LBP2900 printer in Printers & Scanners settings
Step 2: Restart your Mac (I didn't do this last time, still worked)
Step 3: Download and install the latest Canon LBP2900 CAPT Printer Driver (version 3.90 as of 2017.06.09)
Step 4: Restart your Mac
Step 5: Download and install the Canon LBP2900 Patcher
Step 6: Restart your Mac
Step 7: Connect the printer with USB, add the LBP2900 printer and manually select the printer driver

Note: CAPT is Canon's proprietary Canon Advanced Printing Technology (CAPT) driver, supporting the Canon i-Sensys series of laser printers.

Note 2: The LBP2900 patcher is a small executable that adds printer definitions for the LBP2900 printer. If this is not done the system cannot find the suitable printer driver when adding the printer. The LBP2900 printer is not supported by the Canon CAPT driver (not sure why) but the very similar printer LBP3000 is supported, so the patcher adds similar printer definitions as LBP3000 for the LBP2900.

2017/06/05 Network

The GL-MT300A from GL.iNet is a tiny usb-powered router with pretty good hardware that comes with OpenWRT pre-installed and with GL-iNet's on GUI on top of OpenWRT.

WDS (Wireless Distribution System) is a protocol for extending the range of wireless router, so that a secondary layer of wireless routers can act as relays to the base wireless router. GL-MT300A comes with WDS support, but for this to work the base router must also support WDS.

Obviously the best way to extend a wireless network is by connecting them with ethernet cables (aka wireless multiple AP / roaming network). If this is not possible then WDS may be the only option available. It will come with a hefty performance penalty as the base router will have to half its bandwidth to communicate with clients and relay routers (in WDS static mode).

My base router is an Apple Airport Time Capsule so had to check what's available from Apple. Apple's website actually recommends "Wirelessly Extended Network" for newer routers supporting 802.11n (2.4 & 5GHz support, up to 600Mbps) and "WDS" for older routers that only have 802.11g (54Mbps). This is somewhat confusing but from another post online it seems Apple's terminology actually refers to two types of WDS - static and dynamic. The dynamic version supports the faster 802.11n wifi standard and will also not suffer as bad for the half duplex mode of communication between base and relay routers. 

Using OpenWRT there is also another way to set up wireless bridging and that is using "relayd" (pseudobridge). This works even if WDS is not supported on the base router. This is what I will be using for my GL-MT300A router.

Click on the "advanced" link in upper right corner to enter OpenWRT Luci interface. 

1. Install relayd and luci-proto-relay (GUI) packages.

2. Go to System -> Startup and find relayd in the list. Set relayd to enabled.

3. Go to Network->Interfaces, click "Add new interface".

4. Set the name of the new interface to for example "relaybridge", set proto type to be "Relay bridge", and then click "Submit".

5. In the detailed page of this interface set the IP address to the IP address assigned from the base router. For "Relay between networks" select both "Lan" and "Wan", then click "Save".

6. Next click on "LAN" tab on the top to edit Lan settings. Set the gateway to be your main router’s IP. Set
the DNS to be your main router’s DNS. Scroll down to the "DHCP Server" section, check
"Ignore Interface" and click "Save".

7. Go to Network -> Firewall, and click to edit the "Lan" zone. 

8. In "Covered networks" select "Wan", then click "Save".

9. In the top right corner, there is a notification saying "UNSAVED CHANGES"; click on it to enter a detailed listing of changes, then click “Save & Apply”. Now the changes are applied and hopefully the router will start working as a relay bridge.

 

Useful links:

How to flash the router firmware via Uboot Web UI / Debricking the router:
https://www.gl-inet.com/how-to-enter-the-uboot-web-ui/

Firmware download location:
http://www.gl-inet.com/firmware/mt300a/

GL.iNet article - How to set up a repeater bridge
https://www.gl-inet.com/how-to-setup-repeater-bridge-using-openwrt-on-gli-mini-routers/ 

GL.iNet PDF guide - How to set up a repeater bridge
http://www.gl-inet.com/wordpress/wp-content/uploads/2016/05/relayd.pdf

OpenWRT article - Routed Client with relayd (Pseudobridge)
https://wiki.openwrt.org/doc/recipes/relayclient 

Wireless Distribution System (Wikipedia)
https://en.wikipedia.org/wiki/Wireless_distribution_system 

 

2017/05/27 Windows Server

Recently I had to dig into a crashed Exchange 2010 server and try to restore the mailboxes. Luckily the local Active Directory was still working fine, as this helps a lot because Exchange stores a lot of data in AD (database schema, mailbox settings, mailbox accounts etc). After installing Exchange and have it join the local domain, all the settings from the old Exchange installation are fetched from AD.

For restoring the mailboxes I had a copy of the Exchange database file (the .edb file) but as Exchange 2010 writes log files for each transaction it means that a server crash most likely results in a "dirty state", and this was true for my copy as well. The first thing to do is to use a command line tool (ESEUTIL) to check the state and write the logs to the database and put it in a "clean shutdown" state if necessary. However, even after putting it in a clean state, a .edb-file can't be mounted directly to another exchange-installation. It has to be mounted as a temporary "recovery database" and then the mailboxes can be transfered over to the new .edb-database of the exchange server. This turned out to be quite difficult. The transfers throw a lot of errors (had to set the "BadItemLimit" parameter very high) and some still just completely refused to be moved across.

I had errors such as "MapiExceptionInvalidParameter: Unable to modify table." etc. This only happened for some mailboxes (I think about half failed) and other posts online said that this may be caused by some users creating non-standard rules and folders for how to seperate incoming email. One solution is to only recover i.e. "Inbox" folder and skip the rest. Didn't seem like the ideal solution to me.

Here are some examples of restoring from the recovery database (RDB) to the new Exchange database:

New-MailboxRestoreRequest -SourceDatabase "RDB" -SourceStoreMailbox "Username" -TargetMailbox "Username" -AllowLegacyDNMismatch -ExcludeDumpster -BadItemLimit 100 -AcceptLargeDataLoss -AssociatedMessagesCopyOption copy -IncludeFolders "#Inbox#"
New-MailboxRestoreRequest -SourceDatabase "RDB" -SourceStoreMailbox "Firstname Lastname" -TargetMailbox [email protected]

Maybe because of some changes done in AD I had to use the "AllowLegacyDNMismatch" flag for it to work. 

Next step was to try to use the "Restore-Mailbox" command instead of "New-MailboxRestoreRequest". "Restore-Mailbox" is actually an older command that has been replaced by "New-MailboxRestoreRequest". 

Restore-Mailbox -Identity Username -RecoveryDatabase RDB -RecoveryMailbox Username -TargetFolder Recovered

The "Restore-Mailbox" worked better than "New-MailboxRestoreRequest" but I could still not restore all mailboxes (finally I had 5 mailboxes still not restored). In the end the best solution was to do a hardware repair of the old server, boot it up, export all mailboxes via command line to .pst files, and then transfer them over to the new Exchange and import them into user mailboxes. This worked for all mailboxes. The only problem was a quota restriction that I had to adjust for some mailboxes (they were bigger than the max allowed size).

Import from .pst file to a user mailbox and check progress status:

New-MailboxImportRequest -FilePath \\exchange\pst\username.pst -Mailbox [email protected]
Get-MailboxImportRequest | Get-MailboxImportRequestStatistics

Remove finished requests from the queue:

Get-MailboxImportRequest -status Completed | Remove-MailboxImportRequest

Here's a good article I found online about Exchange mailbox recovery:
https://blogs.it.ox.ac.uk/nexus/2012/05/11/mailboxes-that-just-wont-migrate/ 

One way to prevent this type of problems in the future are to run several Exchange servers in a database availability group (DAG). The Exchange database will be continuously replicated among the servers. Another tip is to create several .edb databases and limit the amount of users for each database. In this way, if (or rather when) a database becomes corrupt, it will make the workload much more managable for restoring mailboxes from a backup. 

 

2017/04/13 Hosting,Network,Linux

Set hostname and timezone

Setting the hostname in Debian 8 / Ubuntu 15.04 and later

hostnamectl set-hostname hostname

Update /etc/hosts

127.0.0.1 localhost.localdomain localhost
203.0.113.10 hostname.example.com hostname

Set the timezone
dpkg-reconfigure tzdata

Security settings

Linode has a good guide on increasing security for the linux installation, see https://www.linode.com/docs/security/securing-your-server

Topics covered:

  • Enable automatic security updates
  • Create a limited user account
  • Only use 4096-bit RSA key-pair for SSH login (don't accept passwords)
  • Disable root login over SSH (run sudo on limited user instead)
  • Turn off IPv6 if not needed
  • Set up Fail2ban (block IP after multiple failed login attempts)
  • Remove unnecessary packages (i.e. EXIM and RPC) to reduce number of open ports
  • Set up a firewall (IPTABLES or i.e. UFW for Debian/Ubuntu)

The article also has links for more security features such as intrusion detection.

URL rewrite

In /etc/apache2/apache2.conf add a <Directory> block and add "AllowOverride All". Then also run "sudo a2enmod rewrite" and restart Apache with "sudo service apache2 restart".