Bash “Shellshock” Bug – Quick Vulnerability Test and Patch

Shellshock

This is not meant as a comprehensive guide to the Bash “shell shock” bug, but as a quick reference to test and patch for the vulnerability. First, test your version of Bash with this line: env x='() { :;}; echo vulnerable’ bash -c “echo this is a test” If you get the world “vulnerable” in your output then you need to update Bash: vulnerable this is a test If your output contains errors followed by “this is a test”, then your Bash version is not vulnerable: bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x’ this is a test Check to see if your distribution has an updated/fixed version of Bash available in its repository. … Continue reading

Integrating Bullhorn with Exchange 2003 Using Journaling and Forwarding

Bullhorn vs. Exchange

Bullhorn vs. Exchange 2003 One of the companies for which I manage IT uses Bullhorn’s applicant tracking software for their recruitment workflow. That company also uses the now-ancient Exchange 2003 for their email. But, Bullhorn doesn’t officially support integration with Exchange 2003. What’s involved? First off, “integration” is a strong word. It implies that our servers will pass information back and forth and stay in some meaningfully synchronized state. That’s not the goal in this case. The integration simply consists of passing all emails that are sent and received by our recruiters to Bullhorn’s servers. Once Bullhorn receives the emails, they’re parsed and can be viewed in the Activity Center and/or under the contact record to which they apply (using … Continue reading

Netgear LG 6100D Sprint LTE Gateway – Advanced Configuration

Netgear 6100D Native GUI Backup and Restore Settings

Man, oh man! I was getting frustrated with my new 6100D LTE gateway from Sprint. In fact, I posted a very long rant about it yesterday. This post is all about solutions. Really, it’s about one very big solution: http://[Netgear 6100D Address]/index.asp What is that? Oh, not much, just the native Netgear configuration GUI. It has about ten times the feature set of Sprint’s half-baked GUI. Seriously. Already have a problem? This didn’t happen to me at first, but I must have triggered some state within the 6100D that causes this screen to appear when returning to the Netgear GUI after having used the Sprint GUI: If you find yourself redirected to this utterly pointless landing page, just change the … Continue reading

Netgear LG 6100D LTE Gateway for Sprint Review – Bad Device, or the Worst Device?

Netgear Joke 9000

I recently obtained a Netgear LG6100D LTE Gateway from Sprint as a backup for my hard internet connections. The device seemed perfect on paper: Cellular connectivity for the home or business network! I’ve used some bad consumer routers in my day, but this is one of the worst I’ve encountered. Or maybe it’s that it looked so promising at first and then let me down so hard. Update (2014-08-26): I found that you can access the native Netgear web GUI. It has a heck of a lot more features, and solves many of the complaints I have with the “correct” way of configuring this device. Upon logging in the user interface is clean, fairly informative, and I noticed that the … Continue reading

Oh, Pebble! You have a great product that’s being ruined by your support.

pebble_case_24XXXX_mq_sanitized

Two important things before I get started: I really like the original Pebble Smartwatch.  I’d probably like the Steel as well, but I haven’t tried it. I have a lot of respect for Pebble as a company.  It came into being through crowdsourced funding and actually delivered the product it promised. However, after about 6 months of ownership, my watch stopped vibrating.  Trying to resolve this issue was my first interaction with Pebble support, and hopefully will be my last.  Their process is slow, detrimental, and offensive. You may wonder at that last one:  “Offensive?” My gripe isn’t with the particular customer service person that handled my case.  (In fact I’ve redacted their name from this post.)   The CS … Continue reading

Fix for: Keepalived router enters fault state on link down

keepalived_logo

TL;DR: This is the configuration option you want: dont_track_primary At work and at home I have pairs of redundant “core” routers in an active-passive (or master-backup as you like) configuration. They consist of commodity hardware, a few 4-port gigabit NICs, and CentOS. All of these machines had been running flawlessly for anywhere from two to six years (as they were put into service or upgraded). That is until yesterday when my primary router at home had an SSD failure which completely stopped it in its tracks. The backup router took over, and in less than a second traffic was being routed. All of my point-to-point VPNs reconnected within about 20 seconds. In other words, it worked exactly as it should. … Continue reading

Redundant email servers with soft-fail (450) vs. hard-fail (550)

postfix_soft_fail

I manage a fairly large number of incoming mail exchangers, which are numerous both to handle large message volumes as well as to provide redundancy. In most cases, these mail servers are Postfix with MySQL providing virtual alias maps, transport maps, relay domains, and virtual alias domains. Unfortunately the Postfix+MySQL implementation isn’t always 100% great. On very rare occasions the Postfix instance may fail to communicate with the MySQL server, for any number of reasons. From the perspective of the sender’s MX, this usually results in a 550 status code (often given as “Relay access denied”). This is a hard-fail, in that it tells the upstream MX that the recipient they’re trying to reach is permanently unavailable. The upstream MX … Continue reading

SAN with Linux Cluster and CLVM: Is it Necessary?

remove_clustering_services

To answer the title of this post in one word: No. But as with all things computer related, that “no” needs to be followed by the caveat: “Well, it depends upon your needs.” From what I’ve seen, Linux clustering was designed primarily for high-availability services, with only a secondary effort to share disk resources across nodes. I have tried — and would never use in production — Linux clustering services for a VM host cluster. I know other people have done it and will continue to do it, but a properly configured (and managed) VM cluster does not need true clustering. (Again, “depending upon your needs”). Linux clustering requires fencing. (It didn’t always, but now it does). Fencing is a … Continue reading

Google Chrome Reports “Duplicate headers received from server”

Chrome Duplicate Headers Message

It seems that this error message has been around since version 16 of Chrome, and was first reported sometime in 2011. The error message basically says that it received two Content-Disposition headers, and that the response was blocked to prevent HTTP response splitting attacks. However, in most cases this error isn’t caused by malicious code, but rather because of an innocuous comma in the filename parameter of the Content-Disposition header. Here’s an example of an actual response header I received while downloading a resume from a popular career site: Content-Disposition: attachment; filename=Beresky_Resume,6pg.docx That was the only Content-Disposition header in the entire response, which raises the question: Why is this a duplicate header? Because according to the HTTP 1.1 specification, section … Continue reading

Reducing Fan Noise from a Dell PowerEdge R905

Images borrowed from the auction page of red_planet_trading on eBay

If you’re read my blog, you know that I have a quite a few servers in my basement that I use as a home lab environment. For home or low-demand virtualization, you can’t beat the Dell R905 for price. Consider that, as of the time I’m writing this post, you can get an R905 like I did with 128 GB of RAM for about $960. That’s only a little more than the cost of the RAM! That machine has 4x AMD Opteron 8356 quad-core CPUs @ 2.3Ghz and two built-in 10gbps ethernet ports (plus 2 gigabit ports), a PERC6i controller, dual PSUs, and a full enterprise DRAC. It’s a little old, but you can’t get those specs in any other … Continue reading