Stoppt die Vorratsdatenspeicherung! Jetzt klicken & handeln!Willst du auch bei der Aktion teilnehmen? Hier findest du alle relevanten Infos und Materialien:

six demon bag

Wind, fire, all that kind of thing!

2017-08-07

Generate a Solr Password Hash

Recent versions of Solr allow restricting access via authentication and authorization plugins, for instance the basic authentication plugin. The documentation shows an example security.json that you can upload into Zookeeper (assuming that you're running SolrCloud).

See more ...

Posted 22:15 [permalink]

2017-03-21

Verifying checksums on Windows systems - correctly

Posted here, since the Fedora people apparently can't be bothered to fix their documentation.

In January 2016 I came across this question on StackOverflow, asking about an OutOfMemory error when validating the SHA256 checksum of a Fedora ISO image. The Fedora documentation suggested reading the full file and then calculating the checksum from the bytes:

$sha256.ComputeHash([System.IO.File]::ReadAllBytes("$PWD\$image"))

Why anyone would even want to read an entire ISO image into memory for a checksum calculation is beyond me. The recommended way of doing this is to open the file as a stream and calculate the checksum on that stream:

See more ...

Posted 00:24 [permalink]

2016-02-27

VBSdoc - A VBScript API Documentation Generator

API documentation is nice, and being able to generate it from the code is even nicer. However, unlike Perl, Python, Java, or several other languages, VBScript doesn't have a feature or tool that supports this. Which kinda sucks.

I tried VBDOX, but didn't find usability or results too convincing. I also tried doxygen by adapting Basti Grembowietz' Visual Basic doxygen filter. However, doxygen does a lot of things I don't actually need, and I didn't manage to make it do some of the things I do need. Thus I ended up writing my own VBScript documentation generator.

See more ...

Posted 16:31 [permalink]

2015-06-07

Using the DB2 Command Line Processer from PowerShell

Even for DB2 10.5 the official documentation says to use the db2cmd command for a Command Line Processor enabled environment on Windows:

On Windows operating systems, db2cmd command opens the CLP-enabled DB2® window, and initializes the DB2 command line environment.

However, being able to use PowerShell instead of db2cmd would be much nicer, since the former is far more versatile in practically every respect (control structures, output processing, file handling, etc.).

See more ...

Posted 01:38 [permalink]

2015-01-17

Dim var() Considered Harmful

VBScript arrays can be created with fixed or dynamic size. Fixed size arrays are rather straightforward. Define Dim var(4) and you have an array variable var with 5 elements (indexes 0 through 4). Unfortunately dynamic arrays aren't quite as simple.

See more ...

Posted 18:26 [permalink]

2014-03-26

Cleanup of DB2 Backups Fails with Return Code 136

Recently I encountered a rather weird problem with the cleanup of backups of some of our DB2 databases. The database backups are done via TSM by running the following command:

db2 "backup db DBNAME online use tsm"

Cleanup of obsolete backups is done by running the following commands via a scheduled task.

db2adutl delete full older than TIMESTAMP db DBNAME without prompting
db2adutl delete logs between S0000000.LOG and S(xxxxxxx-1).LOG db DBNAME without prompting
db2 "connect to DBNAME"
db2 "prune history DATE and delete"
db2 "prune logfile prior to Sxxxxxxx.LOG"
db2 "connect reset"

Sxxxxxxx.LOG is the oldest log of the oldest backup to be kept, which is extracted from the output of db2adutl query full db DBNAME. S(xxxxxxx-1).LOG is that log number minus one.

Although this setup had been working for several years without problems and no changes were made to the system, the log cleanup step suddenly started to fail for some databases while it still worked fine for the others.

See more ...

Posted 21:10 [permalink]

2013-10-30

Interactive VBScript Shell

Python's interactive mode is very convenient, because you can try simple stuff without having to write it to a script first. Since I have to do a lot of VBScript lately, I wanted to have something like that for VBScript, too.

I found this blog post that has almost exactly what I wanted, except for line continuation. Which is what I added (for my own convenience). You can download the modified script here.

Update: Added an Import() procedure for loading/executing additional code from other VBScript files.

Update: vbsh can now be customized with an optional init script %USERPROFILE%\init.vbs.

Update: Added a function to look up keywords in the VBScript documentation (requires that script56.chm is installed in the current working directory, the Windows help directory, or one of the directories in the %PATH%). Note that you'll need the English language version of script56.chm, since other language versions use different internal paths.

Posted 18:03 [permalink]

2013-02-07

Auditing Windows File ACLs

Sometimes you run into a situation where you need to determine the permissions on some directory tree. Be it to document or clean up permissions on the subdirectories of a share, to troubleshoot permission issues due to deleted accounts or groups, or whatever. Manually analyzing permissions is quite tedious, even when using standard tools like cacls or xcacls. The output of XCACLS.vbs isn't any better, but since it's a script, I considered modifying it to suit my needs … until I took an actual look at the script. I abondoned the thought afterwards.

See more ...

Posted 20:14 [permalink]

2012-10-29

A Wrapper Class for Active Directory Queries

Tired of writing the same boilerplate code for querying objects from Active Directory over and over again? So am I. Thus I wrote ADQuery, a class that wraps the initialization of the required objects, sets some default values and also provides properties to allow for adjusting the usual parameters as the situation requires. See API documentation for details.

See more ...

Posted 19:49 [permalink]

2011-03-13

A Logger Class for VBScript

I got tired of having to re-implement logging routines for my VBScripts on a regular basis, so I wrote a logger class that serves as an abstraction layer for logging to interactive console/desktop, files or eventlog. Now I just instantiate a new logger, define the logging facilities (default is console/desktop for interactive, eventlog for non-interactive execution), and can log away with the same set of methods, regardless of log target. See API documentation for details.

See more ...

Posted 22:10 [permalink]

2011-01-02

A Wrapper Class for VBScript Arrays

Although VBScript does support arrays, their handling leaves a lot to be desired. To deal with the shortcomings of the built-in arrays (or rather, to avoid having to deal with them) I wrote CArray, a wrapper class that provides operations like inserting, appending and removing elements, getting slices (sub-arrays), sorting, etc.

See more ...

Posted 03:23 [permalink]

2010-06-14

Active Directory Documentation

When you inherit an existing (usually home-grown) Active Directory, it can be a real pain to figure out how the thing was actually configured by the previous admin(s). In a situation like that it's kinda nice to have a tool at hand that'll do the dirty work for you.

Of course there's pay-ware like ADscribe, but personally I find $99 kinda expensive for something you're going to use every other decade (or so). Microsoft's own Active Directory Topology Diagrammer is freeware (well, sort of, since it requires Visio), but it has to be installed, and the results weren't that convincing when I tried to run it from outside the target domain.

See more ...

Posted 21:37 [permalink]

2010-05-30

Backscatter protection

What is backscatter?

When mail servers accept mail and later discover that for some reason they are unable to actually deliver it, RFC 821 specifies that a Non-Delivery Notification (NDN, also known as "bounce") must be sent to the originator of the mail.

However, the "From" address can be spoofed most easily, so there is no guarantee whatsoever that the mail actually originated from that address. In case of a spoofed address, the NDN will be sent to someone who hadn't sent the original mail to begin with. These bounces going back to someone else but the original sender are called "backscatter".

Why is that a problem?

Because spammers tend to send their bulk e-mails to anything that looks even remotely like an e-mail address, the "To" addresses usually include lots of invalid addresses. Therefore spam-runs can cause massive waves of backscatter flooding the mailboxes of those people whose addresses were spoofed in the "From" field. However, it's not sensible to simply block all incoming bounces, because there are legitimate bounces as well.

See more ...

Posted 22:41 [permalink]

2008-12-09

Wormhole

Sometimes administrators need to access the computer of a remote user, but depending on the location (e.g. hotels or foreign company networks) NAT or firewalls may get in the way. One method of getting around this problem is to establish an outbound SSH tunnel on the remote user's computer, and then connect back to the computer through that tunnel. However, setting up an SSH tunnel isn't something Joe Average usually is too comfortable with. That's why I wrote wormhole, a little application (actually a shell script encapsulated in an application bundle via Platypus) to make establishing a tunnel as simple as possible for remote Macintosh users.

Posted 18:58 [permalink]

2008-10-13

How to Beat Windows Software into Submission

A great deal of Windows software requires to be run with administrative or at least power user privileges for no good reason. That's a Bad Thing™, because it enables any user to compromise the system. Most of this software can, however, be talked into running with a normal user's privileges. The problem is usually that the program attempts to write temporary data, configuration data and other stuff like that to places a normal user can't write to. In this article I will describe the procedure I usually apply when having to deal with reluctant software.

See more ...

Posted 11:27 [permalink]