Category Archives: Software

Once more: How to really install Oracle Java on Mac OS X

After upgrading to Mac OS X 10.9 “Mavericks” you may notice that the upgrade also removed any versions of Java you may have had installed. If you’re just using Java Applets in the browser, you can simply go to the Java Download Page, install the offered version of the JRE and be done with it.
If, however, you also need to run local Java apps like for example Eclipse, you’ll get prompted to install Apple’s version of Java. If you do that, this will not only break the browser plugin but also install a version of Java that’s quite outdated and not well maintained by Apple.

The better solution is to download Oracle’s JDK (yup, the complete thing) and make OS X work happily with that. To do this, head over to Oracle’s Java SE download page, click the big button labeled “Java Download” and on the next page accept the License Agreement and select the jdk-7uXX-macosx-x64.dmg for download.
Install by double-clicking on the downloaded file and follow the on-screen instruction. Afterwards open a terminal window and issue

sudo ln -s /Library/Java/JavaVirtualMachines/jdk1.7.0_XX.jdk /System/Library/Java/JavaVirtualMachines/

(That’s quite a long line above, so make sure to scroll to the right and select everything. Also make sure to replace the ‘XX’ in the version number with the correct version of the JDK you downloaded)

That’s it. From now on Mac OS X 10.9 (and 10.8, for that matter) will work happily with Oracle’s Java and no longer prompt for installing the Apple version.

Apple Maps: Close, But Still No Cigar

Apple_Maps_Off_by_One
Even with Apple’s Maps updated I still wouldn’t trust them for navigation. But to be fair: it also took Google Maps three years to fix that particular error.

Finally: A Fix for Python 2.7 Aborts on Import of ctypes

This has been bugging me for quite some time now: Every time I tried to import the ctypes module into Python 2.7, all I would get was the famous “Aborted” message. With some time to spare I could trace the problem down to the file closures.c of the libffi submodule. Most likely due to a compiler/optimization bug in older versions of gcc a double-free is happening there in line 151.
Since the surrounding function only checks for the presence of SELinux on the host and since the box I need to run Python 2.7 on doesn’t have SELinux installed, I opted for simply removing the whole thing:

--- a/Modules/_ctypes/libffi/src/closures.c 2012-04-10 01:07:33.000000000 +0200
+++ b/Modules/_ctpyes/libffi/src/closures.c 2012-06-20 17:35:40.277850045 +0200
@@ -119,52 +119,7 @@
 #define LACKS_SYS_MMAN_H 1
 
 #if FFI_MMAP_EXEC_SELINUX
-#include <sys/statfs.h>
-#include <stdlib.h>
-
-static int selinux_enabled = -1;
-
-static int
-selinux_enabled_check (void)
-{
-  struct statfs sfs;
-  FILE *f;
-  char *buf = NULL;
-  size_t len = 0;
-
-  if (statfs ("/selinux", &sfs) >= 0
-      && (unsigned int) sfs.f_type == 0xf97cff8cU)
-    return 1;
-  f = fopen ("/proc/mounts", "r");
-  if (f == NULL)
-    return 0;
-  while (getline (&buf, &len, f) >= 0)
-    {
-      char *p = strchr (buf, ' ');
-      if (p == NULL)
-        break;
-      p = strchr (p + 1, ' ');
-      if (p == NULL)
-        break;
-      if (strncmp (p + 1, "selinuxfs ", 10) != 0)
-        {
-          free (buf);
-          fclose (f);
-          return 1;
-        }
-    }
-  free (buf);
-  fclose (f);
-  return 0;
-}
-
-#define is_selinux_enabled() (selinux_enabled >= 0 ? selinux_enabled \
-                 : (selinux_enabled = selinux_enabled_check ()))
-
-#else
-
 #define is_selinux_enabled() 0
-
 #endif /* !FFI_MMAP_EXEC_SELINUX */
 
 #elif defined (__CYGWIN__)

Compile, install – works. Now on to some other stuff that needs Python 2.7 to run properly ;)

Astaro ASG as OpenVPN Access Server client

Just about four weeks ago I posted about the resurrection of the .ovpn to .apc converter script. In the meantime Alois told me in the comments that while this was nice it didn’t work for current versions of the OpenVPN Access Server and the .ovpn files it creates.

Well, since there’s been nothing much else to do I did some more work on the script and I can now happily say that it now also converts the new .ovpn format to an .apc the Astaro can understand. Unfortunately, there’s a little catch: the OpenVPN Access Server relies on ‘tls-auth’ for client connections and the Astaro neither knows of that concept not provides a method to import the needed key file. So I had to do some creative manipulation to make the Astaro do my bidding to include the necessary config statements. In addition, you will need to manually copy the key file to the Astaro to make everything work as expected. To make things as easy as possible, the script will tell you what to do.

If you’re interested, check out the latest version of ovpn-to-apc.sh on Gitorious. If it works for you, let me know. If it doesn’t, let me know, too.

Kleine Erfolgserlebnisse

Vorher

Check name    Uptime    Downtime    Outages   Response time
#######       58.54%    9h 57m 02s    189      9649ms

Nachher

Check name    Uptime    Downtime    Outages   Response time
#######       100.00%   0h 00m 00s     0        647ms

.ovpn to .apc Converter Revisited

The Astaro Security Gateway (ASG) is a great firewall and remote access solution. The only flaw of it being that Astaro, too, tries to build a walled garden around their suite of products. One major drawback here is that while the ASG has outstanding capabilities as a remote access server, there’s no easy way to use it as a client to connect to an OpenVPN SSL server. The main show stopper is that the ASG expects to get all it’s connection information from a .apc file while OpenVPN at best provides a .ovpn file which has a completely different structure.
Back in 2009 Patrick Schneider provided a simple bash script that would convert .ovpn files together with the needed certificates and key files into a .apc file the ASG could read. Unfortunately the script stopped working with newer ASG releases. Since I needed the functionality for a current project, I resurrected the code, polished and updated it a bit. The result can now be found on Gitorious: the new OVPN-to-APC converter script. Feel free to clone and enhance.

Update: Just pushed a new version to Gitorious that now handles the new .ovpn format provided by the OpenVPN Access Server as well.

Slowing down

This has been a very hectic couple of weeks. Not only the beta testing for the (now not so) new Netgear ReadyNAS boxes with ARM architecture: the Duo v2 and the NV+ v2. But also building add-ons for the new interface. Currently available are:

Especially the new web interface was a major obstacle there for in some situations it behaves quite different than the old and trusty Frontview. But now that I’ve got the hang of it I’m quite confident that more stuff is going to follow soon. And of course updates to the ReadyNAS Sparc stuff that has been put on hold for doing the ARM thing ;) Since I’ve just upgraded this site to WordPress 3.3, I might do an add-on for that as well – we’ll see.

For now it’s relaxing time – at least until the end of the week.

Fixing PHP-FPM’s SCRIPT_NAME Bug The Brute Force Way

It’s not really news that PHP in it’s CGI or FPM flavor has slight to modest problems getting it’s environment right when using Apache as the front end web server, especially the $_SERVER[‘SCRIPT_NAME’] variable many scripts rely on to determine their true location on the hard drive. This erratic behavior is heavily documented in bug reports 51983 and 55208. As is common practice for the PHP-FPM team, their approach is to sit still and wait until this bug goes away on it’s own. This approach, proven to work for many politicians, may however not work for those folks, that need a solution to the problem at hand. A quite simple solution that unfortunately requires to recompile PHP is the following brute force patch for PHP 5.3.8:

--- php-5.3.8/sapi/fpm/fpm/fpm_main.c.org   2011-07-18 23:03:44.000000000 +0200
+++ php-5.3.8/sapi/fpm/fpm/fpm_main.c.  2011-11-24 18:29:37.000000000 +0100
@@ -1084,6 +1084,7 @@
 {
    char *env_script_filename = sapi_cgibin_getenv("SCRIPT_FILENAME", sizeof("SCRIPT_FILENAME") - 1 TSRMLS_CC);
    char *env_path_translated = sapi_cgibin_getenv("PATH_TRANSLATED", sizeof("PATH_TRANSLATED") - 1 TSRMLS_CC);
+   char *env_redirect_url = sapi_cgibin_getenv("REDIRECT_URL", sizeof("REDIRECT_URL") - 1 TSRMLS_CC);
    char *script_path_translated = env_script_filename;
    char *ini;
    int apache_was_here = 0;
@@ -1118,6 +1119,16 @@
 
        /* Hack for buggy IIS that sets incorrect PATH_INFO */
        char *env_server_software = sapi_cgibin_getenv("SERVER_SOFTWARE", sizeof("SERVER_SOFTWARE") - 1 TSRMLS_CC);
+                if (env_redirect_url &&
+                        strncmp(env_server_software, "Apache", sizeof("Apache")-1) == 0) {
+                        /*
+                         * If we have an env_redirect_url and the web server is Apache
+                         * it's very likely that env_redirect_url is the one we really
+                         * want
+                         */
+                        env_script_name = _sapi_cgibin_putenv("SCRIPT_NAME", env_redirect_url TSRMLS_CC);
+                }
+
        if (env_server_software &&
            env_script_name &&
            env_path_info &&
@@ -1159,7 +1170,7 @@
        if (CGIG(fix_pathinfo)) {
            struct stat st;
            char *real_path = NULL;
-           char *env_redirect_url = sapi_cgibin_getenv("REDIRECT_URL", sizeof("REDIRECT_URL") - 1 TSRMLS_CC);
+           // char *env_redirect_url = sapi_cgibin_getenv("REDIRECT_URL", sizeof("REDIRECT_URL") - 1 TSRMLS_CC);
            char *env_document_root = sapi_cgibin_getenv("DOCUMENT_ROOT", sizeof("DOCUMENT_ROOT") - 1 TSRMLS_CC);
            char *orig_path_translated = env_path_translated;
            char *orig_path_info = env_path_info;

The Day The Routers Died

Can’t believe I missed that.

I especially like the part about “those who stay silent”.

Make your ReadyNAS a Wake-on-LAN Hub

Today an interesting request came up in the ReadyNAS forums: Would it be possible to build an add-on that could send Wake-on-LAN (WoL) packets to any host on your local network? You bet it is ;) Took me a bit time to fiddle in the password protection but here you go:

Version for the x86 ReadyNAS line: ReadyWOL_0.1-readypro-0.1.3.bin
Version for the Sparc ReadyNAS line: ReadyWOL_0.1-readynas-0.1.3.bin

After installation you can wake any machine on your LAN by requesting a special URL from your ReadyNAS. And once you’ve properly configured your router, you can even wake up machines while you’re on the road.

Dropbear for ReadyNAS (Sparc)

DropbearUsing SSH to connect to the ReadyNAS has many advantages for the experienced user. However, OpenSSH is kind of a resource hog which is especially true when being used together with rsync. To make rsync over SSH run a bit smoother I decided to replace OpenSSH with Dropbear on my Sparc line of ReadyNAS boxes. So here’s the latest addition to my add-on collection:

DropbearSSH_0.52-readynas-0.1.1.bin

Google Maps: Almost Off By One (street) Error

Almost Off By One

To be fair: Google is not alone there. All major navigation systems try to send visitors through the gardens of my neighbors because of this small glitch.

Neuer Rekord für “Skype for Mac (beta)”

Gerade eben hat die neue Skype for Mac (beta) einen neuen Rekord in der Kategorie “kürzeste Verweildauer auf meinem Mac” aufgestellt. Installieren, Starten, Gruseln, Runterschmeissen – das war alles in weniger als 60 Sekunden durch. Die neue “Schaltzentrale” ist für mich total unbrauchbar. Skype for Mac beta - Main Screen
Es interessiert mich nicht, wann ich zuletzt mit wem aus meiner Kontaktliste gechattet habe – was übrigens neben “ich schick’ mal schnell die Datei” meine Hauptanwendung von Skype ist -, aber ich muss alle meine wichtigen Kontakte im Schnellzugriff haben. Naja. Die alte 2.8.0.863 wird ja hoffentlich noch ‘ne Weile funktionieren.

P.S.: Ich bin da nicht allein

SABnzbd and Python on the ReadyNAS

Since many ReadyNAS users seemed to have problems getting SABnzbd to run on their ReadyNAS, I decided to give it a try. The result:

To make those work, Python must be installed on the ReadyNAS as well. As usual, there’s Python for ReadyNAS (Intel) and Python for ReadyNAS (Sparc). Setup instructions:

Continue reading

Speed up SSH Logins

Ever since some upgrade of my Ubuntu workstation it would took forever (10-15 seconds) to login to remote hosts using ssh. The solution is quite easy. Edit /etc/ssh/ssh_config and make sure you have set the following options:

    GSSAPIAuthentication no
    AddressFamily inet

Since I made these changes ssh logins again work in no time.

What I Really Hate About Windows

I don’t run Windows regularly. I use Mac OS X. I use Ubuntu. I use Solaris. But when I need to run Windows it will never, ever fail to remind me why I don’t run Windows. It’s as simple as that. If updates are available, Mac OS X will inform me. Ubuntu will inform me. And if I told it to do so, Solaris will inform me. But all of these systems will never fucking ever *reboot* my machine just because they *thought* it’d be necessary. And even if they did have a function like that, they’d sure as hell be intelligent enough to find out that there are tasks running and stop or at least postpone the reboot. Oh well, after all it’s Windows I’m ranting about here ;)
Continue reading