Wed, 10 Aug 2011

pfSense saves the day

— SjG @ 7:48 am

Several years ago, we replaced our commodity hardware firewall (a Sonicwall SOHO from ’01) with pfSense running on an unused Dell 4100 desktop from that same year.

pfSense was a little confusing to configure the first time through (doing 1-to-1 NAT with virtual IPs and CARP was initially confusing, but the pfSense forums and The Google came to our rescue). Once in place, though, it did a great job. And when I say a great job, I mean that we could pretty much forget about its existence. It just hummed away in the background, and everything worked. When we needed to check up on our ISP, we discovered that quality of service logging was already supported, as well as pretty graphs of various connection properties. Very nice!

Over the last weekend, the 4100 locked up, and our connection was interrupted. Rebooting gave a firmware error about a bad disk in drive A: — but there was no disk in the drive. Power cycling, opening the machine, wiggling some cables, and blowing out some dust brought it back up, and all was well. Except it wasn’t, really. The machine spontaneously rebooted a number times over the next few days, and occasionally got into the “bad disk in drive A:” boot failure, requiring a hard power cycle. As I watched on the console, I saw the kernel fault out after too many memory checksum errors. The old machine was giving up the ghost.

After commissioning another old desktop (an ’07 vintage Dell, this time), I was able to install pfSense on it. I had to disable some of the extraneous hardware in the BIOS, but after about an hour I had it installed, booting, and ready to go. I was able to simple dump the configuration from the old firewall, load it into the new machine, reassign the LAN and WAN interfaces to the proper devices, and swap the boxes out. voila! Back in business!

With any luck, I won’t have to repeat this process for another five years.

Fri, 6 May 2011

CMS Made Simple Development Cookbook

— SjG @ 10:32 am

I just received my paper copies.

You can get a copy too!

Crypto Interoperability: .NET and PHP

— SjG @ 10:28 am

(I wrote this back in October of last year, never bothered to post it. I probably had a reason for that, but it’s long forgotten by now, so I might as well post what I had.)

So I wasted a great deal of time trying to get my SHA-256 hashes from a .NET application to match up in a PHP application. It seemed really like it should be straightforward: make sure your string has a known character encoding, SHA-256 digest it, and then base64 encode it. How hard could it be?

Well, after a day of ripping my hair out, I concluded it’s harder than it seems. Here’s what the problem is: the application I’m trying to match encodes the strings as UTF-16 before hashing them. Unbeknownst to me, the double-byte strings are big-endian in one case, and little-endian in the other, even though they’re on the same Intel box. Took longer than it should have to track that down.

Oh, but is that the end of it? No, no, no. No, it’s not.

I also had to decrypt some strings. It was encrypted using the ManagedRijndael class, and I had the key and iv string. Those strings also got encoded into wrong-endian UTF-16, which was easily fixed (once I knew what was going on). But I was still getting gibberish. Well, to make a very long story short, the ManagedRijndael class in .NET and the mcrypt_generic function using Rijndael256 algorithm in cipher-block chaining mode in PHP aren’t exactly compatible. The mighty Google finally pointed me to the solution, which is using the Rijndael128 algorithm. The ManagedRijndael class creates actual AES-256, which mcrypt_generic is using Rijndael, which differ in the length of the initialization vector. Switching to the Rijndael128 but still passing the 32-bit key is equivalent to the AES-256.

What’s all this mean, then? This is all stuff that’s probably pretty obvious to anyone who knows anything. I, however, found this bewildering and confuzzling.

Mon, 4 Oct 2010

More Plausible User Data

— SjG @ 4:44 pm

Back a few years ago, I posted a quick’n’dirty tool for generating plausible user data. I had a need for some improvements, so I’m posting the new version here.

The new version supports back-references, composite fields, and SQL output. So, for example, you could do:

./ -t id:lname:fname:city:state_code:zip:company -f i:ln:fn:c:s:z:/1+^+[Cars,Trucks,Boats,Planes,Motorcycles,Ships,Trains]+^+of+^+/3 -s -m tbl_dealer -n 5

and get the following output:
-- generated data from ./
INSERT INTO tbl_dealer (id,lname,fname,city,state_code,zip,company) VALUES (0,'Nelson','Leslee','Akron','OH',44311,'Nelson Boats of Akron');
INSERT INTO tbl_dealer (id,lname,fname,city,state_code,zip,company) VALUES (1,'Bowen','Beatriz','Miami','FL',33176,'Bowen Trucks of Miami');
INSERT INTO tbl_dealer (id,lname,fname,city,state_code,zip,company) VALUES (2,'Hammond','Raymond','Ninilchik','AK',99639,'Hammond Motorcycles of Ninilchik');
INSERT INTO tbl_dealer (id,lname,fname,city,state_code,zip,company) VALUES (3,'Kim','Arielle','Columbus','MI',48063,'Kim Ships of Columbus');
INSERT INTO tbl_dealer (id,lname,fname,city,state_code,zip,company) VALUES (4,'Estrada','Warner','Iuka','IL',62849,'Estrada Cars of Iuka');

Nothing earth-shattering, but useful to me. Maybe to you too!

Download it here:

Fri, 4 Sep 2009

Why I love being an Open Source developer

— SjG @ 10:14 am

I was private-messaged this morning. I’ve redacted the nick-name of the person contacting me, and made a few minor typo fixes. Unfortunately, this is not all that unusual…

[09:56] [redacted]: [link to bug report]
[09:57] [redacted]: I need these features.. ๐Ÿ™‚
[09:57] _SjG_: hi
[09:57] [redacted]: very good module but not working.. ๐Ÿ™
[09:58] _SjG_: it’s been a long time since I’ve done any work on the module
[09:58] [redacted]: any other guys?
[09:58] _SjG_: well, I do intend to do some upgrades on it, but paying work keeps getting higher priority
[09:59] [redacted]: i see
[09:59] [redacted]: it is method to get money? ๐Ÿ™‚ leave small bugs and do works for money?
[10:00] [redacted]: i see this not first time
[10:00] _SjG_: no, it’s just that I only have so many hours in a day
[10:01] [redacted]: i am not asking you to do this
[10:01] [redacted]: just asking wht to do?
[10:01] [redacted]: its not working..
[10:01] _SjG_: I understand. It’s on my list of things to fix
[10:02] [redacted]: any other solution? other developer who can finish this small thing?
[10:02] _SjG_: you can ask
[10:03] _SjG_: I don’t know if anyone’s working on it
[10:03] _SjG_: Maybe [redacted] — he was doing some FormBuilder work
[10:05] [redacted]: strange..
[10:06] [redacted]: i had so much doubt about choosing this cms..
[10:06] [redacted]: now i see
[10:07] _SjG_: if you’re trying to make me feel guilty for not immediately fixing the problem, you’re not going to succeed. I do this as a volunteer. I have a full-time job in addition.
[10:09] _SjG_: You can try Joomla, and see if they’re more responsive.
[10:09] [redacted]: so other have too ๐Ÿ™‚ but they not publishing modules with bugs I spent so much time and now i see that i should do everything with other cms
[10:10] _SjG_: You can always fix it yourself, and be a contributor
[10:10] [redacted]: i am not programmer thanks god ๐Ÿ™‚
[10:12] _SjG_: no, you’re just a person with an unreasonable expectation of everybody doing your work for you. Sorry. Try being a contributor (in any way whatsoever), and I’d be more sympathetic.
[10:13] [redacted]: what?
[10:13] _SjG_: but coming in with a sense of entitlement and insults isn’t going to win you much support.
[10:13] [redacted]: i am just person who choose product like idiot
[10:14] [redacted]: i made a research it fits my need or not
[10:14] [redacted]: and that damn module is buged
[10:14] [redacted]: thats it
[10:14] _SjG_: yes, and it’s on the list of things to be fixed. what’s your point?
[10:14] _SjG_: I’m not dropping everything to make you happy?
[10:14] [redacted]: and developer say that he need money for this or i can fuck off
[10:14] _SjG_: That’s actually not what I said
[10:15] [redacted]: ha ha ๐Ÿ™‚
[10:15] _SjG_: I said that it’s on my list of things to fix, but paid projects have taken priority
[10:15] _SjG_: I have bills to pay, you know
[10:15] [redacted]: you think other is too stupid?
[10:15] [redacted]: ok
[10:15] [redacted]: now i see situation
[10:16] _SjG_: I have a list of projects, each of which I go through and fix bugs as I have the time
[10:16] [redacted]: i will do some work in forums and so on to clear the situation for other people who can be fished like this
[10:16] _SjG_: I also get hundreds of feature requests
[10:17] _SjG_: and everyone is just like you, thinking that their project more important than my life, so I should just do their work for them and thank them
[10:17] [redacted]: so i am guilty to choose not working module ? ๐Ÿ™‚
[10:17] _SjG_: no, you’re guilty of being impatient
[10:18] _SjG_: and insulting me when I try to explain the situation
[10:18] [redacted]: ๐Ÿ™‚ ok
[10:18] _SjG_: accusing me of extortion by intentionally leaving in bugs
[10:18] _SjG_: do you know how many hour a week I put into writing this stuff?
[10:18] [redacted]: how much do you want for fixing this?
[10:19] _SjG_: it’s on the list to be fixed. I have several paying jobs I’m working on now. It will be done after I complete them.
[10:20] [redacted]: i talk with you just 10 min, but i understand that it will be fixed in 5 years ๐Ÿ™‚
[10:20] _SjG_: well, there’s just one of me
[10:21] _SjG_: I’d work faster, but I do occasionally like to sleep, talk to my wife, etc
[10:22] [redacted]: maybe do the work till the end? ๐Ÿ™‚
[10:22] [redacted]: and only then post them?
[10:22] [redacted]: or dont think that other stupid? ๐Ÿ™‚
[10:23] [redacted]: ok i will find some person and pay the money
[10:23] [redacted]: but not for you mtf
[10:24] _SjG_: Dude, with your attitude, I would have charged you the “go to hell” price anyway