Connect to VMs Without Installing CoRD

redirection No Comments »

When I have to connect to Windows systems, except for the known issues with the en_CA language, CoRD is a great Remote Desktop.  If I could connect using MacOSX-bog-Standard stuff, then clearly this en_CA issue wouldn’t happen… and will show you how to do that. Read the rest of this entry »

Kindle Fire VPN

redirection No Comments »

A friend asked how to configure a VPN on Kindle Fire; the short answer is that it’s difficult, resisted by the manufacturer, and can go away in a heartbeat.

Read the rest of this entry »

How to Grab Brocade and Cisco WWN Aliases by CommandLine

howto No Comments »

In my work, I find that customers need to continually grab some updated labels and data, and re-import. This is tedious.

Worse, it’s in the Windows world, so by comparison, scripting is in a toddler world (small, doesn’t understand, and has tantrums)

I end up using something like the following, understanding that pre-sharing a public SSH key is safer.

@echo off

plink.exe -l ciscouser1 -pw Secr3tP@ssw0rd "show device-alias database" > cisco1.csv
plink.exe -l ciscouser2 -pw Secr3tP@ssw0rd "show fcalias" > cisco2.csv
plink.exe -l brocadeuser1 -pw Secr3tP@ssw0rd "zonecfg" > brocade1.csv
plink.exe -l brocadeuser2 -pw Secr3tP@ssw0rd "alishow" > brocade2.csv

gawk.exe -f brocade-alishow2wwncsv.awk cisco1.csv cisco2.csv brocade1.csv brocade2.csv > nicknames-by-WWN.csv
gawk.exe -f unique-nicknames.awk nicknames-by-WWN.csv > E:VirtualWisdomDataDeviceNicknamenicknames.csv

We’ve edited “brocade-alishow2wwncsv.awk” to accommodate broader formats, but I haven’t been able to check it on a wide range of platforms.

XCode-4.2 gcc cannot find -lcrt1.10.6.0.o

howto 1 Comment »

When continuing to build, using automate and autoconf, I ran into this:

checking whether make sets $(MAKE)... yes
checking for gcc... gcc
checking for C compiler default output file name...
configure: error: C compiler cannot create executables
See `config.log' for more details.
make: *** [config.status] Error 77

The config.log shows:

configure:2661: checking for C compiler default output file name
configure:2688: gcc conftest.c >&5
ld: library not found for -lcrt1.10.6.o
collect2: ld returned 1 exit status

There’s a lot of discussion about this, but basically, Apple didn’t check their own tool. Shame on you, Apple.

The fix is simple, embarrassingly so:

sudo ln -s /Developer/SDKs/MacOSX10.6.sdk/usr/lib/crt1.10.6.o /Developer/usr/llvm-gcc-4.2/lib

I would expect that this needs to be updated every release.

XCode-4.2 Breaks Automake Autoconf Autoreconf Aclocal

howto No Comments »

Like everyone else, my Xcode install broke the command-line tools I use very often. It seems Apple didn’t feel like testing their command line stuff at all, since it’s glaringly obvious that it fails:

autoreconf: Entering directory `.'
autoreconf: not using Gettext
autoreconf: running: aclocal --force
autom4te: m4sugar/m4sugar.m4: no such file or directory
aclocal: /Developer/usr/bin/autom4te failed with exit status: 1
autoreconf: aclocal failed with exit status: 1

I mean “works” and “fails”, polar opposites, clearly no one checked. Shame on you, Apple.

The fix was simple: (Thanks to Nathan Herring’s consideration of ADL’s post in Stack Exchange )

*** /Developer/usr/share/autoconf/autom4te.cfg 2011-10-28 00:15:15.000000000 -0700
--- /Developer/usr/share/autoconf/autom4te.cfg 2011-10-28 00:14:33.000000000 -0700
*** 99,101 ****
begin-language: "Autoconf-without-aclocal-m4"
! args: --prepend-include /usr/share/autoconf
args: --cache=autom4te.cache
--- 99,101 ----
begin-language: "Autoconf-without-aclocal-m4"
! args: --prepend-include /Developer/usr/share/autoconf
args: --cache=autom4te.cache
*** 126,128 ****
begin-language: "Autotest"
! args: --prepend-include /usr/share/autoconf
args: autotest/autotest.m4f
--- 126,128 ----
begin-language: "Autotest"
! args: --prepend-include /Developer/usr/share/autoconf
args: autotest/autotest.m4f
*** 140,142 ****
begin-language: "M4sh"
! args: --prepend-include /usr/share/autoconf
args: m4sugar/m4sh.m4f
--- 140,142 ----
begin-language: "M4sh"
! args: --prepend-include /Developer/usr/share/autoconf
args: m4sugar/m4sh.m4f
*** 152,154 ****
begin-language: "M4sugar"
! args: --prepend-include /usr/share/autoconf
args: m4sugar/m4sugar.m4f
--- 152,154 ----
begin-language: "M4sugar"
! args: --prepend-include /Developer/usr/share/autoconf
args: m4sugar/m4sugar.m4f

WoW on Mac: TCP Tuning

howto No Comments »

My sister plays WoW, and had some latency issues. Rather than go to a higher-speed WAN connection (hey, Wifi-B works OK for most people, but not when you’re raiding) she drilled a bunch of holes in her floors and went direct-wired.

Not to nock direct-attached LAN connections: it’s faster overall, and your latency/jitter in the environment cannot be influenced by a steel stovepipe, or driving a car between your PC and your router. unfortunately, it may have the effect of switching the upstream bottleneck (of data blocks or ACKs stuck behind them) to the router.

Since Wifi bandwidth already exceeds Broadband bandwidth, your speed won’t go up by doing this, but latency improves (insert the first dweeb quoting Linus Torvalds on a “because Linus Sez So! Linus 3:16!” quote here)

Latency can also be a factor of buffering in terms of number of sliding windows, window size, etc. In cases of raw video, you can get better performance (ie less jitter) at the cost of a few dropped frames if you reduce your buffering, for example.

I would take notes on performance (which might be a subjective “feels better” or “feels sluggish”) and then twist a few knobs, as follows. DO NOT change more than one at a time, lest those changes be misattributed to the wrong change.

  • reduce net.inet.tcp.sendspace
    • sudo sysctl -w net.inet.tcp.sendspace=250000
    • make sure that kern.ipc.maxsockbuf = (net.inet.tcp.recvspace + net.inet.tcp.sendspace)
    • net.inet.tcp.sockthreshold may need to be set lower (0 to disable) so that sendspace/recvspace are respected earlier on
  • reduce net.inet.tcp.mssdflt to 1500 – (20 * wrapper) —
    • in most cases, this is 1480, because 20 bytes overhead for a PPPoE link
    • it’s OK to reduce that further without a huge drop in performance
    • further drop because of WiFi? Not logical, but it does protect your stream in the event of unseen X-over-Y tunneling
    • 1440 is OK on a local LAN, even a gigabit; if all LAN members permit jumboframes (9k), use 8940
  • I’m not sure there’s benefit to increasing net.inet.tcp.win_scale_factor above 3 (for gigabit ethernet) because the bottleneck at the router and cablemodem/DSL will only be exacerbated. The congestion should be caught at the desktop to avoid filling the queue at the cable/DSL for outbound traffic.

These reductions are an attempt at reducing queuing at various hops that can reduce the effectiveness of TCP’s congestion algorithm.

If I get other ideas, I’ll add them here.

As always, Netalyzr is a good first-flinch when checking out an unknown network, even if you think you’ve used that net for months.


howto No Comments »

How to “ping” a system using SNMP… but why? We all know that Ping is an ICMP protocol-based tool, and that firewalls treat different protocols, well, differently.

Clearly, if an ICMP round-trip or timed decay works, then there is some routing, but that doesn’t prove, nor disprove, that SNMP gets through.

The most direct method would be a basic “hi, what’s your name?”:

snmpget -t 5 -r 2 -v 1 -c public

In essence: “timeout 5s, retry 2”, “version 1, authentication: community: public”, that’s to be expected, and will flex in different protocols.

The IP address is obvious too; the OID is the “what’s your name?” part:
$ snmpget -t 5 -r 2 -v 1 -c public
SNMPv2-MIB::sysDescr.0 = STRING: Linux UberHugeDiskNAS #1594 Fri Feb 25 19:01:31 CST 2011 ppc

The equivalent in sapwalk2.exe?

sapwalk2.exe -v v1 -c public -i -s -n 1
#sapwalk: ver 2.7
#Copyright (c) 1994-2006 SIMPLESOFT Inc.
#Address=, StartOid=
#TimeOut=90000, MaxRetries=3, CompareFlag=0, DebugFlag=0 , OctetString , Linux UberHugeDiskNAS #1594 Fri Feb 25 19:01:31 CST 2011 ppc
#ERROR: Walk terminated as max variable count [1] exceeded.

(too easy!)

XPathSet in Java

howto No Comments »

After thrashing with sed, awk, and various other attempts to cleanly edit XML, I kept thinking “why don’t I use xpathset”?

xpathset is a tool based on an example in xmlsoft — I’ve got a copy on my cnp-tools project — but it runs on Linux, and my employer uses Windows for all supported installs of its Java-based product. That seems a non-happener.

Sometime last night, I remembered that we are a Java company, and I can compile and share Java code without incurring support issues, additional compiler toolchains, licenses, etc while still leveraging the underlying strength of my coworkers where needed.

From 7pm to 9pm I built using to effect behavior similar to xpathset; it took another 4 hours to clean up and document, but it’s available if you would like to re-use it. Although I didn’t open up xpathset while I was working (xpathset based on an xmlsoft example, hence MIT license), I’m certain I reused the same concepts I used in that tool, so I should license as MIT.

In this example, we are (and it is sequential!):

  1. load input.xml
  2. registering “textfile.txt” as the replacement value
  3. searching for XPath “//ScanTask[@name=’scanExample1′]/@file” and replacing all matches for “textfile.txt”
  4. writing the result to output.xml

The example I did this for is a filename fix in an Axeda EDD_TEXT.xml file. It is possible to read and write the same file, effecting an in-place edit — with Axeda, there may be a timing issue: I’ve found that the file cannot be written on occasion.

The side-effect of the underlying javax.xml.transform technology used is that the attributes are alphabetized on the way in or out of the DOM, so don’t be too surprised if your attributes are re-ordered. Also, indentation may change.

Nagios/Icinga: Confirm user login

howto No Comments »

Recently, we have a strange situation that certain critical users cannot log into an FTP server. Of course, Icinga is helping me to check this going forward:

First, define a service check:

define service{
use bidaily-service
service_description FTP Login
check_command check_ncftpls!''
notifications_enabled 0

Next, catch that odd case when the script itself is missing (in past, payload of Nagios packages has added/dropped parts that I need)

define servicedependency{
dependent_service_description FTP Login
host_name localhost
service_description Runnable check_ncftpls
execution_failure_criteria w,c,u
notification_failure_criteria w,c,u

Finally, the script itself:


NCFTPLS=$(which ncftpls) ||{ echo "FAIL ncftpls not found"; exit 2; }
test -x ${NCFTPLS} || { echo "FAIL ${NCFTPLS} runnable|"; exit 2; }

${NCFTPLS} $@ &OK"; exit 0; }

echo "${NCFTPLS} failed"
exit 2

Now, I could’ve/should’ve used the hostname in the check itself, but I was more interested in just getting it there. I will probably clean it up someday, make it more reusable, but there it is.

Note that I did not establish a dependency on the ncftpls -bearing package itself in my RPM hierarchy simply because it’s perfectly fine for the “runnable” to fail, and the script itself will never thereafter hit the FTP server until the script it safely runnable. Sure, it’s listed as a failure, but it’s a choice against a huge dependency that typically brings in 100 packages of inconsistent perl and such (hey, “just hit cpan”, they’ll do that in datacenters, sure)

Nagios-LDAP Patch Updated

howto No Comments »

I’m updating my LDAP patch for Nagios based on the most-recent release; I’m also doing it as a git repos so that it’s reusable in a more independent way.

First, there are a few non-LDAP-specific changes needed:
1) commit 06d6ca4e7dfc44b1f93dcd836625ec20a1bbc3f1 — use true/false rather than only 0/1 for booleans
2) commit b37f9f5cbc8cc93796ec68d7f7359634eca56ed3 — propagates EPOCH and BROKER build flags through specfile

Next, there are LDAP-specific changes:
1) commit 561f2521aac88244694dcd0ea264acaa3c6796a2 — read in the LDAP-based config as described in

This is all available in git://

I haven’t ported over my test-harness, so it’s fairly unknown code right now. I’m using it, but shifting back to Icinga.

WP Theme & Icons by N.Design Studio
Entries RSS Comments RSS Log in