Notice: register_sidebar was called incorrectly. No id was set in the arguments array for the "Sidebar 1" sidebar. Defaulting to "sidebar-1". Manually set the id to "sidebar-1" to silence this notice and keep existing sidebar content. Please see Debugging in WordPress for more information. (This message was added in version 4.2.0.) in /usr/share/wordpress/wp-includes/functions.php on line 4139 Tech Notes


self-notes No Comments »

A while ago — ages, I’m certain — I refused to do a CIM_XML client for DCNM to be able to write name/pwwn pairs. It had nothing to do with us: it was a CISCO thing to a CISCO service, and didn’t even touch our application.

Then I refused again.

Then I refused again.

Finally, I figured I’d give it a look, but I cautioned heavily that there are a number of risks, and we needed a way to test.

So here we are, weeks later, lacking a method of testing. Because we’re not Cisco, and we’ve only purchased a little bit of Cisco product, Cisco isn’t delivering demo licenses — so we cannot test the CISCO thing talking to the CISCO service because we’re not Cisco. If I know how this is going to go: the PM is going to give up and invalidate many late nights of investigation and work behind “oh well, it was a cheap hack that took no time, right?” BTW: software is hard.

Memo to my future self (beside “just say ‘no'”), these tabs are where I got my information and where debugging notes can be reaped:


In the Brocade space:

  • Really cool Brocade breakouts:
  • It’s better because it’s in ruby:

In the LMI Space:


… and a (nonworking for me) client that gives really cool toMof breakouts:


Finding and Running Java

howto 1 Comment »

As a reference, I wanted to leave a few notes as to how to find a java runtime.

If you’re on a linux system (RPM-based or Debian-based including Ubuntu flavours), BSD (including OpenBSD, NetBSD, or the MacOSX fork), or even USL Unix (including AIX flavours and the other 5999 licensees), chances are typing “java” at a prompt does something. “java -version” should spit out a version.

If you’re on Windows, then you might already have Oracle’s Java package installed; look down the various “Program Files” directories for “Oracle” or “Java”, or if search is working today, try searching for “java.exe”. Additionally, BNA and DCNM (and their variants: HPNA, CMCNE, etc) run on Java, so you might find a java.exe in a Cisco\Network Manager\jre\bin\ directory.

Either way, “java.exe -version” or “java -version” should spit out a version number.

If you don’t have a Java interpreter, then you’ll need to install one. That changes form platform to platform, but again Linux variants have it easiest, typically typing “yum install java” or “zipper install java”, or “apt-get install java”. … or some variant of that. Be aware, you might be looking for a java-1.6.0-openjdk (or for the SuSE Experience, where underscores are preferred over consistency, java-1_6_0-openjdk).

In windows, search where you normally search. If you need to go to Oracle’s website, I assume you have web access.

In either case, if you’re unable to install Java, then the type of guide I tend to write might be a bit challenging. you may need some help from your colleagues in IT.

Also, very important, javaw is for windowed apps; we do not want javaw nor javaw.exe unless we’re running a windowed application.

Kernel: sandbox: xcscredd(141) deny file-read-metadata /Users

Uncategorized No Comments »

I keep getting this message on MacOSX 10.9.1 repeatedly:

10:42:47 Kernel: sandbox: xcscredd(141) deny file-read-metadata /Users
10:42:47 Kernel: sandbox: xcscredd(141) deny file-read-metadata /Users
10:42:47 Kernel: sandbox: xcscredd(141) deny file-read-metadata /Users
10:42:48 Kernel: sandbox: xcscredd(141) deny file-read-metadata /Users
10:42:48 Kernel: sandbox: xcscredd(141) deny file-read-metadata /Users

I found Leland Wallace‘s post on Apple’s self-help Support site, and tried the following:

*** /Applications/	2013-11-11 11:59:19.000000000 -0800
--- /Applications/	2014-02-11 11:03:50.000000000 -0800
*** 62,68 ****

  ;; suppress spurious failures due to keychain notifications from xcscredhandler
  (deny file-read*
!        (subpath "/Library/Server/Xcode/Credentials/Data")   ;; we have no buisness looking in here
         (with no-log)

--- 62,69 ----

  ;; suppress spurious failures due to keychain notifications from xcscredhandler
  (deny file-read*
!        (subpath "/Library/Server/Xcode/Credentials/Data")   ;; we have no business looking in here
!        (subpath "/Users")                                   ;;
         (with no-log)

Let’s see if that silences a bunch of unnecessary log-noise.

Jenkins on Synology xx09 -Series

Uncategorized No Comments »

In order to get a basic CI build box going, I decided ot leverage the Synology that seems underwhelmed in what I’ve currently thrown at it.

I’d love to see a Jenkins on but for now, it’s a hack.

I followed some basic online instructions to some success:

  1. Checking What kind of CPU does my NAS have, I clearly have a MPC8533 running 64bits and 512MB
  2. per,_bootstrap,_ipkg_etc I need the bootstrap, which I ran from a basic root login
  3. ipkg update, ipkg search jamvm pulled in libgmp-4.3.2-1, file-5.12-1, classpath-0.98-1, zlib-1.2.5-1, and jamvm-1.5.4-1
  4. jamvm -version
    java version "1.5.0"
    JamVM version 1.5.4
    Copyright (C) 2003-2010 Robert Lougher
    Execution Engine: inline-threaded interpreter with stack-caching
    Compiled with: gcc 3.4.3 20041021 (prerelease)
    Boot Library Path: /opt/lib/classpath
    Boot Class Path: /opt/share/jamvm/
  5. has a few typos (I hope I don’t add any!), but discusses how to hand-tool Jenkins into place:
    1. echo 'jenkins:x:145:145:Jenkins:/var/lib/jenkins:/bin/sh' >> /etc/passwd
    2. echo 'jenkins:*:10933:0:99999:7:::' >> /etc/shadow
    3. echo 'jenkins:x:145:jenkins' >> /etc/group
    4. mkdir -p /opt/jenkins/data
    5. ln -s /opt/jenkins /var/lib/jenkins
    6. check it so far: ls -al ~jenkins/data
    7. chown jenkins:jenkins /opt/jenkins/data
    8. wget -O /var/lib/jenkins/jenkins.war
    9. create the /var/lib/jenkins/ script below
    10. chmod 755 /var/lib/jenkins/
    11. run it: /var/lib/jenkins/
    12. check for errors in /var/lib/jenkins/data/console_log
    13. You now have a server online at your Synology server, port 8080
  6. Unfortunately, I’m stuck at:> JENKINS_HOME=/var/lib/jenkins/data /opt/bin/jamvm -XX:PermSize=512M -XX:MaxPermSize=2048M -Xmn128M -Xms1024M -Xmx2048M -jar /var/lib/jenkins/jenkins.war
    Unrecognised command line option: -Xmn128M
    ; removing that option, Segmentation fault (core dumped)
    … I think the next step is to swap in a full JVM in place of JamVM:

The start/stop script look like:

su -s /bin/sh jenkins -c "
cd /var/lib/jenkins
JENKINS_HOME=/var/lib/jenkins/data exec nohup /usr/java/bin/java -jar /var/lib/jenkins/jenkins.war $JENKINS_OPTS >/var/lib/jenkins/data/console_log 2>&1 &
echo $! >/var/lib/jenkins/data/"

That “JENKINS_…&” line is all one line from the “JENKINS_HOME=” to the “&” at the end. Also, if you’re cutting-and-pasting, watch out for “improved” quotation marks.

Brother MFC-J425W Scanner Buttons onto CentOS-6.4

Uncategorized No Comments »

I’m trying to get my scanner to send content to a CentOS-6.4 VM; I’m certain now it’s a case of using the buttons to trigger a request to pull content, which indeed fits the definition of what is actually happening in a modern day “push” of data (for example, MMS is really a short SMS to come and get a big payload; push-email is a notice to come and get stuff).

So. There I was. a MFC-J425W is really a brscan4 daemon, so I grabbed that:


Problem is, the install %post scriptlet of brscan4 called its own /opt/brother/scanner/brscan4/setupSaneScan4 which on line 13 went looking for /etc/sane.d/dll.conf which is part of sane. Unfortunately, the notion of “dependency” escapes those brscan* RPMs, so I’ll need to add that RPM as well. sane drags in most of the state of Georgia (well, maybe just sane-frontends which pulls in libexif, libgphoto2, libieee1284, libtool-ltdl, libv4l, lockdev, sane-backends, sane-backends-libs, and sane-backends-libs-gphoto2)

A re-install of the brscan twins (yum erase, yum localinstall) doesn’t experience the same error, so I’m onto a good start.

A quick “sudo /usr/bin/brsaneconfig4 -a name=Groucho model=MFC-J425W ip=” got me a registered printer under scanimage -L:

device `brother4:net1;dev0' is a Brother Groucho MFC-J425W

Success. I think ?

The next step would be a scanner-button-daemon such as scanbd; I want to use the provided Brother brscan-skey and I found that after scanimage -L found the scanner, brscan-skey can as well:

$ sudo brscan-skey -l

$ sudo brscan-skey -t
$ sudo brscan-skey
$ sudo brscan-skey -l

Groucho : brother4:net1;dev0 : Active

That’s a fair amount of progress for the day. These are mostly notes for myself, but I hope someone else can benefit. My next step would be a customization of the brscan-skey such as per

VMWare Copied Linux Gotchas

How to, virtualization No Comments »

When I manually-clone a VM in VMWare, there are a few things I tend to have to remember. More of a memo to myself, this post will be edited or refer to later posts as necessary. I use this because I forget, and google finds my own stuff as quickly as someone else’s…

  1. Install a new VM
  2. Choose to install from another VM
  3. Choose to duplicate, not share nor steal the disk(s)
  4. Search for the Virtual Disk.vmdk file to copy (if it’s not found, is the prototype VM stopped?)
  5. wait for the install to complete
  6. edit the new MAC into the /etc/sysconfig/network-scripts/ifcfg-eth0 file
  7. check for a butchered /etc/udev/rules.d/70-persistent-net.rules file (delete the ones from the previous MAC)

From there, the new clone acts like an independent system. I usually pop into my router and hard-set the MACAddr’s name so that the DDNS gives me the IP from the hostname when the DHCP dishes out an address. That avoids the DNS delay that most people kinda forget/dont-care in PTR lookup at connection time in, oh, everything.

MDS Exclusions to Attempt to UnCrapify Powerpoint

How to No Comments »

Powerpoint is one of those necessary pills-to-swallow that gives an impressive choking fit at times. In my case, I just want a simple presentation driver, and although I may choose not to use the swooping transitions and 41000 font choices, the ever-increasing load due to dormant enhancements risks bloat to failure.

Specifically, Outlook 2011 tends to stall for up to 6 seconds at a time (no big deal if it didn’t happen every few seconds, and that the typing tends to go to a random place/dialog/chat window).

Activity Monitor shows that MDS VM usage multiplies when Outlook or Powerpoint are started; even with just Outlook running, MDS is at 11% runocc and 984MB (yes, nearly 1G virtual). Physical/Core usage is at 1/3 Gb.

My hypothesis (ObConspiracy: if you want to make a competitor look bad, you want your product to run really crappy on it, but not all the time, and with such a degraded experience that the issues with your competing product pale by comparison — that turns all your regular users into hecklers for those unwilling to accept a huge hurdle for a non-critical app) is that MDS is seeing continuous change in the data files backing Outlook and Powerpoint.

.. so let’s reduce that visibility to files constantly in-flux:
$ sudo defaults read /.Spotlight-V100/VolumeConfiguration.plist Exclusions
"/Users/allan.clark/Documents/Microsoft User Data/Office 2011 Identities/Main Identity/Data Records/Exchange Moves",
"/Users/allan.clark/Documents/Microsoft User Data/Office 2011 Identities/Main Identity/Data Records/Exchange Sync",

Outlook keeps copies of its mailbox and data, never removing the 2008 version when 2011 is created, so that’s 4 copies of the data on the same disk. Only the most recent seems to change, so let’s exclude that from your MDS:

sudo defaults write /.Spotlight-V100/VolumeConfiguration.plist Exclusions -array-add ~/Documents/Microsoft User Data/Office 2011 Identities/Main Identity/Data Records/Exchange Moves
sudo defaults write /.Spotlight-V100/VolumeConfiguration.plist Exclusions -array-add ~/Documents/Microsoft User Data/Office 2011 Identities/Main Identity/Data Records/Exchange Sync

As you can see, I also exclude the root of temp folders and downloads. I don’t need downloads to trigger MDS all the time.

Don’t forget to restart the service:

sudo launchctl stop && sudo launchctl start

Let’s see if Powerpoint still chokes…

APC 9617 DHCP on MacOSX

Uncategorized No Comments »

The APC UPS controller AP9617 requires an additional DHCP Option 43 set to “APC” to indicate that the DHCP specifically knows it’s talking to an infrastructure device; it’ll refuse all DHCP not bearing this string. This avoids misconfigurations but can be a pain to realize and configure. MacOSX uses opensource code for its daemons but really prefers this XML-ish “plist” config (I’m not a fan of this nearly-XML because although it leverages the concise “yes, this is markup” and escaped content, it is positional (change the order of the sibling “key” and “value” and it’s all screwed up), and it cannot be addressed/read in XPath notation. Even locating the proper plist config file can be non-trivial.

The shortcut:

  1. insert “<key>dhcp_option_43</key><data>AQQxQVBD</data>” into /private/etc/bootpd.plist and
  2. sudo /bin/launchctl load -w /System/Library/LaunchDaemons/bootps.plist to activate

The detail:

In Standard ISC Bind config, (Keith Perry
# The following class identifier is used by the APC UPS: "APC"

class "APCUPS" {
match if substring (option vendor-class-identifier, 0, 3) = "APC";

# The following line populates the lease file with
# the Vendor Class Identifier that the client sends.

set vendor-string = option vendor-class-identifier;
# APC Network
subnet netmask {
pool {
deny dynamic bootp clients;
option routers;
option broadcast-address;
option subnet-mask;
filename "APC.bin";
option vendor-encapsulated-options "APC";
allow members of "APCUPS";
ping-check TRUE;

On MacOSX, /etc/bootpd.plist is the key component, read by a daemon started using sudo /bin/launchctl load -w /System/Library/LaunchDaemons/bootps.plist ( Tests can be made by making changes and “kill -HUP” (sighupping) the daemon, but it seems the underlying stack has already reserved a redirection for UDP/67 so running a bootpd or dhcpd outside of the launchctl won’t bind to the port (already in use).

The problem as well is that the <key>dhcp_option_43</key> we need to add to the config (to tell the APC that it’s OK, we know it’s an APC, you can accept this DHCP) isn’t one that MacOSX bootpd knows the format of, so it’ll complain (in the console log). Instead of a simple <key>…</key><value>…</value>, we need to use <key>…</key><data>…</data>, and the data needs to be Base64-encoded. I used, then checked it as follows:

$ echo -n 'AQQxQVBD'|base64 -D|od -tx1
0000000 01 04 31 41 50 43

This value is “code #1, length 4, #31, A, P, C”; AP9617 Documentation refers to this ‘1 A P C’ as “The APC cookie”. #31 might be the ASCII ‘1’ or an APC-specific “set option #31 to this value” marker.

The AP9617 then asks for an IP in a quicker mode when it’s just booting (cold-boot to Request is approx 18 seconds): > broadcasthost.bootps: [no cksum] BOOTP/DHCP, Request from 00:c0:b7:12:34:56 (oui Unknown), length 300, xid 0x317e, secs 32, Flags [none] (0x0000)
Client-Ethernet-Address 00:c0:b7:12:34:56 (oui Unknown)
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
Vendor-Class Option 60, length 3: "APC"
Client-ID Option 61, length 7: ether 00:c0:b7:12:34:56
CLASS Option 77, length 3: "MSP"

When it has no valid lease, it’ll eventually drop to a fuller Request or a Discover; as you can see, it has absorbed the IP that I had sent it without the proper Option-43 set, so it seems to be re-asking with the offered IP address of in a sort of “are you sure? (and please answer with option 43 set)”. Notice “Vendor-Option” is set in the Parameter Request line — I assume that’s specifically asking for Option-43.

14:54:25.674991 IP (tos 0x0, ttl 64, id 38, offset 0, flags [none], proto UDP (17), length 576) > broadcasthost.bootps: [no cksum] BOOTP/DHCP, Request from 00:c0:b7:12:34:56 (oui Unknown), length 548, xid 0x317e, secs 64, Flags [none] (0x0000)
Client-Ethernet-Address 00:c0:b7:12:34:56 (oui Unknown)
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Request
Requested-IP Option 50, length 4:
Parameter-Request Option 55, length 13:
Domain-Name-Server, Default-Gateway, Subnet-Mask, Domain-Name
TFTP, BF, BS, Vendor-Option
RN, RB, NTP, Time-Zone
Server-ID Option 54, length 4:
Vendor-Class Option 60, length 3: "APC"
Client-ID Option 61, length 7: ether 00:c0:b7:12:34:56
CLASS Option 77, length 3: "MSP"

With our DHCP server set up in /etc/bootpd.plist, we’re happy to oblige: > [udp sum ok] BOOTP/DHCP, Reply, length 300, xid 0x317e, Flags [none] (0x0000)
Client-Ethernet-Address 00:c0:b7:12:34:56 (oui Unknown)
sname "ACLARK-LT.local"
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: ACK
Server-ID Option 54, length 4:
Lease-Time Option 51, length 4: 85536
Domain-Name-Server Option 6, length 4:
Default-Gateway Option 3, length 4:
Subnet-Mask Option 1, length 4:
Vendor-Option Option 43, length 6:

Once it’s online, you can choose to accept DHCP offers lacking the APC Cookie for robustness; I did, but it opens me to rogue IPs. I think in my environment, there’s a higher risk of forgetting the random little bits that this device needs to appease its ego. Just take the IP and have a nice day 🙂

Automount on MacOSX

howto No Comments »

As a quick reminder, when trying to use automount -hosts on a Mac (ie auto-mounts NFS shares found by name on the local subnet), ensure that you:

  1. edit client:/etc/autofs.conf: ensure “resvport” is in AUTOMOUNTD_MNTOPTS (mine says: AUTOMOUNTD_MNTOPTS=nosuid,nodev,resvport)
  2. defaults write DSDontWriteNetworkStores true to avoid writing .DS_Store in network shares, which MacOSX keeps open (hence “hot”, hence avoiding automount timeout)

Works quite well now with my Synology, for which I have enabled “ root_quash” for the shares in question:

$ showmount -e ds211.local
Exports list on ds211.local:
/volume1/Archive *
/volume1/music *

$ mount
ds211.local:/volume1/Scan on /net/ds211.local/volume1/Scan (nfs, nodev, nosuid, automounted, nobrowse)

.. the next step is to set all Scanned content to write to this new pathname to avoid mount issues down-the-road

Airport Utility 5.6.1 on MacOSX 10.8.3

How to No Comments »

This is a quick remember on how to upwrap a package and install it manually: Airport Utility-5.6.1 on MacOSX-10.8.3

I never remember the vanity cat-versions of OSX, but my 10.8.3 is not permitted to install AU-5.6.1. There’s something in the AU-5.6.1 package that refuses (or has forgotten to specifically allow) 10.8.3 has a host OS. My needs involved WEP configurability: I had to get an old laptop onto my Wifi to get it online without a Mir-Cable across the floor.

unfortunately, AU-5.6.1 doesn’t allow a guest network, whereas the frailty of WEP causes me to prefer a simple laptopinternet pipe withot access to the other resources on my LAN. I went elsewhere with this task, but I wanted ot keep some notes.

  1. download from
  2. mkdir -p ~/Desktop/apu561
  3. cd ~/Desktop/apu561
  4. xar -x -f /Volumes/AirPortUtility/AirPortUtility.pkg Payload
  5. tar xzf AirPortUtility.pkg/Payload
  6. sudo mv Applications/Utilities/AirPort /Applications/Utilities/AirPort


WP Theme & Icons by N.Design Studio
Entries RSS Comments RSS Log in