April 2006 Archives

Ruby on Rails is the most recently hyped language, so I though about testing it out on my development server. I followed the tutorial available on the RoR website. It went fine until I did a ./scripts/generate command and got lot of syntax errrors:

/usr/lib/ruby/1.8/yaml.rb:133:in `load': syntax error on line 27, col 2: `  host: localhost' (ArgumentError)
 from /usr/lib/ruby/gems/1.8/gems/rails-1.1.2/lib/initializer.rb:459:in `database_configuration'
        from /usr/lib/ruby/gems/1.8/gems/rails-1.1.2/lib/initializer.rb:181:in `initialize_database'
        from /usr/lib/ruby/gems/1.8/gems/rails-1.1.2/lib/initializer.rb:84:in `process'
        from /usr/lib/ruby/gems/1.8/gems/rails-1.1.2/lib/initializer.rb:42:in `run'
        from ../config/../config/environment.rb:13
        from /usr/lib/site_ruby/1.8/rubygems/custom_require.rb:21:in `require'
        from /usr/lib/ruby/gems/1.8/gems/activesupport-1.3.1/lib/active_support/dependencies.rb:147:in `require'
        from /usr/lib/ruby/gems/1.8/gems/rails-1.1.2/lib/commands/generate.rb:1
        from /usr/lib/site_ruby/1.8/rubygems/custom_require.rb:21:in `require'
        from /usr/lib/ruby/gems/1.8/gems/activesupport-1.3.1/lib/active_support/ 

I started looking around at the folder structure that Ruby installs itself into when you create a new RoR application. Below my main folder, which the tutorial instructed my to create an alias or virtual directory for is the config folder. Inside the config folder is the database.yml file, holding my database information, with accounts and hard-coded passwords. (On my box, it's all localhost only, but still...)

Just to check, I fired up my browser and entered http://myserver/myrailsalias/config/database.yml. All the information popped up. I changed the Apache alias to /mypathtorails/public/ which I didn't see in the tutorial. This seems to be a lot more secure. This doesn't mean RoR is any more or less secure than any other interpreted scripting language for web applications, just that right now, it's easy to install it in a less secure manner.

What's the point? Know what you're installing, where it installs, what permissions it needs, and what context it runs as. And don't put your database.yml someplace where anyone can download it. I know there are websites where I could find it, but I'm not going to try. That doesn't mean someone else isn't writing a bot to find it right now.

Oh, and know how Apache works and httpd.conf works, too. All that is a lot to expect for people looking for a simple programming language.

For a grad school project we need to build a system that bills people by the amount of time they rent a car. Thus, I needed to use the DateDiff function of VB and SQL in Access. I looked it up using Access help and got to the right MSDN page:

Syntax

DateDiff(interval, date1, date2[, firstdayofweek[, firstweekofyear]])

They tell you that interval is a String and link to what a string is. The part they don't say explicitly is that you need to enclose the interval value in quotation marks. "Of course," you say, "It's a string." Is it too much to ask for an example showing it in use with the quotation marks? e.g.

In Microsoft Access:
WHERE (((Rentals.CarOut)=True)) AND ((DateDiff("h",Rentals.DropOffDate,Now())>3));
In Microsoft SQL: (Transact-SQL for SQL 2000/2005)
WHERE (((Rentals.CarOut)=True)) AND ((DateDiff("h",Rentals.DropOffDate,GETDATE())>3));

Where h is the code for hours.

I just wanted to write this down someplace before I forget it. And why must Access and T-SQL be different? Now() doesn't work in T-SQL and GETDATE() doesn't work in Access.

Those blog indexers work fast. Immediately after updating, I checked my log file and this is what I saw:

206.188.0.11 - - [24/Apr/2006:15:20:28 -0400] "GET /blog/index.xml HTTP/1.1" 200 33997 "-" "Java/1.5.0_03"
206.188.0.11 - - [24/Apr/2006:15:20:28 -0400] "GET /blog/2006/04/quick_nmap_for_different_oses.html HTTP/1.1" 200 9707 "-" "Jakarta Commons-HttpClient/3.0"
70.85.178.146 - - [24/Apr/2006:15:20:29 -0400] "GET /blog/index.xml HTTP/1.1" 200 33997 "" "edgeio-retriever (www.edgeio.com)"
65.19.150.209 - - [24/Apr/2006:15:20:37 -0400] "GET /blog/ HTTP/1.1" 200 38102 "-" "OmniExplorer_Bot/6.52 (+http://www.omni-explorer.com) WorldIndexer"
64.158.138.84 - - [24/Apr/2006:15:20:43 -0400] "GET /robots.txt HTTP/1.1" 404 287 "-" "Blogslive (info@blogslive.com)"
64.158.138.84 - - [24/Apr/2006:15:20:43 -0400] "GET /blog/index.xml HTTP/1.1" 200 33997 "-" "Blogslive (info@blogslive.com)"
209.18.119.138 - - [24/Apr/2006:15:20:51 -0400] "GET /blog/index.xml HTTP/1.1" 200 33997 "-" "Jakarta Commons-HttpClient/3.0"
209.18.119.138 - - [24/Apr/2006:15:20:51 -0400] "GET /blog/index.xml HTTP/1.1" 200 33997 "-" "Java/1.5.0_05"
209.18.119.138 - - [24/Apr/2006:15:20:52 -0400] "GET /blog/2006/04/quick_nmap_for_different_oses.html HTTP/1.1" 200 9707 "-" "Jakarta Commons-HttpClient/3.0"
209.191.83.2 - - [24/Apr/2006:15:21:02 -0400] "GET /blog/index.xml HTTP/1.0" 200 33997 "-" "Yahoo-Blogs/v3.9 (compatible; Mozilla 4.0; MSIE 5.5; http://help.yahoo.com/help/us/ysearch/crawling/crawling-02.html )"
209.237.228.229 - - [24/Apr/2006:15:21:10 -0400] "GET /blog HTTP/1.0" 301 313 "-" "Technoratibot/0.7"
209.237.228.229 - - [24/Apr/2006:15:21:10 -0400] "GET /blog/ HTTP/1.0" 200 38102 "-" "Technoratibot/0.7"
209.237.228.229 - - [24/Apr/2006:15:21:11 -0400] "GET /blog/atom.xml HTTP/1.0" 200 93963 "-" "Technoratibot/0.7"
209.237.228.229 - - [24/Apr/2006:15:21:18 -0400] "GET /blog/index.xml HTTP/1.0" 200 33997 "-" "Technoratibot/0.7"

Thus Technorati and the others can keep a pretty good pulse on exactly what people are blogging about at any given moment. This didn't happen with Presstopia.

Just for fun, I thought I'd compare the ports open on the various boxes in my lab.

Mac OS X v. 10.3.9 (Running Dave)
PORT STATE SERVICE
21/tcp open ftp (Throws a Win98 .com filename "hole" in nessus)
22/tcp open ssh
139/tcp open netbios-ssn
427/tcp open svrloc
445/tcp open microsoft-ds
548/tcp open afpovertcp

Windows XP SP2 Laptop
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds

Fedora Core 4
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
53/tcp open domain
80/tcp open http
443/tcp open https
1241/tcp open nessus
3306/tcp open mysql
10000/tcp open snet-sensor-mgmt (Actually webmin)

Windows Server 2003 DC
PORT STATE SERVICE
42/tcp open nameserver
53/tcp open domain
80/tcp open http
88/tcp open kerberos-sec
135/tcp open msrpc
139/tcp open netbios-ssn
389/tcp open ldap
445/tcp open microsoft-ds
464/tcp open kpasswd5
593/tcp open http-rpc-epmap
636/tcp open ldapssl
1025/tcp open NFS-or-IIS
1027/tcp open IIS
3268/tcp open globalcatLDAP
3269/tcp open globalcatLDAPssl
3389/tcp open ms-term-serv

I was curious as to what Exchange 12 opened on my old Dell, so I ran a quick nmap scan. I also have SQL 2005 running, so that's open, too. As you can see from the list below, not all nmap service reports are accurate. Pretty short compared to my Fedora Core 4 box running Apache, MySQL, and Sendmail.

PORT STATE SERVICE
25/tcp open smtp
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
593/tcp open http-rpc-epmap
1040/tcp open netsaint
1083/tcp open ansoft-lm-1
1155/tcp open nfa
1433/tcp open ms-sql-s
3389/tcp open ms-term-serv
5001/tcp open commplex-link
6001/tcp open X11:1
6002/tcp open X11:2
6004/tcp open X11:4
8009/tcp open ajp13

Two System Log Errors from the scan, One System Log Warning:
None, message: An anonymous session connected from 10.10.10.15 has attempted to open an LSA policy handle on this machine. The attempt was rejected with STATUS_ACCESS_DENIED to prevent leaking security sensitive information to the anonymous caller. The application that made this attempt needs to be fixed. Please contact the application vendor. As a temporary workaround, this security measure can be disabled by setting the \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Tur nOffAnonymousBlock DWORD value to 1. This message will be logged at most once a day. , Matched on: Type: Error , timestamp: 16:54:50 04/22/106

TermDD:50 on xxxx, category: None, message: The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client. , Matched on: Type: Error , timestamp:16:55:08 04/22/106

The Security System has received an authentication request that could not be decoded. The request has failed.

The Exchange roles running on this box include everything except gateway. (Client Access, Mail Store, Bridgehead).

For the full Nessus 3.0 report, read on.

While I liked my Presstopia blog fine and knew how to do a few customizations to it, I didn't have categories. There was no one page where I could go and find all the entries about script attacks or Exchange 12. I was also curious about updates in Six Apart's Movable Type 3.2, since I haven't done an MT install since about MT 1.6.something, along with comment assassin. With MT 3.2, all comments must be approved and I get emails about them.

By no means is this move based on Microsoft vs. Open-Source whatever. I am simply choosing an available tool, just like with anything else. It's not like MT is free either if I have more than one author.

The migration went OK -- I had to write a simple VBscript to format my old entries to a format MT could understand. My old blog, Presstopia was fine but didn't have any specific export capabilities other than Atom and RSS. Why MT can't import directly from RSS or Atom is beyond me. Why Presstopia can't shoot out all entries from RSS is a mystery -- unless I get source code access. Thus I wrote another SQL connect string and some VBScript to format the date properly. I have a lot to learn about date formatting from SQL 2000 in ASP. And about dot.Net.

Installing MT wasn't that bad, except Image::Magick is AFU on Fedora Core 4. It won't make because some kind of language error that makes variables into foreign phrases, leaving me with thousands of error messages. I like NetPBM better, anyway. And MySQL permissions are funny. Localhost is NOT included in ANY in the host permissions section. D'oh.

Now I can compose within the blog itself, rather than saving in Word or something first because my session would time out before I hit the "post" button. MT is slower on the edit response time but reading is faster, since it's static HTML rather than a VB call to SQL. And my content is no longer held hostage to a system with limited export capabilities.

When you switch languages a couple of times a day, you begin to confuse some syntax and notice differences between the languages. In one week: get basketball tournament application working again. (PHP) Get Java app connected to Derby open-source database for my Java class (handed in to my professor before class meets, but implemented in a class). Get VB (6, not .net) apps working for Decision Support Systems class (targeting zip codes) and Databases class (rental car system). Get VBscript flight-risk scoring system working. While Visual Basic and VB Script are close, they’re not the same. You can dim intX as int in VB, but you can only dim intX in VB Script.  (The again, my server doesn’t even let me do option explicit: The specified 'option explicit ' option is unknown or invalid.)

And while you can do a Adodc.recordset.recordsize in VB6, Java (1.5) has no resultSet.recordsize. So when I do a query in VB using ADO, I know how many records I have; but in Java, I have to do while(recordset.next()) { recount++} (source). So my obsolete version of VB knows how many records are in my set, but the latest version of Java does not. I’m sure there’s a reason for this, I just don’t know what it is. I haven’t figured out if there’s a recordset size() function/method in PHP yet. I wonder if Ruby on Rails has one available – I’d check but the RoR API documentation isn’t searchable.

All I want to do is build a completely 64-bit AMD dual-core box.

Oh, the many 64-bit options and the lack of details. You can buy a 64-bit box, but are the storage and network drivers 64-bit? Does my 64-bit PCI storage controller have 64-bit drivers? For Vista CTP 64-bit? When Solaris was the only 64-bit game in town (available to me anyway) I could get answers. Now that everyone is making motherboards that support Intel and AMD 64-bit processors, it gets much harder to track down answers

Hypothetical: Today, you need to buy a server to run Exchange 2003 Sp2 on W2k3 R2. You want to make sure it will run Exchange 12 with no bottlenecks that will hurt performance, like a 32-bit storage driver. What do you buy? Microsoft has tips for the folks writing drivers. Where’s the 64-bit hardware qualification list? Why is it easier to find Sun servers that meet Microsoft’s 64-bit HQL? This is close. But are all the drivers 64-bit? Vista? ATI has Vista drivers available.

On the install, the Exchange installer didn't ask me to run ForestPrep
or ADPrep -- it just tweaked AD during the process with my credentials.

There are also a couple of neat tool shortcuts inside Exchange System
Manager. At the bottom of the tree part of the MMC are links to
Exchange Best Practices Analyzer (installed automatically), which
auto-updates as soon as it is launched. The first time I ran it, I got
a squawk about having no WINS server. I run a brand-new Windows Server
2003 Domain at the W2K3 functional level (on a separate box), have DNS
working great (even replicating to BIND 9.3.1), but Exchange 12 still
wants to see WINS. This makes me think that WINS may not be going away
in my lifetime.

The next shortcut in the toolbox is to PerfMon, (as long as I can run
it with “perfmon” I won’t call it “System Monitor” with a nice default
set of SMTP send and receive stats, Mapi.net and IS RPC hits, total
memory pages, and total processor time.

The final toolbox shortcut is Exchange queues, which saves time from
drilling down to find the SMTP/IMAP/whatever server you’re looking for
and hitting F5 a bunch of times. You get there faster, but you still
need to hit F5 for faster updates.

Also: Exchange 12 and SharePoint Services don’t seem to get along.
Exchange 12 and SQL 2005 share the same box fine so far, and SharePoint
installs and extends sites fine, but when it comes time to create a
site, it chokes, using the web-based administrator and stsadmin.exe.
Thus I may be installing IIS and SharePoint services on my Domain
Controller.

Even in my home lab, I hate compromises.

The other day I logged into my Exchange 12 Beta OWA from a campus lab here at GWU. (It comes with its own, untrusted certificate for SSL: "Exchange Edge Certificate.") I had previously explored OWA options and went to the general settings and saw an appearance tab. I selected the "black" appearance and reloaded OWA. It is a hip-looking white type on black interface, except for the actual message window, which is black type on white.

One of my classmates, looking over my shoulder, said how much cooler it looked than his OWA, which looked the same as everyone else's OWA on E2k3.

It looks like there will be skins for Exchange 12 OWA and they will make users want you to upgrade to Exchange 12 ASAP. I just wish everything in the beta OWA was working like security and spelling, because my friends who have checked it out are now worried that OWA won't support it in the next version.

As Microsoft creates new versions of its business software it is creating new Metaphors. As I explained previously, Exchange Server 12 will no longer be just front-end back-end but client access, gateway, bridgehead, and mailbox storage. Microsoft SQL 2005 has changed, too. No more Enterprise Manager; and no, this doesn’t mean you’re going to have to learn all the options of dbcc. If you try to connect to SQL 2005 using Enterprise Manager, you get the error, To connect to this server, you must use SQL Server Management Studio or SQL Server Management Objects (SMO).. However, my old Query Analyzer works just fine. What has changed (among many things) is the management interface: SQL Server Management Studio.

SQL Server Management Studio looks a lot like Visual Studio.Net – instead of database administrators (boring), we’re now database developers providing solutions. (Does this mean we get paid more?) There’s a solution explorer in the Management Studio console. There’s a GUI drag-and-drop manager for creating backup jobs, index rebuilds, that makes working with SQL 2005 look better, or at least sexier-looking. After logging onto EM about a thousand times, change is good.

Also: SQL mail in 2005 no longer requires an Outlook profile. You can use just SMTP and even authenticate to it. I love being able to choose the context under which every last process runs.

The Exchange 12 Beta installation is simple and somewhat
elegant. It doesn’t ask you to install Forest Prep or Domain Prep – it just has
a step where it does it. You can configure your Exchange 12 server to perform
several functions: Gateway, Bridgehead, Client Access, Mailbox, and Unified
Messaging. Gateway is not compatible with the other functions, since it’s
supposed to operate outside the Exchange org, screening and securing your
messages. Thus the metaphors from current Exchange parlance have changed –
Front-End has become Client Access, for instance.

Once you’ve installed the beta, there are four items
installed under the Microsoft Exchange folder in the start menu:

1. Exchange Console Manager, which replaces the Exchange System Manager
2. Exchange Server 12 Help, the sole source of documentation, even documenting parts of the ECM that haven’t been implemented yet.
3. Exchange Queue Viewer, a really fast way to check your mail queues.
4. Exchange Management Shell: A DOS box in which you can enter commands to manage your Exchange 12 environment. If you’re not comfortable at the command line, don’t try the Beta, because there are many things you can’t configure any other way. On the other hand, it’s still simpler than trying to edit Sendmail’s config.cf directly.

<>The new Exchange is still missing a lot of the management we’ve grown to love and hate in E2K and E2K3, such as mailbox management, graphic management of connectors, and the like, but it has great potential. What I’d like to play with is push wireless messaging to smartphones – there’s even a wireless device manager panel in Exchange 12 OWA – but I don’t have a smartphone and don’t know if Verizon Wireless can hook me up yet.

Microsoft’s Exchange 12 Beta arrived in my TechNet pack, and I had a box on which to install it. Why not? The Beta supports 32-bit hardware; production versions will not, according to the release notes. Installation was only a minor pain. My prerequisites, dot.Net 2.0, IIS and ASP were installed, but Microsoft Management Console, version 3, was not. Fortunately, the installer GUI had a link to MMC 3.0, just not the right one. The one you want for Exchange 12 is MMC 3.0 Pre-Release (RC1 Refresh). It’s mo’ Beta.

First install: everything worked except OWA and SMTP, which was kind of a big deal. However, I had done several test configurations on ASP and created so many Application pools running under different contexts that I had probably messed it up totally, so I uninstalled Exchange 12 and IIS.

Second install: the “client access” server install returned an error. I uninstalled Exchange and deleted every registry key that had Exchange or it’s path in it.

Third install: no errors, OWA worked, I could connect from Outlook. I couldn’t yet send or receive mail, though, because I hadn’t configured any connectors. Looking into the new Bridgehead server role configuration on the Exchange Management Console, as it’s now called, I saw only a blank screen. The help file explains how to use it to configure inbound and outbound connectors, but there was nothing there. Back to the release notes. The EMC does not yet implement a GUI for configuring connectors, so I had to start entering commands on a line.

Which brings us to the new way of administering Exchange 12: the command line.

Next to the EMC in the start menu is something called the Exchange Management Shell. I had to look at the help and start learning the new command structure. Fortunately, the release notes mention that you might not want to use the example given in the help file that creates an open relay for all.

Here’s what a command looks like:

New-ReceiveConnector -Name Internet2 -Type FromInternet -Bindings:10.10.10.202:25 -AnonymousAllowed:true -AdvertisedDomain xxxx.net -RemoteIPRanges
0.0.0.0-255.255.255.255

Once you’ve done a few commands, you’ll get it. And when you want to tweak one item, you don’t have re-do the whole command. You can do just one in a command. So try the Beta of Exchange 12 if you like, just be
prepared to learn a new command language.

One other thing: I did use the EMC to move the Information Stores, which was really easy. It dismounted them automatically, moved them, and remounted automatically.