Wednesday, July 31, 2013

Maven unable to find resource in repository

Lot of similar errors for packages I know we have in our internal repository:
[INFO] Unable to find resource 'com.octo.captcha:jcaptcha-api:jar:2.0-alpha-1' in repository central (
However in ~/.m2/settings.xml I have specified the internal repo as central mirroring absolutely everything. The "mvn -X" command wouldn't say which settings.xml it was parsing. What to do?

The solution was to specify where the settings were (a one time shot):
$ mvn install --settings ~/.m2/settings.xml

Tuesday, July 23, 2013

Agile team? Did you already script your infrastructure?

It's been two days since Ubuntu Forums and Apple Developer Resources websites have been down. I believe that such big down-term is only related to the fact that the infrastructure is not scripted. Am I wrong?

Recipes are the way to go not only for DR situations but for security reasons as you can see.

Furthermore it is thanks to recipes that we can migrate without fear to new packages or whole OS versions.

Finally it is thanks to recipes that documentation and implementation meet together saving not only a lot of time but a lot of human error as well.

Any change affecting OS or services on top of it should be:
  1. scripted
  2. versioned
  3. applied to servers remotely
That is a culture that should exist in the agile team not only for Linux and Unix but for Windows as well. The times where you rely on documented steps and a sysadmin going through them have passed. It is time to script your infrastructure.

For the record, from
We’ll be back soon. Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then. In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon. If your program membership was set to expire during this period, it has been extended and your app will remain on the App Store. If you have any other concerns about your account, please contact us. Thank you for your patience.
Ubuntu Forums is down for maintenance There has been a security breach on the Ubuntu Forums. The Canonical IS team is working hard as we speak to restore normal operations. This page will be updated with progress reports. What we know Unfortunately the attackers have gotten every user's local username, password, and email address from the Ubuntu Forums database. The passwords are not stored in plain text, they are stored as salted hashes. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP. Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach. Progress report 2013-07-20 2011UTC: Reports of defacement 2013-07-20 2015UTC: Site taken down, this splash page put in place while investigation continues. 2013-07-21: we believe the root cause of the breach has been identified. We are currently reinstalling the forums software from scratch. No data (posts, private messages etc.) will be lost as part of this process. 2013-07-22: work on reinstalling the forums continues. If you're using Ubuntu and need technical support please see the following page for support: Finding Help. If you're looking for a place to discuss Ubuntu, in the meantime we encourage you to check out these sites: The Ubuntu subreddit The Ubuntu Community on Google+ Ubuntu Discourse

Monday, July 22, 2013

Mapping the value stream in Bugzilla - column width in listing pages

We found out that our bugzilla status column width was too little (4 characters) for our mapped value stream which is composed of over a dozen of stages. From the documentation this was an easy fix:
#edit values
$ vi /var/www/bugzilla/template/en/default/list/table.html.tmpl
$ cd /var/www/bugzilla
$ ./ 
The question still remains though: when will Bugzilla provide a Kanban board implementation?

Friday, July 19, 2013

UX: Multiple select versus scrollable checklist

I have always seen implementations that try to resolve issues related to HTML multiple select input occupying more real estate. As usual simpler is better, just "check it, don't select it".

Tuesday, July 16, 2013

Do not cache dynamic resources if you deal with sensitive information

Login in your website using chrome. Right click on the page body and select "inspect element", click on network tab and navigate to a dynamic page showing important/sensitive information. Now click on any other link in the website. Click on the "Clear" button in the bottom of chrome inspector.

Finally hit the back button. On the top of the list do you see that your page was pulled from a cache? If the page is not stating how long it took to render (time latency=0) and/or you see "from cache" for "size content" most likely your server is missing to send some important information in an HTTP header.

Click on the top resource which should be the main page pulled as a result of the back button click action. On the right pane you should be able to see the server response headers. Most likely one or more of the below important Cache-Control header statements is missing resulting in a vulnerable application. Some forensic work in any computer accessing such website could reveal sensitive information that could be used directly or indirectly in other exploits. The data from such website might be accessible for a future intruder.
Cache-Control: no-cache, no-store,private,max-age=0,must-revalidate

Monday, July 15, 2013

Sniffing mysql queries

There are times when sniffing what queries mysql is running is the fastest way to troubleshoot a potential bug. So *temporarily* you can look into what is going with:
mysql> SET GLOBAL general_log = 'ON';
mysql> SET GLOBAL general_log_file = '/var/log/mysql/mysql.log';
$ tail -f   /var/log/mysql/mysql.log
Of course do not forget to put it back to OFF after you get enough log to troubleshoot:
mysql> SET GLOBAL general_log = 'OFF';

Friday, July 12, 2013

Asynchronous bash to run command in multiple remote hosts

I wanted to inspect the date in multiple servers to make sure ntpdate was running correctly. Here is how with a simple Plain Old Bash (POB) script. See below a typical response showing the asynchronous nature of this script

Thursday, July 11, 2013

Fastest way to open and close a socket

I had to replicate an issue in a proprietary application server which was reporting socket fail errors. Basically any connection to a specific port open from monit for example would cause the issue. The command below can be used to open the socket, write something and close it. It helped me recreate the issue:
exec 3<>/dev/tcp/${HOST}/${PORT}; echo -e "Will you crash?\n" >&3; exec 3>&-

Saturday, July 06, 2013

bash stdout and stderr to file and console

Given a typical bash script which would print to stderr and stdout like:
$ cat 
#!/bin/bash -e
# writes to stderr and stdout then dies with exit 1 
echo "out"
echo "err" >&2
exit 1
Suppose you want to send "out" and "err" to a file and also to the console. You might think on doing something like:
#Not good as stderr and stdout are completely redirected (you will see no output on screen)
$ ./ &> results.log
But actually the below will be your only option as far as I can tell:
$ ./ > >(tee -a results.log) 2> >(tee -a results.log >&2)
Basically you send stdout and stderr to a couple of streams that use the 'tee' command to guarantee the content is sent to the console still. Note the last ">&2" which is necessary to avoid tee printing the stderr message to stdout.

Friday, July 05, 2013

Send mail through smarthost in Solaris

$ /opt/csw/bin/gsed -i 's/^DS[\s]*.*/DS' /etc/mail/
$ svcadm restart sendmail #/etc/init.d/sendmail restart is deprecated (Thanks Douglas Perry!)
$ echo "My Body" | mailx  -s "`hostname` My subject"