Windows Server Hosts File Ignored or Not Looked Up

Our Symptom:

We often need to circumvent customer/client's DNS or supplement them since FQDN is a very stringent requirement for Microsoft SQL Server Mirroring technology.

One of the tricks we use is to edit the local hosts file C:\Windows\System32\Drivers\Etc\Hosts to yield correct FQDN internally.

At one point I have noticed that no matter what I enter the information there, they are ignored.

Also you may have noticed this when the SQL Server Management Studio takes a long time to come up especially in a closed network where there is actually no "outside" route. As I have posted previously, this is due the fact that SQL Server Management Studio performs Certificate Revocation List (CRL) lookup. We usually add

127.0.0.1 crl.microsoft.com

in our local Hosts file so that CRL lookup will purposely fail in order to get the SSMS to come up quicker.

What Worked for Me:

Quick Test: Try to see in your service controller if "DNS Client Service" that is running. If you turn it off, the system starts to look up names in the local Hosts file.

Next you should look your Windows registry.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

In there you will find the value

UseDomainNameDevolution

If this is set to 1, your Hosts wont' work. Just reset this to zero (0)

For additional information on this, find here: http://technet.microsoft.com/en-us/library/cc766230(WS.10).aspx

Google App iPhone Calendadar Does Now Show All Shared Calendars

Symptom:

You are syncing to the Calendar on iPhone, and you want to see all of the shared calendars. You have accepted the invitations to new shared calendars and you do and can see them while you are using a desktop web browser.

Solution:

Go to the following page, with (yourdomain) replaced with your actual domain, for example, "example.com"

https://www.google.com/calendar/hosted/(yourdomain)/iphoneselect

You get [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified on 64-bit Windows

Symptom:

When you try to connect to an SQL Server on Windows 2008 64-bit server running 32-bit application you get the following error

[Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified

And you cannot also find the DSN in the list of ODBC DSNs

Cause:

You must configure the 32-bit ODBC driver. You have been configuring the 64-bit ODBC driver all along. This is not very clear to you (or me), and there is no explicit control panel items for both.

To start a 32-bit ODBC driver,

C:\Windows\SysWOW64\odbcad32.exe

HP ILO 100 KVM Invalid username/password Error

Symptom

You have an HP DL Series server such as DL150. You did purchase and installed the KVM license key, it did work for some time but now whenever you connect you get

"Invalid username/password. You have been disconnected"

Cause


Something has gone wild in the ILO Flash memory.


Fix

ssh as an admin into the ILO interface. For most cases you should use putty program which is free and downloadable.

Then type in the following commands:

show map1 license

(just to play it safe and copy and paste this into a suitable text file on your computer)

reset map1 license

Session will then hang.

Log back into the web utility and the KVM feature should now work.

Originally Appeared on: http://forums13.itrc.hp.com/service/forums/questionanswer.do?admit=109447627+1275318554605+28353475&threadId=1404325

IMAP Problem with iPhone or iPOD for Google App

Symptom:

You are hosting your domain with Google App and allowing people to get emails via IMAP.

You get a complaint from a user stating that:

• They can read their email on the web
• They cannot suddenly access their email on iPhones even though IMAP and POP are enabled in their profile.
• May get "Cannot Connect Using SSL" message.

Possible Root Cause:

• Google has disabled IMAP (and POP) access probably due to some security issues such as repeated IMAP access with incorrect password.
• If this is the cause you won't be able to access your Google App email via IMAP or POP either, but most iPhone users don't realize this is happening since they may never use IMAP or POP clients on their home computers.

Fix:

• Try doing "reset Captcha" and this should re-enable IMAP or POP thereby allow the access from iPhone or iPod Touch

To do this, use the following url by replacing with your own domain.

https://www.google.com/a/yourdomain.com/UnlockCaptcha

Communicating with Busy People

Symptom:

You email someone or leave a message and the person blows you off often.

Solution:

I have been on both sides of the fence, more recently on the busy person's side. As a software developer you do need to communicate with people, and often engineering types neglect the understanding of the aspect of psychology and emotions involved in human communications. Dealing with busy people, especially communicating with them effectively, requires some "soft" understanding skills of human behavior. So here I am sharing some of the things that I discovered that is working for me.

Here I am talking about truly busy people. If you ask most people in work situations, most people say they are busy but they are actually not that busy. In fact, most people who say that they are busy tend to be not busy and really busy people are too busy to mention that they are busy. Get it? It takes years of personal training to be truly busy, on demand from people and on a mission to improve whatever you are doing! It requires both focusing and time management skills. But I digress, I will write more about that later on.

Now consider this typical scenario:

• You send out a email to someone, say your manager asking a question. You have written 70 to 100 lines explaining everything she needs to know in a great detail so that she does not have to ask for more information.
• You feel that you have done everything right and wrote a courteous and detailed message. You also feel that you have chosen email as a courtesy as you know the person is really busy.
• You get no response, not even an acknowledgement. Now you feel that she is a jerk.

Sounds familiar, right?

Now consider you are at the other end of the fence receiving this lengthy email message just a time you are ready to go to another 2-hour customer meeting.

From the recipient side the following thing comes to mind:

• "Gosh, another lengthy email from a colleague. I need to read it and understand what I need to do."
• First reaction, "Oh shit, another work to do on my list of things to do."
• But then she feels; "I know he is a hard worker and he means well, I don't want hurt his feeling."
• So, she decides: "I will respond to him when the meeting is over." (fat chance!)

And as she get out of that meeting, and try to hit a restroom on the way to another meeting, 2-3 people stop her on the way and asks. "I need to see you..." "Where is...." By the time she ends the second meeting, another 5 email messages are also waiting in her in-box some of them are from a potential customer that she needs to give the top priority to. By the end of the day, she has totally forgotten about your email she got in the morning. It has scrolled off the visible part of her Outlook or Gmail window. (Side Note: I used to have a co-worker who would ambush me at the bathroom exit. Her cube was on the way from my cube to the bathroom. As I went she senses, wait for 3 minutes and then stands by the door to get a hold of me. This worked for her, she got a lot of my attention, and she had a courtesy for not catching me on the other direction, that would made me mad!)

Now you know the both sides of the equation. There is a few things to note.

• You have actually succeeded in reaching out to her by sending an email just before she went into a long meeting. Actually this timing plays a role in an effective communication.
• You did not know but you also acted like a jerk for sending a lengthy message, leaving her to interpret the email.
  
• You did not know what she thought about you when she opened the email. She actually did appreciate the work you put in, but then she felt like "how can I make this person more independent."
  
• You did not even know that she did not want to hurt your feelings. (This is actually very important psychology that you need to swallow.)
• You have made a request to her and that you have added extra work for her to do, one of them is to interpret this lengthy email.
• She is probably more motivated to this customer meeting than your email.
• She knows you so she is implicitly permitted to blow you off but not the customer. Not correct way of thinking but that's how it works.

Finally Some Tips:

Now that I have laid out the background, giving the tips is actually quite easy.

• Write shorter messages and more often (but not too often). These days "chat" style of emailing is quite acceptable. My emails messages are usually not longer than 140 characters in length and for more info, I create a shared document and put a URL to it. I find it a bit of challenge in cramming in all the info in that space.
  
• Earlier part of the message, especially the Subject line of email is the most important part of the message.
• Do not compose a message that give a lot of work or interpretation on the recipient's part. As much as possible write a message saying exactly one thing she needs to do.
• Yes, one thing at at time! Never ever put more than one request in a message. Send a separate message at the right timing for the second stuff.
• If the action will benefit ultimately in her reputation or pay include that info too. It is mostly all about the motivation that drive people to do things.
  
• To this effect, I often use "Call For Action" keywords in the Subject line. In fact many of my email messages are complete message crammed in the subject line like: "Sarah: Sign the Check for ACME today." "Mike: Let's do Lunch Today at 12:00?" This way the recipient knows email is TO them and know exactly what to do. The message is right in front of email list and no need to open it, and action is right in the subject too. The message stands out clearly and talking to the person what needs to be done. To study Call For Action style communications, I recommend you read Google AdWords advise. Yes, basically you want a one click action and response from your recipient out of 100s of competing emails in her box!
• If it involves emotional discussions or expressions (for example, you are angry or concerned), do not write email. Call and leave a voicemail message. Voice can convey your emotions.
• Know that most other people may not manage their email box or voicemail box as well as you do. Emails are lost, buried or simply not looked at.

Some Tips on Motivation

I used to get mad when my boss sent me a request and I responded I got an instant response from the boss but he blew off most of my messages I sent earlier, and that comes down to the part of understanding the motivation.

When someone send you a message, the person is motivated, and motivated about the subject matter at the time.

This is actually a big opportunity to get a time slot from the person who send you the message. But remember that you are dealing with a busy person so the person's motivation changes very quickly and moves on to something else in a few minutes.

One strategy that works is this. When you get an email message, do not respond to that topic, but write another (short) message about what you want the other person to do (most). What this does is that the recipient in now in a motivated state to communicate with you and you can ride on that bandwidth. Don't do that too much but it often works. You also get pretty much one chance to do this.

In Summary

• Busy people are exactly that, they do not have time, so don't expect to get more time out of them.
• Busy people think the best way to deal with some things are to just leave them undone and not responding since by a response this will cause more work and responsibility to them.
• Emotions, Behaviors, and Motivations play a key role in the dynamics of human communications. This is where your the courtesy protocol that your parent taught you breaks down leaving you feeling like an neglected idiot. Of course you are not.
  
• Always communicate in short and exactly down to the point method of messaging often including "call for action" style messages. Do not write any more than 2 paragraphs. If there is more information, attach it as a file or point to a URL to your own blog or file download page... whatever technology you got.
  
• With emotional topics, use voicemail or better yet, talk directly to the person.
• People have been doing their people thing for at least 20, 30 or 40 years. Fat chance their behavior changes over-night. The best way to get through to people is to understand individual's motivation to me.
• Sometimes it does simply not work. In that case consider abandoning, move to another department, another customer, or another job.
• Finally, swallow the fact that neglecting is not personal, but people are simply just stretched to the max and do not have time. It is even be thought of as a friendly gesture not to hurt your feelings and an indication of trust that you won't get mad (or at least you won't express it immediately.)
  

JavaScript Note: Towards Building Client-Only App

I am working on a project now where I hope to utilize JavaScript to perform some math calculation in place. Since the project will involve rather complex computation I want to avoid a round-trip to/from a server each time a user changes a value in a table cell. It would be nice the results are computed right in the browser.

I am actually new to JavaScript and up to this point I did pretty much everything on the server side, mainly using ASP.NET That's great but now AJAX and real-time (looking) page updates are quite a norm. So I am going to jot down some of the stuff that I need to pick up on this page so that I can refer them back.

Example of How JavaScript Form Can Compute and Display Standard Deviations

My first stop was to figure out how to use JavaScript to compute a standard deviation on a form page. This site contains the equation and a very straight-forward form that does that computation. My app will have significantly more complex equations but basically the idea is the same.

http://www.cs.miami.edu/~burt/learning/Math119/js-ComputeStdDev.html

After looking at this page, I have found out one drawback. All the results are displayed in the text input fields. That's OK but on an industrial-strength type app, you don't want confuse users what's input and what the output, so I need to directly output the result into some text in the page. So how would I do that....?

How To Dynamically Generate Contents or Alter The Page Content To Display Results

This is done through W3C DOM Level 1 Core built into a browser (for example Mozilla). This is described at this page with a lot of examples:

https://developer.mozilla.org/en/Using_the_W3C_DOM_Level_1_Core

OK, so I Now Know How To Dynamically Alter The Page, How Can I "Push" Parameters to Functions or some Raw Data

This is where JavaScript should be able to access a remote Data via Web Service or XML... That'e next on my list of things to research.

Nortel Business Secure Router 222 and CISCO ASA 5500 Series VPN Connection

Symptom:

You would like to connect Nortel Small Business Router 222 to CISCO ASA 5505 or 5510 type device. You were probably not successful for a while (at least for me).

What Worked For Me:

• The major issue for me was to find what types of SA negotiation parameters to choose for the Phase 1. Pretty much this works only with 3DES-SHA1 combo for me. I tried others and won't work.
• Phase 2 appears to have not much problem whatever you choose.
• Also it seems that if you set the IKE->Policies : key lifetime to 86400 on the Nortel side they do not like.

Nortel Side:

• Go to the VPN menu on the left
• Edit or Create a new VPN Entry
• Connection Type: Branch Office
• Check Active
• NAT Transversal enabled
• Key management: IKE
• Negotiation Mode: mAIN
• Encapsulation Mode: Tunnel
• Authentication: Pre-Shared Key
• Local ID Type: IP
• Content: The Outside IP address of the Nortel
• Peer ID Type: IP
• Content: The Peer VPN Access point address of CISCO ASA
• My IP Address: The Outside IP address of the Nortel
• Secure Gatway Address: The Peer VPN Access point address of CISCO ASA
• ESP (Selected)
• Go to Advanced Menu
• Enable Replay Detection: Yes
• Phase 1
• Multiple Proposal: Not Checked
• Negotiation Mode: Main
• Encryption Algorithm: 3DES (most important, do not choose anything else)
• Authentication Algorithm: SHA1 (most important, do not choose anything else)
• SA Life Time (seconeds): 24000 (do not choose 86400)
• Key Group DH1 (but make sure that IKE Policies on the CISCO end has this combo)
• Phase 2
• Multiple Proposal: Not Checked
• Active Protocol: ESP
• Encryption Algorithm: ASE 256 (but can be 3DES)
• Authentication Algorithm: SHA1
• SA Life Time (Seconds): 24000 (do not use 86400)
• Encapsulation: Tunnel
• Perfect Forwarding Security: None (very important)

On the CISCO Side (ASDM)

• Go to Configuration
• Open IKE->Policies node and be sure that 3des-sha DH group 1 pre-share authentication is in there. Lifetime(secs) can be left to 86400
• Now use the VPN Wizard to complete the rest.

Snow Leopard Break Fix List

Symptom:

After upgrading Snow Leopard I have started to experience many things that were broken. This lists the issues and fixes if I learn about them.

The List:

• Development environment (gcc, make etc): Requires a re-installation of Xcode that came with the Leopard CD.
• /usr/include/stdarg.h:4:25 Error when building something: Apprently needs OS 10.4 SDK installed and many stuff have to use gcc-4.0 to build. While updating Xcode, be sure to add that optional 10.4! Once you do that do

export CC=/usr/bin/gcc-4.0

In addition removing -arch pcc from the build line and leaving only -arch i386 may get your to build what you want.

• macports: Get the Snow Leopard version from MacPorts web site.
• HP Printer Driver: See my previous post. If you HAD an HP printer then you may need to completely clean the driver software from your Mac.
• CISCO VPN Client 4.9.01: Re-installing will reactive the program.

Snow Leopard and HP LaserJet 3020 Print Pauses After Upgrade

Symptom:

After upgrading to Snow Leopard we were unable to print any longer using our HP LaserJet 3020 (All in One). The Event Log in the Printer Queue said:

/usr/libexec/cups/backend/usb failed"

When we opened the Terminal and type in a command

/usr/libexec/cups/backend/usb

We saw the following error message:

"Unable to load class driver "/Library/Printers/hp/hpio/HPIOPrinterClassDriver.plugin": No such file or directory"

We Tried To Fix with the Following But Nothing Worked:

• Got the latest 6.0.1 Driver for HP is at http://support.apple.com/downloads/#macosx106
• Check: http://localhost:631/ which is the local CUPS driver admin page.

Solution:

First, from the System Preferences (i.e., control panel) "Printers and Faxes" remove the malfunctioning printer queue for the LaserJet.

Next, Completely Cleanup Driver by doing the following. Please note that this requires a system administration privilege and so I am not going to explain how that is done. If you do not know how to do a "sudo" then you should not do this. Please ask for an assistance from any Unix or Mac OS X knowledgeable person. I suggest that you use Time Machine to get at least one backup of current operating environment.

rm -rf /Library/Application Support/hp folder
rm -rf /Library/Frameworks/HPDeviceModel.framework
rm -rf /Library/Frameworks/HPPml.framework
rm -rf /Library/Frameworks/HPServicesInterface.framework
rm -rf /Library/Frameworks/HPSmartPrint.framework
rm -rf /Library/LaunchAgents/com.hp.launchurlagent.plist
rm -rf /Library/Printers/hp folder
rm -rf /Library/Printers/PPDs/Contents/Resources/hp*.gz
rm -rf /System/Library/Extensions/hp_io_printerclassdriver_enabler.kext

This have completely cleaned up all the HP printer data.

Reboot the system.

Go back to the Printer and Faxes control panel and this time the System will load the latest printer driver from the Internet after you add the printer queue for the Laser Jet, and you should be all set to go.

ERROR: Cannot use the special principal 'sa'. Microsoft SQL Server, Error: 15405

As of May 2012 This is The Most Popular Post For People To Come To This Blog.
People must be having this issue all over the world!

Symptom:

You tried to create or alter a table column (or likewise attributes in a table) with Microsoft SQL Server Management Studio and get the following error.

ERROR: Cannot use the special principal 'sa'. Microsoft SQL Server, Error: 15405

You can get into the SQL server with 'sa' in Mixed Mode authentication. You have even given the sa permissions to all of the databases.

Root Cause:

The database ownership is still not correct when you restored or re-attached database. This happens for example, if you restore a database using an integrated authentication account.


Try This Fix:

Open the SQL Query windows in the Microsoft SQL Server Management Studio, and try something that resemble below by changing. TheNameOfYourDatabase to the database you are using. Do this with every database that you have that you need the 'sa' access. This will change the owner of the database to the account you designate.

use TheNameOfYourDatabase
exec sp_changedbowner 'sa', 'true'

System.Data.ConstraintException: Failed to enable constraints. One or more rows contain values violating non-null, unique, or foreign-key constraints.

I occasionally have a problem when trying to use TableAdapter

System.Data.ConstraintException: Failed to enable constraints. One or more rows contain values violating non-null, unique, or foreign-key constraints.

In my case this happened because we did not include any of the primary keys in table joins.

My Solution:

You may want to try this using your DataSet Designer.

1. Open the dataset designer
2. Go to the TableAdapter in question
3. Find where the primary key is set
4. Right click over and select Primary Key menu
5. Change the key to something else that make more sense

Simple Way to Encrpt and Decrypt Short Text in Python

Some Basic Way of Encrypting and Decrypting Text in Python

I was looking for some basic code in Python to encrypt and decrypt short text, for example, to store SQL passwords and such in configuration file or embed them within in scripts. So far I have not found a Python native way of doing this easily (most likely I am missing something and you ought to let me know). Also there are also some commercial libraries like CHILCAT that can do this using asymmetric stuff like AES and such, but I just want to hid obvious from plain public view (i.e., the local IT security people who'd scan all directories for passwords for holes) to prevent some robotic file scanners to collect such info.

I found the following code on the internet, but when I ran it under Python 2.6.2 it gave me a lot of errors, mainly due to the SHA library deprecated and moved into haslib. I made the corrections so here it is.

# Author: Paul Rubin, Fort GNOX Cryptography, .
# Algorithmic advice from David Wagner, Richard Parker, Bryan
# Olson, and Paul Crowley on sci.crypt is gratefully acknowledged.

# Copyright 2002,2003 by Paul Rubin
# Copying license: same as Python 2.3 license
# Modified 19 July 2009 by Manabu Tokunaga for Python 2.6.2

# Please include this revision number in any bug reports: $Revision: 1.2 $.

from string import join
from array import array
#import sha
import hashlib
from time import time

class CryptError(Exception): pass
def _hash(str): return hashlib.sha224(str).digest()

_ivlen = 16
_maclen = 8
_state = _hash(`time()`)
# Author: Paul Rubin, Fort GNOX Cryptography, .
# Algorithmic advice from David Wagner, Richard Parker, Bryan
# Olson, and Paul Crowley on sci.crypt is gratefully acknowledged.

# Copyright 2002,2003 by Paul Rubin
# Copying license: same as Python 2.3 license
# Modified 19 July 2009 by Manabu Tokunaga for Python 2.6.2

# Please include this revision number in any bug reports: $Revision: 1.2 $.

from string import join
from array import array
#import sha
import hashlib
from time import time

class CryptError(Exception): pass
def _hash(str): return hashlib.sha224(str).digest()

_ivlen = 16
_maclen = 8
_state = _hash(`time()`)

try:
import os
_pid = `os.getpid()`
except ImportError, AttributeError:
_pid = ''

def _expand_key(key, clen):
blocks = (clen+19)/20
xkey=[]
seed=key
for i in xrange(blocks):
seed=hashlib.sha224(key+seed).digest()
xkey.append(seed)
j = join(xkey,'')
return array ('L', j)

def p3_encrypt(plain,key):
global _state
H = _hash

# change _state BEFORE using it to compute nonce, in case there's
# a thread switch between computing the nonce and folding it into
# the state. This way if two threads compute a nonce from the
# same data, they won't both get the same nonce. (There's still
# a small danger of a duplicate nonce--see below).
_state = 'X'+_state

# Attempt to make nlist unique for each call, so we can get a
# unique nonce. It might be good to include a process ID or
# something, but I don't know if that's portable between OS's.
# Since is based partly on both the key and plaintext, in the
# worst case (encrypting the same plaintext with the same key in
# two separate Python instances at the same time), you might get
# identical ciphertexts for the identical plaintexts, which would
# be a security failure in some applications. Be careful.
nlist = [`time()`, _pid, _state, `len(plain)`,plain, key]
nonce = H(join(nlist,','))[:_ivlen]
_state = H('update2'+_state+nonce)
k_enc, k_auth = H('enc'+key+nonce), H('auth'+key+nonce)
n=len(plain) # cipher size not counting IV

stream = array('L', plain+'0000'[n&3:]) # pad to fill 32-bit words
xkey = _expand_key(k_enc, n+4)
for i in xrange(len(stream)):
stream[i] = stream[i] ^ xkey[i]
ct = nonce + stream.tostring()[:n]
auth = _hmac(ct, k_auth)
return ct + auth[:_maclen]

def p3_decrypt(cipher,key):
H = _hash
n=len(cipher)-_ivlen-_maclen # length of ciphertext
if n < 0:
raise CryptError, "invalid ciphertext"
nonce,stream,auth = \
cipher[:_ivlen], cipher[_ivlen:-_maclen]+'0000'[n&3:],cipher[-_maclen:]
k_enc, k_auth = H('enc'+key+nonce), H('auth'+key+nonce)
vauth = _hmac (cipher[:-_maclen], k_auth)[:_maclen]
if auth != vauth:
raise CryptError, "invalid key or ciphertext"

stream = array('L', stream)
xkey = _expand_key (k_enc, n+4)
for i in xrange (len(stream)):
stream[i] = stream[i] ^ xkey[i]
plain = stream.tostring()[:n]
return plain

# RFC 2104 HMAC message authentication code
# This implementation is faster than Python 2.2's hmac.py, and also works in
# old Python versions (at least as old as 1.5.2).
from string import translate
def _hmac_setup():
global _ipad, _opad, _itrans, _otrans
_itrans = array('B',[0]*256)
_otrans = array('B',[0]*256)
for i in xrange(256):
_itrans[i] = i ^ 0x36
_otrans[i] = i ^ 0x5c
_itrans = _itrans.tostring()
_otrans = _otrans.tostring()

_ipad = '\x36'*64
_opad = '\x5c'*64

def _hmac(msg, key):
if len(key)>64:
key=sha.new(key).digest()
ki = (translate(key,_itrans)+_ipad)[:64] # inner
ko = (translate(key,_otrans)+_opad)[:64] # outer
return hashlib.sha224(ko+hashlib.sha224(ki+msg).digest()).digest()

#
# benchmark and unit test
#

def _time_p3(n=1000,len=20):
plain="a"*len
t=time()
for i in xrange(n):
p3_encrypt(plain,"abcdefgh")
dt=time()-t
print "plain p3:", n,len,dt,"sec =",n*len/dt,"bytes/sec"

def _speed():
_time_p3(len=5)
_time_p3()
_time_p3(len=200)
_time_p3(len=2000,n=100)

def _test():
e=p3_encrypt
d=p3_decrypt

plain="test plaintext"
key = "test key"
c1 = e(plain,key)
c2 = e(plain,key)
assert c1!=c2
assert d(c2,key)==plain
assert d(c1,key)==plain
c3 = c2[:20]+chr(1+ord(c2[20]))+c2[21:] # change one ciphertext character

try:
print d(c3,key) # should throw exception
print "auth verification failure"
except CryptError:
pass

try:
print d(c2,'wrong key') # should throw exception
print "test failure"
except CryptError:
pass

_hmac_setup()
_test()
#_speed() # uncomment to run speed test

try:
import os
_pid = `os.getpid()`
except ImportError, AttributeError:
_pid = ''

def _expand_key(key, clen):
blocks = (clen+19)/20
xkey=[]
seed=key
for i in xrange(blocks):
seed=hashlib.sha224(key+seed).digest()
xkey.append(seed)
j = join(xkey,'')
return array ('L', j)

def p3_encrypt(plain,key):
global _state
H = _hash

# change _state BEFORE using it to compute nonce, in case there's
# a thread switch between computing the nonce and folding it into
# the state. This way if two threads compute a nonce from the
# same data, they won't both get the same nonce. (There's still
# a small danger of a duplicate nonce--see below).
_state = 'X'+_state

# Attempt to make nlist unique for each call, so we can get a
# unique nonce. It might be good to include a process ID or
# something, but I don't know if that's portable between OS's.
# Since is based partly on both the key and plaintext, in the
# worst case (encrypting the same plaintext with the same key in
# two separate Python instances at the same time), you might get
# identical ciphertexts for the identical plaintexts, which would
# be a security failure in some applications. Be careful.
nlist = [`time()`, _pid, _state, `len(plain)`,plain, key]
nonce = H(join(nlist,','))[:_ivlen]
_state = H('update2'+_state+nonce)
k_enc, k_auth = H('enc'+key+nonce), H('auth'+key+nonce)
n=len(plain) # cipher size not counting IV

stream = array('L', plain+'0000'[n&3:]) # pad to fill 32-bit words
xkey = _expand_key(k_enc, n+4)
for i in xrange(len(stream)):
stream[i] = stream[i] ^ xkey[i]
ct = nonce + stream.tostring()[:n]
auth = _hmac(ct, k_auth)
return ct + auth[:_maclen]

def p3_decrypt(cipher,key):
H = _hash
n=len(cipher)-_ivlen-_maclen # length of ciphertext
if n < 0:
raise CryptError, "invalid ciphertext"
nonce,stream,auth = \
cipher[:_ivlen], cipher[_ivlen:-_maclen]+'0000'[n&3:],cipher[-_maclen:]
k_enc, k_auth = H('enc'+key+nonce), H('auth'+key+nonce)
vauth = _hmac (cipher[:-_maclen], k_auth)[:_maclen]
if auth != vauth:
raise CryptError, "invalid key or ciphertext"

stream = array('L', stream)
xkey = _expand_key (k_enc, n+4)
for i in xrange (len(stream)):
stream[i] = stream[i] ^ xkey[i]
plain = stream.tostring()[:n]
return plain

# RFC 2104 HMAC message authentication code
# This implementation is faster than Python 2.2's hmac.py, and also works in
# old Python versions (at least as old as 1.5.2).
from string import translate
def _hmac_setup():
global _ipad, _opad, _itrans, _otrans
_itrans = array('B',[0]*256)
_otrans = array('B',[0]*256)
for i in xrange(256):
_itrans[i] = i ^ 0x36
_otrans[i] = i ^ 0x5c
_itrans = _itrans.tostring()
_otrans = _otrans.tostring()

_ipad = '\x36'*64
_opad = '\x5c'*64

def _hmac(msg, key):
if len(key)>64:
key=sha.new(key).digest()
ki = (translate(key,_itrans)+_ipad)[:64] # inner
ko = (translate(key,_otrans)+_opad)[:64] # outer
return hashlib.sha224(ko+hashlib.sha224(ki+msg).digest()).digest()

#
# benchmark and unit test
#

def _time_p3(n=1000,len=20):
plain="a"*len
t=time()
for i in xrange(n):
p3_encrypt(plain,"abcdefgh")
dt=time()-t
print "plain p3:", n,len,dt,"sec =",n*len/dt,"bytes/sec"

def _speed():
_time_p3(len=5)
_time_p3()
_time_p3(len=200)
_time_p3(len=2000,n=100)

def _test():
e=p3_encrypt
d=p3_decrypt

plain="test plaintext"
key = "test key"
c1 = e(plain,key)
c2 = e(plain,key)
assert c1!=c2
assert d(c2,key)==plain
assert d(c1,key)==plain
c3 = c2[:20]+chr(1+ord(c2[20]))+c2[21:] # change one ciphertext character

try:
print d(c3,key) # should throw exception
print "auth verification failure"
except CryptError:
pass

try:
print d(c2,'wrong key') # should throw exception
print "test failure"
except CryptError:
pass

_hmac_setup()
_test()
#_speed() # uncomment to run speed test

Ruby on Rails: "no such file to load sqlite3" when preforming "rake db:create"

Symptom:

You were trying to run the Ruby tutorial and when you do

rake db:create

You get the following error:

rake db:create

(in /Users/StokeMaster/rails/myapp)

rake aborted!

no such file to load -- sqlite3

Fix:

Try this command

sudo gem install sqlite3-ruby

Visual Studio 2005 & 2008: fatal error LNK1104: cannot open file 'LIBC.lib'

Symptom:

You tried to re-build an old Visual Studio 6.0 C or C++ project in Visual Studio 2005 or 2008 and you get the following error:

Fatal error LNK1104: cannot open file 'LIBC.lib'

Root Cause:

LIBC.LIB is no longer supported in the later version of Microsoft Visual Studio product.

Possible Fix:

Use the Multi-Thread-Safe version LIBCMT.LIB instead of LIBC.LIB that may fix.

• Go to the Project property page.
• Go to Linker on the left tree view panel
• Open the Input node
• In the "Additional Dependencies" you will find LIBC.lib, replace that with LIBMT.lib

Rebuild your project.

Mac OS Canon MP Series WiFi Printer Scanner Does Not Scan But Can Print

Symptom:

I have a Canon MP620 WiFi printer and I can print to it but I cannot scan, even though the Canon IJ Network Scan Utility can locate the printer/scanner, and my computer is on the display of the printer itself.

Cause:

In my specific case, if I am connected to a company VPN (CISCO VPN Client), scanner cannot initiate a communication.

Fix:

Try turning off the VPN connection.

Yedda C# Twitter Update Results in 417 Expectation failed error

Symptom:

You are trying to call UpdateAsXML or UpdateAsJSON functions in the Yedda C# Twitter wrapper but when you try that the following response is sent back.

Error: 417 “Expectation Failed.” 

Fix:

Find ExcecutePostCommand() function in the Yedda C# Twitter class. Add the part in red as below.

protected string ExecutePostCommand(string url, string userName, string password, string data) {

WebRequest request = WebRequest.Create(url);

        System.Net.ServicePointManager.Expect100Continue = false;

Machine Behind Firewall Gets: Failed auto update retrieval of third-party root list sequence number

Symptom:

You have a well protected system behind a firewall that won't even get out to the Internet and you get following type of error:

Event Type: Error

Event Source: crypt32

Event Category: None

Event ID: 8

Description:

Failed auto update retrieval of third-party root list sequence number from: with error: This network connection does not exist.

Possible Fix:

Appears that it is lacking the Intermediate CA Certification.

Add a cert manually  from: http://www.verisign.com/support/verisign-intermediate-ca/secure-site-pro-intermediate/index.html

Simple Regular Expressions Simple Wild Card Search

Symptom:

The surf condition is great in Santa Cruz, you really want go get out of the office so you don't really want to geek out with Regular Expression experiements when all you want to do is a search equivalent of (*foo*.doc) in a DOS or Shell or SQL Like search... just about anywhere you've been to... but now your search box is demaning that you type in a regular expression to give you the search results.

Typing in *foo*.doc does not give you a jack! WTF!

You are not only flabbagasted with so many people who just want to show off their admiration to the beaufy of Regular Expression and don't give you this simple most common use of regex!

Fix:

Try this:

.*foo.*doc

Just remember that when you could normally use a * in a DOS file search use the ".*" combo instead of just a * (. means almost any character and * means repeat as many of them that before the *). This will search files that are xfoo.doc and xfoodoc in your list.

By the way if you really really want to do *foo*.doc (escape) the extension period with a \ So to do a DOS/Shell search equivalent of *.doc you would do .*\.doc For me the above method is just adequate. But if you get the taste of .*\.doc then you are starting to tread to the zone of a regex geek. I'd just find the string, get done with it and rather go surfing myself!

Now you may say, what about the ? mark you used to be able to use to look for a single character match. You already know this. Use a period.

For example, a regular expression search of "f..k" will find "fink" as well as "folk", and "fork" among other things (I know what you are thinking.)

If that does not work then you have other esoteric regex stuff in the string you are searching, like a " or a ? or a \ or { and such which have specific function in the expression. In that case, sorry, go RTFM! I am sorry!


Have fun!.

NET Remoting Error: Cannot create channel sink to connect to URL

Symptom:

You try to call an Activator.GetObject() to call a remote object.

Cannot create channel sink to connect to URL 'tcp:testhostname:1234/RemoteFileManager.soap'. An appropriate channel has probably not been registered. at System.Runtime.Remoting.RemotingServices.Unmarshal(Type classToProxy, String url, Object data) at System.Activator.GetObject(Type type, String url, Object state)

One Possible Cause:

Before going further and check the initializer and other stuff, double check the URL. In my case I forgot double slash after tcp:// and that caused above exception to happen.