Monday, September 14, 2015

Confuguring vsftpd to support proxy FTP

I've had to deal with a legacy application that is hard coded to use proxy ftp sessions. These are initiated by using the "proxy" command in a stock ftp client.

It was giving us trouble with vsftpd refusing to transfer files when using "proxy get" to initiate a passive session between the vsftpd server and another server.

What is a proxy FTP? In a nutshell, a proxy session lets you open a connection to a second FTP server, so that you can transfer files between both servers from instead of between the primary server and your FTP client.

The ftp(1) man page documents what "proxy" does. It is important to read it and understand what happens when you use this:
     proxy ftp-command
                 Execute an ftp command on a secondary control connection.
                 This command allows simultaneous connection to two remote ftp
                 servers for transferring files between the two servers.  The
                 first proxy command should be an open, to establish the sec-
                 ondary control connection.  Enter the command "proxy ?" to
                 see other ftp commands executable on the secondary connec-
                 tion.  The following commands behave differently when pref-
                 aced by proxy: open will not define new macros during the
                 auto-login process, close will not erase existing macro defi-
                 nitions, get and mget transfer files from the host on the
                 primary control connection to the host on the secondary con-
                 trol connection, and put, mput, and append transfer files
                 from the host on the secondary control connection to the host
                 on the primary control connection.  Third party file trans-
                 fers depend upon support of the ftp protocol PASV command by
                 the server on the secondary control connection.

So how does this impact vsftpd when using it to handle the primary control connection?

The first thing that might happen is that if you issue a proxy get, it might  fail with the following message:
500 Illegal PORT command

This is fixed by adding the following parameter to vsftpd.conf:
What this parameter does is authroize vsftpd to open a data connection with the proxy server, instead of limiting it between vsftpd and the FTP client.

Then, you might get:
500 OOPS: vsf_sysutil_bind

This happens because the vsftpd process is trying to bind to port 20 to the IP address of the server. By stracing the process, I found out that this does not work because the vsftpd process that handles communication with clients is unprivileged. This privilege separation is by design. The workaround I found is to add this to vsftpd.conf:

This makes vsftpd bind to another port (I didn't even check which one) but it works. By default it is set to "NO", but it is left to "YES" in the example configuration file and thus why it was there in the first place.

Good luck

Monday, July 20, 2015

Updating a Magellan Triton 500's GPS chip firmware

I've been recently trying to restart using a circa-2008 GPS I own, a Magellan Triton 500. Back when I purchased it, it was so frustrating to use that I gave up. It's time for a rematch.

There used to be a english forum with lots of information on these, but it closed some years ago. Whatever was in this forum is lost forever (and no, the web archive didn't save the posts, only the thread subjects).

There are still tidbits of info scattered here and there, however. Many in russian and german though, which requires running them through a translator, with mixed results. I might try to put a comprehensive page in the future in this blog in case they go down, too.

In the mean time, here is the best hack available for this unit.  I found an interesting post in a German board that explains how to flash an unofficial driver for the SiRFstar III GPS chip that updates its software from GSW 3.2.4 to 3.5.0 and it increases the unit's sensitivity considerably. The details are here:

Here is how to do this.

1. Download this file here:
P.S. maps4me offers many maps for the triton for a one-time download fee, I suggest you check it out.

2. Extract the zip file.

3. Turn OFF your GPS (this is important, if it's already turned on when you plug it in, the GPS driver will fail to install)

4. Run MgnFwUpd.exe

5. NOW plug your GPS, turn it on, and run the update. It takes at least 30 minutes to complete.

6. Tada! The about -> version page should show GSW3.5.0 for SiRF.

I've tested this on Windows 8.1 and it still works even if the software was probably designed for XP.

For advanced users: If you don't want SiRF 3.5.0, there is a way to update from 3.2.4 to 3.2.5 using official Magellan code. I requires downloading the latest firmware update to 1.95 from Magellan, running their update, finding out the temporary directory where it extracts its data, then modifying MgnFWUpd.xml to uncomment the line mgnFWGpsChipUpdate version. I tried it but didn't find 3.2.5 to be very useful.

Monday, September 22, 2014

Change control killed the sysadmin star

Yesterday, I've watched Office Space for the first time in probably 10 years. I can't believe how this movie is still relevant today. What's most funny is that one of the center pieces of this movie, TPS reports, is the type of report I have to file sometimes. Even if the movie's underlying themes have not aged much, there is one thing that Mike Judge would have to consider if he had to direct a reboot (pun intended) of Office Space 2015: change control.

I could go on and on about change control but I won't. However, I can leave you with this song:

Red tape came and broke your heart
We can't approve you've gone too far
Change control killed the sysadmin star

Thursday, October 3, 2013

Running a Matrox G450x4 MMS under Windows 7

I was recently tasked with a small challenge. Given that we have a fair amount of circa-2005, quad-screen workstations running Windows XP for which we know the clock is ticking, is it possible to upgrade them to Windows 7 even if they have ancient Matrox graphic cards?

The answer is, yes, with some limitations. Matrox doesn't have a clear stance on Win7 support for the G450 series. By downloading their latest driver which is supposed to support Win7 SP1, the installer fails without even a hint of what is going on.

By searching for and trying various older drivers, I found out that the WHQL drivers do not support the G450, but the non-WHQL do. To get these drivers, you have to go to the "archived support drivers" area and scroll down to the latest non-WHQL driver you can find for your platform. In my case, it was version 211_00_183. The driver installs and the graphic card works. Case closed.

Of course, by using non-WHQL drivers, you might be asked by Microsoft to remove these drivers if you run into problems and ask for support.

For the curious, these workstations have been limited to being quad-screen ICA clients a long time ago, so I don't expect any performance impact by moving them to Windows 7. If we move on with this scenario, we'll be saving the company some money by extending the life of this equipment for a few more years.

Wednesday, May 8, 2013

Launching the Performance Monitor from the command line or script

On a Windows 2008 R2 server, I needed to launch the Performance Monitor with a built-in live report. That is targeted to support personnel and I don't want them to have to start it an add counters manually each time.

Man, that task proved to be more complex than I expected.

Here is what I've found in the last few days:

Solution 1: use IE
From the performance manager, the only option offered to save a custom report is to save it to an .HTML file which can then be launched from IE. That is clunky, as it has some ActiveX code and you need to acknowledge running it. Furthermore, when you load up that HTML page, you first have to press on the "play" icon to start the data collection, which is another useless step that I don't want support guys to have to do.

Solution 2: use Typeperf
There is a nice utility named "typeperf.exe" that can be used to dump specific counters to the console. It works, but for an odd reason, it can ONLY output CSV output to the screen. If you specify another format, it insists on dumping in a file. In essence it is a good quick-and-dirty tool for the console but not a terrific all-around solution.

Solution 3: use Perfmon in standalone mode (WE HAVE A WINNER!)
You can launch a standalone Permon using "perfmon /sys". This lets you add counters and, look at the magic, the standalone panel offers the possibility of saving that report in a .PerfmonCfg file. To load the file, simply click on it (or use "start meh.PerfMonCfg" within a batch file) and it will bring up a good old Perfmon report on the screen. That, in my opinion, is the best way to achieve my goal.

Sorry for the lack of details, but that should give you an idea.

Monday, June 4, 2012

The born-again sysadmin

A few weeks ago, I decided to go back to my roots as a systems administrator. While being an architect was a fulfilling experience, I was missing a lot the technical work I used to do in my previous career.

So, I'll be transitioning from my current architecture duties to join a team in charge of a mission critical system that currently runs on - hold your breath - Tru64 Unix. This is a major real-time system for my company, which spans three sites and counts a plethora of servers. Can't say more due to security issues. Many in that team are due to leave for retirement this summer so I'll probably work as a Mr Wolf for a while, fixing what needs to be fixed (and strategically avoiding what doesn't need to).

This Tru64 system is planned to be upgraded to Linux (specifically RHEL 5.8) starting next year, with a go live in 2014. And I'm in the delightful situation of having been one of the architects to document that upgrade -- the difference being that it's ME who will have to live with it for years to come.

I'll be the first to admit that this blog has been slow going between 2010 and 2012. There was simply no content that was "generic" enough to be published here. Things might change over time.

Monday, April 16, 2012

The Microsoft SMTP service doesn't create a log file.

The Microsoft SMTP service doesn't log anything in the SmtpSvc1 directory even though you enabled logging and you're on Windows 2003?

Save yourself some trouble, and install the "ODBC Logging" role service in Server Manager. Although it shouldn't help, it does, and for me the SMTP service started logging automagically after restarting it.

Wasted an hour on that nonsense before finding this trick buried deep somewhere in a forum posting.