Category: Technology

The end of password changes?

I knew Microsoft was publishing recommendations against forced password expiry, but it was still surprising to see this banner in my Azure admin portal. It would be nice if their message was clearer on the nuances here — especially that enabling MFA (preferably not SMS-based MFA that is just asking for someone important’s number to get hijacked) is an important component of this recommendation.

In one of my first jobs, I was a sys admin for call-center systems. As such, I interacted with a lot of the call center management and staff … and, when you know someone in IT, you ping them when the proper support route isn’t as responsive as you’d like. Which is to say I did a good bit of end-user support as well. The number of people whose password was written on a post-it note under the keyboard astonished me. This particular call center didn’t have floating seating, but two or three people would share a cube because they worked different schedules. If I’ve got to come up with a new thing I need to remember every 90 days … well, that’s how you end up with Winter19, Spring20, Summer20, Autumn20 or Maggie12, Maggie13, Maggie14 passwords. That then get posted under the keyboard so I can remember that I’m up to “14” now. Couple that with the overhead of supporting password resets for those who didn’t write it down and happened to forget the password. I’d been a proponent of long password expiry coupled with increased complexity requirements. Maybe !Maggie-19? is good for all of 2019. It’s nice to see a major IT vendor starting to realize the real-world impact of IT policies.

Reading VMWare and Hyper-V Disk Files

libguestfs-tools-c, which was installed when I set up the Linux VM server, can mount VMWare and Hyper-V disks.

[root@server /data/Virtual Machines/_Backup/VMWare/Win - Copy/]# guestmount -a WinHardDisk.vhd -m /dev/sda1 --ro /mnt/vhdx/
[root@server /data/Virtual Machines/_Backup/VMWare/Win - Copy/]# ls /mnt/vhdx/
AUTOEXEC.BAT COMMAND.COM FRUNLOG.TXT MSDOS.SYS 'Program Files' SETUPXLG.TXT VIDEOROM.BIN
BOOTLOG.PRV CONFIG.SYS IO.SYS 'My Documents' RECYCLED SUHDLOG.DAT WINDOWS
BOOTLOG.TXT DETLOG.TXT MSDOS.--- NETLOG.TXT SETUPLOG.TXT SYSTEM.1ST WUTemp
[root@server /data/Virtual Machines/_Backup/VMWare/Win - Copy/]# umount /mnt/vhdx

Screen Mouse Scrolling Sends Arrows

I’m finding all sorts of things we researched and sorted on the old server without documenting 🙁 Today’s discovery is that screen uses alternate screens where the mouse wheel sends arrow keys. Which means you end up going through your history instead of scrolling up a few lines. Fix? Either create a .screenrc in the user’s account or globally change /etc/screenrc (which is what we do):

 

[root@server-replacement ~]# diff /etc/screenrc /root/oldserver-screenrc
216a217,218
>
> termcapinfo xterm* ti@:te@

Zoneminder, time zones, and php-fpm

I’m in the process of installing Zoneminder on our new server. It was a fairly straightforward process — stop Zoneminder on the old server, dump the SQL database, fix the DEFINER values since I’m using a central database server instead of a server on localhost, install Zoneminder, copy the config file, set up the database user, pull in the SQL file, and start it all up.

Visiting the website, I get “ZoneMinder is not installed properly: php’s date.timezone is not set to a valid timezone”. I’d forgotten to set the timezone in php.ini. Added ‘date.timezone = “America/New_York”‘, restarted httpd and Zoneminder. And got the same error.

<?php
error_reporting(E_ALL);
var_dump(ini_get('date.timezone'),date_default_timezone_get());
?>

It’s not set. This isn’t a funky Zoneminder thing — this is a PHP problem. I realized that PHP now runs as its own service. Restarting httpd is insufficient. Restarted php-ftm and the time zone I’d set in php.ini showed up. This is a case where a reboot would have sorted it … but good to remember that, when changing PHP settings, the php service needs to be restarted.

Did you know … Teams meetings now include closed captioning?

When you record a Teams meeting, Stream can generate a transcript of the meeting. Great for making meeting minutes or creating searchable content from meetings. But it doesn’t help someone who doesn’t here so well *participate* in the call. And the attendee at a noisy aeroport? They’re stuck waiting for the transcript to be generated. Microsoft had demonstrated a few new meeting features earlier in the year — background replacement and live captioning. While I still cannot drop the company logo behind me … live captioning has started to show up in tenants. This is currently in preview — which means you may encounter glitches. Instead of waiting for a transcript to be generated for a recorded meeting, live captions provide real-time on-screen transcription.

To turn on live captioning, click the ellipsis in the call control bar and select “Turn on live captions”.

A real-time transcript will appear in the lower left-hand corner of the screen. The text is large and easily read — at least on my desktop.

Their transcription engine picks up random background noise as interjections — the “oh” in my test, of instance, wasn’t actually uttered. Participating in a discussion with esoteric terms might yield a lot of mis-transcriptions. But it did a decent job with Z-Wave, DSLAM, and antidisestablishmentarianism.

Samba and SELinux

I had a horrendous time trying to get the Samba share on our new server working. It worked insomuchas I could map a drive to the share … but I couldn’t actually see any files. Increasing the log level (smb.conf)

log level = 10 passdb:5 auth:5

showed that, yeah, I was getting a lot of access denied errors.

[2019/12/14 23:04:53.249959, 10, pid=17854, effective(0, 0), real(0, 0)] ../../source3/smbd/open.c:5438(create_file_unixpath)
create_file_unixpath: NT_STATUS_ACCESS_DENIED
[2019/12/14 23:04:53.249982, 10, pid=17854, effective(0, 0), real(0, 0)] ../../source3/smbd/open.c:5716(create_file_default)
create_file: NT_STATUS_ACCESS_DENIED
[2019/12/14 23:04:53.250012, 3, pid=17854, effective(0, 0), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3254(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_create.c:296
[2019/12/14 23:04:53.250038, 10, pid=17854, effective(0, 0), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3142(smbd_smb2_request_done_ex)
smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] body[8] dyn[yes:1] at ../../source3/smbd/smb2_server.c:3304

Many, many iterations of samba configs later, I wondered if SELinux was causing a problem. Temporarily disabling SELinux allowed files to be seen in the mapped drive … so that was the problem. I needed to tweak the SELinux settings to allow Samba to actually share files.

semanage fcontext -a -t samba_share_t "/data(/.*)?"

And

setsebool -P samba_export_all_rw=1

I2C 1602 LCD Display Formatting

We’re setting up an Arduino Uno as a humidity/temperature/lux sensor. A little LCD display came with the kit, so we are playing around with writing to the display. Building out the 2×16 display in Excel was an easy way to organize the information … and I didn’t have to keep re-counting out to find that the humidity output starts at column 11:

Adding CSS To Header

I am currently working on a website that sources in a header and footer — not an uncommon thing to do as this ensures a consistent look across the site. The lead-in code starts head, closes head, starts body, and defines the common page elements (nav bar, etc). The footer then defines some more common page elements and closes body. This approach creates a problem when you want to add CSS. Now you could use style tags within the HTML, but I would rather not have the same style definition twenty times. Yeah, I’d make a single variable out of it and print the style-definition-variable twenty times … but I’d rather have my CSS sourced in from a style-sheet file.

Since I’m already using jQuery to dynamically append elements — add table rows as data is pulled back from the server — I wondered if you could append something to the header. Yes, you can!

/**
* This function appends a CSS file to the document head
*
* @param {string} strFileName Path to CSS file
* @return n/a
*
* @example
*
* loadCSSStylesheetToHead('/path/to/file.css')
*/
function loadCSSStylesheetToHead(strFileName){
var file = document.createElement("link");
file.setAttribute("rel", "stylesheet");
file.setAttribute("type", "text/css");
file.setAttribute("href", strFileName);
document.head.appendChild(file);
}

This allows me to after-the-fact add css from a style-sheet file into the document head.