File /etc/hosts overwritten by JunOS Pulse VPN Client

File /etc/hosts overwritten by JunOS Pulse VPN Client

I’ve been dealing with this issue since loong time and become a mystery for myself. Every time I add new entries to /etc/hosts file in MacOS it only persist for sometimes. It is more or less like every after 30 minutes the files getting overwritten back to previous state. That means my entries lost. I was thinking MacOS did it internally or there are some limitation of allowed entries in /etc/hosts files (I put a LOT of entries since handling a lot of machine at work), but never thought it was due to other application.

Only by today in some discussion it is mentioned the /etc/hosts files can be overwritten by JunOS Pulse VPN Client, as reported on this blog post. Although my observation result different to that post, it is pointing to some crucial part.

First, JunOS Pulse VPN Client will make a backup of /etc/hosts files to /etc/jnpr-pulse-hosts.bak whenever VPN connected. Continue reading “File /etc/hosts overwritten by JunOS Pulse VPN Client”

Advertisements

OSX, USB-to-Serial and ALOM

HLRd system use SUN machines for its HLR-FE, and recent SUN’s machine has ALOM (Advanced Lights Out Manager) to manage the server. Recently, 3 HLR-FE had problem with ALOM NET MGMT interface, thus I can’t connect to ALOM using network connection. The only way is using default connection, it require serial cable to connect.

I am using MacBook, and like recent common laptop there’s no serial port. So the only way to use usb-to-serial cable for connecting to serial port on SUN’s machine. The cable already packaged with driver for Linux, OSX, and Windows. It’s very easy to install, but if you don’t have the driver or it’s lost, you can try to use prolific driver.

The driver wouldn’t create permanent link to device via /dev filesystem, but it will automatically create when we connect the serial connection to peer port. In my macbook, it create /dev/tty.usbserial file. We can connect through ZTerm, but since default OSX terminal application support ASCII communication, I can just use terminal.app to connect to ALOM serial management interface using:

$ screen /dev/tty.usbserial 9600

And it just simply connected to ALOM.

Ah ya, regarding problem of NET MGMT interface is not enabled even though configuration already applied on ALOM, it will be solved by resetting the ALOM (resetting the ALOM won’t reboot the host server, thus safe to be done in live system). A friend of mine from Fujitsu told me sometime ALOM is like hanging (??!@?!) and reset is necessary to make it work properly again.

X11 Forwarding using SSH

I used to operate Solaris server at work, and sometimes I need to use Desktop application from that server. I learned for the first time at Siemens Indonesia using export display from solaris machine into local machine (laptop) which run M$ Windows, at that time we have exceeds application inside laptop which can be used to retrieve X session from solaris. Exceeds act just like Xserver for Microsoft Windows.

This method is used until few months ago. I admit it was easy using exceeds especially for XDMCP Query or XDMCP broadcast protocol, using that protocol we can retrieve login session and log into that solaris machine. Unfortunately, I am using Mac OSX. And to do that, I had to fire-up my Windows under Virtual Machine or reboot and log into Microsoft Windows as my second boot OS. Usually it’s not a big problem, because what usually important is playing with “nwadmin”, it’s a window based administration tools for networker application. Networker application itself is a software for backup&restore within @vantage platform which I am handling at work.

While working in Georgia, the network is quite restricted. Somehow I can’t use my Windows virtual machine to run “nwadmin” remotely using “export display”. I have to reboot OSX and log into windows just to manage B&R window. It’s annoying. Later I tried to look another way retrieving solaris window application from my OSX.

I tried to follow using old method, that is using export display. But it was failed due to authentication. I already start X11 on my OSX, and perform “remote DISPLAY=<OSX_IP_ADDR:0.0>”, but it show error:

Xlib: Invalid MIT-MAGIC-COOKIE-1 key os x

That error appear on console of solaris, while from OSX it said client connection was rejected. I was trying to dig deeper about this “MIT-MAGIC-COOKIE” thing but unfortunately my attention was go to some statement on one forum which said it’s better to use SSH X Forwarding, it’s more secure. Well, system within HLRD these days also give more restriction for security, like hardening the operating system, using SSH instead of telnet or rlogin, etc. So I think it’s better to use SSH-X-Forwarding to get “nwadmin” windows.

Configuration is pretty easy. From solaris server just modify sshd configuration (/etc/ssh/sshd_config) to enable X11 Forwarding:

X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes

Restart sshd on solaris.

From X11 application on OSX, start terminal (xterm), and ssh using -X option to that server:

bash$ ssh -X root@[B&R_IP_ADDR]
root@B&R# nwadmin

Just run some X application, it will immediately show the window on our OSX Desktop.

Restore Microsoft Entourage Mails

Before leaving to Georgia, I reinstall my MacBook from scratch. But I already backed up everything inside my OS X using time machine to external harddisk. After reinstallation, I realized hadn’t save all my email from entourage. I don’t know much about how Microsoft Entourage works, but I believe there’s feature to export before reinstall and then import email after fresh install. There’s lot of knowledge from past experience working on Tanzania project as HLRi consultant, and whole of those email are very important for me.

I didn’t try harder to look a way for restoring those email, but some search using google didn’t show some good result at that time.

Just now, Given, a friend of mine who work for Vodacom project ask about solution of problem we ever had in Tanzania few months ago. I don’t remember how to solve it, but I am sure it was written on one of my archive email during work for Tanzania project. So I am curious for trying to look once again about how Microsoft Entourage work, and it made me come into this site.

Everything is clear there. What I need to do just open time machine from current OSX, use previous external harddisk to find location of “Office 2008 Identities”, and restored. And then use “switch identities” from Microsoft Entourage Preference, after upgrade identities finished, open the Microsoft Entourage gave me all email, contacts, reminder, etc from previous Microsoft Entourage.

Ah ya, I can retrieve solution for that problem in Tanzania by searching through archive mail, that’s why archive email is really important :). Thx Given!

OpenSolaris on MacBook

Jadi ceritanya saya ingin install opensolaris di laptop MacBook Black, berhubung kondisi MacBook-nya sudah acak kadut sejak di install leopard akhir tahun 2007 silam, maka sekalian melakukan bersih-bersih. Kebetulan ada harddisk external 400G, jadi tinggal setup di salah satu partisi-nya menggunakan TimeMachine untuk backup, kemudian install ulang leopard, dan restore beragam file-file yang kiranya memang dibutuhkan alias penting.

Good.

Selanjutnya tinggal install opensolaris. Sebelumnya sudah pernah coba install under VMWare dan berjalan mulus-mulus saja, jadi saya rasa tidak ada masalah. Tinggal buat partisi baru dengan tools ‘diskutil’ MacOS, dan jalankan livecd opensolaris untuk fresh-install. Sayangnya saat proses pengecekan disk terdapat kegagalan, berikut ini log-nya:

[cc]

Timezone setting will be TZ=UTC
Set timezone
System reports enough physical memory for installation, swap is optional
disk partition info changed
Timezone setting will be TZ=Asia/Jakarta
Set timezone
Disk was changed
Disk contains valid Solaris partition
whole_disk = 0
diskname set = c8d1
Set fdisk attrs
fdisk: fdisk -n -F failed. Couldn’t create fdisk partition table on disk c8d1
Couldn’t create fdisk partition table on disk
Could not create fdisk target
TI process failed
Target instantiation failed exit_val=-1

[/cc]

Klo dilihat dari pesan error -nya sih sepertinya installer opensolaris mengalami kegagalan saat mau kutak-katik tabel partisi pada harddisk, dalam hal ini hubungan nya dengan MBR (Master Boot Record). Sebagai informasi, di sistem operasi MacOS yang diinstall pada hardware seperti MacBook maka bagian awal harddisk akan bertipe EFI. Bagian ini akan berisi boot loader yang berinteraksi dengan EFI. Nah, kelihatannya opensolaris yang menggunakan utility fdisk gagal melakukan modifikasi pada MBR tersebut.

Setelah googling sebentar saya menemukan artikel berikut ini, pada artikel tersebut tertulis cara untuk meng-update ‘disk id’ yang semula EFI untuk menjadi sama dengan ‘disk id’ filesystem OSX (HFS+).

[cc]

Change the EFI partition’s ID:
fdisk -e /dev/rdisk0
setpid 1
AF
write
quit

[/cc]

Setelah itu tinggal reboot dan lakukan instalasi OpenSolaris melalui Live CD. Langkah lengkapnya dapat dilihat pada blog tersebut. Namun blog tersebut menggunakan opensolaris yang dirilis sekitar tahun 2007, jadi jika kita menggunakan opensolaris yang terbaru (saya menggunakan 2009.06) maka hampir semua langkah manual yang perlu dilakukan telah terkonfigurasi secara otomatis.

Hm, kenapa opensolaris?! sebetulnya ini berhubungan dengan pekerjaan saya di dunia telekomunikasi. Sudah 3 tahun lebih pekerjaan saya berhubungan dengan sistem operasi Solaris, namun tidak pernah dipelajari secara mendalam atau serius. Berhubung kehidupan di dunia nyata semakin besar tantangannya dan tidak bisa setengah-setengah maka saya putuskan untuk lebih serius lagi menekuni bidang pekerjaan ini.

HLRD menggunakan Solaris serta Linux sebagai Operating Systemnya. Untuk Linux saya sudah cukup sering berinteraksi sejak di kuliahan sehingga tidak begitu kesulitan mempelajari teknologi baru di HLRD yang berjalan diatas Linux, yah semoga saja dengan opensolaris ini bisa lebih dalam lagi elmu solarisnya hehe…

Books: Cocoa(R) Programming for Mac(R) OS X (3rd Edition)

Buku yang luar biasa bagi para newbie dibidang cocoa programming. Saya mengalami beragam hambatan saat mempelejari teknologi OSX terutama Objective-C dan Cocoa, namun setelah membaca buku ini beragam pengetahuan padat bisa didapatkan. Aaron Hillegas mengemas buku tersebut dengan sangat apik, dan penjelasannya yang terstruktur dan step-by-step membuat kita lebih mudah memahami karakteristik cocoa.

Cocok buat para pendatang baru yang ingin mempelajari programming OSX maupun iPhone :).

Mac OSX Update 10.5.7

The 10.5.7 Update is recommended for all users running Mac OS X Leopard and includes general operating system fixes that enhance the stability, compatibility and security of your Mac.

For detailed information on this update, please visit this website: http://support.apple.com/kb/HT3397.
For detailed information on security updates, please visit this website: http://support.apple.com/kb/HT1222.

Sudah sejak 12 May 2009, tapi saya baru lihat detail updatenya apa aja, ini juga belum sempat download karena ternyata update ke 10.5.7 ini merupakan major version jadi size download update-nya lumayan besar (449MB). Yang menarik, sepertinya patch untuk hole ini termasuk baru diikutsertakan sekarang. Jadi apple lebih memilih menunggu untuk release patch bersamaan dengan update-update lainnya, walaupun sebetulnya bugs ini sudah cukup lama beredar di public.

Disk Images

CVE-ID: CVE-2009-0150

Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6

Impact: Mounting a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution

Description: A stack buffer overflow exists in the handling of disk images. Mounting a maliciously crafted sparse disk image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.5. Credit to Tiller Beauchamp of IOActive for reporting this issue.

Saya belum download dan install update 10.5.7 ini, tapi setelah download ingin coba lagi exploit fcntl tersebut masih bisa atau tidak.