Squid + HAVP + HTML 5 Video tag
Ok, so Fire Fox 3.5 came out yesterday and it now fully supports embedded video objects via the HTML 5 video tag.
Excitedly, I went to test the functionality of this new feature. However, when testing again this URL: http://www.mozilla.com/en-US/firefox/video/ I found that the browser began to load the video but it appeared to just hang. Now, I am using this browser on a network that sends all http traffic through a proxy server which runs Squid, HAVP and SquidGuard.
After further investigation I determined that there was a default setting in the HAVP configuration file (/usr/local/etc/havp/havp.config) that was causing this issue.
Look for this section in the config file:
# Allowing Range is a security risk, because partial
# HTTP requests may not be properly scanned.
#
# Whitelisted sites are allowed to use Range in any case.
#
# Default:
# RANGE false
Change RANGE to:
RANGE true
Remember to restart your HAVP processes.
Now, the browser will be able to play videos since it needs to request files via ranges.
Let me know if this helped you out.
Installer Service is not Accessible
I have run into a strange condition on some Windows XP boxes before(imagine that). When I try to install or uninstall anything (including windows updates), I get this error message:
The Windows Installer Service could not be accessed.
This can occur if you are running Windows in safe
mode, or if the Windows Installer is not correctly
installed. Contact your support personnel for assistance.
I don’t have a clue what is causing the Windows Installer Service to not be accessible any longer. However, I have found that the fix is quite easy.
Essentially, you need to be logged in with Administrative privileges and run these two commands from the command line:
msiexec.exe /unregister
msiexec.exe /regserver
This link is the official MS KB article I found this in:
Blocking Flash Ads…
I like to use older and slower hardware to browse the web, etc. These machines have no problems doing this job normally, so theres no reason to replace them and add them to landfills. Just install your Linux distro of choice on them and you are ready to surf (virus free, I might add).
However, there is one thing I have found to consistently detract from my browsing experience on such machines: Flash Ads
These awful and useless pieces of marketing usually waste a huge amount of processing power on nothing. Often I will see them playing animations and things while they burn through almost 90% of CPU power. It’s sad even to imagine how much electricy they waste in causing the processor to run at such a high load. Yikes, just imagine that number multiplied by all the people in the world browsing to sites that use Flash Ads.
Well, if you’re like me and you think enough is enough. Here is how you can block them on your browser.
You must be using Firefox. (If you are not already using Firefox, you should start using it immediatly. Firefox is one of the most secure browsers.)
Install the extension: Ad Block Plus
Once it is installed, you need to add a filter for Flash. Click on Tools -> Add-ons -> Extensions -> Preferences -> Add Filter -> *.swf -> OK
This will block ALL flash content. Obviosly, you can fine tune this to only block certain really annoying sites, etc.
Message stuck in Microsoft SMTP service Queue
Recently I ran into a problem where emails that were generated using CDOSys were getting stuck in the Microsoft SMTP service outgoing queue. If you are having problems with the Microsoft SMTP service, you may have discovered that it is difficult to troubleshoot. This difficulty is mostly caused by the fact that the service has very little logging available to it. It is true that you can enable logging via the IIS console, but that logging is minimal at best. Errors are not recorded very well in that log.
I did spot in the event viewer some interesting entries that were complaining about internal DNS errors that appeared to be coming from the SMTP service. Upon further research I found that IIS 5.0 running on Windows Server 2000 is not able to make DNS queries via UDP. IIS is only able to query DNS servers using TCP. This poses a problem since TCP is usually only used for zone transfers; therefore most DNS servers have TCP blocked and only allow UDP queries.
This will result in the SMTP service being unable to query DNS at all. In that state SMTP service will initially process mail that is put into the ‘pickup’ directory by CDOSys, and move it into the ‘queue’ directory. From this directory it is normally processed further and sent to the next MTA. However, when SMTP service is unable to query DNS it just leaves the message in the queue directory and begins ‘BadMail’ processing.
How can you test to see if this is the issue you are having? The first step I recommend is using nslookup to verify proper operation of DNS as per the needs of IIS 5.0. Simply run nslookup from the command line (this can be done on either Windows or Linux), and force it to do all queries using TCP. While in nslookup enter:
set vc
Now any queries you enter will be done using TCP. If this fails, try turning off forced TCP and run the query again. If this works you know that the IIS server cannot make TCP DNS queries to it’s designated DNS server. You can turn off forced TCP by using this command in nslookup:
set novc
Also there is a useful tool from Microsoft that runs various mail sending steps and can help you in debugging this and other issues with SMTP service. This tool is called SMTPDiag. Here is a good article that shows a little on how to use SMTPDiag.
If you have determined that your mail is getting stuck because of TCP DNS queries being rejected or dropped, there are essentially three options for you to fix this:
- If your firewall is preventing TCP DNS queries, modify the rules to allow it.
- If possible, change the configuration of the DNS server to allow TCP queries.
- Change the IIS server to use a DNS server that is configured to allow TCP queries.
Use the nslookup procedure shown above to determine both that the firewall rules are configured to allow TCP queries AND that the DNS server that you’d like to use is allowing TCP queries. Once are sure that you have set IIS to query a DNS server that allows TCP queries, simply restart the SMTP service and all mail in Queue should begin to process.
Remember: On Windows Server 2000, you must reboot the server after you changed the DNS servers for a interface in order for the change to take effect.
Event Report: Fedora at Notacon 5
The Notacon 5 event took place April 4th – 6th 2008 in Cleveland Ohio. The Fedora table was in operation all day on Saturday, April 5th. Notacon is a new but growing technology conference. This year, the conference saw the largest turn out yet. The final count of attendance (including presenters, staff and participants) was about 350 people. There are two presentation rooms in operation during most days of the event. Including tables/booths, such as Fedora’s, as well as many workshops, demonstrations, etc.
This was the first year that Fedora had a presence at Notacon. We were provided an excellent table location to use. I had three 3′ x 2′ full color/glossy posters printed. The posters were, Infinity, Freedom, and Voice. I hung these on the wall behind the table. The table featured pamphlets about Fedora, Fedora stickers, Fedora Live CDs, Fedora DVDs, Fedora Ambassador business cards, a lava lamp, and free brownies. There was also a sign posted stating that source code was available upon request or via download from http://www.fedoraproject.org. I also had about eight DVDs of the source code on hand should anyone have asked for a copy.
The Fedora table enjoyed much attention. We met people that ranged from not knowing what Fedora was at all to being a Fedora package manager. One person who came up to the table stated that they had Fedora installed but had decided to over write it with Ubuntu. However, he was unhappy with Ubuntu and wanted to switch back to Fedora. He was prevented from doing so because he could not get the Fedora install to complete. We told him to bring his laptop over and we’d help him fix the issue. A few minutes later he came back to the table with his laptop and we were able to correct the problem, and in minutes he had a new shiny install of Fedora…he was very pleased. It’s fun spreading Fedora goodness.
I tried to mention to all people stopping by that if they had a USB stick with enough free space we’d be glad to create a live image on it for them. One person took me up on the offer. He got to choose the Fedora 8 live image or the Fedora 9 Beta live image, he chose the beta. He gave me the USB stick and came back in ten minutes to pick it up. He seemed quite impressed that we offered this service. Several people voiced interest in this option but did not have a USB stick with them that could be used. It think we’d see great success in the future if we had USB sticks with a Fedora label on them that we could give to people with a Live image on them.
By the end of the day, the Fedora table had distributed the following items:
- Ambassador business cards: 11
- Fedora pamphlets: 5
- Fedora Live CDs: 42
- Fedora DVDs: 52
- Fedora stickers: 100
- Total amount of media distributed: 94 units
We saw many opportunities to answer questions regarding Fedora and explain a bit about the community and the distribution itself. Some of the questions I found myself answering most often are listed below:
- What is Fedora? (The pamphlets came in handy for this question.)
- What version of Fedora are you giving out?
- What new features will be in Fedora 9? (Two features that people really liked were the encrypted disks and auto partition/resize of NTFS on install.)
- When will Fedora 9 be released?
- How often do new releases of Fedora come out?
- What is Fedora’s relationship to Red Hat?
- How much do the disks cost? (Yes, believe it or not, some people actually thought that we were selling the disks or that somehow Fedora had a price to it.)
- Who do you work for?
The last question is particularly interesting in that some people thought that we were being paid to sell or rep Fedora by some company. It was a nice feeling to be able to explain to them that we were just volunteers and trying to help out the community. This helped to drive home the point that Fedora truly is a community centric project.
In conclusion, I believe that the Fedora table was a great success in it’s first year at Notacon. Surely, many new installations of Fedora have occurred from the media that we distributed. Through answering the questions of the table’s visitors, people have an increased knowledge of Fedora and what the project is all about. Next year I hope to have an even larger presence. Some ideas for next year include sponsoring a presentation room by hanging a Fedora banner behind the podium or including a fedora sticker or media in each guest’s gift bag, etc.
And now for the part you’ve been waiting for…here are some pictures of the Fedora table at the event.
Special thanks to:
- ‘Froggy’ and ‘Tyger’ of the Notacon staff for generously providing the table for Fedora’s use.
- Jeff ‘iWolf’ Tadlock for all of his assistance and encouragement in organizing the Fedora table for this event.
- Matt Kovach and Martin Hebrank for assisting in staffing the table.
So difficult to change the HAL on Windows 2003 Server R2
I run several Windows Server 2003 machines in a virtualization cluster called Virtual Iron. For a while VirtualIron could only support uni-processor virtual Windows machines. So all of my currently running machines were installed on uni-processor hardware.
Recently, VirtualIron released the much awaited version 4. One of the many new features of this version, was that you can now create multi-processor Windows guests. Today, I decided to change one of my guests to have two processors. I then restarted the machine, excited to see it run with double the processing power that it had before. However, there was a problem…
Script to display OpenVPN status
Well, I won’t claim it’s pretty or the most efficiently written script ever made….
However, I had a problem. OpenVPN, when it is run in daemon mode, do not give you any easy was to check who is currently logged into the VPN or what the internal routes are, etc. I learned from reading the man page, that you can cause the daemon to output status if you send a SIGUSR2 to the process. Now, if OpenVPN is not running as a daemon, it will send the status to stdout; if it IS running as a daemon, it is sent to syslog.
So, you can tail your /var/log/messages and read the stats. But that’s kinda clunky and certainly not easy for people with weak shell skills. Some people who help admin my OpenVPN server are not shell savvy, so I wanted to make a utility you could use to easy display the current stats.
