Blogging Techstacks tag:typepad.com,2003:weblog-78092932782397196 2012-02-08T09:30:00-05:00 A blog, support, and help resource for web site systems adminstrators, developers, and engineers. TypePad Forever Alone? Check Out F5's Valentine's Day "iRule Love" Event! tag:typepad.com,2003:post-6a01156fbc6fe6970c016301041b5b970d 2012-02-08T09:30:00-05:00 2012-02-08T09:30:00-05:00 If there is a better way to celebrate Valentine's Day than sitting at your desk watching a live, streaming webinar about F5 BigIP iRule development tips and tricks, I challenge you to place them in the comments below! The event runs for 90 minutes starting at 10AM Pacific/1PM Eastern on February 14, 2012. If you want to fall in love with Tcl (a Top 50 programming language!) all over again, register for F5's iRule Love live stream. According to the invite, early registrants who attend the event are also eligible to win some DevCentral swag, so you may be able... Chris Mahns

If there is a better way to celebrate Valentine's Day than sitting at your desk watching a live, streaming webinar about F5 BigIP iRule development tips and tricks, I challenge you to place them in the comments below!

The event runs for 90 minutes starting at 10AM Pacific/1PM Eastern on February 14, 2012. 

If you want to fall in love with Tcl (a Top 50 programming language!) all over again, register for F5's iRule Love live stream. According to the invite, early registrants who attend the event are also eligible to win some DevCentral swag, so you may be able to tell your cats, "We got lucky on Valentine's Day! Thanks DevCentral!!"

 

 Apache HTTP Server 2.2.22 Released tag:typepad.com,2003:post-6a01156fbc6fe6970c0168e6838039970c 2012-02-01T17:55:04-05:00 2012-02-01T17:55:04-05:00 The Apache HTTP Server project released version 2.2.22 and it's an important release, addressing 6 "significant" security vulnerabilities: CVE-2011-3368 (cve.mitre.org) - Reject requests where the request-URI does not match the HTTP specification, preventing unexpected expansion of target URLs in some reverse proxy configurations. CVE-2011-3607 (cve.mitre.org) - Fix integer overflow in ap_pregsub() which, when the mod_setenvif module is enabled, could allow local users to gain privileges via a .htaccess file. CVE-2011-4317 (cve.mitre.org) - Resolve additional cases of URL rewriting with ProxyPassMatch or RewriteRule, where particular request-URIs could result in undesired backend network exposure in some configurations. CVE-2012-0021 (cve.mitre.org) - mod_log_config: Fix... Chris Mahns

The Apache HTTP Server project released version 2.2.22 and it's an important release, addressing 6 "significant" security vulnerabilities:

  1. CVE-2011-3368 (cve.mitre.org)  -  Reject requests where the request-URI does not match the HTTP specification, preventing unexpected expansion of target URLs in some reverse proxy configurations.
  2. CVE-2011-3607 (cve.mitre.org)  -  Fix integer overflow in ap_pregsub() which, when the mod_setenvif module is enabled, could allow local users to gain privileges via a .htaccess file.
  3. CVE-2011-4317 (cve.mitre.org)  -  Resolve additional cases of URL rewriting with ProxyPassMatch or RewriteRule, where particular request-URIs could result in undesired backend network exposure in some configurations.
  4. CVE-2012-0021 (cve.mitre.org)  -  mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format string is in use and a client sends a nameless, valueless cookie, causing a denial of service. The issue existed since version 2.2.17.
  5. CVE-2012-0031 (cve.mitre.org)  -  Fix scoreboard issue which could allow an unprivileged child process could cause the parent to crash at shutdown rather than terminate cleanly.
  6. CVE-2012-0053 (cve.mitre.org)  -  Fixed an issue in error responses that could expose "httpOnly" cookies when no custom ErrorDocument is specified for status code 400.

There are also some bugs fixed in this release as well—see the changelog for the full list and, like always, you can download a copy from a mirror near you.

 Apache Tomcat 7.0.25 Released tag:typepad.com,2003:post-6a01156fbc6fe6970c0162ffff846c970d 2012-01-23T11:18:29-05:00 2012-01-23T11:18:29-05:00 The Apache Tomcat team announced the release of Tomcat 7.0.25. There are quite a few new features and bug fixes in this release, including alignment of the Servlet 3.0 specification with the revision A maintenance release, updates to the Eclipse JDT compiler, Commons Pool, and Commons Daemon, and more. See the changelog for more information and download it from a mirror near you. Chris Mahns <div xmlns="http://www.w3.org/1999/xhtml"><p>The Apache Tomcat team <a href="http://mail-archives.apache.org/mod_mbox/www-announce/201201.mbox/%3c4F1B108A.5090707@apache.org%3e" target="_self">announced</a> the release of Tomcat 7.0.25. There are quite a few new features and bug fixes in this release, including alignment of the Servlet 3.0 specification with the revision A maintenance release, updates to the Eclipse JDT compiler, Commons Pool, and Commons Daemon, and more. See the <a href="http://tomcat.apache.org/tomcat-7.0-doc/changelog.html" target="_self">changelog</a> for more information and <a href="http://tomcat.apache.org/download-70.cgi" target="_self">download</a> it from a mirror near you.&nbsp;</p></div> Working Around the Firefox "Confirm Security Exception Button Disabled" Problem tag:typepad.com,2003:post-6a01156fbc6fe6970c0162ffce2142970d 2012-01-19T09:30:00-05:00 2012-01-18T22:19:03-05:00 Here's an interesting workaround to a problem I had been having that has been causing me ssl connection headaches in Firefox for years. Here is a description of the problem: I try to connect to an SSL encrypted page in Firefox and that page generates a certificate warning. What should normally occur (and it used to work) is that you'd get greeted with the "Untrusted Connection" page where you have various buttons to view the certificate, confirm the security exception, or cancel. The problem I've been experiencing is that the Confirm Security Exception button remains disabled and would also show... Chris Mahns

Here's an interesting workaround to a problem I had been having that has been causing me ssl connection headaches in Firefox for years. Here is a description of the problem:

I try to connect to an SSL encrypted page in Firefox and that page generates a certificate warning. What should normally occur (and it used to work) is that you'd get greeted with the "Untrusted Connection" page where you have various buttons to view the certificate, confirm the security exception, or cancel. The problem I've been experiencing is that the Confirm Security Exception button remains disabled and would also show an error message: sec_error_expired_issuer_certificate. There was nothing I could do to get Firefox to accept the cert—not even importing the certificate manually.

I'm not going to claim that this is the fix for all instances but in my case, the ssl warning for the BigIP Admin Console I was failing to connect to was generated for three separate reasons:

  1. The ssl certificate was self-signed
  2. The ssl certificate was expired
  3. I was connecting to the host using its IP address instead of the hostname—the hostname being the common name of the certificate.

However, this wasn't the only set of circumstances where I was having the problem as I was also experiencing it simply connecting to a site using a self-signed cert, (valid date, valid common name).

So, if this happens to be happening to you, the first thing to try is Restart with Add-Ons Disabled, if you can, then try connecting again. Assuming you are then able to successfully connect and the Confirm Security Exception button works, the problem seems to be related to one of your installed Add-Ons.

In my case, the problem was the HTTPFox add-on option labeled "Automatically start watching when browser starts". During a recent round of the testing of various cache-control headers on a new site we were putting up, I enabled this option to save me a few steps in the testing process. As soon as I cleared this Autostart option, I was able to connect to ssl sites that generate warnings.

If you are viewing your Firefox about:config settings page, filter on "httpfox". If set to start automatically when firefox starts, you will find the following configuration setting: user_pref("extensions.httpfox.StartAtBrowserStart", true);. Setting the value to "false" has the same effect as clearing the checkbox but once you restart the browser, user_pref("extensions.httpfox.StartAtBrowserStart", false); will no longer appear in your about:config.

 Apache Tomcat 5.5.35 Released tag:typepad.com,2003:post-6a01156fbc6fe6970c0168e5a2c940970c 2012-01-16T12:28:02-05:00 2012-01-16T12:28:02-05:00 The Apache Tomcat team released Tomcat 5.5.35 today. The changelog lists 18 fixes and improvements including fixes for folks running Tomcat on Windows. You can download a copy from a mirror near you. Chris Mahns

The Apache Tomcat team released Tomcat 5.5.35 today. The changelog lists 18 fixes and improvements including fixes for folks running Tomcat on Windows. You can download a copy from a mirror near you.

 Red Hat Releases WebLogic to JBoss Migration Guide tag:typepad.com,2003:post-6a01156fbc6fe6970c016760786e06970b 2012-01-13T12:22:31-05:00 2012-01-13T12:22:31-05:00 Red Hat Consulting has released a migration guide for folks interested in moving off of WebLogic and onto JBoss. Nice to see the app server wars are heating up again. Chris Mahns

Red Hat Consulting has released a migration guide for folks interested in moving off of WebLogic and onto JBoss. Nice to see the app server wars are heating up again.  

 PlayBook: What's in the Box? tag:typepad.com,2003:post-6a01156fbc6fe6970c0168e4e77406970c 2012-01-04T14:39:43-05:00 2012-02-03T10:31:58-05:00 It may only be mildly helpul news but it was difficult for me to find anywhere online what was included in the box with the BlackBerry PlayBook. Both the iPad and Kindle Fire product pages display what's included with the purchase but all I could find regarding the PlayBook box contents was what was printed on the actual box. So, if anyone's interested in knowing what you won't need to purchase along with your new PlayBook, here's what is in the box (excepting warranty, startup, and safety guides): The PlayBook (obviously) AC Adapter - Over 6' long (2m) cable! USB... Chris Mahns

It may only be mildly helpul news but it was difficult for me to find anywhere online what was included in the box with the BlackBerry PlayBook.  Both the iPad and Kindle Fire product pages display what's included with the purchase but all I could find regarding the PlayBook box contents was what was printed on the actual box. So, if anyone's interested in knowing what you won't need to purchase along with your new PlayBook, here's what is in the box (excepting warranty, startup, and safety guides):

  • The PlayBook (obviously)
  • AC Adapter - Over 6' long (2m) cable!
  • USB Cable to connect the playbook to a computer
  • A neoprene sleeve to carry it in
  • A cleaning cloth

I do have to say that, from a usability standpoint, the very first thing that impressed me with the PlayBook occurred before I had even powered it on. The length of the included AC Adapter is over 6'—twice as long as the one included with my iPad. I know, it seems silly, but when you want to engage in some aimless surfing but also need to recharge the battery, it's nice knowing that one does not need to sit so close to a power outlet in order to do so, (or daisy-chain to an extension cord).

The neoprene sleeve is ok but it is just large enough to cover the PlayBook and that's it. It is clear that, although functional, it's intention is to get you to want to buy something a little more utilitarian. 

 Picked Up a PlayBook tag:typepad.com,2003:post-6a01156fbc6fe6970c0168e4dec42c970c 2012-01-03T11:00:00-05:00 2012-01-02T23:46:38-05:00 I read a lot. I have owned a first generation Apple iPad for a while now and although I love it, reading while laying down in bed or on the sofa can be tough. After an hour or so, I really start to feel the size and weight of the iPad digging into my chest or stomach. I find myself wishing that it was just a little bit smaller. I had been interested in the BlackBerry PlayBook for a long time, primarily due to its smaller form factor but the $499 US starting price tag was hard for me to... Chris Mahns <div xmlns="http://www.w3.org/1999/xhtml"><p>I read a lot. I have owned a first generation Apple iPad for a while now and although I love it, reading while laying down in bed or on the sofa can be tough. After an hour or so, I really start to feel the size and weight of the iPad digging into my chest or stomach. I find myself wishing that it was just a little bit smaller. I had been interested in the <a href="http://www.blackberry.com/playbook/" >BlackBerry PlayBook</a> for a long time, primarily due to its smaller form factor but the $499 US starting price tag was hard for me to justify to myself. It's smaller&mdash;it cannot cost the same as the iPad. It wouldn't matter if it were covered in gold, it is a 7" screen vs. the 10" iPad screen, so it can't cost as much. That may seem over-simplistic but that's what kept me from purchasing it in the past.</p> <p>Besides reading, I use my iPad for general web browsing, email, watching videos and listening to music. Due to the popularity of the iPad and AppStore as an application development and delivery platform, I often found myself having to share the iPad with every member of my family and began contemplating purchasing a second one for home but around this same time, retailers began heavily discounting the PlayBook.</p> <p>Like a lot of people, I've read many of the other blogs and news articles deriding Blackberry as a "dying platform" but I don't believe it yet. Many of the negatives posted for why the playbook is supposedly a terrible tablet were actually positives for me. Yes, there are not that many apps for the playbook as there are for the iPad but, for me, that means my wife and kids won't be borrowing it! It is all mine! I work from home so the lack of 3G support wasn't an issue. Presumably, I can tether it to my blackberry curve when traveling and make use of the phone's data connection then.</p> <p>On December 3o, 2011, the day before the discounts were to end, I managed to find a 16GB model at an OfficeDepot not too far from home. All other retailers in my area were sold out and I was just about to give up and settle* on a Samsung Galaxy Player 5 from BestBuy when I lucked out and managed to grab the last 16GB PlayBook in the store.</p> <p>Periodically, I'll post impressions and opinions on my experiences as a PlayBook user. I have no intentions of rooting the playbook as I prefer to experience what the device has to offer us "regular" users. I have not jail-broken my iPad or other iDevices for the same reasons. At some point in time, I hope that some of the folks at RIM will stumble across some of these posts and consider any potential criticisms or concerns constructively. <i>I have no financial stake in RIM and I am not being compensated by RIM in any way.</i> I like their products though and would like to continue seeing the company succeed.</p> <br /> <hr /> <p>* I say "settle" on a Galaxy Player 5 not because I believe that it is inferior hardware but because I am not too interested in Android due to some hard feelings I have with Google regarding my AdSense banishment. Hopefully, no one will flame me for being anti-Android. I'm not. I'm just not interested in supporting Google right now.</p></div> Top Posts of 2011 tag:typepad.com,2003:post-6a01156fbc6fe6970c0162fee8488e970d 2012-01-02T17:03:41-05:00 2012-01-02T17:03:41-05:00 Here are the top 10 posts of 2011 for my blog, which were published during 2011. Adding iTerm2 Themes iTerm 2 is a great replacement to the built-in OS X Terminal.app and back in February 2011, iTerm 2 introduced support for themes. Initially, it was pretty tricky to figure out how to import themes, which was why I created this post. OMG! A *JBoss* Worm!! JBoss solidified its leadership over Glassfish in October 2011 when a nasty worm affecting JBoss was released. Suppressing the X-Powered-By Header in JBoss This post provides remediation instructions for one of the more commonly found... Chris Mahns

Here are the top 10 posts of 2011 for my blog, which were published during 2011.

  1. Adding iTerm2 Themes

    2. iTerm 2 is a great replacement to the built-in OS X Terminal.app and back in February 2011, iTerm 2 introduced support for themes. Initially, it was pretty tricky to figure out how to import themes, which was why I created this post.

  2. OMG! A *JBoss* Worm!!

    3. JBoss solidified its leadership over Glassfish in October 2011 when a nasty worm affecting JBoss was released.

  3. Suppressing the X-Powered-By Header in JBoss

    4. This post provides remediation instructions for one of the more commonly found Information Disclosure vulnerabilities on JBoss-powered sites.

  4. Here's a Preliminary "Apache Killer" Test Script

    5. Back in August, 2011, the Apache Range Header vunerability was announced with exploit code that allowed anyone to easily DoS an apache site. This script was an initial attempt to detect that vulnerability.

  5. Tomcat 6 Directory Locations on Ubuntu Server 11.04

    6. Many of us are accustomed to the directory layout provided with a stock Apache Software Foundation-provided Tomcat distribution. Ubuntu places files in alternate locations. This post was written so I could easily refer to it when working with Ubuntu and, apparently, it was useful to a few thousand people.

  6. Verifying 'WebDAV HTTP Method PROPFIND Enabled' Remediation was Successful

    7. Older IIS installations commonly suffer from this vulnerability and the script provided in this post provided a mechanism for safely displaying the problem while also verifying remediation was successful.

  7. Update - Adding iTerm2 Themes

    8. In July 2011, iTerm 2 theming support was overhauled making themes easier to manage.

  8. Tomcat Crashes Soon After Successful Startup - Common Causes

    9. This post documented common things that caused tomcat to crash after startup as well as the one that caused me problems.

  9. Some Good HTML5 Articles

    10. Dustin Marx posted a lot of useful and interesting HTML5 articles towards the end of 2009 and the beginning of 2011. I posted this article linking to them, which wound up getting posted to DZone. Hopefully, this provided his site some well-deserved, additional exposure.

  10. Mitigating the Apache Range Header DoS on Ubuntu Apache 2.2

    11. This post is fairly self-explanatory, providing remediation for the Apache Range Header vulnerability on Ubuntu.

 Apache Tomcat 6.0.35 Released tag:typepad.com,2003:post-6a01156fbc6fe6970c015437ed22b8970c 2011-12-06T09:03:58-05:00 2011-12-06T09:03:58-05:00 The Apache Tomcat team announced the release of Tomcat 6.0.35 earlier today. The changelog lists only 1 fix but 6.0.35 also incorporates the fixes and improvements from the unreleased 6.0.34 version. Many of the fixes and improvements appear to be in the area of memory leak prevention and there is a security related fix in this release as well. The security fix is for the recently announced Apache Tomcat Authentication Bypass and Information Disclosure vulnerability. Downloads are available from the usual tomcat 6 mirror sites. Chris Mahns

The Apache Tomcat team announced the release of Tomcat 6.0.35 earlier today. The changelog lists only 1 fix but 6.0.35 also incorporates the fixes and improvements from the unreleased 6.0.34 version. Many of the fixes and improvements appear to be in the area of memory leak prevention and there is a security related fix in this release as well. The security fix is for the recently announced  Apache Tomcat Authentication Bypass and Information Disclosure vulnerability.

Downloads are available from the usual tomcat 6 mirror sites.