Switching to pfSense
I’m switching the main firewall at the warehouse over to pfSense this week. I was using ClearOS (and may still switch back), but I really don’t use many of the features — actually just the mail server — so it’s a little overkill. And they’re changing versions again. The newest version just released is switching to a marketplace for all the apps (most of which are free) but it’s a little confusing and doesn’t quite work right yet. And as the office is still having issues uploading to my web server I’m hoping this switch will fix it.
pfSense works great on the test box I made. I need to get used to the layout, though. The menus aren’t grouped the way I would expect. For example, the System menu doesn’t have Shutdown / Reboot. Instead, Shutdown is listed as Halt in the Diagnostic menu and Reboot is listed several entries below. The menus are alphabetical and not grouped by task.
The only major complaint that I have is in the buttons Add, Edit, Delete, and Move. They really should just have used the words instead. I know the button with the plus symbol means “Add” but I still have to mouseover to make sure that’s what it does. Also, they’re clumped together in a bunch so it’s very easy to miss and hit the wrong one. At least for me, I’m clumsy.
It is very powerful (and somewhat daunting in parts — Traffic Shaping, for example) and once I find a replacement for the ClearOS mailserver I’m going to swap boxes and see what breaks.
PerlTk, Hiding the Button
I’m working on some PerlTk code, and I need to hide a “Print” button until the transaction is complete. There’s no option for hiding a button other than packForget() or gridForget(), but both of those can mess up the flow because (although they leave a placeholder) they remove the object from the layout causing it to reflow.
I hacked around and came up with this:
my $button1 = $mw->Button(-text=>"One",-command=>\&toggle_button)->grid(-row=>0,-column=>0);
my $button2 = $mw->Button(-text=>"Two",-command=>\&print_report)->grid(-row=>0,-column=>1);
$blank = $mw->Label(-text=>" ")->grid(-row=>0,-column=>1,-sticky=>"nsew");
sub toggle_button() {
if ($blank->ismapped) {
$blank->gridForget();
}
else {
$blank->grid(-row=>0,-column=>1,-sticky=>"nsew");
}
}
The Label covers the button so it’s hidden and can’t be clicked. And I can gridForget() it without the whole screen reflowing. The only downside is the row and column need to be fixed, so I don’t know if this would work with pack.
Dropbox and SQLite3
Today I learned that multiple inserts to a SQLite database in a Dropbox folder is a bad idea. Each insert is a write, and after each write Dropbox locks and syncs the .db so the next insert is delayed… I was averaging a second for every two inserts!
Ubuntu and Firefox
Ubuntu has pushed Firefox 10 out to the LTS versions (10.04). It showed up in last months updates. There’s only a few small problems.
For some reason, the folder icons in Bookmarks don’t show up. Also, there’s no way to remove “Unsorted Bookmarks” from the bookmark menu. Both can be fixed by editing
/home/USER/.mozilla/firefox/PROFILE.default/chrome/userChrome.css
(make one if you don’t have one, you’ll need it eventually). Add this code, the top part fixes the missing folder icons (found on Fedoraforum.org), the bottom part removes the “Unsorted Bookmarks” (found on ffextensionguru.com)
@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
menu.bookmark-item > .menu-iconic-left {
visibility: visible;
}
#menu_unsortedBookmarks,
#bookmarksMenuPopup > menuseparator[builder="end"]
{display:none!important;}
Worldship Batch Import
I found out this morning that a single-quote in someone’s name will cause a batch import to crash UPS Worldship with an illegal database operation. I’ve mentioned before that Worldship doesn’t like double-hyphens (http://www.chown-r.com/press/?p=359) but now it seems I have to scrub everything that’s not alphanum to make sure it’ll make it through the batch import. I sent UPS an email with the details so it should get some kind of attention.
On a side note, I hate how some programs (OpenOffice) save .csv files as tab separated. “C” in CSV stands for COMMA. As in “comma separated values” Make your own format (.tsv) if you want, but stop trying to push everything to tabs!
Old Ubuntu Still Lives!
I’m building an old Karmic box from scratch ( I need PHP 5.2 ) but the original
/etc/apt/sources.list
is broken now that Karmic has reached end of life.
sed s/us\.archive/old-releases/g sources.list > new_sources.list
Then just replace the original sources.list with the new one. That should get updates working again. You can also do
sed s/security\.ubuntu/old-releases\.ubuntu/g sources.list > new_sources.list
but most everything in security is held back by default so apt-get upgrade won’t work. You’ll need to force and upgrade using apt-get install $package_name.
Ubuntu and Intel
I’ve got a stack of older Compaq Evo desktops that came over from the office when they upgraded last year. Most of them are still running Windows XP, but some I’ve been switching over to Ubuntu 10.04 to use as EDI scanning stations (CUPS works better with the printing in my setup). The problem: Intel.
The computers all have built in Intel 82845G/GL [Brookdale-G] graphics. And every so often (when my USB barcode scanner is plugged in) X and GDM lock up in an infinite black screen – to – pinstripe loop. The only recourse is to shutdown the system. None of the virtual terminals (CTL-ALT-F1 through F7) respond which seems kind of odd. Anyway, it’s a known bug for older Ubuntus. I’ve tried every work around posted but none seem to work. Switching to KMS mode made it crash the whole system instead of just X. So I’m giving up in the Intel driver.
Start by rebooting the system and holding down SHIFT to get the GRUB2 menu to come up. Then choose recovery mode (probably the second line down). Select root shell from the old-school menu and run
# Xorg -configure
to get a base xorg.conf file. Copy it to /etc/X11/xorg.conf (assuming you don’t already have one or backed up the current one) and open it in vim. One of the work-arounds is to add
Option "Shadow" "False"
and
Option "DRI" "False"
to the Device section. But there is no Shadow option in the current i910 driver and DRI didn’t seem to matter which way it was set. Instead, change the driver line:
Driver "intel"
to
Driver "vesa"
The system’s been running now for several days and so far no pinstripe screen crashes. The graphics look just as good as they did with the Intel driver. The only change I had to make was adjusting the resolution back down to 1024 x 768.
DHCP and Broadcast IP
I’ve just found out that my network at the warehouse is somewhat broken and has been for quite a while. I’m running a ClearOS firewall as a DHCP server configured in the 192.168.1.1 – 192.168.1.255 range. When I first set up the firewall I used the development IP range 192.168.5.1 – 192.168.5.255 for testing. Evidently, when I moved it from testing to production the broadcast IP address didn’t get changed to match the new IP range. It’s stuck handing out the broadcast address as 192.168.5.255.
There’s no way to change that in the ClearOS webadmin tool, so I ran a backup and then adjusted /etc/dnsmasq/dhcp.conf with the right IP address. Unfortunately, dnsmasq loves caching so I have to reboot the firewall tonight to get it to notice the new config file (I tried “kill -HUP dnsmasq-PID”, but that doesn’t re-read dhcp.conf).
The main thing I’ve noticed is that most of the computers don’t care that the broadcast address is outside the netmask range. I’m not sure if the systems are correcting it automatically or just using it broken. But everything still seems to work (or I don’t notice any bad traffic).
EtherApe is a great tool for seeing where the traffic is going. That’s how I noticed some of the computers pinging the wrong address which I though was just a rouge test machine pushing packets out the wrong interface.
Sidenote: I’d file a bug with ClearOS, but they don’t make it easy. I have to sign up as a developer first to get permission to file bug reports. I think I’ll just post it in the forums and see if it gets picked up.
Testing EasyONIX
The marketing department needs to run off some reports in Onix (a fancy XML format) so I set up a server running EasyONIX for them on an old XP machine. It takes a little bit of hammering to get it up and running. It can use IIS or Apache to run the web based front end, but it needs Windows to run the EasyONIX server.
- Install Apache 2
- Install EasyONIX
- Move C:\Program Files\EasyONIX to C:\Program Files\old_EasyONIX
- Unpack the update and move it to C:\Program Files\EasyONIX
- Edit C:\Program Files\Apache Software Foundation\Apache2.2\conf\httpd.conf
- Restart Apache
- Launch EasyONIX server
- Browse to http://localhost/easyonix/index.htm
The only trouble part is updating httpd.conf with the right settings. There’s several lines that need to be added to the default config. The first two lines need to be added to the correct section:
<ifModule alias_module> Alias /easyonix/ "C:/Program Files/EasyONIX/" <ifModule>
<ifModule mime_module> AddHandler cgi-script .exe <ifModule>
The last part is the main folder permissions:
<Directory "C:/Program Files/EasyONIX/"> Options Indexes Multiviews ExecCGI AllowOverride None Order allow,deny Allow from all </Directory>
The mapping looks pretty easy although I haven’t tried any test data yet.
Excel Spreadsheet for Worldship
We’ve been doing a lot of promo mailings for the marketing department. They’re giving me an Excel spreadsheet of addresses and I’ve been converting them into CSV format to hand to UPS Worldship to process as a batch job. There’s several problems:
- UPS expects columns to be in the correct order (and the right number of them)
- UPS hates UTF8 (specifically “–” \x2014)
- There’s PO Boxes scattered throughout. And UPS doesn’t do PO Boxes.
So I wrote up a Perl script this week to handle the conversion from now on. CPAN has a Spreadsheet::ParseExcel that can read Excel data, and writing CSV is pretty trivial. The hard part is getting the columns in the right order.
First, I scan through row 0 (the header row) and try to find the columns I need:
# Try to match actual header with desired header
my $count = -1;
SWITCH:
foreach (@header) {
++$count;
/customer/i && do { $link_header{'Customer_ID'} = $count; next SWITCH;} ;
/outlet/i && do { $link_header{'Outlet'} = $count; next SWITCH;} ;
/first/i && do { $link_header{'First_Name'} = $count; next SWITCH;} ;
/last/i && do { $link_header{'Last_Name'} = $count; next SWITCH;} ;
/title/i && do { $link_header{'Title'} = $count; next SWITCH;} ;
/address.+1/i && do { $link_header{'Address_1'} = $count; next SWITCH;} ;
/address.+2/i && do { $link_header{'Address_2'} = $count; next SWITCH;} ;
/city/i && do { $link_header{'City'} = $count; next SWITCH;} ;
/state/i && do { $link_header{'State'} = $count; next SWITCH;} ;
/postal/i && do { $link_header{'Postal_Code'} = $count; next SWITCH;} ;
/weight/i && do { $link_header{'Weight'} = $count; next SWITCH;} ;
/department/i && do { $link_header{'Department'} = $count; next SWITCH;} ;
}
# if none of the fields match, there's no point to going on
die "No Header Row\n" unless scalar(keys %link_header) > 1;
Then, swap the keys with the values so I can look up the values later
my %reverse_header = reverse %link_header;
Then scan through the spreadsheet and try to match the column I’m reading with a header I want:
for my $row (1 .. $row_max) {
for my $col (0 .. $col_max) {
my $cell = $worksheet->get_cell( $row,$col);
next unless ($cell);
my $data = $cell->value();
# if the column of $data is in headers, save the $data.
if (exists $reverse_header{$col} ) {
my $keys = $reverse_header{$col};
...
$temp{$keys} = $data;
}
Then filter out the PO Boxes and the UTF8 stuff and write it out to a CSV. It makes life much easier!
