Category Archives: Deployment

uBank: Sorry, Internet Banking is temporarily unavailable.

uBank is an Australian “Internet bank”, in such that they don’t have any branches. That’s fine, they can do everything except deal with cash. They’re owned by the NAB.

They have an app, which gets an absolute bollocking in the App Store. So people use the website instead. I need to do things with that account about once a month.

Close enough to half the time I try to login, I get the error message “Sorry, Internet Banking is temporarily unavailable.” with a page title of “Login Maintenance”. There’s no other kind of banking with these guys. The last time this happened was just before 4pm, which I believe is the close of transactions for that day. Why the hell would you do site changes in the middle of the day, and why just before the close of business? The NAB is a real bank, and I presume it doesn’t pull this kind of crap. They don’t even give a window (“Out until 14:30” or “Down for five minutes”). No post on their FaceBook website saying “there’s a planned downtime this afternoon” or “Sorry for the emergency outage, but rats were chewing on the coolant lines and that just isn’t okay. We humanely hit them with sticks until they stopped.”.

This is a very bad railroad.

Installing a secure Apache webserver to run Perl

So, you want to run Perl on the web, because it’s the 90s all over again. You want HTTPS, because… no, there’s no because.  You want HTTPS.  Who wouldn’t?  Here’s what you do on a Debian Linux such as Ubuntu:
sudo apt-get install apache2 libapache2-mod-perl2
mod-perl is an Apache module that allows Perl programs to be executed from Apache.

Our goal is to get /var/www/html/index.pl running at http://www.example.com/index.pl:

#!/usr/bin/perl
print "Hello World"

Disable the default Apache virtual host:

sudo a2dissite 000-default.conf

Create an example.com.conf file in /etc/apache2/sites-available with your text editor, replacing instances of example.com with your own domain name in both the configuration file and in the file name /etc/apache2/sites-available/example.com.conf

<VirtualHost *:80>
     ServerName example.com
     ServerAlias www.example.com
     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined
     <Directory /var/www/>
              Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
              AllowOverride None
              AddHandler cgi-script .pl
              Require all granted
     </Directory>
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
     ServerName example.com
     ServerAlias www.example.com
     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined
     <Directory /var/www/>
              Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
              AllowOverride None
              AddHandler cgi-script .pl
              Require all granted
     </Directory>
</VirtualHost>
</IfModule>

If you have multiple sites, you’ll want to do things with DocumentRoot to isolate them from each other. But that’s for another post.

You might add in DirectoryIndex /index.pl to make http://www.example.com/ execute your program.

The Directory section above allows you to isolate executable code from served code, which is good practice. For this example we’re dumping the executable in with everything else, which is questionable.

Repeat this process for any other domains you host.

sudo a2ensite example.com.conf
sudo ln -r -s /etc/apache2/sites-available/example.com.conf /etc/apache2/sites-enabled/example.com.conf
sudo service apache2 restart

Punch holes in your firewall for ports 80 and 443.  Navigate to http://www.example.com/index.pl to check all is okay. You ought to see Hello World displayed for your website.

Having security used to be a pain.  SSL certificates signed by a recognised CA cost money, and then you’d have to keep them up to date, and there wasn’t process automation, so you’d do all that stuff by hand.  LetsEncrypt address all these problems, handing out free certificates and scripted everything.

Now it’s time for the S part of HTTPS:
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-apache
sudo certbot --apache

certbot renew
If that works, we’ll automatically renew our 90-day certificates every month:
echo '@monthly root /usr/bin/certbot renew >> /var/log/letsencrypt/letsencrypt-auto-update.log' | sudo tee --append /etc/crontab

Done.  You’ll never have to worry about certificates again. Now alter your Apache sites-available file (look in /etc/apache2/sites-available/) to include the (optional) redirect HTTP to HTTPS and the mandatory location of the SSL certificates:

<VirtualHost *:80>
....
# Only allow HTTPS
RewriteEngine on
RewriteCond %{SERVER_NAME} = example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
...
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

Now make the secure version live, and in the process the insecure one… shy? When a request is made for a http page, like http://example.com/index.html, the response will be “Here’s https://example.com/index.html where what you asked for has moved to… forever!”:
sudo service apache2 restart
Now requesting http://www.example.com/index.pl ought to deliver you to https://www.example.com/index.pl

Banshee: please, pick a version

Banshee is a cross-platform audio player built using Mono.

If you go to the official website and install Banshee for Windows, you’re offered version 2.4.0 with warnings about it being alpha and all (as of April 16, 2013 the latest version is 2.6.1). Once you’ve downloaded it, when you then run it up, you get the following dialog:
install-then-upgrade

Infuriating.  Why wasn’t I offered that one by the website? Naturally, one selects “Hell yes, give me the current (actually, still behind the main branch, but more current than what I’ve got) release!”, which is then followed by
download-failed

and no freaking explanation of what went wrong. How am I meant to fix this? Given that the project is built for a VM, why am I offered one version, then offered the chance to update to a different version, and both of these versions are behind the current release?

Gagh!

Windows Media Center Edition 2005 doesn’t need wmlauch.exe

For those of you installing Windows Media Center Edition 2005 off MSDN disk 2429.4 (November 2005) and freaked out by it asking for a Windows XP Service Pack 2 (Windows XP SP2) disk, don’t worry: Just select the “skip this file and continue anyway” option because the install doesn’t need wmlauch.ex_ or wmlauch.exe – and I’m lead to believe that Windows XP SP3 will add it, or if not, Automatic Updates will. Just relax, and go with the flow.

I think that’s enough keywords, searching ought to find this now. Oh, hang on: Windows MCE 2005.

BTW, your XP Professional disk with integrated SP2 doesn’t hold the requested file, so don’t bother looking.

Busy

Too busy to post much. Major deployment this weekend. Though I’m not working as hard as some of the other guys; thankfully (and due in no minor part to our excellent tester) I think most of our stuff is under control.

Dr Watson bites arse

I had a program that was crashing at the customer site, but not in any way I could reproduce back at the office. I wasn’t able to load up a dev environment on the affected box, but someone had the bright suggestion of running Dr Watson (DrWtsn32.exe), and checking out the stack trace. As we all know, if you know your codebase well enough, you can almost explain a crash just by where it happened.

So I created an exe with debug symbols and optimizations removed, and waited for the crash. The DrWtsn32.log contained, amongst other things, the dump of the thread that caused the program crash:


*----> Stack Back Trace < ----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0100F9E8 00438172 01010460 0100FBE0 0100FB00 00D85698 !<nosymbols> 
0100FAF4 0048DD45 01010460 0100FC54 0100FBFC 00D85698 !<nosymbols> 
0100FBEC 004C3DBE 0106D028 00000114 0100FC60 0100FC64 !<nosymbols> 
0100FC54 004C3C17 00D8AFC0 00000114 0100FD60 0100FD70 !<nosymbols> 
0100FCDC 004CBDE9 010101F0 00000110 0100FDE0 0100FD70 !<nosymbols> 
0100FD60 004C6FC5 010101F0 00000110 0100FE44 0100FDF0 !<nosymbols> 
0100FDE0 004B63BD 010101F0 00000110 0100FEEC 0100FF00 !<nosymbols> 
0100FE50 004B61B6 010101F0 00000110 0100FF7C 0100FF00 !<nosymbols> 
0100FEEC 004B5C9C 010101F0 00000110 00000001 000001FB !<nosymbols> 
0100FF7C 1020BFD2 00D84058 000001FB 00130178 00D85698 !<nosymbols> 
0100FFB4 77E8B2D8 00D85698 000001FB 00130178 00D85698 !beginthreadex 
0100FFEC 00000000 1020BF20 00D85698 00000000 00000008 kernel32!lstrcmpiW 

Which added nothing to my understanding of what went wrong, beyond it happened at some point after the thread started. Great. Did I mention I’d done a debug build – the kind with all the symbols compiled in? Anyway, I figured switching to the binary output (which I understand is like a unix core file) may provide further explaination.

The format of the binary output from Dr Watson is lost in the mists of time. I had to go to an NT4 server install CD (you have to love the pack-rats who keep the German Server version of NT4 ©1999!) to locate the two necessary files for working with the user.dmp file it generates. The files are DUMPCHK.EXE and DUMPEXAM.EXE.

Running DUMPCHK.EXE gives a little output

C:\...\RetailGateway>dumpchk user.dmp

Filename . . . . . . .user.dmp
Signature. . . . . . .USER
ValidDump. . . . . . .DUMP
MajorVersion . . . . .5
MinorVersion . . . . .0
DirectoryTableBase . .0x0000014c
PfnDataBase. . . . . .0x00000004
PsLoadedModuleList . .0x00000018
PsActiveProcessHead. .0x0000009a
MachineImageType . . .NumberProcessors . . .7528
BugCheckCode . . . . .0x00001f65
BugCheckParameter1 . .0x000000a0
BugCheckParameter2 . .0x00000040
BugCheckParameter3 . .0x00001ca8
BugCheckParameter4 . .0x00d6df65

ExceptionCode. . . . .0xc0000005
ExceptionFlags . . . .0x00000000
ExceptionAddress . . .0x0045b4a9
ExceptionParam#0 . .0x00000000
ExceptionParam#0 . .0x00000000

At which point I got this dialog: DUMPCHK barfs reading the user.dmp file from Dr Watson
“Oh well,” I thought, “I’ll just head on straight to examining the dump, rather that checking it.” Unfortunately, DUMPEXAM.EXE wasn’t on my side. All I got was:

C:\...\RetailGateway>dumpexam user.dmp
unsupported processor type

Which is useless. Which is the sum value of the binary dump from Dr Watson. And, in this case, all of the output from Dr Watson.

Warning!

Warning in the custom configuration options of a setup program:

This component is an essential part of the application. If it is not installed, the application will not run properly

Well if that’s the case, why even give me the option of not installing it?!