Wednesday, May 9, 2012

Converting XML Schema to Relax NG

Needed to convert W3 XML Schema for web.xml files to Relax NG so that I can edit those files in emacs with XML element expansion and syntax highlighting provided by nxml mode. I found a lot of references on the Internet for Sun's XSD to RNG converter. However, most links pointing to Sun website were broken. Finally, I found that RNG converter is a part of the Kohsuke Kawaguchi's MSV project. After installing rngconv.zip, I downloaded web-app_2_4.xsd, j2ee_1_4.xsd, jsp_2_0.xsd from Sun's XML Schemas for J2EE and converted the first one for use with nxml.

One little quirk was to add in the RNC schema a definition for xsi:schemaLocation attribute to the definition of element web-app

namespace xsi = "http://www.w3.org/2001/XMLSchema-instance"
element web-app {
attribute xsi:schemaLocation { "http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" },
...
2012 update: Since Oracle bought Sun, the MSV RNG Convertor is even harder to find. I found the download link at nightly rngconv.20060319.zip. Also, in j2ee_1_4.xsd, you will need to uncomment the following statement:
xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemalocation="http://www.w3.org/2001/xml.xsd"
Download the result from Google Docs: web-app_2_4.rnc

Tuesday, May 1, 2012

Undo Google Chrome "never translate a page" setting

In Google Chrome Translate Bar, I accidentally configured the browser to never translate a foreign site I was browsing. I wanted to undo the setting, but apparently there is no UI to undo. Neither there is a UI to edit the list of sites blacklisted from translating. I had to find Google Chrome Preferences file, which in Linux is ~/.config/google-chrome/Default/Preferences. The Preferences file is apparently in JSON format. Somewhere near the bottom of the file, I found these two lines:

"translate_language_blacklist": [ "ru" ],
"translate_site_blacklist": [ "www.lemonde.fr" ],
The "translate_language_blacklist" apparently lists all languages you configured never to translate. The "translate_site_blacklist" lists all the sites you never wanted to be translated. Just delete the whole line or just the site you want to be removed from the list.

Friday, February 4, 2011

As a follow up to Remco's How to set up Tomcat logging to Syslog, I am including my own version of a class that enables Tomcat logging to Syslog. This class overrides the standard AccessLogValve and logs messages via Log4J API to category accesslog, level INFO.

To compile this class, you will need catalina.jar and servlet-api.jar in your CLASSPATH.

To configure Tomcat to use this class, edit your conf/server.xml and replace className in the access logging Valve with com.ofc.tomcat.Log4JAccessLogValve. Then, in lib/log4j.properties, configure appenders for category accesslog (property log4j.logger.accesslog)


package com.ofc.tomcat;

/**
* Redirects AccessLogValve logging to Log4J category "accesslog" level info
*
* @author Nicholas Sushkin
* @version $Revision: 1.2 $ $Date: 2011/02/04 18:45:36 $
*/
public class Log4JAccessLogValve extends org.apache.catalina.valves.AccessLogValve
{
/**
* The descriptive information about this implementation.
*/
protected static final String info1 =
"com.ofc.tomcat.Log4JAccessLogValve/1.0";

private static final org.apache.log4j.Logger log =
org.apache.log4j.LogManager.getLogger("accesslog");

@Override
public void log(String message)
{
log.info(message);
}

@Override
public String getInfo()
{
return info1;
}

@Override
protected void open()
{
}
}

Sunday, March 21, 2010

Troubleshooting tftp-proxy in OpenBSD pf

Finally figured out OpenBSD firewall configuration in which internal hosts can access TFTP servers on the internet. In OpenBSD pf firewall, you need to configure tftp-proxy. Google search returns a lot of complaints about tftp-proxy not working and not a single success story. I now believe there is a typo in the official manual.

The OpenBSD FAQ for TFTP proxy specifies the following redirect rule to redirect outgoing tftp connections to the internal tftp-proxy.

rdr pass log on $int_if proto udp from $int_if to port tftp -> 127.0.0.1 port 6969
However, according to "pfctl -g -s nat|grep tftp", my pf expands the rule above to the following.
rdr pass log on xl0 inet proto udp from 192.168.2.1 to any port = tftp -> 127.0.0.1 port 6969
It's clear that the expanded rule will will not redirect traffic coming from all of the internal hosts. The rule needs to be changed to
rdr pass log on $int_if proto udp from $int_net to any port tftp -> 127.0.0.1 port 6969
which expands to
rdr pass log on xl0 inet proto udp from 192.168.2.0/24 to any port = tftp -> 127.0.0.1 port 6969
The latter covers the whole internal network instead of just one host 192.168.2.1.

Thursday, February 25, 2010

Importing S/MIME certificate into Java

Although it is now possible to import a certificate in p12 format, into java, just any S/MIME certificate will not work to sign jars.

Thawte used to give out free S/MIME certificates and when imported into Java, those certificates could sign java code. I recently tried to import a Comodo S/MIME certificate into a Java keystore and sign a jar. While I managed to export my S/MIME certificate from Firefox in .p12 format and import .p12 keystore into a Java keystore, signing with this certificate generated a warning "The signer certificate's ExtendedKeyUsage extension doesn't allow code signing." Also, Web Start failed to validate the signed jar, generating an exception in com.sun.deploy.security.CertUtils in the following code

// Require either all of bits 5,6,7 are false or
// that at least bit 7 be true
if ((getNetscapeCertTypeBit(cert, NSCT_SSL_CA) != false ||
getNetscapeCertTypeBit(cert, NSCT_S_MIME_CA) != false ||
getNetscapeCertTypeBit(cert, NSCT_OBJECT_SIGNING_CA) != false) &&
getNetscapeCertTypeBit(cert, NSCT_OBJECT_SIGNING_CA) == false)
{
Trace.msgSecurityPrintln("trustdecider.check.basicconstraints.bitvalue");
return false;
}
To get my S/MIME certificate from Java, I used Firefox Certificate backup as p12, then the following command to find the alias of my certificate inside the .p12 keystore:
keytool -list -keystore comodo-nsushkin\@openfinance.com-exp20120930.p12 -storetype PKCS12
Once I found out the alias "nicholas sushkin's the usertrust network id #3", I imported my S/MIME private key and certificate from p12 file into my JKS keystore under alias "nsushkin" using the following command:
keytool -importkeystore -deststorepass changeit -destkeypass changeit -destkeystore java-certs.keystore -srckeystore comodo-nsushkin\@openfinance.com-exp20120930.p12 -srcstoretype PKCS12 -alias "nicholas sushkin's the usertrust network id #3" -destalias nsushkin

Saturday, November 14, 2009

Fixing broken sound in flash plugin in Slackware 13.0

I upgraded my laptop to Slackware 13.0. In general, hardware support has improved. All hardware was detected automatically by HAL and UDEV. That includes formerly problematic Synaptic touchpad, both monitors attached via DVI and VGA, and Logitech Quickcam. I only needed minor adjustments to get dual screen out of the mirroring mode.

One of the minor problems was that flash plugin in Mozilla wouldn't play sound. That was despite that my username being a member of the group "audio". It turned out that if you had more than one sound device, Flash would only output sound to the first configured device (alsa card #0). When I booted the laptop with webcam attached through USB, the snd-usb-audio module loaded before snd-hda-intel, resulting in the first configured audio device (webcam) not supporting any audio output.

The workaround would be to always boot with the webcam unplugged. However, a better solution is to hint the device loading system (udev) that the built-in intel sound device needs to be loaded first. Google found me a solution in a Slackware forum at linuxquestions.org. Add a file in /etc/modprobe.d containing the following instruction: "options snd slots=snd-hda-intel,snd-usb-audio". You can check the mapping of sound card slots to modules using "cat /proc/asound/modules"

References: Slackware, Where Alsa looks for default sound card, Synaptics Touchpad with HAL, Dual-screen with xrandr.

Thursday, November 12, 2009

Command line email with attachments

This is a perl script which can be used as a replacement for "mail" program, but supporting email attachments.


#!/usr/bin/perl -w

#****h* common/send_files
# NAME
# send_files - sends an email with multiple file attachments
# FUNCTION
# Uses sendmail to send an email with attachments. Takes message text
# from the standard input.
# PARAMETERS
# --from - From email address
# --to - To email address
# --subject - Email subject
# --file - Attach a file (use multiple times to attach multiple files)
#
# All the unprocessed options are treated as files to be attached
#
# EXAMPLE
# echo "Look here" | send_files --from from@example.com --to to@example.com \
# --subject "Files" --file /tmp/1.txt --file /tmp/2.txt
#
# echo "Specify files last" | send_files --from from@example.com --to to@example.com \
# --subject "Files" --file /tmp/*.txt
# HISTORY
# $Header: send_files.pl,v 1.6 2008/04/08 20:53:13 nsushkin Exp $
# SOURCE
#
use MIME::Lite;
use MIME::Types;
use Getopt::Long;

my ($opt_from, $opt_to, $opt_subject) = ("", "", "");
my @files = ();
my $VERSION = sprintf("%d.%03d", q$Revision: 1.6 $ =~ /(\d+)\.(\d+)/);

GetOptions("from=s" => \$opt_from,
"to=s" => \$opt_to,
"subject=s" => \$opt_subject,
"file=s" => \@files);

push @files, @ARGV;
$oldC = $/;
binmode STDIN; undef $/;
$message=<STDIN>;
$/ = $oldC;

$msg = MIME::Lite->new(
From => $opt_from,
To => $opt_to,
Subject => $opt_subject,
Type => 'TEXT',
Data => $message
);

$msg->replace(
'X-Mailer' => "send_files.pl $VERSION"
);

for $file (@files)
{
die "Not readable $file: $!" unless -r $file;
chomp (my $mimeTypeS=`file -bi "$file"`);
my MIME::Type $mimeType = MIME::Types->new->type($mimeTypeS);
chomp (my $fileName=`basename "$file"`);

$msg->attach(
Type => $mimeTypeS,
Path => $file,
Filename => $fileName,
Encoding => ($mimeType->mediaType eq 'text' ? 'quoted-printable' : 'base64')
);
}

$msg->send;
#***