ESXi: vmware workstation 10 bridged network not working

August 23rd, 2014

So You installed a virtual machine solution (of any kind, in this case VMWare WorkStation) inside a gues running on a VMWare ESX or ESXi, and using bridge netw9orking is not working for you inside the guest from the virtual host.

If you tried all the solutions on the net pertaining to host issues (firewall, vpn software, etc) there is one issue pertaining to the ESX/ESXi host itself:
– by default, the virtual NIC has promiscuous mode disabled.
Which means that traffic coming from a VM which is not of its IP will be discarded.

So, solution is to go in vsphere client, to the esxi configuration page, Networking, click on “Properties” on your desired switch, click Edit in the ports tab, then go to Security tab and set promiscuous mode to “accept”.

Enjoy.

Related posts

Delphi: Unit X was compiled with a different version of Y

May 29th, 2014

The dreaded message everybody gets every now and then.

The classic solution is:
– find all related pas and dcu files on your HDD and make sure there is only 1 copy of each.

However, sometimes this is not sufficient and that is because there is also a DCP and/or a BPL that was built with that unit somewhere on the IDE searchPath found before the one you are building. So you delete all pas/dcu, build the package and still get the error. This happens when you build a package which depends on the package in which the unit resides. And that is because when building packages, delphi will look at the DCP, not the DCUs (when the DCP is linked of course).
So basically the same problem as with the DCU.

In conclusion, the actual complete solution is to
– search and remove all affected DCUs
– make sure there is only 1 version of the PAS
– search and remove all affected BPLs and DCPs

Sometimes, you will need to close the IDE, and then when you start it again you may receive the other dreaded message: “Cannot load package”.

Now, it’s time to search for that package in the registry, specifically in the
– “Disabled Packages” key
– “Known Packages” key
– “Package Cache” key
Best is to remove it from everywhere. Then you re-install it once you manage to compile everything.

Related posts

Permanent Disposable Email Addresses to counter spam (notsharingmy.info alternatives)

May 3rd, 2014

As I’ve been writing about this topic not long ago here, I’m using for some time now the services of notsharingmy.info.
Problem is, lately it has become unreliable. Emails that I’ve been told have been sent, never arrived, others arrived with 1 or 2 days delays.
So it’s unusable now.

I spent quite some time yesterday and today to find an alternative. That is a free service, that provides permanent disposable email addresses in he form of forwarding. I couldn’t find any. Not a single one.

And since I don’t want to pay, nor do I want to use the providers interface to access my mail, I re-considered google and yahoo as possible solutions.
Now the main reason against these free and pretty reliable services is that people complain your actual account name is known (anybody can remove the “+garbe” or the “dots” and know what your real account is.

But this is the catch. You are creating another email address, specially for disposable use. You don’t use your main account (EVER) and all email that goes to that account,m via filter, can be sent directly to trash as that is pretty sure spam. After all, you didn’t give out that address to anyone.

So,. since I’m still pissed at yahoo plus their filtering sucks (as in the amount of filter you can set up), however I’m not sure if there are limitations to the disposable addresses that you can create, someone can look into it and let me know, I will talk about the gmail solution.

Now, gmail allows a maximum of 30 characters in the user name. That includes dots when you register. So you register with an account of 30 character, letters and digits.
I used keepass random password generator to generate one for myself.

Then I tested the dots. I added dot between each and every letter/digit and sent an email to that address resulting in an address with 30 characters and 29 dots, form several different email providers. It worked like a charm.

So this gives you a total of (God I hope my math is right :) please correct me if it’s not):
– 0 dot addresses: 1
– 1 dot addresses: 29 = 29! / 1! * (29-1)!
– 2 dot addresses: 29! / 2! * (29-2)! (combinations of 29 taken by 2)
– 3 dot addresses: 29! / 3! * (29-3)!
….
– 28 dot addresses: 29! / 28! * (29-28)!
– 29 dot addresses: 1

Adding those up resulting in what is described here: http://en.wikipedia.org/wiki/Binomial_coefficient#Series_involving_binomial_coefficients

so eventually we end up with a combination of 2^29-1 = 536.870.911 aliases = disposable email addresses.

I think that covers my needs pretty well.

For your more regular 8-10 character addresses, you can have about to 255-1023 dotted aliases. That should normally be sufficient. So there is no real need to go the length of a 30 character address for this purpose.

Next step is to create a catch-all filter on the base (non-dot) alias, and have those emails dealt with some how. I’ll just apply a label for now and move them out of my inbox. If and when I’ll have time and desire to deal with them, I will have them handy.
Once the system is proven to work fine, I will change this filter to “delete”.

The reason for not moving it to spam is that you may get valid email sent to spam by mistake. No spam filter is perfect.

Next step is to have some more easy way of managing these disposable aliases, not using a spreadsheet…

So I’m thinking about a GreaseMonkey script by itself or with a web-service (somewhere to store the information), a dedicated application (written in Delphi and maybe for windows and android/ios (I don’t have anything to test these though)).

My preferred way would probably be a GreaseMonkey script as then I can use the GMail API directly and without hassles. I’ll have to do some research on this.

But for now, the traditional spreadsheet it is :)

Later note: One more thing to keep in mind when settings things up:
– you need to add another email address for each dot-alias if you plan on replying to emails received by that alias. You do that by going to settings-accounts and import and “Add another email address you own”.
– make sure to uncheck the “Treat as an alias”
– make sure to select “Reply from the same address the message was sent to” the first time you set up such an alias, otherwise your main, non-dotted account will be used in replies and we really don’t want that

Related posts

SVN: import subfolder as new repository root

April 6th, 2014

I’ve done a little research and found the partial solution here: http://stackoverflow.com/questions/2337470/svn-move-single-directory-into-other-repository-with-history

Problem was that using it would error as it tries to create the subfolder.
So I dug some more and then found:
http://www.pakettiradio.net/the_ultimate_subversion_repository_splitting_guide/

Problem here was that I still had the root of the sub-folder creation attempt raising
svnadmin: File not found: transaction ‘0-1′, path

A little digging turned up:
http://www.celticwolf.com/blog/2010/05/03/subversion-svnadmin-load-error-file-not-found-transaction-0-1-path/

Which doesn’t solve anything but lit my Eureka bulb: there is no sense in creating an empty root folder. It already exists. So What I did was to delete it’s creation from the fixed dump file which was looking like this notice empty Node-path and action “add”):

Node-path:
Node-action: add
Node-kind: dir
Prop-content-length: 10
Content-length: 10

PROPS-END

Not to be confused with other empty Node-path which actually set properties!!!

Now remains only 1 problem: I also want the user to be changed. This is a problem because in the dump, the username is preceded by a line starting with V followed by a number. This number is the length of the username.

There are some interesting solutions here: http://stackoverflow.com/questions/1195339/is-there-a-way-to-change-a-svn-users-username-through-the-entire-repository-hist

However, I am trying to keep my server yum-compatible, and svndumptool is in no public yum repo, to my searching today.
My solution involves a multiline SED. Relevant articles are
http://www.refining-linux.org/archives/27/20-Multi-line-sed-search-and-replace/
and
http://stackoverflow.com/questions/4510813/sed-regular-expression-over-multiple-lines

As I have multiple subfolders to be split up into new repositories, I’ve created a script to do the job, including setting up an apache vhost for each.

The relevant part of the script looks like this:

1
2
3
4
5
6
svndumpfilter include $grp/$usr --drop-empty-revs --renumber-revs  < $repo_dump > $repo_dump.$usr
sed -e "s/Node-path: $grp\/$usr/Node-path: /" < $repo_dump.$usr >$repo_dump.$usr.fixed1
sed -e "s/Node-copyfrom-path: $grp\/$usr/Node-copyfrom-path: /" < $repo_dump.$usr.fixed1 >$repo_dump.$usr.fixed2
sed -e "/Node-path: /{ N; N; N; N; N; N; s/Node-path: \nNode-action: add\nNode-kind: dir\nProp-content-length: 10\nContent-length: 10\n\nPROPS-END//}" < $repo_dump.$usr.fixed2 >$repo_dump.$usr.fixed3
sed -e "/svn:author/{ N; N; s/svn:author\n.*\n$svn_usr_from/svn:author\nV $svn_usr_len\n$svn_usr_to/}" < $repo_dump.$usr.fixed3 >$repo_dump.$usr.fixed4
svnadmin load $repo_dir/$cust_group/$cust_customer --ignore-uuid < $repo_dump.$usr.fixed4

Related posts

VMWare ESXi – VM is gray when adding new hardware

March 26th, 2014

VMWare ESXi 5.0 U1

It happened to me that I created a new VM, then copied over a template VMDK but forgot to add it. When I started the VM it complained of no OS, so I edited the config and added the HDD.
Right after this operation, the VM became gray and was no longer manageable.
I removed it from inventory, then added it back again and now it was showing properly as powered on.
I powered it off, then on again.

Now, the VM kept showing a text cursor “dancing” on the screen like crazy.
I powered it off, removed the HDD, then added it back and powered it on.

Now, it’s usable.

Related posts

One of the ways spam gets onto your email “legally”

March 10th, 2014

So we all know the pitfalls of using your email address in the wrong places.

Some of us also know about using your email in the right places and still getting spam.

That is why there are services such as http://notsharingmy.info
It’s not the best of services, but it is free and does it right for me so I stopped looking. If anybody knows of a better alternative, please comment.

Now onto the point: I registered on alibaba.com as a means of getting some stuff to import.
Begin a chinese site, I don’t trust them so I used an alias from above mentioned service.
exactly 3 weeks later my inbox was starting to fill in with spam/junk email from various suppliers broadcasting their offers for everything but what I was looking for.
So I cancelled forwarding and made a new alias and registered that one. Hopefully, it will last at least another 3 weeks.

It sucks, but what can one do?

Related posts

The major pitfall when you manage (start, stop, etc) remote service in Windows XP

January 29th, 2014

I literally spent almost 2 hours googling around for this issue.

“error 5: access denied”

No matter if I use sc.exe, the mmc snapin, sysinternals tools, etc. I get the same error. And it took me this much to find this gem referenced on some forum/whatever:

https://groups.google.com/forum/#!msg/microsoft.public.scripting.wsh/r0GXUNHlVBs/YormuJCEOtwJ

So the problem with WinXP Pro, by default, when in a WORKGROUP is that it’s FORCE GUEST on.
That means that every user connecting to it’s services, is authenticated as guest. And guest has no business managing services.

Now people say that there is no solution for this in WinXP Home and for WinXP Pro one should edit the local policies or registry as explained in that article above.

However, but I cannot verify on WinXp HOME, I believe that by putting the Guest user in the administrators account you should be able to get the same effect. This is working (tested) on WinXP PRO !!!
Of course, the implications of such a bold move must be carefully weighed because there are a lot of assumptions made in the system about the Guest account and a lot of things will be affected, but taken the security issue aside, this is COOL :)

Ok, so there you go, covering both pro and home editions. Use it at your own risk.

Related posts

The traps of buying online hardware from other countries

January 22nd, 2014

So I bought a StarTech 1 port PCI Express eSATA II Controller Card to use in my ESXi to passthrough to my fileserver and connect an internal HDD to it.
Everything is nice, the card works fine in windows but not in linux (which my file server is). I get
FATAL: Error inserting si3531r5 (/lib/modules/2.6.32-358.11.1.el6.x86_64/kernel/drivers/scsi/si3531r5.ko): Invalid module format
and dmesg shows:

si3531r5: version magic '2.6.9-22.ELsmp SMP gcc-3.4' should be '2.6.32-358.11.1.el6.x86_64 SMP mod_unload modversions '

This is as expected since my kernel grew/matured over the years unlike their drivers.
So I go about contacting their support, asking for code or updated drivers. They route me to silicon image for this issue because

Unfortunately when it comes to the source code for these cards, that code is owned by Silicon Image and if we had the source code ourselves, we would still most likely not be at liberty to hand it out. We supply the driver on the website which is designed for getting this card installed and working in most environments.

now, that’s silly, since in the linux world, kernels get new versions all the time so it’s pretty much impossible to keep a system outdated for 4-5 years just so an expansion card can be used in it. It’s just stupid.

So I go to silicon image site, and check for drivers. What do you know:

End-Users: Silicon Image does NOT support End-Users directly. Silicon Image designs and develops chips for manufacturers. These manufacturers develop their own drivers, firmware and software for their boards. Silicon Image does not have information or access to the Drivers, Software or boards that these manufacturers create and sell. We typically assist these manufacturers when they have problems with our chips. End-Users should contact product manufacturer of the board for technical support.

In RED.

Call me stupid, but startech support appears to be living on another planet. They tell me to return the card. Right. Overseas?

Related posts

Troubleshooting NFS

January 6th, 2014

Every now and then I have issues with my NFS setup, server-side or client-side. And since I don’t usually handle NFS all that often, I always forget how to solve it and end up wasting a ton of time debugging and searching and stuff.

SO I finally, seconds before posting a long question on serverfault.com, managed to pin it down once again.

So, long story short:
– pretty much most of the problems regarding NFS come from firewall: server-side, client-side and/or router-side. So make sure to disable them all and see if that works. If it does, I’ll explain later how to make it work with your firewall enabled as well
– then, there are NFS server and NFS client configuration issues. There are plenty of how-tos out there for this

So how to troubleshoot a firewall/iptables issue? The most common flag for this problem is “connection timeout”. If you get it, it’s most likely a firewall/routing issue.

What I just did now, in my case, is to set up my firewall rules such a way that all drops are going to a special “mydrop” target, in which I drop everything.
Then, I have some scripts made which cancels, restores and enables logging in the firewall.
The logging script will cancel the firewall, then restore it (this cleans up stuff) then it adds logging like:

iptables -I mydrop -m limit --limit 2/sec -j LOG --log-prefix "IPTables-dropped: " --log-level 4 --log-tcp-options --log-ip-options

then, in another console, I do

tail -f /var/log/messages

and in the first one I start the mount/showmount/rpcinfo commands and check the tail log to see what packets are being dropped.
Then I make rules for those packets.

Now, in my personal case, I set up my NFS server to have static/dedicated ports (there are how-tos out there on how to do it, I won’t go over them here).
So, on a tight firewalled linux machine, the iptables rules for NFS client would look like this

# nfs client
-A services -s 192.168.1.4 -p tcp --sport 111 -j ACCEPT
-A services -s 192.168.1.4 -p tcp --sport 892 -j ACCEPT
-A services -s 192.168.1.4 -p tcp --sport 2049 -j ACCEPT
-A services -s 127.0.0.1 -d 127.0.0.1 -p udp --dport 111 -j ACCEPT
-A services -s 127.0.0.1 -d 127.0.0.1 -p udp --sport 111 -j ACCEPT

“services” in this context is a dedicated target for my used services (usually server/daemon stuff, but also client stuff when needed, like this scenario).
Note: 192.168.1.4 is my NFS server.

Then, on server side I have this
# nfs server
-A services -s 192.168.1.0/24 -m state --state NEW -p udp --dport 111 -j ACCEPT
-A services -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 111 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 32803 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -m state --state NEW -p udp --dport 32769 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 892 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -m state --state NEW -p udp --dport 892 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 875 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -m state --state NEW -p udp --dport 875 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 662 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -m state --state NEW -p udp --dport 662 -j ACCEPT

the rules with INPUT I have copied from another blog/site, which I can’t recall now. At the time I get these, I didn’t think about the logging idea I just wrote about, and I don’t want to kill all my machines to test it so I can figure out exactly what rules to put there.

Anyway, I hope this logging idea will help someone save some hours.

Related posts

Experts-Exchange: going at it, again

January 4th, 2014

As mentioned earlier, I’ve got congratulated on becoming a designated expert on 2 sections: http://blog.ciuly.com/?p=817
Today, they did it again. For the same 2 sections :)

time for another email to their support (the first time I didn’t mail them, I was hoping it was a one time slip).

Related posts