Educating the world

Our blog has over 10,000 readers a month

Firefox doesn't install UK English for British installations by default

September 10th, 2012

If you download Firefox from the main download page, the site doesn’t detect that you are British. You get the standard American download. The result of this is that web sites detect your locale from your browser then layout internationalised content using this detection.

When we started using CIPHR we found that everyone using Firefox was being shown their dates in the wrong (American) order.

Firefox by default installs the languages English (en) and English U.S. (en-us) but not English GB (en-gb).

  1. So from within the menu in Firefox, select Tools -> Options -> Content Tab.
  2. From the Languages section select Choose.
  3. From the Select a language to add drop down select English/United Kingdom [en-gb].
  4. Click Add.
  5. Use the Move Up / Move Down to position en-gb at the top of the preferences.
  6. Click OK to finish.

You may have to refresh the page but you shouldn’t have to restart Firefox.

Alternatively you could download the British version of Firefox. When you navigate to http://www.mozilla.org it forwards you to http://www.mozilla.org/en-US/. Unfortunately there isn’t a http://www.mozilla.org/en-GB/ so you’ll have to click the Systems & Languages link under the download button. Scroll down to the line English (British) and click the Download link from there and follow the same procedure as before.

Cisco ASDM 5.2 for ASA ClassCastException X509TrustManagerImpl to X509ExtendedTrustManager

August 31st, 2012

I hadn’t used my Cisco ASDM 5.2 for ASA for a while and when I needed to add a couple of extra users to the VPN it didn’t work.
Everything seemed to load in ok but when I tried to submit my login credentials it hung. I loaded the Java console and got the following exception when I tried to authenticate.

Using JRE version 1.7.0_05 Java HotSpot(TM) Client VM
User home directory = C:\Users\mrn
----------------------------------------------------
c:   clear console window
f:   finalize objects on finalization queue
g:   garbage collect
h:   display this help message
m:   print memory usage
q:   hide console
s:   dump system properties
----------------------------------------------------
ASDM Application Logging Started at Wed Aug 29 12:46:43 BST 2012
---------------------------------------------
Local DM Launcher Version = 1.5.20
Local DM Launcher Version Display = 1.5(20)
OK button clicked
Cache location = C:/Users/mrn/.asdm/cache
Exception in thread "AWT-EventQueue-0" java.lang.ClassCastException:
  sun.security.ssl.X509TrustManagerImpl cannot be cast to
  com.sun.net.ssl.internal.ssl.X509ExtendedTrustManager
	at com.sun.deploy.security.X509ExtendedDeployTrustManager.(Unknown Source)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
	at java.lang.reflect.Constructor.newInstance(Unknown Source)
	at java.lang.Class.newInstance0(Unknown Source)
	at java.lang.Class.newInstance(Unknown Source)
	at com.cisco.launcher.w.a(Unknown Source)
	at com.cisco.launcher.s.actionPerformed(Unknown Source)
	at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
	at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
	at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
	at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
	at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source)
	at java.awt.Component.processMouseEvent(Unknown Source)
	at javax.swing.JComponent.processMouseEvent(Unknown Source)
	at java.awt.Component.processEvent(Unknown Source)
	at java.awt.Container.processEvent(Unknown Source)
	at java.awt.Component.dispatchEventImpl(Unknown Source)
	at java.awt.Container.dispatchEventImpl(Unknown Source)
	at java.awt.Component.dispatchEvent(Unknown Source)
	at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
	at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
	at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
	at java.awt.Container.dispatchEventImpl(Unknown Source)
	at java.awt.Window.dispatchEventImpl(Unknown Source)
	at java.awt.Component.dispatchEvent(Unknown Source)
	at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
	at java.awt.EventQueue.access$000(Unknown Source)
	at java.awt.EventQueue$3.run(Unknown Source)
	at java.awt.EventQueue$3.run(Unknown Source)
	at java.security.AccessController.doPrivileged(Native Method)
	at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
	at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
	at java.awt.EventQueue$4.run(Unknown Source)
	at java.awt.EventQueue$4.run(Unknown Source)
	at java.security.AccessController.doPrivileged(Native Method)
	at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
	at java.awt.EventQueue.dispatchEvent(Unknown Source)
	at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
	at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
	at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
	at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
	at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
	at java.awt.EventDispatchThread.run(Unknown Source)

The problem is caused by Cisco ASDM 5.2 requiring Java 6. In spite of having Java 6 and 7 installed, the Cisco software doesn’t know the difference and just accepts the first installation as being the only installation. Version 7 comes first and so the Cisco software tries to use it.

Sun have a couple of internal classes that only sun are supposed to use because they might change without warning. Low and behold they did! X509TrustManagerImpl no longer has the same interface as X509ExtendedTrustManager and so we get a ClassCastException.

In order to work around the problem we must launch the Cisco ASDM 5.2 from an environment where it only knows about Java 6.

Create a file called asdm-launcher.bat and place it into C:\Program Files (x86)\Cisco Systems\ASDM. Use your favourite text editor and add the following to the file:

cd C:\Program Files (x86)\Cisco Systems\ASDM

“C:\Program Files\Java\jre6\bin\javaw.exe” -Xms64m -Xmx512m -Dsun.swing.enableImprovedDragGesture=true -classpath lzma.jar;jploader.jar;asdm-launcher.jar;retroweaver-rt-2.0.jar com.cisco.launcher.Launcher

When the batch file has been saved:

  1. Create a shortcut on the desktop (or wherever) to use it. To make it more similar to the old shortcut you can change the icon used.

  2. Right-click on the shortcut and select Properties then Change Icon.
  3. Click Browse
  4. Enter "C:\Program Files (x86)\Cisco Systems\ASDM\asdm-launcher.exe" and hit return.
  5. Select the icon you would like and press OK.

There is a file called "C:\Program Files (x86)\Cisco Systems\ASDM\asdm-launcher.conf" which contains instructions to launch the Java Virtual Machine (JVM) with certain parameters but I couldn’t get it to pick up a different version of Java. So if anyone knows what goes into that file so that we don’t need a hacked up batch file then let us know in the comments.

I blog things that take ages to find on the interweb but here’s the source of my final solution:
[ https://supportforums.cisco.com/thread/2099390 ]

Special Characters in HTML

August 16th, 2012

I always need to remember the special HTML entity codes for characters. Many blogging applications re-render the characters to make them more readable but when you want to cut and paste the text it’s all wrong. The best example of this is double quotes. If I write

echo "hello world"

into the article body, after rendering it comes out as:

echo “hello world”

This is fine for standard text but if you are writing computer code it’s useless. Try cutting and pasting the above 2 examples into a unix command shell. You will get

hello world

into the article body it actually comes out as

“hello world”

respectively.

There are thousands of web sites where they publish what all these codes are and most of them are a bit rubbish. I came across this on Steve DeGraeve’s site which is one of the better ones. I thought I’d blog it so I don’t lose it in the melee of similar pages returned by Google’s search.

http://www.degraeve.com/reference/specialcharacters.php

Logging into a unix box without a password

August 10th, 2012

From time to time I need to allow one user to log into another machine without being prompted for a password. This is extremely useful for anything that is automated for example doing the nightly backup which copies files across the network or running commands on the other machines. ssh is the program that allows one to login over and encrypted channel but it doesn’t allow you to specify the password on the command line as it would be a huge security risk.

We are going to set up a relationship between 2 computers using a public/private pass key. For the example below we’ll use 2 machines called william and catherine.

  1. Ensure you have OpenSSH installed:

    yum install openssh

  2. Open a command line session on william.
  3. To make life a little easier for ourselves login to catherine using ssh, accept the key fingerprint and then exit straight away.

    [root@william ~]# ssh root@catherine
    The authenticity of host 'catherine (10.0.0.69)' can't be established.
    RSA key fingerprint is 3b:4f:1f:cb:44:56:9b:7f:96:a6:6a:c2:d6:bc:a6:df.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added 'catherine' (RSA) to the list of known hosts.
    root@catherine 's password:
    Last login: Thu Aug  9 16:18:35 2012 from catherine
    [root@catherine ~]# exit
    logout
    Connection to catherine closed.
    [root@william ~]#

    This will set up the ~/.ssh folder with the correct permissions and also will create a file in there called known_hosts. This file contains the key fingerprints for catherine. If we talk to other hosts later, then they will get added here too.
    Do the same from catherine to make sure all the folders are set up correctly on that side too.

  4. Generate a public and private key pair and save them to william.pub and william respectively.

    ssh-keygen -t dsa -f william -N ""

    giving the result:

    Generating public/private dsa key pair.
    Your identification has been saved in william.
    Your public key has been saved in william.pub.
    The key fingerprint is:
    48:2f:e6:bf:02:7e:2e:d2:b0:9a:1f:c6:7f:99:92:93 root@william
    
    The key's randomart image is:
    +--[ DSA 1024]----+
    |                 |
    |         .       |
    |        o +      |
    |       . =       |
    |        S .      |
    |     o. .  .     |
    |   o  == .  .    |
    |  E  *o.o +  .   |
    |   o*o...o o.    |
    +-----------------+
    

    Note: The -N option allows you to specify a passphrase. If you do then each time you need to use the public key you’ll have to enter the passphrase in order to decrypt it for use. Using an extra passphrase here will mean we won’t be able to make it automatic and our dreams of automating our backups will be gone :(

  5. Now that we have the keys for william we’ll transfer the public key over to catherine.

    scp william.pub root@catherine:~/.ssh/

    when william.pub arrives on catherine it’ll look something like:

    ssh-dss AAAAB3N……f1Jew== root@william

    make sure that the last part (root@william) is accessible i.e. can you ping william from catherine. If you can’t then you can edit the william.pub file and change it to root@10.0.0.1 where 10.0.0.1 is the IP address or name of william.

  6. catherine must have a file containing all the public keys that it is authorised to use. This file is called ~root/.ssh/authorized_keys so add william.pub to the end of it.

    cat william.pub >> authorized_keys

    or if you have lots to do:

    cat *.pub > authorized_keys

  7. Now you can log into catherine from william without entering a password, you just need to specify your local private key identity file:

    ssh -i william root@catherine

    If you don’t want to specify the local private file on the command line all the time you can rename william to the default name of id_dsa:

    mv william id_dsa

    then try to login:

    ssh root@cathrine

Here’s a tip if you are using virtual machines. If you set it all up so that you can log into yourself. Then make a clone. Both machines will have the same keys. They will be able to log into each other because, due to the same public and private keys, they think they are logging into themselves.

This is excellent if you are creating lots of clones for test or development environments because they can all log into each other without passwords without any extra work from you.

The 5 Stages of Love

July 19th, 2012

From the series Quantum Leap season 3 episode A Hunting Will We Go, first aired on 18 June 1976. Good old ITV4 is rerunning them early weekday evenings.

Sam leaps into a bounty hunter who is handcuffed to a female fugitive with a bounty on her head, who’ll do anything to get away. During the episode Al is explaining how he knows that Sam is falling in love with the fugitive played by Jane Sibbett (who you’ll probably recognise from something).

It’s a textbook example of love and you are in the first stage. There are five stages of love. The first is denial, then the second is sex, then there’s acceptance, then there’s divorce …and then more sex, if you’re lucky.