Gray font, web accessibility and rude comments.

A few days ago I received an extremely rude comment.  It was alluding to the choice of font color that I've selected to display code snippets on this blog.  While trying to understand how I offended the poster, I realized that under some circumstances low contrast fonts can be extremely difficult to read.  Interestingly apart from the rant, the poster's comment's only clear indication of the problem were the following three words: "... using gray font!!!"

I initially chose dark gray font as a way to  differentiate between this blog's text and code snippets, or text as part of a file.  I did a bit of research after reading his/her post, and found that low contrast fonts are not conducive to creating an accessible or easily readable website.  NOTE: I did check the hexadecimal codes of the background and foregrounds against an WCAG 2.0 colour testing site, and found the the following:

My code foreground colour was gray #666666
The background colour is white #FFFFFF

The test was performed at:
http://webaim.org/resources/contrastchecker/

The results from the test are as shown in the following screenshot:

Armed with this new knowledge, I will strive to write future posts in a more accessible format, while retaining the differentiation between plain text and code or configuration files.  If I have the time, I will endeavor to update my previous posts to this format, though I will not make any promise as to when that might happen or even whether I do it at all.

If anyone has  suggestions in terms of font size, style or anything else to help me achieve this goal, I would appreciate any comment.

I will not apologize to the individual who left the incredibly rude remark on this site if he or she was offended, but I will thank him or her for raising my attention to a potential problem.  After all, that is the point of this blog:  Finding solutions to problems.

A note on comments:  I appreciate all comments, and I don't mind some level of rudeness, but seriously there are limits... For those of you who are very passionate and quick to anger, tone it down just a bit.  I would hate to delete comments that may be valid, simply due to a seriously wrong remark.


Cheers!

Bulk update passwords

Shell script to update passwords for multiple users all at once.

Create a file with the list of account user names:

$ vim names.txt

user1
user2
user3

Create a script which will go through each username and execute the password update:

$ vim userupdate.sh

#!/bin/bash

for i in `cat names.txt`
do
  echo $i
  # set password to 123 for each user
  echo $i"123" | passwd –-stdin "$i"
  # for reset password at first login
  chage -d 0 $i
done

Run the script:

$ chmod +x userupdate.sh

$ sudo userupdate.sh

This script was partially inspired by a how-to-forge article.

Checking file signature on Windows

The sysinternals suite provides the sigcheck.exe tool which is useful to verify the integrity of a file:

https://technet.microsoft.com/en-us/sysinternals/bb897441.aspx

Recently I had a strange issue on my Windows 10 tablet.   The Windows firewall asked me whether I trusted wuapihost.exe to communicate out on my private or public network.  This is an odd issue and is most likely a bug.  Information online is currently not very helpful.

The best thing I could do is simply verify the integrity and signature of the file by using sigcheck.exe

I used it to check both the MD5 hash and the certificate signature.  The tool also offers an option to have it uploaded and checked by "www.virustotal.com"; a subsidiary of Google.

The results of the tool:

c:\windows\system32\wuapihost.exe:
        Verified:       Signed
        Signing date:   2:11 AM 2015-07-10
        Publisher:      Microsoft Windows
        Description:    wuapihost
        Product:        Microsoft« Windows« Operating System
        Prod version:   10.0.10240.16384
        File version:   10.0.10240.16384 (th1.150709-1700)
        MachineType:    32-bit
        MD5:    7B8DF67BCA2EC042ED8B71F5226B51EE
        SHA1:   CEA9E6219086343472D050934CBAF21558DF67B5
        PESHA1: 2B5B80E0E70118E9AD667314CB7FBFD638A340AF
        PE256:  7E7B9738DE54A65D7DD09CB97F51394381BFA1334CE01A774BBC73528A765300
        SHA256: 001FF7CD1D524636F936814B9154C27971723C8B3F652CC3E03BD09BA4B21AA9
        IMP:    50A7A0582886E9AB08BEF947D1B09ADA

Authentication is required to create a color managed device kde vnc group

This is the message I get everytime I need to resize the screen with VNC using KDE / Plasma 5.

A bug report has been filed by someone else with Redhat in regards to this issue:

https://bugzilla.redhat.com/show_bug.cgi?id=1149893

And Orion Poplawski posted a workaround which consists of:

"

You can place a .rules file in /etc/polkit-1/rules.d

I'm doing in 02-allow-colord.rules:

polkit.addRule(function(action, subject) {
   if ((action.id == "org.freedesktop.color-manager.create-device" ||
        action.id == "org.freedesktop.color-manager.create-profile" ||
        action.id == "org.freedesktop.color-manager.delete-device" ||
        action.id == "org.freedesktop.color-manager.delete-profile" ||
        action.id == "org.freedesktop.color-manager.modify-device" ||
        action.id == "org.freedesktop.color-manager.modify-profile") &&
       subject.isInGroup("nwra")) {
      return polkit.Result.YES;
   }
});
"

RedHat Software Collections - Directory Structure

In order to prevent non-standard Software Collection packages from interfering with standard ones, RedHat came up with a special directory structure to separate each packages into its own little world.

Here is an example of what the directory tree looks like for MySQL 5.5 from SC2:

(note: "tree" won't provide a clear view of only the directories that I want to show, so I had to put the pieces together)

/opt
└── rh
    └── mysql55
        └── root
            ├── bin
            ├── boot
            ├── dev
            ├── etc
            ├── home
            ├── lib
            ├── lib64
            ├── media
            ├── mnt
            ├── opt
            ├── proc
            ├── root
            ├── sbin
            ├── selinux
            ├── srv
            ├── sys
            ├── tmp
            ├── usr
            └── var
                ├── cache
                ├── db
                ├── empty
                ├── games
                ├── lib
                │   ├── games
                │   ├── misc
                │   └── mysql
                ├── local
                ├── lock
                │   └── subsys
                ├── log
                ├── mail -> spool/mail
                ├── nis
                ├── opt
                ├── preserve
                ├── run
                │   └── mysqld
                ├── spool
                │   ├── lpd
                │   └── mail
                ├── tmp
                └── yp

The service names are also somewhat different, with a very precise convention, making it easy to differ between installed versions:

/etc/rc.d/init.d/mysql55-mysqld

Note how the first portion of the service name specifies the name and version of the package.

======

For details on RH and Community Software Collections, visit the documentation at:

https://www.softwarecollections.org/en/docs/

KDE Plasma 5 launchers not working in Gnome 3

Today I discovered that manually created KDE launchers (.desktop files in $HOME/.local/share/applications/) are not wholly compatible with Gnome 3.

I won't go into details, but instead will point you to this bug report: https://bugs.kde.org/show_bug.cgi?id=321152

I'm mainly interested in ensuring this work on my system as I regularly switch back and forth between KDE 5 and Gnome 3 (don't ask me why, we all have our oddities), and I need to ensure that Launcher icons are available under both desktop environments.

When creating entries with KDE Menu Editor, you will find that these files look somewhat similar to the example below, which I created to launch JMETER:

[Desktop Entry]
Comment=
Exec=java -jar /home/<...>/<...>/apache-jmeter-2.10/bin/ApacheJMeter.jar
Icon=applications-utilities
Icon=office-chart-line-percentage
Name=JMETER
NoDisplay=false
Path[$e]=
StartupNotify=true
Terminal=0
TerminalOptions=
Type=Application
X-KDE-SubstituteUID=false
X-KDE-Username=

The highlighted line, Path[$e]=... is actually the cause of Gnome not displaying the launcher in it's menu. 

Simply adding a pound comment (#) symbol in front of it will allow Gnome to ignore that line and the launcher will function.

 ...
#Path[$e]=
 ...

When you have several such entries, it is easier to use SED in conjunction with FIND to edit all of them at once.

1	find . -type f -exec sed -i 's/Path\[/#Path\[/g' {} \;

It's not the most elegant solution... but it works... sort of... 

Block Access to Files by IP using X-Forwarded-For - part 2

In my previous post, I explained how to block access by using X-Forwarded-For.  While this works very well in many cases, there are situations where it doesn't do as good a job.

I had a need to block access to multiple VirtualHost entries to a group of IP addresses, and found that it could be achieved using rewrite rules.

Here is an example:

1 2 3 4

RewriteEngine On RewriteCond %{HTTP:X-Forwarded-For} ^10.10.10.11$ [OR] RewriteCond %{HTTP:X-Forwarded-For} ^10.10.10.12$ RewriteRule .* - [F]

A range can be defined:

1 2 3

RewriteEngine On RewriteCond %{HTTP:X-Forwarded-For} ^10.10.$ RewriteRule .* - [F]

Etc...

--

This code went into a file I named /etc/httpd/conf/block.conf (CentOS specific location)

The file was then included into each and every VirtualHost entry, for example:

1 2 3 4 5 6 7 8 9 10 11

<virtualhost *:80> include /etc/httpd/conf/block.conf ServerName www.mysite1.com DocumentRoot /var/www/html/http/mysite1 </virtualhost> <virtualhost *:80> include /etc/httpd/conf/block.conf ServerName www.mysite2.com DocumentRoot /var/www/html/http/mysite2 </virtualhost>

Etc...

Apache - Block PHP

Reminder note: Blocking PHP from executing in a directory

    php_flag engine off

CentOS 7 installer resolution on VMWare

It's difficult to use all of the features of CentOS with the default resolution that you get when it boots up in a VMWare console:



As you can see from the above image, the manual partition screen has features which are not displayed and no scroll bars are available either; some of the critical buttons are out of reach.

Here is a simple solution:

When you get to the following screen, make sure you select "Install CentOS 7", but instead of hitting the <enter> key, hit <tab> instead to edit the startup options:





Simply add the VGA code for the resolution you want to use to the end of the line.  I find that vga=773 works very well.  For various vga codes, see http://impactcore.blogspot.ca/2011/03/linux-screen-resolution-set-at-boot.html

That should increase your console's video size to 1024x768 at 8bit.