Staples.ca Doesn’t Care About Your Security

August 29, 2011 / posted in "It's a Feature", Makes Sense / No Comments

I went to make a purchase at Staples.ca today, however I quickly discovered I had forgotten my password. “No big deal,” I said to myself, “I’ll just use their forgotten password feature.” I entered my email address and, sure enough, a few minutes later had a new message. Opening it, my jaw dropped as I read through the message:

From: bd.Support@orders.staples.com [mailto:bd.Support@orders.staples.com]
Sent: Monday, August 29, 2011 3:32 PM
To: ***REDACTED***
Subject: Your Staples.ca password

Hello,

Your login password is: ***REDACTED***

We look forward to receiving your next order.

Thank You - Staples.ca Customer Service Team.

WTF? So, Staples is storing plain-text passwords in their database. Fantastic. Didn’t they learn anything from Sony?

I’ve fired off an email to their support people, and will post any replies they send.

UPDATE: That was fast! Here’s their reply.

We appreciate your inquiry concerning this issue ***,

Staples maintains reasonable and appropriate standards to safeguard your
Personal Information.

When you enter Personal Information that contains a Social Security
Number, driver’s license number, or credit or debit card number at the
designated and secured sections of our Website, the information will be
encrypted or encoded before it is sent over the Internet. Personal
Information that we collect and maintain is subject to physical,
administrative and technical controls that are consistent with
recognized industry standards.

Please do not hesitate to contact us if you require further assistance.

Joan, E-commerce Communication Specialist

e-mail: bd.support@orders.staples.com
phone : 1-877-360-8500
fax : 1-800-567-2260
url : www.staples.ca/contactus

They completely missed the point of the email. I sent them another reply, this time with a helpful link to the Ars Technica article linked above and a basic explanation of SQL Injection/best practices. Hoping for a more reasonable reply later.

Further Edit: After re-reading the email, it sounds like they’re confusing SSL with hashing/storage encryption. Blargh.

Sage ACCPAC 5.5: Crystal Reports Blues

August 9, 2011 / posted in Makes Sense, Software, Troubleshooting / No Comments

Our accountant’s computer has been dog slow for the last six or so months, so after going through the lengthy process of spec’ing a new system and getting the purchase approved, I was finally able to get her a replacement. The new system, with massive amount of RAM and a screaming processor (with a nice SSD to top things off) truly is a thing of beauty, however we ended up running in to a rather large problem.

Because the new system runs Windows 7 x64, we had to upgrade our slightly-old copy of Pervasive SQL 10 to Service Pack 3. Although this seemed to work fine with ACCPAC initially, we quickly discovered all was not well.

Case in point, when trying to print an invoice with a custom Crystal Reports template, ACCPAC would simply throw the following error:

not enough memory for operation

Searching Google got me nowhere. The few references to that error and printing only spoke of issues with Terminal Server environments, and none of the suggested steps worked. After a few hours of fighting, though, I had the bright idea to try using one of the stock invoice templates.

Go figure, it worked.

As it turns out, the CR templates we were using dated back at least six years, and had been created with a copy of Crystal Reports 7 (dating from 1999!). So, we downloaded a trial copy of Crystal Reports 2011, re-saved the templates, and the memory error disappeared without a trace. There were a few issues with the templates (some fields refused to populate), but some manual adjustments (read: copy and pasting sections for the working stock ACCPAC templates) solved that as well.

TL;DR Version: If you get the above memory error when trying to print from ACCPAC using custom Crystal Reports templates, try re-saving them with a newer version of CR. Apparently that’s all it takes.

Short: Sticky Group Policies That Just Won’t Leave You Alone

July 7, 2011 / posted in "It's a Feature", Makes Sense, Microsoft, Short, Windows / No Comments

The other day I was testing a Group Policy Object (GPO) on a system and resides in an isolated Organizational Unit (OU) with Block Inheritance set. After I finished testing, I applied the GPO to the production OUs and promptly forgot about it.

Fast forward to today. I was messing around on that system and discovered that I left that one particular GPO in place. I fired up the Group Policy Management tool and removed the link to that GPO, did a gpupdate /force on that system, rebooted and went about my business. A few minutes later, I discovered that GPO was still in effect. I double-checked that the GPO wasn’t linked to that OU anymore, and that inheritance was still blocked, and did another gpupdate /force, but to no avail. A quick check of HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\History showed that yes, the GPO was still being applied.

I did a little head scratching, and then found the answer. As it turns out, after linking the GPO to the other production OUs, I selected the ‘Enforce’ option. By doing that, even after unlinking a GPO from an OU it will continue to be applied. I simply disabled the ‘Enforce’ option, ran yet another gpupdate /force, and all was well.

TL;DR Version: If you unlink a GPO from an OU, update the system, and the GPO is still being applied, disable the ‘Enforce’ option on that policy and do another gpupdate.

IPv6 over an IPv4 Tunnel on a Dlink DIR-825 Rev. B

June 27, 2011 / posted in howto, Microsoft, Networking / 1 Comment

Although I missed World IPv6 Day, I was bored the other night and decided to finally setup an IPv6 tunnel. To do this, I registered a free account with Hurricane Electric’s Tunnel Broker. The process was a breeze and in no time I had a regular tunnel created. From there, it was all up to the Dlink router.

A few notes:

  1. Make sure you have the latest firmware for your DIR-825 Rev. B. At the time of writing, it’s version 2.05(NA).
  2. You will need to enable “WAN Ping Respond” – this can be found under Advanced -> Advanced Network. You can safely disable this after you finish complete the process and your tunnel is working. This is needed so that Tunnel Broker (TB, from here on out) can confirm your public-facing IP address and link it to your tunnel.

So, that out of the way, once Tunnel Broker has confirmed your tunnel is available, login to your router and do the following:

  1. Under the main Setup tab, click IPv6.
  2. Click the Manual IPv6 Internet Connection Setup button. Do not use the wizard.
  3. For the IPv6 CONNECTION TYPE, choose IPv6 in IPv4 Tunnel.
  4. In the Remote IPv4 Address box, enter the Server IPv4 Address provided by TB.
  5. In the Remote IPv6 Address box, enter the Server IPv6 Address provided by TB.
  6. The Local IPv6 Address is the Client IPv6 Address from TB.
  7. Under the IPv6 DNS SETTINGS heading, choose Use the following IPv6 DNS servers and enter the Anycasted IPv6 Caching Nameserver provided by TB in the Primary IPv6 DNS Server box (TB did not provide me with a secondary DNS address).
  8. Finally, uncheck Enable DHCP-PD under the LAN IPv6 ADDRESS SETTINGS heading.
  9. Leave the settings under the ADDRESS AUTOCONFIGURATION SETTINGS heading as their defaults.
  10. Click the Save Settings button at the top of the page and let the router do it’s thing. It will take some time to ‘measure the internet connection’ – this is normal.

You’re almost done. At this point, if you go to the Status tab and choose IPv6 from the options down the left side of the page, you should see the TB information you entered, and Network Status should say Connected.

The rest of the work depends on your operating system. I use Windows 7 on my main PC, which natively supports IPv6 (as does OS X and most *nix distros). As IPv6 is enabled by default, I simply had to open an Elevated Command Prompt and type:

ipconfig /release

ipconfig /renew

After it finished thinking, ipconfig spat out the new network configuration which included the correct IPv4 and IPv6 addresses. I opened Firefox and browsed to http://ipv6.google.com – success! Everything works! You can also confirm that IPv6 is working by using the nslookup tool from a command prompt like so:

C:\Users\Laslow>nslookup
Default Server:  ordns.he.net
Address:  2001:470:20::2

> xbox.com
Server:  ordns.he.net
Address:  2001:470:20::2

Non-authoritative answer:
Name:    xbox.com
Addresses:  2a01:111:f009::3b03
65.55.42.140

>

As you can see, the IPv6 nameserver came back with an IPv6 AAAA record (2a01:111:f009::3b03) and an IPv4 A record (65.55.42.140) for xbox.com.

Make SEP Manager Console Suck a Little Less

June 27, 2011 / posted in Hack, Software / No Comments

My biggest complaint about Symantec End Point is that the manager console is slow. On a dual quad-core server with 16GB of RAM, it simply crawls. Sometimes, even when the system load is basically zero, the console is almost unusable. I did a little digging and found that the manager console is, in fact, written in Java –  that explains a lot.

Fortunately, because it’s written in Java there’s a little trick you can you to speed things up a little, assuming you have a decent amount of free RAM. The manager console is typically launched through sesm.bat, which is located (in a default install on an x64 server) in “C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\”. Open that .bat file in notepad, and you’ll see this:

@start “SESM” “C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\jdk\bin\javaw.exe” -Xms128m -Xmx1024m -XX:MinHeapFreeRatio=30 -XX:MaxHeapFreeRatio=40 -Dscm.console.conf=”C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\etc\conf.properties” -jar “C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\webapps\scm\clientpkg\scm-ui.jar”

Note the bit that I’ve highlighted above in red. Boost that up a little (I set it to 512m), save, and then re-open the management console. You should notice a significant difference in how fast the console operates now.

PFDAVAdmin and the Case of “Could Not Expand”

June 17, 2011 / posted in Microsoft, Software, Troubleshooting, Windows / No Comments

There are a number of articles out there about how to bulk-update permissions on calendars in Microsoft Exchange, most of them pointing to the PFDAVAdmin tool. The problem, though, is that you have to read the requirements for it very carefully. Case in point:

PFDAVAdmin "could not expand"I ran in to this when trying to run the tool from my Server 2003 x64-based Exchange 2007 server. It happened again when I tried to run it from a Server 2008 x64 box, and from my Windows 7 x64 workstation.

As it turns out, PFDAVAdmin requires .Net Framework 1.1 to be installed. It isn’t recommended to install that directly on to your Exchange Server as it can cause issues with .Net 2.0, so I simply installed it on my Win7 x64 box, ignored the Compatibility Warning, and that was it – PFDAVAdmin worked perfectly.

Apple Offers Re-Download Feature, But Only to Americans

June 8, 2011 / posted in "It's a Feature", Apple, Rants / No Comments

Being a Canadian citizen, I’m used to getting the short end of the stick when it comes to companies holding give-aways and the like. Apple is, of course, no exception.

I was excited to hear that, starting with iTunes 10.3.1, Apple would be allowing customers to download music that they had perviously purchased (before, if you bought a track/album and lost it, you would have to buy it again). In case it changes, the feature is described as:

Now you can download music you’ve previously purchased to all your devices. When you buy music from iTunes, iCloud stores your purchase history. So you can see the music you’ve bought — no matter which device you bought it on. You can access your purchase history from the iTunes Store on your Mac, PC, iPhone, iPad, or iPod touch. And since you already own that music, you can tap to download your songs or albums to any of your devices.1

Note the (1) footnote indicator. That footnote reads as follows:

Available in beta now in the U.S. only and requires iOS 4.3.3 on iPhone 3GS, iPhone 4 (GSM model), iPod touch (3rd and 4th generation), iPad, or iPad 2, or a Mac or PC with iTunes 10.3. Previous purchases may be unavailable if they are no longer in the iTunes Store.

Emphasis mine. With any luck, once “iCloud” leaves “beta” (why are you push Beta software through the official update channel, Apple? Google should sue.) the functionality will be expanded to beyond the U.S. and let the rest of us poor suckers get back our copies of ‘Plastic Beach – Deluxe Edition’.

HDD Replacement: Acer Aspire One and ZIF Drives

May 27, 2011 / posted in Hack, Hardware / 9 Comments

I ordered a 30GB 1.8″ ZIF drive to replace the crappy 8GB SSD drive in my old Acer Aspire One netbook. When I got the drive (a Samsung HS030GB) I very quickly discovered that the ZIF ribbon cable that came stock with the netbook didn’t work with it. The problem, it seems, is that Samsung uses a non-standard ZIF connector that is incompatible with 0.35mm ZIF cables (which are the standard). So, I shaved down one end of the ribbon and promptly broke it. Then, being an idiot, ordered a replacement set of cables on eBay without checking the thickness first (the listing stated they were for Samsung drives, although I should have known better than take that at face value).

I got the new set of cables today and, of course, they were all 0.35mm thick as well. I tried a few techniques to try to make the ends thinner but eventually just ended up with a bunch of butchered ribbons.

ZIF Drive and Cable

Remember kids, always review the specs of the drive and cable *before* ordering!

So I’ve ordered another batch of cables, this time making sure that one end has the correct thickness. Hopefully I’ll have a working netbook in a few weeks.

Update: The new ZIF cable came in (ProTip: when ordering ZIF ribon cables, if you need a smaller-than-0.35mm end, look for one where one end is blue (as pictured above), and the other end is white. The white end will be the smaller size)! Surprisingly, it fit, and after making a few modifications to the case (mainly removing the screw mounts for the old SSD) the new drive just dropped right in to place. Xubuntu is now installing, so I finally have a functional netbook again!

Installing Java on CentOS 5.x

May 26, 2011 / posted in howto, Linux / 2 Comments

There are a large number of articles floating around with outdated instructions for installing Sun Oracle Java on CentOS. I’m happy to report that the process is now very, very easier if OpenJDK doesn’t work for you.

  1. Browse to this page: http://www.java.com/en/download/manual.jsp
  2. Copy the URL of the “Linux RPM (self-extracting file)” link.
  3. On your CentOS box (assuming you’re SSH’d to it), use wget to download the file (eg, wget http://javadl.sun.com/webapps/download/AutoDL?BundleId=48333)
  4. Note that, when the file finishes downloading you may need to rename it. Due to the redirect process Oracle uses, you may end up with a filename like “jre-6u25-linux-i586-rpm.bin\?AuthParam\=1306440404_3678aad28a7b9aae044da147678b211e\&GroupName\=JSC\&FilePath\=%2FESD6%2FJSCDL%2Fjdk%2F6u25-b06%2Fjre-6u25-linux-i586-rpm.bin\&File\=jre-6u25-linux-i586-rpm.bin\&BHost\=javadl.sun.com” (this happened to me). If this is the case, rename it to “jre-6u25-linux-i586-rpm.bin
  5. Use chmod to allow execute permissions: chmod +x jre-6u25-linux-i586-rpm.bin
  6. Execute the binary: ./jre-6u25-linux-i586-rpm.bin
  7. Verify the installation worked: java -version

That’s it. No extra compiling, no need to add extra repositories. Simple. (Disclaimer: because this is done without a package manager, you’ll have to remember to manually update the installation to keep your box secure.)

Rogers MMS APN Settings for CyanogenMOD 7

May 16, 2011 / posted in Android, Troubleshooting / 11 Comments

I tried firing off an MMS from my Nexus One this morning to a friend only to have it hang on ‘Sending…’ with no network activity. The short version of it is the APN settings for Rogers that are built-in to CyanogenMOD 7 are incorrect. Here’s what you need.

For Data/Text:

Name: Rogers
APN: rogers-core-appl1.apn
Proxy: <Not Set>
Port: <Not Set>
Username: <Not Set>
Password: <Not Set>
Server: <Not Set>
MMSC: <Not Set>
MMS proxy: <Not Set>
MMS port: <Not Set>
MMC: 302 (might be different – is auto-set by your SIM card)
MNC: 720 (might be 72 – is auto0set by your SIM card)
Authentication type: <Not Set>
APN type: <Not Set>
APN protocol: IPv4

For MMS (edit the bottom entry in the APN list called ‘Rogers MMS‘):

Name: Rogers MMS
APN: media.com
Proxy: <Not Set>
Port: <Not Set>
Username: media
Password: mda01
Server: 172.25.0.107
MMSC: http://mms.gprs.rogers.com (IMPORTANT: in the default settings, this is listed as grps rather than gprs – make sure to correct this!)
MMS proxy: 10.128.1.69
MMS port: 80
MMC: 302 (might be different – is auto-set by your SIM card)
MNC: 720 (might be 72 – is auto0set by your SIM card)
Authentication type: <Not Set>
APN type: mms
APN protocol: IPv4

And that should be it. Make sure that the first ‘Rogers’ entry is selected, and your MMS messages should now send correctly.

« Older PostsNewer Posts »