Paulo Nobre

I’ve seen some blog posts with this already, but every time I reinstall my computer I have to google for it, so hopefully now it will be here, right at hand. Those registry hacks will display an entry in windows explorer context menu, to start local web development server (aka cassini) in target folder.

Visual Studio 2008 – X86 Windows

Windows Registry Editor Version 5.00 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\VS2008 WebServer]
@="ASP.NET Web Server Here"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\VS2008 WebServer\command]
@="C:\\Program Files\\Common Files\\microsoft shared\\DevServer\\9.0\\
Webdev.WebServer.exe /port:8080 /path:\"%1\""

Visual Studio 2008 – X64 Windows

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\VS2008 WebServer]
@="ASP.NET Web Server Here"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\VS2008 WebServer\command]
@="C:\\Program Files (x86)\\Common Files\\microsoft shared\\DevServer\\9.0\\
Webdev.WebServer.exe /port:8080 /path:\"%1\""

Visual Studio 2010 – X86 Windows

Windows Registry Editor Version 5.00 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\VS2010 WebServer]
@="ASP.NET 4 Web Server Here" 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\VS2010 WebServer\command]
@="C:\\Program Files\\Common Files\\microsoft shared\\DevServer\\10.0\\
Webdev.WebServer40.exe /port:8081 /path:\"%1\""

Visual Studio 2010 – X64 Windows

Windows Registry Editor Version 5.00 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\VS2010 WebServer]
@="ASP.NET 4 Web Server Here" 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\VS2010 WebServer\command]
@="C:\\Program Files (x86)\\Common Files\\microsoft shared\\DevServer\\10.0\\
Webdev.WebServer40.exe /port:8081 /path:\"%1\""

Today, in a discussion group I’ve subscribed, I came across a post that should be posted 10 years early.

http://www.lostechies.com/blogs/chrismissal/archive/2010/02/02/how-i-approach-a-defect.aspx

If my deer (No, it’s not “dear” i meant) good friend “Cabeludo” learned this steps back then, maybe I didn’t have so many troubles.

In this article, we’re going to take off where we left in part 1, setup LVM and install ubuntu 9.10.

Choose Configure the Logical Volume Manager. Because we haven’t written the changes made to RAID 1 array yet, we’ll be asked to save these changes. Choose yes, then choose Create Volume Group. Give volume group some name, for example vg1, then select /dev/md1 device for volume group and choose continue.

Next, select Create logical volume, accept vg1 as volume group and give a name to volume. I named it swap. Enter whatever size you’ll want for swap volume and press enter. After swap volume is created, we’ll create the root volume. So select Create logical volume again, accept vg1, name it root and accept the default size (entire remaining space). After we’re done, choose Finish.

Now we must partition and initialize the new logical volumes. Select the swap volume, press enter. Set it to use as swap area and then select Done setting up the partition.

Select the root volume, set it to use as Ext4 file system, set it’s mount point to / and select Done setting up the partition. After this we should have this configuration set:

Now choose Finish partitioning and write changes to disk.

When asked if you want to boot if raid becomes degraded, choose yes

Now, continue with ubuntu installation as normal.

I decided to give this a try on vmware first, so I could lather install it on my main home computer. For this setup I’m going to use 3 virtual SCSI disks with 8GB each. On my real hardware I have 3 SATAII 500GB disks.

Edit: Already installed it on physical machine, and couldn’t get it working with AHCI, so I had to tweak bios settings to have SATA in IDE mode.

It looks like isn’t possible to install a boot partition on RAID 5, so for boot I’ll use RAID 1 (mirror).

First grab a copy of alternate installation cd for your platform. Setup the virtual machine and let’s go. Proceed with the installation until you get to the “Partition disks” screen. Press alt+F2 to switch console and as prompted press enter to activate console.

For each of the three disks, create 2 partitions. The first on will be used in a RAID 1 for boot and the second will be used in RAID 5. Set both partition type to fd (Linux raid autodetect).

Repeat the same exact steps above for /dev/sdb and /dev/sdc (second and third disks). When finished, it’s time to create the RAIS arrays.

After a few minutes, check if everything went ok and both arrays are active. If the RAID 5 array is still in recovery, wait a few more minutes.

Ok. First step is done. Go back to install screen with alt+F1. Now we must go back to Detect disks phase, so press Tab to select <Go back> and press Enter. Choose Detect disks and press enter.

If everything went ok, the following screen should appear. Select first array and press enter.

Configure the partition using Ext3 journaling file system, /boot as mount point and choose Done setting up the partition.

On part 2, we’ll be setting up LVM and finishing ubuntu installation.

After setting up openswan on linux server, it’s time to configure a Windows Client to connect using x.509 certificates. This is a short article describing only the high level steps, going into further detail only where it has been more dificult.

The steps described apply to Windows 7. I haven’t tried on any other versions of windows, but at least the registry keys probably changed from older versions.

First we have to import the Client certificate, which was signed by a CA trusted by the server (might even be our own CA, but in that case we must either export the CA certificate together with the client certificate itself or export only the CA certificate and import it into the client). Importing the certificate by double click won’t work. Windows will import your certificate into a “User store” and that won’t work.

Instead open management console (start, run, mmc) and choose File-> Add/Remove snap-in… from the list presented, choose Certificates, and then “Computer Account”, so we can manage certificates globally for this computer and IP Security Policy Management. Now, expand Certificates (Local Computer), right click on Personal and choose All Tasks –> Import. If the CA root certificate was imported together with the Client certificate, move it to Trusted Root Certification Authorities->Certificates.

Now right click on IP Security Policies on Local Computer, and choose Create IP Security Policy. Give it a name and continue to the end, leaving the “Edit Properties” checkbox checked. On the rules tab, select the default IP security rule and click edit. Go to the Authentication Methods tab, remove the kerberos method and click add. Choose “Use a certificate from this certification authority (CA) and browse to your root CA certificate. Press ok a couple of times to close all of the open windows. Right click the policy created and choose assign.

Now, both the server and the client are behind NAT, and that isn’t supported in windows since Windows XP SP2. Microsoft claim’s it’s not secure (LOL). Ok, we believe that, but we need our vpn to be accessible Fire up regedit and go to HLKM\System\CurrentControlSet\services\PolicyAgent and create a 32-bit dword key named AssumeUDPEncapsulationContextOnSendRule. Give it the value 2 (both client and server are behind nat). Google for other values. This same key, with the same value should also be created under HKLM\System\CurrentControlSet\services\IPSec. Reboot. Restarting the policy agent service,  as I’ve seen in some pages, won’t work. Now, hopefully everything works as expected and Windows 7 client behind NAT can connect to openswan, also behind NAT, using certificates.

Since my last post, I’ve been a little busy with some projects. In my spare time, I was getting gentoo installed and configured in a spare mac mini I have at home. Yes, I’m a geek and gentoo is my favorite Linux distro.

I don’t think of my self as a security paranoid guy (if someone possesses the knowledge and wants to hack you, he/she will hack you anyway, unless you aren’t connected to the net) , however, whenever i see my apache logs and find out some guys where scanning it for phpmyadmin (DISCLAIMER: I DON’T FUCKING USE PHPMYADMIN !!!!! I USE mysql –u someuser –p somedatabasename !!!!) I freak out. Anyway, I decided to access my home network using a vpn. First I’ve tried OpenVPN, but I just found out it’s too slow (beside having to install some client on windows).

After a week tweaking ipsec.conf settings, you’ll laugh at the the end of this article, but (at least for future reference) I’ll describe the (hopefully less) painful steps to get this configuration working in gentoo.

Before start I definitely recommend you get your hands on this book. It’s very helpful and  you’ll get to understart the nitty-gritty details of openswan and the ipsec protocol (among others).

Configuring your kernel:

If you don’t have it done already compile your kernel with ipsec, ah and esp transformation, netfilter and ppp. Also, on cryptographic options, turn on Cryptographic APICompile it and install. Reboot and verify everything works as expected. These were the specific options I selected (among with other I had already selected) on my kernel’s configuration:

Networking support  —>
   Networking options  —>
      <*> PF_KEY socket      
      [*] TCP/IP networking
      <*>   IP: AH transformation
      <*>   IP: ESP transformation
      <*>   IP: IPComp transformation
      <*>   IP: IPsec transport mode
      <*>   IP: IPsec tunnel mode

   Device Drivers —>
      [*] Network device support   
         <*> PPP (point-to-point protocol) support
         <*>   PPP support for async serial ports
         <*>   PPP support for sync tty ports
         <*>   PPP Deflate compression 
         <*>   PPP BSD-Compress compression
         <*>   PPP over Ethernet (EXPERIMENTAL)
         <*>   PPP over L2TP (EXPERIMENTAL)
      Character devices  —>
         -*- Unix98 PTY support

   Cryptographic API —>
         <*> Null Algorithms
         -*- HMAC support
         -*- MD5 digest algorithm
         -*- SHA1 digest algorithm
         -*- AES chiper algorithms
         -*- DES and Triple DES EDE cipher algorithms
         -*- Deflate compression algorithm
         <*> Zlib compression algorithm
         <*> LZO compression algorithm   

After reboot, everything was working, so I emerged openswan, ppp, xl2tp and ipsec-tools packages. I had to unmask ipsec-tools.

echo "net-firewall/ipsec-tools ~x86" >> /etc/portage/package.keywords

Also, during emerge ipsec-tools, I got some error about swab.h not being found on my system (I’m running 2.6.31 kernel, and don’t know why, but portage only had 2.6.27 linux headers. I solved this problem creating a symlink from /usr/src/linux/arch/x86/include/asm/swab.h to /usr/include/asm/swab.h

# ln -s /usr/src/linux/arch/x86/include/asm/swab.h /usr/include/asm/swab.h
# emerge -av net-firewall/ipsec-tools
# rm /usr/include/asm/swab.h

After emerge completed successfully, I removed the symlink.

As stated on openswan book I turned on ip forward, and turned off send redirects and accept redirects. On gentoo you can edit /etc/sysctl.conf and set the default options there.

All my certificate stuff was generated as explained on the book and my configuration was almost verbatim the book’s examples (leftnexthop on ipsec.conf is the nat gateway’s ip address):

/etc/ipsec/ipsec.conf:

version 2.0

config setup
        nat_traversal=yes
        nhelpers=0
        plutodebug="control parsing"

conn L2TP-X509
        authby=rsasig
        pfs=no
        rekey=no
        keyingtries=3
        left=%defaultroute
        leftprotoport=17/1701
        leftrsasigkey=%cert
        leftcert=servercert.pem
        leftnexthop=192.168.112.1
        right=%any
        rightprotoport=17/%any
        rightrsasigkey=%cert
        auto=add

/etc/xl2tpd/xl2tpd.conf:

[global]
listen-addr = 192.168.112.128

[lns default]
ip range = 192.168.112.241-192.168.112.254
local ip = 192.168.112.240
require chap = yes
refuse pap = yes
require authentication = yes
name = test
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd
length bit = yes

/etc/ppp/options.l2tpd:

ipcp-accept-local
ipcp-accept-remote
ms-dns 192.168.112.1
noccp
auth
crtscts
idle 1800
mtu 1200
mru 1200
nodefaultroute
debug
lock
proxyarp
connect-delay 5000

/etc/ppp/chap-secrets

vpnuser          *      vPnP@ssVVd1234                192.168.112.241/28

(it’s obvious this username and password doesn’t work on my real vpn setup, it’s just an example).

And that was the openswan setup. After that I started openswan, and added it to the default runlevel. On my next article (hopefully shorter than this one, I’ll describe the windows client setup).

Last weekend I was thinking how computers used to be fun… When I used to be awaked until late, red eyes, lots of smoke, looking at a B&W text screen…

Now, I’m looking at a B&W screen again with a full ashtray a cup of coffee and it all started with:

make menuconfig

As I was putting together some quick ‘n dirty code to render some user controlled number of text boxes, I got this funny behavior.

This was the code for my aspx file:

<%@ Page Language="C#" AutoEventWireup="true"  CodeFile="Default.aspx.cs" Inherits="_Default" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title>Untitled Page</title>
</head>
<body>
<form id="form1">
<div>
    <asp:DropDownList ID="n" runat="server" AutoPostBack="true" OnSelectedIndexChanged="NSelectedIndexChanged">
         <asp:ListItem Text="1" Value="1" />
         <asp:ListItem Text="2" Value="2" />
         <asp:ListItem Text="3" Value="3" />
         <asp:ListItem Text="4" Value="4" />
         <asp:ListItem Text="5" Value="5" />
         <asp:ListItem Text="6" Value="6" />
         <asp:ListItem Text="7" Value="7" />
    </asp:DropDownList><br />
        <% for(int i= 0; i < Total; i++)  {%>
<asp:TextBox ID="txt" runat="server" Text="" /%><br /%>
        <%  }%>
</div>
</form>
</body>
</html>

and this was the code-behind:

using System;
using System.Web.UI;

public partial class _Default : Page
{
	private int _total;

	public int Total
	{
		get { return _total; }
		set { _total = value; }
	}

	protected void NSelectedIndexChanged(object sender, EventArgs e)
	{
		_total = Convert.ToInt32(n.SelectedValue);
	}
}

Now… when I run the app, and choose some value from the dropdown list it runs OK (beside all the text boxes having the same id). But when i select some, different value 2 or 3 times, some funny values (random number of ‘,’ come in to play on each of text box’s value).

I’m running Visual Studio 2005 here, targeting .NET Framework 2.0. Is the same happening to you ?

Here is the attached TestCode.

All I have to say is WOW

It’s almost one month old, but today, i went to mono website to see if there was any updates for OSX mono port, and monodevelop, and I found, that Novell launching a preview of MonoTouch… and I was curious about the “Touch” part of it… That’s it… soon you’ll be able to develop apps for your iPhone in you favourite language (of course it’s C#, not the cryptic objective-C ). I can’t wait to be able to download the preview (yes, it’s a preview, but we like previews don’t we ?) and try it out.

You can follow the development here: http://www.mono-project.com/MonoTouch

Hi, in my last post we’ve created a console application that connected to the Live Mesh and added an object. Today we’ll be creating and deploying a Mesh Application which we’ll enhance in next posts.

That said, fire up Visual Studio and create a new Silverlight Mesh-Enabled Web Application (you’ll find it under Live Framework project type). This will create a basic skeleton Silverlight application to be deployed to Live Mesh. When the application get’s created you can Run it and you’ll be presented with the following dialog:

Click the Navigate to the Developer portal, login if needed and on the left sidebar menu, choose the Live Services option. Select the application you have created on Part II and choose the Upload Package button. Now it’s time to go back to “Application Self-Link needed” window and click the link on step 2 to copy your package path to clipboard. Paste it on the browser window in the Textbox provided and click the deploy button.Wait while the application is deployed and then copy the Application Self Link and paste it to step 3.

Press ok and wait for the upload to finish. The only time you need to make these steps is when you run your application for the first time. After it finishes, a new webpage will open with your Live Mesh Desktop running the application you just deployed.

Right now, when i was writing this post, i came across this http://dev.live.com/blogs/devlive/archive/2009/08/21/500.aspx and it seems Live Framework CTP services are going down on September 8th… Until there, i won’t be writing any more posts about Live Framework. Let’s see where this is going.