Karim Vaes

Check out remote-vulnerability-in-firefox… It’s describes that firefox extensions hosted on a non https site are vulnerable. The vast majority of the open source/hobbyist made Firefox extensions – those that are hosted at https://addons.mozilla.org – are not vulnerable to this attack. Users of popular Firefox extensions such as NoScript, Greasemonkey, and AdBlock Plus have nothing to worry about.

Scenario
- Two application servers
- Each application server hosts different 3 services (different ports) which depend on eachother

Objective
When one of the services on a node goes down (checked by a monitor), then all services should be marked as down.

Possible Solutions

• Solution “divided” : A seperate pool for each service
  The way you normally do this, yet it’s not that clean as you make the situation a bit more bloated.
• Solution “combined” : One pool for all services
  Use the “translate service disable” option when creating a virtual server. This will disable port translation for the specific virtual server.

Example
If the virtual port is 65001, and the port used for the poolmembers is 65101, then when a request is send to the virtual ip on port 65001, then it will be rerouted to the pool member’s port 65101.
If the “translate service” option is set to “disable”, then the request will be sent to the pool member’s port 65001.
In this case you can setup one pool, with different checks for all services the nodes should provide. And create virtual servers pointing to one single pool.

man virtual

translate service
The options are enable or disable. You can turn port translation
off for a virtual server if you want to use the virtual server to
load balance connections to any service.

Scenario
There are two loadbalancers which are setup as a redudant pair which provides a default simple virtual server (with pool).
Let’s say you’d setup a connection towards this virtual server, and afterwards there’dd be a failover.

What happens to the connection that was setup to the load balancer that was setup?

• The connection is being migrated to the other load balancer.
• The connection remains as it was, directed to the “failed” load balancer.
• The connection is terminated/reset (by the BigIP).

It might be a surprise to some, that the correct answer is the second one. The connection remains “as it was”. Off course it won’t be functional; Yet there will be no fail over of this connection by default, or will the connection be terminated/reset by the BigIP
When (and how) the connection will be reset depends solely on the client!

So one might ask: “Why doesn’t the BigIP send a fin/rst to the client?”
Another question might answer this: “How would the BigIP be able to send the fin/rst packet as it failed?” A failover occurs when the unit isn’t accessible anymore (If it got disconnected from the network, crashed… etc). It wouldn’t be able to send this packet.

There is however a mechanism that does a fail over to the other BigIP. But there is a (performance) trade off involved. This mechanism is called “connection mirroring”. So the state of all the connections made to the active BigIP are also kept on the standby BigIP.

HOWTO
You can enable the “connection mirroring” thru :
- the command line (“man virtual”) : “b virtual *name* mirror conn enable”
- the GUI (virtual server -> advanced) : GUI Screenshot

So if you REALLY need it, you can use the option, yet be aware of the performance degradation that’ll cause.

I was tired of the “default” wordpress theme, so I’ve switched the site to “DkBlog 1.1 by Seobilgi“. A personal improvement based on style, but also on layout. The default theme removed all menu bars (and so on) when viewing a post, where this theme keeps the important things where they should be.

I’ve also extended the wordpress installlation with the “WP-Syntax” plugin. This is nicer on the code I’ve been posting. Where this plugin keeps the layout, and even does some highlighting.

Let’s start out with a file we’ve created in unix (solaris). When doing an octal dump (od) of this file, we’ll see that the end-of-line (newline) is represented with an \n

bash-2.03$ cat test
linetest
bash-2.03$ od -c test
0000000 l i n e t e s t \n
0000011

Let’s convert this file to a DOS (windows) file:

bash-2.03$ unix2dos test test2

If we do an octaldump of this newly generated file, then we’ll see that it had a “return” and a “newline”.

bash-2.03$ cat test2
linetest
bash-2.03$ od -c test2
0000000 l i n e t e s t \r \n
0000012

NOTE(s):
- the unix2dos & dos2unix are eachother’s equivalents…
- the commands can be used to convert files for to be compatible for the other