Some time ago (after noticing my stuff was not working anymore Cry), I wrote a Utility Class for the Amazon Product API. I now published it as part of my new Amazon Tools project, that can be downloaded as complete class with examples here. It's licensed under Simplified BSD License.

 

	/**
* signs the request Url for the Amazon API
* @param str pUrl unsigned Url
* @param str pSecretAccessKey it's a hash to sign the Url,
* you get that from the Amazon-Partner network
* together with your AccessKey
* @return signed Url
*/

function &signRequestUrl($pUrl,$pSecretAmazonHash){
// retrieve Parameter from urls
$arrUrlParts = parse_url($pUrl);
$vParams = $arrUrlParts['query'];
// parameters are separated by & so we put them in
// another array, in there are values like "aa=bb" "xx=yy"
$arrParams
= explode('&',$vParams);

// loop and put pair/values in array
foreach($arrParams as $vPair){
// easy separating of the name/val by using explode
$arrPair = explode('=',$vPair);
$arrParamsSort[$arrPair[0]] = $arrPair[1];
}
// Timestamp needed if there is none present
$arrTemp = array_change_key_case($arrParamsSort,CASE_UPPER);
// format from amazon-docs
if (empty($arrTemp['TIMESTAMP'])){
$arrParamsSort['Timestamp'] = gmdate('Y-m-d\TH:i:s\Z');
}
// sort the array, needed to make the Url canonical
ksort($arrParamsSort);
// canonical means that the parameters are sorted
// so it's easier to check if urls are different
$vCanonicalString = '';
foreach ($arrParamsSort as $vKey => $vVal){
// rawurlencode => 5.3 should be RFC 3986 compliant
// for php versions below this should do the job
$vNewVal = str_replace('%7E','~', $vVal);
$vCanonicalString = $vCanonicalString.$vKey.'='.rawurlencode($vNewVal).'&';
}
// remove last &
$vCanonicalString = rtrim($vCanonicalString,'&');
// from he amazon docs
$vSignString = "GET\n".strtolower($arrUrlParts['host']).
"\n".$arrUrlParts['path']."\n".$vCanonicalString;

// generate the hash from the request
$vSignature = hash_hmac('sha256',$vSignString,$pSecretAmazonHash,true);
// and base64 encode it
$vSignature = rawurlencode(base64_encode($vSignature));
// rebuild the url with the signature
$vRet = $arrUrlParts['scheme']."://".$arrUrlParts['host'].
$arrUrlParts['path']."?".$vCanonicalString."&Signature=".$vSignature;

return $vRet;
}
 

 

 

I was looking for a solution to use multiple desktops in Windows7 like its possible on Linux since.... ever?

To use multiple desktops is very convenient if you develop software, a lot of application are often just used once ore twice a day but you have to tab through them very often. There seems to be no solution from Microsoft, and i could not really find any other good solution, until i ran over Virtual Dimension. The last update was in 2005. I was very skeptical because the software was not maintained for over five years. But... this is why i write this article its GREAT STUFF!. Why?

  1. it installs pretty fast and is pretty small (~400k)
  2. very easy to configure, intuitive handling
  3. possible to use drag and drop of the applications (you can move your applications between the desktops

I dont know how it can be possible that somebody writes software that works for five years on different OS versions, but its incredible.

virtualdimensionvirtualdimensionconfig

I hope Francois Ferrand will continue to work on this project.

 

 

If you google for this exception you find a lot of "unresolved bugs". In my case the reason was, that i just had a typo
so that the jar-file just could not be found.jdk
1
java.security.AccessControlException: 
access denied (java.lang.RuntimePermission accessClassInPackage.sun.java2d)

 

jdkIf you get that error when invoking the Oracle-Forms Layout-Editor and you are sure the naming of the bean and also the FORMSxx_BUILDER_CLASSPATH variable is set correctly, then you should check with which java-version your bean is compiled. To display it correctly in version 10.x you need JDK 1.4.2_06 or lower. I don't know which version you need for version 11, please comment if you have any infos about that.

ods10If you programmatically modify a window by using SET_WINDOW_PROPERTY a WHEN-WINDOW-RESIZED event should be triggered. If in the meantime a message is dispatched by a bean (WHEN-CUSTOM-ITEM-EVENT) the WWRSZ is NOT processed. It seems to be a matter of timeing how long the message to the server takes because it does not always occur (of course same code.... nothing changed...).

Hopefully i can reproduce it on a minimal form for the ORACLE-support.

subversion_logoIf you are using your subversion server with ssh you normally use something like

1
svn co svn+ssh://This email address is being protected from spambots. You need JavaScript enabled to view it./var/myrepos/project_main 

for checkout. If your ssh port is not default 22 you have to change a bit in the subversion configuration.
The subversion config file is normally located in the users application-data directory in ...\Subversion and is named config.
In the tunnels you have to add a ssh-client (i used TortoisePlink.exe because i already had TortoiseSVN installed), and configure that the ssh protocol uses a different port by default.

1
ssh = C:\\Program Files\\TortoiseSVN\\bin\\TortoisePlink.exe -P 2211
You could also define another port like
1
myssh = C:\\Program Files\\TortoiseSVN\\bin\\TortoisePlink.exe -P 2211
Your checkout would then look like
1
svn co svn+myssh://This email address is being protected from spambots. You need JavaScript enabled to view it./var/myrepos/project_main
That works fine on command line, but when i tried it with TortoiseSVN it failed.
I don't know if it is a bug, but you have to set in TortoiseSVN->Settings->Network->SSH client TortoisePlink again
1
"C:\Program Files\TortoiseSVN\bin\TortoisePlink.exe" -P 2211
Then it works without any problems.
This was an example for windows, if you want to use it on linux/unix you dont need TortoisePlink you can simply use the ssh binary, you also have to convert the backslashes to slashes.

ods10If you want to install Oracle Devleoper 10g on Vista or Windows 7 you need to follow the note 559067.1 from Oracle. The most important thing is that you need to install Patch 7047034 before you start using the Developer, else you get some nasty errors when opening or compiling forms.

If you are using the RBASH and the user has rights for example to call vi, he has the possibility to exit the shell by vi, also a "su exampleuser" would do the job, there are also possibilities to copy /bin/sh...... In this case the only thing i wanted to restrict the user to allow him to become root. Yes i know, the pro and cons about that, i decided that connecting by ssh to a user that has NO rights except su the root user and getting root if i need to change something is a good way.

As described earlier i added (modified) a user

useradd example -m -d /home/example -s /bin/rbash
usermod -s /bin/rbash example
passwd example

Then i edited his bash-profile and set the PATH only to his homedirectory.

vi /home/example/.bash_profile

I changed the part where the path-variable is set, it looks like this now:

# set PATH so it includes user's private bin if it exists
PATH=/home/example
#if [ -d ~/bin ] ; then
# PATH=~/bin:"${PATH}"
#fi

So this user has absolutely NO rights... cool Laughing Last step is to allow him to get root. That's done by creating a script, i named it suroot in /bin that contains the text "/bin/su root", of course you have to give it 755 rights afterwards. The very last step is to crate a link from the user home to the new script.

vi /bin/suroot
chmod 755 /bin/suroot
cd /home/example
ln -s /bin/suroot

I could not find a way to escape from this jailshell, sometimes i have overseen something, if so please let me know.


mailYesterday i decided to enable the mailing feature of bacula, to keep informed about backups that did not work.

Normally you can easily configure that in the bacula-dir.conf file, by uncommenting/setting the mailcommand and the email-address.
The default entries look similar to this:

 

1
mailcommand = "/usr/lib/bacula/bsmtp -h localhost -f \"\(Bacula\) \<%r\>\"
 -s \"Bacula: %t %e of %c %l\" %r"
mail = root@localhost = all, !skipped

 

The mailcommand bsmtp is a bacula-builtin and the %r gets replaced with the email-address from "mail".
In this example all mails except the skipped ones get sent to root@localhost.

In my case i could not use bsmtp because i need authentication on the smtp server to send mails, like gmail also needs.
So i had to look for an alternative and i found sendEmail that is also available as Debian package.
sendEmail is a very powerful smtp-command-line tool. The installation on Debian is quite simple.

 

1
apt-get install sendemail

 

Now i changed the mailcommand to the following: (you have to put it in one line!)


1
 mailcommand = "/usr/bin/sendEmail -f This email address is being protected from spambots. You need JavaScript enabled to view it. -t
%r -u \"Bacula: %t %e of %c %l\" -m Intervention needed! -s
smtp.mymailserver.at -o tls=no -xu myusernamer -xp mypassword"

 

-f is the from address
-t is the target %r gets replaced by bacula with the mail-address defined
-u is the subject that will look like "Bacula: Backup ERROR of HostBacula Full" in the mail.
-m is the mail body, i really dont know how to put the errorlog for this one job in there...
-s is the mailserver
-o is the authentication, if you want it more secure you should use tls
-xu username
-xp password

I choose to use "MailOnError", because i check all jobs and logs on a regular base so i just want a quick inform if an error occured, if you use "mail" then you get also informed about succesfully terminated jobs.

subversion_logoToday i was installing subversion on a 64Bit Windows 7 machine.
I chose the SlikSVN package to install Subversion, because i dont want to have
an Apache running on this computer, and it was the only 64 bit Subversion option.
Installed, out of the box and with installing svnserve as service with

1
2
3
sc create svnserve binpath= "c:\subversion\svnserve.exe --service
    --root c:\repos" displayname= "Subversion" depend= tcpip
    start= auto

 

it worked out of the box without any troubles.
The only thing that was not working was TortoiseSVN. So... it worked by command line but did not work with TortoiseSVN? Yes.
After trying for hours i uninstalled SlikSVN and tried the CollabNet package. With this package it worked without any troubles.

I really don't know what could be the reason for this. I also found some threads where people had the same problems.
Does anybody out there have hint, why it does not work with SlikSVN?

Another good way to limit the rights of a remote user in linux is to use rbash (restricted bash). Although there are ways to bypass the restrictions it is in my opinion a nice way to protect a user from himself (and my system from this user....).

rbash

example
useradd example -m -d /home/example -s /bin/rbash
usermod -s /bin/rbash example
passwd example

Another nice way to create users on linux that have just rights for scp/ftp/cvs/rdist/rsync is RSSH (restricted ssh).

Example (for debian)

installation

apt-get install rssh

configure the rights by editing the config file (uncomment the things he should be able to do)

vi /etc/rssh.conf

add user or modify a already existing user

useradd -m -d /home/heinzi -s /usr/bin/rssh heinzi
usermod -s /usr/bin/rssh heinzi

Now the user can just access by the application you choose for him in rssh.conf.