Wednesday, 20 September 2017

Using openSSL on macOS to encrypt a file using a password

I had a requirement to share a file with a colleague, which I did using Box. However, I wanted to go one step further and encrypt the file BEFORE sharing.

This is known, in some circles, as Pre-Internet Encryption (PIE), which is funny, because I like pie - fish pie, apple pie, mince pie, you name it :-)

This is what I did: -

Encrypt the file

openssl enc -aes-256-cbc -in Patent.doc > Patent_enc.doc 

This example uses the AES-256-CBC cipher and requests a password, which is used, with the chosen block/stream cipher, to encrypt the file.

My colleague then used a similar command: -

openssl enc -aes-256-cbc -in Patent_enc.doc -d > Patent.doc 

to decrypt the file.

I could've used one of a number of ciphers: -



For the record, whilst I shared the file with him via Box, I shared the decryption command via Slack, and the password via a third, separate channel.

Don't call me paranoid :-)

From the Wiki here: -

This page describes the command line tools for encryption and decryption. Enc is used for various block and stream ciphers using keys based on passwords or explicitly provided. It can also be used for Base64 encoding or decoding.

It's also worth noting that the openSSL command on macOS is somewhat limited / out-of-date.

This is what I have: -

openssl version

OpenSSL 0.9.8zh 14 Jan 2016

as compared to Red Hat: -

openssl version

OpenSSL 1.0.1e-fips 11 Feb 2013

So the macOS version is older but newer :-)

As an example, this command ( from the Wiki ): -

openssl list-cipher-algorithms

gives this error on macOS: -

openssl:Error: 'list-cipher-algorithms' is an invalid command.

whereas on RHEL, it gives a huge list :-)

However, I was able to work out what ciphers the command supported: -

openssl help

openssl:Error: 'help' is an invalid command.

Standard commands
asn1parse      ca             ciphers        crl            crl2pkcs7      
dgst           dh             dhparam        dsa            dsaparam       
ec             ecparam        enc            engine         errstr         
gendh          gendsa         genrsa         nseq           ocsp           
passwd         pkcs12         pkcs7          pkcs8          prime          
rand           req            rsa            rsautl         s_client       
s_server       s_time         sess_id        smime          speed          
spkac          verify         version        x509           

Message Digest commands (see the `dgst' command for more details)
md2            md4            md5            mdc2           rmd160         
sha            sha1           

Cipher commands (see the `enc' command for more details)
aes-128-cbc    aes-128-ecb    aes-192-cbc    aes-192-ecb    aes-256-cbc    
aes-256-ecb    base64         bf             bf-cbc         bf-cfb         
bf-ecb         bf-ofb         cast           cast-cbc       cast5-cbc      
cast5-cfb      cast5-ecb      cast5-ofb      des            des-cbc        
des-cfb        des-ecb        des-ede        des-ede-cbc    des-ede-cfb    
des-ede-ofb    des-ede3       des-ede3-cbc   des-ede3-cfb   des-ede3-ofb   
des-ofb        des3           desx           rc2            rc2-40-cbc     
rc2-64-cbc     rc2-cbc        rc2-cfb        rc2-ecb        rc2-ofb        
rc4            rc4-40         seed           seed-cbc       seed-cfb       
seed-ecb       seed-ofb       


Tuesday, 19 September 2017

This time, it's about a freezer

So almost all of my blog posts are technical, and most involve some kind of IT and/or IBM product or service.,

This time, whilst still technology, it's all about …. freezers.

We recently took delivery of a Zanussi ZFT10210WA freezer, and hit a problem ….

Specifically, it was a UI problem.

More specifically, the UI didn't match the documentation ( available as a PDF here ).

This is what the documentation has: -


whereas the freezer looks more like this: -


In other words, how can I set it to -16 degrees C when the Temperature Regulator knob only shows 1-6 ?

I tried Zanussi's support page: -


but they don't actually list freezers there: -

so I tried the email address on the page: -


which bounced back.

I also tried the other email address on the page ( hover over one and the other one is revealed below ): -


but that also bounced back.

Thankfully, I found a Twitter page for @Zanussi_UK  which, despite not having much activity since June 2016, did include a Tweet with an old email address: -


I emailed this address: -


and they came straight back with this: -

<snip>
Thank you for your email below, I'm sorry that the user manual is not showing the correct information.
 
I can confirm that the temperature control within the freezer section should be set  between 3-4 on the dial, this will reduce the temperature to between -16 and -18 degrees.

 </snip>

which is nice.

Thankfully, I already had the dial set midway between 3 and 4, which was a lucky guess.

So, the moral of the story ?

Try the web, try email, try Twitter, and then try email again :-)

Kubernetes and IBM Bluemix - again with the #HoldingItWrong

So I saw this: -

kubectl get nodes

Unable to connect to the server: could not refresh token: unrecognized error {"errorCode":"BXNIM0408E","errorMessage":"Provided refresh token is expired","context":{"requestId":"4294322993","requestType":"incoming.Kube_Token","startTime":"19.09.2017 11:58:26:739 UTC","endTime":"19.09.2017 11:58:26:741 UTC","elapsedTime":"2","instanceId":"tokenservice_dal06/1","host":"localhost","threadId":"1955e0","clientIp":"146.90.214.170","userAgent":"Go-http-client/1.1","locale":"en_US"}}

which made me realise that I had forgotten to set the KUBECONFIG environment variable ( I'm using macOS ).

This I did: -

export KUBECONFIG=/Users/davidhay/.bluemix/plugins/container-service/clusters/DaveHayK8SCluster/kube-config-prod-dal10-DaveHayK8SCluster.yml
echo $KUBECONFIG


/Users/davidhay/.bluemix/plugins/container-service/clusters/DaveHayK8SCluster/kube-config-prod-dal10-DaveHayK8SCluster.yml

but I then started getting this: -

kubectl get nodes

The connection to the server localhost:8080 was refused - did you specify the right host or port?

kubectl proxy

The connection to the server localhost:8080 was refused - did you specify the right host or port?

which made me cuss a bit.

However …..

I love it when my own blog post: -


has the solution :-)

Bottom line, the KUBECONFIG variable was AGAIN wrong :-(

I validated this: -

ls $KUBECONFIG

ls: /Users/davidhay/.bluemix/plugins/container-service/clusters/DaveHayK8SCluster/kube-config-prod-dal10-DaveHayK8SCluster.yml: No such file or directory

So I validated the name of my Kubernetes cluster: -

bx cs clusters

OK
Name                ID                                 State    Created                    Workers   Datacenter   
DaveHayK8SCluster   fff102198c534d0096bacd575488c9dd   normal   2017-08-21T09:59:53+0000   1         par01   


and then searched for the YAML: -

find ~/.bluemix/ -name *.yml

/Users/davidhay/.bluemix//plugins/container-service/clusters/DaveHay/kube-config-prod-dal10-DaveHay.yml
/Users/davidhay/.bluemix//plugins/container-service/clusters/DaveHayK8SCluster/kube-config-par01-DaveHayK8SCluster.yml


Once i set the variable appropriately: -

export KUBECONFIG=/Users/davidhay/.bluemix//plugins/container-service/clusters/DaveHayK8SCluster/kube-config-par01-DaveHayK8SCluster.yml

things started working again: -

kubectl get nodes

NAME            STATUS    AGE       VERSION
10.127.239.36   Ready     29d       v1.5.6-4+abe34653415733

kubectl proxy

Starting to serve on 127.0.0.1:8001

and the proxy now works: -


So again, READ MY (OWN) BLOG :-)

Monday, 18 September 2017

Testing JDBC Data Sources using Jython

One of my colleagues asked me about this …

In essence, did I have a Jython script that allows one to test JDBC data source …

Here's one I prepared earlier: -

testDataSource.jy

cellID = AdminControl.getCell()
cell=AdminConfig.getid( '/Cell:'+cellID+'/')
for dataSource in AdminConfig.list('DataSource',cell).splitlines():
 print dataSource
 AdminControl.testConnection(dataSource)


Notes: -

- To support the FOR loop, there are indentations ( thanks Python, we love you ) in front of the last two lines of the script
- Similarly, there's a spare, blank line ( again, thanks, Python ) at the end of the script to finish the loop

When I run this: -

I do get an exception, for which I'm NOT catching: -


specifically this: -

DefaultEJBTimerDataSource(cells/PCCell1/applications/commsvc.ear/deployments/commsvc|resources.xml#DataSource_1228749623069)
WASX7017E: Exception received while running file "testDataSource.jy"; exception information: com.ibm.websphere.management.exception.AdminException
javax.management.MBeanException
java.sql.SQLException: java.sql.SQLException: Database '/opt/ibm/WebSphereProfiles/AppSrv01/databases/EJBTimers/AppClusterMember1/EJBTimerDB' not found. DSRA0010E: SQL State = XJ004, Error Code = 40,000


I could mitigate that by adding the appropriate try/catch logic to my script - that's tomorrow's challenge.

For the record, this exception occurs against a datasource about which I don't care :-)

Secure Identity Propagation Using WS-Trust, SAML2, and WS-Security

I'm reading this: -


in the context of Single Sign-on (SSO), via this: -


and: -


Friday, 15 September 2017

New Technology Demonstration: BPM Analytics

This from my IBM colleague, Allan Chan: -

A new BPM Analytics technology demonstration is available to use with the latest IBM Business Process Manager. The latest version works with V8.5.7.0 CF201706 release at the end of June 2017. The original version worked with V8.5.7.0 CF201703 released on 31st March 2017.
...
The key value of IBM Business Process Manager (BPM) is in streamlining custom enterprise business processes to better optimize service and cost. It does this namely through 1) custom process applications to manage work, and 2) process analytics for workers, managers, and analysts to assist their decision making in the execution and management of work and the design of processes. This technology demonstration aims to enhance BPM capabilities for (2) process analytics, with modern technologies which can excel in the era of big data and analytics, taking advantage of the full potential of the rich information into business operations afforded by custom process apps executing in BPM.

The BPM Analytics aims to enhance BPM for two scenarios: 1) BPM Analytics – providing enhanced process analytics features directly within the BPM offering targeting BPM user roles, and 2) 3rd Party analytics – providing enhanced features to publish process data to external data and analytics solutions provided by IBM, customers, and partners.

Monday, 11 September 2017

IBM Redbook - Developing Node.js Applications on IBM Bluemix


This IBM® Redbooks® publication explains how to create various applications based on Node.js and run them on IBM Bluemix®. In this book, you will do the following activities: 

• Develop a Hello World application in Node.js, executing on IBM Bluemix. Through this activity, you can learn about these technologies:

• IBM SDK for Node.js 
• Eclipse Orion Web IDE 

• Use asynchronous callback
• Create an Express application
• Build a rich user interface application by using AngularJS based in Node.js

This book is for beginner and experienced developers who want to start coding Node.js applications on IBM Bluemix.

Table of contents

Chapter 1. Developing a Hello World Node.js app on Bluemix
Chapter 2. Understanding asynchronous callback
Chapter 3. Creating your first express application
Chapter 4. Building a rich UI application by using AngularJS with Node.js
Appendix A. Additional material