I had a hard time trying to put my little flickr-show Google Gadget into a WordPress page -- Various versions of the gadget has been used in Google Sites and Blogger pages (also on the sidebar) successfully.
This gadget is very much a proof of concept: The Gadget concept is Google's way for developers to write small apps in XML and JavaScript that could be placed in all kinds of web pages and the Google Desktop. It's not a novel concept but Google seems to be the most open among the companies that have something like it. Google Gadget is simple conceptually: You write an XML module that specifies a number of things, among that relevant to interfacing with the users are (1) a section for options, (2) content area which functions as an HTML/DOM container, (3) JavaScripts that work in the content area and (4) optional message files in XML for multiple language support.
One issue I take with Google's handling of gadgets is inconsistency: The same gadget behaves differently in Google Sites than in a non-Google website where you have to use Google's gadget creator tool to turn the XML modules into an HTML for rendering by user's browsers. Little differences can be very annoying. For example, the gadget creator tool generates three div containers around the iframe with white background color for no apparent reason. I mean, I can understand that Google wants to put their logo on rendered gadgets, but why this obnoxious white background?
Blogger allows gadgets in the sidebar directly. But if you want to put one in your blog entry contents, you have to run it through the gadget creator. Now, on to what I think is a bug somewhere in the Google code cloud. The code the creator tool generated calling Flickr's API function to search for photos returns an empty list in a WordPress page while it works in a Blogger page -- I have later learned that this could be caused by the chaotic use of jQuery in WordPress and many of its plugins, but this seems to be a problem of a different kind as the call does go out through Google's gadgets.io.makeRequest() proxy function and return with results.
To avoid using the Google gadget creator tool, I made changes to make the flickr-show.js module work with or without the Google Gadget API.
On the WordPress side, we observed a situation in which multiple instances of jQuery gets loaded. Which caused chaos for jQuery UI: UI widget functions would randomly disappear from the jQuery namespace. WordPress seems to need a JavaScript library manager badly -- something like the Drupal JavaScript Libraries Manager.
Wednesday, February 22, 2012
Tuesday, February 21, 2012
An InterMapper Probe in Python
InterMapper ships with Python -- the recent releases come with Python 2.7, making extending it using Python a natural choice.
So when a colleague diagnosed a problem between Cisco ACE and some application servers it load-balances for, I thought about turning his curl script into a probe. Previously I tried to put curl on the Windows 2008 server where our InterMapper software runs, but I didn't get far with that effort. I turned to Python since then when I need to do anything with InterMapper, like writing notifiers and probes.
My notifier and probe code are available on Google Code. My first probe is one that talks to the Cisco xml_agent process, which seems to be supported in more and more Cisco boxes. The probe itself is in the xmlprobe.xml file -- Simple installation instructions are found in there. It connects to the agent on a Cisco box via HTTPS and runs a command configurable either in a configuration file or via InterMapper's "set probe" dialog.
Lessons learned in writing this simple probe: I really hope InterMapper has more documentation about the details of the probe syntaxes. For example, in the
This probe still looks messy: The JSON configuration data has to be edited manually. It seems that a web-based front-end tool would be helpful. It seems that InterMapper could extend its HTTP API so that the remote access client could be extended through server side plug-ins.
So when a colleague diagnosed a problem between Cisco ACE and some application servers it load-balances for, I thought about turning his curl script into a probe. Previously I tried to put curl on the Windows 2008 server where our InterMapper software runs, but I didn't get far with that effort. I turned to Python since then when I need to do anything with InterMapper, like writing notifiers and probes.
My notifier and probe code are available on Google Code. My first probe is one that talks to the Cisco xml_agent process, which seems to be supported in more and more Cisco boxes. The probe itself is in the xmlprobe.xml file -- Simple installation instructions are found in there. It connects to the agent on a Cisco box via HTTPS and runs a command configurable either in a configuration file or via InterMapper's "set probe" dialog.
Lessons learned in writing this simple probe: I really hope InterMapper has more documentation about the details of the probe syntaxes. For example, in the
This probe still looks messy: The JSON configuration data has to be edited manually. It seems that a web-based front-end tool would be helpful. It seems that InterMapper could extend its HTTP API so that the remote access client could be extended through server side plug-ins.
Thursday, February 9, 2012
Working with Cisco LMS Database in Python
Cisco has published its CiscoWorks LAN Management Solution (LMS) database schema (4.2) since version 3.2. JDBC and ODBC are supported methods for accessing data LMS has collected. Setting up ODBC is a bit involved especially when I don't have the privilege to upgrade OS in a box. I don't particularly like Java either. So I thought about getting access to the data locally and possibly provide that data remotely through a web-based interface using an easier-to-use Python-based framework, maybe something like web2py.
So I installed Jython on the Windows Server 2008 box which runs my LMS 4.1 installation, copied down some sample Java code from Cisco and translated that into Python. After a few tries to get Jython to find the right Java class path, it actually worked.
So here is the code (of course, userid and password have to be filled in) that prints a list of devices in the database:
#!/usr/bin/env jython
##
## Requires this: export CLASSPATH='E:\CSCOpx\lib\classpath'
##
import time
import java.sql
import com.sybase.jdbc2.jdbc.SybDriver
conn = java.sql.DriverManager.getConnection("jdbc:sybase:Tds:localhost:43441?SERVICENAME=cmfDb", userid, password)
print('[%s] INFO: Connection successful...' % time.strftime("%c"))
stmt = conn.createStatement()
query = "SELECT Device_Id, Device_Display_Name, Management_IPAddress FROM Network_Devices"
rs = stmt.executeQuery(query)
cnt = 0
while rs.next():
cnt += 1
print("%d. Device Id: %s" % (cnt, rs.getString("Device_Id")))
print(" Display name: %s" % rs.getString("Device_Display_Name"))
print(" Management IP address: %s" % rs.getString("Management_IPAddress"))
So I installed Jython on the Windows Server 2008 box which runs my LMS 4.1 installation, copied down some sample Java code from Cisco and translated that into Python. After a few tries to get Jython to find the right Java class path, it actually worked.
So here is the code (of course, userid and password have to be filled in) that prints a list of devices in the database:
#!/usr/bin/env jython
##
## Requires this: export CLASSPATH='E:\CSCOpx\lib\classpath'
##
import time
import java.sql
import com.sybase.jdbc2.jdbc.SybDriver
conn = java.sql.DriverManager.getConnection("jdbc:sybase:Tds:localhost:43441?SERVICENAME=cmfDb", userid, password)
print('[%s] INFO: Connection successful...' % time.strftime("%c"))
stmt = conn.createStatement()
query = "SELECT Device_Id, Device_Display_Name, Management_IPAddress FROM Network_Devices"
rs = stmt.executeQuery(query)
cnt = 0
while rs.next():
cnt += 1
print("%d. Device Id: %s" % (cnt, rs.getString("Device_Id")))
print(" Display name: %s" % rs.getString("Device_Display_Name"))
print(" Management IP address: %s" % rs.getString("Management_IPAddress"))
Friday, February 3, 2012
Obscure Problem with LMS 4.1
Finally got around to put Cisco Prime LMS 4.1 (They seem to be retiring the CiscoWorks brand.) on a Windows 2008 server -- I want to go the appliance route but more work is needed to get a VM in the enterprise environment for that.
First impression: LMS 4.1 looks very different from 3.2.1 on the web-based GUI. Cisco did put effort into modernizing the web-based interface and rearranging components to suite a network manager's work flow rather than around the various pieces that Cisco acquired to make up the LMS bundle. However, one may learn quickly the difference is much less profound under the hood.
Right off the bat, I hit a small snag.
After installation, I enabled HTTPS in Admin by going into Admin » Getting Started » Other System Settings » System Settings » Browser-Server Security Mode, selected Enable HTTPS and applied that setting.
First impression: LMS 4.1 looks very different from 3.2.1 on the web-based GUI. Cisco did put effort into modernizing the web-based interface and rearranging components to suite a network manager's work flow rather than around the various pieces that Cisco acquired to make up the LMS bundle. However, one may learn quickly the difference is much less profound under the hood.
Right off the bat, I hit a small snag.
After installation, I enabled HTTPS in Admin by going into Admin » Getting Started » Other System Settings » System Settings » Browser-Server Security Mode, selected Enable HTTPS and applied that setting.
After that, a user browser visiting the LMS server using HTTPS://server-name is redirected to http://server-name:1741/...
after login, which produced a 403 (Forbidden) error.
TAC was not much help in this case. After poking my way around the server and the GUI, I think I have fixed the
problem:
Go to Admin » Trust Management » Local
Server » Browser-Server Security Mode Setup, select Change Setting
To: Enable and apply.
It seems to me that both Browser-Server Security
Mode from Getting Started and Browser-Server Security
Mode Setup in Trust Management should mean exactly the same
thing. But apparently they do not do the same thing.
Wednesday, January 18, 2012
Monitoring a Lenovo ThinkServer, with Help from Cygwin
The box is running Windows 2008 Server Foundation, which is a bare bone of Windows server software. But it works for a small business that has software that only runs on Windows.
The Lenove ThinkServer 100 series support an Intel SATA RAID controller. To monitor the RAID system, one may install the Intel Storage Management Console as described in this manual on page 10.
But there is a problem. Windows 2008 Server Foundation does not come with a mail server. The Storage Management Console is only capable of sending out notification of any issue in the storage system via plain vanilla SMTP (Simple Mail Transport Protocol), with no support for a smart-host kind of configuration.
Here is where Cygwin and its arsenal of software carried over from the UNIX/Linux world can help. I did not start out knowing what to do exactly. But simple Google search of Cygwin SMTP proxy turns up a lot of reading material. By the way, Cygwin should be on every Windows machine, just for packages like grep, openssh and rsync that comes with it if nothing else.
Following this article about running exim on Ubuntu to send email via Gmail, I have been able to get it up and running in short order. Installing exim is not very difficult. As of this writing, Cygwin comes with exim version 4.76-1. After installation, one runs exim-config to configure it.
There are things that need to be further configured. The line below to add the local network for mail relay:
hostlist relay_from_hosts = 127.0.0.1 : 192.168.1.0/24To route mail not for local domains via Gmail:
begin routersTo configure the Gmail SMTP service:
send_via_gmail:
driver = manualroute
domains = ! +local_domains
transport = gmail_smtp
route_list = * smtp.gmail.com
begin transportsGmail SMTP server requires user authentication:
gmail_smtp:
driver = smtp
port = 587
hosts_require_auth = $host_address
hosts_require_tls = $host_address
begin authenticators
gmail_login:
driver = plaintext
public_name = LOGIN
client_send = : your-account@gmail.com : your-account-password
That's it! After that, start the exim service using net start exim. From the Intel Storage Management Console, one may then configure it to use the local server as the SMTP server to send out email when issues occur.
Friday, January 6, 2012
HP Quality Center
So, I guess they call this software Quality Center -- I just am not sure how they do that with a straight face.
Let me see:
- It is a web-based application, yet Only Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 are supported.
- And, I am supposed to figure out what the !@#$% CAPICOM.DLL is and how to get it installed?
Sunday, January 1, 2012
Impressions of Barnes and Nobel Nook Tablet
I saw a co-worker carrying his Barnes and Noble Nook Color around a lot, so I asked him about it. He said that he was pleased with it. So when the Nook Tablet came out, I compared it with the Amazon Kindle Fire and decided that the Nook Tablet has a better package over all: more RAM (1GB vs. 512MB), more flash storage (16GB vs. 8GB), and the Nook has a microSD slot that the Fire does not. So when B&N offered me a $25 discount as a former Borders' customer, I got one for my daughter.
But now I am starting to have second thoughts. The Nook feels nice when used for reading books purchased from Barnes and Nobel, but that seems to be the only thing it is good for. Since we have not had time to watch videos on it yet, I can't really say much about that except that video streaming from the same providers, Hulu and Netflix, should not differ much from using the same apps on a similar Android tablet.
The main problem is that, the Nook limits user storage to 1GB out of the 16GB in total, which means in practical terms, one can not install much of anything on it. I did install the Amazon App Store on it via side-loading. Now it refuses to install Kindle for Android.
Looks like it's time to root the device -- I was going to wait until the device is out of warranty. I understand that B&N is competing with Amazon. But limiting what the device does for its customers is not the right way to do it.
But now I am starting to have second thoughts. The Nook feels nice when used for reading books purchased from Barnes and Nobel, but that seems to be the only thing it is good for. Since we have not had time to watch videos on it yet, I can't really say much about that except that video streaming from the same providers, Hulu and Netflix, should not differ much from using the same apps on a similar Android tablet.
The main problem is that, the Nook limits user storage to 1GB out of the 16GB in total, which means in practical terms, one can not install much of anything on it. I did install the Amazon App Store on it via side-loading. Now it refuses to install Kindle for Android.
Looks like it's time to root the device -- I was going to wait until the device is out of warranty. I understand that B&N is competing with Amazon. But limiting what the device does for its customers is not the right way to do it.
Saturday, December 31, 2011
Unable to Publish a Google Apps Spreadsheet Form
Google Apps is a great service that Google provides to organizations and businesses, large and small.
But some times Google Apps can be very frustrating, just like any software. Besides bugs and "occasional odd design choices", the fact that things often change under the hood, albeit (or especially?) in small ways, some times make it more difficult to find effective support in the large user community.
Here is one thing I am doing for my daughter's high school FIRST Robotics Competition team: put a form on the team's website for T-shirt orders. I have been coaching the small web team to build the website using Google Sites and other services. So naturally a Google Docs spreadsheet form is my first choice for this job.
I designed the form and inserted it into a page as a gadget. Then I got this message on the page telling me that I don't have permission to access this item, regardless if I am logged in or not. As a matter of fact, I do have permission to access the form and the spreadsheet.
Googling the problem led me to Richard Nichols' blog entry about the exact issue. But I have in effect, although not in words, the exact same setting as he wrote in the blog: Essentially users must be allowed to share documents outside the domain. I have even tried to share the spreadsheet associated with the form to the public, but even that did not change the situation.
The trick posted in a Google Docs help forum does not work either. I have tried both embedding the form from the spreadsheet and inserting it as gadget in Google Sites' page editing function. So far nothing has allowed me to see the form on the site.
I guess one thing I could try is to implement the form outside the domain, using a generic Google account. But it really should not be that frustrating!
But some times Google Apps can be very frustrating, just like any software. Besides bugs and "occasional odd design choices", the fact that things often change under the hood, albeit (or especially?) in small ways, some times make it more difficult to find effective support in the large user community.
Here is one thing I am doing for my daughter's high school FIRST Robotics Competition team: put a form on the team's website for T-shirt orders. I have been coaching the small web team to build the website using Google Sites and other services. So naturally a Google Docs spreadsheet form is my first choice for this job.
I designed the form and inserted it into a page as a gadget. Then I got this message on the page telling me that I don't have permission to access this item, regardless if I am logged in or not. As a matter of fact, I do have permission to access the form and the spreadsheet.
Googling the problem led me to Richard Nichols' blog entry about the exact issue. But I have in effect, although not in words, the exact same setting as he wrote in the blog: Essentially users must be allowed to share documents outside the domain. I have even tried to share the spreadsheet associated with the form to the public, but even that did not change the situation.
The trick posted in a Google Docs help forum does not work either. I have tried both embedding the form from the spreadsheet and inserting it as gadget in Google Sites' page editing function. So far nothing has allowed me to see the form on the site.
I guess one thing I could try is to implement the form outside the domain, using a generic Google account. But it really should not be that frustrating!
Ubuntu 11.10 Unity Annoyances
I gave up on Unity on my netbook long ago, but I thought I'd give it a try on my desktop. The longer I use it, the more it annoys me, in many small ways, and below is a small list of them:
- Application menu
You have to move an application window all the way to the top of the screen so that its top edge touches the app panel to make sure you have the application menu. Otherwise, for example, if you are using GIMP, and there is another application window between the image window and the app panel in the background, moving the mouse across the app in the background up to the app panel will make it display the background application's menu instead of GIMP's menu.
I realize that this may be the residual effect of me setting up Gnome desktop to focus on the window where my mouse pointer is. I could probably figure out how to turn that off -- but I don't want to. I like to have the ability to enter text using the keyboard while the application may be sitting in the background. - Missing application logos
Many application are still missing logos in the applications panes. I was hoping the situation would turn better as 11.10 updated over time, but that has not happened yet.
I googled a bit to see what others thought. Some people seem to like it. But more do not. A snapshot of a vote in a TechRepublic article:
I think I am going back to Gnome for now.
Friday, December 2, 2011
Cisco IOS User Privilege
Nothing new in this entry. Just to jot down a couple of thoughts about the IOS command below:
There are a couple of ways for that privilege elevation to be authorized. One common way is to configure an enable secret on devices. The argument is that the device could be configured even when it loses connection to an authentication/authorization (AAA) server.
But on the other hand, if one by mistake messes up the enable secret configuration on a device, having an alternative authorization route allows that mistake to be fixed relatively easily without having to physically visit the device, provided that the only thing wrong on it is the enable secret and it is still talking to the AAA servers.
That leads to the IOS command line above: It says to try the local enable secret first when a user asks for the enable privilege level; If that fails, try the TACACS+ server(s) configured in the device.
References:
aaa authorization exec default local group tacacs+In Cisco IOS, a user may be assigned a privilege level from 1 to 15 for accessing a device. Each privilege level may be configured to do different things, but the most simple and common practice is likely that a user is given level 1 privilege, which by default only allows the user to do things like showing status, etc. When a user needs to change configuration on the device, he or she may use the enable command to gain the proper privilege, usually level 15.
There are a couple of ways for that privilege elevation to be authorized. One common way is to configure an enable secret on devices. The argument is that the device could be configured even when it loses connection to an authentication/authorization (AAA) server.
But on the other hand, if one by mistake messes up the enable secret configuration on a device, having an alternative authorization route allows that mistake to be fixed relatively easily without having to physically visit the device, provided that the only thing wrong on it is the enable secret and it is still talking to the AAA servers.
That leads to the IOS command line above: It says to try the local enable secret first when a user asks for the enable privilege level; If that fails, try the TACACS+ server(s) configured in the device.
References:
Subscribe to:
Posts (Atom)