Uncategorized

HOW TO : Combine landscape and portrait page layouts in Microsoft Word

Blogging this as a “memory” note for myself šŸ™‚

I was putting together a report for work and needed one of the pages in the word document to be in landscape mode, instead of the regularĀ portraitĀ mode. I thought it was a simple thing of adding a page break and applying the “landscape” layout in the page setup. But ended up either having all pages in landscape mode or inĀ portraitĀ mode. A bit of googling finally helped out :). Looks like the trick is to use section breaks instead of page breaks.

Here are the steps to do it in Microsoft Word 2010

  1. Add the content you want into word. In this example, I created two paragraphs, test landscape and test portraitĀ 
  2. At the place you want to split the page format, insert a section break, by going to Page Layout –> Breaks –> Section Breaks –> Next PageĀ 
  3. Now change the page orientation by going to Page Layout -> Orientation –> Landscape. This will only change the orientation for the current section.
  4. And voila you document now has two different page orientations šŸ™‚Ā 

 

 

HOW TO : Use curl to check the impact of DNS changes

Ran into an interesting scenario at work today. We had to check the impact of a DNS change on a certain hostname. Normally, you would edit your host file entry to reflect the DNS change and do your testing. Here is another way you can do it using cURL. In this particular example, I am checking the SSL certificate details of the hostname .

[code]curl –insecure –trace-ascii debug.txt https://HOSTNAME:PORT –resolve HOSTNAME:PORT:IP_ADDRESS [/code]

That’s a pretty convoluted command :). Let’s try to break it down

[code]–insecure [/code]

: tells cURL to ignore certificate warnings. This is helpful if you are using self signed certs

[code]–trace-ascii [/code]

: tells cURL to save the SSL connection details (in debug mode) to a file called debug.txt

[code]–resolve [/code]

: tells cURL to use the options mentioned after it to resolve the hostname, rather than using DNS. The format for resolve isĀ <host:port:address>

NOTE: You need to have version 7.21.3 or higher of cURL to use this option

Here’s a real world example. Say, I want to see how the IP addressĀ 72.30.38.140 would reacts if www.google.com requests are routed to it

[code]

samurai@samurai:~$ curl –insecure –trace-ascii debug.txt https://www.google.com –resolve www.google.com:443:72.30.38.140
The document has moved <A HREF="http://www.google.com/?s=https">here</A>.<P>
<!– ir2.fp.sp2.yahoo.com uncompressed/chunked Mon Nov 12 22:44:41 UTC 2012 –>
samurai@samurai:~$ more debug.txt
== Info: Added www.google.com:443:72.30.38.140 to DNS cache
== Info: About to connect() to www.google.com port 443 (#0)
== Info: Trying 72.30.38.140… == Info: connected
== Info: Connected to www.google.com (72.30.38.140) port 443 (#0)
== Info: successfully set certificate verify locations:
== Info: CAfile: none
CApath: /etc/ssl/certs
== Info: SSLv3, TLS handshake, Client hello (1):
=> Send SSL data, 223 bytes (0xdf)
0000: ……P.|v..1..kA…….=J.xr.=ft.3.|…Z…..9.8………5…..
0040: …………….3.2…..E.D…../…A………………………
0080: …….W………www.google.com………..4.2……………….
00c0: ………………………….
== Info: SSLv3, TLS handshake, Server hello (2):
<= Recv SSL data, 42 bytes (0x2a)
0000: …&..P.{.I"L….3x..N…9…./<n….A..5.
== Info: SSLv3, TLS handshake, CERT (11):
<= Recv SSL data, 1272 bytes (0x4f8)
0000: ……….0…0..S……….0…*.H……..0N1.0…U….US1.0…
0040: U….Equifax1-0+..U…$Equifax Secure Certificate Authority0…1
0080: 00401230014Z..150703045000Z0..1)0′..U… 2g8aO5wI1bKJ2ZD588UsLvD
00c0: e3gTbg8DU1.0…U….US1.0…U….California1.0…U….Sunnyvale1
0100: .0…U….Yahoo Inc.1.0…U….www.yahoo.com0.."0…*.H……..
0140: …..0……….5.p./……..O…k.C…9E+.J..H.s….Bm.T.E.-..<
0180: ^…m…r.v<\…&Qq..l………. @'(q.m..ZJ.*kt…!.AWU…….M.
01c0: …n…O….0.._…H….4……>.m..K…….Z…:.Df%.lR.!…(!.
0200: .FV.dQ…f.V….P,.J9.c..dM.s>C=….Y..#…47#2…..cP.{….g.rU
0240: .d…P……………..0…0…U………..0…U………….t5.
0280:……U..0:..U…3010/.-.+.)http://crl.geotrust.com/crls/secure
02c0: ca.crl0..[..U…..R0..N..www.yahoo.com..yahoo.com..us.yahoo.com.
0300: .kr.yahoo.com..uk.yahoo.com..ie.yahoo.com..fr.yahoo.com..in.yaho
0340: o.com..ca.yahoo.com..br.yahoo.com..de.yahoo.com..es.yahoo.com..m
0380: x.yahoo.com..it.yahoo.com..sg.yahoo.com..id.yahoo.com..ph.yahoo.
03c0: com..qc.yahoo.com..tw.yahoo.com..hk.yahoo.com..cn.yahoo.com..au.
0400: yahoo.com..ar.yahoo.com..vn.yahoo.com0…U.#..0…H.h.+….G.# .
0440: O3….0…U.%..0…+………+…….0…*.H……………2..0.
0480: S.’.y….GD.Q…=…K+..q..kv…….<h…….ZLE.h$..M2^.C..IT..
04c0: ".5j….Vc7.4……1.Wu.[.a>+………9..{.a:………
== Info: SSLv3, TLS handshake, Server finished (14):
<= Recv SSL data, 4 bytes (0x4)
0000: ….
== Info: SSLv3, TLS handshake, Client key exchange (16):
=> Send SSL data, 262 bytes (0x106)
0000: …….R…..b.,.&.. s.Ob;.E_.EnSw../D…’…..(aB<<……F..]..
0040: o………~…*..r?.C..%..22…J.bu&.x(j|…….>A5..OF.G…C.$.
0080: .9u9n.z…K…..u…..~:W.{Sii.{2..6……..<…..i…8y$y…..6
00c0: …1.(M…fx….#k..r….47..t.q…..A.?.0. .D…..~…G+.,….~
0100: ..=.#y
== Info: SSLv3, TLS change cipher, Client hello (1):
=> Send SSL data, 1 bytes (0x1)
0000: .
== Info: SSLv3, TLS handshake, Finished (20):
=> Send SSL data, 16 bytes (0x10)
0000: ….!9)…6…+.
== Info: SSLv3, TLS change cipher, Client hello (1):
<= Recv SSL data, 1 bytes (0x1)
0000: .
== Info: SSLv3, TLS handshake, Finished (20):
<= Recv SSL data, 16 bytes (0x10)
0000: …..(qN..l.]…
== Info: SSL connection using AES256-SHA
== Info: Server certificate:
== Info: subject: serialNumber=2g8aO5wI1bKJ2ZD588UsLvDe3gTbg8DU; C=US; ST=California; L=Sunnyvale; O=Yahoo Inc.; CN=www.yahoo.com
== Info: start date: 2010-04-01 23:00:14 GMT
== Info: expire date: 2015-07-03 04:50:00 GMT
== Info: subjectAltName does not match www.google.com
=> Send header, 167 bytes (0xa7)
0000: GET / HTTP/1.1
0010: User-Agent: curl/7.21.6 (x86_64-pc-linux-gnu) libcurl/7.21.6 Ope
0050: nSSL/1.0.0e zlib/1.2.3.4 libidn/1.22 librtmp/2.3
0082: Host: www.google.com
0098: Accept: */*
00a5:
<= Recv header, 32 bytes (0x20)
0000: HTTP/1.1 301 Moved Permanently
<= Recv header, 37 bytes (0x25)
0000: Date: Mon, 12 Nov 2012 22:44:41 GMT
<= Recv header, 42 bytes (0x2a)
0000: Location: http://www.google.com/?s=https
<= Recv header, 23 bytes (0x17)
0000: Vary: Accept-Encoding
<= Recv header, 19 bytes (0x13)
0000: Connection: close
<= Recv header, 28 bytes (0x1c)
0000: Transfer-Encoding: chunked
<= Recv header, 40 bytes (0x28)
0000: Content-Type: text/html; charset=utf-8
<= Recv header, 24 bytes (0x18)
0000: Cache-Control: private
<= Recv header, 2 bytes (0x2)
0000:
<= Recv data, 173 bytes (0xad)
0000: 000009d
0009: The document has moved <A HREF="http://www.google.com/?s=https">
0049: here</A>.<P>.<!– ir2.fp.sp2.yahoo.com uncompressed/chunked Mon
0089: Nov 12 22:44:41 UTC 2012 –>.
00a8: 0
00ab:
== Info: Closing connection #0
== Info: SSLv3, TLS alert, Client hello (1):
=> Send SSL data, 2 bytes (0x2)
0000: ..

[/code]

Interesting (infrastructure) tidbits about Microsoft Azure

I attended a session organized by aditi regarding Microsoft Azure and Windows 8, called “Go Cloud 8” today. One of the speakers in the event was Deepak Rao, Microsoft’ Director of Cloud Computing. He shared some interesting numbers about the infrastructure running Microsoft Azure

  • 8 carrier grade data centers around the world. “Carrier” grade because of the sheer size of them.
  • The data center in Chicago houses more than 350,000 servers and is supported by only 30 FTEs (which makes me think about the number of contractors they have there šŸ™‚ )
  • 1 in 4 x86 servers produced were bought by Microsoft. Not sure if it was in 2011 or 2012!!

Deepak also gave an real world example of how one of their customers used Azure.

BPro Inc provides software to counties and states for helping report election results. They run their backend on the Azure platform. During normal periods, they run ~10 instances of compute nodes. But during the election day (11/6) this week, BPro spun up 8600 compute nodes in less than 15 minutes at 4:00 PM EST, to help support the load created by the demand for election results and than again shutdown all of them at around 1:00 AM EST when the demand decreased. Using the “list” pricing of $0.12/hr/compute node, that massive increase in capacity cost them ~$8K!!.

That is pretty impressive and I usually don’t use the work impressive in the sameĀ sentenceĀ as Microsoft šŸ™‚

For loop in Windows command shell

For my records, syntax for running a simple for loop in command prompt

[code]for %i in (SERVER1 SERVER2) do nslookup %i [/code]

note :

  • Looks like the variable can only be single characters. i.e you cannot name the variable %server
  • For using the same syntax in a batch file, you have to add another % to the variable. i.e. %i becomes %%i

And she kicks my arse again

Jhanvi and I ran the 2012 Chicago Hot Chocolate 15K today. This was the first race in the city after we officially became “suburbanites” last week. And let me tell you, that one needs to be highly (HIGHLY) motivated to haul themselves all the way to the city to run a race. And the fact that it was freezing didn’t help.

While the race it self was fun, I think the organizers did a terrible job with the package pickup expo and the post race party. It looks like they didn’t know what 40K people getting together in one place looks like. The expo tent could barely fit a 1000 people and folks had to stand ~2 hours in line to pick up the package in cold weather. And let me not tell you about the post race snack!!. Hopefully they will learn from this and make it a better event next year. Chocolate seems to motivate a whole lot of people (including me šŸ™‚ ).

And in other news, Jhanvi kicked my butt as usual and finished a whole 10 minutes earlier..

Jhanvi’s ResultsĀ 

My resultsĀ 

Us After the raceĀ 

 

The only thing that was abundant at the race šŸ™‚Ā 

SNL hacked

Screenshot of NBC’ hacked website (in particular the Saturday Night Live section). Link to Hacker News discussionĀ http://news.ycombinator.com/item?id=4740312

I found it interesting that the site was not fixed for several hours even after it was reported on major news outlets. Ironical that NBC itself is a major news outlet :). Ā It would be great if NBC publishes a follow up on how the server(s) were compromised so that the rest of the world can learn from this incident.

p.s : Nice blog post by my one time colleague, Ed Bellis, on how the security industry should be sharing more information so that we can improve the state of security across the board.

HOW TO : Download SSL certificate using openssl and importing it into a keystore

Following up on my earlier post about using keytool to import and export certificates into a keystore. Here is some more information on using openssl to download the certificate from a remote server and then using keytool to import it into the keystore.

keytool needs the certificate to be in X509 format, so we will use sed to format the certificate.

[code]echo -n | openssl s_client -connect HOST:PORTNUMBER | sed -ne ‘/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p’ > /tmp/$SERVERNAME.cert [/code]

breaking down the command

[code]echo -n[/code]

send an end of line signal to openssl. This allows openssl (or rather the server it is trying to connect to) to disconnect the session

[code]openssl s_client -connect HOST:PORTNUMBER[/code]

asks openssl to act as a client and connect to the HOST on the specificed PORTNUMBER

[code]sed -ne ‘/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p’ [/code]

asks sed to take the input from openssl and only output the content between BEGIN CERTIFICATE and END CERTIFICATE.

NOTE: If you get an error like “SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert unexpected message”, it means the server doesn’t support SSL negotation. Using the command optionĀ -no_tls1 helps work around this error. This option will tell openssl to disable TLS1 negotiation.