Facebook offers the ability to add an additional layer of security for Graph API calls. Facebook Securing Graph API Requests provides guidance on generating the proof using PHP. Here is how we generate the proof with NodeJS.
Category Archives: Professional
This is for posts that are categorized as Professional.
base64 Encoding and Decoding
A quick note on using base64
for encoding and decoding on macOS
Google Cloud References
Various references for when I am using Google’s App Engine for NodeJS
Installing NodeJS & NPM on macOS
This is for installing NodeJS (which includes NPM) for macOS and properly configuring it for secure use not requiring sudo
.
Creating Virtual Floppies with El Capitan
If you’re like me and deploy a lot of Cisco Collaboration software in a virtualized environment, you may not know this yet but, the changes to Disk Utility in El Capitan pretty much destroy the ability we used in previous versions of OS X to create a ‘virtual’ floppy disk for the Answer File. Below is a quick summary on what you need to do to create those cool little floppy images to keep on building.
- Launch Terminal and create the new virtual floppy:
hdiutil create -sectors 2880 -fs “MS-DOS FAT12” -layout NONE -volname “floppy” floppy - Mount the new virtual floppy via Terminal:
hdid -nomount floppy.dmg - Open Disk Utility & Format the Image
- Place your platformConfig.xml file on the Virtual Floppy
- Eject the Virtual Floppy
- Rename via Terminal: mv floppy.dmg floppy.flp
I hope this helps someone out. I wasted two hours of a TAC Engineer’s time last night while figuring out my issue was self-inflicted.
OpenSSL & IANA TLS Cipher Suites
I have been working with OpenVPN, OpenSSL and OpenSSH for the past couple of weeks on my Raspberry Pi running Debian “Wheezy” which has been fun and frustrating at the same time.
Due to the version of OpenVPN included with “Wheezy” and OpenVPN that I was running on my client, I was having a heck of a time getting the TLS Cipher to match up between Server and Client in configuration.
I found a software patch written by someone on the OpenVPN Dev team and within it, it had a nice table showing the OpenSSL Cipher Suite Name and corresponding IANA Cipher Suite Name. Since I wasted hours trying to figure this out, I hope it will help someone else out and save them time.
TLS OpenSSL Cipher Suite Name | TLS IANA (IETF) Cipher Suite Name |
ADH-SEED-SHA | TLS-DH-anon-WITH-SEED-CBC-SHA |
AES128-GCM-SHA256 | TLS-RSA-WITH-AES-128-GCM-SHA256 |
AES128-SHA256 | TLS-RSA-WITH-AES-128-CBC-SHA256 |
AES128-SHA | TLS-RSA-WITH-AES-128-CBC-SHA |
AES256-GCM-SHA384 | TLS-RSA-WITH-AES-256-GCM-SHA384 |
AES256-SHA256 | TLS-RSA-WITH-AES-256-CBC-SHA256 |
AES256-SHA | TLS-RSA-WITH-AES-256-CBC-SHA |
CAMELLIA128-SHA256 | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 |
CAMELLIA128-SHA | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA |
CAMELLIA256-SHA256 | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 |
CAMELLIA256-SHA | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA |
DES-CBC3-SHA | TLS-RSA-WITH-3DES-EDE-CBC-SHA |
DES-CBC-SHA | TLS-RSA-WITH-DES-CBC-SHA |
DH-DSS-SEED-SHA | TLS-DH-DSS-WITH-SEED-CBC-SHA |
DHE-DSS-AES128-GCM-SHA256 | TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 |
DHE-DSS-AES128-SHA256 | TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 |
DHE-DSS-AES128-SHA | TLS-DHE-DSS-WITH-AES-128-CBC-SHA |
DHE-DSS-AES256-GCM-SHA384 | TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 |
DHE-DSS-AES256-SHA256 | TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 |
DHE-DSS-AES256-SHA | TLS-DHE-DSS-WITH-AES-256-CBC-SHA |
DHE-DSS-CAMELLIA128-SHA256 | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 |
DHE-DSS-CAMELLIA128-SHA | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA |
DHE-DSS-CAMELLIA256-SHA256 | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 |
DHE-DSS-CAMELLIA256-SHA | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA |
DHE-DSS-DES-CBC3-SHA | TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA |
DHE-DSS-DES-CBC-SHA | TLS-DHE-DSS-WITH-DES-CBC-SHA |
DHE-DSS-SEED-SHA | TLS-DHE-DSS-WITH-SEED-CBC-SHA |
DHE-RSA-AES128-GCM-SHA256 | TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 |
DHE-RSA-AES128-SHA256 | TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 |
DHE-RSA-AES128-SHA | TLS-DHE-RSA-WITH-AES-128-CBC-SHA |
DHE-RSA-AES256-GCM-SHA384 | TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 |
DHE-RSA-AES256-SHA256 | TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 |
DHE-RSA-AES256-SHA | TLS-DHE-RSA-WITH-AES-256-CBC-SHA |
DHE-RSA-CAMELLIA128-SHA256 | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 |
DHE-RSA-CAMELLIA128-SHA | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA |
DHE-RSA-CAMELLIA256-SHA256 | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 |
DHE-RSA-CAMELLIA256-SHA | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA |
DHE-RSA-DES-CBC3-SHA | TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA |
DHE-RSA-DES-CBC-SHA | TLS-DHE-RSA-WITH-DES-CBC-SHA |
DHE-RSA-SEED-SHA | TLS-DHE-RSA-WITH-SEED-CBC-SHA |
DH-RSA-SEED-SHA | TLS-DH-RSA-WITH-SEED-CBC-SHA |
ECDH-ECDSA-AES128-GCM-SHA256 | TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 |
ECDH-ECDSA-AES128-SHA256 | TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 |
ECDH-ECDSA-AES128-SHA | TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA |
ECDH-ECDSA-AES256-GCM-SHA384 | TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 |
ECDH-ECDSA-AES256-SHA256 | TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA256 |
ECDH-ECDSA-AES256-SHA384 | TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 |
ECDH-ECDSA-AES256-SHA | TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA |
ECDH-ECDSA-CAMELLIA128-SHA256 | TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 |
ECDH-ECDSA-CAMELLIA128-SHA | TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA |
ECDH-ECDSA-CAMELLIA256-SHA256 | TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA256 |
ECDH-ECDSA-CAMELLIA256-SHA | TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA |
ECDH-ECDSA-DES-CBC3-SHA | TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA |
ECDH-ECDSA-DES-CBC-SHA | TLS-ECDH-ECDSA-WITH-DES-CBC-SHA |
ECDH-ECDSA-RC4-SHA | TLS-ECDH-ECDSA-WITH-RC4-128-SHA |
ECDHE-ECDSA-AES128-GCM-SHA256 | TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 |
ECDHE-ECDSA-AES128-SHA256 | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 |
ECDHE-ECDSA-AES128-SHA384 | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA384 |
ECDHE-ECDSA-AES128-SHA | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA |
ECDHE-ECDSA-AES256-GCM-SHA384 | TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 |
ECDHE-ECDSA-AES256-SHA256 | TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA256 |
ECDHE-ECDSA-AES256-SHA384 | TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 |
ECDHE-ECDSA-AES256-SHA | TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA |
ECDHE-ECDSA-CAMELLIA128-SHA256 | TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 |
ECDHE-ECDSA-CAMELLIA128-SHA | TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA |
ECDHE-ECDSA-CAMELLIA256-SHA256 | TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA256 |
ECDHE-ECDSA-CAMELLIA256-SHA | TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA |
ECDHE-ECDSA-DES-CBC3-SHA | TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA |
ECDHE-ECDSA-DES-CBC-SHA | TLS-ECDHE-ECDSA-WITH-DES-CBC-SHA |
ECDHE-ECDSA-RC4-SHA | TLS-ECDHE-ECDSA-WITH-RC4-128-SHA |
ECDHE-RSA-AES128-GCM-SHA256 | TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 |
ECDHE-RSA-AES128-SHA256 | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 |
ECDHE-RSA-AES128-SHA384 | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA384 |
ECDHE-RSA-AES128-SHA | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA |
ECDHE-RSA-AES256-GCM-SHA384 | TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 |
ECDHE-RSA-AES256-SHA256 | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA256 |
ECDHE-RSA-AES256-SHA384 | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 |
ECDHE-RSA-AES256-SHA | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA |
ECDHE-RSA-CAMELLIA128-SHA256 | TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 |
ECDHE-RSA-CAMELLIA128-SHA | TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA |
ECDHE-RSA-CAMELLIA256-SHA256 | TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 |
ECDHE-RSA-CAMELLIA256-SHA | TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA |
ECDHE-RSA-DES-CBC3-SHA | TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA |
ECDHE-RSA-DES-CBC-SHA | TLS-ECDHE-RSA-WITH-DES-CBC-SHA |
ECDHE-RSA-RC4-SHA | TLS-ECDHE-RSA-WITH-RC4-128-SHA |
ECDH-RSA-AES128-GCM-SHA256 | TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256 |
ECDH-RSA-AES128-SHA256 | TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256 |
ECDH-RSA-AES128-SHA384 | TLS-ECDH-RSA-WITH-AES-128-CBC-SHA384 |
ECDH-RSA-AES128-SHA | TLS-ECDH-RSA-WITH-AES-128-CBC-SHA |
ECDH-RSA-AES256-GCM-SHA384 | TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384 |
ECDH-RSA-AES256-SHA256 | TLS-ECDH-RSA-WITH-AES-256-CBC-SHA256 |
ECDH-RSA-AES256-SHA384 | TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384 |
ECDH-RSA-AES256-SHA | TLS-ECDH-RSA-WITH-AES-256-CBC-SHA |
ECDH-RSA-CAMELLIA128-SHA256 | TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256 |
ECDH-RSA-CAMELLIA128-SHA | TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA |
ECDH-RSA-CAMELLIA256-SHA256 | TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA256 |
ECDH-RSA-CAMELLIA256-SHA | TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA |
ECDH-RSA-DES-CBC3-SHA | TLS-ECDH-RSA-WITH-3DES-EDE-CBC-SHA |
ECDH-RSA-DES-CBC-SHA | TLS-ECDH-RSA-WITH-DES-CBC-SHA |
ECDH-RSA-RC4-SHA | TLS-ECDH-RSA-WITH-RC4-128-SHA |
EDH-DSS-DES-CBC3-SHA | TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA |
EDH-DSS-DES-CBC-SHA | TLS-DHE-DSS-WITH-DES-CBC-SHA |
EDH-RSA-DES-CBC3-SHA | TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA |
EDH-RSA-DES-CBC-SHA | TLS-DHE-RSA-WITH-DES-CBC-SHA |
EXP-DES-CBC-SHA | TLS-RSA-EXPORT-WITH-DES40-CBC-SHA |
EXP-EDH-DSS-DES-CBC-SHA | TLS-DH-DSS-EXPORT-WITH-DES40-CBC-SHA |
EXP-EDH-RSA-DES-CBC-SHA | TLS-DH-RSA-EXPORT-WITH-DES40-CBC-SHA |
EXP-RC2-CBC-MD5 | TLS-RSA-EXPORT-WITH-RC2-CBC-40-MD5 |
EXP-RC4-MD5 | TLS-RSA-EXPORT-WITH-RC4-40-MD5 |
NULL-MD5 | TLS-RSA-WITH-NULL-MD5 |
NULL-SHA256 | TLS-RSA-WITH-NULL-SHA256 |
NULL-SHA | TLS-RSA-WITH-NULL-SHA |
PSK-3DES-EDE-CBC-SHA | TLS-PSK-WITH-3DES-EDE-CBC-SHA |
PSK-AES128-CBC-SHA | TLS-PSK-WITH-AES-128-CBC-SHA |
PSK-AES256-CBC-SHA | TLS-PSK-WITH-AES-256-CBC-SHA |
PSK-RC4-SHA | TLS-PSK-WITH-RC4-128-SHA |
RC4-MD5 | TLS-RSA-WITH-RC4-128-MD5 |
RC4-SHA | TLS-RSA-WITH-RC4-128-SHA |
SEED-SHA | TLS-RSA-WITH-SEED-CBC-SHA |
SRP-DSS-3DES-EDE-CBC-SHA | TLS-SRP-SHA-DSS-WITH-3DES-EDE-CBC-SHA |
SRP-DSS-AES-128-CBC-SHA | TLS-SRP-SHA-DSS-WITH-AES-128-CBC-SHA |
SRP-DSS-AES-256-CBC-SHA | TLS-SRP-SHA-DSS-WITH-AES-256-CBC-SHA |
SRP-RSA-3DES-EDE-CBC-SHA | TLS-SRP-SHA-RSA-WITH-3DES-EDE-CBC-SHA |
SRP-RSA-AES-128-CBC-SHA | TLS-SRP-SHA-RSA-WITH-AES-128-CBC-SHA |
SRP-RSA-AES-256-CBC-SHA | TLS-SRP-SHA-RSA-WITH-AES-256-CBC-SHA |
Restore a UCM Publisher from a Subscriber
This week I was hit by the perfect storm. I came across an environment that had two issues occur that created a nightmare, which I lost sleep over. Had these events occurred separately I would have had no problems and navigated them quite easily. Well, if our jobs were easy we would be bored and easily replaced by computer subroutines. And for those of us who are consultants we wouldn’t get those nice perks that come with our job. So, this week I dropped everything, cried a little, asked my boss if I could quit and faced the nightmare like a good consultant. Enough bloviating, let’s get to it.
First this environment runs on the, now EOS/EOL MCS 7845-I3, which in itself is a great teacher of patience with its (what feels like) 20 minute uEFI boot times. The Publisher started displaying that amber light we’ve all seen before on one of the hard drives. No big deal right? I logged in and discovered that the Publisher’s filesystem went into read only mode. Great. After a ‘show hardware’ it was discovered three of the four hard drives were gone. 1 failed and 2 in imminent failure mode. TAC case opened to get the drives replaced, done. Next step grab the last successful DRS backup to prepare for a Publisher restore. Life’s OK.
Here is where I started to get upset and our second event occurs: DRS had been failing for months. Only the Publisher showed as complete. At this point I’m like great, I have to attempt a restore from an incomplete backup which I’ve never seen work but this is me so it’ll work this time right? So the drives come in and I go through the forever process of installing UCM on the Publisher, which was easy. During this time I remembered why I love UCS and Collaboration in a virtualized environment, pondered life and attempted to formulate the plan on rebuilding a production cluster from scratch, if this restore didn’t work. Four or so hours later I got to attempt the restore and wait, what? DRS will only restore CDR from those incomplete backups. Great, I called it a night and went to bed, seriously.
After a sleepless night I reached out to Cisco TAC and one of the best Collaboration SEs I’ve ever worked with, who is also a CCIE. Affer a few minutes the SE shares this document on how to restore a Publisher from a Subscriber with no previous DRS backups. First, I felt like he should have delivered that to me in a LMGTFY link and then second, I was thankful for all of those previous cases opened by people who were screwed by lazy consultants or bad network engineers who never cared to make sure backups were set up. After three hours I was able to successfully restore the Publisher without impacting call processing. I chose this moment to set up those pesky RSA IMM boards and update the server firmware as well, so I did cause brief outages but this document worked great.
Some notes:
- I knew the cluster Security Password, if you don’t I believe you’re out of luck
- The Publisher was glass housed
Here is the document: CUCM Publisher Node Restoration from Subscriber Database without Prior Backup or Root Access
If you ever find yourself in this situation, follow it to the letter.