Fun with Supermicro motherboard serial headers

or, “LOL, standards” ^

TL;DR: Most motherboards have a serial header in an IDC-10 (5×2 pins) arrangement with the pins as a row of even numbered pins (2,4,6,8,X) followed by a row of odd numbered pins (1,3,5,7,9). Supermicro ones appear to have the pins in sequential order (6,7,8,9,X and then 1,2,3,4,5). As a result a standard IDC-10 to DB-9 cable will not work and you’ll need to either hack one about or buy the Supermicro one.

Are we sitting comfortably? ^

I bought a Supermicro motherboard. It doesn’t have a serial port exposed at the back. I like to use serial ports for a serial console even though I am aware that IPMI exists. IPMI on this board works okay but I like knowing I can always get to the “real” serial port as well.

The motherboard has a COM1 serial header, and I wasn’t using the PCI expansion slot on the back of the chassis, so I decided to put a serial port there. I bought a typical IDC-10 / DB-9 cable and plate:

IDC-10 to DB-9

Didn’t work. Serial-over-LAN (IPMI) worked alright. On COM1 I would get either nothing or a run of garbage characters from time to time. I wasted a good number of hours messing with BIOS settings, baud rates, checking if my USB serial adaptor actually worked with another device (of which I only have one in my home), before I decided to sit down and check the pin numbering for both the header and the cable.

Looking at the motherboard manual we see this:

x10sdv board com1 pin layout

And the cable?

IDC-10 to DB-9 pinout

Notice anything amiss?

The cable’s pins go in a row of odd numbers and then a row of even numbers:

2 4 6 8 X
1 3 5 7 9
    -

The X is the missing pin (serial uses 9 pins) and the - indicates where the notch for the connector would be: next to pin 5 in this case.

The header’s pins go in sequential order:

6 7 8 9 X
1 2 3 4 5
    -

As a result all but pin 1 are incorrect.

You actually need a Supermicro cable for this. CBL-0010L is the part number in my case. CBL-0010LP would be the low profile version. Good luck finding it mentioned on Supermicro’s site, but your favourite reseller will probably know of it. As it was I found one on Ebay for £1.58+VAT, and it works now.

After knowing what to search for I also found someone else having a similar issue with a Supermicro board.

You could of course instead hack any existing cable’s pins about or fit an adaptor in between (as the person in the above link did).

Thanks Supermicro. Thupermicro.

Firefox, Ubuntu and middlemouse.contentLoadURL

I use Firefox web browser, currently on Ubuntu 10.04 LTS. For many years I have set the config option middlemouse.contentLoadURL to true so that middle clicking anywhere in the page (that does not accept input) will load the URL that is in my clipboard.

After restarting my web browser somewhere near the end of January 2012 I found my Firefox 3.x had been upgraded to Firefox 9.x. Also the middle click behaviour no longer worked.

Perusing about:config showed that the option had been set to false again. I set it back to true but on restart of the browser it was set back to false. A bit of searching about found various suggestions about forcing it in my user.js file, but none of those worked either.

Finally, in desperation, I did a search of every file beneath /usr for the string “middlemouse”. Lo and behold:

/usr/lib/firefox-9.0.1/extensions/ubufox@ubuntu.com/defaults/preferences/ubuntu-mods.js

…
pref("middlemouse.contentLoadURL", false); //setting to false disables pasting urls on to the page
…

Commenting this line out once more allowed me to change the setting myself.

It seems this this override was discussed by Ubuntu as far back as 2004, but it only became something that I could not override upon the upgrade to Firefox 9.

I reported a bug about this, and one of the comments seems to suggest that the method Ubuntu uses to change these settings has changed because they were breaking Firefox Sync, and that this outcome (overriding middlemouse.contentLoadURL) is not as bad as breaking Firefox Sync.

Even so, I would suggest that this outcome is very confusing for people and that as middlemouse.contentLoadURL is a popular setting which is easy to change, it should not be overridden in some obscure file.

As of the recent upgrade to Firefox 11, the file with the override in it has now moved to /usr/share/xul-ext/ubufox/defaults/preferences/ubuntu-mods.js.

Dear System Integrators, a few words about screwing

Right, System Integrators – those companies that buy components from Supermicro et al and build you a server out of them. You guys seem to have a bit of a fascination with screwing. Screwing things in as tight as you can. Please stop.

It’s 100% true that vibration of components like hard disks is bad. numerous studies have been done that prove that vibration causes performance problems as drives need to do more corrective work.

However, this does not mean that you have to screw in the drives to the caddies to the limit of what is physically possible. They just need to be tightened until a little force won’t tighten them any more.

When you supply me with a server that’s got four super-tightened screws for each drive in it, and I deploy that server, chances are that one of the first things that will break in that server is one of the disk drives.

During the years those screws have been there they haven’t got any looser. It’s likely that if you tightened them all to the limit of your strength and tools, by now the force required to unscrew them will be less than the force required to deform the screw head. Like this:

Stripped screw heads in a drive caddy

Close-up of a stripped screw head

No, this is not an issue of using the wrong driver head. Yes, you will strip a screw if you use the wrong driver head. That’s why I carry this stuff every time I go to a datacentre:

A selection of screwdrivers for your pleasure

There’s two exactly correct drivers in there, and several that should also work anyway despite being a little bit off. I have never had a problem unscrewing any screw that I originally put in. Probably because I don’t tighten them like I am some sort of lunatic. I can even unscrew them around a corner with the offline driver. Oh yeah baby. So far nothing I have screwed in with merely normal force has fallen apart.

And this is not an isolated occurrence! Nearly all of you seem to do this with every screw, everywhere. Stop it!

The drive in that caddy is a dead one, and luckily I had a spare caddy with me for the replacement drive to go in, otherwise I too would have been screwed beyond the limits of my endurance.

So, now I’ve got to drill those out just to get this caddy back to being useful again. Or more likely find someone else to drill it out for me as I don’t trust myself with power tools really.

ffffuuuuu

Did anyone else get this spam to an address they gave to Red Hat?

On November 2nd I received this spam:

(some headers removed; xxxxxxxxxxx@strugglers.net is my censored email address)

Received: from mail15.soatube.com ([184.105.143.66])
        by mail.bitfolk.com with esmtp (Exim 4.72)
        (envelope-from <bounce@soatube.com%gt;)
        id 1RLikr-00070I-6U
        for xxxxxxxxxxx@strugglers.net; Wed, 02 Nov 2011 21:53:57 +0000
Received: from [64.62.145.53] (mail3.soatube.com [64.62.145.53])
        by mail15.soatube.com (Postfix) with ESMTP id 6B324181CFF
        for <xxxxxxxxxxx@strugglers.net>;
        Wed,  2 Nov 2011 14:46:01 -0700 (PDT)
To: xxxxxxxxxxx@strugglers.net
From: events@idevnews.com
Date: Wed, 02 Nov 2011 14:00:40 -0700
Subject: BPM Panel Discussion: IBM, Oracle and Progress Software

-------------
BPM-CON: BPM Panel Discussion - IBM, Oracle and Progress Software
-------------
Online Conference

Expert Speakers:
IBM, Oracle, Progress Software
etc..

The email address it arrived at was an email address I created in November 2004 in order to take a web-based test on Red Hat’s web site prior to going on an RHCE course. It has only ever been provided to Red Hat, and has not received any email since 2007 (and all of that was from Red Hat). Until November 2nd.

The spam email contains no reference to Red Hat and is not related to any Red Hat product.

From my point of view, I can only think that one of the following things has happened:

  1. Spammers guessed this email address out of the blue, first time, without trying any of the other possible variations of it all of which would still reach me.
  2. One of my computers has been cracked into and the only apparent repercussion is that someone spammed an email address that appears only in an email archive from 2004/2005.
  3. Red Hat knowingly gave/sold my email address to some spammers.
  4. Red Hat or one of its agents have accidentally lost a database containing email addresses.

Possibility #4 seems far and away the most likely.

I contacted Red Hat to ask them if they knew what had happened, but they ignored all of my questions and simply sent me the following statement:

“Hello.

Thank you for contacting Red Hat.

we apologies for the inconvenience caused however we would like to inform you that we have not provided your email address to anyone.

Thank You.

Red Hat Training coordinator.”

That wasn’t really what I was asking. Let’s try again.

“Hi Red Hat Training coordinator,

Thanks for your reply, but I’m afraid I am not very reassured by your response. Do you have any suggestions as to how an email address created in 2004 and used only by yourselves for my RHCE exam managed to be used for unrelated marketing by a third party in 2011, unless Red Hat either provided my email address or leaked my email address?

For clarity we are talking about the email address “xxxxxxxxxxx@strugglers.net” which has never ever received any email except from Red Hat, until yesterday, when it got some unwanted
marketing email from a third party.”

“Hi Andy,

Please be assured that Red Hat does not circulate student’s e-mail address to any third party.

Thanks,
Red Hat Training Coordinator”

I’m not getting anywhere am I? I was only after some reassurance that they would actually look into it. Maybe they are looking into it, and for some reason decided that the best way to assure me of this was to show complete disinterest.

Oh well, I can send that email address to the bitbucket, but I can’t help thinking it’s not just my email address that has been leaked.

Anyone else received similar email? If so, was it to an address you gave to Red Hat?

Update 2011-11-10: Someone suggested I politely ask the marketer where they obtained my email address. It’s worth a try.

“Hi Integration Developer News,

May I ask where you obtained my email address
“xxxxxxxxxxx@strugglers.net”? I’m concerned that it may have been
given to you without my authority.

Thanks,
Andy”

Also I have now been contacted by someone from Red Hat’s Information Security team, who is looking into it. Thanks!

My email marketing adventure with British Telecom

The saga so far ^

I have a phone line from BT. I only use it for ADSL (which I get from Zen Internet). I gave my email address to BT because they offered to tell me useful things about my account via email. I now wish I had never done this.

I use extension addresses to identify what the email addresses are being used for. This is not a new idea and I didn’t invent it. For those who don’t know what an extension address is, it’s an email address like andy+foo@example.com. It ends up at the same place as andy@example.com. The point is that if I receive an email to andy+foo@example.com then I know that it’s either from whoever I gave that address to, or it’s from someone they gave/lost my address to. It’s handy for working out who’s sold their database to spammers, or had it stolen.

I used to prefer using “+” in the extension address just because it looks nicer to me than other popular alternatives like “-“. Unfortunately, some web developers are idiots and don’t believe that “+” is valid in an email address, so they try to help by refusing to accept the address. For that reason my email servers accept both “+” and “-” and I used to use “-” when “+” wasn’t accepted.

After I started doing that, I began to experience an even more annoying failure: web sites that accepted “+” in my email address when I signed up, but later got redeveloped by idiots who think that “+” is no longer valid. That means that I can no longer log in to those sites, and predictably customer service is not trained to deal with situations like that.

It seems that BT is an example of such a company, and I am having unbelievable difficulty finding anyone there that can understand this.

When I signed up with BT, the email address I gave them had a “+” in it. They accepted it at the time.

March 2011 ^

I start to receive marketing emails from BT for extra BT services, as well as BT group companies such as Dabs and Plusnet.

29th March 2011 ^

I receive another marketing email from BT, decide I don’t want to receive them any more, and follow the unsubscribe link. The unsubscribe page at http://bt.custhelp.com/app/contact/c/769,978 tells me that the email address (which BT is emailing me on) is invalid.

I contact BTCare on Twitter to ask them how to opt out and to opt me out on my behalf. Also sent a request via BT’s site for someone to call me back about it.

Am called back by a polite BT chap who totally failed to understand the problem, told me I was opted out (funny, I never opted in…) and advised that I sign up to a no commercial email scheme.

18th April 2011 ^

Receive more marketing email from BT. Ask BTCare on Twitter why that is. Am told that it can take a month to take effect.

18th May 2011 ^

Receive more marketing email from BT. Ask BTCare on Twitter why that is.

29th May 2011 ^

BTCare tells me on twitter that they opted out the wrong address last time. Apologises and says it may take a further month.

25th July 2011 ^

BT sends me a marketing email on behalf of Plusnet.

2nd August 2011 ^

I (somewhat exasperatedly) ask BTCare if, since they can’t opt me out of the emails, we can come to a more formal arrangement for my proofreading services of £50 per future email.

BTCare replies that “We can’t opt you out of emails for other companies” and that “no compensation is available sorry.”

I point out that Plusnet is a BT company, that the emails are sent by BT on an email address given only to BT, and contain a BT unsubscribe link which does not work.

3rd August 2011 ^

BTCare asks if the email was from BT, and advises the use of a US-based commercial email opt-out site.

4th August 2011 ^

BTCare tells me that their unsubscribe link works now and that I should try it again. I try it again. It fails the same way. I tell BTCare.

5th August 2011 ^

BTCare tells me that I need to contact Plusnet directly: “the link may be BT related but its seperate to us and we have no control over them

PlusNet (on twitter and identica) disagrees with BTCare and says BT sends those emails and operates the unsubscribe facility. They give me an email address at Plusnet to forward the marketing to anyway.

I have forwarded the email there and have so far got nothing back except an out of office email bounce. Oh well, it’s not really their problem anyway.

What to do now? ^

I would quite like to send a snail mail letter to BT to complain about this cluelessness. Does anyone know the best postal address and entity within BT for that to be directed to? If nothing else perhaps I can start sending the £50 a time invoices there?

I’d also quite like to not be a BT customer after this. I’m not too aware of my choices on that front though. My DSL is currently through Zen Internet, who I’m fairly happy with. I’d like a bit faster but don’t want to become a Sky or Virgin Media customer.

I’m told I can get Zen to “take over the copper”. What does this mean? Would it cause me difficulty in switching to another ISP in future?

Finally I have a feeling that there’s some DPA consequences for failing to opt me out of marketing in 4 months of asking, and then saying that I can’t get them to opt me out of marketing from companies they have given my email address to. Worth dropping a line to ICO?

Just hit delete / block all email from BT ^

Yeah it’s not that annoying but hopefully you can agree that this run-around is ridiculous. While I remain a BT customer I would prefer not to bitbucket all email from them as they do sometimes send stuff related to the operation of my account.

On extension addresses ^

It’s a shame, but I now consider “+” as unusable in an extension address because of idiot web developers who turn sites that used to accept these completely valid addresses into sites that reject them.

Just use “-” instead. It doesn’t look as pretty but at least not even the most ill-informed developer can think that “-” is invalid. If your email address already contains “-” (perhaps because your name does?), shit, sucks to be you.

Domain name as hostname not recommended

I had an interesting support ticket yesterday.

Someone was trying to do an apt-get update via BitFolk‘s apt cache and was ending up connecting to 2607:f0d0:1003:85::c40a:2942, where it was failing to update. This is not a BitFolk IPv6 address, nor is it the IPv6 address of a Debian mirror. Where was it coming from?

I’d asked the customer for the contents of a bunch of config files and output of the dig command, and while I was waiting for that I mentioned the problem on IRC, where Graham said:

<gdb> $ dig -t aaaa +short apt-cacher.com.net
<gdb> 2a00:1c10:3:634::3486:75a0
<gdb> 2607:f0d0:1003:85::c40a:2942
<grifferz> interesting
<gdb> Same for apt-cacher.bitfolk.com.net
<grifferz> so he's probably got some  search line in
           his resolv.conf
<gdb> I would ask what the search line is
<grifferz> r
<grifferz> search lines always good entertainment for
           those times when wtf moments are scarce
<gdb> Actually it's possible that the hostname is
      foo.net and there's no search line.

It seems that the enterprising folks at com.net have put in wildcard A and AAAA records which basically means that if you try to resolve *.com.net you end up at their “search portal”. That’s all web-based of course.

The customer didn’t have a search line, but the issue was that their host had a fully-qualified domain name (FQDN) along the lines of example.net.

This meant that according to default resolver settings it considered itself to be inside the domain net, and when searching for hosts (like apt-cacher.bitfolk.com) it would try to find them with .net appended first.

Massively confusing.

It can be fixed by giving the resolver libraries a hint as to which domain you are actually in, in the /etc/resolv.conf:

domain example.net
nameserver 192.168.1.2
nameserver 192.168.1.3

Having said that, it’s better not to pick your domain as the FQDN for any host and this is just one of the weird issues I have seen.

Sometimes customers order a VPS with a FQDN set to something like this, and I’ve yearned for an authoritative bit of documentation that says it’s not recommended. I asked about it on HantsLUG a while back also, and while it seems there was some agreement, it still seems to be down to preference.

I’ve never really tried to tell a prospective customer that they should pick a host within their domain (e.g. foo.example.net) instead of the domain name as the FQDN, because it always seemed like too complicated a subject to explain. Maybe I should try to find a way in future.

Which site’s database got sold/leaked?

Earlier today I received several emails of the form:

Return-path: macdaddy@dedibox.fr
Envelope-to: andy@example.com
Delivery-date: Wed, 01 Jun 2011 00:58:02 +0000
Received: from impaqm2.telefonica.net ([213.4.138.10]
        helo=telefonica.net)
        by bitfolk.com with esmtp (Exim 4.69)
        (envelope-from <macdaddy@dedibox.fr>)
        id 1QRZl3-0006v3-06
        for andy@example.com; Wed, 01 Jun 2011 00:58:02 +0000
Received: from IMPmailhost3.adm.correo ([10.20.102.124])
        by IMPaqm2.telefonica.net with bizsmtp
        id qQYS1g01y2h2L9m3MQlr7A; Wed, 01 Jun 2011 02:45:51
        +0200
Received: from sd-1622.dedibox.fr ([88.191.14.154])
        by IMPmailhost3.adm.correo with BIZ IMP
        id qQlq1g00D3KS0VC1jQlqTB; Wed, 01 Jun 2011 02:45:5
        +0200
X-Brightmail-Tracker: ??
X-original-sender: electricidadromero@telefonica.net
Received: from [88.191.14.154] by sd-1622.dedibox.fr id
        96YxWPB6QbSt with SMTP; Wed, 01 Jun 2011 02:52:25
        +0200
Date: Wed, 01 Jun 2011 02:52:25 +0200
From: Support <macdaddy@dedibox.fr>
X-Mailer: The Bat! (v4.05.2) Personal
X-Priority: 3 (Normal)
Message-ID: <0288215865.30146090204853@sd-1622.dedibox.fr>
To: XXXX <andy@example.com>
MIME-Version: 1.0
Content-Type: text/plain;
        charset="windows-1252"
Content-Transfer-Encoding: 8bit
Subject: Your order reference is 1460489

Dear User, XXXX.

Your order has been accepted.

Your order reference is 18973.

Terms of delivery and the date can be found with the auto-generated msword
file located at:
http://www.macarthurmumsnbubs.com/Orders/Orders.zip?id:11190401Generation_mail=andy@example.com

============================
Best regards, ticket service.
Tel.: (050) 404 53 824

The above is verbatim other than I’ve replaced my email address with “andy@example.com” and the “XXXX” is actually a password that I’ve used on multiple web sites.

I assume that the linked Zip file is a trojan; I haven’t looked at it.

Does anyone else who’s received the same email know which site it might be who’s leaked or sold their user database?

Please don’t contact me to tell me that I should use a different password on every web site. That is impractical for me; I already use several different classes of password and the one in the email is one I only use on the most trivial sites. I’m not particularly worried over what details have been leaked, I’m more interested in which site leaked because whoever they are, they store their passwords in the clear.

I also can’t tell by email address. They seem to have used my generic email address, so this would be from before I started using a unique email address for each site.

Any ideas?

Sites which it is not:

Amazon, Apple, The Book Depository, Ebay, Facebook, Forbidden Planet, Giffgaff, Lulu, Moonpig, Novatech, PayPal, Play, T-Mobile, Twitter

(either I’m not a user of these services or my email/password there isn’t what were used)

Update 2010-Jun-02: It was Friendster.

Reporting it was hard work, but they did eventually agree to look into it.

Clue- Become Compliant

A nice email from Tuscany Networks in my inbox the other day:

Date: Mon, 26 Apr 2010 13:19:36 +0000
From: marketing
To: <elided>@bitfolk.com
Subject: DNSSEC- Become Compliant
Reply-To: marketing@tuscanynetworks.com

Your email client cannot read this email. To view it online, please go
here:
<URL elided>

To stop receiving these
emails:<URL elided>

So what happened here? They sent me a marketing email that they obviously considered too whizzy and shiny to allow me to read a plain text version of, so they inserted a plain text version that just says that my email client can’t read it. There actually is a HTML version and my mail client can probably read it fine, if I chose to ask it to, but since Tuscany Networks can’t work out how to send email properly I haven’t bothered looking.

Dear Tuscany Networks,

I would suggest that if you want to sell me on your DNSSEC knowledge then first you should try not making assumptions about what my email client supports.

Next you might like to try just putting a sensible text version of whatever your HTML was, since that would actually go beyond the bare minimum level of competency and start to approach actual usefulness.

Finally you might consider ditching the HTML entirely, since you got my address from a technical presentation on DNSSEC that was hosted by Nominet and I doubt flashy HTML emails go down all that well with the sort of people present. Save it for your fellow marketroids, who are more adept at finding ways to make each other’s utter shite show up in a different and annoying new way in Outlook Express than they are at deploying a secure DNS infrastructure.

No love,
Andy

PS Thanks for the unsubscribe link though; my mail client was still able to follow it despite not being good enough for the rest of your work, so that’s a problem that neither of us should have to face in the future.

Feltham Airparcs leisure centre FAIL

Feltham Airparcs leisure centre has for the last 2 weeks — and ongoing — closed at 4pm, instead of 10pm, because the emergency lighting doesn’t work.

The actual lighting works fine, it’s just that if the lighting did fail then there’d be no emergency lights directing the shallow end of the gene pool to safety.

So the staff close the place up as soon as it starts to get a bit dusky out.