NPAPI – Time to say farewell?

In April this year, Chrome issued a warning shot to its users about NPAPI and that it would not exist beyond Chrome 44.

Until Chrome 45.x was released officially users could simply re-enable NPAPI extensions in the popular browser and just receive an annoying yellow bar which reminded you it would be unsupported “soon”.

Well now its official, NPAPI is hard and fast out of chrome, and from what i read, ActiveX (Microsoft IE/Spartan) extensions have been stripped from the new versions of IE/Spartan.

Flash has already updated to the newer PPAPI scheme, and can be enabled if needed by users.

Unfortunately for the majority of people of rely on NPAPI extensions like; Java, Silverlight just to name two, will no longer work.

Oracle (java) have not released an official statement other than to say they recommend users user Firefox or Safari if they need to utilise NPAPI Plugins. This is a pretty poor stance in my opinion. Hopefully we hear something soon regarding a feasible outcome.

Personally I see a lot of people who are 100% devout chrome users will feel the pinch for a while until their plugins are updated to the new scheme or re-written for HTML5. From a security perspective i applaud the stance taken by Chrome to disable a plugin/api set that was first introduced in Netscape Navigator 2.0 back in 1995. Java has been riddled with bugs and vulnerabilities and when its on the “6 Billion Devices” it claims, its a rather large target.

Most companies who have major support utilities written in NPAPI for web-browsers will no doubt be scrambling to release a new versions of their tools. I look forward to seeing what the developers out of Dell, VMWare, EMC just to name a few release in the coming months!

Too many time sources – Isilon

So as many Aussies know, we have 2 time shifts each year for daylight savings, being the first Sunday in April (clocks back 1 hour), and first Sunday in October (clocks forward 1 hour)

Sunday evening I received an alert from my Isilon cluster saying that the time had drifted by more than 4 minutes from the AD time and Auth would be affected. 

Sure enough, it had, any CIFS/SMB access was problematic, but NFS was unphased.  

After a discussion with EMC support it was determined that there were too many time sources on the cluster. Being that both NTP and SMBTime. SMBTime is a service that pulls time from an Active-Directory, and NTP being Network Time Protocol.

In our setup both eventually point to the same time source. But it became apparent the two services don’t have a precedence order between themselves, and just end up in a race condition. 

EMC support were excellent in assisting me to diagnose the issue and provide recommendations to remediate the system.

On EMC recommendation we disabled the SMBTime service and forced a re-sync so NTP would reset the clock. Once done it was all back to normal for data access and the alerts were cleared as a result. 

It has left me with questions as the system was setup by an Integrator/Partner, and left in a “unrecommended” setup

More to follow….

EMC OE Upgrade – complex with complex passwords

Last week I did an OE upgrade on an EMC VNX2 Series SAN. 

All pre-checks passed, new files downloaded, ready to go right? No. 

Go to proceed to start the upgrade with my domain admin user via LDAP, and can’t proceed due to “Insufficient CLI Permissions”. Weird. Never mind, I’ll log back in with the root/sysadmin user. 

Hold on, that doesn’t have permission either? Knowing full well I can log in manually if needed, so why won’t the upgrade work?

Turns out that if you have complex passwords with special characters, the upgrade bombs out with an error. 

Quick work around is make a local admin user for the upgrade with a simple password and use that and delete it when done. Not ideal but it works I guess. 

I know it’s not only EMC products that let you set a password with special characters and complexity, then break login due to “invalid” characters. Why do vendors allow this to happen in their software? 

Better than another vendor that allows long passwords but only stores the first 8 characters…

My own blog

Hey all,

Thanks for coming to this new venture of mine, ive decided to start a bit of a blog, no idea how long it will last.

Ill be blogging about my works with Cisco Network/Security/Wireless, EMC SAN/NAS, and VMWare technologies

My blogs are my own, they do not represent my employers past, present or future.