Press "Enter" to skip to content

Category: Life: Work and Techy

Request Tracker (RT) and Google Apps

If you are trying to setup Best Practical’s Request Tracker (RT) system (originally written by Jesse Vincent, but I more associate Dave Rolsky with it), to work with a Google Apps hosted domain (so you have Google Mail/Gmail for your domain), you may find the following useful.

  1. First of all, install “rt” on your Linux box and install “fetchmail” using your package manager if it isn’t already installed
  2. Setup an email account something like “support@” or “rt@” (I’ll use “rt@” in these examples) in Google Apps. Make a note of the password you set
  3. In /opt/rt3/etc/RT_SiteConfig.pm (if you used the default install location), you’ll need to set the following:
    Set( $RTAddressRegexp,'^rt(\+[a-z]+)?\@example\.com$');
  4. Do the basic configuration of “rt” and make your queues – I made the following queues:
    Queue name Reply address Comment address
    Backend rt+backend@example.com rt+backendcomments@example.com
    Frontend rt+frontend@example.com rt+frontendcomments@example.com
    Billing rt+billing@example.com rt+billingcomments@example.com
    General rt@example.com rt+comments@example.com
  5. Log into your new Google Apps Gmail account with the details you created and agree to the terms of service etc
  6. Click on “Settings” and “Filters” and create a series of filters such as:
    • To: rt+backend@example.com [Next step]
    • Skip the Inbox (Archive it)
    • Apply the label: backend
    • Never send it to Spam [Create filter]
    • To: rt+backendcomments@example.com [Next step]
    • Skip the Inbox (Archive it)
    • Apply the label: backend-comments
    • Never send it to Spam [Create filter]
  7. For the “general” queue’s “Reply” address (rt@example.com), do not setup a filter
  8. Once done, on your Linux server where you have installed the Request Tracker, edit /etc/fetchmailrc to read similar to:

    set daemon 60
    set invisible
    set no bouncemail
    set no syslog
    set logfile /var/log/fetchmail
    poll imap.gmail.com
    proto IMAP service 993 user rt@example.com pass PA55W0RD
    folder Inbox ssl
    mda "/opt/rt3/bin/rt-mailgate --url http://rt.example.com/ --queue General --action correspond"
    poll imap.gmail.com
    proto IMAP service 993 user rt@example.com pass PA55W0RD
    folder general-comments ssl
    mda "/opt/rt3/bin/rt-mailgate --url http://rt.example.com/ --queue General --action comments"

    poll imap.gmail.com
    proto IMAP service 993 user rt@example.com pass PA55W0RD
    folder backend ssl
    mda "/opt/rt3/bin/rt-mailgate --url http://rt.example.com/ --queue Backend --action correspond"
    poll imap.gmail.com
    proto IMAP service 993 user rt@example.com pass PA55W0RD
    folder backend-comments ssl
    mda "/opt/rt3/bin/rt-mailgate --url http://rt.example.com/ --queue Backend --action comments"

    Of course changing rt@example.com to the email account you created, PA55W0RD to the password set for that email account, http://rt.example.com to the location of your Request Tracker installation (it has to be accessible from the server you are creating this file on), the “folder” name to correspond with the label you set for that queue and comments, etc and repeating for as many queues as you have.

  9. Save the file and start fetchmail using /sbin/service fetchmail start or your Linux distribution’s service starter
  10. Watch the log file using tail -f /var/log/fetchmail

    And that should be RT up and running with Google Apps for you!

Life: Which country am I in?

Today whilst filing my annual return for Companies House, I was asked to select my Country/State of residence (because, you know, having a UK company listed on the England/Wales Companies House with a registered address in the UK and my service address being in the UK wasn’t enough of a giveaway). Not a problem thought I, so I clicked on the drop down list to be presented with:

  • United Kingdom
  • England
  • Wales
  • Scotland
  • Northern Ireland
  • UK
  • Great Britain

WTF? I could understand if it listed England, Scotland, Wales and Northern Ireland separately (as technically they are different countries), but to list them AND “United Kingdom”, “UK” (is there a difference between those two?) and “Great Britain” just got me confused. I live and work in London, England, in Great Britain part of the “United Kingdom of Great Britain and Northern Ireland” commonly shortened to just “United Kingdom” or “UK”. So which should I pick….

Varnish: Normalizing / Normalising the url

We’ve had a small issue with our installation of the Varnish Proxy Cache not working as efficiently as we hoped. This was tracked down to the fact we are using Google Adwords and Google Analytics for tracking and Google was adding query string items such as utm_source , utm_medium , utm_campaign and gclid to the URL. This caused Varnish not to cache the page (and/or treat them as separate urls) and just led to bad cache usage.

I’ve added this code to fix this which may be of use for others:

/* Normalize the url - first remove any hashtags (shouldn't make it to the server anyway, but just in case) */
if (req.url ~ "\#") {
set req.url=regsub(req.url,"\#.*$","");
}
/* Normalize the url - remove Google tracking urls */
if (req.url ~ "\?") {
set req.url=regsuball(req.url,"&(utm_source|utm_medium|utm_campaign|gclid)=([A-z0-9_\-]+)","");
set req.url=regsuball(req.url,"\?(utm_source|utm_medium|utm_campaign|gclid)=([A-z0-9_\-]+)","?");
set req.url=regsub(req.url,"\?&","?");
set req.url=regsub(req.url,"\?$","");
}

Techy: How I investigated Counterpath Bria’s licensing issue

On Saturday the 12th of February 2010, myself and many other users of the popular Counterpath Bria VOIP Software started getting the message “The data received from the license server appears to be corrupted. Please try again and if the problem persists, contact Counterpath Support.”, but without any idea of what caused it. Many people contacted Counterpath’s support forums, but as of the time of posting the only official status we have is “It is being investigated”. However, I took it upon myself to try and figure out what had gone wrong and then if I could “work around” the issue.

I knew from the error message that Bria was trying to contact the licensing server to validate the license, so the first step was to investigate what was being transmitted. Luckily, I had the very handy Charles Proxy and after installing its CA Certificate (so Bria didn’t complain about an invalid certificate authority when retrieving the data via Charles), I could see the communicaitons.

Bria made a post to https://secure.counterpath.com/Service/LicensePool.sv/RegisterClientBinding with my license key, a hash of something on my machine, the type of product I’m checking the license for (Bria), the time my computer thinks it is, and identifying hashes of my machine (in particular, hard disk, motherboard and Mac address) – this data is sent to try and reduce “license sharing”. In return, Counterpath sent back the same information, including an expiration date and duration of the license (30 days), instructions to recheck the license after 24 hours and then every 4 hours (+/- 30%), confirmation the license if valid and then they signed the response using an X509 digital signature. Why have they signed it? Well, otherwise it would be reasonably simple for somebody of about my technical knowledge to be able to intercept the SSL stream and modify the data to always have approved licences (and, no, I’m not going to say how I would do this – but I can think of 2 ways straight way).

As all the other data looked correct (Counterpath used descriptive XML tags which did really help in this process: although since it’s just communicating between their servers and their products, I would have personally obfuscation it just for a little more ‘security’: yes, I know “security by obfuscation” isn’t good security practice, but sometimes “every little helps”), I then investigated the X509 certificate. I copied and pasted it into a new text document, called it “x509.crt” and just let Windows’ certificate explorer show be the details – and it was immediately obvious what the fault was. The expiration date on the certificate was dated 2 days ago.

So about 5-10 minutes of investigation and I knew to roll back my computer clock to pre 12th February 2010. Run Bria to get it to reacquire a new license and viola everything working (well, hopefully for 24 hours until the license starts revalidating). I just wish Counterpath had actually provided the “roll back your clock” workaround on their forum: Bria is an excellent product and I’m just disappointed that because somebody dropped the ball and forgot to renew a 2 year old X509 certificate (which would be easily done as that length of time people would have left and the details would have just been forgotten to be passed on), their reputation and good product range may be tainted. I’m guilty myself of letting the SSL certificate on my online dance wear site expire for a couple of days (mainly because the certificate provider wouldn’t let me renew the certificate until after it had expired!) so I know how easily it can be done – I now have a 3 year certificate so it might again happen to me in 3 years time.

What has this taught us: If you use a secure certificate (for your website or code), keep a note of the date it is due to expire and set reminders. Your certificate provider might send you emails to remind you – but don’t rely on them. Communicate with your customers and if a problem could take more than a couple of hours to fix, propose a workaround (such as rolling back your computer’s clock) – they might not like it, but at least you are doing “something”. And signing license files with your own digital signature is a good idea (yep, I bet you weren’t expecting that!) as it stops people easily bypassing it – but just remember to keep your digital signature up to date!

[n.b. might just be worth mentioning that I investigated this all on my own – Counterpath or any third party did not ask me to investigate it. However, within an hour of me posting on their forums with the information I had found, the problem was fixed. Coincidence or were they already waiting for the new certificate to be approved/installed? I don’t know, but I like to speculate 😉 )

Cost of sales – makes you wonder why you bother

It’s amazing how quickly cost of sales tot-up. An item I am going to be selling costs me £12 to purchase from the supplier (as long as I buy more than £200 at a time and pay before shipping and don’t want express shipping) – however, to sell it, I’ve got to add postage costs of £2.24 to get it to the customer (well, I will come the 1st of April when UK postage prices go up again), then I’ve got to add VAT at 17.5% on top, then I’ve got to add Paypal fees of 20p and 3.4% on top of that – giving me the final “cost of sale” of £19.54 – that’s £7.54 I’ve got to pay to third parties just to sell this item. One of my more expensive items costs me £21 to purchase, and the cost of sale is £31.19 as Paypal and the VAT man both want a larger cut….

I’ve then got to try and make a profit on it, remember that if I do make a profit I’ll then have to put around 30% of it to one side to pay as Corporation Tax – I’ve also got to try and account for “shrinkage” (i.e. when a package gets lost in Royal Mail’s systems and I’m not able to reclaim the full amount), got to try and account for the costs of running the server and website I’m running the site from (around £120 per month, plus bi-yearly domain registration fees and SSL certificate costs), any bank/charges and interest, telephone line usage (even if it’s just for incoming calls, I’ve still got to pay line rental), £35 monthly accountancy fees, £15 annual return fees and various other little bits and bobs (insurance/storage costs etc): and that’s all before I can even consider paying myself some money for the time and effort I’ve put in. Oh and if I do start paying myself money, I’ve then got to pay National Insurance contributions, Employers and Employees tax, Payroll fees and other little annoying bits…

I do sometimes ask myself why I’m bothering: all this work for very little (if any payoff) – but if I was just unemployed, I’ll actually end up, at the end of the day, with more money… Meh!