Jump to content

Peter Wagemans

  • Content Count

  • Joined

  • Last visited

  • Days Won


Peter Wagemans last won the day on August 9 2018

Peter Wagemans had the most liked content!

Community Reputation

2 Neutral

About Peter Wagemans

  • Rank
    just passing through

Profile Information

  • Title
  • Gender
  • Location

Contact Methods

  • Website URL

FileMaker Experience

  • Skill Level
  • FM Application

Platform Environment

  • OS Platform
  • OS Version
    High Mojave 11

FileMaker Partner

  • Membership
    FileMaker TechNet
    FileMaker Business Alliance
    FIleMaker Platinum Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Peter Wagemans

    Quick find numbers wildcard

    But FileMaker can always solve bugs from the distant past, I don’t mind...☺️
  2. Peter Wagemans

    Quick find not working

    Ok, got it. My notification email kept linking back to this thread, that was split in the mean time, and there was nothing to see...:-)
  3. Peter Wagemans

    Quick find not working

    Uh. It seems to be part ( a few posts at the end ) of this thread are gone. Did something go wrong with the forum server? @Ocean West? Not really a big problem, just mentioning.
  4. Peter Wagemans

    Quick find numbers wildcard

    Thanks for offering an alternative. I am sure you are trying to be helpful. But this thread is about trying to solve a big shortcoming in using QuickFind, and not about alternatives. FileMaker should work on removing the product bugs, and I wouldn't mind getting no new features for a few releases, just bug fixes. FIleMaker should work on things that should work, but aren't, or only "half". And watch for inconsistencies, and make them consistent. We are always trying to get around them, and this gives birth to alternative ways of doing things, while they should have worked correctly to begin with. Of course this would be a problem for marketing, and this is not the way the world turns today. The next version of FIleMaker will have a ton of new features with oooos and aaaaas and a lot of unsolved bugs.
  5. Peter Wagemans

    Downloading / monitoring logs

    The hack could be done with a server side plug-in. I don't want to put words in your mouth, but you seems to be pointing out that when someone malicious has access to such plug-ins running on a server it's "game over". Which is exactly my point. Let's agree to disagree on the priority. If you don't need the option, it's logical that it has no priority for you. Now you have. Must we conclude now that if servers are comprised, securety is not good enough? How frequent do you have in mind? I know an effort has been done since 2010 to increase security. So this is not completely fair of me, I admit. But do we have to have a few sucessfully compromised servers before the obvious security holes are plugged? Your last sentence is very correct. If the hacking community would have an interest, we would be screwed already.
  6. Peter Wagemans

    Downloading / monitoring logs

    There is something I would like to add to your remark. A standard installation of FileMaker Server on Windows sets the service to be executed by the system account, which is the default for every service on Windows. When you set the user to another account though, the FileMaker installer refuses to install if that user does not have administrative privileges. You need that alternative account, if you want to have network access, since the system account does not have network access, and you cannot grant this either. So I presume you are currently running the service under an alternative user account, in order to access your NAS. I wonder WHY FIleMaker enforces the service to run under a administrative account. It does not do that on macOS. So... I had to explain this first, before reacting to you last paragraph. It is indeed possible to restrict the FMS user, and things seems to run fine, after you remove the fmserver account from the admin group. But I'm not sure this will cause misbehaviour somewhere later down the line. On Windows. Because the installer does not like it. I would like to pursue this further and ask the question to FileMaker Inc. If this would run without problems, this would be already a great first step in the sandboxing process, and the fmserver account used during server side OS calls would not be able to attack the rest of the OS in such a direct way, while still being able to access networked drives. It would still be able though to read and even write every file in the FileMaker Server folder. We recently had a 45 minute "hacking" session during .fmp in Berlin, where we quickly found out which file to modify in order to get full admin console access. This is very ugly. IT could restrict access to some files to read-only, though, but that would require a lot of knowledge about the inner workings of FileMaker Server, and I do not think they would be able to plug every security hole. Yes. But that is also the purpose of sandboxing. But not always. And I think virtualising does not add any benefit, except for what e.g. ESX offers to isolate the VM into a DMZ, and have snapshots in case things go south. It's also a matter of responsabilities. I do not want to have full access to a FileMaker Server, even when the IT people who are managing that server are ... my collegues. They do not have the full access password to the development, and I do not have full access to the FileMaker Server. And this is the way it should be. It would be a great setup for a (limited access) development server, but not for a production one. But then again, you can run a VM dev server on your own machine as well. I think it also depends on who your customer, and what the entire setup is. As I mentioned before, it should be an option, and whoever is responsible should be able to choose to do things the hard - and secure way, or not. If you are the big boss over everything, including development and IT, that is a big difference with a corporate setup. Coming back to my original question: I would really like to monitor those extra logs. Indeed, the only way to do so, is to make use of the unsecure setup FileMaker Server has to today, and use a server side plug-in to manipulate those logs so I can start monitoring them. I presume FileMaker is well aware of these issues, so I think it's not worth it to invest time into some monitoring tool, that would probably cease to work when they close things up. I hope that log monitoring makes it way back again into the admin console.
  7. Peter Wagemans

    Downloading / monitoring logs

    True, there would be a whole bunch of nice things you cannot do anymore (the way you do them). But there would also a number of very awful things an attacker wouldn't be able to do either. You could do what you mention in another way. I is possible to share the Documents folder, even over a firewall. You can also install other software on the server that synchronises files to the sandboxed folder. If you have full access to the FileMaker Server machine, there are other ways to do things. Maybe not always, but it might surprise you how many things can be done. On the other hand, consider this situation: A developer is working on a solution, which is hosted on a FileMaker Server. This is a contractor, and is not supposed to have access to the operating system in any way, this should only be possible by the IT people of the company. The current situation allows the developer to use the server side plug-ins ( that he requires for the development ) to gain access to parts of the OS that should be restricted to him. This is no imaginary situation. I have multiple setups like that - and I am the contractor...:-) At least, lowering security to allow for the current situation should be an option, off by default. If you really know what the consequences are, it is then your call of judgement to allow that.
  8. Peter Wagemans

    Downloading / monitoring logs

    Thanks for the reply Honza. Pity you are not really offering a tested solution, but you did manage to squeeze in two links to your site. So this at least this works for you 😊 that makes one of us. It is kinda creepy to hear that the only way this is going to work, is not supposed to work. Server side scripts should be sandboxed and they clearly are not.
  9. Peter Wagemans

    Downloading / monitoring logs

    Because I write a lot of server side scripts and often using custom WPE urls, one of the most annoying things in FileMaker Server 17 is that it is now impossible to monitor the logs from the admin console. I always have to download them. I found an alternative way to monitor them, by using FTP. With some nifty perl scripts, I can now even tail the Event.log and Access.log. It's a whole other story for the other logs, like the wpe.log, the Stats.log... It is just impossible to download those over FTP. Earlier I already noticed they don't play nice with FSEvents on the Mac either. Has anyone here created a good solution to monitor those files, given that: I have only access to the FileMaker Server using FTP (Implicit SSL) and the admin console, no SSH, RDP or other management tools. I do have the possibility to install plug-ins on the server. Maybe some of you created some server side script that is able to monitor those files. Or you have some other solution.
  10. Peter Wagemans

    Things to do

    I am really getting fed up with the SSL connection. Xojo’s MySQL community plug-in is not supporting it very well, and is not maintained as I would like. Itis also inconstent in it’s behaviour in cross platform development. I would like to leave it as it is now, and hope that Xojo will support it better in future release of their IDE. For now I will put a comment on tab that things are “experimental”. Encrypting the data ourselves seems to be a good idea instead. The interface to configure that woul be simple: provide a password to encrypt, and one to decrypt. Switch these on the FileMaker side. Maybe some options to encrypt only fmsadmin traffic, and not the logs, so less critical things can remain readable.
  11. Peter Wagemans

    Quick find not working

    We are now 3 years later and there are still similar issues with QuickFind. make a popover and put a merge field and a regular field on it check "include field for Quick Find" select all objects on layout ( using shortcut ) unlock all objects uncheck "include field for Quick Find" open the popover and notice that QuickFind is not disabled. I have the impression that this also happens with objects in a group, but did not continue testing. Can anyone reproduce this? It took me a while to find out why QuickFind was simply crashing my FileMaker 17. Clicking the cancel button... still removes the cancel button, but does not cancel the search (another old bug). Which forces me to kill FileMaker after 10 minutes of drinking coffee. You are never sure that you did not miss any field that still has QuickFind enabled. With an XML clip editor, "quickfind=1" and "object flags="14"" seems to find objects with the QuickFInd flag on. I hope there will be a slightly less cumbersome way to find those object in the future. I wonder why the QuickFind option doesn't follow the defaults either. The "include field for Quick Find" checkbox is greyed out when you have no objects selected in the layout. This slightly forgotten technique allows you to set field defaults, but the developers who created QuickFind apparantly weren't notified. Especially for QuickFInd, it is very important NOT to have it enabled by default, or it becomes a FileMaker killer. Especially if you cannot cancel a very complicated QuickFind in progress. I consider this yet another bug. Go ahead if you're able to reproduce. I 've done my share of bug reporting, and would continue to do so, if it weren't so... unfulfilling. And I lost enough time already today because of these bugs. Aha. You KNOW when you have disabled them all when you get this dialog when executing a QuickFInd:
  12. Peter Wagemans

    Things to do

    I'm currently looking into this code, and I think I will implement it like this: you enter the frequency in seconds or you enter the number of seconds after the current minute and you enter the frequency of minutes Even with a frequency in seconds, you can experience peak moments, once the logging timer starts to drift, which it will. To avoid this, the logging can happen after a number of minutes, on the set second after that number. I hope this sentence is readable 🙂 You can then configure each of your daemons to another offset, and if they are all properly configured to use a time server, that should spread the load. The last field here doesn't really help spread the load, but allows you to have a greater interval than 60 seconds. Is this approach solving things?
  13. Peter Wagemans

    Things to do

    I think this something I should add in the config app, so you can specify it for every deamon separately. I think I have hard coded 30 seconds right now, and this can indeed result in peek traffic with so many daemons connected. I will give this priority. Thanks for the feedback, Stef.
  14. Peter Wagemans

    Things to do

    Yes, the MySQL server is much better equipped to do delete the records no longer needed. I wouldn't let the wbDaemon do all that. The MySQL workbench is a good interface to your data. I don't understand how the MySQL could be able to log excessive CPU usage. Maybe I just understand you wrongly. It could be a strategy to have a MySQL schedule that deletes CPU figures that are very low, and as that is most of the time the case, you would end up with a rather compact set of meaningful data. BTW, I have created a new version of the WBDaemon Config app, that CAN use SSL to connect. Setting up the MySQL server for SSL connections is not what I would call "easy peasy". Here's a good article use as a guideline: https://serverfault.com/questions/783861/enabling-ssl-in-mysql-when-using-windows-as-a-server-and-client . My MySQL test server runs on a Windows Server 2012 VM, so I do not have to translate this to MacOS, but I think it's probably about 99% the same, except for the paths, of course. You have to create a lot of certificates and keys, and in the config application, you need to enter the client private key, the client certificate and the Server CA certificate. There is now a "Test Connection" button that you can use to see if you entered everything correctly. If the 3 extra field ( actually I check only 1, lazy me ) are filled, the application tries to connect using SSLMode. I have dropboxed the config app to @Claus Lavendt, and he will let me know how it works for him, when he has some time to test it. I currently have no issues from the macOS config app, but - with exactly the same source code for the connection - the Windows config app is not able to connect using SSL, and connects without SSL, even if the MySQL (5.7) server is configured to only accept SSLMode. Weird, and probably a MySQL security bug. I plan to install MySQL 8.0 to see if this fixes the problem. Or it could be a Xojo MySQL Community Plugin problem. Anyway, I'm not yet completely stuck (yet), I'll come back here when I find out what's happening.
  15. Peter Wagemans

    Things to do

    Tried doing it with a FileMaker Script but that get slow really fast. Problem seems to be the Process Logs. As I understand you use them to monitor the running of the FM services. But they generate about 300-500 Log entries a second with only 5 monitored servers. And deleting them from within filemaker is really slow. Truncating or deleting them from SQL is way faster. I found out a better way to do this. From the MySQL Server itself. Do this in MySQL Workbench: In the MySQL menu ( I have a an older version running here, things could be slighly different ) choose Server->Options File. Under the "General" tab, the first option is "event-scheduler". Enable that and put it to "On". Then restart the MySQL service. Then execute the following SQL: DELIMITER $$ DROP EVENT IF EXISTS Processes_Cleanup; CREATE EVENT Processes_Cleanup ON SCHEDULE EVERY 1 MINUTE STARTS CURRENT_TIMESTAMP + INTERVAL 60 MINUTE ON COMPLETION PRESERVE DO BEGIN SET SQL_SAFE_UPDATES = 0; delete FROM whistleblower.processes where TIMESTAMPDIFF(HOUR, TimeStamp, now())>96; END;$$ DELIMITER ; This creates an event that checks every hour if there are records that are older than 96 hours and deletes them. Of course you can adjust that number to whatever pleases you. You can check the event schedule with: show events ; After the interval time, your processes table will be cleaned up to contain only the more recent records. It is confusing indeed, but you need performance records over time if you want to make statistics over time with that data. If you do not want to do that, set the cuttoff to something really small.

Important Information

By using this site, you agree to our Terms of Use.