Thursday, October 13, 2011

inodes on ext4

I had to create a partition of 100GB with a very large number of inodes, 6 millions just wasn't enough. So I've created a ext4 partition of 100GB with 1024 block size and 250.000.000 inodes like this:


mkfs.ext4 -N 250000000 -b 1024 /dev/mapper/lv_name

Friday, September 9, 2011

Increase number of loop devices on Linux


Instead of 8 loop devices, you'll now have 64 using the following line:
# vi /etc/modprobe.conf
options loop max_loop=64

Unable to load SELinux Policy. Machine is in enforcing mode. Halting now.

Followed by:



kernel panic - not syncing: Attempted to kill init!

It's simple. At grub screen, press "a" to change kernel parameters and add "enforcing=0". Next, you can add this to /etc/grub.conf to do this automatically.

This happened after enforcing SElinux on both CentOS5 and RHEL6.1.

[update] It all happened after changing SELINUXTYPE in /etc/sysconfig/selinux to "strict" on CentOS and "mls" in RHEL. The problem is that selinux-policy-strict was missing on CentOS, and so was selinux-policy-mls in RHEL. You'll have to install them first before modifying /etc/sysconfing/selinux. After that, reboot once with "enforcing=0 autorelabel" and after that a reboot with no other parameter, and should be ok.

Monday, August 29, 2011

scp and wget missing on RHEL6 minimal install

So, to get around, you can install them from DVD or, mount your DVD as a yum repo, and then install the following packages:

wget
openssh-clients

Friday, August 12, 2011

How to convert dos format text files to unix format

I needed this for some scripts I discovered they're DOS format and bash couldn't understand them. So, it's simple, and you have multiple choices:


tr -d '\r' < input.file > output.file


sed 's/$'"/`echo \\\r`/" input.file > output.file

Monday, August 1, 2011

apache not processing only

This is solely PHP based, and I found this in default php.ini on RHEL6.1


short_open_tag = Off


Turn it on to allow only ..


Tuesday, July 26, 2011

Facebook 2-way authentication

Considering that sometimes I'm a security freak, I've enabled 2-way authentication on Facebook. True is that I disabled the same thing on Google, but that's not important. Anyway, this morning, I tried to access my Facebook account using a newly installed Windows XP netbook, and Facebook asked a code they sent to my cell phone. My cell phone, right next to me, very turned on, very high network meter. SMS didn't came. Ok..I clicked resend, but still nothing. After the third resend, I waited for few minutes and nothing - then again, still no SMS from Facebook HOURS away from that moment (4 hours and counting). So, the next step available was to contact them through a contact form on their website, where they we're telling me to describe my problem - and where I also suggested they should use Google's 2-way authentication SMS servers, because their message comes almost instantly. After few seconds, some automated reply was sent to me, telling me I should "Attach a copy of your government-issued photo ID". SAY WHAT??

Seriously, I only send that to my bank, to the police, ..things like that. Why should I send this to Facebook? Who exactly are they? So I replied to them that, since they're not a government-related company, I will NEVER EVER send a copy of my "government-issued photo ID" and suggested again that they really should use Google's SMS servers for this one.

I'll just paste the funniest part of their requirements:

When you respond:
1. Briefly describe the issue you’re experiencing.
2. Attach a copy of your government-issued photo ID. We need to confirm that you own this account. Note that we will permanently delete our record of this attachment from our servers once we use it to confirm your identity.
The ID you attach:
- Must be government-issued (ex: passport, driver's license)
- Must be in color
- Must clearly show your full name, date of birth, and photo
No shit?! 

Thursday, July 21, 2011

Starcraft Broodwar on Windows 7 64 bit (and 32 bit)

There's a problem with playing Starcraft Broodwar on Windows 7 no matter what the update is, ...the latest is 1.16.1 I guess..So, after installing the update, it automatically runs the game, but the colors are messed up. To get around this, you have to add a registry key to your Windows. The files can also be found on blizzard's webpage here. You can also manually create the .reg files using notepad.

For the 32 bit version of Windows 7 the content should be:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\Compatibility\StarCraft116]
"Name"="StarCraft.exe"
"ID"=hex:ca,89,65,49
"Flags"=hex:00,08,00,00 

For the 64 bit version of Windows 7 the content should be:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\StarCraft116]
"Name"="StarCraft.exe"
"ID"=hex:ca,89,65,49
"Flags"=hex:00,08,00,00

This is it. Starcraft Broodwar 1.16.1 up and running smoothly...

Monday, July 18, 2011

Linux disks by LABEL and UUID

To list disks by uuid you can issue:

ls -al /dev/disk/by-uuid/

..the answer should be something like:

5d82b8f4-5dfd-4164-8a78-e56cb1d7ea1c -> ../../sdb1

6cc7cb86-f1bc-4c16-833c-c6efa55257d6 -> ../../sda1

..to find out specific uuid of a specific disk you shoud run:

blkid /dev/sda1

..and you can auto mount in /etc/fstab by specifying the UUID instead of device, for example:

UUID=5d82b8f4-5dfd-4164-8a78-e56cb1d7ea1c /tmp          ext4    errors=remount-ro 0       1

Another way to categorize disks is by label. Of course, you can also auto mount disks in /etc/fstab by labels. To set a label for a disk just type:

e2label /dev/sda1 mylabel

..or..

tune2fs -Lmylabel /dev/sda1

..and you can auto mount disks in /etc/fstab like this:

LABEL=/         /      ext3    defaults        1 1

 

Thursday, June 30, 2011

Apache 2.2 LDAPS authentication in Active Directory 2008

So, I've been trying the whole day to get this Apache 2.2 installation to authenticate into an Active Directory LDAP using secure connection. These will be Ubuntu settings, particulary for 10.04 LTS (probably works for every Debian, RedHat versions as well).

First, I exported the CA from my browser (IE9) using Internet Options > Content > Certificates > Trusted Root Certificate Authority and export the one from Active Directory (CA from Active Directory) and saved is as BASE64 file, because by default, OpenSSL can use this kind of file and not DER or whatever, and saved the file on the Linux server in /certs/cert.cer.

Second, edit the httpd.conf in /etc/apache2 to look like this:

 

#LDAPSharedCacheSize 500000

#LDAPCacheEntries 128

#LDAPCacheTTL 60

#LDAPOpCacheEntries 128

#LDAPOpCacheTTL 60

LDAPConnectionTimeout 10

LDAPTrustedMode SSL

LDAPVerifyServerCert on

LDAPTrustedGlobalCert  CA_BASE64 /certs/cert.cer

 

Thirds step is to add your LDAP configuration to your website using <Location> tag in /etc/apache2/sites-enabled/000-default or whatever path you have for your website, and add the following:

 

<Location "/">

    AuthType Basic

    AuthName "AD Authentication"

    AuthBasicProvider ldap

    AuthzLDAPAuthoritative  Off

    AuthLDAPURL             "ldaps://xx.xx.xx:636/OU=testOU,DC=domain,DC=local?sAMAccountName?sub?(objectClass=user)"

    AuthLDAPBindDN          "CN=user,OU=Users,OU=testOU,DC=domain,DC=local"

    AuthLDAPBindPassword    passforuser

    AuthLDAPRemoteUserAttribute sAMAccountName

    Require valid-user

</Location>

 

This implies that you have an AD running at IP xx.xx.xx.xx, has 636 port opened (LDAPS), there's an user called "user" in the specified OU and has the DN specified at AuthLDAPBindDN, the password "passforuser" and AuthLDAPURL is the query Apache is doing to the Active Directory server. Instead of "Require valid-user" you can require different things, like ..specific user, specific group, etc. So, save the website file after doing this. And there's one more step.

Fourth step, and the last before restarting apache, is to edit ldap.conf. Don't know for sure where this file can be found on RedHat, but on Debian (and in my case, Ubuntu 10.04 LTS) can be found in /etc/ldap/ldap.conf. So, edit this file, ..of course, there are some commented options, but add this line:

 

TLS_REQCERT never

 

Restart apache, and that's it.

Monday, May 30, 2011

iptables limit syn flood

iptables -N syn_flood
iptables -A INPUT -p tcp --syn -j syn_flood
iptables -A syn_flood -m limit --limit 1/s --limit-burst 3 -j RETURN
iptables -A syn_flood -j DROP

Saturday, April 23, 2011

Power management boost on Linux Mint 10 / Ubuntu 10.10

So, I've been a performance instead of battery saving fan since I got my first laptop. It usually worked out by selecting "Performance" from some specific vendor power management software on Windows. But with Linux, it was getting annoying. I had my Asus EEEPC 1008HA for almost 2 years now, and I was really annoyed by being forced to get power plugged because otherwise, my music stopped playing correctly, had some small interruptions, videos, the same..even compiz had small interruptions in compositing my desktop the way I like it. It was clear to me that it was a power management, and surely something related to hard drive power management. After digging up the internet, I've seen using hdparm command, that a HDD parameter it was changing automatically between power on/off - APM_level, when power plug on, it was set to 254, when power plug disconnected, it was 128. After that, I've searched Google for details and scripts that can make my EEEPC run the same on battery and power and I got the following script up and running, and my laptop run as fast as on power plug connected. If anyone intends to use this, this will drain your battery much faster than using other power management software.
###power save off
echo performance > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
echo performance > /sys/devices/system/cpu/cpu1/cpufreq/scaling_governor
hdparm -B 254 /dev/sda
echo 0 > /proc/sys/vm/laptop_mode
echo max_performance > /sys/class/scsi_host/host0/link_power_management_policy
echo max_performance > /sys/class/scsi_host/host1/link_power_management_policy
echo max_performance > /sys/class/scsi_host/host2/link_power_management_policy
echo max_performance > /sys/class/scsi_host/host3/link_power_management_policy
iwconfig wlan0 power off
echo 0 > /sys/module/snd_hda_intel/parameters/power_save
echo 10 > /proc/sys/vm/dirty_ratio
echo 5 > /proc/sys/vm/dirty_background_ratio
echo 1000 > /proc/sys/vm/dirty_writeback_centisecs
This will practically remove any power management or set to maximum performance for SATA, CPU, HDD, wireless and sound. And, I've put this into my /etc/rc.local file, and after a restart, everything is the same, ..well, except for the dimmed light, which I don't mind if it helps some power save. It's ok though, before this, my battery lasted around 2 hours with interruptions ..now it lasts for an hour, but seamless performance.

Tuesday, March 22, 2011

Best e-mail service?!

It's not an answer, it's actually a question to whom I don't have an answer.

So, I've been a Google user for a very very long time. My first GMail account was created using an invitation, when GMail registration was not for everybody and you can only create an account using invitations. Me very happy back then. And I'm not only a GMail user, ..I use lots of things from Google, like Picasa, Blogger, Docs, Buzz ..the dead Wave, Reader, Analytics, Maps ..and from time to time, I check if something really changed about Orkut, ..and still nothing, buggy as hell. But lately, GMail started having problems. And considering I use GMail as my primary account, and all my other accounts (Hotmail and Yahoo, using GMX Mail Collector and then POP3 to get it to GMail) go to my primary GMail account, things are getting annoying.

So, there are 2 other well known alternatives, and 1 more people doesn't know about, or ..it doesn't have too many users. So, Yahoo is slow, and I hate it because I don't have IMAP/POP/SMTP support (for the free account) and no docs, and Hotmail looks nice, has a GREAT SkyDrive of 25GB to store whatever you want, but still, their Office Live is crappy. It crashes in my Chromium every few minutes and needs a restart of the app. Oh..and that new alias thing, well, it's M$, so IT DOESN'T WORK. So, one doesn't have docs, the other one has ..but crashes, but they have that cool 25 GB SkyDrive storage where you can put almost everything, oh..and the aliases thing doesn't work. GMail, has great apps, docs, e-mail storage. It lacks a 25GB free SkyDrive, and now, the GMail errors that keep me away from the most important e-mail address. GMX is not an option, that's because the support is ...none, the interface is too fucking heavy for my small EEEPC which I use to read e-mails, but has something like a SkyDrive ..with much less storage..and I've seen people using this for a long time, and happy with it. Don't ask me why...

And there's Zoho. Zoho is something most of the people don't know about. It's very useful, lots of apps, but unfortunately, not much storage - 1GB. And with upgrades, you only upgrade the number of workspaces, not the storage. And I really need storage for pics.

So, any ideas?! I need storage for everything, e-mail, docs, ..reader, something like picasa..

Monday, February 28, 2011

Install headless OpenOffice.org on Ubuntu 10.04.2

I needed this for an Alfresco Community Edition installation, so ..here are the steps:

1. install the necessary packages:
apt-get install openoffice.org-writer openoffice.org-calc openoffice.org-draw \
openoffice.org-impress openoffice.org-java-common openoffice.org-headless


2. create the init script:
nano /etc/init.d/openoffice

fill it with:
#!/bin/bash
# openoffice.org headless server script
#
# chkconfig: 2345 80 30
# description: headless openoffice server script
# processname: openoffice
#
# Author: Vic Vijayakumar
# Modified by Federico Ch. Tomasczik
#
OOo_HOME=/usr/bin
SOFFICE_PATH=$OOo_HOME/soffice
PIDFILE=/var/run/openoffice-server.pid
set -e
case "$1" in
start)
if [ -f $PIDFILE ]; then
echo "OpenOffice headless server has already started."
sleep 5
exit
fi
echo "Starting OpenOffice headless server"
$SOFFICE_PATH -headless -nologo -nofirststartwizard -accept="socket,host=127.0.0.1,port=8100;urp" & > /dev/null 2>&1
touch $PIDFILE
;;
stop)
if [ -f $PIDFILE ]; then
echo "Stopping OpenOffice headless server."
killall -9 soffice && killall -9 soffice.bin
rm -f $PIDFILE
exit
fi
echo "Openoffice headless server is not running."
exit
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 0


3. make the script executable:
chmod 755 /etc/init.d/openoffice


4. make it start at common runlevels:
update-rc.d openoffice defaults


That's all folks :)

Monday, February 21, 2011

PF - FreeBSD packet filter (I)

So, this is about the default firewall in *BSD distros. Considering I know iptables, this should be easy to learn. First of all, to be sure it will get autorun at startup, modify /etc/rc.conf like this:


pf_enable="YES"                  # Set to YES to enable packet filter (pf)
pf_rules="/etc/pf.conf"         # rules definition file for pf
pf_program="/sbin/pfctl"        # where the pfctl program lives
pf_flags=""                     # additional flags for pfctl
pflog_enable="NO"               # Set to YES to enable packet filter logging
pflog_logfile="/var/log/pflog"  # where pflogd should store the logfile
pflog_program="/sbin/pflogd"    # where the pflogd program lives
pflog_flags="" # additional flags for pflogd


This should autorun PF using the config file found at /etc/pf.conf. But first, and I just have to do it right now, to enable PF advanced features, you should compile your kernel with:


device pf
device pflog
device pfsync

...and, to use packet queuing, you should also add this:


options         ALTQ
options         ALTQ_CBQ        # Class Bases Queuing (CBQ)
options         ALTQ_RED        # Random Early Detection (RED)
options         ALTQ_RIO        # RED In/Out
options         ALTQ_HFSC       # Hierarchical Packet Scheduler (HFSC)
options         ALTQ_PRIQ       # Priority Queuing (PRIQ)
options         ALTQ_NOPCC      # Required for SMP build

This is it for now, that's because I got something already compiling on my FreeBSD VM and it's more than enough for a VM running on a EEE PC :)

Tuesday, February 15, 2011

2 bugs with Linux Mint 10 on MSI laptop (and probably Ubuntu 10.10)

1. ath5k phy0: gain calibration timeout
NetworkManager shows wireless as disconnected and doesn't search/find for wlans. To fix this, you just have to completely shutdown the laptop and then power on (reboot doesn't seem to do the trick)

2. Laptop battery critically low. Computer will hibernate very soon unless it is plugged in.
When the power cord is disconnected, a popup appears with this message, no matter how full the battery is. That's why some fucked up batteries, BIOSes when you disconnect the power cord, they mistakenly show -  0:04 remaining (92%) - in the popup from the power manager. So it actually thinks it only has 4 minutes left, and wants to hibernate, although you still have 92% of battery left. So to avoid this crap, go to gconf-editor > apps > gnome-power-manager > general and uncheck "use_time_for_policy". So, next time you disconnect the power cord, it will use percentage to calculate if it's time to suspend or hibernate.

Tuesday, February 8, 2011

Debian 6 - no graphical interface

So, I tried twice to install Debian 6 on a VMWare Workstation 7 and at the end, there was no graphical interface installed, of course, using the net installer, not the whole 52 (WTF???) CDs. Nothing, just the good old command line prompt. So if I type:

apt-get autoremove

..it will practically remove a LOT of packages most of them related to gnome and X. So, what's missing?
If you type "startx" you'll notice there is no /usr/bin/X. So, to really have a graphical interface on your newly installed Debian 6 you should just:

apt-get install xorg

After that, X will start automatically..
But, it's not over yet, because if you enter:

apt-get autoremove

..again, you'll still be removing a LOT of packages including gnome ones. I'm actually at this point so I have to figure out what's missing..Anyway, everything seems to work..

Thursday, January 20, 2011

Next Generation Firewall

So, what is a NGFW? (I've been reading around, and this is the accepted shortcut). It's bullshit! It's like a much stupid version of an UTM. Some people here were very excited about Paloalto Networks products, especially NGFW products. So, I've been reading their datasheet about this new technology - patent-pending :) - and, beside usual port/IP/MAC firewall, this firewall implements 3 new things - App-ID, User-ID, Content-ID. What are those?! It's very simple. App-ID identifies traffic by application - like signature, protocol and some heuristics in detecting them, User-ID identifies traffic by user, being very tied to a directory infrastructure (AD, LDAP), and Content-ID which analyzes traffic and searches for patterns, like CC, SSN, and so on. Great!!

But, how is this better than a UTM? In my case, the first that comes to my mind is Fortigate. Buggy as a motherfucker, but pretty good eventually. So, in this case, it comes with Application Control, which does the same shit like Paloalto, but somehow it has more signatures (Paloalto says "over 1000", meaning somewhere around 1001, and Fortigate says something around 1400). Fortigate tightly integrates with AD and LDAP, I know because I've used this crap on both directory infrastructures, so yeap, you can analyze and filter traffic based on users. And, Content-ID, which sounds very like a DLP (data loss prevention), which is also available in a Fortigate UTM, but I never tested it.

Ok, so a Fortigate UTM has everything a Paloalto NGFW has. But, it has some extra shit too: VoIP Security, VPN, Antivirus, Antispam, AntiMalware, IPS, Web Filtering. So, I was asked yesterday about my opinion regarding NGFW and now I'm very sure about my reply - a less featured UTM.

Wednesday, December 29, 2010

FreeBSD kernel recompilation

This can be done very easy. First of all, you'll need kernel sources installed, using, of course, sysinstall. You'll have to get to "Configure" menu, then "Distribution", then "src" and then you'll have to check "base" and "sys".

After all that crap is done, you'll need to get to /usr/src/sys/i386/conf/ and then copy the default GENERIC configuration to a custom config file, which I called CUSTOM :P

cd /usr/src/sys/i386/conf/
cp GENERIC CUSTOM


Then you'll have to edit the CUSTOM file using your favorite editor (nano in my case), and disable everything you don't need. You can use FreeBSD handbook to see which can be safely disabled and what not.

To compile your custom kernel, using the CUSTOM file, you'll need to get back to /usr/src folder and run:

make buildkernel KERNCONF=CUSTOM

and then:

make installkernel KERNCONF=CUSTOM


All done!
..seriously...all done! You have your custom kernel booting up at next reboot. BUT, if you'll have any problems with booting up this new kernel, like ..kernel panic, well, DON'T PANIC! That's because there's an easy way to revert to your old working kernel:

- at boot menu, choose option 6 - "Escape to a loader prompt"
- type unload kernel
- type boot /boot/kernel.old/kernel (after successfully installed a new kernel, the old kernel can be found there)
- you can also check what exactly went wrong (missing module, or whatever) by checking /var/log/messages file.

For safety reasons, there should always be a backup of the GENERIC working kernel in some place like /boot/kernel.working/kernel.

Monday, November 22, 2010

vsftpd check_shell

So, I wanted to give a restricted SSH access to www-data to be able to write in /var/www. So I did. Unfortunately, the ones who were supposed to use that account, they use WinSCP, and rssh is not that compatible. rssh works well with scp command line utility from Linux, but they're Windows lovers. So I had to give them a ftp account to that same folder, and with the same account - www-data. So I installed vsftpd, with apt-get install vsftpd. I enabled local users, write permission and all that. And then tried to login using www-data and the password I've set up. Nothing. Login incorrect. I retype password, reset the password. Nothing! After googling around, I found out that it needs a valid shell, and you can disable it by entering check_shell=NO. But "Note! This option only has an effect for non-PAM builds of vsftpd. If disabled, vsftpd will not check /etc/shells for a valid user shell for local logins."

So, considering most of installation are PAM based, this option is useless. So, in my case, I had to add rssh shell to /etc/shells. Reboot the server (source might work, too) and now I can login through ftp using www-data account, and I can also use rssh with the same account.

Tuesday, November 16, 2010

Installing Hydra 5.8 on Ubuntu 10.10

First of all, you should get the source from here.

After this, you unzip it, and run configure. Whatever library you don't have, you can install using apt. Unfortunately, I had a problem with Firebird libraries. Looks like, although I installed them, hydra couldn't find them. I tried a symlink to it, but in vain. Other packages you can install are:

libpq-dev
libaprutil1-dev
libsvn-dev
libfbclient-dev
libfbclient2
libncp-dev
librfc-de
libssh-dev
libgtk2.0-dev

For the compilation to work smoothly, you'll have to manually edit the generated Makefile:

- edit the first like to look like this:
CC=gcc `/usr/bin/apr-1-config --cppflags --cflags`

- edit the 4th like to look like this:
XLIBS= -lssl -lncp -lpq -lsvn_client-1 -lapr-1 -laprutil-1 -lsvn_client-1 -lapr-1 -laprutil-1 -lssh -lcrypto

- edit the 6th like to look like this:
XIPATHS= -I/usr/include/subversion-1 -I/usr/include/apr-1.0

If you don't do this, you'll probably get some errors like:

/usr/include/subversion-1/svn_client.h:878: error: expected specifier-qualifier-list before ‘svn_ra_progress_notify_func_t’
hydra-svn.c: In function ‘start_svn’:
hydra-svn.c:106: warning: ‘svn_client_get_simple_prompt_provider’ is deprecated (declared at /usr/include/subversion-1/svn_client.h:111)
hydra-svn.c:120: warning: ‘svn_client_ls’ is deprecated (declared at /usr/include/subversion-1/svn_client.h:4077)
make: *** [hydra-svn.o] Error 1

Monday, October 4, 2010

Orkut BETA

Few months ago, people got upset on FB privacy issues and some of them actually moved to Orkut. Few weeks ago, I re-enabled my Orkut account, and now I was just checking it. It's so damn BUGGY. I know it's not that used like FB, but I've heard it has a lot of users in Latin America, especially Brasil, and India. How can these people use this? The really annoying things I just discovered:
- there's a default photo album called "Album de Radu", which is not even romanian, ..WTF?! ..and the buggy part is, it can't be renamed. I mean, it can be, but if you refresh the page, it will have the same "Album de Radu" name...
- randomly, links stop working, the main ones: home, profile, scraps.
- and I was thinking, after they sort out these issues, and probably many more others, they should make some "import friends from FB". This should be an easy way to spam everyone there into making an Orkut account.
- and again, being Google and all that, there's no contact e-mail for support, so, if you're having problems, you better check forums, than actually receive some answer from Google.

I'm beginning to feel like Orkut is some kind of beta testing for an actual social network shit. I know they have a "BETA" in the icon of Orkut, but seriously, they're testing this for too long. They should really add a working, less buggy version of Orkut, and then add features one by one, of course, with some TESTING FIRST, in a TESTING ENVIRONMENT, NOT live. And, like Buzz, it should have a way to connect sites to Orkut. Like, I'd like my friends on Orkut to see what I'm Buzz-ing about, what I post on Blogger, and so on. And Picasa Web and Picasa desktop should have a way to share pics from an album directly to Orkut, not the import thing you find here...I'm using the Linux desktop version of Picasa, and it should be nice to be able to share pics directly from it to Orkut, with or without posting them to Picasa Web Albums first.

[update #1]: Removing application: BUGGY! I've searched for a chess game, trying to find one I can play in orkut page, but I found some bullshit called "Crazy Chess Games Online". So, it's a crap, something like arcade games, and I wanna remove it. So, I went to "My applications" and clicked on "remove", and a message saying "no more application" appears. Then, I go to my home page, and I see "applications (1)"...Guess what?! "Crazy Chess Games Online" is still there...damn!

[update #2]: So, I'm trying to edit the "About Radu" section in my profile and this is what Orkut says. "The content you''re posting looks like spam, so it''s being sent to the recipient''s spam folder." , and I can't save that text no matter what. Pfff...And no, still can't get rid of that chess application. Hmm...I guess I better delete my account and let Google spam me whenever they thing Orkut could be a good alternative to that FB social network.

UNIX/Linux test

So, I've been asked at a UNIX test about block and character devices. I've done a lot of things on Linux, BSD, but this question was a complete stranger for me. And, if this is a complete stranger for somebody else, here's the answer taken directly from Wikipedia:

Character devices
Character special files or character devices relate to devices through which the system transmits data one character at a time. These device nodes often serve for stream communication with devices such as mice, keyboards, virtual terminals, and serial modems, and usually do not support random access to data. In most implementations, character devices use unbuffered input and output routines. The system reads each character from the device immediately or writes each character to the device immediately.
Block devices
Block special files or block devices correspond to devices through which the system moves data in the form of blocks. These device nodes often represent addressable devices such as hard disks, CD-ROM drives, or memory-regions.
Block devices often support random access and seeking, and generally use buffered input and output routines. The operating system allocates a data buffer to hold a single block each for input and output. When a program sends a request to read data from or to write data to the device, the system stores each character of that data in the appropriate buffer. When the buffer fills up, the appropriate operation takes place (data transfer) and the system clears the buffer.

Very simple answer, isn't it?!

[update]: Damn, looks like I confused another answer too...about file descriptors. Again, taken from Wikipedia...
In POSIX, a file descriptor is an integer, specifically of the C type int. There are 3 standard POSIX file descriptors which presumably every process (save perhaps a daemon) should expect to have:
0 Standard Input (stdin)
1 Standard Output (stdout)
2 Standard Error (stderr)
Generally, a file descriptor is an index for an entry in a kernel-resident data structure containing the details of all open files. In POSIX this data structure is called a file descriptor table, and each process has its own file descriptor table. The user application passes the abstract key to the kernel through a system call, and the kernel will access the file on behalf of the application, based on the key. The application itself cannot read or write the file descriptor table directly. In Unix-like systems, file descriptors can refer to files, directories, block or character devices (also called "special files"), sockets, FIFOs (also called named pipes), or unnamed pipes.

This one was a bit complicated to explain, but...still, quite simple.

Wednesday, September 29, 2010

installing VMWare Virtual Center 4.1 (VCenter)

First of all, it requires a 64bit version of Windows 2008 Server, and I didn't know that when I have to. After installing that, you'll need to install SQL Server, and I installed, again, the 2008 Standard version. Having the operating system and SQL server installed, is not enough for a smooth VCenter installation. You'll also need:
1. create a database for VCenter, and an owner for it, of course, with a password.
1. create a System DSN for VCenter to use to connect to your SQL Server - don't use "SQL Server", use "SQL Server Native Client", and set the user to be the newly created one, and the default database to be the newly created VCenter database.
3. disable Full recovery - in SQL Server Management Studio > right-click VCenter database > Properties > Options > Recovery Model > Simple (instead of Full)

This will grant you a smooth VMWare vCenter 4.1 installation.

[update] To install vCenter Update Manager, you'll need to create another pair of username/database. But, this time, you'll need to create a 32 bit System DSN. This is done like this:

Start > Run > c:\windows\SysWOW64\odbcad32.exe

This utility creates 32 bit System DSN on a 64 bit operating system. That's all, for now..

Windows Updates error code 80010108

So, I'm beginning my learning for the VCP certification I want to take very soon. Anyway, I've installed the required Windows Server 2008 Standard x64 for vCenter, and something happened when I first tried to update. Since then, Windows Updated didn't work. After some google searching, I found out that Windows Update Agent might be fucked up. In order do download the latest version from Microsoft website, go to:

http://support.microsoft.com/kb/949104

Install it, then run Windows Update again, it should work, hopefully :)

Tuesday, September 28, 2010

Proventia Server for Linux

I was very happy when I found out there's a Provetia Server for Linux. But, there are 2 limitations:
- it's only installable on RHEL which I thought I could easily pass by modifying the install script
- it only wants s390x architecture...say what?!

So, to be more exact, this is the check in the install script:


function CheckOSSupport {
# Check whether the platform is supported or not
HW=`uname -m`
if [ $OS_NAME == "RHELREL" ]; then
if [ $HW == "s390x" ]; then
$GREP -q 'Red Hat Enterprise Linux Server release 5' /etc/redhat-release
if [ $? -ne 0 ]; then
bail_out
fi
else
$GREP -q 'Red Hat Enterprise Linux [EA]S release 4' /etc/redhat-release
if [ $? -ne 0 ]; then
$GREP -q 'Red Hat Enterprise Linux Server release 5' /etc/redhat-release
if [ $? -ne 0 ]; then
bail_out
fi
fi
fi
fi
if [ $OS_NAME == "SUSEREL" ]; then
VERSION=`$GREP VERSION /etc/SuSE-release | tr -d ' ' | cut -f2 -d'='`
if [ $VERSION -le 9 ]; then
bail_out
fi
fi
}

Wednesday, September 15, 2010

Port Knocking

Someone recently asked me about securing SSH server. The only options I thought then was changing the port, disabling password interactive login, and enabling public/private key pair to authenticate. This should be enough in most cases. But, there's more. One of them is version cloaking. This can be done with a patch applied to the source of OpenSSH and recompile it. Another way to secure remote access is port knocking.

Its main principle is this. Port 22 is locked. You have to knock in a custom manner in order to get the port opened only for the incoming IP that knocked. The server side, includes a daemon called knockd looking for specific sequence of knocking on the server door. You can configure a specific order of ports to knock, a specific flag those packets should have, a sequence timeout, commands, and few more options. The command, in this case, will be to open port 22 for the incoming IP that knocked exactly in the same order the server is setup to listen. You can also use another sequence of knocking to close the same port, that actually deletes the firewall rule added earlier.

The client side, well, I tried around 3 port knocking clients, and the last one went well, being made by the same guys who did the server, zeroflux.org. This includes also a windows version that can be easily run from a command prompt window. You can configure the host it will knock, type of packet, order of ports, and so on.

Installation on Ubuntu is a very easy apt-get install knockd.
You'll be able to start the daemon by enabling it in /etc/default/knockd.
Configuration file is /etc/knockd.conf, and I've first used it using (almost) one of the configuration found on zeroflux.org website:

[options]
logfile = /var/log/knockd.log

[openSSH]
sequence = 7000,8000,9000
seq_timeout = 10
tcpflags = syn
command = /usr/sbin/iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPT

[closeSSH]
sequence = 9000,8000,7000
seq_timeout = 10
tcpflags = syn
command = /usr/sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT

Ok...so, this configuration, listens for TCP packets, with the flag syn, in a sequence of 7000, 8000, 9000, with a timeout of 10 seconds. After it detects that, it automatically grants port 22 access to the incoming IP. If the daemon gets the reverse order of knocking, it will automatically delete the rule, so, closing the port again for all IPs. Unfortunately, those knockings can be easily read on a packet sniffer between you and the secured server, but, it's how you can secure more a SSH server. Oh, and, in case you don't want to be left outside on the server, in case of daemon failure, you should get a script running that automatically checks if the daemon is running, and automatically restart it in case it's stopped.

That's all folks!

Monday, September 13, 2010

running out of space in VirtualBox

So, I have this Windows 2008 Server Standard on a VB virtual machine. I've initially allocated 512MB ram and 20GB of hard disk, considering it will be enough for my test of IBM SiteProtector, the Express installation of it. Unfortunately, it isn't. And I have a lot of warnings in SP Console about disk space. So, I needed to enlarge my ..hard drive in order to get rid of those warnings, and I found this solution:

1. Create a new disk from Virtual Media Manager > Hard Disks - in my case, I've created a new, 30GB large one.
2. Download System Rescue CD from here. It's a Linux distro with XFCE window manager, and the software you need - GParted (an open source Partition Magic :P )
3. Start your virtual machine with both disks ( in my case, the 20GB and 30GB disks ) and mount System Rescue CD as a CDROM in your VM with the option to boot from it first.
4. When it boots, select "SystemRescueCD: default boot options" - this will get your live CD up and running.
5. type "startx" on the prompt to start the window manager.
6. type "gparted" to start working on partitions.
7. right-click /dev/sda1 (my windows partition) and click "copy"
8. select /dev/sdb from the disk select list in top right corner
9. right-click the disk and select "paste", it will ask you to create an empty partition table.
10. drag the slider to the max size of your sdb disk; then click apply.
11. wait...more or less, depending on disk size...
12. right-click newly /dev/sdb1 > Manage Flags > check "Boot" and then OK.
13. power off virtual machine, remove CD, remove original drive, and then start the virtual machine with the newly created disk.

This just worked for me..5 minutes ago.. :)

Thursday, August 26, 2010

Windows Mobile POP access on GMail failing to retrieve e-mails

So, I've been using my Samsung Omnia for over an year to collect messages from my GMail account using POP. But, from time to time, something strange happens, and my Outlook or whatever Windows Mobile default mail client is called, suddenly stop retrieving e-mails. Connection is fine, logging is fine, retrieving is ..not fine.
So, the workaround for this, although you can loose some e-mails in your WM client, but don't worry, you'll have them all in your GMail interface (well, not actually loosing from your mobile, ..you'll just have some e-mails on GMail that will not get fetched to your smartphone), is that, when you actually notice that no e-mail is being retrieved anymore, go to GMail account > Settings > Forwarding and POP/IMAP and select "Enable POP for mail that arrives from now on" and click on "Save Changes". Then, go to your WM smartphone and click on "Send/Receive", and suddenly, it works again. And, of course, you'll not retrieve the e-mails from when it started to fail to work, till the moment you checked that radio button on GMail interface. That's all!

Friday, August 20, 2010

FortiGate + FortiAnalyzer + FortiManager setup

So, I had to setup a configuration built of 3 boxes in the subject. First thing I did, was to upgrade everything to the latest versions of firmware - 4.0 MR2 patch 1. All fine. I got to connect FG to FA, FG to FM, but there were problems in connecting FA to FM, so I can administer everything through one single interface.
So, it didn't work. No way..FA and FM didn't connect. Anyway, after a support ticket to Fortinet, the correct versions that will connect are:

Fortigate v4.0 MR2 patch 1 - build0279
FortiManager v4.0 MR2 patch 1 - build0348
FortiAnalyzer v4.0 MR2 (without patch 1) - build 0198

Thursday, August 5, 2010

software RAID grub problem

So, after correctly configuring a software RAID 1 (mirror) in a Linux installer, after rebooting, only if the /boot partition is part of a mirror, you'll get a grub prompt. Now, you can search Google for what you can accomplish from there, or you can read this. :) What can I say, I've searched Google before you. Anyway..you'll get this:

grub>
First, you'll have to type this, and you will get the location of grub setup files:

grub>find /grub/stage1 
(hd0,0) 
(hd1,0) 
So, if you have SATA, (hd0,0) stands for /dev/sda, and (hd1,0) stands for /dev/sdb - it will be hd* for IDE. So, to make sure you have grub install on both MBR on both drives of the mirror, type this:


grub>device (hd0) /dev/sdb
grub>root (hd0,0) and then:
grub>setup (hd0) 
grub>quit 
 This actually changes MBR to /dev/sdb (not the usual /dev/sda) and copies necessary files to boot. After reboot, it will still load grub from /dev/sda, but if something happens to it, it will successfully start your Linux from /dev/sdb.

Tuesday, July 6, 2010

Identity theft

Well, it's a kind of fucked up full of hackers world. So, after reading this, well, it kind of awakes you. Anyway, it all started from an spam e-mail, which lead to an e-mail address and an IP. Which then led to an address and some domains, which revealed some more e-mail addresses and some real phone number, and so on.

At the end of it, this guy knew the spammer's family, names, ages, some portions of US SSN, real address, real phone number and much more, all of it using public websites, like facebook, myspace or intelius, whois searches, and he even had a picture of this guy's house using Google Maps.

A good step into privacy is following these simple rules. But somehow these are not always enough. And I know a lot of people now following even a half of those. Let's say I obey 9 out of 10 rules. That's because I didn't get to check privacy rules on LinkedIn, and I can think of a few flaws some guys can take advantage of. Anyway, if I were you, I'd blindly obey every of those 10 rules after reading what's in the first link in this post. And, ...as my eyes are getting sleepy ...sleepy..I just realized that FB is the biggest flaw of them all. That's because I know I obey most of those rules, and feels ok. But, I've set all my privacy settings around my Friends. So, they can see everything, except one thing I can only see myself - friends list. Well, what can I say, a lot of ex-girlfriends. Anyway, what if some ex, or whatever girl/guy is not following those rules, not even half? Social engineering is very hard to pull, but very effective. They can get their accounts hacked in a week. I've read few months ago about this penetration test some security company did with a client based on social engineering, and they got to find out everything, infrastructure, passwords, IPs ...etc. So, if one fails to follow those rules, get her/his account hacked, and someone could quickly get personal info about me. This sucks!

So, I guess the best privacy measure people should take is not posting shit online, and, of course, not tell personal info to people they just met online. Nothing! I think I will repeat myself, but anyway, I knew this philippino girl, we met online, and she liked doing something some people would pay for in front of her webcam. No details here. Anyway, she met this dude, she continued to do that thing, since one day, when she decided it's not ...moral. Or something! But, it turns out, that guy became her favorite stalker, she somehow told him her home address and cell phone, and he started threaten her about doing stuff to her or to her parents and shit. Don't really know the end of the story, ..oh well, at least I know she's ok, till next time she fucks it all up. That's because, few months after this guy, she met me, and yeap, I also knew her cell phone and shit. Some people never learn!

But, people should learn someday. Personally, from time to time, like ...once in 2-3 weeks, I test FB privacy settings to see what people are seeing about me, and Google Dashboard, that's because I'm a sucker for almost all Google products, and it helps people to see what infos they're sharing with others, including Google. And, starting tomorrow, I have to do something about passwords...well, it's actually 3:20 am..so this means, later today. I'll have to change most of them to something more random, not repeat themselves on some websites, like they do now.

Friday, July 2, 2010

Second hardware failure

First, there was the motherboard. Its integrated network card didn't want to go faster than 10Mbps full duplex, just out of nowhere. Great! Got it to the people I bought it from and they surprisingly said the "defect didn't show up". Ok, so they sent it back to me. Also surprisingly, it worked! So, it's not working, sent it to repair, they say they didn't do anything, got it back, installed it, fire up the computer, it works. Fine!

Few days ago S.M.A.R.T. said I should better backup everything, because my hard-drive will eventually die, but very soon. Fuck Win7, so I booted a Ubuntu Live CD, installed smartmontools, and checked the disk:

root@ubuntu:~# smartctl -H /dev/sda
smartctl version 5.38 [i686-pc-linux-gnu] Copyright (C) 2002-8 Bruce Allen
Home page is http://smartmontools.sourceforge.net/
=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: FAILED!
Drive failure expected in less than 24 hours. SAVE ALL DATA.
Failed Attributes:
ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
5 Reallocated_Sector_Ct   0x0033   036   036   036    Pre-fail  Always   FAILING_NOW 2622

2622 bad sectors?, failing now?, well, that's not a nice thing to have on your hard drive. So, I took it to the service yesterday, and hopefully, Seagate will send me another one, veeery fast. Luckily, my small EEE PC 1008 HA is running smoothly, with no evidence of a problem whatsoever.

Thing is, this is my second desktop I've bought on my own, and my 3rd desktop overall. First 2   didn't have any hardware failure. The one before the current one, well..I had to change, after 2 years, the power supply, because this cheap power supply I bought first suddenly didn't want to offer enough power for all components and that was the only thing replaced on that desktop in about 4 years of constant usage.

Friday, June 25, 2010

XenServer 5.6 (I)

This will be a tutorial for XenServer administration. But…the free edition. What can I say, don’t have the necessary funds to test the Enterprise edition. This will cover both XenCenter and CLI administration tasks that can be accomplished on XenServer installation.

User authentication

XenServer automatically creates the root account for administration of XenServer machines. But, if you want to add more users, from an Active Directory installation, you can add them from XenCenter, or from CLI. What's good about CLI is that it can autocomplete the params for the commands you enter, which is pretty cool for people using XenServer for the first time.

XenCenter>
CLI>
xe pool-enable-external-auth auth-type=AD \

service-name= \
config:user= \
config:pass=
Unfortunately, in the free version, you can't assign Roles to users added, but it's a nice feature, and it will stop people using the root account. If you don't have DHCP enabled in your AD infrastructure, although I doubt it, you can add your Domain Controllers as DNS servers on XenServer like this:

XenCenter>

CLI>
xe pif-reconfigure-ip mode=static dns=
And if you'd like to disable external authentication, you can go to XenCenter and delete the joined domain/users or use the CLI to do it.

CLI>
xe pool-disable-external-auth
XenCenter and CLI defines users in different names. XenCenter uses "user", and CLI uses "subject". So, adding users from XenCenter is pretty straight-forward, but, from CLI you should type this:

CLI>
xe subject-add subject-name=
To remove a user, you should follow a 2 step procedure:

CLI>

first, you should get the subject's identifier like this:
xe subject-list
or using filter to do it:
xe subject-list other-config:subject-name=''
and then, use the following command to remove a subject:
xe subject-remove subject-identifier=
Terminating all authenticated sessions can be done also from CLI:
xe session-subject-identifier-logout-all
Role-based access control (RBAC)

This is a feature in XenServer Enterprise or higher. By default, there are 6 roles defined with different levels of access: Pool Admin, Pool Operator, VM Power Admin, VM Admin, VM Operator, Read Only. You can see them all using CLI. Other useful role managing commands using CLI are listed below.

CLI>
show defined roles
xe role-list
show subject's role
xe subject-list
add a subject to RBAC
xe subject-add subject-name=
assign a role to an already created account
xe subject-role-add uuid= role-uuid=
or
xe subject-role-add uuid= role-name=
change a user's RBAC role uses a role-remove and a role-add commands to do it
xe subject-role-remove uuid= role-name=
xe subject-role-add uuid= role-name=
Resource pools
This the XenServer version of VMWare's Cluster. Hosts in a resource pool can for example start migrate guests, start them on whatever host is low on resource consumption, but they should be all connected to the same shared storage do to it. In a High Availability resource pool (which is not available in the free version), when a hosts fails, of software or hardware, the guest is automatically started on another running host in the resource pool. I can't test it using the free version, but hopefully works better than VMWares HA which I did test. What can I say, VMWare HA sucks. I test it using the poweroff command. All good. Virtual machines were moved to another hosts, but on a PSOD (aka Pink Screen of Death - something like Windows blue screen), it didn't. Virtual machines kept being down, and VMWare HA couldn't start them on another hosts because the files on the shared storage were somehow locked by the failing host, and they couldn't be started by the rest of the hosts in the cluster.

To add hosts in a resource pool you can use both XenCenter and CLI to do it.

XenCenter>
CLI>
add host to a resource pool
xe pool-join master-address= master-username= master-password=
name a resource pool
xe pool-param-set name-label=<"New Pool"> uuid=
remove a host from a pool
xe host-list
xe pool-eject host-uuid=
find out what pool is a host part of
xe pool-list
Hmm, I've tried to find a way to remove a host from a pool using XenCenter and couldn't find a way. So the only chance might be the CLI. I tried to create a new pool and add the machine I wanted to remove to that new pool, but it said it's already connected to the master of the pool. Damn!

High Availability
Although I will not be able to try this right now, I'll just write this here, for future reference when I'll need it.
So, to be able to use HA feature, you'll need:
- shared storage for all VMs in the resource pool
- a shared resource (SR) with at least 356MB of storage
--- 4MB heartbeat volume
--- 256MB metadata volume
- a XenServer resource pool
- Enterprise licence on all pool hosts
- static IP addresses on all pool hosts
Not having the enterprise license, I can only write about CLI commands that I can find in the manual. So, here they are:

CLI>
enable HA on a resource pool
xe pool-ha-enable heartbeat-sr-uuids=
set restart priority for every HA protected VM
xe vm-param-set uuid= ha-restart-priority=<1> ha-always-run=true
calculation of maximum hosts that can fail before the pool will run out of resources to run all VMs in HA
xe vm-param-set uuid= ha-restart-priority=<1> ha-always-run=true
specify the number of failures to tolerate - must be less or equal than the computed value from above
xe pool-param-set ha-host-failures-to-tolerate=<2>
remove HA protection of a VM
xe vm-param-set uuid= ha-always-run=false
shutting down a host when HA is enabled
xe host-disable host=

xe host-evacuate uuid=
xe host-shutdown host=
To be continued.. :)

Friday, May 21, 2010

Lookout

Lookout is a smartphone application that has a built in firewall, antivirus, backup module that can backup almost everything, including call log, sms, contacts, pics and videos and so on. Using the website, in case of you lost the phone, you can "nuke" it, so you delete every information available on the phone but you still get to have the online backup, you can make your smartphone "scream"...and trust me, it screams like hell, and it's a very good application for people not knowing where they placed their phones.

You shouldn't trust the firewall too much, ..as the matter of fact, I disabled it, that's because it blocked my access to the internet, giving me an error about some MAC addresses, so it's not that well built, but I hope it will be, so I can enable it again.

It also has a location feature on the web, where you can locate your cell phone, and it's actually working. Although using my wireless connection got closer to my location (it said accuracy was 2.8km, but it was around 1.5km) but using my EDGE connection, it showed a location with 5km accuracy...and yeap, it was further than the wireless showed.

You can browse the content you transferred on their website, including contacts, messages, pictures. You can change settings from the web on the lookout software installed on your smartphone. For example, I can re-enable firewall from the web interface, I can change backup settings, antivirus settings, and so on. And you'll have 1.5GB of storage, with is more than enough to save vital that from your cell phone. And, they log what your software does on your cell phone like this:


Virus scan completed: Files scanned: 4686. Infected files found: 0. Files quarantined: 0.
-
Your first virus scan has been completed.
-
You backed up 97 SMS messages.
-
You backed up 301 calls.
-
You added 1 new document.

Anyway, I think it's one of the coolest app someone should have on a smartphone, so I guess you should give it a try.

Thursday, May 13, 2010

Google Apps and Aviary

I wanted to start testing Google Apps, of course, the free version. I don't need Google Video, 99.9% SLA and other crap that the premier edition is offering. Anyway, even if I was a company, I think I'd really need only the free standard version, but with a specific SLA and some security enhancements like the enforced SSL and single sign-on. After checking the features of all google apps editions, I've started looking for some free cool apps on their google apps marketplace to enhance the google apps experience. And of course, I was looking for the free ones. This is how I got to Aviary. And no, it's not about that aviary flu...Aviary is a website that lets you edit multimedia on the fly, ...and on the web. I really don't find the FAQ about storage, but it should probably me almost unlimited. So, Aviary has:

  • image editor
  • effects editor
  • color editor
  • vector editor
  • audio editor
  • image markup
So far, I've been playing with the image editor, and audio editor. And they're pretty cool, considering they're free, you can do everything online, and of course, access everything through an internet connected computer, and, it integrates perfectly with Google Apps. And, after I created my account on Aviary website, there is this "dashboard" where you can see what others have created, and I've looked through some of the pictures...it's just ..WOOOW...I mean, some people really got skills. Don't expect Photoshop or Soundbooth, because you'll be disappointed, but if you need some simple multimedia editing, and of course the Google Apps integration, Aviary is the right (and FREE) choice.

Tuesday, May 11, 2010

Office Live Workspace beta

Which should be the online version of Microsoft Office 2010, which should compete with Google Docs or ..Zoho...or whatever. Unfortunately, for my Ubuntu 10.04 LTS and Chromium, it's not available. To be more specific...

To use Microsoft Office Live Workspace beta, your computer must meet one of the following requirements:
Microsoft Internet Explorer 6, 7, and 8 running on Microsoft Windows XP, Windows Server 2003, or Windows Vista. You can download Internet Explorer from the Internet Explorer page.
Mozilla Firefox running on Windows XP, Windows Server 2003, Windows Vista, or Mac OS X 10.2.x and later. You can download Firefox from the Firefox download page.
Safari 3 and 4 on Mac OS X 10.2.x and later.

Thursday, May 6, 2010

Snorby

Snorby is a front-end for the well-known Snort IDS. It looks nice, it's open source, and it's very easy to set up. It's also available as a virtual machine file. You can get reports, schedule them, leave comments on events, and it also has a feature called "Teammates" which can create teams and send appropriate events and notification to different created teams. A small video about it can be seen below.

Snorby - All about simplicity. from Dustin Webber on Vimeo.

Saturday, May 1, 2010

Pino

Pino is a very fast alternative for the default Gwibber in Ubuntu 10.04 LTS (Lucid Lynx), which actually did something to my startup and shutdown time. After uninstalling Gwibber, everything got back to normal. I like the speed of Pine so much, that I decided to help this project with the romanian translation.



[update]: I'm very happy to contribute to this project with the Romanian translation. It's all on Transifex. Maybe someone else could get a look on it and make the necessary corrections...if any to make.

Thursday, April 29, 2010

Alfresco Enterprise CMS /etc/hosts problem

I've been trying for the last 4 hours to make a test installation of Alfresco on a Ubuntu 8.04.4 LTS virtual machine. Unfortunately, I had a very strange problem about some ObjID already in use. I've tried everything, ...like, changing ports, disabling apparmor, reinstall, everything...But, after those 4 hours..or maybe more, I just found the answer here. The problem is that in /etc/hosts I had a different IP for my hostname, that's because it was actually a clone of another machine, so it had the original's IP address in that file, and I had to change the IP for not having an IP conflict, ...anyway, after modifying my /etc/hosts file, I reinstalled everything, and works smoothly.

Tuesday, April 27, 2010

GMail storage increase rate

Since I don't have anything more important to do, I was just noticing the counter on the GMail welcome page, and it's actually increasing with 4 bytes per second. Actually, there are more sick guys then me out there. This dude actually calculated the time necessary to increase the storage from current to 10GB...and the result was...20 years! ..and the increase rate per day is something around 350KB. For me I think it's quite enough, because although I'm using GMail for many many years, and for some time now, I'm gathering all my e-mails to this account, I'm only using aprox. 1GB of storage. Mainly because I only keep important e-mails, and delete all the crap / spam / newsletters that I'm not interested in reading 1 year from now.

But what happens to girls that spend most of their time in front of their computers watching pics and movies from e-mails sent from another bunch of girls with nothing to do than just forward them around? Maybe it will take Google 20 years to get to 10GB storage, ...but it will take me a hell lot more to fill that. Anyway, I know girls that can fill up that 10GB in 1 year. And that including those 20 days of legal vacation around here. :)

So, ..I was just checking now how Windows Live is coming with the storage. Yahoo is unlimited, although I guess that if you're planning to store a 1TB e-mail storage, and make sure you grow it by the end of this year, Yahoo will suddenly enable e-mail quota again... :) But, Microsoft says "Windows Live Hotmail includes ever-growing storage to provide you with as much storage space as you need, provided that you send and receive a normal amount of e-mail. Your inbox capacity will automatically increase as you need more space." So, I guess that Microsoft somehow automagically (I know, it's incorrect, ...but I just learned that from CPanel's funny status messages) increases your quota depending on how much storage you're using. And now I was thinking that I'll never loose an e-mail with this policy. Quota gets to max, Microsoft increases quota, e-mail arrives. WRONG! Microsoft also says "If your inbox surprises us by suddenly and abnormally skyrocketing in size, you may get an e-mail from Windows Live Hotmail asking you to slow down, move e-mails from Windows Live Hotmail to your desktop, or to delete some old e-mails. Please read these e-mails and follow the advice provided in them to continue to enjoy ever-growing storage, which should be plenty of storage for you so that you don't have to worry about running out of space." So, there's no number in "ever-growing storage" ...and how is that "ask you to slow down"?..Like, you're responsible for e-mails you receive, and you should tell people that sends you e-mails to slow the fuck down. Funny, indeed. There should be a trick in Yahoo's infinite storage, but I'll have to dig more on their website.

[update]: This is what's on Yahoo about their unlimited storage:


How does unlimited storage work?
It’s pretty straightforward—users who follow the Yahoo! Terms of Service and our anti-abuse controls can consume an unlimited amount of free email storage. This will apply to both new and existing users.
Wait – what? Wow!
How can Yahoo! afford to give away unlimited email storage?
By hiring outstanding engineers, of course! Ours have been hard at work developing an incredibly efficient backend storage system. This storage system gives you the option to never delete another email! Unless, of course, you want to. The purpose of unlimited mail isn’t to provide an online storage warehouse. Usage that suggests this approach gets flagged by our anti-abuse measures. In order for our system to work efficiently, our abuse control systems may limit the number of emails you may send or receive when it appears your usage is excessive. These abuse control systems may also impact the rate of growth of your account and you may need to create new folders or move some emails to other folders, if you are experiencing response issues.
How will you prevent abuse?
Yahoo! employs a variety of anti-abuse methods. If our anti-abuse system detects potential abuse we may take action. These anti-abuse controls enable us to better identify users who are not using the service appropriately under the Terms. Our goal is to ensure that everyone benefits from unlimited storage!
So, I'm pretty sure they have something like M$ has. If you receive too many and too big e-mails you'll receive an e-mail from Yahoo like this:

From: Yahoo's Outstanding Engineers :)
Subject: Storage full
Message: Please tell your friends to slow the fuck down, We bought all harddrives we could find. Please hold them off a day or 2. We're just going to fly to the factory and get some cargo flight with some more, install them, and after that, you can continue your messaging as usual. :)

Sunday, April 25, 2010

EEE PC 1008HA hotkeys on Ubuntu Lucid Lynx 10.04 LTS

So, it seems that Asus is somehow sniffing on the installed operating system and acts accordingly. So the way acpi works is related to what OS the mainboard thinks you have. Newer kernels don't advertise themselves, so you should do that manually by adding "acpi_osi=Linux" to /etc/default/grub file to GRUB_CMDLINE_LINUX_DEFAULT variable so it will show like this:
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash acpi_osi=Linux"
Then run "update-grub" as root or with sudo, reboot, and that's all. 

Friday, April 23, 2010

Ubuntu 10.04 LTS updates

After the latest updates installed, there's the battery icon both in Notification Area and Indicator Applet, and notification about battery charging and discharging got bigger, which looks uglier on my small Eee PC screen. Hopefully, they'll fix this by the release date on 29th this month. They'll also have to fix my hotkeys problem, and not that grub fix that finishes the ethernet card.

[update]: you can hide one of the icons by left-clicking the icon and then "Preferences", and then on the last tab called "General" check the "Never display an icon" option, and then Close. My choice was to never show the icon from Indicator Applet, because the one in Notification Area is smaller, and I like small things on my small Eee PC desktop.

[update #2]: after disappearing again, it reappeared today. I guess it has something to do with update-manager but I'm not sure what exactly. Still, after few updates including acpi-support, no support for my hotkeys. Hopefully they'll get all bugs fixed by the end of next week, when the release date is coming. They've also discovered a memory leak in X.org package, but fortunately, I don't seem to get affected or at least, the startup time looks ok to me. The only thing that's slowing my boot is after the login screen, and it's because AWN is loading. Unfortunately, I like it too much to see it gone, so I'm not uninstalling it soon, I'll just have to get used to those 10 seconds of freeze before everything appears on my desktop after the login screen.

Wednesday, April 21, 2010

My nerd score... :(

I just found this on some Planet Gnome blog, and decided to take the test myself...here's the result:



I am nerdier than 95% of all people. Are you a nerd? Click here to take the Nerd Test, get geeky images and jokes, and write on the nerd forum!

Monday, April 19, 2010

Avant Window Navigator

AWN it's a cool dock-style panel that I just discovered today. It was added automatically for some plugins of banshee media player. I tried installing it because of the lack of equalizer of Rhythmbox. Unfortunately, wasn't very impressed by the performance, and the banshee-telepathy plugin to be able to change my Empathy status, was missing from the repository, and I wasn't able to install.

Anyway, AWN, looks great, works great on my EEE PC, and has really nice effects, ..and applets. All packages including extra applets are:

awn-applets-c-core
awn-applets-python-core
awn-applets-python-extras
awn-settings
libawn1
python-awn
python-awn-extras

I just took a print screen of how I've made it look...

Thursday, April 15, 2010

TeamViewer for Linux (beta)

So, TeamViewer just released the Linux version of their software. There is an archived version, and also RPM and DEB packages for whatever distro you might use.  It's beta, but it's worth trying.

GMail insert invitation

There's a new feature in GMail. It allows you to send invitations to events directly from your GMail interface. It automatically inserts the event in your calendar, and to the ones you send the invitation to. GMail blog post made me very proud of being the same nationality as the girl who posted this to their blog, a software engineer called Oana Florescu, a very ..romanian name.

Wednesday, April 14, 2010

CheckGmail

CheckGmail is a nice GMail checker. It blends in the panel because the current version has transparent icons, and it's a nice thing to have, if you're in my place and you uninstalled all e-mail clients because you wanted the browser version and not another software installed on your computer. On a new e-mail, the icon looks like this..



Bad part is that it won't work only with "apt-get install checkgmail". After installing, you'll have to get the latest SVN version with "sudo checkgmail --update". When asked, press capital "Y". That's all folks!

Tuesday, April 13, 2010

new improvements to Google Docs

Packet Tracer 5.2 font problem

I tried to start the newly installed Packet Tracer 5.2 on my Ubuntu 10.04 LTS beta 2. Unfortunately application fonts were really fucked up. But, there is a fix for that.

- first of all, Packet Tracer runs on its own QT4 libraries, and you don't want that. So, to change that, edit this file "/usr/local/PacketTracer5/packettracer" and comment out this line:

# export LD_LIBRARY_PATH=$PTDIR/lib
- after that, you have to install whatever QT4 missing packets you have to install this:
apt-get install libqt4-gui
apt-get install libqt4-webkit
apt-get install libqt4-qt3support

if it still doesn't work after all this, just do this:
apt-get install libqt4-dev

Then your Packet Tracer is ready to go and simulate Cisco equipment.
Have fun!

Ubuntu 10.04 LTS beta 2

Unfortunately, Ubuntu still has to fix some of the bugs people have until the final release gets out by the end of this month. I'm testing it on my Asus EEE PC 1008HA...and I have the following annoying bugs:

- after login, when my desktop appears, indicator applet icons and notification area icons get messed up. It all sorts out after a log out, log in.
- eeepc_laptop module is not loadable, ...the error is "no such device"..still hoping it will work soon because I miss my hotkeys functionality. There was this "fix" available on the net, but unfortunately, makes your ethernet card unusable.
- empathy should have a default window size for every chat that should be setup in gconf, or at least should remember the chat window size settings for specific users. Unfortunately, it doesn't, any of them. Hopefully, at least the remembering will be done by the final release of 10.04 LTS.
- this is something related to rhythmbox "IM status" plugin. Although it sets the correct status when the song is changing, sometimes the status empathy shows in the dropdown list is stuck.
- and 1 more for empathy. Sometimes, using the default Ambiance theme, the status bar in empathy just disappears, and the workaround I found is to go to Preferences > Appearance and change to another theme, and back to Ambiance theme. Status dropdown list appears automagically. :P This shit happened to 9.10 as well, and I discovered this workaround back then.
- and the last one,..there's a huge space between icons in indicator applet, and it annoying in my 1024x600 screen. They can have some custom gconf setting for that, or they can make the distance smaller by default.
- I was just joking, this is the last one. :) I guess there's something wrong with the Intel graphics drivers. Because in 9.10 I had no problems running Compiz, but in 10.04, there is a flickering line in windows while moving them, and I don't know for sure why.

And a good thing I've noticed about 10.04 LTS beta 2. Wireless drivers. They're excellent. In 9.10 I always used the tutorial I had in my blog to update drivers every single kernel upgrade I was doing. But this time, wireless drivers work well out of the box, so there's no more need in compiling new ones.