Wednesday, December 29, 2010

FreeBSD kernel recompilation

This can be done very easy. First of all, you'll need kernel sources installed, using, of course, sysinstall. You'll have to get to "Configure" menu, then "Distribution", then "src" and then you'll have to check "base" and "sys".

After all that crap is done, you'll need to get to /usr/src/sys/i386/conf/ and then copy the default GENERIC configuration to a custom config file, which I called CUSTOM :P

cd /usr/src/sys/i386/conf/

Then you'll have to edit the CUSTOM file using your favorite editor (nano in my case), and disable everything you don't need. You can use FreeBSD handbook to see which can be safely disabled and what not.

To compile your custom kernel, using the CUSTOM file, you'll need to get back to /usr/src folder and run:

make buildkernel KERNCONF=CUSTOM

and then:

make installkernel KERNCONF=CUSTOM

All done!
..seriously...all done! You have your custom kernel booting up at next reboot. BUT, if you'll have any problems with booting up this new kernel, like ..kernel panic, well, DON'T PANIC! That's because there's an easy way to revert to your old working kernel:

- at boot menu, choose option 6 - "Escape to a loader prompt"
- type unload kernel
- type boot /boot/kernel.old/kernel (after successfully installed a new kernel, the old kernel can be found there)
- you can also check what exactly went wrong (missing module, or whatever) by checking /var/log/messages file.

For safety reasons, there should always be a backup of the GENERIC working kernel in some place like /boot/kernel.working/kernel.

Monday, November 22, 2010

vsftpd check_shell

So, I wanted to give a restricted SSH access to www-data to be able to write in /var/www. So I did. Unfortunately, the ones who were supposed to use that account, they use WinSCP, and rssh is not that compatible. rssh works well with scp command line utility from Linux, but they're Windows lovers. So I had to give them a ftp account to that same folder, and with the same account - www-data. So I installed vsftpd, with apt-get install vsftpd. I enabled local users, write permission and all that. And then tried to login using www-data and the password I've set up. Nothing. Login incorrect. I retype password, reset the password. Nothing! After googling around, I found out that it needs a valid shell, and you can disable it by entering check_shell=NO. But "Note! This option only has an effect for non-PAM builds of vsftpd. If disabled, vsftpd will not check /etc/shells for a valid user shell for local logins."

So, considering most of installation are PAM based, this option is useless. So, in my case, I had to add rssh shell to /etc/shells. Reboot the server (source might work, too) and now I can login through ftp using www-data account, and I can also use rssh with the same account.

Tuesday, November 16, 2010

Installing Hydra 5.8 on Ubuntu 10.10

First of all, you should get the source from here.

After this, you unzip it, and run configure. Whatever library you don't have, you can install using apt. Unfortunately, I had a problem with Firebird libraries. Looks like, although I installed them, hydra couldn't find them. I tried a symlink to it, but in vain. Other packages you can install are:


For the compilation to work smoothly, you'll have to manually edit the generated Makefile:

- edit the first like to look like this:
CC=gcc `/usr/bin/apr-1-config --cppflags --cflags`

- edit the 4th like to look like this:
XLIBS= -lssl -lncp -lpq -lsvn_client-1 -lapr-1 -laprutil-1 -lsvn_client-1 -lapr-1 -laprutil-1 -lssh -lcrypto

- edit the 6th like to look like this:
XIPATHS= -I/usr/include/subversion-1 -I/usr/include/apr-1.0

If you don't do this, you'll probably get some errors like:

/usr/include/subversion-1/svn_client.h:878: error: expected specifier-qualifier-list before ‘svn_ra_progress_notify_func_t’
hydra-svn.c: In function ‘start_svn’:
hydra-svn.c:106: warning: ‘svn_client_get_simple_prompt_provider’ is deprecated (declared at /usr/include/subversion-1/svn_client.h:111)
hydra-svn.c:120: warning: ‘svn_client_ls’ is deprecated (declared at /usr/include/subversion-1/svn_client.h:4077)
make: *** [hydra-svn.o] Error 1

Monday, October 4, 2010

Orkut BETA

Few months ago, people got upset on FB privacy issues and some of them actually moved to Orkut. Few weeks ago, I re-enabled my Orkut account, and now I was just checking it. It's so damn BUGGY. I know it's not that used like FB, but I've heard it has a lot of users in Latin America, especially Brasil, and India. How can these people use this? The really annoying things I just discovered:
- there's a default photo album called "Album de Radu", which is not even romanian, ..WTF?! ..and the buggy part is, it can't be renamed. I mean, it can be, but if you refresh the page, it will have the same "Album de Radu" name...
- randomly, links stop working, the main ones: home, profile, scraps.
- and I was thinking, after they sort out these issues, and probably many more others, they should make some "import friends from FB". This should be an easy way to spam everyone there into making an Orkut account.
- and again, being Google and all that, there's no contact e-mail for support, so, if you're having problems, you better check forums, than actually receive some answer from Google.

I'm beginning to feel like Orkut is some kind of beta testing for an actual social network shit. I know they have a "BETA" in the icon of Orkut, but seriously, they're testing this for too long. They should really add a working, less buggy version of Orkut, and then add features one by one, of course, with some TESTING FIRST, in a TESTING ENVIRONMENT, NOT live. And, like Buzz, it should have a way to connect sites to Orkut. Like, I'd like my friends on Orkut to see what I'm Buzz-ing about, what I post on Blogger, and so on. And Picasa Web and Picasa desktop should have a way to share pics from an album directly to Orkut, not the import thing you find here...I'm using the Linux desktop version of Picasa, and it should be nice to be able to share pics directly from it to Orkut, with or without posting them to Picasa Web Albums first.

[update #1]: Removing application: BUGGY! I've searched for a chess game, trying to find one I can play in orkut page, but I found some bullshit called "Crazy Chess Games Online". So, it's a crap, something like arcade games, and I wanna remove it. So, I went to "My applications" and clicked on "remove", and a message saying "no more application" appears. Then, I go to my home page, and I see "applications (1)"...Guess what?! "Crazy Chess Games Online" is still there...damn!

[update #2]: So, I'm trying to edit the "About Radu" section in my profile and this is what Orkut says. "The content you''re posting looks like spam, so it''s being sent to the recipient''s spam folder." , and I can't save that text no matter what. Pfff...And no, still can't get rid of that chess application. Hmm...I guess I better delete my account and let Google spam me whenever they thing Orkut could be a good alternative to that FB social network.

UNIX/Linux test

So, I've been asked at a UNIX test about block and character devices. I've done a lot of things on Linux, BSD, but this question was a complete stranger for me. And, if this is a complete stranger for somebody else, here's the answer taken directly from Wikipedia:

Character devices
Character special files or character devices relate to devices through which the system transmits data one character at a time. These device nodes often serve for stream communication with devices such as mice, keyboards, virtual terminals, and serial modems, and usually do not support random access to data. In most implementations, character devices use unbuffered input and output routines. The system reads each character from the device immediately or writes each character to the device immediately.
Block devices
Block special files or block devices correspond to devices through which the system moves data in the form of blocks. These device nodes often represent addressable devices such as hard disks, CD-ROM drives, or memory-regions.
Block devices often support random access and seeking, and generally use buffered input and output routines. The operating system allocates a data buffer to hold a single block each for input and output. When a program sends a request to read data from or to write data to the device, the system stores each character of that data in the appropriate buffer. When the buffer fills up, the appropriate operation takes place (data transfer) and the system clears the buffer.

Very simple answer, isn't it?!

[update]: Damn, looks like I confused another answer too...about file descriptors. Again, taken from Wikipedia...
In POSIX, a file descriptor is an integer, specifically of the C type int. There are 3 standard POSIX file descriptors which presumably every process (save perhaps a daemon) should expect to have:
0 Standard Input (stdin)
1 Standard Output (stdout)
2 Standard Error (stderr)
Generally, a file descriptor is an index for an entry in a kernel-resident data structure containing the details of all open files. In POSIX this data structure is called a file descriptor table, and each process has its own file descriptor table. The user application passes the abstract key to the kernel through a system call, and the kernel will access the file on behalf of the application, based on the key. The application itself cannot read or write the file descriptor table directly. In Unix-like systems, file descriptors can refer to files, directories, block or character devices (also called "special files"), sockets, FIFOs (also called named pipes), or unnamed pipes.

This one was a bit complicated to explain, but...still, quite simple.

Wednesday, September 29, 2010

installing VMWare Virtual Center 4.1 (VCenter)

First of all, it requires a 64bit version of Windows 2008 Server, and I didn't know that when I have to. After installing that, you'll need to install SQL Server, and I installed, again, the 2008 Standard version. Having the operating system and SQL server installed, is not enough for a smooth VCenter installation. You'll also need:
1. create a database for VCenter, and an owner for it, of course, with a password.
1. create a System DSN for VCenter to use to connect to your SQL Server - don't use "SQL Server", use "SQL Server Native Client", and set the user to be the newly created one, and the default database to be the newly created VCenter database.
3. disable Full recovery - in SQL Server Management Studio > right-click VCenter database > Properties > Options > Recovery Model > Simple (instead of Full)

This will grant you a smooth VMWare vCenter 4.1 installation.

[update] To install vCenter Update Manager, you'll need to create another pair of username/database. But, this time, you'll need to create a 32 bit System DSN. This is done like this:

Start > Run > c:\windows\SysWOW64\odbcad32.exe

This utility creates 32 bit System DSN on a 64 bit operating system. That's all, for now..

Windows Updates error code 80010108

So, I'm beginning my learning for the VCP certification I want to take very soon. Anyway, I've installed the required Windows Server 2008 Standard x64 for vCenter, and something happened when I first tried to update. Since then, Windows Updated didn't work. After some google searching, I found out that Windows Update Agent might be fucked up. In order do download the latest version from Microsoft website, go to:

Install it, then run Windows Update again, it should work, hopefully :)

Tuesday, September 28, 2010

Proventia Server for Linux

I was very happy when I found out there's a Provetia Server for Linux. But, there are 2 limitations:
- it's only installable on RHEL which I thought I could easily pass by modifying the install script
- it only wants s390x architecture...say what?!

So, to be more exact, this is the check in the install script:

function CheckOSSupport {
# Check whether the platform is supported or not
HW=`uname -m`
if [ $OS_NAME == "RHELREL" ]; then
if [ $HW == "s390x" ]; then
$GREP -q 'Red Hat Enterprise Linux Server release 5' /etc/redhat-release
if [ $? -ne 0 ]; then
$GREP -q 'Red Hat Enterprise Linux [EA]S release 4' /etc/redhat-release
if [ $? -ne 0 ]; then
$GREP -q 'Red Hat Enterprise Linux Server release 5' /etc/redhat-release
if [ $? -ne 0 ]; then
if [ $OS_NAME == "SUSEREL" ]; then
VERSION=`$GREP VERSION /etc/SuSE-release | tr -d ' ' | cut -f2 -d'='`
if [ $VERSION -le 9 ]; then

Wednesday, September 15, 2010

Port Knocking

Someone recently asked me about securing SSH server. The only options I thought then was changing the port, disabling password interactive login, and enabling public/private key pair to authenticate. This should be enough in most cases. But, there's more. One of them is version cloaking. This can be done with a patch applied to the source of OpenSSH and recompile it. Another way to secure remote access is port knocking.

Its main principle is this. Port 22 is locked. You have to knock in a custom manner in order to get the port opened only for the incoming IP that knocked. The server side, includes a daemon called knockd looking for specific sequence of knocking on the server door. You can configure a specific order of ports to knock, a specific flag those packets should have, a sequence timeout, commands, and few more options. The command, in this case, will be to open port 22 for the incoming IP that knocked exactly in the same order the server is setup to listen. You can also use another sequence of knocking to close the same port, that actually deletes the firewall rule added earlier.

The client side, well, I tried around 3 port knocking clients, and the last one went well, being made by the same guys who did the server, This includes also a windows version that can be easily run from a command prompt window. You can configure the host it will knock, type of packet, order of ports, and so on.

Installation on Ubuntu is a very easy apt-get install knockd.
You'll be able to start the daemon by enabling it in /etc/default/knockd.
Configuration file is /etc/knockd.conf, and I've first used it using (almost) one of the configuration found on website:

logfile = /var/log/knockd.log

sequence = 7000,8000,9000
seq_timeout = 10
tcpflags = syn
command = /usr/sbin/iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPT

sequence = 9000,8000,7000
seq_timeout = 10
tcpflags = syn
command = /usr/sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT, this configuration, listens for TCP packets, with the flag syn, in a sequence of 7000, 8000, 9000, with a timeout of 10 seconds. After it detects that, it automatically grants port 22 access to the incoming IP. If the daemon gets the reverse order of knocking, it will automatically delete the rule, so, closing the port again for all IPs. Unfortunately, those knockings can be easily read on a packet sniffer between you and the secured server, but, it's how you can secure more a SSH server. Oh, and, in case you don't want to be left outside on the server, in case of daemon failure, you should get a script running that automatically checks if the daemon is running, and automatically restart it in case it's stopped.

That's all folks!

Monday, September 13, 2010

running out of space in VirtualBox

So, I have this Windows 2008 Server Standard on a VB virtual machine. I've initially allocated 512MB ram and 20GB of hard disk, considering it will be enough for my test of IBM SiteProtector, the Express installation of it. Unfortunately, it isn't. And I have a lot of warnings in SP Console about disk space. So, I needed to enlarge my ..hard drive in order to get rid of those warnings, and I found this solution:

1. Create a new disk from Virtual Media Manager > Hard Disks - in my case, I've created a new, 30GB large one.
2. Download System Rescue CD from here. It's a Linux distro with XFCE window manager, and the software you need - GParted (an open source Partition Magic :P )
3. Start your virtual machine with both disks ( in my case, the 20GB and 30GB disks ) and mount System Rescue CD as a CDROM in your VM with the option to boot from it first.
4. When it boots, select "SystemRescueCD: default boot options" - this will get your live CD up and running.
5. type "startx" on the prompt to start the window manager.
6. type "gparted" to start working on partitions.
7. right-click /dev/sda1 (my windows partition) and click "copy"
8. select /dev/sdb from the disk select list in top right corner
9. right-click the disk and select "paste", it will ask you to create an empty partition table.
10. drag the slider to the max size of your sdb disk; then click apply.
11. wait...more or less, depending on disk size...
12. right-click newly /dev/sdb1 > Manage Flags > check "Boot" and then OK.
13. power off virtual machine, remove CD, remove original drive, and then start the virtual machine with the newly created disk.

This just worked for me..5 minutes ago.. :)

Thursday, August 26, 2010

Windows Mobile POP access on GMail failing to retrieve e-mails

So, I've been using my Samsung Omnia for over an year to collect messages from my GMail account using POP. But, from time to time, something strange happens, and my Outlook or whatever Windows Mobile default mail client is called, suddenly stop retrieving e-mails. Connection is fine, logging is fine, retrieving is ..not fine.
So, the workaround for this, although you can loose some e-mails in your WM client, but don't worry, you'll have them all in your GMail interface (well, not actually loosing from your mobile,'ll just have some e-mails on GMail that will not get fetched to your smartphone), is that, when you actually notice that no e-mail is being retrieved anymore, go to GMail account > Settings > Forwarding and POP/IMAP and select "Enable POP for mail that arrives from now on" and click on "Save Changes". Then, go to your WM smartphone and click on "Send/Receive", and suddenly, it works again. And, of course, you'll not retrieve the e-mails from when it started to fail to work, till the moment you checked that radio button on GMail interface. That's all!

Friday, August 20, 2010

FortiGate + FortiAnalyzer + FortiManager setup

So, I had to setup a configuration built of 3 boxes in the subject. First thing I did, was to upgrade everything to the latest versions of firmware - 4.0 MR2 patch 1. All fine. I got to connect FG to FA, FG to FM, but there were problems in connecting FA to FM, so I can administer everything through one single interface.
So, it didn't work. No way..FA and FM didn't connect. Anyway, after a support ticket to Fortinet, the correct versions that will connect are:

Fortigate v4.0 MR2 patch 1 - build0279
FortiManager v4.0 MR2 patch 1 - build0348
FortiAnalyzer v4.0 MR2 (without patch 1) - build 0198

Thursday, August 5, 2010

software RAID grub problem

So, after correctly configuring a software RAID 1 (mirror) in a Linux installer, after rebooting, only if the /boot partition is part of a mirror, you'll get a grub prompt. Now, you can search Google for what you can accomplish from there, or you can read this. :) What can I say, I've searched Google before you.'ll get this:

First, you'll have to type this, and you will get the location of grub setup files:

grub>find /grub/stage1 
So, if you have SATA, (hd0,0) stands for /dev/sda, and (hd1,0) stands for /dev/sdb - it will be hd* for IDE. So, to make sure you have grub install on both MBR on both drives of the mirror, type this:

grub>device (hd0) /dev/sdb
grub>root (hd0,0) and then:
grub>setup (hd0) 
 This actually changes MBR to /dev/sdb (not the usual /dev/sda) and copies necessary files to boot. After reboot, it will still load grub from /dev/sda, but if something happens to it, it will successfully start your Linux from /dev/sdb.

Tuesday, July 6, 2010

Identity theft

Well, it's a kind of fucked up full of hackers world. So, after reading this, well, it kind of awakes you. Anyway, it all started from an spam e-mail, which lead to an e-mail address and an IP. Which then led to an address and some domains, which revealed some more e-mail addresses and some real phone number, and so on.

At the end of it, this guy knew the spammer's family, names, ages, some portions of US SSN, real address, real phone number and much more, all of it using public websites, like facebook, myspace or intelius, whois searches, and he even had a picture of this guy's house using Google Maps.

A good step into privacy is following these simple rules. But somehow these are not always enough. And I know a lot of people now following even a half of those. Let's say I obey 9 out of 10 rules. That's because I didn't get to check privacy rules on LinkedIn, and I can think of a few flaws some guys can take advantage of. Anyway, if I were you, I'd blindly obey every of those 10 rules after reading what's in the first link in this post. And, my eyes are getting sleepy ...sleepy..I just realized that FB is the biggest flaw of them all. That's because I know I obey most of those rules, and feels ok. But, I've set all my privacy settings around my Friends. So, they can see everything, except one thing I can only see myself - friends list. Well, what can I say, a lot of ex-girlfriends. Anyway, what if some ex, or whatever girl/guy is not following those rules, not even half? Social engineering is very hard to pull, but very effective. They can get their accounts hacked in a week. I've read few months ago about this penetration test some security company did with a client based on social engineering, and they got to find out everything, infrastructure, passwords, IPs ...etc. So, if one fails to follow those rules, get her/his account hacked, and someone could quickly get personal info about me. This sucks!

So, I guess the best privacy measure people should take is not posting shit online, and, of course, not tell personal info to people they just met online. Nothing! I think I will repeat myself, but anyway, I knew this philippino girl, we met online, and she liked doing something some people would pay for in front of her webcam. No details here. Anyway, she met this dude, she continued to do that thing, since one day, when she decided it's not ...moral. Or something! But, it turns out, that guy became her favorite stalker, she somehow told him her home address and cell phone, and he started threaten her about doing stuff to her or to her parents and shit. Don't really know the end of the story, ..oh well, at least I know she's ok, till next time she fucks it all up. That's because, few months after this guy, she met me, and yeap, I also knew her cell phone and shit. Some people never learn!

But, people should learn someday. Personally, from time to time, like ...once in 2-3 weeks, I test FB privacy settings to see what people are seeing about me, and Google Dashboard, that's because I'm a sucker for almost all Google products, and it helps people to see what infos they're sharing with others, including Google. And, starting tomorrow, I have to do something about passwords...well, it's actually 3:20 this means, later today. I'll have to change most of them to something more random, not repeat themselves on some websites, like they do now.

Friday, July 2, 2010

Second hardware failure

First, there was the motherboard. Its integrated network card didn't want to go faster than 10Mbps full duplex, just out of nowhere. Great! Got it to the people I bought it from and they surprisingly said the "defect didn't show up". Ok, so they sent it back to me. Also surprisingly, it worked! So, it's not working, sent it to repair, they say they didn't do anything, got it back, installed it, fire up the computer, it works. Fine!

Few days ago S.M.A.R.T. said I should better backup everything, because my hard-drive will eventually die, but very soon. Fuck Win7, so I booted a Ubuntu Live CD, installed smartmontools, and checked the disk:

root@ubuntu:~# smartctl -H /dev/sda
smartctl version 5.38 [i686-pc-linux-gnu] Copyright (C) 2002-8 Bruce Allen
Home page is
SMART overall-health self-assessment test result: FAILED!
Drive failure expected in less than 24 hours. SAVE ALL DATA.
Failed Attributes:
5 Reallocated_Sector_Ct   0x0033   036   036   036    Pre-fail  Always   FAILING_NOW 2622

2622 bad sectors?, failing now?, well, that's not a nice thing to have on your hard drive. So, I took it to the service yesterday, and hopefully, Seagate will send me another one, veeery fast. Luckily, my small EEE PC 1008 HA is running smoothly, with no evidence of a problem whatsoever.

Thing is, this is my second desktop I've bought on my own, and my 3rd desktop overall. First 2   didn't have any hardware failure. The one before the current one, well..I had to change, after 2 years, the power supply, because this cheap power supply I bought first suddenly didn't want to offer enough power for all components and that was the only thing replaced on that desktop in about 4 years of constant usage.

Friday, June 25, 2010

XenServer 5.6 (I)

This will be a tutorial for XenServer administration. But…the free edition. What can I say, don’t have the necessary funds to test the Enterprise edition. This will cover both XenCenter and CLI administration tasks that can be accomplished on XenServer installation.

User authentication

XenServer automatically creates the root account for administration of XenServer machines. But, if you want to add more users, from an Active Directory installation, you can add them from XenCenter, or from CLI. What's good about CLI is that it can autocomplete the params for the commands you enter, which is pretty cool for people using XenServer for the first time.

xe pool-enable-external-auth auth-type=AD \

service-name= \
config:user= \
Unfortunately, in the free version, you can't assign Roles to users added, but it's a nice feature, and it will stop people using the root account. If you don't have DHCP enabled in your AD infrastructure, although I doubt it, you can add your Domain Controllers as DNS servers on XenServer like this:


xe pif-reconfigure-ip mode=static dns=
And if you'd like to disable external authentication, you can go to XenCenter and delete the joined domain/users or use the CLI to do it.

xe pool-disable-external-auth
XenCenter and CLI defines users in different names. XenCenter uses "user", and CLI uses "subject". So, adding users from XenCenter is pretty straight-forward, but, from CLI you should type this:

xe subject-add subject-name=
To remove a user, you should follow a 2 step procedure:


first, you should get the subject's identifier like this:
xe subject-list
or using filter to do it:
xe subject-list other-config:subject-name=''
and then, use the following command to remove a subject:
xe subject-remove subject-identifier=
Terminating all authenticated sessions can be done also from CLI:
xe session-subject-identifier-logout-all
Role-based access control (RBAC)

This is a feature in XenServer Enterprise or higher. By default, there are 6 roles defined with different levels of access: Pool Admin, Pool Operator, VM Power Admin, VM Admin, VM Operator, Read Only. You can see them all using CLI. Other useful role managing commands using CLI are listed below.

show defined roles
xe role-list
show subject's role
xe subject-list
add a subject to RBAC
xe subject-add subject-name=
assign a role to an already created account
xe subject-role-add uuid= role-uuid=
xe subject-role-add uuid= role-name=
change a user's RBAC role uses a role-remove and a role-add commands to do it
xe subject-role-remove uuid= role-name=
xe subject-role-add uuid= role-name=
Resource pools
This the XenServer version of VMWare's Cluster. Hosts in a resource pool can for example start migrate guests, start them on whatever host is low on resource consumption, but they should be all connected to the same shared storage do to it. In a High Availability resource pool (which is not available in the free version), when a hosts fails, of software or hardware, the guest is automatically started on another running host in the resource pool. I can't test it using the free version, but hopefully works better than VMWares HA which I did test. What can I say, VMWare HA sucks. I test it using the poweroff command. All good. Virtual machines were moved to another hosts, but on a PSOD (aka Pink Screen of Death - something like Windows blue screen), it didn't. Virtual machines kept being down, and VMWare HA couldn't start them on another hosts because the files on the shared storage were somehow locked by the failing host, and they couldn't be started by the rest of the hosts in the cluster.

To add hosts in a resource pool you can use both XenCenter and CLI to do it.

add host to a resource pool
xe pool-join master-address= master-username= master-password=
name a resource pool
xe pool-param-set name-label=<"New Pool"> uuid=
remove a host from a pool
xe host-list
xe pool-eject host-uuid=
find out what pool is a host part of
xe pool-list
Hmm, I've tried to find a way to remove a host from a pool using XenCenter and couldn't find a way. So the only chance might be the CLI. I tried to create a new pool and add the machine I wanted to remove to that new pool, but it said it's already connected to the master of the pool. Damn!

High Availability
Although I will not be able to try this right now, I'll just write this here, for future reference when I'll need it.
So, to be able to use HA feature, you'll need:
- shared storage for all VMs in the resource pool
- a shared resource (SR) with at least 356MB of storage
--- 4MB heartbeat volume
--- 256MB metadata volume
- a XenServer resource pool
- Enterprise licence on all pool hosts
- static IP addresses on all pool hosts
Not having the enterprise license, I can only write about CLI commands that I can find in the manual. So, here they are:

enable HA on a resource pool
xe pool-ha-enable heartbeat-sr-uuids=
set restart priority for every HA protected VM
xe vm-param-set uuid= ha-restart-priority=<1> ha-always-run=true
calculation of maximum hosts that can fail before the pool will run out of resources to run all VMs in HA
xe vm-param-set uuid= ha-restart-priority=<1> ha-always-run=true
specify the number of failures to tolerate - must be less or equal than the computed value from above
xe pool-param-set ha-host-failures-to-tolerate=<2>
remove HA protection of a VM
xe vm-param-set uuid= ha-always-run=false
shutting down a host when HA is enabled
xe host-disable host=

xe host-evacuate uuid=
xe host-shutdown host=
To be continued.. :)

Friday, May 21, 2010


Lookout is a smartphone application that has a built in firewall, antivirus, backup module that can backup almost everything, including call log, sms, contacts, pics and videos and so on. Using the website, in case of you lost the phone, you can "nuke" it, so you delete every information available on the phone but you still get to have the online backup, you can make your smartphone "scream"...and trust me, it screams like hell, and it's a very good application for people not knowing where they placed their phones.

You shouldn't trust the firewall too much, the matter of fact, I disabled it, that's because it blocked my access to the internet, giving me an error about some MAC addresses, so it's not that well built, but I hope it will be, so I can enable it again.

It also has a location feature on the web, where you can locate your cell phone, and it's actually working. Although using my wireless connection got closer to my location (it said accuracy was 2.8km, but it was around 1.5km) but using my EDGE connection, it showed a location with 5km accuracy...and yeap, it was further than the wireless showed.

You can browse the content you transferred on their website, including contacts, messages, pictures. You can change settings from the web on the lookout software installed on your smartphone. For example, I can re-enable firewall from the web interface, I can change backup settings, antivirus settings, and so on. And you'll have 1.5GB of storage, with is more than enough to save vital that from your cell phone. And, they log what your software does on your cell phone like this:

Virus scan completed: Files scanned: 4686. Infected files found: 0. Files quarantined: 0.
Your first virus scan has been completed.
You backed up 97 SMS messages.
You backed up 301 calls.
You added 1 new document.

Anyway, I think it's one of the coolest app someone should have on a smartphone, so I guess you should give it a try.

Thursday, May 13, 2010

Google Apps and Aviary

I wanted to start testing Google Apps, of course, the free version. I don't need Google Video, 99.9% SLA and other crap that the premier edition is offering. Anyway, even if I was a company, I think I'd really need only the free standard version, but with a specific SLA and some security enhancements like the enforced SSL and single sign-on. After checking the features of all google apps editions, I've started looking for some free cool apps on their google apps marketplace to enhance the google apps experience. And of course, I was looking for the free ones. This is how I got to Aviary. And no, it's not about that aviary flu...Aviary is a website that lets you edit multimedia on the fly, ...and on the web. I really don't find the FAQ about storage, but it should probably me almost unlimited. So, Aviary has:

  • image editor
  • effects editor
  • color editor
  • vector editor
  • audio editor
  • image markup
So far, I've been playing with the image editor, and audio editor. And they're pretty cool, considering they're free, you can do everything online, and of course, access everything through an internet connected computer, and, it integrates perfectly with Google Apps. And, after I created my account on Aviary website, there is this "dashboard" where you can see what others have created, and I've looked through some of the's just ..WOOOW...I mean, some people really got skills. Don't expect Photoshop or Soundbooth, because you'll be disappointed, but if you need some simple multimedia editing, and of course the Google Apps integration, Aviary is the right (and FREE) choice.

Tuesday, May 11, 2010

Office Live Workspace beta

Which should be the online version of Microsoft Office 2010, which should compete with Google Docs or ..Zoho...or whatever. Unfortunately, for my Ubuntu 10.04 LTS and Chromium, it's not available. To be more specific...

To use Microsoft Office Live Workspace beta, your computer must meet one of the following requirements:
Microsoft Internet Explorer 6, 7, and 8 running on Microsoft Windows XP, Windows Server 2003, or Windows Vista. You can download Internet Explorer from the Internet Explorer page.
Mozilla Firefox running on Windows XP, Windows Server 2003, Windows Vista, or Mac OS X 10.2.x and later. You can download Firefox from the Firefox download page.
Safari 3 and 4 on Mac OS X 10.2.x and later.

Thursday, May 6, 2010


Snorby is a front-end for the well-known Snort IDS. It looks nice, it's open source, and it's very easy to set up. It's also available as a virtual machine file. You can get reports, schedule them, leave comments on events, and it also has a feature called "Teammates" which can create teams and send appropriate events and notification to different created teams. A small video about it can be seen below.

Snorby - All about simplicity. from Dustin Webber on Vimeo.

Saturday, May 1, 2010


Pino is a very fast alternative for the default Gwibber in Ubuntu 10.04 LTS (Lucid Lynx), which actually did something to my startup and shutdown time. After uninstalling Gwibber, everything got back to normal. I like the speed of Pine so much, that I decided to help this project with the romanian translation.

[update]: I'm very happy to contribute to this project with the Romanian translation. It's all on Transifex. Maybe someone else could get a look on it and make the necessary corrections...if any to make.

Thursday, April 29, 2010

Alfresco Enterprise CMS /etc/hosts problem

I've been trying for the last 4 hours to make a test installation of Alfresco on a Ubuntu 8.04.4 LTS virtual machine. Unfortunately, I had a very strange problem about some ObjID already in use. I've tried everything,, changing ports, disabling apparmor, reinstall, everything...But, after those 4 hours..or maybe more, I just found the answer here. The problem is that in /etc/hosts I had a different IP for my hostname, that's because it was actually a clone of another machine, so it had the original's IP address in that file, and I had to change the IP for not having an IP conflict, ...anyway, after modifying my /etc/hosts file, I reinstalled everything, and works smoothly.

Tuesday, April 27, 2010

GMail storage increase rate

Since I don't have anything more important to do, I was just noticing the counter on the GMail welcome page, and it's actually increasing with 4 bytes per second. Actually, there are more sick guys then me out there. This dude actually calculated the time necessary to increase the storage from current to 10GB...and the result was...20 years! ..and the increase rate per day is something around 350KB. For me I think it's quite enough, because although I'm using GMail for many many years, and for some time now, I'm gathering all my e-mails to this account, I'm only using aprox. 1GB of storage. Mainly because I only keep important e-mails, and delete all the crap / spam / newsletters that I'm not interested in reading 1 year from now.

But what happens to girls that spend most of their time in front of their computers watching pics and movies from e-mails sent from another bunch of girls with nothing to do than just forward them around? Maybe it will take Google 20 years to get to 10GB storage, ...but it will take me a hell lot more to fill that. Anyway, I know girls that can fill up that 10GB in 1 year. And that including those 20 days of legal vacation around here. :)

So, ..I was just checking now how Windows Live is coming with the storage. Yahoo is unlimited, although I guess that if you're planning to store a 1TB e-mail storage, and make sure you grow it by the end of this year, Yahoo will suddenly enable e-mail quota again... :) But, Microsoft says "Windows Live Hotmail includes ever-growing storage to provide you with as much storage space as you need, provided that you send and receive a normal amount of e-mail. Your inbox capacity will automatically increase as you need more space." So, I guess that Microsoft somehow automagically (I know, it's incorrect, ...but I just learned that from CPanel's funny status messages) increases your quota depending on how much storage you're using. And now I was thinking that I'll never loose an e-mail with this policy. Quota gets to max, Microsoft increases quota, e-mail arrives. WRONG! Microsoft also says "If your inbox surprises us by suddenly and abnormally skyrocketing in size, you may get an e-mail from Windows Live Hotmail asking you to slow down, move e-mails from Windows Live Hotmail to your desktop, or to delete some old e-mails. Please read these e-mails and follow the advice provided in them to continue to enjoy ever-growing storage, which should be plenty of storage for you so that you don't have to worry about running out of space." So, there's no number in "ever-growing storage" ...and how is that "ask you to slow down"?..Like, you're responsible for e-mails you receive, and you should tell people that sends you e-mails to slow the fuck down. Funny, indeed. There should be a trick in Yahoo's infinite storage, but I'll have to dig more on their website.

[update]: This is what's on Yahoo about their unlimited storage:

How does unlimited storage work?
It’s pretty straightforward—users who follow the Yahoo! Terms of Service and our anti-abuse controls can consume an unlimited amount of free email storage. This will apply to both new and existing users.
Wait – what? Wow!
How can Yahoo! afford to give away unlimited email storage?
By hiring outstanding engineers, of course! Ours have been hard at work developing an incredibly efficient backend storage system. This storage system gives you the option to never delete another email! Unless, of course, you want to. The purpose of unlimited mail isn’t to provide an online storage warehouse. Usage that suggests this approach gets flagged by our anti-abuse measures. In order for our system to work efficiently, our abuse control systems may limit the number of emails you may send or receive when it appears your usage is excessive. These abuse control systems may also impact the rate of growth of your account and you may need to create new folders or move some emails to other folders, if you are experiencing response issues.
How will you prevent abuse?
Yahoo! employs a variety of anti-abuse methods. If our anti-abuse system detects potential abuse we may take action. These anti-abuse controls enable us to better identify users who are not using the service appropriately under the Terms. Our goal is to ensure that everyone benefits from unlimited storage!
So, I'm pretty sure they have something like M$ has. If you receive too many and too big e-mails you'll receive an e-mail from Yahoo like this:

From: Yahoo's Outstanding Engineers :)
Subject: Storage full
Message: Please tell your friends to slow the fuck down, We bought all harddrives we could find. Please hold them off a day or 2. We're just going to fly to the factory and get some cargo flight with some more, install them, and after that, you can continue your messaging as usual. :)

Sunday, April 25, 2010

EEE PC 1008HA hotkeys on Ubuntu Lucid Lynx 10.04 LTS

So, it seems that Asus is somehow sniffing on the installed operating system and acts accordingly. So the way acpi works is related to what OS the mainboard thinks you have. Newer kernels don't advertise themselves, so you should do that manually by adding "acpi_osi=Linux" to /etc/default/grub file to GRUB_CMDLINE_LINUX_DEFAULT variable so it will show like this:
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash acpi_osi=Linux"
Then run "update-grub" as root or with sudo, reboot, and that's all. 

Friday, April 23, 2010

Ubuntu 10.04 LTS updates

After the latest updates installed, there's the battery icon both in Notification Area and Indicator Applet, and notification about battery charging and discharging got bigger, which looks uglier on my small Eee PC screen. Hopefully, they'll fix this by the release date on 29th this month. They'll also have to fix my hotkeys problem, and not that grub fix that finishes the ethernet card.

[update]: you can hide one of the icons by left-clicking the icon and then "Preferences", and then on the last tab called "General" check the "Never display an icon" option, and then Close. My choice was to never show the icon from Indicator Applet, because the one in Notification Area is smaller, and I like small things on my small Eee PC desktop.

[update #2]: after disappearing again, it reappeared today. I guess it has something to do with update-manager but I'm not sure what exactly. Still, after few updates including acpi-support, no support for my hotkeys. Hopefully they'll get all bugs fixed by the end of next week, when the release date is coming. They've also discovered a memory leak in package, but fortunately, I don't seem to get affected or at least, the startup time looks ok to me. The only thing that's slowing my boot is after the login screen, and it's because AWN is loading. Unfortunately, I like it too much to see it gone, so I'm not uninstalling it soon, I'll just have to get used to those 10 seconds of freeze before everything appears on my desktop after the login screen.

Wednesday, April 21, 2010

My nerd score... :(

I just found this on some Planet Gnome blog, and decided to take the test's the result:

I am nerdier than 95% of all people. Are you a nerd? Click here to take the Nerd Test, get geeky images and jokes, and write on the nerd forum!

Monday, April 19, 2010

Avant Window Navigator

AWN it's a cool dock-style panel that I just discovered today. It was added automatically for some plugins of banshee media player. I tried installing it because of the lack of equalizer of Rhythmbox. Unfortunately, wasn't very impressed by the performance, and the banshee-telepathy plugin to be able to change my Empathy status, was missing from the repository, and I wasn't able to install.

Anyway, AWN, looks great, works great on my EEE PC, and has really nice effects, ..and applets. All packages including extra applets are:


I just took a print screen of how I've made it look...

Thursday, April 15, 2010

TeamViewer for Linux (beta)

So, TeamViewer just released the Linux version of their software. There is an archived version, and also RPM and DEB packages for whatever distro you might use.  It's beta, but it's worth trying.

GMail insert invitation

There's a new feature in GMail. It allows you to send invitations to events directly from your GMail interface. It automatically inserts the event in your calendar, and to the ones you send the invitation to. GMail blog post made me very proud of being the same nationality as the girl who posted this to their blog, a software engineer called Oana Florescu, a very ..romanian name.

Wednesday, April 14, 2010


CheckGmail is a nice GMail checker. It blends in the panel because the current version has transparent icons, and it's a nice thing to have, if you're in my place and you uninstalled all e-mail clients because you wanted the browser version and not another software installed on your computer. On a new e-mail, the icon looks like this..

Bad part is that it won't work only with "apt-get install checkgmail". After installing, you'll have to get the latest SVN version with "sudo checkgmail --update". When asked, press capital "Y". That's all folks!

Tuesday, April 13, 2010

new improvements to Google Docs

Packet Tracer 5.2 font problem

I tried to start the newly installed Packet Tracer 5.2 on my Ubuntu 10.04 LTS beta 2. Unfortunately application fonts were really fucked up. But, there is a fix for that.

- first of all, Packet Tracer runs on its own QT4 libraries, and you don't want that. So, to change that, edit this file "/usr/local/PacketTracer5/packettracer" and comment out this line:

- after that, you have to install whatever QT4 missing packets you have to install this:
apt-get install libqt4-gui
apt-get install libqt4-webkit
apt-get install libqt4-qt3support

if it still doesn't work after all this, just do this:
apt-get install libqt4-dev

Then your Packet Tracer is ready to go and simulate Cisco equipment.
Have fun!

Ubuntu 10.04 LTS beta 2

Unfortunately, Ubuntu still has to fix some of the bugs people have until the final release gets out by the end of this month. I'm testing it on my Asus EEE PC 1008HA...and I have the following annoying bugs:

- after login, when my desktop appears, indicator applet icons and notification area icons get messed up. It all sorts out after a log out, log in.
- eeepc_laptop module is not loadable, ...the error is "no such device"..still hoping it will work soon because I miss my hotkeys functionality. There was this "fix" available on the net, but unfortunately, makes your ethernet card unusable.
- empathy should have a default window size for every chat that should be setup in gconf, or at least should remember the chat window size settings for specific users. Unfortunately, it doesn't, any of them. Hopefully, at least the remembering will be done by the final release of 10.04 LTS.
- this is something related to rhythmbox "IM status" plugin. Although it sets the correct status when the song is changing, sometimes the status empathy shows in the dropdown list is stuck.
- and 1 more for empathy. Sometimes, using the default Ambiance theme, the status bar in empathy just disappears, and the workaround I found is to go to Preferences > Appearance and change to another theme, and back to Ambiance theme. Status dropdown list appears automagically. :P This shit happened to 9.10 as well, and I discovered this workaround back then.
- and the last one,..there's a huge space between icons in indicator applet, and it annoying in my 1024x600 screen. They can have some custom gconf setting for that, or they can make the distance smaller by default.
- I was just joking, this is the last one. :) I guess there's something wrong with the Intel graphics drivers. Because in 9.10 I had no problems running Compiz, but in 10.04, there is a flickering line in windows while moving them, and I don't know for sure why.

And a good thing I've noticed about 10.04 LTS beta 2. Wireless drivers. They're excellent. In 9.10 I always used the tutorial I had in my blog to update drivers every single kernel upgrade I was doing. But this time, wireless drivers work well out of the box, so there's no more need in compiling new ones.

Tuesday, April 6, 2010

How to change Ubuntu Karmic Koala and newer login screen

As System > Administration > Login Screen doesn't offer so many options anymore, the way login screen looks can be changed like this:

1. logout of your current session and return to login screen
2. get your command line interface (CLI) by pressing Ctrl+Alt+F1
3. login using your account, or root account.
4. type export DISPLAY=:0.0 for the $DISPLAY variable to be available to users
5. type sudo -u gdm gnome-control-center - this will open up gnome control center for "gdm" user; this is the user that is used for the login screen.
6. switch to graphical display using Ctrl+Alt+F7
7. configure theme, background and whatever else you want for the login screen
8. close gnome-control-center and login using your account (you should already have the new theme at your login screen)

Tuesday, March 30, 2010

VirtualBox vs. VMWare workstation 3D acceleration

Well, it was an opensource project acquired by Sun, that was acquired by Oracle. But I'm not into the selling and buying business, so I'll just get to the subject. VirtualBox has something that VMWare Workstation (let's say 7) doesn't. And it's called 3D acceleration. Well, I know that VMWare Workstation has 3D acceleration since the 6.x versions, BUT, some of the people tried installing Ubuntu as a guest on a Windows with VMWare Workstation host. After installing the guest, they tried enabling desktop composition - Compiz Fusion. And they had a surprise, telling them that desktop effects could not be enabled. Why? Because VMWare Workstation only supports 3D acceleration for a Windows-based guest. Which means that Linux-based guests are not supported. So this is where VirtualBox comes into place. Well, VirtualBox supports 3D acceleration for whatever guest operating system you'll have. In fact, VirtualBox allows you to set up virtual video memory available for the guest operating system, which VMWare Workstation doesn't.

So, the best solution for Linux-based guests if you need 3D acceleration, VirtualBox is the solution. It's a little buggy though, ...for example, when you change desktop theme in Ubuntu, the screen flickers, but it's not flickering after it's done changing the theme, and what the hell, you can enable compiz. :)

My new desktop

Including conky's new colours and a new desktop I found.

Friday, March 26, 2010

Blogger Template Designer

This is a new capability of the Blogger in Draft interface (yeah, I know, kind of a BETA version of blogger) that lets you customize your blog template. You get to choose to start from a couple of templates, and then customize them to satisfy your needs and fantasy. You can choose the number of columns, fonts used, colors, sizes, and even widths. You can also choose some backgrounds, just like I did. This Matrix like background surely excited my fantasy. :) Give it a try, and then you'll see your web designer skills taken into action.

Monday, March 22, 2010


Well, I just discovered Conky. Conky is a very lightweight computer monitor, for a linux desktop (not a gnome applet or anything). It's very configurable, and it just made my desktop look like the picture below.

[update]: apparently, you cannot add this directly to startup applications in ubuntu, simply because it will not work, but if you make it sleep for 30 seconds and then run conky, it works like a charm. So, to add this in startup applications, the command looks like this:

sleep 30 && /usr/bin/conky

Friday, March 19, 2010

Windows Live Writer blog client

So, I’ve been using Drivel on my Eee PC for editing a Wordpress blog, but when I tried to use it with Blogspot, it didn’t work, or, it worked, but not correctly. So, now, for editing blogs on a Linux, the best choice I guess still remains Scribefire, which is actually a Firefox plugin, and which works with most blogging platforms. Unfortunately, I hate the load of buttons and shit all over my small Eee PC screen. It’s not that usable. I just hope that Drivel developers will make that shit work with Blogspot.

On some old posts ago, I discovered Windows Live Writer, which is good with the Live Spaces, Wordpress, Blogspot, Livejournal, and probably with every well known blogging platform there is. I really like its simpleness and clean interface, and it’s my choice of blogging in Windows. Although I have a huge 1920x1080 resolution on my desktop, I’m not going to fill it up with Scribefire.

And earlier, it was just a test that my setup is correct in Windows Live Writer for my Blogspot account.


just testing..

Wednesday, March 17, 2010

Internet Explorer 9

Internet Explorer 9 Platform Preview has been presented yesterday in Las Vegas at a Microsoft MIX 10 conference. It's also available for download over here. I personally don't like testing shit on my own computer, but for the anxious ones to test it, now is the chance to do it.

Monday, March 8, 2010

FreeBSD (IV)

How to create filesystem snapshots:
# mount -u -o snapshot /root/snapshot /var
# makesnap_ffs /var /root/snapshot
This will create a snapshot of /var diretory into /root/snapshot file. Snapshot can be mounted like this:
# mdconfig -a -t vnode -f /root/snapshot -u 4
# mount -r /dev/md4 /mnt
# umount /mnt
# mdconfig -d -u 4
Filesystem quotas. To enable them, first, you'll have to have this in your kernel config:
options QUOTA
And this added to your rc.conf file:
To disable bootup quotacheck with will largely increase boot time, you can disable it by adding this to rc.conf:
To enable user and group quotas on a filesystem, you should add this to your /etc/fstab:
/dev/da0s1a    /    ufs    rw,userquota,groupquota        1    1
To check if quota is enables, run this:
# quota -v
To edit a users' quota, you'll need to run this:
# edquota -u testuser
To assign the same quota settings to multiple users, you can use this:
# edquota -p testuser testuser1 testuser2 testuser3 ...
# edquota -p testuser 1000-1500
This will assing the same quota settings of testuser to users that UIDs are between 1000 and 1500.

Filesystem encryption, and even swap encryption for the real paranoid system admins, can be achieved using gbde (GEOM based disk encrytion) or geli. gdbe will need this added to kernel config and recompilation:
options GEOM_BDE
geli is a newer way to encrypt filesystems and it's available from FreeBSD 6.0. Good part is that is faster than gbde, and supports multiple encryption algorithms, and you'll need this added to your kernel config:
options GEOM_ELI
device crypto

Ubisoft DRM

Recently, Ubisoft released a DRM mechanism to make sure you're not playing cracked version of their games. Unfortunately, you got to be online (internet connection required) in order to be authenticated on their servers, and be able to play their games. Unfortunately, their DRM was cracked next day from release date, and unfortunately, yesterday their authentication servers went down, so no one could authenticate...and play their games.

Thursday, March 4, 2010

IE6 funerals :)

Internet Explorer Six, resident of the interwebs for over 8 years, died
the morning of March 1, 2010 in Mountain View, California, as a result
of a workplace injury sustained at the headquarters of Google, Inc.
Internet Explorer Six, known to friends and family as "IE6," is
survived by son Internet Explorer Seven, and grand-daughter Internet
Explorer Eight.
Very funny, the webpage, including the artwork. All of this can be found on

Ubuntu re-branding

So, there's a lot of talking on forums and ubuntu website about its rebranding. Personally, I like the new look, the new gtk themes that are presented over here. I've tried upgrading my rhythmbox to a newest version that would support changing my Empathy status to whatever I'm listening, and I had a quick preview of the new Lucid Lynx (10.04) and I liked its new icons and shit. I just can't wait for the 10.04 to appear in my update applet. Anyway, the problem is that the new rebranding including changes of all the icons in this new distribution will be very hard to finish until the expected date. So, I guess there will be some problems with this, but let's hope they'll finish in time. Or maybe they'll name it 10.05 :P

Wednesday, March 3, 2010

Google Go programming language

So, i'm not into programming that much, but in a recent news a read, there was this Google Go programming language just launched. As they say, it's a combination between the speed of Python and performance and safety of C/C++. More details about this launch can be found here. Also, i've just discovered the project homepage that can be found over here.

Google acquired Picnik

I didn't hear about Picnik until Google acquired it. Picnik is (or was) a website that let you edit photos, add effects, and all that crap in a browser, with no client installed on your computer, like Picasa. Picnik let you do all this stuff online. Well, soon it will be available on Picasa Web I guess, Google's online web albums. BTW, GMX just upgraded their document storage to 2GB, wherer you can upload almost anything. When is Google going to upgrade Picasa Web to a greater storage than currently 1GB? Because trust me, for people using Picasa Web, 1GB is not enough. Of course, there's an option of paying for storage, but why pay if there are enough free storage providers? I currently use Asus Web Storage and their Windows client on my desktop, and Dropbox on my Ubuntu EEE PC, that's because it's fully compatible with Gnome's Nautilus. Maybe Google should do something like that?!

Sunday, February 28, 2010


BSD Jails – some improved version of traditional chroot environment. It allows you to configure a hostname, an IP address, and processes does not leave in any case the jail they run into.
So, if you’re already using bash like I am, this are the steps:
# i used /usr/jail/myjail as my first jail in FreeBSD.
export J /usr/jail/myjail
mkdir -p $J
cd /usr/src
make buildworld # run it when using jails for the first time…and wait, it’s gonna last..
make ‌installworld DESTDIR=$J
make distribution DESTDIR=$J
mount -t devfs devfs $J/dev

Enable it on startup by editing /etc/rc.conf like this:

To start/stop your jail, use this:
/etc/rc.d/jail start myjail
/etc/rc.d/jail stop myjail
To cleanly shutdown a jail, run:
sh /etc/rc.shutdown #from inside a jail
or, use jexec utility.
Some other programs you’ll probably use with jails, are found in /usr/ports/sysutils:
jailadmin, jailctl, jailutils
To see what jails are running you can run:
To run a tcsh on a jail, run:
jexec JID tcsh
…which will get you directly on that jail.

Compiz Fusion – how to make inactive windows transparent

I’ve search for this on Google because i couldn’t find it myself. First of all, you’ll need compizconfig-settings-manager so you should apt-get install this first.
After this, go check the Effects > Trailfocus and then click the Appearance tab. You’ll see there:

- Opacity level of focused windows – normally left at 100
- Opacity level of unfocused windows – set this to whatever you want (this is the opacity of inactive windows)

BTW, i’m on Ubuntu 9.10 over here…

[update]: Well, it seems Compiz is running smoothly on my EeePC 1008HA with enough settings enabled, including that one from above…including the Water effect thing, which is actually …damn…filling out my desktop..and couldn’t see what i was writing) I know, i act like a 2 years old kid. But it looks veeery veeeery nice. Practicly, you don’t need a screen saver. If you don’t want anyone seeing what you have on your desktop, just run the water effect thing, and that’s all..

Ubuntu/Debian network adapter bonding

apt-get install ifenslave
nano /etc/modprobe.d/bonding.conf
alias bond0 bonding
options bonding mode=0 miimon=100
0 – Transmit packets in sequential order from the first available slave through the last.
1 – Only one slave in the bond is active. A different slave becomes active if, and only if, the active slave fails.
2 – This selects the same slave for each destination MAC address.
3 – Transmits everything on all slave interfaces.
4 – IEEE 802.3ad Dynamic link aggregation.
nano /etc/network/interfaces
auto lo
interface lo inet loopback
auto bond0
iface bond0 inet static
slaves eth0 eth1
bond-mode 0
bond-miimon 100

FreeBSD resource performance

…after 2 tries to recompile its kernel, and some sendmail disable, i finally got it working like this:
last pid:   814;  load averages:  0.12,  0.15,  0.07
up 0+00:14:50  20:02:00
9 processes:   1 running, 8 sleeping
CPU:     % user,     % nice,     % system,     % interrupt,     % idle
Mem: 3816K Active, 4968K Inact, 20M Wired, 9632K Buf, 968M Free
Swap: 537M Total, 537M Free
769 root          1  44    0  9400K  4380K select  1   0:00  0.00% sshd
720 root          1  70    0  3372K  1380K nanslp  0   0:00  0.00% cron
772 root          1  44    0  4572K  2316K wait    1   0:00  0.00% bash
473 root          1  44    0  3344K  1328K select  1   0:00  0.00% syslogd
711 root          1  44    0  6676K  3616K select  0   0:00  0.00% sshd
768 root          1  76    0  3344K  1180K ttyin   0   0:00  0.00% getty
767 root          1  76    0  3344K  1180K ttyin   1   0:00  0.00% getty
814 root          1  44    0  3680K  1796K CPU0    0   0:00  0.00% top
370 root          1  44    0  1888K   540K select  1   0:00  0.00% devd

[root@ ~]# vmstat
procs      memory      page                    disks     faults         cpu
r b w     avm    fre   flt  re  pi  po    fr  sr da0 pa0   in   sy   cs us sy id
0 0 0  39704K   968M    64   0   0   0    54   0   0   0    2  129   78  0  1 99

Now that’s a veeeery light resource consuming operating system, isn’t it?!

FreeBSD (II)

Installing X11 on FreeBSD
# cd /usr/ports/x11/xorg
# make install clean
# nano /etc/rc.conf
add this to rc.conf for keyboard and mouse auto-detection:
Nice thing with installing things in FreeBSD. For example, using a package manager in Red Hat and Debian based distributions doesn’t allow you to install multiple packages from different consoles, that’s mainly because it has to track every changes to the internal database of packages installed, so if you’re installing a package in a console windows, and you try to install another package in another console window, you’ll get an error telling you the package database is locked. Well, in my newly installed FreeBSD I’m installing in a console window, and nano editor in another one. Pretty cool shit!!
To test if X is starting, you run “startx” in CLI, and you should see some green window crap.
Installing Gnome is way too easy:
# pkg_add –r gnome2
Additionally, if you want gnome to be started automatically, you add this to /etc/rc.conf:
# gdm_enable=”YES”
# gnome_enable=”YES”
Upgrading installed ports. You can easily do that by using one of the commands:
# portmanager –u
# portmaster –a
# portupgrade –a
Cleaning disk space after using ports can be done like this:
# portsclean –C # to clean up ports collection
# portsclean –DD # to clean up dist files

FreeBSD (I)

How to update installed ports:
# portsnap fetch
# portsnap extract update
How to install and switch default shell to bash:
# cd /usr/ports/shell/bash
# make install clean
(and prepare yourself for a looong waiting…because it’s installing a lot of dependencies)
chsh –s /usr/local/bin/bash
So now, you’ll have filename, path and command autocompletion.
You can install Midnight Commander like this:
# cd /usr/ports/misc/mc
# make install clean
…and of course, wait…
After that, you can have VI iMproved installed like this:
# cd /usr/ports/editors/vim
# make install clean
If you don’t like default “top”, you can install “htop” by doing this:
# cd /usr/ports/sysutils/htop
# make install clean
I also installed “lsof”, because it was in the handbook they have on the website, so  you can find it in “/usr/ports/sysutils/lsof”.
Another few network settings, and i’m done for today. So, if you need static IP for your internet card you can set it up in “/etc/rc.conf” like this:
ifconfig_le0="inet netmask"
If you need to configure a gateway, you can add this to the same “rc.conf”:
And for domain resolution, i had to manually create a file called “/etc/resolv.conf” and add my
wireless router to the file like this:
That’s all for today.

UNIX/Linux common kill signals

kill — terminate or signal a process
kill [-s signal_name] pid
kill -l [exit_status]
kill -signal_name pid
kill -signal_number pid
The kill utility sends a signal to the processes specified by the pid operands. Only the super-user may send signals to other users’ processes. The options are as follows:
-s signal_name A symbolic signal name specifying the signal to be sent instead of the default TERM.
-l [exit_status] If no operand is given, list the signal names; otherwise, writethe signal name corresponding to exit_status.
-signal_name A symbolic signal name specifying the signal to be sent instead of the default TERM.
-signal_number A non-negative decimal integer, specifying the signal to be sent instead of the default TERM.
The following PIDs have special meanings:
-1 If superuser, broadcast the signal to all processes; otherwise broadcast to all processes belonging to the user.
Some of the more commonly used signals:
1 HUP (hang up)
2 INT (interrupt)
3 QUIT (quit)
6 ABRT (abort)
9 KILL (non-catchable, non-ignorable kill)
14 ALRM (alarm clock)
15 TERM (software termination signal)
This is copied from the freebsd kill manual from here. It’s copied over here cause i keep forgetting all this crap.

Saturday, February 27, 2010

Linux Atheros AR9285 wireless driver

So, my 1008HA eee pc has a Atheros Communications Inc. AR9285 Wireless Network Adapter as lspci shows me. Usually, linux uses the default ath9k driver for it, but unfortunately, it sucks. It disconnects, it’s slow, it’s a big fucking mess. So, if you need wireless drivers for your Atheros wireless adapter, i’d proudly recommend this website:

From there, you can download an archive called compat-wireless. Unarchive it, make, make install, …and then reboot your computer. You’ll have a brand new ath9k driver that …RULEZ! No more disconnecting from the wireless AP, no more 30% signal when u’re 5m away from the AP…

IPSec + L2TP on Ubuntu

The requirements were to find a way to make secure VPN tunnel with the workplace, and dial-up VPN being not so secured, we opted for IPsec with L2TP, the built-in VPN client in Windows distributions – including my newly Windows Mobile 6.1, which i actually tested and works great with the VPN.
Basically, we’ll start with a fresh clean installation of Ubuntu Server, in my case, the lastest one 9.04. You start to apt-get everything you need:
apt-get update
apt-get install openswan xl2tpd
PPP is already installed so you won’t have any problems with it. This scenario will be a “road warrior”, because we want to be able to connect from every kind of internet connection to the company’s network – including home internet, 3G modem connected to the laptop, GPRS connection on the mobile phone, ..whatever.
Ok, so you’ll need to configure some files first. Let’s start with ipsec:

conn L2TP-PSK-noNAT
left=                  #your external IP address for the clients to enter in their VPN wizzard
leftnexthop=    #your gateway
This is the default ipsec.conf configuration file that is installed together with openswan. Next, you’ll have to configure a secret for IPsec, and you’ll do that by configuring /etc/ipsec.secrets file: %any : PSK “yourfavouritepresharedkey”
That should be all for IPsec to work. You just have to put it on startup with:
update-rc.d ipsec defaults
Ok, next, you’ll have to configure xl2tp to work. For that, there is a file called /etc/xl2tpd/xl2tpd.conf that needs to be edited:
[global]                                                                ; Global parameters:
ipsec saref = yes
listen-addr =
port = 1701                                                     ; * Bind to port 1701
auth file = /etc/ppp/chap-secrets       ; * Where our challenge secrets are
rand source = dev                     ; Source for entropy for random
[lns default]                                                   ; Our fallthrough LNS definition
exclusive = no                                          ; * Only permit one tunnel per host
ip range =     ; * Allocate from this IP range
local ip =                           ; * Our local IP to use
length bit = yes                                                ; * Use length bit in payload?
refuse pap = yes                                                ; * Refuse PAP authentication
refuse chap = yes                                               ; * Refuse CHAP authentication
require authentication = yes                    ; * Require peer to authenticate
name = vpn-srv                                        ; * Report this as our hostname
ppp debug = yes                                         ; * Turn on PPP debugging
pppoptfile = /etc/ppp/options.l2tpd                     ; * ppp options file
I guess this is almost self explanatory, ..but if you need some help on this, just put a comment. 2 files to go. First is the pppoptfile – /etc/ppp/options.l2tpd

asyncmap 0
name l2tpd
lcp-echo-interval 30
lcp-echo-failure 4
After configuring ppp to work with xl2tp, there is one more step for things to work – authentication. You accomplish that by editing the auth file /etc/ppp/chap-secrets

user1      l2tpd     user1password
#specify an IP from the range or out of it; whenever user1 is logging in, it will get the same IP
user2      l2tpd     user2password *
# user2 will always get an IP from the range specified in the range from xl2tpd.conf file.
That’s about it. When I’ll feel like doing print screens, I’ll show you how you add your VPN connection in a Windows XP, but i guess you can already find that out with google search.

[update]: i tried the configuration i posted on my blog, but vista client behind NAT didn’t work at all. There are 2 things you should do:

1. registry modification on windows xp/vista:
for windows xp:
in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPsec create a DWORDcalled AssumeUDPEncapsulationContextOnSendRule and assign the hex value of “2″. This should allow both client and server behind NAT.
for windows vista:

in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent create a 32-bit DWORD called AssumeUDPEncapsulationContextOnSendRule and assign the same value of “2″ for the same reasons.

2. you should define private networks in ipsec.conf by adding this into ipsec.conf in config setup section:
It should work after all this.

[update2]: here is the latest configuration that worked, with computers behind NAT or not, with Vista or with all combinations – of course, with the registry key inserted where it has to be.
conn ROADW
and of course, insert this line in ipsec.conf:
This should work in every type of road warrior. Have fun!! The rest of the configuration files are exactly the ones from above..