Its morning, I crawl into my office and open my email. There's an email with 'urgent' in the subject line and its from my boss.Hmm what could this possibly be. I read the mail what it basically said was to uninstall MS Office, Visual Studio,Adobe Photoshop, Macromedia Flash, Winzip etc from all systems and install oo.org . Im a little puzzled and also quite pissed off because it has to be done by tomorrow. Type rest of the post here Although one might say we are only promoting open source by this method but I tend to disagree.We are basically forcing everyone to switch over to oo without any formal training. What this would result in is unhappiness of the users and them getting a wrong idea of open source as inferior software. Later in the day I was about to learn what had caused this. It was a letter from the BSA to our MD 'an educational letter'. This meant our office could be raided anytime and since no licensing fees had been paid for a lot of software we were in quite a lot of danger. Im thinking to myself how often do I wish that this company had a planned IT developement but then again its only three more months. But for the fact Ive to oversee that this 'change' goes on smoothly Im not the least bothered. Some part of me even hopes that they are charged with piracy but then again who cares.
Read More......Wednesday, September 27, 2006
Friday, September 22, 2006
Major Network outage
Its a bad bad start to the day. I go into the office, connect to all the
servers I need and check my mail everything seems normal until I try to
connect to orkut. No connection, Im a little pissed. I open the relevent
server tab on mrxvt and ping google.com, no response. I ping the default
gateway for the machine no response still. I rush into the server room and
immediately check the router all the lights are blinking as they are
supposed to Link, DSL and ethernet. I check the ethernet cable on the
server, seems allright. As a last try I restart the router. No nothing
works. Why did the fastest connection in the office had to go down. As I
am thinking I would have to settle for a 256kbps connection I get another
shock. The connection on the proxy server isn't working. Now what? Last
option the unused 128kbps failover connection . I get it connected and
change the settings as soon as I ping my heart sinks its not working as
well the only connection alive in the office is the Tata connection to the
mail server. Then it dawns upon me that there's a problem with the Airtel
connections and since the problem is with Airtel's connection to internet
and not my connection to Airtel the router do not show any sign of a
problem.
I call up Airtel their response: "Sir the Airtel network is down and its
not a problem with your connection.". I ask how long it will take to be
up? "Sir it might take 30 minutes or maybe an hour" I hear that as Our
network has got badly fucked up and it might take half a day to be
repaired. Everything I have learned and experienced about redundancy and
failover connections has come to a nought. I'd love to know what caused
this outage. But perhaps sadly I never will.
Thursday, September 21, 2006
Setup shorewall with two interfaces
One of the most basic things whenever you setup a network is allow access from an externel network and then secure it. Both these tasks are easily achieved by using a firewall. A popular choice of firewall is shorewall, in this article I will show you how to configure a simple network two interface network. You allow all traffic from the internal network to the external network but block all traffic except ICMP and http from the external network. So without further delay lets get started.
#Change this from No to Yes
net ipv4
loc eth0 detect tcpflags
eth1 eth0
#SOURCE DEST ACTION LOGGING
#ACTION SOURCE DEST PROTO PORT
#Change this from 0 to 1
/etc/init.d/shorewall start
First you have to install shorewall to this:
yum install shorewall (Fedora/Redhat)
apt-get install shorewall (Ubuntu/Debian)
Now you should have a /etc/shorewall directory and in it there is shorewall.conf file. This is the first file you edit. Im only going to list the lines you'll have to change in the shorewall.conf file:
STARTUP_ENABLED=Yes
#Name of firewall zone, if you don't set it you'll have to configure it in zones file
#Set this to fw
FW=fw
#Enable IP Forwarding
#Set this to On
IP_FORWARDING=On
That is all you have to change in the shorewall.conf, You don't need to change other default values.
Now edit/create /etc/shorewall/zones file
You specify one zone net which is the external zone and one zone loc which is for your local network
loc ipv4
Now that you have specified the zones its time to bind them to their interfaces. Lets suppose eth1 is connected to the external network and eth0 is connected to the local network.Time to edit/create /etc/shorewall/interfaces
net eth1 detect routefilter,tcpflags,nosmurfs
What you have done in this is bind eth0 to zone loc and told the firewall to detect the broadcast address and check for bad tcp flags. The other thing you have done is bind eth1 to zone net, autodetect broadcast address and check for bad tcp flags+ disable source routing+ check for broadcast source packets.
Upto now you have done these things :
Setup three zones fw(the firewall zone i.e the machine firewall is running on),loc(the local network) and net(the external zone). You have also bound these zones to specific interfaces and enabled IP forwarding.
For sharing an internet connection between multiple computers using a single external IP linux does something called IP masquerading. What it basically means is when you send your packets to the external network the firewall changes the source IP to your external IP and keeps track of who sent the packet to whom. When the host you have sent the packet to replies the firewall recieves the packet and changes the destination address to your IP and sends the packet to you. Sounds tough? To setup IP masquerading for your loc zone(eth0) to access the net zone(eth1) create/edit /etc/shorewall/masq like this:
Maybe it isn't so complicated afterall. Now you almost have a fully functional but for one thing You don't have any policy/rule for packet filtering! What are you waiting for create a default policy now. Just create/edit /etc/shorewall/policy .This file is the basic firewall policy. What it means that when a packet does not meet any firewall rule(which we setup later) then it is routed according to the policy.
$FW net ACCEPT
$FW loc ACCEPT
net all DROP info
# The FOLLOWING POLICY MUST BE LAST
all all REJECT info
The file is read from top to bottom as soon as a packet matches a given rule it is routed accordingly. In this file what we have done is :
Don't worry if you don't see this working completely, we have to configure the rules which is followed before the default policy. Create/edit /etc/rules like this :
ACCEPT net $FW tcp 80
ACCEPT loc all all
ACCEPT net $FW icmp
Our basic rules are very simple:
Now our configuration is complete but for a small step. Edit the file /etc/default/shorewall and change this line
startup=1
Now our configuration of shorewall is complete. Its time to start it:
If all goes well then our firewall should be up and running. What we have configured is a very basic setup. For more features and logging facilities I suggest you look into /usr/share/doc/shorewall. The documentation is excellent and the examples are very descriptive. Now go and have fun with your secure network.
Wednesday, September 20, 2006
Backups made easy!
Has it ever happened to you that you were working on some file after hours
of work you save your file and go to sleep. A week later you need the file
and you get some error while opening it or the file simply isn't there. Now
you wish you had backed it up but alas! its gone for good.
This is where backups come in. Regular backups can be a real life saver no
matter whether your data is worth 1 Re. or 100000000 Rs. If you are on linux
you have many ways of backup and millions of tools for backup.
Backup Stratergy
When the first time you backup its a full backup then subsequent backups can
be incremental i.e you only change files that have changed since the last backup.
The tool I have chosen is rsync because its fast, reliable and available on most
linux distros.The backup method can be any of these:
#!/bin/bash
The script I've created requires a small configuration step after which you can
put it in crontab and relieve yourself of backup troubles.
Here's the script:
#Configuration part
#The backup method SSH,NFS,SAMBA or LOCAL
#In case of SSH you would have to set up the authentication keys
#to automate the process
METHOD=
#Path of the directory to be saved
DIRTOSAVE=
#Include hidden files i.e files/dirs beginning with '.' Give option Y/N
HIDDEN=
#Remote machine, needs to be given for SAMBA,NFS or SSH
REMOTE=
#Share path, the share name or the path on the remote machine
#Has to start with a / its not needed for SSH or LOCAL
SHARE=
#The backup dir, has to start with /, for NFS or SAMBA it is
#relative to SHARE, for LOCAL or NFS the path is absoloute
BACKUPDIR=
#Username and Password, has to be given for SAMBA, only username is required for
#SSH, the password you'll have to enter manually or setup ssh keys
USR=
PWD=
#End Configuration
#DO not edit below this
if [ $HIDDEN = 'N' ] ; then
EXCLUDE="--exclude=\".\""
else
EXCLUDE=""
fi
if [ $METHOD = 'LOCAL' ]; then
rsync -ru $EXCLUDE $DIRTOSAVE $BACKUPDIR
elif [ $METHOD = 'SSH' ]; then
rsync -ru $EXCLUDE $DIRTOSAVE $USR@$REMOTE:$BACKUPDIR
elif [ $METHOD = 'SAMBA' ]; then
mount -t smbfs //$REMOTE$SHARE /mnt -o username=$USR,password=$PWD
if [ "$?" -ne "0" ]; then
echo "Could not mount remote share"
exit 1
fi
rsync -ru $EXCLUDE $DIRTOSAVE /mnt$BACKUPDIR
umount /mnt
elif [ $METHOD = 'NFS' ]; then
mount $REMOTE:$SHARE /mnt
if [ "$?" -ne "0" ]; then
echo "Could not mount remote share"
exit 1
fi
rsync -ru $EXCLUDE $DIRTOSAVE /mnt$BACKUPDIR
umount /mnt
fi
The crontab entry for this should look something like this if it is supposed to run
every sunday night at 1 AM and the file is located at /root/backup.sh
0 0 * * 0 /root/backup.sh
Thursday, September 14, 2006
Xnest: way too cool
If you are using linux you would know what X is. Well if you don't I suggest you google for xorg and xfree86. Now coming to Xnest, Xnest is both an X client and a server. So what it basically does is create a window on your desktop which acts as an X server to which other applications can connect. What's the use of this one might ask.
Well its utility is only limited to imagination. You might run different window managers in different windows on your desktop. This means you can simultaneously run kde and gnome if you can't choose between the two. You can even nest WMs one inside the other.Like this example in which Xnest is running inside fluxbox which is running inside Xnest which is inside fluxbox which is inside Xnest....
Click image to view it in full size.
The other use is you can view desktops of other machines without running a vnc server.Here's an example where Im viewing the desktops of three different machines on my system.
Click image to view it in full size.
Now that you are excited here's how you use this tool, first you need this package xorg-x11-Xnest (I assume you are using xorg not xfree86, there's a different package for xfree86).
To start Xnest on your local display and make it the server on display :1 run the following command:
Xnest -ac -geometry 400x300 :1
The geometry option specifies the size of Xnest window, default is 3/4th of the screen.
To test if its working use this command:
xterm -display localhost:1
An xterm window should be inside the Xnest window. Well it hasn't been that exciting so far. Now for some fun:
gnome-session --display=localhost:1
You would be running gnome inside another WM. This gets even more exciting.
SSH to any other machine and use this command:
gnome-session --display=your-ip:1
Now you have a remote gnome session inside a window. You can run different window managers this way. I leave the rest to your imagination
Update: The site hosting the pics is down so until I find a new web host the page will be broken.
PHP after a long long time
Ever since I had started writing this blog I had one major problem with it; The lack of control. Numerous times I thought I would write my own blog engine and put it up on my shell but two factors stopped me: 1.Lack of time. 2.Reliability of my shell provider. Then I thought I could atleast enhance my blog with my own code and link it from here. One more problem: I hadn't used PHP for 2 years now. But anyway after about 3-4 hours I was able to get this stats page working with complete logging. How is it? I know its too plain for all you eye candy lovers. For a moment I thought about making it more 'attractive' but decided against it. If anybody needs the code and info on how to do it just leave a comment. P.S: You need to have access to a webserver with PHP for it to work. After some requests I've created a howto on creating the stats thing, here's it: Counter howto One thing I forgot to mention in the article read your log.txt for goodies.I repeat I do not accept any responsibility for the usability/stability of the code.
Read More......Tuesday, September 12, 2006
Kind of neat I would say
I had been avoiding this for so long now. Daily I would login to my computer and have to open connections to the proxy,ltsp server and the test server. Then open a root terminal. Open firefox and another firefox instance which was by forwarding of X from the test server to Xnest. Reason for forwarding was simple, my connection to interet was through the proxy which was monitored. I was free to do anything with the test server connection(play with my blog/slashdot). Here's how I did it
#start mrxvt with 5 terminals, one with shell of proxy, then ltsp, then testserver
#then a local root shell and finally a normal shell. I also hid the scrollbar and
#changed default colors and set lines in memory to 200
mrxvt -sb -sl 200 -fg GREEN -bg BLACK -tnum 5 -vt0.e "ssh root@proxy" \
-vt1.e "ssh root@ltsp" -vt2.e "ssh root@test" -vt3.e "sudo bash" &
#local firefox window
firefox &
#Start Xnest on display 0 and make it the server on localhost:1
sudo Xnest -ac :1 &
#Start fluxbox WM inside Xnest
fluxbox -display :1 &
#Forward firefox from testserver to my machine
ssh test "firefox --display=192.168.2.213:1" &
#Finally start my local window manager
exec fluxbox
Learning CSS the hard way
I was getting kind of bored today and didn't really have anything to post so what I decided to do was edit my blog's template. The only problem was I have little HTML/CSS knowledge. My HTML knowledge is limited to form tag which I needed to pass to PHP scripts. But I decided it was the time to learn something new so I got down to editing it little by little. The end result : Im a little more satisfied now especially since I got the content thing wider than before(which took a lot of effort btw until I figured out the outer wrapper width should be greater than main wrapper+sidebar wrapper).Anyways what do you think. I'll be working on this template in the next few days so stick around.
Read More......Friday, September 08, 2006
Disappointing digital fortress
Last night I stayed up till 4 even though I had slept 6 hours in two days because I was reading this book by Dan Brown -"Digital Fortress". The reviews of this book were amazing but reading it was quite disappointing, for non geeks the book would be a great read but for me every few minutes I would go like "Dude this is crap". Dan Brown didn't seem to have researched the topic of crypto quite well. The most disappointing part was the climax. The puzzle that had to be solved to stop the 'virus' took 60 pages and I had got the answer after reading the first few and the rest of the pages I went through wondering how stupid does Dan Brown imagine his readers to be. There were a lot of holes in the story too which Im too lazy to discuss here. Bottomline : A waste of 7-8 hours.
Read More......Thursday, September 07, 2006
Lyrics that haunt me
This is a long.. post Matchbox Twenty - Unwell All day staring at the ceiling Making friends with shadows on my wall All night hearing voices telling me That I should get some sleep Because tomorrow might be good for something Hold on Feeling like I'm headed for a breakdown And I don't know why But I'm not crazy, I'm just a little unwell I know right now you can't tell But stay awhile and maybe then you'll see A different side of me I'm not crazy, I'm just a little impaired I know right now you don't care But soon enough you're gonna think of me And how I used to be...me I'm talking to myself in public Dodging glances on the train And I know, I know they've all been talking about me I can hear them whisper And it makes me think there must be something wrong with me Out of all the hours thinking Somehow I've lost my mind Lithium - Nirvana I'm so happy 'cause today I've found my friends ... They're in my head I'm so ugly, but that's okay, 'cause so are you ... We've broken our mirrors Sunday morning is everyday for all I care ... And I'm not scared Light my candles, in a daze 'Cause I've found god Hey, hey hey Coming back to life - Pink Floyd Where were you when I was burned and broken While the days slipped by from my window watching Where were you when I was hurt and helpless Because the things you say and the things you do surround me While you were hanging yourself on someone else's words Dying to believe in what you heard I was staring straight into the shining sun Lake of fire - Nirvana Where do bad folks go when they die? They don't go to heaven where the angels fly They go down to the lake of fire and fry Won't see them again 'till the fourth of July Now the people cry and the people moan And they look for a dry place to call their home And try to find some place to rest their bones While the angels and the devils try to make them their own When Im Gone - 3 Doors Down There's another world inside of me That you may never see There're secrets in this life That I can't hide Somewhere in this darkness There's a light that I can't find Maybe it's too far away... Or maybe I'm just blind... Maybe I'm just blind... Drift and Die - Puddle of Mudd Ignorance spreads lies How much will money buy Well I'll take my time As I drift and die I guess that's enough for now, there are many more songs I can't get out of my head but the last few feeks its been the above ones.
Read More......Stuff that pisses me off!
Kind of People I hate due to their internet habits: 1.The 1337 speak kind. When someone says to me H3110 2.People fucking up English by using self invented words The difference between using proper capitalization and 3.People using stupid punctuation to express excitement. 4.People who leave public away messages on IRC. I think you 5.People who before asking questions start begging like "Please 6.People who ask questions before RTFM(Reading the fucking Well this is not all but 98% of the stuff that pisses me off.
instead of Hello it makes me wannt to kill.
and no punctuation and never using proper capitalization
which save a few micro seconds of time.
An example: hw r u i tried 2 call u yestday bt u were busy
I mean is it really so time consuming to use 'clueful-english'?
punctuation and not using it is as simple as
I helped my uncle Jack, off a horse.
i helped my uncle jack off a horse
(Taken from bash)
Example: hi!!!!!!!!!!!!!!!!!!!!!!!!
Wouldn't hi! suffice?
would agree with me on this. Its so irritating when you are
having an interesting convo and an idiot pops a message
Shithead is away(Reason: Emptying my bowels).
Its only a good thing that it earns an auto +b in most of
the channels Im in.
help me", "I need help". We know you are asking because you need
help crying aloud only makes you look like an idiot.
Manual) or googling. This attitude sickens me.
My choices with software
OS Server: Debian OS Desktop: Ubuntu Browser: Tough choice b/w konqueror and firefox, konqueror would win by miles if all pages rendered on it correctly Mail client: kmail Programming language: Python Text editor: nano (Most people would regard this lame but I haven't got the patience to learn vi :() Ftp server: vsftpd Mail server: postfix Desktop: fluxbox without doubt Terminal emulator: mrxvt;provides all the features of the bigger terminals like gnome's and kde's but yet is very small and incredibly fast. IRC client: irssi IM: gaim;there isn't much choice anyway File manager: konqueror Audio player: xmms Video player: mplayer If you think I've forgotten some useful software, its because I don't use them or I find thier choice trivial.
Read More......Im back
The last few days were hell, I went through a hard time with cold and fever, the good news is I've recovered and feel as good as new. The downside to recovery was a lot of pending work at office so I was quite busy, have a few spare moments now which Im using to surf some of my favourite websites,check out mail messages and other stuff. Talking about websites Im giving a list of my favouite sites(which I can think of right now) take a look through them,they sure as hell are interesting.
*slashdot.org This is the ultimate geek site and one can get quite addicted easily.
*bash.orgAbsoloutely the greatest collection of web humour. Things hardly get funnier than those quotes.
*osix.netI would regard this is site as one that got me hooked to programming have been a regular member there ever since. I just wish I could solve the last level arghh.
*mathschallange.netAs you might have guessed I love solving these kind of puzzles. Even after having solved one puzzle in more than an year Im still No.1 in India yay!
*google.comHasn't somedoy yet mentioned to you STFG(Search the fucking google), I think this is going to become more important than RTFM(Read the fuckin manual) in *nix history because it simply is the best search engine out there.
*And of course this magical web page The magic site
Friday, September 01, 2006
Our future: A dark possibility
Date: 12 Aug 2020
Bob comes into his house, he looks very worried. He rushes to his
computer. He pulls out a drive and inserts a new one. He switches
on his internet connection and types something. Instantly there appears a
welcome message on the screen "Welcome to windows 2020". On
the next screen he is shown all details about himself and asked to verify
them(All his details came from his IP address). He looks at
the disk in his hand which had a version of linux but since it contained a
cryptography software it was illegal to use it as were all
other Operating Systems except win.
He is interrupted by a phone call. Its from John's wife . Bad news
John's been arrested. Bob learns that John had given the new
record of Pretty Bitches to one of his friends to listen. Bob was quite
shocked he knew John could be an idiot sometimes but this was
too much. He assures John's wife that he would try to pull some strings.
But inside he knew John was in deep trouble. He wondered why he
lent the record. As soon as the record was inserted in the player APA(Anti
Piracy Agency) was informed because the costemer ID on the
album and the player did not match which led to John and his friend's
arrest. He tries to get hold of some people from the record
company to see if they could make a settlement with John.
Thinking of John he recalls the day he was arrested for using PGP in an
email. Any form of cryptography was illegal except skipjack
which could be decrypted by the goverment when they desired. Every form of
communication was intercepted by the goverment which had
developed special AI programs to sense any dangerous messages or any other
illegal content even in voice conversation. DRM(Digital
Rights Management) ruled the lives of people.You could buy nothing without
it bieng enforced.
He is reminded that he has to get rid of his linux disk. He takes it and
throws it into the fireplace.That's the only place where
the law agencies wouldn't get any evidence. Near the fireplace he sees his
picture with his friends from 2006 standing in front of the
University library of course now libraries are a thing of the past.
Libraries had to be closed down since they led to sharing of
copyrighted material which wasn't in the best interest of the authors. The
last time he had been to a library was 2014. Oh good old
days.
Sometimes Bob thought was it worth living, you have no privacy now every
choice you make is decided by someone else. It was even
impossible to say anything against it too. What happened to the free
speech stuff? But now he had got used to it. Time changes a lot of
stuff.
Think this is a joke? I hope it turns out to be but the fact is we are
progressing in that direction. Read these articles you would get
a little idea of what I mean.
Digital rights Management
How NSA was built into windows
