Archive for July, 2010

Upgrading to latest GeoIP PHP module on Debian Lenny 5 (Install latest GeoIP from pear)

Friday, July 30th, 2010

In order to be able to use the geoip function geoip_time_zone_by_country_and_region I had to upgradethe default debian lenny version of php5-geoip (1.0.3-1) to the latest 1.0.7 aviable as a pecl package.

In order to upgrade to the newer php-geoip 1.0.7 I had to first remove the old php5-geoip version installed through debian package manager.

debian-server:~# dpkg -r --purge php5-geoip

Notice that if you don’t do a apache restart after removing the php5-geoip, if your php scripts has something that deals with php geoip then your Apache server is gonna fail until restarted, therefore to omit the failed Apache issues and possible downtimes issue a apache restart before continuing.

debian-server:~# /etc/init.d/apache2 restart

Then I tried installing the newer php5 geoip using pecl
thus I issued:

debian-server:~# pecl install geoip

…. But guess what the built failed with an error:

checking for geoip files in default path… not found

To deal with the php geoip compile issue I had to install:
libgeoip-dev – Development files for the GeoIP library

debian-server:~# apt-get install libgeoip-dev

Then again I installed using the pecl interface pecl php pcakage install interface.

debian-server:~# pecl install geoip

Thereafter I had to also include extension=geoip.so in php.ini

debian-server:~# echo "extension=geoip.so" >> /etc/php5/apache2/php.ini

Needless to say for the new geoip module to take effect you need to restart your Apache webserver.

debian-server:~# /etc/init.d/apache2 restart
Now this will enable the unexisting geoip_time_zone_by_country_and_region function in the earlier releases than 1.0.4 of php geoip.
So your geoip_time_zone_by_country_and_region should be ready to use from your php scripts from now on.

The greatest tracker (demoscene) composers / Purple Motion, Necros, Skaven, Pro-XeX

Thursday, July 29th, 2010

For all of us who yet remember the Demoscene , Purple Motion, Necros and Skaven are absolutely legendary names.
Their music work contribution for tracked Electronic music, video games music and general development of the IT culture is truly invaluable.

Many younger computer users (I’m 26 now), and probably IT starters would probably never heard about neither Demoscene nor Purple Motion or the other three patriarchs of tracked Electronic music.

This musicians have a special value for people who has ever composed music with Impulse Tracker and the many other programs to compose music from samples.

Purple Motion has his own home page for quite some time now, however I just noticed that he has recently turned his home page to a PHPBB Forum where there is plenty of information about the composer as well as open discission and many questions and answers of people who are interested into the great electronic composer.

The “foster-father” of tracked electronic music is Necros.
Necros is the Artistic Pseudonim of Andrew Sega, probably his most notable piece of music work is called mech8Mechanism 8 .

The third by significance electronic musician who is probably known by the many old school computer users and musicians is Skaven .
Skaven is part of the Future Crew .

One of the most notable Skaven music works is actually the soundtrack song produced for the Second RealityDemo .
It’s worthy to say few words about Future Crew as well, Future Crew (link to wikipedia)
– “Future Crew is a now-defunct group of Finnish computer coders and artists who created PC demos and software, active mostly between 1992 and 1994.”
You might also consider checking Necros profile in modarchive
There you can find plenty if not all of his works for download and listening.
A descendant of the the 3 up-mentioned wonderful tracker musicians is Pro-XeX also known under the artistic pseudonim Necroleak
Though his works are much later first originating from the distant 1995 his works are comparable by quality and goodness to (PM, Necros and Skaven’s works).
If you really want to completely turn back some memories about the good old times when we used to use DOS environment and to listen the great old MOD, S3M, XM etc. songs with the good old Cubic player which is already available under the free port called Open Cubic Player

A port is even available for most UNIX platforms You can download and install the Linux / Unix port of Cubic player here plus on the below link you will find some brief instructions on how to make it work on Debian, Ubuntu, Redhat, Gentoo and FreeBSD.

Under Debian Lenny, Squeeze/Sid installing opencubicplayer is pretty easy and comes to simple installation via apt-get as follows:

debian-desktop:~# apt-get install opencubicplayer

First time I’ve noticed Cubic player I should admit it was a real joy to know there is already a Unix port since Linux and BSD are my OS choice for almost 10 years already.
Another possible way to play the old school songs on Linux is through the well known console player mikmod
I’ve prepared a downloadable song archive for each of the 3 great electronic composers (Purple Motion, Necros, Skaven) on my personal webserver.

Below I present you with links to their music.

Download all tracked music by Purple Motion

Download Necros composed music works

Download the songs composed by Skaven

Download a collection of all composed songs by Pro-XeX / Necroleak

I have few other composers who are very liked by me, their music works can be obtained through my tracked music tiny collection available here

Many of the demos created and works by Jonne Valtonen known under the artistic pseudonim Purple Motion are currently uploaded and available for watching via Youtube – (search) Purple Motion

I’ll close this post with a the Award Winning Demos (Second Reality and Panic) which are the most notable produced Computer Simulation Demos of all times created by the collossal Future Crew group.


Second Reality by Future Crew [ Winner Demo of Assembly ’93 competition ]


Panic by Future Crew


Toasted by Cubic Team & $een
Also don’t forget to check The ultimate source for MOD Music – modarchive.org

Fix an extra slash beeing added during domain redirect to www with mod_rewrite

Wednesday, July 28th, 2010

I have recently added a redirect to www forwarding for a domain using mod_rewrite capabilities.
The exact mod rewrite rules I in my <VirtualHost> used was:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^pc-freak.net
RewriteRule (.*) https://pc-freak.net/$1 [R=301,L]

Nevertheless the redirect was okay I have noticed that everytime the redirect has been in move from domain.com to www.domain.com an extra slash has been added included right after the domain, an example of the unwanted behaviour I have encountered is illustrated in the picture below:

Double Splash domain issue in mod_rewrite redirect to www

A help from a good guy in irc.freenode.net #httpd under the alias jink told me that me that in order to solve the extra slash added to the url I need to modify the rewrite rules to look like the one below:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^pc-freak.net
RewriteRule (.*) http://pc-freak.net$1 [R=301,L]

Thanks God This solved the issues.

How to remove the numbers from a string with PHP

Tuesday, July 27th, 2010

I’ve recently looked for a way to remove numbers from a string using what is available in php.
Crawling trough the net first thing I found was using the php code:

<?php
function remove_numbers($string) {
$vowels = array("1", "2", "3", "4", "5", "6", "7", "8", "9", "0", " ");
$string = str_replace($vowels, '', $string);
return $string;
}
$string='This string will have all numbers removed - 213 555 3930';
echo remove_numbers($string);
?>

Though this is not a bad approach it takes too much code to do a very simple task thus I googled around fod a better solution and found some examples which I used as a basis to come up with exactly what I was looking for, so enough jabberish here is the code to remove all numbers from a string:

$string = preg_replace("/[0-9]/", "", $string);

Same is also possible using ereg_replace in older < 4.x php releases, though it’s completely depreciated now in php 5 >.
There should be plenty of other ways to remove numbers from a variable string, hence any user suggestions are very welcome!

Install grsecurity kernel security from binary package (without kernel recompile) on Debian and Ubuntu

Monday, July 26th, 2010

GRsecurity is since long time known that it is a next generation armouring agains 0 day local kernel exploits as well as variousof other cracker attacks.
Grsecurity is an innovative approach to security utilizing a multi-layered detection, prevention, and containment model. It is licensed under the GNU GPL.
GRSecurity is linux kernel patch which has to be applied to the kernel before compile time. However we’ve been lucky and somebody has taken the time and care to prepare linux image binary deb packages for Debian and Ubuntu .

Some of the key grsecurity features are :

  • An intelligent and robust Role-Based Access Control (RBAC) system that can generate least privilege policies for your entire system with no configuration
  • Change root (chroot) hardening
  • /tmp race prevention
  • Prevention of arbitrary code execution, regardless of the technique used (stack smashing, heap corruption, etc)
  • Prevention of arbitrary code execution in the kernel
  • Reduction of the risk of sensitive information being leaked by arbitrary-read kernel bugs
  • A restriction that allows a user to only view his/her processes
  • Security alerts and audits that contain the IP address of the person causing the alert

To install from the http://debian.cr0.org/ grsecurity patched kernel image repository use the following steps:

1. Include in your /etc/apt/sources.list

deb http://ubuntu.cr0.org/repo/ kernel-security/
deb http://debian.cr0.org/repo/ kernel-security/

Directly from the bash command line execute:

debian:~# echo "deb http://ubuntu.cr0.org/repo/ kernel-security/" >> /etc/apt/sources.list
debian:~# echo "deb http://debian.cr0.org/repo/ kernel-security/" >> /etc/apt/sources.list

2. Add the debian.cr0.org repository gpg key to the trusted repositories key ring

Download the repository’s gpg key , check it (it has been signed with the repository owner GPG key )

Thence from to include the gpg key to the trusted repos key issue:

debian:~# apt-key add kernel-security.asc

3. Install the linux-image-grsec package itself

Currently to install on my x86_amd64 Debian Squeeze/Sid and possibly on Debian Lenny I’ve issued:


debian:~# apt-get update
debian:~# apt-get install linux-image-2.6.32.15-1-grsec

Now simply restarting your system and choosing the Linux kernel patched with the GRsecurity kernel patch from Grub should enable you to start using the grsecurity patched kernel.
Though this tutorial is targetting Debian it’s very likely that the grsecurity hardened kernel installation on Debian will be analogous.

Install Google Chrome Web Browser Chrome on 32 and 64 bit Debian Lenny and Squeeze/Sid Linux

Sunday, July 25th, 2010

Linux Tux Google Chrome

I’ve decided to write a short post on how to install in a quick manner Google Chrome on Debian GNU/Linux.

There are few reasons why you would consider installing Chrome, however the most obvious one is is the browser speed.
I should admit the browsing experience with Chrome looks and feels far better compared to Iceweasel (e.g. Firefox) on Debian.
It could be that web loading speed performance with Epiphany or Opera is similar to Chrome in terms of velocity, apart from the faster browser experience with Google Chrome, I’ve seen reports online that sometimes Google Chrome behaves better when it comes to multimedia audio and video streams online.

Another thing I notice in Google Chrome is that it’s generally much lighter and loads the base browser times faster than Iceweasel.

The most accurate way to install Chrome on Debian Linux is using Google Linux repositories

So to install add to your /etc/apt/sources.list the following google linux repo

# Google software repository
deb http://dl.google.com/linux/deb/ stable non-free main

e.g.

debian-deskop:~# echo "deb http://dl.google.com/linux/deb/ stable non-free main" >> /etc/apt/sources.list

Then update your repositories list with apt-get:

debian-desktop:~# apt-get update

Next choose your google chrome preferred release between the available (beta, stable and unstrable) version.
I’ve chose to install the Google Chrome stable release apt-getting it like shown below

debian-desktop:~# apt-get install google-chrome-stable

Now the google chrome will be ready to use to start using it either start it up from the Gnome / KDE Menus or exec the command:

debian-desktop:~$ google-chrome

So far so good, you will have now a gnome browser, however what is really irritating is the default behaviour of the chrome install by default it tampers with the default browser configured for my whole Linux desktop system in other words it automatically links:

/etc/alternatives/gnome-www-browser to -> /usr/bin/google-chrome as well as,
/etc/alternatives/x-www-browser to -> /usr/bin/google-chrome

Well I wasn’t happy with that unwarranted install behaviour of Google Chrome therefore I decided to reverse my default Gnome and System Browser back to Epiphany.

First I removed the links to /usr/bin/google-chrome

debian-desktop:~# rm -f /etc/alternatives/gnome-www-browser
debian-desktop:~# rm -f /etc/alternatives/x-www-browser

And thereafter I linked it back to Epiphany

debian-desktop:~# ln -sf /usr/bin/epiphany /etc/alternatives/gnome-www-browser
debian-desktop:~# ln -sf /usr/bin/epiphany /etc/alternatives/x-www-browser

How layman should address the Orthodox Spiritual Clergy according to their Church Rank

Saturday, July 24th, 2010

His Holiness Patriarch of Bulgaria Maxim
His Beautitude Patriarch Maxim – Patriarch of the Bulgarian Orthodox Church

While browsing online I have came across an interesting page which explains the Clergy Etiquette accepted in the Orthodox Christian Church
Since the reading could seem too long for the lazy ones I’ll try to synthesize some of the proper appeals to the priesthood and the clergy.

1. Greeting a Priest a Deacon or their wives

If we have to address a Deacon or a Priest we should use the the title “Father”. The Priest’s wife is addressed differently according to the Orthodox Church nationality she belongs to.

In the Greek Orthodox Church, she is called Presbytera , in Russian Orthodox Church she is called Matushka in Serbian Orthodox Church priest’s life is called “Papadiya” in Bulgarian Orthodox Church respectively Priest or Deacon’s life is called “Popadyia” :), in Ukrainian Orthodox Church Prist life is called Panimatushka

The wife of a Deacon is called “Diakonisa” (derives from Greek).

2. How to properly greet a Bishop, Metropolitan or a monastery Abbot

We should properly address Metropolitans and Bishops with the title “Your Grace”. Though all Bishops (including Patriarchs) are equal in the Orthodox Church, they do have a different administrative duties and honours that accrue to their rank in that sense.

Here it’s important to mention that if a Bishop who has a suffragan or assistant Bishop, Metropolitan or Archibishop) should be addressed “Your Beautitude”.

The Abbot of a monastery is addressed as “The Very Reverend Abbot,” whether he holds Priestly rank or not and whether or not he is an Archimandrite by rank.

3. How to address a Patriarch of an National Orthodox Church

“Your Beatitude” is the proper title for Patriarchs (except for the Ecumenical Patriarch in Constantinople, who is addressed as “Your Al Holiness”).

4. How to address a Deacon

Deacons in the Orthodox Church are addressed as “The Reverend Deacon,” if they are married Deacons. If they are Deacons who are also monks, they are addressed as “The Reverend Hierodeacon.”

5. How to address to Monk

All male monastics in the Orthodox Church are called “Father,” whether they hold the Priesthood or not, and are formally addressed as “Monk (name),” if they do not have a Priestly rank. If they are of Priestly rank, they are formally addressed as “Hieromonk” or “Hierodeacon”.

6. How to properly address a Num or an Abbess

Women monastics are formally addressed as “Nun (name)” or “Rasophore-nun (name),” etc., and the Abbess of a convent is addressed as “The Very Reverend Abbess.” Though traditions for informal address vary, in most places, Rasophore nuns are called “Sister,” while any monastic above the rank of Rasophore is called “Mother.” Novices are addressed as “Sister.”

7. How to request a blessing from a Priest, A Bishop Archibishop, Hieromonk a Metropolitan or a Patriarch

When we approach near an Orthodox Priest, a Bishop, Archibishop a Hieromonk an Abbot a Metropolitan or Patriarch the right order of things is to come near the person then bow down until touching the floor with our right hand, then place our right hand over the left (palms upward), and say: Bless Father or Bless Your Grace or Bless Your Eminance , herein as you see after the Bless phrase we should include the Church rank of the blessing Clergyman.

The Priest, Metropolitap, Bishop, Patriarch etc. then answers gives us a blessing with a words similar to:

“May the Lord bless you,” or “May God bless you.

It’s interesting to explain that whenever a Bishop, Archibishop a Metropolitan or a Patriarch Blesses us he forms the The Sign of the Cross and places his right hand in our hands.
Receiving his spiritual blessing, we then kiss the blessing one’s hand.
We do this as a reverence for his Apostolic Office or Priesthood rank (if priest) and as a sign of our humility to Christ and his Church order.
More importantly, however, since both hold the Holy Mysteries in their hands during the Divine Liturgy, we show respect to the Holy Eucharist when we kiss their hands.
In fact, Saint John Chrysostomos once said that if one were to meet an Orthodox Priest walking along with an Angel, that he should greet the Priest first and kiss his hand, since that hand has touched the Body and Blood of our Lord. For this latter reason, we do not normally kiss the hand of a Deacon.
When we take leave of a Priest or Bishop, we should again ask for a blessing, just as we did when we first greeted him.
When the Priest or Bishop blesses us, he forms his fingers to represent the Christogram “ICXC” a traditional abbreviation of the Greek words for “Jesus Christ” (i.e., the first and last letters of each of the words “IHCOYC XRICTOC”).

Besides that it’s not proper for us laymen to address a monk with the title “Brother”, this is a traditional latin custom and is not correct according to Orthodox Church tradition.
Here an important moment to note is that it’s not correct to address a Priest, Bishop, Metropolitan patriarch with his family name.
They should be addressed with their first names like for instance: “Bishop John of San Francisco”).
Its also important to explain that in many Slavonic Orthodox Churches we use to call the Bishops or Metropolitans with the title “Vladika”, which literally translated to English means “Master”.

8. How to Greet a Clergy on the Telephone

Whenever you speak to Orthodox clergy of Priestly rank on the telephone, you should always begin your conversation by asking for a blessing: “Father, bless.” When speaking with a Bishop, you should say “Bless, Despota” (Greek) or “Bless Vladika” (Slavonic). It’s also appropriate to say “Bless Your Grace” or “Bless your Eminance”.
Again before ending the concersation with the cleric you should ask for a blessing once again.

9. Proper form to address a Clergy in a Letter

When we write to a clergyman (and, by custom, monastics), we should open our letter with the greeting, “Bless, Father.”
At the end of the letter, it is customary to close with the following line: “Kissing your right hand….”
It is not appropriate to invoke a blessing on a clergyman, as many do: “May God bless you.” Not only does this show a certain spiritual arrogance before the image of the cleric, but laymen do not have the Grace of the Priesthood and the prerogative to bless in their stead.
Even a Priest properly introduces his letters with the words, “The blessing of the Lord” or “May God bless you,” rather than offering his own blessing.
Though he can do the latter, humility prevails in his behavior,too. Needless to say, when a clergyman writes to his ecclesiastical superior, he should ask for a blessing and not bestow one.

Few Iceweasel (Firefox) Web Development goodies (DOM Inspector), (Web Development plugin)

Friday, July 23rd, 2010

I’m trying to enter into web dev this days and I felt obliged to share with you about 3 interesting plugins for (Iceweasel) in Debian or Firefox if you’re running Linux or some other OS platform. The DOM Inspector , Error Console and HTML Validator Plugin are an absolutely must have ones if you’re into a serious web dev.

Herein I’ll write a short review to each of the nice FF plugins to get you a slight idea about them:

DOM Inspector

The DOM Inspector (also known as DOMi) is a developer tool used to inspect, browse, and edit the Document Object Model of documents – usually web pages or XUL windows. The DOM hierarchy can be navigated using a two-paned window that allows for a variety of different views on the document and all nodes within.

To proceed downloading the plugin use the following dom inspector download link

DOM Inspector Iceweasel Firefox ScreenShot
Here is how your DOM inspector would look like.

You see as you click a node in the DOM Inspector, the element in the page is highlighted so you can easily track down layout issues and CSS problems.

It’s an interesting fact that DOM Inpector is also available as a plugin for Thunderbird

It’s use on Thunderbird is similar to the Browser use e.g. as taken from DOM Inspector’s thunderbird plugin download page:

DOM INspector – “Inspect the DOM of HTML, XUL, and XML pages, including the mail chrome.”

To install DOM Inspector on Debian’s Iceweasel Firefox fork, use:

debian-notebook:~# apt-get install iceweasel-dom-inspector

It’s worthy to mention the Error Console which is a fundamental part of the DOM Inspector

The error console allows you to view real-time javascript errors and bad CSS declarations. This is a VERY handy little feature. You can open the Error Console in Firefox by selecting the ‘Tools’ > ‘Error Console’ menu. Once opened, you’ll probably want to hit ‘Clear’ and then refresh the page you’re checking for javascript and CSS errors.

To add the dom inspector extension to Thunderbird or as the fork is called in Debian (Iceape), execute the following command:

debian-notebook:~# apt-get install iceape-dom-inspector

2. Another completely mandatory plugin for a Web Developer this days is the Web Developer add-on plugin

This plugins has many goodies a web dev could benefit, some of the nice features it supports are:
the ability to modify and clear cookies and cache, display form details, disable enable css styles, disable page colors and tons of more handy stuff.

– Installing the Web Developer plugin on Debian again is a piece of cake with apt.

debian-notebook:~# apt-get install iceweasel-webdeveloper

There you go after restarting Iceweasel another bar field will appear in your browser, from there you can customize the web dev actions you would like to perform.

Here is a quick glimpse on the Web Developer plugin:
Web developer plugin on Iceweasel and Firefox

Besides that I suggest you check my older post which explains the importance for a website to be w3c compliant

How to solve (work around) an /etc/init.d/iptables failed issues caused by iptables Unknown error 18446744073709551615 on CentOS 5.5 Final

Wednesday, July 21st, 2010

Today I have encountered an oddity on CentOS release 5.5 (Final). The problem consisted in the iptables firewall not loading it’s rules.
After a bit of debugging I’ve found out that the whole issue was caused by a failure for /sbin/iptables-save to read the /etc/sysconfig/iptables stored iptables rules.

I’ve reviewed all the rules in the /etc/sysconfig/iptables and all of them appeared to be absolutely syntax correct, however since the iptables-restore command parser failed to load on a line after which was contaned the following iptables rules:

-A RH-Firewall-1-INPUT -m state --state NEW -p tcp -m tcp --syn -m recent --name synflood --set
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp -m tcp --syn -m recent --name synflood --update --seconds 1 --hitcount 100 -j DROP

Which had to deal with the server SYN Flood Protection I’ve decided to attempt to issue the iptables rules directly from the command line like so:

[root@centos-server ~]# iptables -A INPUT -m state --state NEW -p tcp -m tcp --syn -m recent --name synflood --set
[root@centos-server ~]# iptables -A INPUT -m state --state NEW -p tcp -m tcp --syn -m recent --name synflood --update --seconds 1 --hitcount 100 -j DROP

Executing the above iptables lines I was unpleasently surprised by the error:

iptables: Unknown error 18446744073709551615

Googling for the error led me to many discussions none of which has suggested a concrete reasons that causes the issue, so I finally decided to experiment on my own in order to find the solution.

By the way it’s imporant to mention that I have encounted the iptables: Unknown error 18446744073709551615 problem on a CentoS 5.5 (Final running kernel version:
Linux centos-server 2.6.18-194.3.1.el5 #1 SMP Thu May 13 13:08:30 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux

What is even more interesting is that another CentOS server running a kernel version:

Linux centos-server1 2.6.18-128.7.1.el5 #1 SMP Mon Aug 24 08:21:56 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux

is executing the above anti SYN flood iptables rules absolutely correctly.
Well I have to admit this is quite ODD. I have checked a module by module all modules related to iptables to assure myself that the error iptables: Unknown error 18446744073709551615 is not caused by a missing iptables related module on the server.
However all the iptables modules which was loaded on the server which was able to properly execute the iptables command without errors were loaded on the server where the error persisted.

Finally I’ve decided to completely remove the iptables anti-flood lines:

-A RH-Firewall-1-INPUT -m state --state NEW -p tcp -m tcp --syn -m recent --name synflood --set
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp -m tcp --syn -m recent --name synflood --update --seconds 1 --hitcount 100 -j DROP

And substitute my ANTI SYN FLOOD protection rules in /etc/sysconfig/iptables with the following iptable rules:

-N syn-flood
-A INPUT -i eth0 -p tcp --syn -j syn-flood
-A syn-flood -m limit --limit 1/s --limit-burst 4 -j RETURN
-A syn-flood -j DROP

The above iptables rules to protect against SYN FLOODS worked like a charm a simple restart of the firewall loaded the firewall with the new substituted rules.

[root@centos-server ~]# /etc/init.d/iptables restartFlushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
Loading additional iptables modules: ip_conntrack_netbios_n[ OK ]