Archive for July, 2013
Friday, July 19th, 2013 Whether you're forced to use MS Windows but still want to use as much as possible Free Software – i.e. Stay away from Non-Free Adobe Acrobat Reader. There is Sumatra PDF – a good alternative that reads well most of PDFs. For rendering PDF Sumatra PDF usees muPDF library. SumatraPDF is minimalistic software it does exactly what it is meant for – reads PDF. Unfortunately from version 0.6 of Sumatra there is DRM implemented (Digital Right Managements) so it is not possible to copy from DRM-ed documents.
Sumatra opens following formats: Open XML Paper Specification, DjVu, EPUB, XPS, CHM, CBZ and CBR, and MOBI files.
As of time of writting official Sumatra PDF version is at ver. 2.3.2
I've made mirror of Sumatra PDF 2.3.2 installer here , Sumatra PDF zipped is here
Sumatra PDF works on Windows XP, Vista, Win 7 & 7
One of key advantages of Sumatra PDF over Adobe Acrobat Reader is you don't need to update it all the time and it is much less likely that Sumatra PDF is hit by security flaw in PDF format.
For people who use Linux / BSD or some other Unix and want to stay free from proprietary Adobe Acrobat Reader two nice alternatives are default's GNOME PDF reader Evince and KDE's Okular
Tags: adobe acrobat reader, ed documents, evince, free adobe acrobat reader, free software, Gnome, Linux, ms windows, pdf reader, pdf version, PDFs, security flaw, sumatra pdf, unix, win 7
Posted in Everyday Life, Various, Windows | 1 Comment »
Tuesday, July 16th, 2013 
I had to fix old Notebook Dell Insspiron 1501 (890 mb ram and 1.60 Ghz CPU) notebook with Windows XP SP2. The notebook looks okay but as it is an old piece of hardware I decided to check hard drives for bad sectors with Windows (Check Disk) – chkdsk.
Running chkdsk via -> cmd.exe does not work because file system is in use and once you run chkdsk it does spit warning and error:
"Running CHKDSK in Read-Only mode".
Errors found. CHKDSK cannot continue in read-only mode
Because it checks hdd in read-only its check is not completely reliable and in case some bad block is matched it is not possible for chkdsk to write on HDD and try fix or move it to some free space blocks.
To work around this its necessary to run chkdsk with options:
chkdsk C: /v /f
This command brings out prompt like in below screenshot offering to run CHKDSK on C drive on next system boot before starting Windows services which does lock files on file system – making it unavailable for CHKDSK to read blocks on it.
The notebook had 3 Drives C:\, D:\ and E:\ so I run above command also on D:\ and E:\ to make sure there are no physical damages on D and E partitions, i.e.:
chkdsk D: /v /f
....
chkdsk E: /v /f
...
.....
Tags: bad sectors, c drive, chkdsk, free space, hard drives, notebook, partitions, physical damages, system boot, windows services, windows xp
Posted in Everyday Life, Various, Windows | No Comments »
Monday, July 15th, 2013 
I have to administer few inherited Linux servers with Ubuntu and Debian Linux. The servers hosts mainly websites with regularly un-updated Joomlas and some custom developed websites which were developed pretty unsecure. To mitigate hacked websites I already disabled some of most insecure functions like system(); eval etc. – I followed literally my previous tutorial PHP Webhosting security disable exec();, system();, open(); and eval();.
Still in logs I see shits like:
[error] [client 66.249.72.100] PHP Warning: mkdir(): No such file or directory in /var/www/site/plugins/system/jfdatabase/intercept.jdatabasemysql.php on line 161
Hence to prevent PHP mkdir(); and chown(); functiosn being active, I had to turn on in /etc/php5/apache2/php.ini – safe_mode . For some reason whoever configured Apache leave it off.
safe_mode = on
Hopefully by disabling this functions will keep cracker bot scripts to not create some weird directory structures on HDD or use it as mean to DoS overflow servers filesystem.
Hope this help others stabilize their servers too. Enjoy ! 🙂
Tags: apache, better security, chown, debian linux, directory structures, exec, Linux, linux servers, logs, overflow, safe mode, scripts, server security, tutorial php, Ubuntu
Posted in Various, Web and CMS | 1 Comment »
Saturday, July 13th, 2013 I'm doing a new postfix + dovecot installation and after following workaround.org guide, to create MySQL databases and testing by logging in with mysql cli and trying to create databases as pointed by guide I stubmed on error:
CREATE command denied to user 'mailuser'@'localhost' for table 'virtual_domains'
The error is because, mailuser doesn't have permissions to create tables in mailserver DB to fix that: I had to login in MySQL server as root and issue GRANT PRIVILEGES on table, i.e.:
mysql -u root -p
password:
mysql> GRANT ALL PRIVILEGES ON `mailserver`.* TO 'mailuser'@'localhost';
Problem Solved! 😉
Tags: mysql databases, postfix, Privileges, workaround
Posted in MySQL, Postfix | No Comments »
Friday, July 12th, 2013 
I had a Linux router which does NAT for a local network located behind a CISCO router receiving internet via its WAN interface routing traffic to Linux with IP 192.168.1.235. The Linux router has few network interfaces and routes traffic for networks; 192.168.1.0/24 and 192.168.10.0/24. Another Linux with IP 192.168.1.8 had to talk to 192.168.10.0/24 (because it was necessary to be able access ISCO's router web interface accessible via a local network interface with IP (192.168.10.1). Access to 192.168.10.1 wasn't possible from 192.168.1.8 because routing on NAT-ting Linux (192.168.1.235) to 192.168.10.0/24 network was missing. To make 192.168.1.8 Linux communicate with 192.168.10.1, had to add following routing rules with ip command on both the Linux with IP 192.168.1.235 and Linux host behind NAT (192.168.1.8).
1. On Server (192.168.1.235) run in root shell and add to /etc/rc.local
# /sbin/ip r add 192.168.10.0/24 via 192.168.1.235
And then copy paste same line before exit 0 in /etc/rc.local
Its good idea always to check routing, after adding anything new, here is mine:
# ip r show
192.168.5.0/24 dev eth0 proto kernel scope link src 192.168.5.1
192.168.4.0/24 dev eth0 proto kernel scope link src 192.168.4.1
192.168.3.0/24 dev eth0 proto kernel scope link src 192.168.3.1
192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.1
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.235
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.1
192.168.10.0/24 dev eth1 proto kernel scope link src 192.168.10.2
default via 192.168.10.1 dev eth1
2. And also on Second Linux host (192.168.1.8)
# /sbin/ip r add 192.168.10.0/24 via 192.168.1.235
To make routing permanent again paste in /etc/rc.local before exit 0
After above rules, I can normally ping and access hosts on class C network 192.168.10.1-255 from 192.168.1.8.
Tags: cisco, cisco router, hosts, kernel, Linux, linux router, local network, network interface, network interfaces, root shell, ting, traffic, wan interface, web interface
Posted in Linux, Networking, System Administration | No Comments »
Wednesday, July 10th, 2013
Something very unique, I stumbled on some time ago and worthy to mention and recommend for everyone to test is MenuetOS. Can you imagine, someone might write an operating system entirely from scratch in 32 / 64 bit Assemler? Idea sounds crazy and impossible but in fact developers of MenuetOS already achieved it!
Normally every modern operating system nowadays is based on some kind of UNIX / Linux / or NT (Windows) technology or at least follows some kind of POSIX standartization.
The design goal of MenuetOS since the first release in year 2000, is to remove the extra layers between different parts of an OS. The more the layers more complicated the programming behind is and therefore this creates bugs more bugs. MenuetOS follows the idea of KISS model (Keep It Simple Stupid). Its amazing what people can write in pure asm programming!! 64 bit version of menuet is also backward compatible with 32 bit. MenuetOS supports mostly all any other modern OS does. Here is list of Supported Features:
- – Pre-emptive multitasking with 1000hz scheduler, multithreading, multiprocessor, ring-3 protection
- – Responsive GUI with resolutions up to 1920×1080, 16 million colours
- – Free-form, transparent and skinnable application windows, drag'n drop
- – SMP multiprocessor support with currently up to 8 cpus
- – IDE: Editor/Assembler for applications
- – USB 2.0 HiSpeed Classes: Storage, Printer, Webcam Video and TV/Radio support
- – USB 1.1 Keyboard and Mouse support
- – TCP/IP stack with Loopback & Ethernet drivers
- – Email/ftp/http/chess clients and ftp/mp3/http servers
- – Hard real-time data fetch
- – Fits on a single floppy, boots also from CD and USB drives
MenuetOS has fully functional Graphic interface (environment). Though it is so simple it is much more fast (as written in assembler) and behaves more stable than other OS-es written in C / C++.
Its bundled with a POP3 / Imap mail client soft
As of time even some major legendary Games like Doom, Quake, Sokoban and Chess are ported to MenuetOS !!!
MenuetOS Doom
Quake I port on MenuetOS
Below are some more screenshots of Apps and stuff running
The world famous Maniac Mansion (1987)
Arcade Classic of 16 bit and 8 bit computers Prince of Persia running on top of dosbox on MenuetOS
For those who like to program old school MenuetOS has BASIC compiler, C library (supports C programming), debuggers, Command Prompt.
It even supports Networking and has some most popular network adapters drivers as well as has basic browsing support through HTTP application.
You can listen music with CD Player but no support for mp3 yet.
To give MenuetOS a try just like any other Live Linux distribution it has Bootable LiveCD version – you can download it from here
MenuetOS is a very good for people interested to learn good 32 bit and 64 bit Assembler Programming.
Enjoy this unique ASM true hacker OS 😉
Tags: ASM, basic, bit, good, Keep It Simple Stupid, kind, language, Loopback Ethernet, Maniac Mansion, modern operating system, network adapters, posix, support, time, USB, Webcam Video
Posted in Computer Security, Curious Facts, Everyday Life, System Administration | No Comments »
Wednesday, July 10th, 2013 
Whether you have to administrate a bunch of chaotic organized MySQL servers and amount of work is more than you can bear it is very common you make stupid mistakes, like loosing MySQL root adminsitrator password. There is way to recover password by stopping SQL server and starting it with –skip-grant-tables options via SSH , however if you do it that way there is at least few seconds of down time and as its not a good idea on productive servers Debian and Ubuntu Linux admins have better way to do it by using MySQL default user used to check whether all is fine with database on MySQL server initialization via /etc/init.d/mysql. User with GRANT PRIVILEGES, (all MySQL administrator users have grant privileges) on Debian based distributions is debian-sys-maint and whether you have root access to server you can easily obtain password with:
# grep -i -E 'user|pass' /etc/mysql/debian.cnf |uniq
user = debian-sys-maint
password = k6x6tBUBfHN3ZxHv
Using this password then you can login via mysql cli or via PhpMyAdmin, whether installed and do any normal SQL operation you do as root. Of course having this password in plain text file can be very dangerous, by default it is configured to be only red by root be careful not to change this permissions by default as anyone who has access to system can then access your SQL as administrator.
To reset MySQL root password once logged in run:
UPDATE USER set password=PASSWORD('NEW_PASS_WORD') where USER='root';
FLUSH PRIVILEGES;
Enjoy 😉
Tags: default user, distributions, Linux, mysql administrator, mysql servers, phpmyadmin, Privileges, root password, server initialization, stupid mistakes, ubuntu linux
Posted in Computer Security, Linux, MySQL, System Administration, Various | No Comments »
Monday, July 8th, 2013 
I just configured new dedicated server. One of requirement was dedicated server to support connections via FTP transfer protocol and few users to have access via it.
I added users with required permissions to directory structure and went on to test it with Linux ftp command, i.e.:
hipo@pcfreak:~$ ftp remote-host-name
Connected to remote-host-name.com
220 ProFTPD 1.3.3a Server (Matusala) [xx.xxx.xxx.xxx.xx]
Name (Matusala:hipo): testing-user
331 Password required for testing-user
Password:
230 User testing-user logged in
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
200 PORT command successful
425 Unable to build data connection: No route to host
ftp> exit
221 Goodbye.
As you see from above FTP paste even simple commands like "ls" failed to work with error:
425 Unable to build data connection: No route to host
I thought somehow I have configured on server some paranoid firewall, so tested same connection with iptables rules flushed, e.g.:
matusala:~# iptables -F
matusala:~# iptables -t nat -F
Even after flushing firewall message persisted, so I googled around to see the what causes the error. The same error was hit by many users, and as I read, understand what causes is FTP server host is located behind some DMZ or firewall (as it was not my firewall I suppose, the dedicated provider has some firewall rules which are blocking FTP traffic on standard FTP TCP / UDP ports, port 20 and 21 ).
Fix is to enable in Linux kernel ip_nat_ftp or in newer Linux kernels module nf_nat_ftp:
matusala:~# modprobe ip_nat_ftp
matusala:~# modprobe nf_nat_ftp
or
To make ip_nat_ftp load permanently on Debian and Ubuntu servers:
matusala:~# echo 'ip_nat_ftp' >> /etc/modules
matusala:~# echo 'nf_nat_ftp' >> /etc/modules
One important note to make here is if you're testing the connection between two Linux servers it is possible the server from which you're running the client to have missing nf_nat_ftp loaded, so if error persist and you're testing remote FTP server from local ftp client on linux load same modules on localhost and you're done 🙂
Tags: binary mode, client error, dedicated server, directory structure, firewall rules, ftp command, host name, kernel, Linux, linux ftp, matus, modprobe, Protocol, server host, udp ports
Posted in Linux, System Administration | No Comments »
Friday, July 5th, 2013 
I had some complains from Web Developers who constantly was working on a Testing Web Development server. That their opened PhpMyadmin in browser is often closing opened session (auto logging out) with an error:
No activity within 1440 seconds; please log in again
This message was driving crazy people, as often they code something in PHP and design a new table or something and refreshing in browser blocked their work flow process with this annoying error …
Thanksfully there is an easy fix to that, just raise the time limit via /etc/phpmyadmin/config.inc.php
First its necessary to enable cookies authentication (by default it is commented):
Line:
//$cfg['Servers'][$i]['auth_type'] = 'cookie';
should be:
$cfg['Servers'][$i]['auth_type'] = 'cookie';
PHPMyAdmin 1140 seconds (24 minutes) timeout behavior behavior is controlled through variable:
cfg['LoginCookieValidity']
Also it is necessary to increase timeout from server php.ini (in Debian and Ubuntu via /etc/php5/apache2/php.ini or in CentOS / RHEL / Fedora Linux by editting /etc/php.ini and changing 1h session expiry setting:
session.gc_maxlifetime = 3600
to
(60*60*8 = 28800 – 8 hrs)
session.gc_maxlifetime = 28800
By default cfg['LoginCookieValidity'] is omitted from config.inc.php so you have to insert it at end of file.
A reasonable timeout value is 8 hours. To change PhPMyadmin Login TimeOut to 8 hours:
$cfg['LoginCookieValidity'] = 60 * 60 * 8; // in seconds (8 hours)
If you want to make Timeout Expire almost never (and you don't care about security) set it to some extra high timeout like 1 year 🙂
$cfg['LoginCookieValidity'] = 3600 * 24 * 365; // 1 year
Tags: annoying error, authentication, config, crazy people, fedora linux, Linux, phpmyadmin, time limit, timeout value, web developers, web development server, work flow
Posted in Everyday Life, Various, Web and CMS | No Comments »
Thursday, July 4th, 2013 
One of most influential persons on Computing Douglas Engelbart passed away silently at age of 88 on 03 of July 2013. He worked at times where computing was in its dawn in late '60s . He become the Inventor of Computer Mouse Interface and played key role in developing much of the modern PC interface and his work on human – computer interaction.
Many of his research led indirectly to developing later a number of nowadays standard technologies such as Networking as we know it, The Hypertext Transmission (HTTP) and many of Modern graphical computer interface
I believe every IT should understand the significance of his works and should keep his name in short names along with Denis Ritchie who passed away last year, Ken Thompson and Johh McCarthy – also died last year . All of this people, indirectly changed our modern world by their genius inventions. Of course it is doubtful whether their scientific contribution doesn't make our life more miserable as half of people on earth today spend about 5 to 8 hours in front of some kind of computer or mobile computer screen (be it notebook, pad or smartphone mobile) …
One of first Douglas Engelbart famous works is "Augmenting Human Intellect: A Concept Framework" (1962). His had so much interesting idea and new information that it led to development of Augmentation Research Center (ARC).
Engelbart worked on things like bitmapped screens, collaborative tools and precursor of graphical user interface.
In 1967 he filed a patent for a primitive version of the Computer Mouse, the mouse was patented and later licensed to Apple for only 40000$ !
Augmentation Research Center later become involved working closely with ARPANET (Internet's predecessor). In ARC Engelbart along with other researchers invented things like hypertext, object addressing, dynamic file linking, shared screen collaboration.
After WWII Douglas studied electrical enginering at University of Califormania (Berkley) gruduated with Master in 1953 and later in 1955 earned a PhD. During studying in Berkley he get involved in construction of California Digital Computer Project. After his graduation he served as a professor in Berkley
He enrolled in graduate school in electrical engineering at University of California, Berkeley, graduating with an Master of Science degree in 1953, and a Ph.D. in 1955.[9] As a graduate student at Berkeley he assisted in the construction of the California Digital Computer project
- he would focus his career on making the world a better place;
- any serious effort to make the world better requires some kind of organized effort;
- harnessing the collective human intellect of all the people contributing to effective solutions was the key;
- if you could dramatically improve how we do that, you'd be boosting every effort on the planet to solve important problems — the sooner the better; and
- computers could be the vehicle for dramatically improving this capability
An important paper that severely influenced Engelbart's ideas is As We May Think – by VANNEVAR BUSH In 2005 Engelbart received a National Science Foundation grant to fund the open source HyperScope project.
Douglas Engelbart has been honored with multiple awards including National Medal of Technology by Bill Clinton in y. 2000. He is fellow of Computer History Museum, he has been active as IT innovator until the very late time in his life, one of his last written works is Boosting our Collective IQs from 1995. In personal plan he was married for Ballard (who died in 1997), from her he had 4 kids – Gerda, Diana, Christina and Norman. One of most unusual things for him is his second marriage in 2008 in age of 83! He left behind himself 9 grandchildren 🙂
Douglas is mostly famous in hacker culture for his demonstration of experimental computer technologies that are now commonplace in December 9, 1968 widely known as "The Mother of All Demos". Below is a Video capture of whole presentation, I believe every IT geek, hacker or just a computer involved person should watch it. One can see that this presentation later led to development of many of modern concepts in Computer Science used this very day including so popular nowadays FrameWork Programming
The Mother of All Demos, visual presentation of Experimental Computer Technology presented by Douglas Engelbart (1968)
Tags: arpanet, collaborative tools, computer screen, denis ritchie, douglas engelbart, graphical user interface, human computer interaction, human intellect, inventor of computer, inventor of computer mouse, ken thompson, key role, mobile computer, modern computer, primitive version
Posted in Everyday Life, News, Various | 1 Comment »
