Archive for January, 2014

Apache SSLCertificateChainFile adding SSL with Certificate Chain / What is Certificate Chain

Friday, January 31st, 2014

configure-apache-ssl-certificate-chain-ssl-certificate-keychain-each-signing-each-other

If you work in a big company with large network infrastructure who has to deal with SSL Certificates you will sooner or later will have to learn about existence of SSL Certificate Chains.
Its worthy thus to know what is SSL Certificate Chains and how such a chain is configured in Apache?

Personal SSL certificates (certificates issued to an individual or a company) can be used by clients to uniquely identify themselves when they are involved in starting an SSL connection.
SSL Certificate file contains X.509 certificate, which, in turn, contains a public key used for encryption.
Each personal certificate has zero or more certificate chains of certification authority certificates that extend back to the root certification authority.
 

Certificate R (Root Certification Authority)
    |
    | represents issuer of
    V
Certificate I1 (Intermediate Certification Authority)
    |
    | represents issuer of
    V
Certificate I2 (A subsidiary Intermediate Certification Authority)
    |
    | represents issuer of
    V
Certificate I3 (A further subsidiary Intermediate Certification Authority)
    |
    | represents issuer of
    V
Certificate P (A personal certificate that is used to identify its owner 
               on an SSL handshake)

Certificate chains are used to verify the authenticity of each certificate in that chain, including the personal certificate. Each certificate in the chain is validated using its 'parent' certificate, which in turn is validated using the next certificate up the chain, and so on, from the personal certificate up to the root certification authority certificate.

Now after explaining thoroughfully what is SSL Certificate Chain, here is how to configure a SSL Certificate in Apache Webserver.

Open apache2.conf or httpd.conf (depending on GNU / Linux distribution) and add to it;

  SSLEngine On
   SSLCertificateFile conf/cert/webserver-host.crt
   SSLCertificateKeyFile conf/cert/webserver-host.key
   SSLCertificateChainFile conf/cert/internet-v4.crt
   # SSLCertificateChainFile conf/cert/intranet-v3.crt
   SSLOptions +StdEnvVars +OptRenegotiate +ExportCertData

SSLCertificateChainFile conf/cert/chain-cert.crt
loads a chain of separate Personal SSL certificates each signing each other on different levels, chain is leading to top ROOT CA (Certificate Authority).

Oracle: Get database, tables and instances access permissions

Thursday, January 30th, 2014

Oracle user get permissions of table database and instances access
If you are logged in to Oracle SQL server with sqlplus and you're not sure to which Database, Tables, Object instances you have permissions to below 2 queries will be of use:

SQL> SELECT DISTINCT OWNER, OBJECT_NAME  FROM ALL_OBJECTS  WHERE OBJECT_TYPE = 'TABLE';

Query lists all queries in a Oracle table schema. Alternavite shorter way to do the query is via:

SQL> SELECT table_name FROM user_tables;

SQL> SELECT * FROM TAB;

Shows your own schema's all tables and views.

Other oracle useful query is the Oracle equivalent of MySQL SHOW TABLES;

SQL> SELECT table_name FROM user_tables;

It will also output info only for logged in user credentials, if you're logged in as oracle database administrator (DBA role) account and you would like to check what Instances are owned by any user lets say user GEORGI query should be;

SQL> SELECT DISTINCT OWNER, OBJECT_NAME  FROM ALL_OBJECTS  WHERE OBJECT_TYPE = 'TABLE' AND OWNER = 'GEORGI;

Other way to do it is via:

SQL> SELECT Table_Name from All_Tables WHERE OWNER = 'YOURSCHEMA';

Russian Arcade old school electronic game for your mobile – Russian Eggs (Nu Pogodi)

Thursday, January 30th, 2014

 

 

I still remember the days of  "Electronic Games".  As a citizen of Bulgaria – a country which was almost a Soviet Republic (in alliance with the Soviet Union)  and due to existence of separation between Communistic and Democratic societies, we the kids of the Eastern Block didn't have the opportunity to play the so popular in that time in democratic "free world" arcade games on consoles like Nintendo and Atari. Nomatter that in  Soviet Union times there were a couple of electronic games.  Games were not advanced and were copying already concepts existing in games produced by major game company producers like Konami,  Data East, Atari and Nintendo. Russian console like games were a separate game device running its own hardware and software, the major company producing that games was the legendary Electronika.

Nupogodigame-russian-best-arcade-electronic-game-of-1986

Elektronika was so emblematic in Soviet Union times that there is probably no kid who used to be a citizen of the USSR who doesn't remember playing some of  Elektronika's games. The most famous game produced by the company is "Ну Погоди" / Nu Pogodi (Wolf / Vylk) and was popular under emblematic name "Eggs".
the-merry-cook-the-cheerful-cook-veseliy-povar-nintendo-fp-24

The hardware of the Eggs game was actually a clone of famous Nintendo game console  – Nintendo EG-26 Eg.
There were a couple of other games which was remake of "The Wolf / Eggs" like "The Merry (Cheerful) Cook" – "Весельiй Повар"  running on Nintendo FP-24 Chef, Explorers of Space (1989) (running on MG-13) and a couple of others.

MG-13-Explorers-of-Space_1989

So why I bring back this old good memories ? 🙂 Because my readers who remember the Eggs game should know the game has a remake application for Android OS under name Eggs. To install it follow prior link or (Type in Google PlayStore "Eggs" or "Russian Eggs"), install and bring back the mania of the old days of the distant 1989 to 2014!!! 🙂

eggs_electronic-russian-arcade-game

There is no question whoever thought of porting the game for Android was a genious as the size of most middle class mobile smart phones almost perfectly fits the size of the original Nu Pogodi!
The game surely can be a time eater as it is addictive 🙂 The sound effects of the game brings back child memories and are pure joy .
Its nice that the game had a remake asour children can enjoy the same old school arcade game of youth of their fathers 🙂

That's all folks, Enjoy the Wolf 🙂

My struggles to find good substitute for old QWERTY Nokia 9300 Communicator and The Death of QWERTY Smart phones

Monday, January 27th, 2014

Nowadays having a a touch screen mobile phone has become like a standard. I'm not such a big fan of Touch screen technology, thus I've been fighting with the idea to own a touch screen phone for a year or so. Just till recently I happily lived with my old Nokia 9300i with a physical QWERTY keyboard for already 4 years.

Unfortunately lately while talking with my Nokia I started getting frequent voice interruptions missing words in my phone call conversations and need to ask person I'm talking to, to repeat his words / sentence in order to understand what is communicated .. I'm economic person and therefore don't like bying anything new if it is not absolutely necessary so I opened the phone and clean it hoping that this will solve the conversation issues but with no luck. With this half-usable mobile my only option left was to buy a new mobile phone.

I'm not very rigorious on what a mobile phone should be and I'm very much minimalist by heart so I was thinking of bying new cheapest available Nokia phone on the market and solve my "issue" quick and efficient,  only problem was  I'm quite used already of using my handy QWERTY phone as a note taking device thus I preferred to not buy a keypad mobile phone but get again a smartphone with physical QWERTY.

I have consulted with some friends who are more knowledgable on what's latest on mobile phone market with a question what will be a good substitute for my Nokia Communicator 9300i and heard comments like:
'IPhone is the most functional and superior in interface', while some friends and colleagues adviced me:
'Choose an Android based phone as Android is Linux based and gives more freedom to the user as well as has more free applications to install'

I appreaciated my friends help but I didn't like the idea to buy a Smartphone with a touchscreen display – virtual keyboard is not so confortable as having a physical one and besides this is a very slow interface compared to physical keys. Thus initially strongly rejected the idea of bying a phone without a physical keyboard. After some weeks of pondering and checking in the market – in 3 Major mobile operators shops in Bulgaria MTel, Globul and VIVACOM and HANDY store. I've find out currently on the market there is no good price / quality and functionality ratio (qwerty keyboard mobile) available. My options were limited to either by a Nokia Asha 210 or some variance or a Blackberry mobile.

nokia_asha_210_mobile_phone

In first glimpse I liked the Nokia ASHA 210 – QWERTY powered mobile  but after noticing the blue Facebook "F" button got quickly jolted.
The sales lady offered me a couple of other Nokias with Qwerty keyboard as well as a Blackberry 9320 Curve.

blackberry_curve_smart_mobile_phone
After a quick test of all QWERTY mobiles, found the intertface on both is so inferior to IPhone's IOS and Android based phones.
I asked my HP workmates for advice of a good QWERTY bundled mobile phone with Android and was referred to Motorolla Droid 3 – which seems to among the only options on the market for mobile Phone which have both Android Operating System and a Physical QWERTY keyboardMotorolla Droid 3 seemed to be exactly the mobile I was looking for but unfortunately it is not available in Mobile phones stores in Bulgaria and only in bulgaria is only offered for sale as a second hand and I had to buy it over the Internet (I prefer not to buy on the Internet). Even if I bought it as second hand  DROID 3's price is too high for my budget – 250 EUR!

Motorola-Droid-3-mobile-nokia-9300i-substitute

I wanted to buy economic phone and same time to have a good balance between price and phone modernity, same time don't tie myself with mobile operator yearly tax plan thus decided to pay my whole mobile price in cache (no credits, no binding 2 / 3 year conversation plans).

After evaluating the options on Market I stopped on two mobiles identical by price 150 EUR I could choose between Samsung Galaxy Trend Lite or ZTE Blade 3. The sales lady adviced me its better to get the ZTE Blade 3 than Samsung Galaxy Trend Lite (S7350) because ZTE has better Camera (5 Mpixels), a better Display and has much less hardware issues than Samsung Galaxy Lite.

Samsung-Galaxy-Trend-Lite-S7390-smart-mobile-phone

 

Finally I bought the ZTE Blade 3 and nowdays I'm trying to get used to it and to be honest even with a week passed I still can't get used to the Virtual Keyboard

Android interface is quite shiny but a little bit chaotic if compared to design use interface I've tested on IPhones. Android OS seems to behave very weird at times but in general is quite easy to use. Managing / installing / Removing applications from Google AppStore is done by only 2 clicks. My major concern on Android is its highly addictive. I've catch myself, since last week I spend much more time using my mobile than before with my Nokia Communicator …
ZTE-Blade-III-Black-smart-phone

To conclude it I would say living with a smartphone has its advantagous (you can easily check weather prognosis / news) and do a number of things with it, but it is addictive .. obviously its easy to  become an Android addict and spend your free time on useless stuff like installing / testing new apps and playing with phone. Having a smartphone just like I priorly suspected is a big time eater and it seems my hypothesis  that its better to live without a smart phone is true. But who knows, perhaps its just a moment addictiveness just like with any new thing posession – time will show. In meantime I believe my ZTE Blade III – purchase was a good deal as it gives me opportunity to explore Android OS. I'll stop here with my ranting and excuse myself if the article was too boring …Please drop me a comment with mobile types and names who had QWERTY keyboard and a modern OS. Very sadly it seems the QWERTY hardware keyboard mobiles will soon be dead and gone …

Make your WordPress Blog or Site Mobile Friendly with WPTouch plugin

Friday, January 24th, 2014

make your wordpress mobile friendly plugin wordpress mobile seo logo

I bough a new Mobile Phone changing my old Nokia Communicator 9300i (powered by Symbian) with ZTE Blade 3 with Android. I'm not a big fan of big mobility myself. However as I already have it decided to test my blog with Mobile phone default browser and my blog theme looked really crappy. Knowing that the amount of Mobile devices on the Internet is increasing dramatically these days raises the chance my blog is found by Mobile user thus its nice my blog to be Mobile ready well …

To solve that I did a quick search in google and found WPToucha mobile plugin for WordPress that automatically enables a simple and elegant mobile theme for mobile visitors of your WordPress website
To install it downloaded the plugin in usual /var/www/blog/wp-content/plugins , enabled it and refreshed in Android Mobile Browser and my blog appeared great in a theme specially designed for mobile browsers as you can see in below screenshot:

my-blog-outlook-in-mobile-android-browser-with-wptouch-wordpress-plugin-screenshot

If you still haven't tried WPTouch give it a try.

FreeBSD 10.0 RELEASE is out pkg_add FreeBSD default package manager to be substituted with pkg

Thursday, January 23rd, 2014

freebsd 10 is out logo pkg add to be removed - freebsd big news pkg_add to be substituted by another package manager

New latest version of FreeBSD 10.0-RELEASE is out this. FBSD 10  is the latest stable release of 10 branch. The biggest change in FBSD 10 is removal of long time used pkg_add and its substitute with the newer and more advanced pkg. For BSD users who don't know pkg  stiill check out handbook on pkgng

Key highlights of FreeBSD 10 as taken from FreeBSD-10.0-RELEASE announcement;
 

  • GCC is no longer installed by default on architectures where clang(1) is the default compiler.

  • Unbound has been imported to the base system as the local caching DNS resolver.

  • BIND has been removed from the base system.

  • make(1) has been replaced with bmake(1), obtained from the NetBSD Project.

  • pkg(7) is now the default package management utility.

  • pkg_add(1), pkg_delete(1), and related tools have been removed.

  • Major enhancements in virtualization, including the addition of bhyve(8), virtio(4), and native paravirtualized drivers providing support for FreeBSD as a guest operating system on Microsoft Hyper-V.

  • TRIM support for Solid State Drives has been added to ZFS.

  • Support for the high-performance LZ4 compression algorithm has been added to ZFS.

    There is a big news for Raspberry Pi lovers as from FreeBSD 10 there is an official support for Raspberry Pi
    Happy new release. Cheers to testers 🙂

Mysql: How to disable single database without dropping or renaming it

Wednesday, January 22nd, 2014

mysql rename forbid disable database howto logo, how to disable single database without dropping it
A colleague of mine working on MySQL database asked me How it is possible to disable a MySQL database. He is in situation where the client has 2 databases and application and is not sure which of the two databases the application uses. Therefore the client asked one of the database is disabled and wait for few hours and see if something will break / stop working and in that way determine which of the two database is used by application.

My first guess was to backup both databases and drop one of them, then if it is the wrong one to restore from the SQL dump backup, however this wasn't acceptable solution. So second I though of RENAME of database to another one and then reverting the name, however as it is written in MySQL documentation RENAME database function was removed from MySQL (found to be dangerous) since version 5.1.23 onwards. Anyhow there is a quick hack to rename mysql database using a for loop shell script one below:

mysql -e "CREATE DATABASE \`new_database\`;"
for table in `mysql -B -N -e "SHOW TABLES;" old_database`
do
  mysql -e "RENAME TABLE \`old_database\`.\`$table\` to \`new_database\`.\`$table\`"
  done
  mysql -e "DROP DATABASE \`old_database\`;"

Other possible solution was to change permissions of Application used username, however this was also complicated from mysql cli, hence I thought of installing and using PHPMyAdmin to make modify of db user permissions easier but on this server there wasn't Apache installed and MySQL is behind a firewall and only accessible via java tomcat host.

Finally after some pondering what can be done I came with solution to request to disable mysql database using chmod in /var/lib/mysql/data/, i.e.:

sql-server:~# chmod 0 /var/lib/mysql/databasename

Where databasename is the same as the database is named listable via mysql cli.

After doing it that way with no need to restart MySQL server database stopped to appear in show databases; and client confirmed that disabled database is no longer needed so we proceeded dropping it.

Hope this little article will help someone out there. Cheers :

Windows 7 change windows behavior like XP How to / Make Windows 7 act like XP

Tuesday, January 21st, 2014

If you haven't worked for a while with Windows (since the days when XP was standard modern OS) you might be amazed that Windows like me. You might feel pretty unconfortable to work with Windows 7's "dock style" taskbar – showing application icons instead of buttons.

dock-style-taskbar-windows-7-screenshot

People who are traditionalist like me would definitely prefer to change this stupid behavior to "Windows Classic". Here is how to do it:

1. Right click on any open area on taskbar and choose Properties

properties-on-empty-taskbar-windows-7-screenshot
2. From Taskbar -> Taskbar Buttons choose (Never Combine).

Never Combine – option makes every new Window to show as a separate one instead of Grouping the Windows by application.
In some cases choosing (Combine when TaskBar) is full is nice new option, so you might want to check it out for a while and see if you can get used to it.

never_combine_windows-7-make-windows-look-like-XP-and-2000

3. Make Windows Start menu panel look like Windows 2000 (clear up unnecessary mambo-jumbo design)
I very much like simplicity thus I don't like Microsoft's choise to make Start Menu panel look like a Christmas Tree. To revert back:

On any empty space on the Desktop press Right Mouse button (Choose Personalize); Scroll down and choose (Windows Classic theme)

windows-personalize-screenshot-windows-classics

That will change Windows to look normal again 🙂

windows-start-menu-screenshot

Cheers 🙂

MySQL SSL Configure Howto – How to Make MySQL communication secured

Wednesday, January 15th, 2014

mysql-over-ssl-how-to-configure-logo how to configure ssl on mysql server

Recently I've been asked How to make communication to MySQL database encrypted. The question was raised by a fellow developer who works on developing a Desktop standalone application in Delphi Programming Language with DevArt an (SQL Connection Component capable to connect Delphi applications to multiple databases like MySQL, Oracle, PostgreSQL, Interbase, Firebird etc.

Communicating in Secured form to MySQL database is not common task to do, as MySQL usually communicates to applications hosted on same server or applications to communicate to MySQL are in secured DMZ or administrated via phpMyAdmin web interface.

MySQL supports encrypted connections to itself using Secure Socket Layer (SSL) encryption. Setting up MySQL db to be communicated encrypted is a must for standalone Desktop applications which has to extract / insert data via remote SQL.
Configuring SQL to support communicated queries encrpytion is supported by default and easily configured on most standard Linux version distributions (Debian, RHEL, Fedora) with no need to recompile it.
1. Generate SSL Certificates

$ mkdir /etc/mysql-ssl && cd mysql-ssl

# Create CA certificate
$ openssl genrsa 2048 > ca-key.pem
$ openssl req -new -x509 -nodes -days 3600 \
         -key ca-key.pem -out ca-cert.pem

Create server certificate, remove passphrase, and sign it
server-cert.pem is public key, server-key.pem is private key
$ openssl req -newkey rsa:2048 -days 3600 \
         -nodes -keyout server-key.pem -out server-req.pem

$ openssl rsa -in server-key.pem -out server-key.pem
$ openssl x509 -req -in server-req.pem -days 3600 \
         -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem

Create client certificate, remove passphrase, and sign it
client-cert.pem is public key and client-key.pem is private key
$ openssl req -newkey rsa:2048 -days 3600 \
         -nodes -keyout client-key.pem -out client-req.pem

$ openssl rsa -in client-key.pem -out client-key.pem
$ openssl x509 -req -in client-req.pem -days 3600 \
         -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem

After generating the certificates, verify them:

$ openssl verify -CAfile ca-cert.pem server-cert.pem client-cert.pem
 

2. Add SSL support variables to my.cnf

Once SSL key pair files are generated in order to active SSL encryption support in MySQL server, add to (/etc/my.cnf,  /etc/mysql/my.cnf, /usr/local/etc/my.cnf … ) or wherever config is depending on distro

# SSL
ssl-ca=/etc/mysql-ssl/ca-cert.pem
ssl-cert=/etc/mysql-ssl/server-cert.pem
ssl-key=/etc/mysql-ssl/server-key.pem

3. Restart MySQL server

/etc/init.d/mysqld restart
...

4. Create SQL user to require SSL login

Create new user with access to database;

GRANT ALL ON Sql_User_DB.* TO Sql_User@localhost;
FLUSH PRIVILEGES;

To create administrator privileges user:

GRANT ALL PRIVILEGES ON *.* TO ‘ssluser’@'%’ IDENTIFIED BY ‘pass’ REQUIRE SSL;
FLUSH PRIVILEGES;

5. Test SSL Connection with MySQL CLI client or with few lines of PHP

To use mysql cli for testing whether SSL connection works:

$ mysql -u ssluser -p'pass' –ssl-ca /etc/mysql-ssl/client-cert.pem –ssl-cert /etc/mysql-ssl/client-key.pem

Once connected to MySQL to verify SSL connection works fine:

mysql> SHOW STATUS LIKE 'Ssl_Cipher';
 +---------------+--------------------+
| Variable_name | Value              |
 +---------------+--------------------+
| Ssl_cipher    | DHE-RSA-AES256-SHA |
+---------------+--------------------+

If you get this output this means MySQL SSL Connection is working as should.

Alternative way is to use test-mysqli-ssl.php script to test availability to mysql over SSL.

$conn=mysqli_init();
mysqli_ssl_set($conn, '/etc/mysql-ssl/client-key.pem', '/etc/mysql-ssl/client-cert.pem', NULL, NULL, NULL);
if (!mysqli_real_connect($conn, '127.0.0.1', 'ssluser', 'pass')) { die(); }
$res = mysqli_query($conn, 'SHOW STATUS like "Ssl_cipher"');
print_r(mysqli_fetch_row($res));
mysqli_close($conn);

Note: Change username password according to your user / pass before using the script

That's all now you have mysql communicating queries data over SSL