Archive for January, 2014
Friday, January 31st, 2014 
If you work in a big company with large network infrastructure who has to deal with SSL Certificates you will sooner or later will have to learn about existence of SSL Certificate Chains.
Its worthy thus to know what is SSL Certificate Chains and how such a chain is configured in Apache?
Personal SSL certificates (certificates issued to an individual or a company) can be used by clients to uniquely identify themselves when they are involved in starting an SSL connection.
SSL Certificate file contains X.509 certificate, which, in turn, contains a public key used for encryption.
Each personal certificate has zero or more certificate chains of certification authority certificates that extend back to the root certification authority.
Certificate R (Root Certification Authority)
|
| represents issuer of
V
Certificate I1 (Intermediate Certification Authority)
|
| represents issuer of
V
Certificate I2 (A subsidiary Intermediate Certification Authority)
|
| represents issuer of
V
Certificate I3 (A further subsidiary Intermediate Certification Authority)
|
| represents issuer of
V
Certificate P (A personal certificate that is used to identify its owner
on an SSL handshake)
Certificate chains are used to verify the authenticity of each certificate in that chain, including the personal certificate. Each certificate in the chain is validated using its 'parent' certificate, which in turn is validated using the next certificate up the chain, and so on, from the personal certificate up to the root certification authority certificate.
Now after explaining thoroughfully what is SSL Certificate Chain, here is how to configure a SSL Certificate in Apache Webserver.
Open apache2.conf or httpd.conf (depending on GNU / Linux distribution) and add to it;
SSLEngine On
SSLCertificateFile conf/cert/webserver-host.crt
SSLCertificateKeyFile conf/cert/webserver-host.key
SSLCertificateChainFile conf/cert/internet-v4.crt
# SSLCertificateChainFile conf/cert/intranet-v3.crt
SSLOptions +StdEnvVars +OptRenegotiate +ExportCertData
SSLCertificateChainFile conf/cert/chain-cert.crt
loads a chain of separate Personal SSL certificates each signing each other on different levels, chain is leading to top ROOT CA (Certificate Authority).
Tags: apache, apache2, cert, certificate, Certificate Chain, com, company, conf, configured, deal, existence, httpd, individual, installation, key, parent, root, signing, SSL, webserver, www
Posted in Linux, System Administration, Web and CMS | 1 Comment »
Thursday, January 30th, 2014 
If you are logged in to Oracle SQL server with sqlplus and you're not sure to which Database, Tables, Object instances you have permissions to below 2 queries will be of use:
SQL> SELECT DISTINCT OWNER, OBJECT_NAME FROM ALL_OBJECTS WHERE OBJECT_TYPE = 'TABLE';
Query lists all queries in a Oracle table schema. Alternavite shorter way to do the query is via:
SQL> SELECT table_name FROM user_tables;
SQL> SELECT * FROM TAB;
Shows your own schema's all tables and views.
Other oracle useful query is the Oracle equivalent of MySQL SHOW TABLES;
SQL> SELECT table_name FROM user_tables;
It will also output info only for logged in user credentials, if you're logged in as oracle database administrator (DBA role) account and you would like to check what Instances are owned by any user lets say user GEORGI query should be;
SQL> SELECT DISTINCT OWNER, OBJECT_NAME FROM ALL_OBJECTS WHERE OBJECT_TYPE = 'TABLE' AND OWNER = 'GEORGI;
Other way to do it is via:
SQL> SELECT Table_Name from All_Tables WHERE OWNER = 'YOURSCHEMA';
Tags: credentials, Database, DBA, georgi, instances, oracle, queries, Query, say, schema, TABLE, YOURSCHEMA
Posted in Programming, Uncategorized, Various, Web and CMS | No Comments »
Thursday, January 30th, 2014
I still remember the days of "Electronic Games". As a citizen of Bulgaria – a country which was almost a Soviet Republic (in alliance with the Soviet Union) and due to existence of separation between Communistic and Democratic societies, we the kids of the Eastern Block didn't have the opportunity to play the so popular in that time in democratic "free world" arcade games on consoles like Nintendo and Atari. Nomatter that in Soviet Union times there were a couple of electronic games. Games were not advanced and were copying already concepts existing in games produced by major game company producers like Konami, Data East, Atari and Nintendo. Russian console like games were a separate game device running its own hardware and software, the major company producing that games was the legendary Electronika.
Elektronika was so emblematic in Soviet Union times that there is probably no kid who used to be a citizen of the USSR who doesn't remember playing some of Elektronika's games. The most famous game produced by the company is "Ðу Погоди" / Nu Pogodi (Wolf / Vylk) and was popular under emblematic name "Eggs".
The hardware of the Eggs game was actually a clone of famous Nintendo game console – Nintendo EG-26 Eg.
There were a couple of other games which was remake of "The Wolf / Eggs" like "The Merry (Cheerful) Cook" – "ВеÑельiй Повар" running on Nintendo FP-24 Chef, Explorers of Space (1989) (running on MG-13) and a couple of others.
So why I bring back this old good memories ? 🙂 Because my readers who remember the Eggs game should know the game has a remake application for Android OS under name Eggs. To install it follow prior link or (Type in Google PlayStore "Eggs" or "Russian Eggs"), install and bring back the mania of the old days of the distant 1989 to 2014!!! 🙂
There is no question whoever thought of porting the game for Android was a genious as the size of most middle class mobile smart phones almost perfectly fits the size of the original Nu Pogodi!
The game surely can be a time eater as it is addictive 🙂 The sound effects of the game brings back child memories and are pure joy .
Its nice that the game had a remake asour children can enjoy the same old school arcade game of youth of their fathers 🙂
That's all folks, Enjoy the Wolf 🙂
Tags: citizen, company, couple, Enjoy, game, games, hardware, Nintendo, running, Russian Arcade, Soviet Union
Posted in Entertainment, Everyday Life, Mobile Phone Apps & Games | No Comments »
Monday, January 27th, 2014 
Nowadays having a a touch screen mobile phone has become like a standard. I'm not such a big fan of Touch screen technology, thus I've been fighting with the idea to own a touch screen phone for a year or so. Just till recently I happily lived with my old Nokia 9300i with a physical QWERTY keyboard for already 4 years.
Unfortunately lately while talking with my Nokia I started getting frequent voice interruptions missing words in my phone call conversations and need to ask person I'm talking to, to repeat his words / sentence in order to understand what is communicated .. I'm economic person and therefore don't like bying anything new if it is not absolutely necessary so I opened the phone and clean it hoping that this will solve the conversation issues but with no luck. With this half-usable mobile my only option left was to buy a new mobile phone.
I'm not very rigorious on what a mobile phone should be and I'm very much minimalist by heart so I was thinking of bying new cheapest available Nokia phone on the market and solve my "issue" quick and efficient, only problem was I'm quite used already of using my handy QWERTY phone as a note taking device thus I preferred to not buy a keypad mobile phone but get again a smartphone with physical QWERTY.
I have consulted with some friends who are more knowledgable on what's latest on mobile phone market with a question what will be a good substitute for my Nokia Communicator 9300i and heard comments like:
'IPhone is the most functional and superior in interface', while some friends and colleagues adviced me:
'Choose an Android based phone as Android is Linux based and gives more freedom to the user as well as has more free applications to install'
I appreaciated my friends help but I didn't like the idea to buy a Smartphone with a touchscreen display – virtual keyboard is not so confortable as having a physical one and besides this is a very slow interface compared to physical keys. Thus initially strongly rejected the idea of bying a phone without a physical keyboard. After some weeks of pondering and checking in the market – in 3 Major mobile operators shops in Bulgaria MTel, Globul and VIVACOM and HANDY store. I've find out currently on the market there is no good price / quality and functionality ratio (qwerty keyboard mobile) available. My options were limited to either by a Nokia Asha 210 or some variance or a Blackberry mobile.
In first glimpse I liked the Nokia ASHA 210 – QWERTY powered mobile but after noticing the blue Facebook "F" button got quickly jolted.
The sales lady offered me a couple of other Nokias with Qwerty keyboard as well as a Blackberry 9320 Curve.
After a quick test of all QWERTY mobiles, found the intertface on both is so inferior to IPhone's IOS and Android based phones.
I asked my HP workmates for advice of a good QWERTY bundled mobile phone with Android and was referred to Motorolla Droid 3 – which seems to among the only options on the market for mobile Phone which have both Android Operating System and a Physical QWERTY keyboard. Motorolla Droid 3 seemed to be exactly the mobile I was looking for but unfortunately it is not available in Mobile phones stores in Bulgaria and only in bulgaria is only offered for sale as a second hand and I had to buy it over the Internet (I prefer not to buy on the Internet). Even if I bought it as second hand DROID 3's price is too high for my budget – 250 EUR!
I wanted to buy economic phone and same time to have a good balance between price and phone modernity, same time don't tie myself with mobile operator yearly tax plan thus decided to pay my whole mobile price in cache (no credits, no binding 2 / 3 year conversation plans).
After evaluating the options on Market I stopped on two mobiles identical by price 150 EUR I could choose between Samsung Galaxy Trend Lite or ZTE Blade 3. The sales lady adviced me its better to get the ZTE Blade 3 than Samsung Galaxy Trend Lite (S7350) because ZTE has better Camera (5 Mpixels), a better Display and has much less hardware issues than Samsung Galaxy Lite.
Finally I bought the ZTE Blade 3 and nowdays I'm trying to get used to it and to be honest even with a week passed I still can't get used to the Virtual Keyboard…
Android interface is quite shiny but a little bit chaotic if compared to design use interface I've tested on IPhones. Android OS seems to behave very weird at times but in general is quite easy to use. Managing / installing / Removing applications from Google AppStore is done by only 2 clicks. My major concern on Android is its highly addictive. I've catch myself, since last week I spend much more time using my mobile than before with my Nokia Communicator …
To conclude it I would say living with a smartphone has its advantagous (you can easily check weather prognosis / news) and do a number of things with it, but it is addictive .. obviously its easy to become an Android addict and spend your free time on useless stuff like installing / testing new apps and playing with phone. Having a smartphone just like I priorly suspected is a big time eater and it seems my hypothesis that its better to live without a smart phone is true. But who knows, perhaps its just a moment addictiveness just like with any new thing posession – time will show. In meantime I believe my ZTE Blade III – purchase was a good deal as it gives me opportunity to explore Android OS. I'll stop here with my ranting and excuse myself if the article was too boring …Please drop me a comment with mobile types and names who had QWERTY keyboard and a modern OS. Very sadly it seems the QWERTY hardware keyboard mobiles will soon be dead and gone …
Tags: Blackberry, conversation, functionality, Globul, good, hardware, IPhone, keypad, market, mobile phone, Motorolla Droid, Nokia Communicator, option, phone, phone call, QWERTY, Samsung Galaxy Trend Lite, speaking, standard, substitute, Touch, touchscreen, use, year
Posted in Everyday Life, Movie Reviews | 5 Comments »
Friday, January 24th, 2014 
I bough a new Mobile Phone changing my old Nokia Communicator 9300i (powered by Symbian) with ZTE Blade 3 with Android. I'm not a big fan of big mobility myself. However as I already have it decided to test my blog with Mobile phone default browser and my blog theme looked really crappy. Knowing that the amount of Mobile devices on the Internet is increasing dramatically these days raises the chance my blog is found by Mobile user thus its nice my blog to be Mobile ready well …
To solve that I did a quick search in google and found WPTouch – a mobile plugin for WordPress that automatically enables a simple and elegant mobile theme for mobile visitors of your WordPress website
To install it downloaded the plugin in usual /var/www/blog/wp-content/plugins , enabled it and refreshed in Android Mobile Browser and my blog appeared great in a theme specially designed for mobile browsers as you can see in below screenshot:
If you still haven't tried WPTouch give it a try.
Tags: Android Mobile Browser, article, blog, crappy, haven, Internet, Mobile, Nokia Communicator, plugin, simple, theme, top
Posted in Various, Web and CMS, Wordpress | No Comments »
Thursday, January 23rd, 2014 
New latest version of FreeBSD 10.0-RELEASE is out this. FBSD 10 is the latest stable release of 10 branch. The biggest change in FBSD 10 is removal of long time used pkg_add and its substitute with the newer and more advanced pkg. For BSD users who don't know pkg stiill check out handbook on pkgng
Key highlights of FreeBSD 10 as taken from FreeBSD-10.0-RELEASE announcement;
-
GCC is no longer installed by default on architectures where clang(1) is the default compiler.
-
Unbound has been imported to the base system as the local caching DNS resolver.
-
BIND has been removed from the base system.
-
make(1) has been replaced with bmake(1), obtained from the NetBSD Project.
-
pkg(7) is now the default package management utility.
-
pkg_add(1), pkg_delete(1), and related tools have been removed.
-
Major enhancements in virtualization, including the addition of bhyve(8), virtio(4), and native paravirtualized drivers providing support for FreeBSD as a guest operating system on Microsoft Hyper-V.
-
TRIM support for Solid State Drives has been added to ZFS.
-
Support for the high-performance LZ4 compression algorithm has been added to ZFS.
There is a big news for Raspberry Pi lovers as from FreeBSD 10 there is an official support for Raspberry Pi
Happy new release. Cheers to testers 🙂
Tags: architectures, default, FBSD, gcc, manager, operating, package, pkg, Raspberry Pi, support, system, TRIM, virtualization, ZFS
Posted in Everyday Life, FreeBSD, Various | No Comments »
Wednesday, January 22nd, 2014 
A colleague of mine working on MySQL database asked me How it is possible to disable a MySQL database. He is in situation where the client has 2 databases and application and is not sure which of the two databases the application uses. Therefore the client asked one of the database is disabled and wait for few hours and see if something will break / stop working and in that way determine which of the two database is used by application.
My first guess was to backup both databases and drop one of them, then if it is the wrong one to restore from the SQL dump backup, however this wasn't acceptable solution. So second I though of RENAME of database to another one and then reverting the name, however as it is written in MySQL documentation RENAME database function was removed from MySQL (found to be dangerous) since version 5.1.23 onwards. Anyhow there is a quick hack to rename mysql database using a for loop shell script one below:
mysql -e "CREATE DATABASE \`new_database\`;"
for table in `mysql -B -N -e "SHOW TABLES;" old_database`
do
mysql -e "RENAME TABLE \`old_database\`.\`$table\` to \`new_database\`.\`$table\`"
done
mysql -e "DROP DATABASE \`old_database\`;"
Other possible solution was to change permissions of Application used username, however this was also complicated from mysql cli, hence I thought of installing and using PHPMyAdmin to make modify of db user permissions easier but on this server there wasn't Apache installed and MySQL is behind a firewall and only accessible via java tomcat host.
Finally after some pondering what can be done I came with solution to request to disable mysql database using chmod in /var/lib/mysql/data/, i.e.:
sql-server:~# chmod 0 /var/lib/mysql/databasename
Where databasename is the same as the database is named listable via mysql cli.
After doing it that way with no need to restart MySQL server database stopped to appear in show databases; and client confirmed that disabled database is no longer needed so we proceeded dropping it.
Hope this little article will help someone out there. Cheers :
Tags: application, break, cli, client, com, databases, guess, How to, lib, mine, Mysql, Rename, server, situation, solution, something, wait, wasn, working
Posted in MySQL, System Administration, Various, Web and CMS | 4 Comments »
Tuesday, January 21st, 2014 If you haven't worked for a while with Windows (since the days when XP was standard modern OS) you might be amazed that Windows like me. You might feel pretty unconfortable to work with Windows 7's "dock style" taskbar – showing application icons instead of buttons.
People who are traditionalist like me would definitely prefer to change this stupid behavior to "Windows Classic". Here is how to do it:
1. Right click on any open area on taskbar and choose Properties
2. From Taskbar -> Taskbar Buttons choose (Never Combine).
Never Combine – option makes every new Window to show as a separate one instead of Grouping the Windows by application.
In some cases choosing (Combine when TaskBar) is full is nice new option, so you might want to check it out for a while and see if you can get used to it.
3. Make Windows Start menu panel look like Windows 2000 (clear up unnecessary mambo-jumbo design)
I very much like simplicity thus I don't like Microsoft's choise to make Start Menu panel look like a Christmas Tree. To revert back:
On any empty space on the Desktop press Right Mouse button (Choose Personalize); Scroll down and choose (Windows Classic theme)
That will change Windows to look normal again 🙂
Cheers 🙂
Tags: application, change, change windows, com, look, make, Make Windows Start, panel, Right Mouse, Windows, Windows Classic, windows xp, work, www, XP
Posted in Everyday Life, Various, Windows | 2 Comments »
Friday, January 17th, 2014 
I needed to import Oracle data dump on a Linux host. To do so on Linux using console its necessary to have installed sqlplus client sqlplus is part of Oracle database product. So you will need to have Oracle priorly installed on host. Latest sqlplus Client binaries from Oracle are here. As of time of writting latest client is oracle-instantclient12.1-basic-12.1.0.1.0-1.i386.rpm
Unfortunately currently from oracle's site oracle-instantclient is only available in RPM and ZIP format. So Debian and Ubuntu users will have to install it either by downloading zip and unarchiving somewhere or using alien (deb rpm install) tool.
As a pre-requirement to install on Debian or deb based Linuces its necessary to install libaio1
# aptitude install libaio1
Then unarchive .zip file into /opt/oracle
# mkdir -p /opt/oracle
# chown simon:simon /opt/oracle
# cd /opt/oracle
# su hipo
$ unzip instantclient-basic-linux.x64-12.1.0.1.0.zip
$ unzip instantclient-basic-linux.x64-12.1.0.1.0.zip
$ export LD_LIBRARY_PATH=/opt/oracle/instantclient_12_1/
$ export ORACLE_SID=skint02
Then to connect and import a database into Oracle DB:
sqlplus / as sysdba @sql/update_patient_status.sql
Table created.
Table created.
Table created.
Commit complete.
Its worthy to mention that there is a nice open source sqplus alternative for those who prefer working with open source check out GQLPlus
Tags: aptitude, basic, client, Commit, deb, dump, How to, Linux, login, name, open source, oracle, pwd, rpm, site, structure, unzip, writting, zip
Posted in Various, Web and CMS | No Comments »
Wednesday, January 15th, 2014 
Recently I've been asked How to make communication to MySQL database encrypted. The question was raised by a fellow developer who works on developing a Desktop standalone application in Delphi Programming Language with DevArt an (SQL Connection Component capable to connect Delphi applications to multiple databases like MySQL, Oracle, PostgreSQL, Interbase, Firebird etc.
Communicating in Secured form to MySQL database is not common task to do, as MySQL usually communicates to applications hosted on same server or applications to communicate to MySQL are in secured DMZ or administrated via phpMyAdmin web interface.
MySQL supports encrypted connections to itself using Secure Socket Layer (SSL) encryption. Setting up MySQL db to be communicated encrypted is a must for standalone Desktop applications which has to extract / insert data via remote SQL.
Configuring SQL to support communicated queries encrpytion is supported by default and easily configured on most standard Linux version distributions (Debian, RHEL, Fedora) with no need to recompile it.
1. Generate SSL Certificates
$ mkdir /etc/mysql-ssl && cd mysql-ssl
# Create CA certificate
$ openssl genrsa 2048 > ca-key.pem
$ openssl req -new -x509 -nodes -days 3600 \
-key ca-key.pem -out ca-cert.pem
Create server certificate, remove passphrase, and sign it
server-cert.pem is public key, server-key.pem is private key
$ openssl req -newkey rsa:2048 -days 3600 \
-nodes -keyout server-key.pem -out server-req.pem
$ openssl rsa -in server-key.pem -out server-key.pem
$ openssl x509 -req -in server-req.pem -days 3600 \
-CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem
Create client certificate, remove passphrase, and sign it
client-cert.pem is public key and client-key.pem is private key
$ openssl req -newkey rsa:2048 -days 3600 \
-nodes -keyout client-key.pem -out client-req.pem
$ openssl rsa -in client-key.pem -out client-key.pem
$ openssl x509 -req -in client-req.pem -days 3600 \
-CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem
After generating the certificates, verify them:
$ openssl verify -CAfile ca-cert.pem server-cert.pem client-cert.pem
2. Add SSL support variables to my.cnf
Once SSL key pair files are generated in order to active SSL encryption support in MySQL server, add to (/etc/my.cnf, /etc/mysql/my.cnf, /usr/local/etc/my.cnf … ) or wherever config is depending on distro …
# SSL
ssl-ca=/etc/mysql-ssl/ca-cert.pem
ssl-cert=/etc/mysql-ssl/server-cert.pem
ssl-key=/etc/mysql-ssl/server-key.pem
3. Restart MySQL server
/etc/init.d/mysqld restart
...
4. Create SQL user to require SSL login
Create new user with access to database;
GRANT ALL ON Sql_User_DB.* TO Sql_User@localhost;
FLUSH PRIVILEGES;
To create administrator privileges user:
GRANT ALL PRIVILEGES ON *.* TO ‘ssluser’@'%’ IDENTIFIED BY ‘pass’ REQUIRE SSL;
FLUSH PRIVILEGES;
5. Test SSL Connection with MySQL CLI client or with few lines of PHP
To use mysql cli for testing whether SSL connection works:
$ mysql -u ssluser -p'pass' –ssl-ca /etc/mysql-ssl/client-cert.pem –ssl-cert /etc/mysql-ssl/client-key.pem
Once connected to MySQL to verify SSL connection works fine:
mysql> SHOW STATUS LIKE 'Ssl_Cipher';
+---------------+--------------------+
| Variable_name | Value |
+---------------+--------------------+
| Ssl_cipher | DHE-RSA-AES256-SHA |
+---------------+--------------------+
If you get this output this means MySQL SSL Connection is working as should.
Alternative way is to use test-mysqli-ssl.php script to test availability to mysql over SSL.
$conn=mysqli_init();
mysqli_ssl_set($conn, '/etc/mysql-ssl/client-key.pem', '/etc/mysql-ssl/client-cert.pem', NULL, NULL, NULL);
if (!mysqli_real_connect($conn, '127.0.0.1', 'ssluser', 'pass')) { die(); }
$res = mysqli_query($conn, 'SHOW STATUS like "Ssl_cipher"');
print_r(mysqli_fetch_row($res));
mysqli_close($conn);
Note: Change username password according to your user / pass before using the script
That's all now you have mysql communicating queries data over SSL
Tags: administrator, application, change, cnf, common, data, databases, Debian, Delphi Programming Language, Desktop, DMZ, fellow, How to, make, multiple, null, openssl, password, pem, php, queries, rhel, script, setting, SSL, testing, username, variables
Posted in MySQL, System Administration, Web and CMS | No Comments »
