online Archives - ☩ Walking in Light with Christ - Faith, Computing, Diary ☩ Walking in Light with Christ

Posts Tagged ‘online’

How to Set Up SSH Two-Factor Authentication (2FA) on Linux Without Google Authenticator with OATH Toolkit

Wednesday, November 5th, 2025

Most tutorials online on how to secure your SSH server with a 2 Factor Authentication 2FA will tell you to use Google Authenticator to secure SSH logins.

But what if you don’t want to depend on Google software – maybe for privacy, security, or ideological reasons ?

Luckily, you have a choice thanks to free oath toolkit.
The free and self-hosted alternative: OATH Toolkit has its own PAM module libpam-oath to make the 2FA work the openssh server.

OATH-Toolkit is a free software toolkit for (OTP) One-Time Password authentication using HOTP/TOTP algorithms. The software ships a small set of command line utilities covering most OTP operation related tasks.

In this guide, I’ll show you how to implement 2-Factor Authentication (TOTP) for SSH on any Linux system using OATH Toolkit, compatible with privacy-friendly authenticator apps like FreeOTP, Aegis, or and OTP.

It is worthy to check out OATH Toolkit author original post here, that will give you a bit of more insight on the tool.

1. Install the Required Packages

For Debian / Ubuntu systems:

# apt update
# apt install libpam-oath oathtool qrencode
...

For RHEL / CentOS / AlmaLinux:

# dnf install pam_oath oathtool

The oathtool command lets you test or generate one-time passwords (OTPs) directly from the command line.

2. Create a User Secret File

libpam-oath uses a file to store each user’s secret key (shared between your server and your phone app).

By default, it reads from:

/etc/users.oath

Let’s create it securely and set proper permissions to secure it:

# touch /etc/users.oath

# chmod 600 /etc/users.oath

Now, generate a new secret key for your user (replace hipo with your actual username):

# head -10 /dev/urandom | sha1sum | cut -c1-32

This generates a random 32-character key.
Example:

9b0e4e9fdf33cce9c76431dc8e7369fe

Add this to /etc/users.oath in the following format:

HOTP/T30 hipo - 9b0e4e9fdf33cce9c76431dc8e7369fe

HOTP/T30 means Time-based OTP with 30-second validity (standard TOTP).

Replace hipo with the Linux username you want to protect.

3. Add the Key to Your Authenticator App

Now we need to add that secret to your preferred authenticator app.

You can create a TOTP URI manually (to generate a QR code):

$ echo "otpauth://totp/hipo@jericho?secret=\
$(echo 9b0e4e9fdf33cce9c76431dc8e7369fe \
| xxd -r -p | base32)"

You can paste this URI into a QR code generator (e.g., https://qr-code-generator.com) and scan it using FreeOTP , Aegis, or any open TOTP app.
The FreeOTP Free Ap is my preferred App to use, you can install it via Apple AppStore or Google Play Store.

Alternatively, enter the Base32-encoded secret manually into your app:

# echo 9b0e4e9fdf33cce9c76431dc8e7369fe | xxd -r -p | base32

You can also use qrencode nice nifty tool to generate out of your TOTP code in ASCII mode and scan it with your Phone FreeOTP / Aegis App and add make it ready for use:

# qrencode –type=ANSIUTF8 otpauth://totp/hipo@jericho?secret=$( oathtool –verbose –totp 9b0e4e9fdf33cce9c76431dc8e7369fe –digits=6 -w 1 | grep Base32 | cut -d ' ' -f 3 )\&digits=6\&issuer=pc-freak.net\&period=30

qrencode will generate the code. We set the type to ANSI-UTF8 terminal graphics so you can generate this in an ssh login. It can also generate other formats if you were to incorporate this into a web interface. See the man page for qrencode for more options.
The rest of the line is the being encoded into the QR code, and is a URL of the type otpauth, with time based one-time passwords (totp). The user is “hipo@jericho“, though PAM will ignore the @jericho if you are not joined to a domain (I have not tested this with domains yet).

The parameters follow the ‘?‘, and are separated by ‘&‘.

otpauth uses a base32 hash of the secret password you created earlier. oathtool will generate the appropriate hash inside the block:

$( oathtool –verbose –totp 9b0e4e9fdf33cce9c76431dc8e7369fe | grep Base32 | cut -d ' ' -f 3 )

We put the secret from earlier, and search for “Base32”. This line will contain the Base32 hash that we need from the output:

Hex secret: 9b0e4e9fdf33cce9c76431dc8e7369fe
Base32 secret: E24ABZ2CTW3CH3YIN5HZ2RXP
Digits: 6
Window size: 0
Step size (seconds): 30
Start time: 1970-01-01 00:00:00 UTC (0)
Current time: 2022-03-03 00:09:08 UTC (1646266148)
Counter: 0x3455592 (54875538)

368784
From there we cut out the third field, “E24ABZ2CTW3CH3YIN5HZ2RXP“, and place it in the line.

Next, we set the number of digits for the codes to be 6 digits (valid values are 6, 7, and 8). 6 is sufficient for most people, and easier to remember.

The issuer is optional, but useful to differentiate where the code came from.

We set the time period (in seconds) for how long a code is valid to 30 seconds.

Note that: Google authenticator ignores this and uses 30 seconds whether you like it or not.

4. Configure PAM to Use libpam-oath

Edit the PAM configuration for SSH:

# vim /etc/pam.d/sshd

At the top of the file, add:

auth required pam_oath.so usersfile=/etc/users.oath window=30 digits=6

This tells PAM to check OTP codes against /etc/users.oath.

5. Configure SSH Daemon to Ask for OTP

Edit the SSH daemon configuration file:

# vim /etc/ssh/sshd_config

Ensure these lines are set:

UsePAM yes
challengeresponseauthentication yes
ChallengeResponseAuthentication yes
AuthenticationMethods publickey keyboard-interactive
##KbdInteractiveAuthentication no
KbdInteractiveAuthentication yes

N.B.! The KbdInteractiveAuthentication yes variable is necessery on OpenSSH servers with version > of version 8.2_ .

In short This setup means:
1. The user must first authenticate with their SSH key (or local / LDAP password),
2. Then enter a valid one-time code generated from TOTP App from their phone.

You can also use Match directives to enforce 2FA under certain conditions, but not under others.
For example, if you didn’t want to be bothered with it while you are logging in on your LAN,
but do from any other network, you could add something like:

Match Address 127.0.0.1,10.10.10.0/8,192.168.5.0/24
    Authenticationmethods publickey

6. Restart SSH and Test It

Apply your configuration:

# systemctl restart ssh

Now, open a new terminal window and try logging in (don’t close your existing one yet, in case you get locked out):

$ ssh hipo@your-server-ip

You should see something like:

Verification code:

Enter the 6-digit code displayed in your FreeOTP (or similar) app.
If it’s correct, you’re logged in! Hooray ! 🙂

7. Test Locally and Secure the Secrets

If you want to test OTPs manually with a base32 encrypted output of hex string:

# oathtool --totp -b \
9b0e4e9fdf33cce9c76431dc8e7369fe

As above might be a bit confusing for starters, i recommend to use below few lines instead:

$ secret_hex="9b0e4e9fdf33cce9c76431dc8e7369fe"
$ secret_base32=$(echo $secret_hex | xxd -r -p | base32)
$ oathtool –totp -b "$secret_base32"
156874

You’ll get the same 6-digit code your authenticator shows – useful for debugging.

If you rerun the oathtool again you will get a difffefrent TOTP code, e.g. :

$ oathtool –totp -b "$secret_base32"
258158

Use this code as a 2FA TOTP auth code together with local user password (2FA + pass pair), when prompted for a TOTP code, once you entered your user password first.

To not let anyone who has a local account on the system to be able to breach the 2FA additional password protection,
Ensure the secrets file is protected well, i.e.:

# chown root:root /etc/users.oath
# chmod 600 /etc/users.oath

How to Enable 2FA Only for Certain Users

If you want to force OTP only for admins, create a group ssh2fa:

# groupadd ssh2fa
# usermod -aG ssh2fa hipo

Then modify /etc/pam.d/sshd:

auth [success=1 default=ignore] pam_succeed_if.so \
user notingroup ssh2fa
auth required pam_oath.so usersfile=/etc/users.oath \
window=30 digits=6

Only users in ssh2fa will be asked for a one-time code.

Troubleshooting

Problem: SSH rejects OTP
Check /var/log/auth.log or /var/log/secure for more details.
Make sure your phone’s time is in sync (TOTP depends on accurate time).

Problem: Locked out after restart
Always keep one root session open until you confirm login works.

Problem: Everything seems configured fine but still the TOTP is not accepted by remote OpenSSHD.
– Check out the time on the Phone / Device where the TOTP code is generated is properly synched to an Internet Time Server
– Check the computer system clock is properly synchornized to the Internet Time server (via ntpd / chronyd etc.), below is sample:

hipo@jeremiah:~$ timedatectl status
Local time: Wed 2025-11-05 00:39:17 EET
Universal time: Tue 2025-11-04 22:39:17 UTC
RTC time: Tue 2025-11-04 22:39:17
Time zone: Europe/Sofia (EET, +0200)
System clock synchronized: yes
NTP service: n/a
RTC in local TZ: no

Why Choose libpam-oath?

100% Free Software (GPL)
Works completely offline / self-hosted
Compatible with any standard TOTP app (FreeOTP, Aegis, andOTP, etc.)
Doesn’t depend on Google APIs or cloud services
Lightweight (just one PAM module and a text file)

Conclusion

Two-Factor Authentication doesn’t have to rely on Google’s ecosystem.
With OATH Toolkit and libpam-oath, you get a simple, private, and completely open-source way to harden your SSH server against brute-force and stolen-key attacks.

Once configured, even if an attacker somehow steals your SSH key or password, they can’t log in without your phone’s one-time code – making your system dramatically safer.

Tags: Certain Users, configuration file, create, Edit, generate, hipo, Install, online, openssh, PAM, password, phone, Phone Device, sample, security, Start, string, terminal window, Test It, TOTP, User Secret File
Posted in Linux, Linux and FreeBSD Desktop, Security, System Administration | No Comments »

Fix Update KB5060999 Not Installing On Windows 11 Version 23H2/22H2 / Fix windows Update failed

Thursday, July 24th, 2025

fix-Update-KB5060999-Not_Installing_On_Windows_11_Version_23H2_22H2-howto-update-screenshot

Recently I've stumbled across a very annoying issue on my work Laptop. Suddenly windows stopped being upadted it took me really long time of hours of researching to find out how to resolve the error:

Fix Update KB5060999 Not Installing On Windows 11 Version 23H2/22H2 / Fix windows Update failed

After a lot of catch / tries I can manage to Find a fix Thanks God!

Here are the few steps I took to resolve it, first I've taken all the steps pointed at the Complete Guide Windows Problems it took really long time but even thouigh I did not manage to resolve the issue it give a lot of understanding on different ways of how windows components stick together and how to debug and solve errors if such ones occurs. Thus I warmly recommend it to anyone working as HelpDesk support admin within corporation or if you are a Windows specialist who makes a living from resolving weird unexpected Windows errors for some little money.

Once I went through a lot of underwater stones and nothing word finally I managed to solve it by following these concrete steps:

1. Check logs and find error message / problems in CBS.log

C:\> notepad c:\windows\Logs\CBS\CBS.log

The root of the issue I found there as a repeating error messages is:

"InternalOpenPackage failed for Package_for_KB3025096~31bf3856ad364e35~amd64~~6.4.1.0 [HRESULT = 0x800f0805 – CBS_E_INVALID_PACKAGE]"

2. Download from Windows catalog the Update

windows11.0-kb5049624-x64-ndp481_6990e824379adc100fd7895adb30e692697381d7.msu to C:\User\myuser\Downloads

3. Use Winrar or 7Zip to extract the msu in local Directory

E.g.open Administrator command line cmd.exe extract in lets say in \Users\Username\Downloads\
windows11.0-kb5049624-x64-ndp481_6990e824379adc100fd7895adb30e692697381d7

C:\Users/a768839/Downloads/windows11.0-kb5049624-x64-ndp481_6990e824379adc100fd7895adb30e692697381d7 > dir
WSUSSCAN.cab

4. Remove old package existing on the Windows 11 OS with the same name using DISM tool with /online /remove-package options

C:\Users\myuser\Downloads\windows11.0-kb5049624-x64-ndp481_6990e824379adc100fd7895adb30e692697381d7>DISM /online /remove-package /packagepath:C:\Users\a768839\Downloads\windows11.0-kb5049624-x64-ndp481_6990e824379adc100fd7895adb30e692697381d7\Windows11.0-KB5049624-x64-NDP481.cab Deployment Image Servicing and Management tool Version: 10.0.22621.2792 Image Version: 10.0.22631.5335 Processing 1 of 1 – Removing package Package_for_DotNetRollup_481~31bf3856ad364e35~amd64~~10.0.9294.1 [==========================100.0%================]
The operation completed successfully.

5. Use DISM /online /add-package to manually insatall windows11.0-kb5049624-x64-ndp481_6990e824379adc100fd7895adb30e692697381d7\Windows11.0-KB5049624-x64-NDP481.cab

Assuming you have already downloaded previously and exctracted the .msu file and you have the .cab file at hand run again as cmd.exe Admin

C:\Users\myuser\Downloads\windows11.0-kb5049624-x64-ndp481_6990e824379adc100fd7895adb30e692697381d7>DISM /online /add-package /packagepath:C:\Users\a768839\Downloads\windows11.0-kb5049624-x64-ndp481_6990e824379adc100fd7895adb30e692697381d7\Windows11.0-KB5049624-x64-NDP481.cab Deployment Image Servicing and Management tool Version: 10.0.22621.2792 Image Version: 10.0.22631.5335 Processing 1 of 1 – Adding package Package_for_DotNetRollup_481~31bf3856ad364e35~amd64~~10.0.9294.1 [==========================100.0%==========================] The operation completed successfully.

The idea to remove and install the failing package found in the CBS.log was initially found on
http://datadump.ru/windows-update-error-800f0831/

6. Force a Windows chkdsk (Check disk on next restart) to make sure no physical hard drive or some other inode Windows Filesystem errors are there

Within same Admin cmd.exe

C:\Users\myuser\> chkdsk /f C:\

Once command executes reboot the PC and wait for the chkdsk scan to complete and PC to Boot as usual

7. Stop / start wuauserv and do sfc /scannow to refresh some Windows update components

Run following set of commands within Admin cmd

C:\> net stop wuauserv
C:\> command prompt in admin mode
C:\> dism /online /cleanup-image /startcomponentcleanup
C:\> sfc /scannow
C:\> restart
C:\> sfc /scannow
C:\> net start wuauserv

8. Download Manually failing update from Windows catalog download site:

As of time of writting this article the URL to download is https://catalog.update.microsoft.com/Search.aspx?q=KB5049624%20%20

C:\Users\myuser\Downloads> dir *.msu
windows11.0-kb5060999-x64_99e39c1cf8a8976d9b3313efb38069876c417f70.msu

9. Run Manually again failing Update from command line

Run cmd as Administrator and exec the file:

C:\Users\myuser\Downloads\windows11.0-kb5060999-x64_99e39c1cf8a8976d9b3313efb38069876c417f70.msu

Wait for the install to complete The computer will need to restart

10. Resync the device to the Computer Domain (mandatory step) only if your PC is part of large organizational Domain

Open Microsoft Store / Company Portal and Sync the device (if necessery)

Settings -> Sync

11. Force the PC to sync itself with remote Global Domain policies (mandatory only if PC is part of Domain)

C:\Users\myuser> gpupdate /force
C:\Users\myuser> repadmin /showrepl

Wait for Synchronization and wait for some time for computer compliancy to get back to normal (Computer compliancy might not be an issue if this is a Personal Windows installation) but for computers part of Larger Windows Domains, where a Domain policy requires a compliancy to set of rules)

To come up with this guide and better understand what is going on to resolve it I have to thank my colleague Eduard for assisting me to read the CBS.log and analyze it and also the following forum thread reading explaining what causes the mysterious windows update Update KB5060999 Not Installing On Windows 11 Version 23H2/22H2 to fail.

Tags: amd64, aspx, cmd, command, command prompt, download, exec, forum thread, hard drive, issue, log, logs, long time, lot, make, Management, net, online, OS, Pc, refresh, resolve, run, sync, update, Users Username Downloads, wait, Windows
Posted in Everyday Life, Hacks, System Administration, Windows | No Comments »

Howto to Unlock Mtel locked Mobile Phone ZTE Blade 3 IMEI 866643012872768 to connect to Telenor and Vivacom mobile networks in Bulgaria

Friday, January 20th, 2017

How to unlock Unlock Mtel locked Mobile Phone ZTE Blade 3 IMEI 866643012872768

Thanks to this little forum after a very thoroughful research on the topic howto unlock my ZTE Blade 3
in Russian Google.ru / United Stated Google.US and UK Google.Co.Uk I've figured out a number of ways recommended

I've lost some time watching also few videos illustrating howto unlock the phone for other non MTEL mobile operators with

some third party cracker software which seemed like a good way to infect your PC with spyware for example
videos:
Direct Unlock ZTE BLADE 3 & ZTE RACER 3 – YouTube
Unlock ZTE Blade 3, Blade V & Blade Q Mini – YouTube

there are a number of ways and paid software that could do various non-conventional things like unlock the phone for example:
GB Key

gbstream-gbkey-fast-unlocker-zte-blackberry-huawei-apple-motorola-alcatel-lg-unlock

Here is description of GB Key

You can Call it UNLIMITED – Direct Unlocker, Code Calculator, Code Reader, is fast, easy to use, encrypted, more than 200 models supported and most of it is it's UNLIMITED use. Updates come on regular basis with addition to new models and features.

Supported Models

More than 500 supported models from mobile phones to modems and growing.

Currently supports around 260 MEPs & more than 9500 PRDs (and growing..) .

FREE & UNLIMITED: Huawei, Huawei Modem, BlackBerry, Alcatel MTK, Alcatel U7, Alcatel Modem, LG, Samsung Swift, Samsung 3G, ZTE Qcom-Android, ZTE MTK, and many many more..

There is also a number of services online that offer remote paid services to Unlock any smart phone remotely by paying with a card and providing the IMEI.
I guess this services either use Android Emulator with manually setting the respective IMEI of the phone and then uses some software (box) as they call it to generate the code using the respective algorithm. etc.

However as I didn't wanted to spend money on something on such non-sense I digged a little bit more and I found out that according to Bulgarian Legislation encoding a sold mobile phone by the mobile operator is already illegal and all mobile operators in Bulgaria (that used some kind of encoding software to prevent a bought phone from them to be used with another mobile operator should provide openly the mobile phone codes freely).

As MTEL had to fit the new wall they made a small online generator Database with Unlock codes for all prior sold mobiles encoded.

I've used the URL (using my website access previosuly freely registered on website in order to track and send free SMS-es in MTEL and check out my mobile phone money balance spent in inbound and inbound calls etc.)

https://www.mtel.bg/unlock-phone

and found out my mobile ZTE according to the imey:

5803701350365278 ZTE Blade III Поставете карта на друг оператор в телефона и директно ще Ви бъде изискан отключващият код.

Just switched on my ZTE Blade 3 phone and inserted the code and got a message it is wrong but immediately I phone able to connect to Telenor (the ex Globul Mobile operator ) Mobile network Voila! 🙂 Hope this helps small article helps someone else too. Enjoy !

Tags: How to, howto, Howto to Unlock Mtel locked Mobile Phone ZTE Blade 3 IMEI 866643012872768 to connect to Telenor and Vivacom mobile networks in Bulgaria, IMEI, mobile phone, money, number, online, software, third party, website
Posted in Computer Security, Curious Facts, Mobile Phone Apps & Games, Various | No Comments »

Drawing GANTT Charts and Project Management on Linux, (Microsoft Project substitute for Unix)

Tuesday, October 12th, 2010

I'm studying Project Management, right now. In that spirit of thoughts I and a couple of other guys are building a Project Plan.
As it Project Plan it's necessary to put a GANTT Chart in it to show visually the project timeline (the phases), the duration and the inter-relation between the different tasks which leads the project to an actual completion.

After a bit of thorough research online on available software to deal with project management and particularly, ones that are capable to build a GANTT charts on Linux / BSD.

I've come with the following list of software capable to be a substitute for the Microsoft Project software.
Redmine GANTT Chart

GANTT chart Redmine

1. Gantt Project
GANTTProject Chart

2. Gnome Planner
Planner GANTT Gnome Chart Planner GANTT Chone Chart

3. Task Juggler Project Manager with GANTT Capability for (KDE)
Task Juggler

4. JxProject – This software is not free, though it can be considered almost free
Take a look also at:
5. Trac , though it doesn't really support GANTT charts it's a lovely software to be used for PM.
Trac Project Management

Another option you have is to try out:
6. PHProjekt

Update 20.09.2016 – PHPProject Old download link is no longer active

It is this link http://www.phprojekt.com/, but the page doesn’t seem to be active any more. I thought you might want to update.

If you are looking for an alternative please check out http://wiht.link/PHProjekt-PM, it may make a suitable replacement.

Kind Regards,
Tom Wilcox

That piece of softwre really looks promising, especially if we consider that it's web based and how much essential is today to have an anline tools for doing the ordinary desktop jobs.

You can even check an online demo of the PHPProjekt software here

If you're a type of KDE user you definitely has to try out Kplato

As I've tested the software the software is easy to be used, however it still is missing some essential parts that Microsoft Project includes so it's not 100% substitute.
Also it's not able to open Microsoft Project (MPP) files, neither able to save the charts in the .mpp format.

Moving ahead I've came across DotProject DotProject Gantt Chart
DottProject Gantt Chart

I haven't took the time to test it myself but however, as I go through the software website the project looked quite good.
Lastly you can take a look at: 7. PStricks as a mean of project management, however I think it doesn't support GANTT chart building.
>

Tags: anline, available software, BSD, building, capability, Chart, check, completion, demo, Desktop, doesn, Drawing GANTT Charts and Project Management on Linux, duration, GANTT, gantt chart, gantt charts, Gnome, jobs, Juggler, Linux, linux microsoft, look, Microsoft, Microsoft Project, microsoft project software, mpp, mpp format, online, option, page doesn, PHProjekt, piece, project, project management, project mpp, Project Plan, project timeline, software, software website, Spirit, substitute, support, time, trac, type, unix
Posted in Business Management, Curious Facts, Everyday Life, Linux | 1 Comment »

Life going nowhere …

Sunday, September 23rd, 2007

Meaningless_life-picture

Seems, My life is going nowhere. Today I drinked half of a bottle of Wine and 1 beer. I was out with Alex. We drinked in the city park. Through the day I started my first bsd jail using a tutorial online. I smoked a lot of cigarettes and I want to stop them again. Most of the people I met are not a good company for me that's what I'm thinking more and more. Also I'm thinking more and more I have to change my living place. If only I could find the love of my life … We moved bookshelf and stuff from our room ( My mother again has decided to make repairs in our room. ). I'm asking myself why shall I live a meaningless life. At least my interest into computers and computing started to appear again (this is cool). My faith is really going away since I pray and pray for something .. and I don't receive it ( Or at least I don't see it). I'm tired of waiting. I need to have this physical healing to continue my normal life. I'm not proud of me I was a little aggressive when we was in the Mino's coffee before an hour or so … Now I intend to watch another episode of stargate SG1. And to go to the DreamLand. If only I could live into a Dreamland all the time. I'm starting to realize I should change the music I listen, I should change a lot of my behaviours If I want to have a new and happy life. Autumn is a beautiful Season 🙂 The autumn rain shall come and restore us :)END—–

Tags: alex, Autumn, autumn rain, Beer, behaviours, bookshelf, bottle of wine, change, cigarettes, city, coffee, computing, dreamland, end, episode, faith, good company, half, happy life, healing, interest, life, lot, love, love of my life, meaningless life, Mino, music, online, place, pray, rain, sg1, something, time, wine
Posted in Everyday Life | No Comments »

Install Google Chrome Web Browser Chrome on 32 and 64 bit Debian Lenny and Squeeze/Sid Linux

Sunday, July 25th, 2010

Linux Tux Google Chrome

Iâ€™ve decided to write a short post on how to install in a quick manner Google Chrome on Debian GNU/Linux.

There are few reasons why you would consider installing Chrome, however the most obvious one is is the browser speed.
I should admit the browsing experience with Chrome looks and feels far better compared to Iceweasel (e.g. Firefox) on Debian.
It could be that web loading speed performance with Epiphany or Opera is similar to Chrome in terms of velocity, apart from the faster browser experience with Google Chrome, Iâ€™ve seen reports online that sometimes Google Chrome behaves better when it comes to multimedia audio and video streams online.

Another thing I notice in Google Chrome is that itâ€™s generally much lighter and loads the base browser times faster than Iceweasel.

The most accurate way to install Chrome on Debian Linux is using Google Linux repositories

So to install add to your /etc/apt/sources.list the following google linux repo

# Google software repository deb http://dl.google.com/linux/deb/ stable non-free main

e.g.

debian-deskop:~# echo "deb http://dl.google.com/linux/deb/ stable non-free main" >> /etc/apt/sources.list

Then update your repositories list with apt-get:

debian-desktop:~# apt-get update

Next choose your google chrome preferred release between the available (beta, stable and unstrable) version.
Iâ€™ve chose to install the Google Chrome stable release apt-getting it like shown below

debian-desktop:~# apt-get install google-chrome-stable

Now the google chrome will be ready to use to start using it either start it up from the Gnome / KDE Menus or exec the command:

debian-desktop:~$ google-chrome

So far so good, you will have now a gnome browser, however what is really irritating is the default behaviour of the chrome install by default it tampers with the default browser configured for my whole Linux desktop system in other words it automatically links:

/etc/alternatives/gnome-www-browser to -> /usr/bin/google-chrome as well as,
/etc/alternatives/x-www-browser to -> /usr/bin/google-chrome

Well I wasnâ€™t happy with that unwarranted install behaviour of Google Chrome therefore I decided to reverse my default Gnome and System Browser back to Epiphany.

First I removed the links to /usr/bin/google-chrome

debian-desktop:~# rm -f /etc/alternatives/gnome-www-browser debian-desktop:~# rm -f /etc/alternatives/x-www-browser

And thereafter I linked it back to Epiphany

debian-desktop:~# ln -sf /usr/bin/epiphany /etc/alternatives/gnome-www-browser debian-desktop:~# ln -sf /usr/bin/epiphany /etc/alternatives/x-www-browser

Tags: browser, command, Debian Lenny, default behaviour, experience, Google Chrome, Google Linux, Install Google Chrome Web Browser Chrome on 32 and 64 bit Debian Lenny and Squeeze/Sid Linux, list, online, release, speed
Posted in Linux, Linux and FreeBSD Desktop, Various | 1 Comment »

Make picture transparent with the Gimp on Linux

Tuesday, November 16th, 2010

I’m trying to learn some basic design this days as an attempt to fill my huge missing gap of knowledge in graphic processing.
I’ve always been not too good with visual stuff and always been focused on the command line and console, however since
some time design started being quite interesting thing to me and I found it quite handy and challenging to learn some basic designing.

I’m not really a Windows guy and thus my Photoshop skills are next to zero.
Since The Gimp is the substitute for Photoshopfor Linux users and I had a task for one of the websites I’m developing to make some pictures for the website transparent, therefore I had to learn how to make pictures transparent with The Gimp
After some reading online and some experimenting with GIMP it appeared to me it’s very easy to actually make pictures transparent with the GIMP.
So I’ve come with a small article here on how to make image or a picture transparent with Gimp in simple steps in order to help people who are trying to achieve the same easy task:

1. Open Gimp and place your mouse cursor on the picture

Here, Press the 2nd or 3rd mouse button to show menu.

2. Select Layer -> Transperancy -> Alpha to Selection

In that menu selectSelect Layer -> Transprerancy -> Alpha to Selection

3. Use Fuzzy Select Tool and select the picture background

4. From Gimp Window pane main menu choose the Clear option

Edit -> Clear (Delete)

That’s all now your picture background should be removed if some parts of the picture still needs to be purged just follow the above step and remove them.
I should say I thought making picture transparent with GIMP would be a more complex task than it really was, quite nice one more step in my development as a designer 🙂

Tags: attempt, basic, good, knowledge, Make picture transparent with the Gimp on Linux, menu, online, processing, simple steps, stuff, task
Posted in Linux and FreeBSD Desktop, Various, Web and CMS | 1 Comment »

How to deb upgrade PHP 5.3.3-7 / MySQL Server 5.1 to PHP 5.4.37 MySQL 5.5 Server on Debian 6.0 / 7.0 Squeeze / Wheezy GNU / Linux

Thursday, February 12th, 2015

how-to-deb-upgrade-mysql-server-5.1-to-mysql-5.5-php-5.3-to-php-5.4-5.5-upgrade-howto-on-old-stable-debian-squeeze-wheezy

I've been still running Debian Squeeze 6.0 GNU / Linux on few of the Linux / Apache / MySQL servers, I'm administrating and those servers are running few Wordperss / Joomla websites which lately face severe MySQL performance issues. I tried to optimize using various mysql performance optimization scripts such as mysql-tuner.pl, Tuning-primer.sh and Percona Toolkit – a collection of advanced command-line tools for system administrators and tech / support staff to perform a variety of MySQL and system tasks that are too difficult or complex to perform manually. Though with above tools and some my.cnf tunizations I managed to achieve positive performance improvement results with above optimizations, still I didn't like how MyQSL served queries and since the SQL server is already about 5 years old (running version 5.1) and the PHP on sever is still at 5.3 branch, I was advised by my dear colleague Anatoliy to try version update as a mean to improve SQLserver performance. I took seriously the suggestion to try upgrade as a mean to resolve performance issues in this article I will explain in short what I had to do to make MySQL upgrade a success

Of course to try keep deb installed software versions as fresh as possible possible deb packagse, I'm already using Debian Back Ports (for those who hear it a first time Debian Backports is a special repository for Stable versioned Debian Desktop and Servers – supporting stable releases of Debian Linux) which allows you to keep install packages versions less outdated (than default installable software which usually are way behind latest stable package versions with 2-5 years).

If you happen to administer Stable Debian servers and you never used BackPorts I warmly recommend it as it often includes security patches of packages part of Debian stable releases that reached End Of Support (EOS) and already too old even for security updates to be issued by respective Debian Long Term Suport (LTS) repositories.

If you're like me and still in situation to manage remotely Debian 6.0 Squeeze and its the first time you hear about BackPorts and Debian LTShttps://wiki.debian.org/LTS/ to start using those two add to your /etc/apt/sources.list below 3 lines

Open with vim editor and press shift+G to go to last line of file and then press I to enter INSERT mode, once you're done to save, press (ESC) then press : and type x! – in short key combination for exit and save setting in vim is

Esc + :x!

debian-server:~# vim /etc/apt/sources.list
deb http://http.debian.net/debian squeeze-lts main contrib non-free
deb-src http://http.debian.net/debian squeeze-lts main contrib non-free
deb http://http.debian.net/debian-backports squeeze-backports main

If you haven't been added a security updates line in /etc/apt/sources.list make sure you add also:

deb http://security.debian.org/ squeeze/updates main contrib non-free
deb-src http://security.debian.org/ squeeze/updates main contrib non-free

Then to apply latest security updates and packages from LTS / Backports repository run the usual:

debian-server:~# apt-get update && apt-get –yes upgrade
….

If you need to search a package or install something from just added backports repository use:

debian-server:~# apt-cache -t squeeze-backports search "mysql-server"
auth2db – Powerful and eye-candy IDS logger, log viewer and alert generator
torrentflux – web based, feature-rich BitTorrent download manager
cacti – Frontend to rrdtool for monitoring systems and services
mysql-server-5.1 – MySQL database server binaries and system database setup
mysql-server-core-5.1 – MySQL database server binaries
mysql-server – MySQL database server (metapackage depending on the latest version)

To install specific packages only with all their dependencies from Backports while keeping rest of packages from Debian Stable:

debian-server:~# apt-get install -t squeeze-backports "package_name"
…

In same way you can also search or install specific packages from LTS repo:

debian-server:~# apt-get search -t squeeze-lts "package_name"
…
debian-server:~# apt-get install -t squeeze-lts "package_name"
…

Latest mysql available from Debian BackPorts and LTS is still quite old 5.1.73-1+deb6u1 therefore I made an extensive research online on how can I easily update MySQL 5.1 to MySQL 5.5 / 5.6 on Debian Stable Linux.

Luckily there were already DotDeb deb repositories for Debian LAMP (Linux / Apache / MySQL / PHP / Nginx ) running servers prepared in order to keep the essential Webserver services up2date even long after distro official support is over. I learned about existence of this repo thanks to a Ryan Tate's post who updates his LAMP stack on TurnKey Linux which by the way is based on slightly modified official stable Debian Linux releases packages.

To start using DotDeb repos add in /etc/apt/sources.list (depending whereh you're on Squeeze or Wheeze Debian):

deb http://packages.dotdeb.org squeeze all
deb-src http://packages.dotdeb.org squeeze all

or for Debian Wheezy add repos:

deb http://packages.dotdeb.org wheezy all
deb-src http://packages.dotdeb.org wheezy all

I was updating my DebianLatest MySQL / PHP / Apache release to Latest ones on (6.0.4) Squeeze so added above squeeze repos:

Before refreshing list of package repositories, to authenticate repos issue:

debian-server:~# wget -q http://www.dotdeb.org/dotdeb.gpg
debian-server:~# apt-key add dotdeb.gpg
…

Once again to update my packages from newly added DodDeb repository

debian-server:~# apt-get update
…

Before running the SQL upgrade to insure myself, I dumped all databases with:

debian-server:~# mysqldump -u root -p -A > /root/dump.sql

Finally I was brave enough to run apt-get dist-upgrade to update with latest LAMP packages

debian-server:~# apt-get dist-upgrade
Reading package lists… Done
Building dependency tree
Reading state information… Done
Calculating upgrade… Done
The following packages will be REMOVED:
mysql-client-5.1 mysql-server mysql-server-5.1
The following NEW packages will be installed:
libaio1 libmysqlclient18 mysql-client-5.5 mysql-client-core-5.5 python-chardet python-debian
The following packages will be upgraded:
curl krb5-multidev libapache2-mod-php5 libc-bin libc-dev-bin libc6 libc6-dev libc6-i386 libcurl3 libcurl3-gnutls libcurl4-openssl-dev libevent-1.4-2
libgssapi-krb5-2 libgssrpc4 libjasper1 libk5crypto3 libkadm5clnt-mit7 libkadm5srv-mit7 libkdb5-4 libkrb5-3 libkrb5-dev libkrb53 libkrb5support0 libmysqlclient-dev
libxml2 libxml2-dev locales mysql-client mysql-common ntp ntpdate php-pear php5 php5-cgi php5-cli php5-common php5-curl php5-dev php5-gd php5-imagick php5-mcrypt
php5-mysql php5-odbc php5-recode php5-sybase php5-xmlrpc php5-xsl python-reportbug reportbug unzip
50 upgraded, 6 newly installed, 3 to remove and 0 not upgraded.
Need to get 51.7 MB of archives.
After this operation, 1,926 kB of additional disk space will be used.
Do you want to continue [Y/n]? Y
…

As you see from above output above command updates Apache webservers / PHP and PHP related modules, however it doesn't update MySQL installed version, to update also MySQL server 5.1 to MySQL server 5.5

debian-server:~# apt-get install –yes mysql-server mysql-server-5.5

You will be prompted with the usual Debian ncurses text blue interface to set a root password to mysql server, just set it the same as it used to be on old upgraded MySQL 5.1 server.

Well now see whether mysql has properly restarted with ps auxwwf

debian-server:~# ps axuwwf|grep -i sql
root 22971 0.0 0.0 112360 884 pts/11 S+ 15:50 0:00 | \_ grep -i sql
root 19436 0.0 0.0 115464 1556 pts/1 S 12:53 0:00 /bin/sh /usr/bin/mysqld_safe
mysql 19837 4.0 2.3 728192 194552 pts/1 Sl 12:53 7:12 \_ /usr/sbin/mysqld –basedir=/usr –datadir=/var/lib/mysql –plugin-dir=/usr/lib/mysql/plugin –user=mysql –pid-file=/var/run/mysqld/mysqld.pid –socket=/var/run/mysqld/mysqld.sock –port=3306
root 19838 0.0 0.0 110112 700 pts/1 S 12:53 0:00 \_ logger -t mysqld -p daemon.error

In my case it was running, however if it fails to run try to debug what is going wrong on initialization by manually executing init script /etc/init.d/mysql stop; /etc/init.d/mysql start and look for errors. You can also manually try to run mysqld_safe from console if it is not running run:

debian-server:~# /usr/bin/mysqld_safe &
…

This should give you a good hint on why it is failing to run

One more thing left is to check whether php modules load correctly to do so issue:

debian-server:~# php -v
Failed loading /usr/lib/php5/20090626/xcache.so: /usr/lib/php5/20090626/xcache.so: cannot open shared object file: No such file or directory

Failed loading /usr/lib/php5/20090626/xdebug.so: /usr/lib/php5/20090626/xdebug.so: cannot open shared object file: No such file or directory

You will likely get an exception (error) like above.
To solve the error, reinstall xcache and xcache-debug debs

debian-server:~# apt-get purge php5-xcache php5-xdebug

Now PHP + MySQL + Apache environment should be running much smootly.

debian-squeeze-wheeze-update-install-mysql-sevver5.55-620x344-howto

Upgrading the MySQL server / PHP library to MySQL server 5.6 / PHP 5.5 on Wheeze Linux is done in very much analogous ways all you have to do is change the repositories with above wheeze 7.0 ones and to follow the process as described in this article. I haven't tested update on Wheezy yet, so if you happen to try my article with wheezy reports and got a positive upgrade result please drop a comment.

Tags: case, combination, directory, Done, exit, Failed, How to, initialization, lib, line, list, LTS, net, official, online, org, package, php5, reading package, REMOVED, running, security, servers, shared object, software, vim editor, wheeze
Posted in Everyday Life, Linux, Linux and FreeBSD Desktop, MySQL, Various, Web and CMS | No Comments »

Cannot Delete file on Desktop on Windows XP – The process cannot access the file because it is being used by another process.

Wednesday, August 13th, 2014

delete-locked-file-in-windows-xp-7-cannot-delete-file-on-desktop-windows-xp-file-used-by-another-process-solution-fix
I had to fix recently another Windows XP infected with plenty of malicious malware. I've used tips from http://malwaretips.com/blogs/ and launch all suggested tools to cleanup the PC. Some few thousands of infections were cleaned and the PC started working much better than earlier, however still there was one weird issue on the Windows XP desktop there was an .exe file hanging with 0 bytes size and whenever I tried to delete the file either from GUI or command line with (del command) it refused to delete with error:

The process cannot access the file because it is being used by another process.

Well the message clearly shows, the file can't be deleted because some program was using it however I couldn't see any program that has locked the .exe file. I've checked that in (Windows Task Manager) run from

Start -> Run:

taskmgr

I've done a quick search online to see, whether someone has fixed the issues, and saw many threads talking about the issue suggesting that the issue got solved Windows XP OS re-install, as this was not an option for me because the PC's reinstall would be at least a 2 day time work, plus it contains some programs which will probably be hard to freshly install, because they're no longed supported.

Finally I've seen in this thread suggestion to try to kill Windows Explorer after you have opened windows with windows cmd.exe because this will prevent the .exe file being locked by Windows Explorer and will allow it to be deleted with del command. This actually worked. I've launched

Start -> Run

taskmgr

windows-kill-explorer-process-to-delete-explorer-locked-file-on-windows-xp-desktop

and

cmd.exe

Found explorer.exe process and killed it, this makes the whole desktop (icons, start menu etc. disappear) – as Windows Explorer is main managing Windows app. Then using Alt+Tab to switch to Command Prompt window deleted it with:

del Process_that_cannot_be_killed.exe

And finally succesfully deleted it 🙂

Tags: Cannot Delete, Desktop, desktop icons, exe, file, issue, online, Pc, process, threads, windows explorer, Windows Task Manager
Posted in Everyday Life, System Administration, Various, Windows | No Comments »

Web and Middleware JBoss Training at Hewlett Packard – Intro to JBoss JAVA application server

Thursday, November 21st, 2013

I and my TEAM Web and Middleware Implementation Team @Hewlett Packard are assigned an online training to follow on topic of JBoss Application server.It is my first online training of this kind where a number of people are streamed a video from a trainer who explains in real time concepts of JBoss – A Community Drive open source middleware (Application Server), since some time JBoss is known under a new name (WildFly).

Wildfly new name of jboss application java servlet server

In short what is JBoss? – It is an application server similar to Apache Tomcat -an open source software implementation of the Java Servlet and JavaServer Pages technologies.

In case you wonder about what is Middleware it is a buzzword well established in Corporate world referring to all kind of servers in the middle between Servers on pure OS and hardware Level and end client. Middleware includes all kind of Web and Application servers like Apache, JBoss, Tomcat, Adobe's WebLogic Webserver, IBM WebSphere application server etc..

What this means is JBOSS is very similar to Tomcat but it is designed to run interpret through (Java Virtual Machine), higher scale of Java Applications and then return content to a a web browser. In other words if you need to have a Webserver with support for Java VM. JBoss is one of the open source technologies available which can be a substitute for Tomcat. In Fact Jboss itself started as a fork of Tomcat and n owadays, Jboss has an implementation of Tomcat embedded into itself. Jboss is mainly developed and supported by Redhat. It has 3 major releases used in IT Companies. Jboss 5, JBoss 6 and JBoss 7. In most production server systems running some kind of Java servlets currently still Jboss ver. 5 and Jboss v. 6 is used. Just like Tomcat, the server is messy in its structure. But if we have to compare Tomcat with Jboss then JBoss is at least 100 times more messy and hard to configure tune than Tomcat. Actually after getting to know JBoss 6 I would not advice anyone to use this Application server. Its too complex and all configuration and performance tuning is done through hundred of XML so it is like a hell for the usual System Administrator who likes clearness and simplicity. JBoss has a Web configuration interface which in version 7 is a bit advanced and easier to configure and get to know the server compared to previous versions. But same web interface for older releases is lousy and not nice. Just like Tomcat, JBoss supports clustering, here is full list of all features it supports:

Full clustering support for both traditional J2EE applications and EJB 3.0 POJO applications
Automatic discovery. Nodes in cluster find each other with no additional configuration.
Cluster-wide replicated JNDI context
Failover and load-balancing for JNDI, RMI and all EJB types
Stateful Session Bean state replication
HTTP Session replication
High Availability JMS
Farming. Distributed deployment of JBoss components. Deploying on one node deploys on all nodes.

Looks like JBoss is among the few Application Servers supporting deployment of Java JSP, WAR Archive files, SAR Archives, JMS (Java Message Service), JNDI (Java Naming and Directory Interface). Jboss supports load balancing between clustered nodes, supports SOAP, Java servlet faces and Java MQ (Messaging Queue). JBoss can be installed on GNU / Linux, FreeBSD and Windows. So far from what I've learned for JBOSS I prefer not to use it and don't recommend this Application server to anyone. Its too complex and doesn't worth the effort to learn. Proprietary products like WebLogic and Webspehere are in light years better.

Tags: client, end, hewlett packard, Java, Java Servlet, JNDI, kind, middle, need, online, open source, open source software, OS, run, scale, server, servers, software, version
Posted in Everyday Life, Various | 1 Comment »

☩ Walking in Light with Christ – Faith, Computing, Diary