Posts Tagged ‘quot’

How to get rid of Debian and Ubuntu GNU / Linux obsolete configuration files and system directories

Wednesday, October 19th, 2011

debian_ubuntu-linux-get-rid-of-obsolete-files
I've been using Debian GNU / Linux on my Thinkpad laptop for almost 3 years and half. Initially the Debian version which I had installed was a stable Debian Lenny. As I was mostly dissatisfied of the old versions of the programs, I migrated to testing / unstable
Testing / unstables shipped program versions were a bit better but still back in the day I wanted to get advantage of the latest program versions so for a while I switched to unstable .
Later I regretted for this bad idea, after the migration to Unstable, it was too buggy to run on a notebook one uses for everyday work.
Then to revert back to a bit stable I downgraded to testing unstable again.
When Debian launched Debian Squeeze I set in my /etc/apt/sources.list file software repositories to be the one for the stable Debian Squeeze.

As you can see, I've done quite a lot of "experiments" and "excersises". Many packages were installed, then removed, some became obsolete with time others I just temporary installed out of curiosity. Anyways as a result I ended up with many packages uninstalled / removed , which still kept some of their directory structres and configurations on the machine.

Today, I decided to check how many of these obsolete packages are still present in dpkg database and I was shocked to find out 412 debs were still in my package database! To check the number I used cmd:

root@noah:~# dpkg -l | grep -i '^rcs.*$'|wc -l

Considering the tremendous number of packs waiting to be purged, I decided to get rid of this old and already unnecessery files for the sake of clarity, besides that removing the old already uninstalled packages removes old configuration files, readmes, directories and frees some little space and therefore frees some inodes 😉

Before proceeding to remove them, I carefully reviewed and all the package names which I was about to completely purge in order to make sure there is no package with a configuration files I might need in future:

root@noah:~# dpkg -l |grep -i '^rcs.*$'
...
After reviewing all the deb packages possessing the rc – (remove candidate) flag, I used the following bash one liners to remove the obsolete deb packages:

root@noah:~# for i in $(dpkg -l |grep -i '^rcs.*$'|awk '{ print $2 }'); do echo dpkg --purge $i done...
root@noah:~# for i in $(dpkg -l |grep -i '^rcs.*$'|awk '{ print $2 }'); do dpkg --purge $i done

First line will just print out what will be purged with dpkg , so after I checked it out I used the second one to purge all the RC packs.

How to search text strings only in hidden files dot (.) files within a directory on Linux and FreeBSD

Saturday, April 28th, 2012

how-to-search-hidden-files-linux-freebsd-logo_grep
If there is necessity to look for a string in all hidden files with all sub-level subdirectories (be aware this will be time consuming and CPU stressing) use:
 

hipo@noah:~$ grep -rli 'PATH' .*

./.gftp/gftprc
./.gftp/cache/cache.OOqZVP
….

Sometimes its necessery to only grep for variables within the first-level directories (lets say you would like to grep a 'PATH' variable set, string within the $HOME directory, the command is:

hipo@noah:~$ grep PATH .[!.]*

.profile:PATH=/bin:/usr/bin/:${PATH}
.profile:export PATH
.profile:# set PATH so it includes user's private bin if it exists
.profile: PATH="$HOME/bin:$PATH"
.profile.language-env-bak:# set PATH so it includes user's private bin if it exists
.profile.language-env-bak: PATH="$HOME/bin:$PATH"
.viminfo:?/PATH.xcyrillic: XNLSPATH=/usr/X11R6/lib/X11/nls
.xcyrillic: export XNLSPATH

The regular expression .[!.]*, means exclude any file or directory name starting with '..', e.g. match only .* files

Note that to use the grep PATH .[!.]* on FreeBSD you will have to use this regular expression in bash shell, the default BSD csh or tsch shells will not recognize the regular expression, e.g.:

grep PATH '.[!.]*'
grep: .[!.]*: No such file or directory

Hence on BSD, if you need to look up for a string within the home directory, hidden files: .profile .bashrc .bash_profile .cshrc run it under bash shell:

freebsd# /usr/local/bin/bash
[root@freebsd:/home/hipo]# grep PATH .[!.]*

.bash_profile:# set PATH so it includes user's private bin if it exists
.bash_profile:# PATH=~/bin:"${PATH}"
.bash_profile:# do the same with …

Another easier to remember, alternative grep cmd is:

hipo@noah:~$ grep PATH .*
.profile:PATH=/bin:/usr/bin/:${PATH}
.profile:export PATH
.profile:# set PATH so it includes user's private bin if it exists
.profile: PATH="$HOME/bin:$PATH"
….

Note that grep 'string' .* is a bit different in meaning, as it will not prevent grep to match filenames with names ..filename1, ..filename2 etc.
Though grep 'string' .* will work note that it will sometimes output some unwanted matches if filenames with double dot in the beginning of file name are there …
That's all folks 🙂

Resolving “nf_conntrack: table full, dropping packet.” flood message in dmesg Linux kernel log

Wednesday, March 28th, 2012

nf_conntrack_table_full_dropping_packet
On many busy servers, you might encounter in /var/log/syslog or dmesg kernel log messages like

nf_conntrack: table full, dropping packet

to appear repeatingly:

[1737157.057528] nf_conntrack: table full, dropping packet.
[1737157.160357] nf_conntrack: table full, dropping packet.
[1737157.260534] nf_conntrack: table full, dropping packet.
[1737157.361837] nf_conntrack: table full, dropping packet.
[1737157.462305] nf_conntrack: table full, dropping packet.
[1737157.564270] nf_conntrack: table full, dropping packet.
[1737157.666836] nf_conntrack: table full, dropping packet.
[1737157.767348] nf_conntrack: table full, dropping packet.
[1737157.868338] nf_conntrack: table full, dropping packet.
[1737157.969828] nf_conntrack: table full, dropping packet.
[1737157.969928] nf_conntrack: table full, dropping packet
[1737157.989828] nf_conntrack: table full, dropping packet
[1737162.214084] __ratelimit: 83 callbacks suppressed

There are two type of servers, I've encountered this message on:

1. Xen OpenVZ / VPS (Virtual Private Servers)
2. ISPs – Internet Providers with heavy traffic NAT network routers
 

I. What is the meaning of nf_conntrack: table full dropping packet error message

In short, this message is received because the nf_conntrack kernel maximum number assigned value gets reached.
The common reason for that is a heavy traffic passing by the server or very often a DoS or DDoS (Distributed Denial of Service) attack. Sometimes encountering the err is a result of a bad server planning (incorrect data about expected traffic load by a company/companeis) or simply a sys admin error…

– Checking the current maximum nf_conntrack value assigned on host:

linux:~# cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max
65536

– Alternative way to check the current kernel values for nf_conntrack is through:

linux:~# /sbin/sysctl -a|grep -i nf_conntrack_max
error: permission denied on key 'net.ipv4.route.flush'
net.netfilter.nf_conntrack_max = 65536
error: permission denied on key 'net.ipv6.route.flush'
net.nf_conntrack_max = 65536

– Check the current sysctl nf_conntrack active connections

To check present connection tracking opened on a system:

:

linux:~# /sbin/sysctl net.netfilter.nf_conntrack_count
net.netfilter.nf_conntrack_count = 12742

The shown connections are assigned dynamicly on each new succesful TCP / IP NAT-ted connection. Btw, on a systems that work normally without the dmesg log being flooded with the message, the output of lsmod is:

linux:~# /sbin/lsmod | egrep 'ip_tables|conntrack'
ip_tables 9899 1 iptable_filter
x_tables 14175 1 ip_tables

On servers which are encountering nf_conntrack: table full, dropping packet error, you can see, when issuing lsmod, extra modules related to nf_conntrack are shown as loaded:

linux:~# /sbin/lsmod | egrep 'ip_tables|conntrack'
nf_conntrack_ipv4 10346 3 iptable_nat,nf_nat
nf_conntrack 60975 4 ipt_MASQUERADE,iptable_nat,nf_nat,nf_conntrack_ipv4
nf_defrag_ipv4 1073 1 nf_conntrack_ipv4
ip_tables 9899 2 iptable_nat,iptable_filter
x_tables 14175 3 ipt_MASQUERADE,iptable_nat,ip_tables

 

II. Remove completely nf_conntrack support if it is not really necessery

It is a good practice to limit or try to omit completely use of any iptables NAT rules to prevent yourself from ending with flooding your kernel log with the messages and respectively stop your system from dropping connections.

Another option is to completely remove any modules related to nf_conntrack, iptables_nat and nf_nat.
To remove nf_conntrack support from the Linux kernel, if for instance the system is not used for Network Address Translation use:

/sbin/rmmod iptable_nat
/sbin/rmmod ipt_MASQUERADE
/sbin/rmmod rmmod nf_nat
/sbin/rmmod rmmod nf_conntrack_ipv4
/sbin/rmmod nf_conntrack
/sbin/rmmod nf_defrag_ipv4

Once the modules are removed, be sure to not use iptables -t nat .. rules. Even attempt to list, if there are any NAT related rules with iptables -t nat -L -n will force the kernel to load the nf_conntrack modules again.

Btw nf_conntrack: table full, dropping packet. message is observable across all GNU / Linux distributions, so this is not some kind of local distribution bug or Linux kernel (distro) customization.
 

III. Fixing the nf_conntrack … dropping packets error

– One temporary, fix if you need to keep your iptables NAT rules is:

linux:~# sysctl -w net.netfilter.nf_conntrack_max=131072

I say temporary, because raising the nf_conntrack_max doesn't guarantee, things will get smoothly from now on.
However on many not so heavily traffic loaded servers just raising the net.netfilter.nf_conntrack_max=131072 to a high enough value will be enough to resolve the hassle.

– Increasing the size of nf_conntrack hash-table

The Hash table hashsize value, which stores lists of conntrack-entries should be increased propertionally, whenever net.netfilter.nf_conntrack_max is raised.

linux:~# echo 32768 > /sys/module/nf_conntrack/parameters/hashsize
The rule to calculate the right value to set is:
hashsize = nf_conntrack_max / 4

– To permanently store the made changes ;a) put into /etc/sysctl.conf:

linux:~# echo 'net.netfilter.nf_conntrack_count = 131072' >> /etc/sysctl.conf
linux:~# /sbin/sysct -p

b) put in /etc/rc.local (before the exit 0 line):

echo 32768 > /sys/module/nf_conntrack/parameters/hashsize

Note: Be careful with this variable, according to my experience raising it to too high value (especially on XEN patched kernels) could freeze the system.
Also raising the value to a too high number can freeze a regular Linux server running on old hardware.

– For the diagnosis of nf_conntrack stuff there is ;

/proc/sys/net/netfilter kernel memory stored directory. There you can find some values dynamically stored which gives info concerning nf_conntrack operations in "real time":

linux:~# cd /proc/sys/net/netfilter
linux:/proc/sys/net/netfilter# ls -al nf_log/

total 0
dr-xr-xr-x 0 root root 0 Mar 23 23:02 ./
dr-xr-xr-x 0 root root 0 Mar 23 23:02 ../
-rw-r--r-- 1 root root 0 Mar 23 23:02 0
-rw-r--r-- 1 root root 0 Mar 23 23:02 1
-rw-r--r-- 1 root root 0 Mar 23 23:02 10
-rw-r--r-- 1 root root 0 Mar 23 23:02 11
-rw-r--r-- 1 root root 0 Mar 23 23:02 12
-rw-r--r-- 1 root root 0 Mar 23 23:02 2
-rw-r--r-- 1 root root 0 Mar 23 23:02 3
-rw-r--r-- 1 root root 0 Mar 23 23:02 4
-rw-r--r-- 1 root root 0 Mar 23 23:02 5
-rw-r--r-- 1 root root 0 Mar 23 23:02 6
-rw-r--r-- 1 root root 0 Mar 23 23:02 7
-rw-r--r-- 1 root root 0 Mar 23 23:02 8
-rw-r--r-- 1 root root 0 Mar 23 23:02 9

 

IV. Decreasing other nf_conntrack NAT time-out values to prevent server against DoS attacks

Generally, the default value for nf_conntrack_* time-outs are (unnecessery) large.
Therefore, for large flows of traffic even if you increase nf_conntrack_max, still shorty you can get a nf_conntrack overflow table resulting in dropping server connections. To make this not happen, check and decrease the other nf_conntrack timeout connection tracking values:

linux:~# sysctl -a | grep conntrack | grep timeout
net.netfilter.nf_conntrack_generic_timeout = 600
net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 120
net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 60
net.netfilter.nf_conntrack_tcp_timeout_established = 432000
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_last_ack = 30
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close = 10
net.netfilter.nf_conntrack_tcp_timeout_max_retrans = 300
net.netfilter.nf_conntrack_tcp_timeout_unacknowledged = 300
net.netfilter.nf_conntrack_udp_timeout = 30
net.netfilter.nf_conntrack_udp_timeout_stream = 180
net.netfilter.nf_conntrack_icmp_timeout = 30
net.netfilter.nf_conntrack_events_retry_timeout = 15
net.ipv4.netfilter.ip_conntrack_generic_timeout = 600
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent2 = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv = 60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 432000
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_last_ack = 30
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close = 10
net.ipv4.netfilter.ip_conntrack_tcp_timeout_max_retrans = 300
net.ipv4.netfilter.ip_conntrack_udp_timeout = 30
net.ipv4.netfilter.ip_conntrack_udp_timeout_stream = 180
net.ipv4.netfilter.ip_conntrack_icmp_timeout = 30

All the timeouts are in seconds. net.netfilter.nf_conntrack_generic_timeout as you see is quite high – 600 secs = (10 minutes).
This kind of value means any NAT-ted connection not responding can stay hanging for 10 minutes!

The value net.netfilter.nf_conntrack_tcp_timeout_established = 432000 is quite high too (5 days!)
If this values, are not lowered the server will be an easy target for anyone who would like to flood it with excessive connections, once this happens the server will quick reach even the raised up value for net.nf_conntrack_max and the initial connection dropping will re-occur again …

With all said, to prevent the server from malicious users, situated behind the NAT plaguing you with Denial of Service attacks:

Lower net.ipv4.netfilter.ip_conntrack_generic_timeout to 60 – 120 seconds and net.ipv4.netfilter.ip_conntrack_tcp_timeout_established to stmh. like 54000

linux:~# sysctl -w net.ipv4.netfilter.ip_conntrack_generic_timeout = 120
linux:~# sysctl -w net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 54000

This timeout should work fine on the router without creating interruptions for regular NAT users. After changing the values and monitoring for at least few days make the changes permanent by adding them to /etc/sysctl.conf

linux:~# echo 'net.ipv4.netfilter.ip_conntrack_generic_timeout = 120' >> /etc/sysctl.conf
linux:~# echo 'net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 54000' >> /etc/sysctl.conf

Some of the most important Symbols for Orthodox Christians in The Eastern Orthodox Church – Symbols in the Eastern Orthodox Christian Faith (Eastern Orthodox Symbolism) and Christian Symbolism in the Roman Catholic Church (Symbolism in Western Catholicism)

Tuesday, April 13th, 2010

Some-of-the-most-important-symbols-for-orthodox-christiains-in-the-eastern-orthodox-church-symbols-in-eastern-orthodox-faith.

Yesterday, while browsing randomly I came across an interesting Roman Catholic webpage.
The website is created by Catholics with the idea to better explain the Catholic religion and Symbolism.
Though as an Orthodox Christian, my interest towards Roman Catholicism is only scientific, it's really interesting to see the common symbolism surrounding Roman Catholicism and compare with the Orthodox Christian symbolism. Many of the Roman Catholic Symbols are equal symbol with the one we nowadays used in the orthodox church.
I presume this common symbolism between Orthodox and Roman Catholic church,has stayed the same from the time before Roman Catholics split from the Only Holy Apostolic Church  to become the Church of the West Roman Empire, that's how the naming Roman Catholic came forward.

To find out more about Roman Catholic symbolism please see the following links I've mirrored the information from Fisheater's website which is btw is a great website targeting Roman Catholic layman. Everything on the website is explained in a simple everyday language without too much terminology which makes it a great resource for Roman Catholic Christians and people like me who who like to take a look in Roman Catholicism.

It's really a strange and intriguing fact let's call it a "co-incidence" that the inverted cross (upside-down) cross,also called "Peter's cross" on which saint Peter was crucified is also a symbol of Papacy .
It's a popular fact that nowadays Satanist use a similar inverted cross to the one said to be symbol of papacy for their "Black Masses" (Satanic Masses). Maybe some Roman Catholic priest or Cardinal has to explain, how comes that the Roman Catholics ended with such a significant symbol used nowdays in anti-christian satanic religion to be also a symbol of their beloved Pope??

I will skip forward to the heart of this article, which is to explain the Christian Symbolism which is important for us the Eastern Orthodox Christians. Many of the symbols might have in common, also with other Christian early Churches like the Coptic Oriental Orthodox Church, the Armenian Apostolic Orthodox Churches and other Chruches which somehow are closer to the One Holy and Apostolic Church – the Orthodox Church but officially are not in communion with us the Orthodox Christians.

Here I'll share only the most notable Christian Symbolism which is also used in the Eastern Orthodox Church.

Many of this symbolism was always bothering me while in Churches or Monasteries and was always pushing me to more and more questions without answers, thus I finally did some research on this symbols in get a better understanding on my Orthodox Christian faith.

Since I don't have a Theologian education and many of us the ordinary layman's in the church doesn't have such education I hope this orthodox Christian symbolism shared here and it's meanings will be of interest and will help you fortify your good faith in God and our Orthodox Christian faith.

Lamb of God Christian Symbol
Lamb

Lamb: symbol of Christ as the Paschal Lamb and also a symbol for Christians (as Christ is our Shepherd and Peter was told to feed His sheep).

This symbol is also presented in Bulgaria on the little yellow book they sell in our Bulgarian Orthodox Churches.
This tiny book contains the Divine Liturgy compiled by God's inspiration by st. John Chrysostom
If you're coming from an Catholic Background and you hold interest for Orthodox Christianity, as historically East Orthodox Christianity Symbol of Faith as well as basic doctrines were kept untouched, you might consider reading online here The Divine Liturgy by St. John Chrysostom
It's really important to say that the Divine Liturgy by St. John Chrysostom is the "backbone" of the church life, since it's the main and most served Liturgy in the eastern Orthodox Churches around the world.

Dove and Russian Patriarch
Dove: symbol of the The Holy Spirit and used especially in representations of our Lord's Baptism and the Pentecost. It is also used to recall Noe's dove, a harbinger of hope.

Chirchoao, Chi-Rho Sigla
"Chi-Rho" or "sigla": the letters "X" and "P," representing the first letters of the title "Christos," were eventually put together to form this symbol for Christ ("Chi" is pronounced "Kie"). It is this form of the Cross that the Emperor of Byzantia Constantine saw in his vision along with the Greek words, TOUTO NIKA, and which mean "in this sign thou shalt conquer.

Orthodox Tau Cross
"thau" or "tau": the T-shaped cross is mentioned in the Old Testament and is seen as a foreshadowing of the Cross of Christ.
Ezechiel 9:4:
"And the Lord said to him: Go through the midst of the city, through the midst of Jerusalem: and mark Thau upon the foreheads of the men that sigh, and
mourn for all the abominations that are committed in the midst thereof."
I've noticed that the tau_cross is often worn by Orthodox Monks as "a badge" on their clothes somewhere in the right of their chest

Greek Orthodox Cross
The Greek Orthodox Cross This symbol is one of the earliest Christian symbols which emerged right after Christ's resurrection.
The Greek Cross has all fours members the same shape and form (crux quadrata) and usually suggests the Christian church rather than a symbol of Christ's suffering.

Jerusalem Cross
Jerusalem Cross: also called the "Crusaders' Cross," it is made up of 5 Greek Crosses which are said to symbolize a) the 5 Wounds of Christ; and/or b) the 4 Gospels and the 4 corners of the earth (the 4 smaller crosses) and Christ Himself (the large Cross). This Cross was a common symbol used during the wars against Islamic aggression. (see less stylized version at right)

Baptismal Cross
Baptismal Cross: consisting of the Greek Cross with the Greek letter "X", the first initial of the title "Christ," this Cross is a symbol of regeneration, hence, its association with Baptism. Usually the Orthodox priest dress is decorated with a sign like this.

Red Orthodox Egg
The Scarlet red Egg:
Church tradition has it that St. Mary Magdalen went to Rome and met with the Emperor Tiberius to tell him about the Resurrection of Jesus. She held out an egg to him as a symbol of this, and he scoffed, saying that a man could no more rise from the dead than that egg that she held could turn scarlet. The egg turned deep red in her hands, and this is the origin of Easter eggs, and the reason why Mary Magdalen is often portrayed holding a scarlet egg.

Ichthus an early Christian Symbol
Ichtus (Ichthys) – The Fish:
Fish: the fish — ever-watchful with its unblinking eyes — was one of the most important symbols of Christ to the early Christians. In Greek, the phrase, "Jesus Christ, Son of God Savior," is "Iesous Christos Theou Yios Soter." The first letters of each of these Greek words, when put together, spell "ichthys," the Greek word for "fish" (ICQUS ). This symbol can be seen in the Sacraments Chapel of the Catacombs of St. Callistus. Because of the story of the miracle of the loaves and fishes, the fish symbolized, too, the Eucharist (see stylized fish symbol at right). Important note to make, here is that nowdays this sign's variations is not too often to be seen in Orthodox Churches. It's highly adopted by protestant Christians, seeing this sign on somebody's car or inside his home is a sure sign that probably he adhere's to Christian teachings different from orthodoxy.

Alpha Omega orthodox symbol
The Alpha-Omega symbol
Alpha, the first letter of the Greek alphabet, and Omega, the last letter of the Greek alphabet, became a symbol for Christ due to His being called "the First and the Last." The roots of symbolizing these attributes of God go back further, all the way to the Old Testament where, in Exodus 34:6, God is said to be "full of Goodness and Truth." The Hebrew spelling of the word "Truth" consists of the 3 letters "Aleph," "Mem," and "Thaw" — and because "Aleph" and "Thaw" are the first and last letters of the Hebrew alphabet, the ancients saw mystical relevance in God's being referred to as "Truth." At any rate, the Greek Alpha and Omega as a symbol for Christ has been found in the Catacombs, Christian signet rings, post-Constantine coins, and the frescoes and mosaics of ancient churches.

IC XC Nika Orthodox Symbol
The "IC XC Nika":
comes from Ancient Greek and was a widespread ancient Christian Symbol which is nowadays still present in the Eastern Orthodox Churches. IC XC Nika literally translated to english means "IC XC = Jesus Christ, NIKA = Glory to". In other words translated to modern english IC XC NIKA means Glory be to Jesus Christ!

Many Protestant Christians, nowdays falsely believe and claims this fish Christian symbol preceded the Crucifix as a symbol of veneration of Jesus and his Cross sufferings in the Church. This kind of belief is a falsely spread along many Protestant or "Evangelical" Christian denominations and Methodists. to be seen in many ancient Christian Church buildings is a Christian symbol. Today, some ancient Orthodox Churches still contain the "Christian fish" symbol. The reason why this symbol was used by early Christians is as a remembrance of the great miracle of Jesus to feed 5000 with 2 fishes and seven breads.

Holy Eucharist Cup, Bread and Wine

The Holy Eucharist vessels used by Orthodox Priests This is the cup of salvation as also called during the Divine Liturgy each time, the Wine and the Blood that the priest prepares in that Holy Cup is transformed by The Holy Spirit into a veracious flesh and blood of our Lord Jesus Christ.

Orthodox Byzantine Coat of Arms
The byzantine coat of arms
is an ancient Christian symbol used in the early Byzantine Church, nowadays it can be observed only in the Orthodox Churches.
It symbolizes the power of the Byzantian empire under the guidance of the the Holy Lord and the Gospel Truths.

Orthodox Bishop Crown
The Orthodox Bishop Crown is only worn by Bishops in the Orthodox Church. This crown indicates the Bishop's Church and spiritual (rank) and dignity.

Byzantine Orthodox Cross
Byzantine Orthodox or Russian Orthodox Cross
Is used most often by Eastern Catholics and Russian Orthodox, this Cross is the Byzantine Cross with the footrest at a diagonal. This slant is said to represent one of a few things:
– the footrest wrenched loose from the Christ's writhing in intense physical suffering; lower side representing "down," the fate of sinners, while the elevated side represents Heaven;
– the lower side represents the bad thief (known to us as Gestas through the apocryphal "Acts of Pilate" ("Gospel of Nicodemus") while the elevated side to Christ's right represents the thief who would be with Him in Paradise (St. Dismas);
– the "X" shape of the slanted "footrest" against the post symbolizes the cross on which St. Andrew was crucified.

Megaloschema a dress of a schimonk
The Megaloschema is a dress worn by schimonks. This monk rank is actually the highest possible rank an orthodox Christian monk can achieve. The symbolism on the dress is a brief form of:

  • IC XC (IECOYC XPICTOC) "Jesus Christ"
  • IC XC NIKA ("IECOYC XPICTOC NIKA") meaning: "Jesus Christ is Victorious"

The letters below IC XC Nika has a meaning – The Light of Christ shines on all.

  • XX. X.X letters. – means "Christ bestows grace on Christians"
  • The 4 Thitha (called) signs are a symbol for: Vision of God Divine wonder

Then the

  • T. K. P. G – Means "The Place of the Skull becomes Paradise"
  • The text placed in the lowest translated to English is "AdamThe First Man" and also is a symbol for the Place of the Skull (Golgotha).
  • In the Orthodox Church and the Church fathers teaches us that Golgotha or the Place of the Skull is the Place where the first man (Adam) was buried, and by God's divine providence coincides with the place where our Saviour Jesus Christ was crucified.

Orthodox Bishop Dress
Orthodox Priest dress / robe
This dress is only worn by Orthodox Christian Bishops.

Bulgarian Orthodox cross with 4 lights
The Cross with four lights emitating near the center of the cross This cross is actually used in more modern times as a Christian Orthodox symbol, The four lights coming out of the cross are added,
as the gospels speak that Christ is the Sun of righteousness
I've had quite a long time trying to figure out why exactly this cross is made with this 4 lights. It was a real joy when one time a priesttold me the meaning.
It's interesting fact that most of the Roman Catholic's crosses nowdays have the four lights radiating from Christ's Crucifix or the Cross symbolizing the Crucifix.

This is all I will say for symbolism for now. I hope this Christian symbolism will shed some light on the matters of Symbolism in both the Orthodox and the Catholoic eastern Church. I'll be glad if somebody out there more literate on the subject comment on my post and correct me if I'm wrong with smething.

How to permanently enable Cookies in Lynx text browser – Disable accept cookies prompt in lynx console browser

Wednesday, April 18th, 2012

lynx-text-browser-logo
The default behaviour of lynx console text browser on Linuces, BSD and other free OSes is to always ask, for the accept cookies prompt once an internet web page is opened that requires browser cookies to be enabled.

I should admin, having this "secure by default" (always ask for new cookies) behaviour in lynx was a good practice from a security point of view.

Another reason, why this cookies prompt is enabled by default is back in the days, when lynx was actively developed by programmers the websites with cookies support was not that many and even cookies was mostly required for user/pass authentication (all those who still remember this days the websites that requires authentication was a way less than today) …
With this said the current continuing security cautious behaviour in the browser, left from its old days is understandable.

Screenshot Google Accept cookies Lynx dialog FreeBSD

However I personally sometimes, need to use lynx more frequently and this behaviour of always opening a new website in text mode in console to prompts me for a cookie suddenly becomes a big waste of time if you use lynx to browser more than few sites. Hence I decided to change the default way lynx handles cookies and make them enabled by default instead.
Actually even in the past, when I was mainly using internet in console on every new server or home Linux install, I was again making the cookies to be permanently accepted.
Everyone who used lynx a few times already knows its "annoying" to all time accept cookie prompts … This provoked me to write this short article to explain how enabling of constant cookie accepting in lynx is done

To enable the persistent cookies in lynx, one needs to edit lynx.cfg on different GNU / Linux and BSD* distributions lynx.cfg is located in different directory.

Most of the lynx.cfg usual locations are /etc/lynx/lynx.cfg or /etc/lynx.cfg as of time of writting this post in Debian Squeeze GNU / Linux the lynx.cfg is located in /etc/lynx-cur/lynx.cfg, whether for FreeBSD / NetBSD / OpenBSD users the file is located in /usr/local/etc/lynx.cfg

What I did to allow all cookies is open lynx.cfg in vim edit and change the following lines:

a)

#FORCE_SSL_COOKIES_SECURE:FALSE

with

FORCE_SSL_COOKIES_SECURE:TRUE

b)

#SET_COOKIES:TRUE

uncomment it to:

SET_COOKIES:TRUE

c) next, change

ACCEPT_ALL_COOKIES:FALSE

ACCEPT_ALL_COOKIES:TRUE

Onwards opening any website with lynx auto-accepts the cookies.

lynx Always allowing from domain cookies Linux screenshot

Google in Bulgarian Lynx browser screenshot

For people who care about there security (who still browse in console (surely not many anymore)), permanently allowing the cookies is not a good idea. But for those who are ready to drop off little security for convenience its ok.
 

How to make a mirror of website on GNU / Linux with wget / Few tips on wget site mirroring

Wednesday, February 22nd, 2012

how-to-make-mirror-of-website-on-linux-wget

Everyone who used Linux is probably familiar with wget or has used this handy download console tools at least thousand of times. Not so many Desktop GNU / Linux users like Ubuntu and Fedora Linux users had tried using wget to do something more than single files download.
Actually wget is not so popular as it used to be in earlier linux days. I've noticed the tendency for newer Linux users to prefer using curl (I don't know why).

With all said I'm sure there is plenty of Linux users curious on how a website mirror can be made through wget.
This article will briefly suggest few ways to do website mirroring on linux / bsd as wget is both available on those two free operating systems.

1. Most Simple exact mirror copy of website

The most basic use of wget's mirror capabilities is by using wget's -mirror argument:

# wget -m http://website-to-mirror.com/sub-directory/

Creating a mirror like this is not a very good practice, as the links of the mirrored pages will still link to external URLs. In other words link URL will not pointing to your local copy and therefore if you're not connected to the internet and try to browse random links of the webpage you will end up with many links which are not opening because you don't have internet connection.

2. Mirroring with rewritting links to point to localhost and in between download page delay

Making mirror with wget can put an heavy load on the remote server as it fetches the files as quick as the bandwidth allows it. On heavy servers rapid downloads with wget can significantly reduce the download server responce time. Even on a some high-loaded servers it can cause the server to hang completely.
Hence mirroring pages with wget without explicity setting delay in between each page download, could be considered by remote server as a kind of DoS – (denial of service) attack. Even some site administrators have already set firewall rules or web server modules configured like Apache mod_security which filter requests to IPs which are doing too frequent HTTP GET /POST requests to the web server.
To make wget delay with a 10 seconds download between mirrored pages use:

# wget -mk -w 10 -np --random-wait http://website-to-mirror.com/sub-directory/

The -mk stands for -m/-mirror and -k / shortcut argument for –convert-links (make links point locally), –random-wait tells wget to make random waits between o and 10 seconds between each page download request.

3. Mirror / retrieve website sub directory ignoring robots.txt "mirror restrictions"

Some websites has a robots.txt which restricts content download with clients like wget, curl or even prohibits, crawlers to download their website pages completely.

/robots.txt restrictions are not a problem as wget has an option to disable robots.txt checking when downloading.
Getting around the robots.txt restrictions with wget is possible through -e robots=off option.
For instance if you want to make a local mirror copy of the whole sub-directory with all links and do it with a delay of 10 seconds between each consequential page request without reading at all the robots.txt allow/forbid rules:

# wget -mk -w 10 -np -e robots=off --random-wait http://website-to-mirror.com/sub-directory/

4. Mirror website which is prohibiting Download managers like flashget, getright, go!zilla etc.

Sometimes when try to use wget to make a mirror copy of an entire site domain subdirectory or the root site domain, you get an error similar to:

Sorry, but the download manager you are using to view this site is not supported.
We do not support use of such download managers as flashget, go!zilla, or getright

This message is produced by the site dynamic generation language PHP / ASP / JSP etc. used, as the website code is written to check on the browser UserAgent sent.
wget's default sent UserAgent to the remote webserver is:
Wget/1.11.4

As this is not a common desktop browser useragent many webmasters configure their websites to only accept well known established desktop browser useragents sent by client browsers.
Here are few typical user agents which identify a desktop browser:
 

  • Mozilla/5.0 (Windows NT 6.1; rv:6.0) Gecko/20110814 Firefox/6.0
  • Mozilla/5.0 (X11; Linux i686; rv:6.0) Gecko/20100101 Firefox/6.0
  • Mozilla/6.0 (Macintosh; I; Intel Mac OS X 11_7_9; de-LI; rv:1.9b4) Gecko/2012010317 Firefox/10.0a4
  • Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.2a1pre) Gecko/20110324 Firefox/4.2a1pre

etc. etc.

If you're trying to mirror a website which has implied some kind of useragent restriction based on some "valid" useragent, wget has the -U option enabling you to fake the useragent.

If you get the Sorry but the download manager you are using to view this site is not supported , fake / change wget's UserAgent with cmd:

# wget -mk -w 10 -np -e robots=off \
--random-wait
--referer="http://www.google.com" \--user-agent="Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6" \--header="Accept:text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" \--header="Accept-Language: en-us,en;q=0.5" \--header="Accept-Encoding: gzip,deflate" \--header="Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7" \--header="Keep-Alive: 300"

For the sake of some wget anonimity – to make wget permanently hide its user agent and pretend like a Mozilla Firefox running on MS Windows XP use .wgetrc like this in home directory.

5. Make a complete mirror of a website under a domain name

To retrieve complete working copy of a site with wget a good way is like so:

# wget -rkpNl5 -w 10 --random-wait www.website-to-mirror.com

Where the arguments meaning is:
-r – Retrieve recursively
-k – Convert the links in documents to make them suitable for local viewing
-p – Download everything (inline images, sounds and referenced stylesheets etc.)
-N – Turn on time-stamping
-l5 – Specify recursion maximum depth level of 5

6. Make a dynamic pages static site mirror, by converting CGI, ASP, PHP etc. to HTML for offline browsing

It is often websites pages are ending in a .php / .asp / .cgi … extensions. An example of what I mean is for instance the URL http://php.net/manual/en/tutorial.php. You see the url page is tutorial.php once mirrored with wget the local copy will also end up in .php and therefore will not be suitable for local browsing as .php extension is not understood how to interpret by the local browser.
Therefore to copy website with a non-html extension and make it offline browsable in HTML there is the –html-extension option e.g.:

# wget -mk -w 10 -np -e robots=off \
--random-wait \
--convert-links http://www.website-to-mirror.com

A good practice in mirror making is to set a download limit rate. Setting such rate is both good for UP and DOWN side (the local host where downloading and remote server). download-limit is also useful when mirroring websites consisting of many enormous files (documental movies, some music etc.).
To set a download limit to add –limit-rate= option. Passing by to wget –limit-rate=200K would limit download speed to 200KB.

Other useful thing to assure wget has made an accurate mirror is wget logging. To use it pass -o ./my_mirror.log to wget.
 

Auto restart Apache on High server load (bash shell script) – Fixing Apache server temporal overload issues

Saturday, March 24th, 2012

auto-restart-apache-on-high-load-bash-shell-script-fixing-apache-temporal-overload-issues

I've written a tiny script to check and restart, Apache if the server encounters, extremely high load avarage like for instance more than (>25). Below is an example of a server reaching a very high load avarage:;

server~:# uptime
13:46:59 up 2 days, 18:54, 1 user, load average: 58.09, 59.08, 60.05
load average: 0.09, 0.08, 0.08

Sometimes high load avarage is not a problem, as the server might have a very powerful hardware. A high load numbers is not always an indicator for a serious problems. Some 16 CPU dual core (2.18 Ghz) machine with 16GB of ram could probably work normally with a high load avarage like in the example. Anyhow as most servers are not so powerful having such a high load avarage, makes the machine hardly do its job routine.

In my specific, case one of our Debian Linux servers is periodically reaching to a very high load level numbers. When this happens the Apache webserver is often incapable to serve its incoming requests and starts lagging for clients. The only work-around is to stop the Apache server for a couple of seconds (10 or 20 seconds) and then start it again once the load avarage has dropped to less than "3".

If this temporary fix is not applied on time, the server load gets increased exponentially until all the server services (ssh, ftp … whatever) stop responding normally to requests and the server completely hangs …

Often this server overloads, are occuring at night time so I'm not logged in on the server and one such unexpected overload makes the server unreachable for hours.
To get around the sudden high periodic load avarage server increase, I've written a tiny bash script to monitor, the server load avarage and initiate an Apache server stop and start with a few seconds delay in between.

#!/bin/sh
# script to check server for extremely high load and restart Apache if the condition is matched
check=`cat /proc/loadavg | sed 's/\./ /' | awk '{print $1}'`
# define max load avarage when script is triggered
max_load='25'
# log file
high_load_log='/var/log/apache_high_load_restart.log';
# location of inidex.php to overwrite with temporary message
index_php_loc='/home/site/www/index.php';
# location to Apache init script
apache_init='/etc/init.d/apache2';
#
site_maintenance_msg="Site Maintenance in progress - We will be back online in a minute";
if [ $check -gt "$max_load" ]; then>
#25 is load average on 5 minutes
cp -rpf $index_php_loc $index_php_loc.bak_ap
echo "$site_maintenance_msg" > $index_php_loc
sleep 15;
if [ $check -gt "$max_load" ]; then
$apache_init stop
sleep 5;
$apache_init restart
echo "$(date) : Apache Restart due to excessive load | $check |" >> $high_load_log;
cp -rpf $index_php_loc.bak_ap $index_php_loc
fi
fi

The idea of the script is partially based on a forum thread – Auto Restart Apache on High Loadhttp://www.webhostingtalk.com/showthread.php?t=971304Here is a link to my restart_apache_on_high_load.sh script

The script is written in a way that it makes two "if" condition check ups, to assure 100% there is a constant high load avarage and not just a temporal 5 seconds load avarage jump. Once the first if is matched, the script first tries to reduce the server load by overwritting a the index.php, index.html script of the website with a one stating the server is ongoing a maintenance operations.
Temporary stopping the index page, often reduces the load in 10 seconds of time, so the second if case is not necessery at all. Sometimes, however this first "if" condition cannot decrease enough the load and the server load continues to stay too high, then the script second if comes to play and makes apache to be completely stopped via Apache init script do 2 secs delay and launch the apache server again.

The script also logs about, the load avarage encountered, while the server was overloaded and Apache webserver was restarted, so later I can check what time the server overload occured.
To make the script periodically run, I've scheduled the script to launch every 5 minutes as a cron job with the following cron:

# restart Apache if load is higher than 25
*/5 * * * * /usr/sbin/restart_apache_on_high_load.sh >/dev/null 2>&1

I have also another system which is running FreeBSD 7_2, which is having the same overload server problems as with the Linux host.
Copying the auto restart apache on high load script on FreeBSD didn't work out of the box. So I rewrote a little chunk of the script to make it running on the FreeBSD host. Hence, if you would like to auto restart Apache or any other service on FreeBSD server get /usr/sbin/restart_apache_on_high_load_freebsd.sh my script and set it on cron on your BSD.

This script is just a temporary work around, however as its obvious that the frequency of the high overload will be rising with time and we will need to buy new server hardware to solve permanently the issues, anyways, until this happens the script does a great job 🙂

I'm aware there is also alternative way to auto restart Apache webserver on high server loads through using monit utility for monitoring services on a Unix system. However as I didn't wanted to bother to run extra services in the background I decided to rather use the up presented script.

Interesting info to know is Apache module mod_overload exists – which can be used for checking load average. Using this module once load avarage is over a certain number apache can stop in its preforked processes current serving request, I've never tested it myself so I don't know how usable it is. As of time of writting it is in early stage version 0.2.2
If someone, have tried it and is happy with it on a busy hosting servers, please share with me if it is stable enough?

Frogatto & Friends – One of the TOP 10 Arcade Free Software & Open Source Games for GNU / Linux and FreeBSD

Friday, December 16th, 2011

Frogatto old-school 2d jump and run free software game for GNU / Linux and FreeBSD
1. Frogatto & Friends – Is an Indian Free Software (Open Source) game in the spirit of old-school jump’en runs like Commander Keen, Prehistoric, Jazz Jack Rabbit

The game is really entertaining, the graphics looks approximately nice, the music is awesome, the gamelplay is good even though after some point in the game the moment with “where should I go now, I can’t find exit” comes through and it gets boring.

Generally if you compare with all the existing jump and run arcade games free software games available for Linux and FreeBSD the game will definetely arrange itself in the list of TOP 10 free software Arcade Games
and therefore its my own believe that Frogatto is a game that every GNU / Linux and FreeBSD desktop should have in Application -> Games GNOME menu.

Frogatto is rich of levels, enemies obstacles objects, places to visit (which puts it ahead of many of the linux arcade games which often miss enough game levels, has a too short game plots, or simply miss overall game diversity).

Frogatto linux freebsd game bombing airplaine

The game’s general look & feel is like a professional game and not just some tiny free software arcade, made by its authors for the sake to learn some programming, graphics or music creation.
Frogatto door leading to Grotto

Frogatto Free Software game wood screenshot

Besides that Frogatto & Friends is multi-platform supporting all the major operating systems.
Game supports:
 

  • Windows
  • Mac
  • iPhone
  • Debian GNU / Linux
  • FreeBSD

The game source code is also available on Frogatto.com – The Game’s Official website

The game is available as a deb package in Debian and Ubuntu GNU / Linuxes so to install on those deb based distributions, simply use apt:

debian:~# apt-get install frogatto
...

The above command will install two packages frogatto (containing the game’s main executable binary) and frogatto-data containinng all the game textures, levels, graphics, music etc.

BTW the package saparation on a gamename and gamename-data in Debian (for all those who have not still noticed), can be seen on most of the games with a game data that takes more disk space.

After the game is installed the only way to start the game is to run it manually through pressing ALT+F2 in GNOME or running the progrtam through gnome-terminal with cmd:

debian:~$ frogatto

Here are few more Frogatto gameplay screenshots:

Frogatto free open source game screenshot a game bad guy

Frogatto different level screenshot

I’ve noticed Frogatto is also available as an RPM package for Fedora Linux, as well as has a FreeBSD port in the /usr/ports/games/frogatto and this makes it easy to install on most free software OSes in the wild.

While checking frogatto.com , I found an interesting link to a website offering free graphics (pictures), textures and sounds for free and open source games for all those who hold interest into the development of Free Software & Open Source Games make sure you check OpenGameArt.org

OpenGameArt.org looks like a great initiative and will definitely be highly beneficial to the development of more and better FSOS Games so I wish them God speed with this noble initiative.

Frogatto is very suitable for growing kids since it doesn’t contain no violence and every now and then the main game actor the Frogatto Frog leads few lines English dialogues with some of the characters found in the quest.
For none speaking English countries, the game can help the kids to learn some basic english words and thus can help develop kids intellect and knowledge
And oh yeah one more criticism towards the game is the Enlish structure, it seems people who wrote the plot can work this out in the time to come. Many of the English sentences during dialogues the frog leads with the cranks he met does not sound like a common and sometimes even correct english / phrases.

Besides those little game “defect”, the game is pretty awesome and worthy to kill some time and relax from a long stressy day.