Posts Tagged ‘support’

Heroes of Might and Magic 2: Best old-school turn based strategic game to play on your Android mobile phone

Monday, June 16th, 2014

Reading Time: 5minutes

heroes-of-might-and-magic-2-for-your-mobile-smartphone-android-screenshot

Probably many people which are my age (I'm aged 30 now), spent many days and sleepless nights being totally addicted playing probablyone of the most addictive (and in my view greatest strategy game of all time) – Heroes of Might and Magic II (HOMM2).
In that thoughts it will be a great news for you if you're owning smartphone that you can turn-back some nice memories and play (for free) a port of Heroes 2 for Android.

Free Heroes 2 Android port is it is made to support multiple screened devices so game  version could be played on both Android Tablet a tiny screen smart phone or a middle sized mobile. Also Free Heroes 2 mobile port allows you to choose 'The Magnifying glass' option on first game boot, so if you're on a tiny screened mobile you can still zoom by pointing on a game object. Free Heroes 2 Android port is there thanks toGerhard Stein who is also an author of OpenTyrian mobile phone port and the amazing old computer jump-and-run arcadeCommander Keen. Game pointer controls of FHeroes2 are pretty convenient and playing the game is almost as confortable as played with a PC mouse.
Free Heroes 2 is port of Free Heroes 2 engineFree implementation of Heroes of the Might and Magic II engine in SDL and because SDL is platform independent Free Heroes is also available for both Windows / Linux. Maybe here is time too mention that Heroes2 original DOS game works perfectly on any modern Linux distribution when started through DOSBOX DOS emulator.

By default Free Heroes2  has no game campaign support yet. In order to enable campaing support into Free Heroes 2, download FULL Heroes 2 gameput data files to mobile SD card to dir app-data/net.sourceforge.fheroes2 and campaign option will be there too.

heroes_of_might_and_magic_ii_play-on-android-best-strategy-old-game-for-android

Heroes of Might and Magic 2 – The succession Wars (or HEROES2, as it is widely known in Gamers communities) is a turn based strategy game  from year 1996 developed by Jon Van Caneghem by his New World Computing company it was marketed under on the market under brand of 3DO Company. Heroes II was voted the sixth-best PC game of all time by PC Gamer in May 1997. Heroes2 has also a game expansion pack called the Price of Loyalty released in 1997 as well as Heroes of Might and Magic II – Gold – from 1998. The game graphic design looks very beautiful and combined with the soundtrack makes playing it an awesome and calming experience. The game is very notable especially for soundtrack which is all of a beautiful classical music.

Heroes-of-might-and-magic-2-best-games-of-all-time-screenshot-HOMM2
(Picture taken and copyrighted by Wikipedia)

Gameplay

The titular heroes (horse) are player characters who can recruit armies, move around the map, capture resources, and engage in combat. The heroes also incorporate some role-playing game elements; they possess a set of statistics that confer bonuses to an army, artifacts that enhance their powers, and knowledge of magical spells that can be used to attack enemies or produce strategic benefits. Also, heroes gain experience levels from battle, such that veteran heroes are significantly more powerful than inexperienced ones.

On a typical map, players begin a game with one town of a chosen alignment. Each town alignment hosts a unique selection of creatures from which the player can build an army. Town alignment also determines other unique traits such as native hero classes, special bonuses or abilities, and leanings toward certain skills or kinds of magic.

heroes-of-might-and-magic-town_castle-sorceress-screenshot

Towns play a central role in the games since they are the primary source of income and new recruits. A typical objective in each game is to capture all enemy towns. Maps may also start with neutral towns, which do not send out heroes but may still be captured by any player. It is therefore possible, and common, to have more towns than players on a map. When captured, a town retains its alignment type, allowing the new owner to create a mixed army. A player or team is eliminated when no towns or heroes are left under their control. Usually the last player or team remaining is the victor.

As heroes visit special locations called obelisks, pieces are removed from a jigsaw puzzle-like map, gradually revealing 'The Ultimate Artifact location to the player. Once found, it confers immense bonuses to the player capable of breaking a stalemate: the grail can be taken back to a town and used to build a special structure, while the ultimate artifact provides the bonuses directly through possession.

heroes-of-might-and-magic-2-battle-for-castle-screenshot

Whenever a player engages in battle

The game changes from the adventure map display to a combat screen, which is based on either a hexagonal or square grid. In this mode, the game mimics the turn-based tactics genre, as the engaged armies must carry through the battle without the opportunity to reinforce or gracefully retreat. With few exceptions, combat must end with the losing army deserting, being destroyed, or paying a heavy price in gold to surrender. Surrendering allows the player to keep the remaining units intact. Battles can be led army army to army or castles / villages can be fight and (captured) occupied. Owning a town gives your hero daily an income of money later used to buy and upgrade castle buildings.

heroes-of-might-and-magic-ii-the-succession-wars-wizard-castle-building-options-screenshot

Also you your moved heroes could overtake mines producing different goods like minerals, sulfur, gold, emeralds etc. Building different buildings and building war units for army usually cost gold and some kind of resource.

Game Story

Heroes II history continues afterHeroes I. Ending of Heroes I results in Lord Morglin Ironfist's victory. In the following years, he has successfully unified the continent of Enroth and secured his rule as king. Upon the king's death, his two sons, Archibald and Roland, vie for the crown. Archibald orchestrates a series of events that lead to Roland's exile. Archibald is then declared the new king, while Roland organizes a resistance. Each alignment is represented by one of the game's two campaigns. Archibald's campaign features the three "evil" town alignments, while Roland's campaign features the three "good" town alignments.

If Archibald is victorious, Roland's rebellion is crushed, and Roland himself is imprisoned in Castle Ironfist, leaving Archibald the uncontested ruler of Enroth. The  ending, however, results in Roland's victory, with Archibald being turned to stone by Roland's court wizard, Tanir.

If you're more interested to play modern games and get some more games modern games more entertaining take a look at Kevin Martin's JoyofAndroid Best Adnroid Games post here.

Enjoy

Unique MenuetOS – Free Software 32 / 64 bit OS entirely written in assembly language

Wednesday, July 10th, 2013

Reading Time: 3minutes

 

unique operating-system menuetos written-in-assembler-programming-logo

Something very unique, I stumbled on some time ago and worthy to mention and recommend for everyone to test is MenuetOS. Can you imagine, someone might write an operating system entirely from scratch in 32 / 64 bit Assemler? Idea sounds crazy and impossible but in fact developers of MenuetOS already achieved it!

Unique OS - menuetos asm free os start-menu screenshot

Normally every modern operating system nowadays is based on some kind of UNIX / Linux / or NT (Windows) technology or at least follows some kind of POSIX standartization.
 The design goal of MenuetOS since the first release in year 2000, is to remove the extra layers between different parts of an OS. The more the layers more complicated the programming behind is and therefore this creates bugs more bugs. MenuetOS follows the idea of KISS model (Keep It Simple Stupid). Its amazing what people can write in pure asm programming!! 64 bit version of menuet is also backward compatible with 32 bit. MenuetOS supports mostly all any other modern OS does. Here is list of Supported Features:

 

 

 

 

  • – Pre-emptive multitasking with 1000hz scheduler, multithreading, multiprocessor, ring-3 protection
  • – Responsive GUI with resolutions up to 1920×1080, 16 million colours
  • – Free-form, transparent and skinnable application windows, drag'n drop
  • – SMP multiprocessor support with currently up to 8 cpus
  • – IDE: Editor/Assembler for applications
  • – USB 2.0 HiSpeed Classes: Storage, Printer, Webcam Video and TV/Radio support
  • – USB 1.1 Keyboard and Mouse support
  • – TCP/IP stack with Loopback & Ethernet drivers
  • – Email/ftp/http/chess clients and ftp/mp3/http servers
  • – Hard real-time data fetch
  • – Fits on a single floppy, boots also from CD and USB drives

MenuetOS has fully functional Graphic interface (environment). Though it is so simple it is much more fast (as written in assembler) and behaves more stable than other OS-es written in C/ C++.
Its bundled with a POP3 / Imap mail client soft

menuetos assmebly OS mail client
As of time even some major legendary Games like DoomQuake, Sokoban and Chess are ported to MenuetOS !!!

doom2-id-games-running-on-menuetos-operating-system-in-assembler-from-scratch

MenuetOS Doom

quake legendary game running on Menuetos asm free OS

Quake I port on MenuetOS

Below are some more screenshots of Apps and stuff running

Maniac Mansion running on MenuetOS assembler build free Operating system

The world famous Maniac Mansion (1987)

Prince of Persia running on 32 64 bit assembler written GPL free-OS

Arcade Classic of 16 bit and 8 bit computers Prince of Persia running on top of dosbox on MenuetOS

For those who like to program old school MenuetOS has BASIC compiler, C library (supports C programming), debuggers, Command Prompt.

It even supports Networking and has some  most popular network adapters drivers as well as has basic browsing support through HTTP application.

unique-os-menuetos-browsing-with-httpc-browser

You can listen music with CD Player but no support for mp3 yet.
To give MenuetOS a try just like any other Live Linux distribution it has Bootable LiveCD version – you can download it from here
MenuetOS is a very good for people interested to learn good 32 bit and 64 bit Assembler Programming.
Enjoy this unique ASM true hacker OS 😉

Drawing GANTT Charts and Project Management on Linux, (Microsoft Project substitute for Unix)

Tuesday, October 12th, 2010

Reading Time: 3minutes

I'm studying Project Management, right now. In that spirit of thoughts I and a couple of other guys are building a Project Plan.
As it Project Plan it's necessary to put a GANTT Chart in it to show visually the project timeline (the phases), the duration and the inter-relation between the different tasks which leads the project to an actual completion.

After a bit of thorough research online on available software to deal with project management and particularly, ones that are capable to build a GANTT charts on Linux / BSD.

I've come with the following list of software capable to be a substitute for the Microsoft Project software.
Redmine GANTT Chart

GANTT chart Redmine

1. Gantt Project
GANTTProject chartGANTTProject Chart

2. Gnome Planner
Planner GANTT Gnome ChartPlanner GANTT Chone Chart

3. Task Juggler Project Manager with GANTT Capability for (KDE)
Task Juggler

4. JxProject – This software is not free, though it can be considered almost free
Take a look also at:
5. Trac , though it doesn't really support GANTT charts it's a lovely software to be used for PM.
Trac Project Management

Another option you have is to try out:
6. PHProjekt

Update 20.09.2016 – PHPProject Old download link is no longer active

It is this link http://www.phprojekt.com/, but the page doesn’t seem to be active any more. I thought you might want to update.

If you are looking for an alternative please check out http://wiht.link/PHProjekt-PM, it may make a suitable replacement.

Kind Regards,
Tom Wilcox


That piece of softwre really looks promising, especially if we consider that it's web based and how much essential is today to have an anline tools for doing the ordinary desktop jobs.

You can even check an online demo of the PHPProjekt software here

If you're a type of KDE user you definitely has to try out Kplato

As I've tested the software the software is easy to be used, however it still is missing some essential parts that Microsoft Project includes so it's not 100% substitute.
Also it's not able to open Microsoft Project (MPP) files, neither able to save the charts in the .mpp format.

Moving ahead I've came across DotProjectDotProject Gantt Chart
DottProject Gantt Chart

I haven't took the time to test it myself but however, as I go through the software website the project looked quite good.
Lastly you can take a look at: 7. PStricks as a mean of project management, however I think it doesn't support GANTT chart building.
>

‘host-name’ is blocked because of many connection errors; unblock with ‘mysqladmin flush-hosts’

Sunday, May 20th, 2012

Reading Time: 3minutes

mysql-logo-host-name-blocked-because-of-many-connection-errors
My home run machine MySQL server was suddenly down as I tried to check my blog and other sites today, the error I saw while trying to open, this blog as well as other hosted sites using the MySQL was:

Error establishing a database connection

The topology, where this error occured is simple, I have two hosts:

1. Apache version 2.0.64 compiled support externally PHP scripts interpretation via libphp – the host runs on (FreeBSD)

2. A Debian GNU / Linux squeeze running MySQL server version 5.1.61

The Apache host is assigned a local IP address 192.168.0.1 and the SQL server is running on a host with IP 192.168.0.2

To diagnose the error I've logged in to 192.168.0.2 and weirdly the mysql-server was appearing to run just fine:
 

debian:~# ps ax |grep -i mysql
31781 pts/0 S 0:00 /bin/sh /usr/bin/mysqld_safe
31940 pts/0 Sl 12:08 /usr/sbin/mysqld –basedir=/usr –datadir=/var/lib/mysql –user=mysql –pid-file=/var/run/mysqld/mysqld.pid –socket=/var/run/mysqld/mysqld.sock –port=3306
31941 pts/0 S 0:00 logger -t mysqld -p daemon.error
32292 pts/0 S+ 0:00 grep -i mysql

Moreover I could connect to the localhost SQL server with mysql -u root -p and it seemed to run fine. The error Error establishing a database connection meant that either something is messed up with the database or 192.168.0.2 Mysql port 3306 is not properly accessible.

My first guess was something is wrong due to some firewall rules, so I tried to connect from 192.168.0.1 to 192.168.0.2 with telnet:
 

freebsd# telnet 192.168.0.2 3306
Trying 192.168.0.2…
Connected to jericho.
Escape character is '^]'.
Host 'webserver' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts'
Connection closed by foreign host.

Right after the telnet was initiated as I show in the above output the connection was immediately closed with the error:

Host 'webserver' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts'Connection closed by foreign host.

In the error 'webserver' is my Apache machine set hostname. The error clearly states the problems with the 'webserver' apache host unable to connect to the SQL database are due to 'many connection errors' and a fix i suggested with mysqladmin flush-hosts

To temporary solve the error and restore my normal connectivity between the Apache and the SQL servers I logged I had to issue on the SQL host:

mysqladmin -u root -p flush-hostsEnter password:

Thogh this temporar fix restored accessibility to the databases and hence the websites errors were resolved, this doesn't guarantee that in the future I wouldn't end up in the same situation and therefore I looked for a permanent fix to the issues once and for all.

The permanent fix consists in changing the default value set for max_connect_error in /etc/mysql/my.cnf, which by default is not too high. Therefore to raise up the variable value, added in my.cnf in conf section [mysqld]:

debian:~# vim /etc/mysql/my.cnf
...
max_connect_errors=4294967295

and afterwards restarted MYSQL:

debian:~# /etc/init.d/mysql restart
Stopping MySQL database server: mysqld.
Starting MySQL database server: mysqld.
Checking for corrupt, not cleanly closed and upgrade needing tables..

To make sure the assigned max_connect_errors=4294967295 is never reached due to Apache to SQL connection errors, I've also added as a cronjob.

debian:~# crontab -u root -e
00 03 * * * mysqladmin flush-hosts

In the cron I have omitted the mysqladmin -u root -p (user/pass) input options because for convenience I have already stored the mysql root password in /root/.my.cnf

Here is how /root/.my.cnf looks like:

debian:~# cat /root/.my.cnf
[client]
user=root
password=a_secret_sql_password

Now hopefully, this would permanently solve SQL's 'failure to accept connections' due to too many connection errors for future.

Resolving “nf_conntrack: table full, dropping packet.” flood message in dmesg Linux kernel log

Wednesday, March 28th, 2012

Reading Time: 5minutes

nf_conntrack_table_full_dropping_packet
On many busy servers, you might encounter in /var/log/syslog or dmesg kernel log messages like

nf_conntrack: table full, dropping packet

to appear repeatingly:

[1737157.057528] nf_conntrack: table full, dropping packet.
[1737157.160357] nf_conntrack: table full, dropping packet.
[1737157.260534] nf_conntrack: table full, dropping packet.
[1737157.361837] nf_conntrack: table full, dropping packet.
[1737157.462305] nf_conntrack: table full, dropping packet.
[1737157.564270] nf_conntrack: table full, dropping packet.
[1737157.666836] nf_conntrack: table full, dropping packet.
[1737157.767348] nf_conntrack: table full, dropping packet.
[1737157.868338] nf_conntrack: table full, dropping packet.
[1737157.969828] nf_conntrack: table full, dropping packet.
[1737157.969928] nf_conntrack: table full, dropping packet
[1737157.989828] nf_conntrack: table full, dropping packet
[1737162.214084] __ratelimit: 83 callbacks suppressed

There are two type of servers, I've encountered this message on:

1. Xen OpenVZ / VPS (Virtual Private Servers)
2. ISPs – Internet Providers with heavy traffic NAT network routers
 

I. What is the meaning of nf_conntrack: table full dropping packet error message

In short, this message is received because the nf_conntrack kernel maximum number assigned value gets reached.
The common reason for that is a heavy traffic passing by the server or very often a DoS or DDoS(Distributed Denial of Service) attack. Sometimes encountering the err is a result of a bad server planning (incorrect data about expected traffic load by a company/companeis) or simply a sys admin error…

– Checking the current maximum nf_conntrack value assigned on host:

linux:~# cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max
65536

– Alternative way to check the current kernel values for nf_conntrack is through:

linux:~# /sbin/sysctl -a|grep -i nf_conntrack_max
error: permission denied on key 'net.ipv4.route.flush'
net.netfilter.nf_conntrack_max = 65536
error: permission denied on key 'net.ipv6.route.flush'
net.nf_conntrack_max = 65536

– Check the current sysctlnf_conntrack active connections

To check present connection tracking opened on a system:

:

linux:~# /sbin/sysctl net.netfilter.nf_conntrack_count
net.netfilter.nf_conntrack_count = 12742

The shown connections are assigned dynamicly on each new succesful TCP / IP NAT-ted connection. Btw, on a systems that work normally without the dmesg log being flooded with the message, the output of lsmod is:

linux:~# /sbin/lsmod | egrep 'ip_tables|conntrack'
ip_tables 9899 1 iptable_filter
x_tables 14175 1 ip_tables

On servers which are encountering nf_conntrack: table full, dropping packet error, you can see, when issuing lsmod, extra modules related to nf_conntrack are shown as loaded:

linux:~# /sbin/lsmod | egrep 'ip_tables|conntrack'
nf_conntrack_ipv4 10346 3 iptable_nat,nf_nat
nf_conntrack 60975 4 ipt_MASQUERADE,iptable_nat,nf_nat,nf_conntrack_ipv4
nf_defrag_ipv4 1073 1 nf_conntrack_ipv4
ip_tables 9899 2 iptable_nat,iptable_filter
x_tables 14175 3 ipt_MASQUERADE,iptable_nat,ip_tables

 

II. Remove completely nf_conntrack support if it is not really necessery

It is a good practice to limit or try to omit completely use of any iptables NAT rules to prevent yourself from ending with flooding your kernel log with the messages and respectively stop your system from dropping connections.

Another option is to completely remove any modules related to nf_conntrack, iptables_nat and nf_nat.
To remove nf_conntrack support from the Linux kernel, if for instance the system is not used for Network Address Translation use:

/sbin/rmmod iptable_nat
/sbin/rmmod ipt_MASQUERADE
/sbin/rmmod rmmod nf_nat
/sbin/rmmod rmmod nf_conntrack_ipv4
/sbin/rmmod nf_conntrack
/sbin/rmmod nf_defrag_ipv4

Once the modules are removed, be sure to not use iptables -t nat .. rules. Even attempt to list, if there are any NAT related rules with iptables -t nat -L -n will force the kernel to load the nf_conntrack modules again.

Btw nf_conntrack: table full, dropping packet. message is observable across all GNU / Linux distributions, so this is not some kind of local distribution bug or Linux kernel (distro) customization.
 

III. Fixing the nf_conntrack … dropping packets error

– One temporary, fix if you need to keep your iptables NAT rules is:

linux:~# sysctl -w net.netfilter.nf_conntrack_max=131072

I say temporary, because raising the nf_conntrack_max doesn't guarantee, things will get smoothly from now on.
However on many not so heavily traffic loaded servers just raising the net.netfilter.nf_conntrack_max=131072 to a high enough value will be enough to resolve the hassle.

– Increasing the size of nf_conntrack hash-table

The Hash table hashsize value, which stores lists of conntrack-entries should be increased propertionally, whenever net.netfilter.nf_conntrack_max is raised.

linux:~# echo 32768 > /sys/module/nf_conntrack/parameters/hashsize
The rule to calculate the right value to set is:
hashsize = nf_conntrack_max / 4

– To permanently store the made changes ;a) put into /etc/sysctl.conf:

linux:~# echo 'net.netfilter.nf_conntrack_count = 131072' >> /etc/sysctl.conf
linux:~# /sbin/sysct -p

b) put in /etc/rc.local (before the exit 0 line):

echo 32768 > /sys/module/nf_conntrack/parameters/hashsize

Note: Be careful with this variable, according to my experience raising it to too high value (especially on XEN patched kernels) could freeze the system.
Also raising the value to a too high number can freeze a regular Linux server running on old hardware.

– For the diagnosis of nf_conntrack stuff there is ;

/proc/sys/net/netfilter kernel memory stored directory. There you can find some values dynamically stored which gives info concerning nf_conntrack operations in "real time":

linux:~# cd /proc/sys/net/netfilter
linux:/proc/sys/net/netfilter# ls -al nf_log/

total 0
dr-xr-xr-x 0 root root 0 Mar 23 23:02 ./
dr-xr-xr-x 0 root root 0 Mar 23 23:02 ../
-rw-r--r-- 1 root root 0 Mar 23 23:02 0
-rw-r--r-- 1 root root 0 Mar 23 23:02 1
-rw-r--r-- 1 root root 0 Mar 23 23:02 10
-rw-r--r-- 1 root root 0 Mar 23 23:02 11
-rw-r--r-- 1 root root 0 Mar 23 23:02 12
-rw-r--r-- 1 root root 0 Mar 23 23:02 2
-rw-r--r-- 1 root root 0 Mar 23 23:02 3
-rw-r--r-- 1 root root 0 Mar 23 23:02 4
-rw-r--r-- 1 root root 0 Mar 23 23:02 5
-rw-r--r-- 1 root root 0 Mar 23 23:02 6
-rw-r--r-- 1 root root 0 Mar 23 23:02 7
-rw-r--r-- 1 root root 0 Mar 23 23:02 8
-rw-r--r-- 1 root root 0 Mar 23 23:02 9

 

IV. Decreasing other nf_conntrack NAT time-out values to prevent server against DoS attacks

Generally, the default value for nf_conntrack_* time-outs are (unnecessery) large.
Therefore, for large flows of traffic even if you increase nf_conntrack_max, still shorty you can get a nf_conntrack overflow table resulting in dropping server connections. To make this not happen, check and decrease the other nf_conntrack timeout connection tracking values:

linux:~# sysctl -a | grep conntrack | grep timeout
net.netfilter.nf_conntrack_generic_timeout = 600
net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 120
net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 60
net.netfilter.nf_conntrack_tcp_timeout_established = 432000
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_last_ack = 30
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close = 10
net.netfilter.nf_conntrack_tcp_timeout_max_retrans = 300
net.netfilter.nf_conntrack_tcp_timeout_unacknowledged = 300
net.netfilter.nf_conntrack_udp_timeout = 30
net.netfilter.nf_conntrack_udp_timeout_stream = 180
net.netfilter.nf_conntrack_icmp_timeout = 30
net.netfilter.nf_conntrack_events_retry_timeout = 15
net.ipv4.netfilter.ip_conntrack_generic_timeout = 600
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent2 = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv = 60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 432000
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_last_ack = 30
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close = 10
net.ipv4.netfilter.ip_conntrack_tcp_timeout_max_retrans = 300
net.ipv4.netfilter.ip_conntrack_udp_timeout = 30
net.ipv4.netfilter.ip_conntrack_udp_timeout_stream = 180
net.ipv4.netfilter.ip_conntrack_icmp_timeout = 30

All the timeouts are in seconds. net.netfilter.nf_conntrack_generic_timeout as you see is quite high – 600 secs = (10 minutes).
This kind of value means any NAT-ted connection not responding can stay hanging for 10 minutes!

The value net.netfilter.nf_conntrack_tcp_timeout_established = 432000 is quite high too (5 days!)
If this values, are not lowered the server will be an easy target for anyone who would like to flood it with excessive connections, once this happens the server will quick reach even the raised up value for net.nf_conntrack_max and the initial connection dropping will re-occur again …

With all said, to prevent the server from malicious users, situated behind the NAT plaguing you with Denial of Service attacks:

Lower net.ipv4.netfilter.ip_conntrack_generic_timeout to 60 – 120 seconds and net.ipv4.netfilter.ip_conntrack_tcp_timeout_established to stmh. like 54000

linux:~# sysctl -w net.ipv4.netfilter.ip_conntrack_generic_timeout = 120
linux:~# sysctl -w net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 54000

This timeout should work fine on the router without creating interruptions for regular NAT users. After changing the values and monitoring for at least few days make the changes permanent by adding them to /etc/sysctl.conf

linux:~# echo 'net.ipv4.netfilter.ip_conntrack_generic_timeout = 120' >> /etc/sysctl.conf
linux:~# echo 'net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 54000' >> /etc/sysctl.conf

How to permanently enable Cookies in Lynx text browser – Disable accept cookies prompt in lynx console browser

Wednesday, April 18th, 2012

Reading Time: 3minutes

lynx-text-browser-logo
The default behaviour of lynx console text browser on Linuces, BSD and other free OSes is to always ask, for the accept cookies prompt once an internet web page is opened that requires browser cookies to be enabled.

I should admin, having this "secure by default" (always ask for new cookies) behaviour in lynx was a good practice from a security point of view.

Another reason, why this cookies prompt is enabled by default is back in the days, when lynx was actively developed by programmers the websites with cookies support was not that many and even cookies was mostly required for user/pass authentication (all those who still remember this days the websites that requires authentication was a way less than today) …
With this said the current continuing security cautious behaviour in the browser, left from its old days is understandable.

Screenshot Google Accept cookies Lynx dialog FreeBSD

However I personally sometimes, need to use lynx more frequently and this behaviour of always opening a new website in text mode in console to prompts me for a cookie suddenly becomes a big waste of time if you use lynx to browser more than few sites. Hence I decided to change the default way lynx handles cookies and make them enabled by default instead.
Actually even in the past, when I was mainly using internet in console on every new server or home Linux install, I was again making the cookies to be permanently accepted.
Everyone who used lynx a few times already knows its "annoying" to all time accept cookie prompts … This provoked me to write this short article to explain how enabling of constant cookie accepting in lynx is done

To enable the persistent cookies in lynx, one needs to edit lynx.cfg on different GNU / Linux and BSD* distributions lynx.cfg is located in different directory.

Most of the lynx.cfg usual locations are /etc/lynx/lynx.cfg or /etc/lynx.cfg as of time of writting this post in Debian Squeeze GNU / Linux the lynx.cfg is located in /etc/lynx-cur/lynx.cfg, whether for FreeBSD / NetBSD / OpenBSD users the file is located in /usr/local/etc/lynx.cfg

What I did to allow all cookies is open lynx.cfg in vim edit and change the following lines:

a)

#FORCE_SSL_COOKIES_SECURE:FALSE

with

FORCE_SSL_COOKIES_SECURE:TRUE

b)

#SET_COOKIES:TRUE

uncomment it to:

SET_COOKIES:TRUE

c) next, change

ACCEPT_ALL_COOKIES:FALSE

ACCEPT_ALL_COOKIES:TRUE

Onwards opening any website with lynx auto-accepts the cookies.

lynx Always allowing from domain cookies Linux screenshot

Google in Bulgarian Lynx browser screenshot

For people who care about there security (who still browse in console (surely not many anymore)), permanently allowing the cookies is not a good idea. But for those who are ready to drop off little security for convenience its ok.
 

Free Software in Balkans 2010 (A free software conference on the Balkanies is approaching)

Tuesday, August 24th, 2010

Reading Time: 2minutes
Richard Stallman on a Free Software Conference

Today when I was reviewing my daily visited websites I come across an interesting news.
This kind of meeting is quite a news because it is the first in line where Free software users and developmers fromall around the balkanies will meet to discuss,test,share and continue the free software code and ideals.
The first Free Software conference in the Balkanies is about to be hosted in Vlora University Albania .

The conference Free Software in Balkans (FreeSB2010) is an annual meeting of the free software users, developpers and supporters in the Balkan countries. It will travel from country to country, year to year to different locations. The Conference will gather professionals, academics and enthusiasts who share the vision that software should be free and open for the community to develop and customize to its needs, and that knowledge is a communal property and free and open to everyone.

This kind of event will build up the social network between free software fans and developers and will further help in the general spread of free software on the balkanies.
This kind of meeting are already for a long time a tradition in many states in America, so having it in the balkanies is quite a development.

You can read a bit more about the exact focus of Free Software in Balkans 2010 conference here

Pitily right now there is no published scheduled list of presentations which are about to be given in the conference, but I guess the conference schedule would be out in a few days time.
I’m not yet sure if I’ll have the time and opportunity to attend the conference, however I do hope that somebody of my balkan readers will got interested into the “fabulous” Free Software event and will support the event’s initiative by visiting it 🙂

Adding Comments & Google search plugins to nanoblogger

Thursday, July 30th, 2009

Reading Time: 2minutes
Ever wondered how you can add comments option to nanoblogger just like any normal blogging software like wordpress do support? Cause I did, Today I wandered around in google a bit until I can make it.In order to make all this workable I choose the nbcom nanoblogger plugin.Here’s what led me to success.First prepare yourself to loose a couple of hours! It’s more complicated or at least it was more complicated than I expected to add a simple plugin as this.Second, You’ll need the following nbcom 1.1 archive .
Right after that you’ll need to untar it and rename hdrs.tmpl and consts.tmpl to *.php, edit them and remove all the unneeded “/” back slashes. Copy the content of nbcom-1.1 dir to the document root of your nanoblogger. Make sure to edit blog.conf and have all the necessary like BLOG_URL, BLOG_ADMIN=”session”, DB_PASS=”password_of_sql_user_session”, yes I forgot to mention that you’ll need to read the INSTALL file contained in the nbcom archive and follow the instructions for creation of user and database that nbcom would use in the future. There are described like 7+ files more you need to edit and if you’re lucky like I was you’ll have nanoblogger+comments support up and running! Hooray! Wish you Good luck.
Secondly probably you have wondered how to make nanoblogger has a normal search field just like any normal php based blogger software out there. It took me like an hour before I came to the enlightenment. First I had downloaded the google.sh script mirrored for you to make your life easier here .
Next copy the file to your nanoblogger plugins directory.
And last you have to edit the templates/main_index.htm file and add the content that is as commented in the google.sh file. If you’re lucky again you’ll have nanoblogger with this two valuable plugins working. EnjoyEND—–

Linux convert and read .mht (Microsoft html) file format. MHT format explained

Thursday, June 5th, 2014

Reading Time: 2minutes

linux-open-and-convert-mht-file-format-to-html-howto
If you're using Linux as a Desktop system sooner or later you will receive an email with instructions or an html page stored in .mht file format.
So what is mht?MHT is an webpage archive format (short for MIME HTML document). MHTML saves the Web page content and incorporates external resources, such as images, applets, Flash animations and so on, into HTML documents. Usually those .mht files were produced with Microsoft Internet Explorer – saving pages through:

File -> Save As (Save WebPage) dialog saves pages in .MHT.

To open those .mht files on Linux, where Firefox is availableadd theUNMHT FF Extension to browser. Besides allowing you to view MHT on Linux, whether some customer is requiring a copy of an HTML page in MHT, UNMHT allows you to also save complete web pages, including text and graphics, into a MHT file.
There is also support for Google Chrome browser for MHT opening and saving via a plugin called IETAB. But unfortunately IETAB is not supported in Linux.
Anyways IETAB is worthy to mention here as if your'e a Windows users and you want to browse pages compatible only with Internet Explorer, IETAB will emulates exactly IE by using IE rendering engine in Chrome  and supports Active X Controls. IETAB is a great extension for QA (web testers) using Windows for desktop who prefer to not use IE for security reasons. IETab supports IE6, IE7, IE8 and IE9.

Another way to convert .MHT content file into HTML is to use Linux KDE's mhttohtml tool.

linux-kde-converter-mhttohtml

Another approach to open .MHT files in Linux is to use Opera browser for Linux which has support for .MHT

Note that because MHT files could be storing potentially malicious content (like embedded Malware) it is always wise when opening MHT on Windows to assure you have scanned the file with Antivirus program. Often mails containing .MHT from unknown recipients are containing viruses or malware. Also links embedded into MHT file could easily expose you to spoof attacks. MHT files are encoded in combination of plain text MIMEs and BASE64 encoding scheme, MHT's mimetype is:

MIME type: message/rfc822