I got a great new phone. I got a galaxy samsung note edge and I have added the word press app. Now I can voice dictate blog posts. This is just cool.
I’ve been ask, “What is Mark up to now”?
You my friends now, I’m always learning new thing. Art, poetry, electronics, computing, as a matter of fact I’ve come to the conclusion my hobby is “Learning New Things”.
Now I’m learning how to make radios out of computer code. There is a little bit of hardware. But it’s a very little bit. The biggest part of the radio is the computer and the software to run the math.
Do you remember imaginary numbers from high school? Right… i = Sqr Root of -1
Well, I’ve found a use for all that math. Try to think of all the radio signals running through your space right now. AM radio, FM radio, TV, Cell Phone, WiFi, Blue Touth, Child monitors, CB radio, Ham Radio, Satellite signals, and more. Now think of them as sound. All that noise.
If you digitize that noise and run it through a few math functions, you can tune in one signal. With a little more math you can demodulate it and turn it back into sound.
I’ll post a few videos and document in the next few weeks about what I’m learning.
Un-maned Failover Operations
I have video of two MySQL servers (one master, on slave) failing over from Master to Slave. The Master becomes the Slave and vise-verse with the slave becoming read-only.
Zimbra is a groupware system that provides email, calendaring, integrated antivirus and spam filtering, and more for multiple domains. Available in several editions, this guide will help you get the Open Source Edition installed on your CentOS 5 Linux VPS.
Please note that Zimbra is a fairly "heavy" (resource-intensive) product compared to some other groupware offerings. We recommend a Linode 2048 or higher for best results; you may encounter issues using Zimbra with lower-resource plans. Additionally, note that Zimbra works best as a standalone product on your VPS; installation alongside other common software such as web or email servers is not advised.
We assume you've already followed the steps outlined in our getting started guide, and that your system is up to date. All configuration will be performed through the terminal; please make sure you're logged into your Linode as root via SSH.
These instructions work with the Linode platform. If you don't have a Linode yet, sign up for a Linux VPS and get started today.
Make sure your system is up to date by issuing the following command:
Issue the following command to install several packages required by Zimbra:
yum install gmp compat-libstdc++-33 sysstat sudo libidn wget
Depending on the requirements for the current version of Zimbra, you may need to install additional packages later. The install program will notify you if there additional packages are required.
Before proceeding, make sure your /etc/hosts file has valid entries. For reference, your file should resemble the following:
127.0.0.1 localhost.localdomain localhost
18.104.22.168 hostname.yourdomain.com hostname
Be sure to replace "22.214.171.124" with your Linode's IP address. Replace "hostname.yourdomain.com" with your Linode's fully qualified domain name. Next, make sure your hostname is set in /etc/hostname by issuing the following commands (insert your one-word hostname in place of "hostname").
echo "hostname" > /etc/hostname
hostname -F /etc/hostname
Issue the following commands to check your setup:
The first command should return only the one-word hostname for your system, while the second command should return the system's FQDN.
Visit the download page for Zimbra Open Source Edition and copy the link to the current version of the software for RHEL 5 to your clipboard. Issue the following commands on your Linode via the shell to download and unpack the install package. Replace the filenames shown below after wget and tar with the current version.
tar -xzf zcs-6.0.7_GA_2473.RHEL5.20100616214455.tgz
Switch to the install directory and launch the installer with the following commands. The "–platform-override" directive is necessary to instruct the installer to proceed on CentOS 5, as it is not an officially supported platform.
You may receive a warning similar to the one shown below. Enter "Y" to proceed.
You appear to be installing packages on a platform different
than the platform for which they were built.
This platform is CentOS5
Packages found: RHEL5
This may or may not work.
Using packages for a platform in which they were not designed for
may result in an installation that is NOT usable. Your support
options may be limited if you choose to continue.
Install anyway? [N] Y
Before the install begins, you may receive a warning similar to the one shown below:
DNS ERROR resolving MX for archimedes.palegray.net
It is suggested that the domain name have an MX record configured in DNS
Change domain name? [Yes] No
It is recommended (but not required) that the fully qualified domain name for your system (hostname.domain.tld) have an MX record pointing to it. You may wish to visit your DNS control panel and add such a record now, or proceed if you won't be receiving mail for your FQDN on this system (for example, if you'll be receiving email for your base domain or others).
The install will continue, probably requiring a few minutes to perform various tasks. You'll be asked which components of the Zimbra package you'd like to install. For the purposes of this tutorial, choose the default values for each ("Y" or "N" depending on which letter is in the brackets).
Once the installation has completed, you'll be presented with an admin menu next.
1) Common Configuration:
2) zimbra-ldap: Enabled
3) zimbra-store: Enabled
+Create Admin User: yes
+Admin user to create: email@example.com
******* +Admin Password UNSET
+Enable automated spam training: yes
+Spam training user: firstname.lastname@example.org
+Non-spam(Ham) training user: email@example.com
+Global Documents Account: firstname.lastname@example.org
+SMTP host: archimedes.palegray.net
+Web server HTTP port: 80
+Web server HTTPS port: 443
+Web server mode: http
+IMAP server port: 143
+IMAP server SSL port: 993
+POP server port: 110
+POP server SSL port: 995
+Use spell check server: yes
+Spell server URL: http://archimedes.palegray.net:7780/aspell.php
+Configure for use with mail proxy: FALSE
+Configure for use with web proxy: FALSE
4) zimbra-mta: Enabled
5) zimbra-snmp: Enabled
6) zimbra-logger: Enabled
7) zimbra-spell: Enabled
8) Default Class of Service Configuration:
r) Start servers after configuration yes
s) Save config to file
x) Expand menu
Address unconfigured (**) items (? - help) 3
Enter "3" to enter the zimbra-store menu, which will look similar to the following:
1) Status: Enabled
2) Create Admin User: yes
3) Admin user to create: email@example.com
** 4) Admin Password UNSET
5) Enable automated spam training: yes
6) Spam training user: firstname.lastname@example.org
7) Non-spam(Ham) training user: email@example.com
8) Global Documents Account: firstname.lastname@example.org
9) SMTP host: archimedes.palegray.net
10) Web server HTTP port: 80
11) Web server HTTPS port: 443
12) Web server mode: http
13) IMAP server port: 143
14) IMAP server SSL port: 993
15) POP server port: 110
16) POP server SSL port: 995
17) Use spell check server: yes
18) Spell server URL: http://archimedes.palegray.net:7780/aspell.php
19) Configure for use with mail proxy: FALSE
20) Configure for use with web proxy: FALSE
Select, or 'r' for previous menu [r] 4
You can configure various options here; but, the most important option is the one for setting the administrator password. Enter "4" to set it, choosing a strong password comprised of letters, numbers, and non-alphanumeric characters. After setting the admin password, enter "r" to return to the main menu. You will be asked to apply the new configuration. Type "a" and press enter. You may then allow the program to proceed with the remaining installation steps.
After installation has completed, you'll need to start zimbra with the following command:
service zimbra start
To have Zimbra start on every boot, enter the following command:
chkconfig zimbra on
you may wish to reboot your Linode to make sure everything comes back up properly. After doing so, visit the Zimbra admin URL in your browser. It will be in the form https://hostname.yourdomain.com:7071/. You'll need to accept the SSL certificate presented to access the admin panel, which you may then use to continue configuring your new Zimbra server. Enjoy!
When running software compiled or installed directly from sources provided by upstream developers, you are responsible for monitoring updates, bug fixes, and security issues. After becoming aware of releases and potential issues, update your software to resolve flaws and prevent possible system compromise. Monitoring releases and maintaining up to date versions of all software is crucial for the security and integrity of a system.
Please monitor the Zimbra Updates page to ensure that you are aware of all updates to the software and can upgrade appropriately or apply patches and recompile as needed.
When upstream sources offer new releases, repeat the instructions for installing Zimbra and recompile your software when needed. These practices are crucial for the ongoing security and functioning of your system.
You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.
This guide is licensed under a Creative Commons Attribution-No Derivative Works 3.0 United States License. Please feel free to redistribute unmodified copies of it as long as attribution is provided, preferably via a link to this page.
Too much of a good thing…
I have had a lot of people asking me about MySQL lately so I thought is was time to share something I learned. Too much caching space in MySQL can be a bad thing.
You would thing the more you can stuff your entire database into memory the better off you would be and the faster your system would work. That is not completely true. I have made mprovements by lowering table_cache variable on every version my MySQL 5. From what I have read this seems to be due to overhead managing file descriptors and caching tables. Like most things there is a point of diminishing returns when dealing with cache tables. At some point your hit rate is overtaken by the management threads.
This seems to work best. The read_rnd should be four times the sort and join buffer and they are four times the read buffer. Something like this;
sort_buffer_size = 16M
read_buffer_size = 4M
read_rnd_buffer_size = 64M
join_buffer_size = 16M
Send me feedback at Mark at Grennan.com
I have no idea what the examiner will give me to install Linux. I only know I will be ask to install it. Because I need to install Linux several times to learn what I need I have chosen to installing Linux over the network. This is also part of what you need to know for the test.
This can be done with NFS, FTP or HTTPD. I decided to do all three. Here are the steps I used.
You will need to get your hands on a set of Redhat Enterprise 5 CDs. (good luck) I have my set because I work with Redhat Linux for years and have several accounts. A good substitute would be CentOS version 5. This is a free clone of Redhat Enterprise 5. You might also try Fedora Core. I'm not sure which version is closest to RHEL 5.
Create an iso image from the installation disk(s) using the following command:
dd if=/dev/dvd of=/location/of/disk/space/RHEL5.iso
where dvd refers to your DVD drive device.
dd if=/dev/cdrom of=/location/of/disk/space/diskX.iso
where cdrom refers to your CD drive device, and X is the number of the disk that you are copying, beginning with 1 for the first disk, and so on.
Setup NFS – edit /etc/exports
Export the share
Restart NFS service
service nfs restart
Check the setup
HTTPD installs the same as NFS except you should copy files to /var/www/html/inst and then restart the httpd server. I created a simlink to this directory.
ln -s /mnt/inst /var/www/html/inst
This also works like the NFS process except you copy the files into /var/ftp/pub/inst and restart the vsftpd service. I created a simlink to this directory.
ln -s /mnt/inst /var/ftp/pub/inst
I have created a new domain to track my studying http://LinuxFanBoy.com
The RHCE is an all day, hands on test requiring the test taker to configure and trouble shoot Linux systems as directed by the examiner.
I have worked with Linux for ten years. I starting with version 0.98 and I have written Linux applications and kernel patches. I use Linux to run my own websites. I worked for large corporations with hundreds of Redhat Linux servers. You might think with all this experiences the exam should be easy. I don't want to risk the $750 cost to take the test.
My study guide is the "Red Hat certified Engineer Linux Study Guide – Forth Edition" by Michael Jang. This guide is based on Redhat 3. The current RHCE test is given with Redhat 5. If anyone knows of a newer study guide, or is writing one, I'd be happy to buy or review it.
I'll be posting what I learn on this website, as I go along. I've learned you retain more if you read it, write it and do it. This website is where I'm writing it all down. If you find something wrong or if you don't understand something, email me at email@example.com.
I'm not going to cover every detail in the book. There are a lot of Linux commands I know by heart and so I don't need to study them. If you don't know vi, ls, ssh or tar already this website study along is not for you. I've read only 50% of the people taking the test pass. If you don't know these commands already you might want to take one of the expensive courses.
I'm also not going to follow the book page by page. There are a few things that will make studying easier. Installing Linux over a network is faster then using CDs. So on day one, I'm going to setup network installation.
The computer I'm installing RHEL5 on is an old ? with a ? hard disk, keyboard, mouse, network connection and monitor. I also have a second RedHat (Fedora Core 6) system to load the Linux installations CD's on. You will also need to get your hands on a set of Redhat Enterprise Linux 5 CDs. I got my copy from a friend at work.
Feel free to follow along and learn Redhat Linux yourself. Maybe I will see you at my testing center.
Today I'm studing network security / firewalls / SSL monitoring. I'm treating these three items as one subject. Network security is the general topic and a network firewall is the most common methiod of controling network traffic. Today, SSL monitoring is the real goal.
As a part of a network security event that happend at work, I was hit by the two edegged sord that is SSL network encryption. On one side it keeps your network traffic safe from spying eyes. On the other side, it keeps the traffic safe from your eyes and anything a hacker is doing to your web site.
I've been looking for a product to monitor (IE spy on) SSL traffic. There are lots of ways to do this. You could:
1) use a Man in the Middle (MITM) proxy
2) use a network sniffer with a SSL decryption tool
3) use a plugin in Apache to write out all the html traffic
With a MITM proxy, the user connects to the proxy and then the proxy decrypts the ssl data, write it to a log, and passes the request on to the web server. The reply is, writen to a log, encrypted by the proxy and passed back to the user. A working example is webmitm witch is a part of dsniff projeject. (http://www.monkey.org/~dugsong/dsniff/) The problem with this sort of proxy is it doesn't scale well. If the web site is doing hundres of ssl connections the prxoy handel all the traffic for all the web servers. A good white paper about this is avaible from SANS. (http://www.sans.org/rr/whitepapers/threats/480.php)
Wireshark (this was etheral) is a network sniffer. (http://www.wireshark.org) I have tried the plugin called Ethereal ssl decryiption (http://ssl-decrypt.sourceforge.net). I have yet to get this to work. I think the problem is between the chair and the keyborad, not in the program. For me, more documentation and examples are needed. (Maybe this will be a story for another day.)
TCPDUMP is the best program I have found. (http://www.rtfm.com/ssldump) This program is simple to use and can decrypt live traffic from an ethernet port or you can feed it a tcpdump (URL) file. The trouble I'm having with this program, and I may find this is true of all SSL decryption programs, is it only decrypts part of the traffic. I can see the heards and some of the HTML data comming through the network but not all.
Another program I've looked at is SSL Sniff (http://www.thoughtcrime.org/ie.html).
The Apache module mod_trace_log (see: http://webauthv3.stanford.edu/manual/mod) will write to a log all the users data as well as the access information.
With all this I have yet to find a good solution to this problem. I still can not view my SSL traffic going to my customers.
Do any of you know how to decrypt a SSL stream given the keys?
I found a new website called Eye Jot
<object type="application/x-shockwave-flash" data="http://www.eyejot.com/flash/eyejot.swf" classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0" width="275" height="315" align="middle"><param name="FlashVars" value="user_guid=10FBDA3129628700001971B63C&user_name=mgrennan"><param name="movie" value="http://www.eyejot.com/flash/eyejot.swf"><param name="quality" value="high"><param name="wmode" value="transparent"><embed src="http://www.eyejot.com/flash/eyejot.swf" quality="high" wmode="transparent" FlashVars="user_guid=10FBDA3129628700001971B63C&user_name=mgrennan" width="275" height="315" align="middle" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer"></embed></object>
They didn't die. They haven't moved away. They have all taken down their web pages.
A lot of my friends had personal web sites. It was nice to be see what they where up to and leave them comments. One by one, they have taken them down. Some told me they just didn't have the time to keep up with them. I think most just thought it was just silly to write about yourselves. Maybe they are right. But I miss them. I like reading on www.allaboutbentley.com, how Scott was working starting a diet or was experimenting with Diet Coke and Mentos. I like it when www.randlize.com show videos of Randy's last vacation. I thought YouTube or MySpace had won. Maybe my friends had postings there but I couldn't find them.
Hey guys, where did you go? Do you post anything any more? Did the cat get your keyboard?