Homepage of Sudhaker Raj

CECB or Coupon-Eligible Converter Box is a specification for converter boxes eligible to receive subsidy coupons through the U.S. federally-sponsored DTV Converter Box Coupon Program. (Ref - http://en.wikipedia.org/wiki/CECB)

I still own my old Panasonic TAU (27 inch flat screen tube SDTV) and occasionally turn it on. So buying a converter box for less than $10 was pretty exciting. So I started browsing https://www.dtv2009.gov/ and other related sites to gather more information

Though the $40 coupon looked exciting at first look, I was able to find many serious flaws in this federal sponsored program.

1. $40 is not a big deal for most of US resident. We pay more than $40 to car mechanic who spend an hour fixing something. US is a rich country and guess people can easily manage to buy converter box without any federal aid. Why don’t we use the fund in better causes?
2. NTIA criteria for a qualified converter box is pretty stupid. Any device which doing anything more than simply converting a digital over-the-air television signal (ATSC) is dis-qualified. Any device with modern output ports (like DVI, HDMI, VGA etc) is dis-qualified. How dumb!
   

   Fed is investing millions of dollars in to something which is bound to turn into piece of junk in a year or two. Most of tube TV are pretty old by now and I don’t think that anyone will invest a single penny in repairing them after they turn bad or dead.

3. This coupon program creates a big completion to dis-qualified but technically up-to-date converter boxes and DVRs. It is sad that now a future-proof box (with QAM, HDMI, DVI) priced at $70 competes with CECB $10 (would be $50 otherwise).

I think this program goes very opposite to Hybrid tax credit and effectively pushing people to stay on old technology. It is not expensive to include those modern features into converter box but Fed killed it.

If I can buy a QAM capable device (with this coupon), I may not need a second set-top-box from Comcast (at the expense of scrambled channels) and still use this device for many years. If I can buy a DVR (with this coupon), I can do a lot and stay up-to-date on technology. I feel that it would be definitely a better use of this coupon money.
(more…)

I found few url-rewrite based solution for enabling Permalinks in Wordpress+Lighttpd but none of them worked flawlessly. Guys, all we need here is a simple equivalent of this code (without any side effect, like 404 header etc).

RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

So I continued searching for the perfect solution, and here is what I found. It works like charm on Wordpress 2.5 Another victory for KISS! (keep it sweet and simple)

Content of /etc/lighttpd/lighttpd.conf

$HTTP["host"] =~ “dev\.sudhaker\.com$” {
server.document-root = “/shared/sites/htdocs_wordpress”
magnet.attract-physical-path-to = ( server.document-root + “/rewrite.lua” )
}

Please make sure mod_magnet is enabled

And content of $WP_ROOT/rewrite.lua

attr = lighty.stat(lighty.env["physical.path"])

if (not attr) then
lighty.env["uri.path"] = “/index.php”
lighty.env["physical.rel-path"] = lighty.env["uri.path"]
lighty.env["physical.path"] = lighty.env["physical.doc-root"] .. lighty.env["physical.rel-path"]
end

A similar workaround for Drupal is suggested here

Note: It only works on lighttpd 1.4.2+

Cheers,
Sudhaker

I found few url-rewrite based solution for enabling CleanURL in Drupal + Lighttpd but none of them worked flawlessly. Guys, all we need here is a simple equivalent of this code (without any side effect, like 404 header etc).

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]

So I continued searching for the perfect solution, and here is what I found. It works like charm on Drupal5 and Drupal6 Another victory for KISS! (keep it sweet and simple)

Content of /etc/lighttpd/lighttpd.conf

$HTTP["host"] =~ "dev\.sudhaker\.com$" {
  server.document-root = "/shared/sites/htdocs_drupal5"
  magnet.attract-physical-path-to = ( server.document-root + "/rewrite.lua" )
}

Please make sure mod_magnet is enabled

And content of $DRUPAL_ROOT/rewrite.lua

attr = lighty.stat(lighty.env["physical.path"])

if (not attr) then
  lighty.env["uri.query"] = "q=" .. lighty.env["uri.path"]
  lighty.env["uri.path"] = "/index.php"
  lighty.env["physical.rel-path"] = lighty.env["uri.path"]
  lighty.env["physical.path"] = lighty.env["physical.doc-root"] .. lighty.env["physical.rel-path"]
end

A similar workaround for Wordpress is suggested here

Note: It only works on lighttpd 1.4.2+

Cheers,
Sudhaker

Unless you keep your computer disconnected from a network and under a secure lock; there will always be potentials for security compromise.

This article explains an isolated and much secure MySQL setup layout. The container VPS for “database node” was a centos-5-minimal (centos-5-i386-minimal.tar.gz) and not assigned any IP address for added security. Here is the complete solution.

To install mysql inside “database node”

[root@centos ~]# vzyum 103 install mysql-server -y

The article mentioned at OpenVZ Wiki was helpful in whole planning but I did not like the idea of cron-script.

• Expensive polling! it is a wastage of resources.
• There will be a downtime until next cron-run.

So, I kept on experimenting for better solution. I tried mounting /vz/private/103/var/lib/mysql/ into “web node” but it was not working flawlessly. My following attempt with common shared directory worked like charm.

I created a common shared location /vz/shared and had it mounted as /shared in each VPS using mount script (you must chmod them to 755).

Content of /etc/vz/conf/101.mount (web node)
Content of /etc/vz/conf/102.mount (web node)
Content of /etc/vz/conf/103.mount (database node)

#!/bin/bash
# Mount script to bind-mount /var/something into a VPS
# Suggested by Sudhaker Raj (http://sudhaker.com)

[ -f /etc/vz/vz.conf ] || exit 1
[ -f $VE_CONFFILE ] || exit 1

. /etc/vz/vz.conf
. $VE_CONFFILE

echo -n “Mounting shared directory inside $VEID…”
if [[ -d /vz/shared ]]
then
mkdir -p $VE_ROOT/shared
mount -n –bind /vz/shared $VE_ROOT/shared
echo ” done”
else
echo ” failed”
fi

Next step was to change the mysql socket location from /var/lib/mysql/mysql.sock to /shared/mysql/mysql.sock

Content of /vz/private/101/etc/my.cnf
Content of /vz/private/102/etc/my.cnf
Content of /vz/private/103/etc/my.cnf

[mysqld]
datadir=/var/lib/mysql
#socket=/var/lib/mysql/mysql.sock
socket=/shared/mysql/mysql.sock

[mysql.server]
user=mysql
basedir=/var/lib

[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid

[client]
socket=/shared/mysql/mysql.sock

And do not forget to make relevant changes into php.ini and other applications using MySQL.

Bingo! Now both “web node” can communicate with the mysql server running inside isolated container as if it was local.

We also need correct permissions so that other processes can access the socket.

[root@vz103 ~]# chmod o+rx /shared/mysql
[root@vz103 ~]# ls -l /shared/
total 8
drwxr-xr-x 2 mysql mysql 4096 Apr 5 15:44 mysql
drwxr-xr-x 2 root root 4096 Apr 3 15:03 tmp

Cheers,
Sudhaker

Unless you keep your computer disconnected from a network and under a secure lock; there will always be potentials for security compromise.

Statement above is not to scare you from connecting your machine to network, but to give you an idea that there is nothing like a “perfectly secured and networked computer”. The best we can do is to harden the security and monitor it actively. Especially when it is a server system running 24×7 and serving your critical data to whole population.

Most part of this article is taken from my setup experience for my first dedicated server, which I tuned for my hosting needs. Thanks to my ISP, they hooked a KVM-IP switch to my box and allowed me to install my own true minimal CentOS with OpenVZ.

After many careful considerations and experiments, I decided to factor my hosting infrastructure into 3 VPS (virtual private server). Two counts of “web node” and one count of “database node” were configured to provide some level of fail-over and high availability.

Both “web node” are totally identical except their IP address. They both has a public IP assigned and run PowerDNS and “Lighttpd + PHP”. PowerDNS is configured for Round robin DNS and will redirect the request to any available “web node”. The “database node” has no IP assigned and provides communication over unix domain socket (or named socket). MySQL can not be reached over TCP hence adding one more layer of security from possible network attack.

Please check followings sub-articles for individual setup details.

• Lighttpd - Lighty setup
• PDNS - PowerDNS with MySQL backend
• MySQL - No network configuration

Cheers,
Sudhaker

If you are working on multiple projects using RAD 6.X, you must have noticed the slowness after some time. This happens because test server is shared across workspaces and applications are deployed into same server-instance; hence making things sluggish.

If you do not switch project / workspace on daily basis; consider a profile cleanup before every switch. We have observed significant performance boost after such cleanup.

Assumptions (make appropriate changes if your environment is different).

RAD_HOME=”C:\Program Files\IBM\Rational\SDP\6.0″
COMPUTER_NAME=your hostname (without domain)
DNS_DOMAIN=domain name

1. Open command prompt.
2. Change current directory to to %RAD_HOME%\runtimes\base_v6\bin
3. Run following command

wasprofile.bat -deleleAll

4. Remove %RAD_HOME%\runtimes\base_v6\profiles\default (if any).
5. Run following command

wasprofile.bat -create -profileName default -isDefault \
-profilePath “%RAD_HOME%\runtimes\base_v6\profiles\default” \
-templatePath “%RAD_HOME%\runtimes\base_v6\profileTemplates\default” \
-hostName %COMPUTER_NAME%.%DNS_DOMAIN% \
-nodeName %COMPUTER_NAME%Node01 \
-cellName %COMPUTER_NAME%Node01Cell

Example

wasprofile.bat -create -profileName default -isDefault \
-profilePath “C:\Program Files\IBM\Rational\SDP\6.0\runtimes\base_v6\profiles\default” \
-templatePath “C:\Program Files\IBM\Rational\SDP\6.0\runtimes\base_v6\profileTemplates\default” \
-hostName ATHLON.sudhaker.com \
-nodeName ATHLONNode01 \
-cellName ATHLONNode01Cell

6. Great! Now it is time to enjoy the faster WSAD.

Please drop me a comment if you find it useful

Cheers,
Sudhaker

This tutorial is about preparing a very secure hosting/computing environment using proven products (i.e. CentOS 5.1 & OpenVZ). This tutorial is prepared based on my own experiences gained during the setup process of my first dedicated server (Celeron-2.8 ghz, 512MB, 80GB).

Step 1: Prepare a very minimal CentOS system.

The only way we can prepare a true ‘minimal centos’ is using graphics-mode manual-install. I have made many attempt to achieve the same using text-mode or kick-start but all resulted into 340+ packages and tons of useless services.

Please seek more guidance from these manuals if your are new to CentOS (or RedHat linux).

So back to topic, my recommendation for partition scheme is:

root (/) use 4GB
swap use 2 * RAM (up to maximum of 2GB)
VZ (/vz) use all remainings

And make sure you pick ‘Customize now’ during package group selection and de-select everything (Yes, I repeat it! Deselect everything including base.)

This should give you a True Minimal CentOS installation with only 148 packages installed (and very few system services).

Step 2: Update the system for OpenVZ support

Nothing much to mention here. Please consult this excellent documentation at openvz.org for details.

Step 3: Install VZ containers (preferably one for each set of applications to keep them secure).

• Lighttpd - Lighty setup
• PDNS - PowerDNS with MySQL backend
• MySQL - No network configuration