Archive for the ‘Techie Talks’ Category

Naked DSL - Broadband without Phone Service

Tuesday, May 6th, 2008

I was always wondering that why local phone companies were not offering DSL without phone service. Technically they are two different service sharing same wire and it was always possible to un-bundle them. But phone companies were not doing it until recently when they started losing this business because of VOIP.

VOIP users may not like to continue paying for conventional phone service and usually switch to Cable. Years back when I moved to VOIP, I also did the same. But now we also have option of getting Naked DSL with VOIP.

So, consider checking Naked DSL options with your local phone company if you are not satisfied with your cable modem services.

Posted in Techie Talks | No Comments »

Stupid Coupon-Eligible Converter Box

Monday, April 14th, 2008

CECB or Coupon-Eligible Converter Box is a specification for converter boxes eligible to receive subsidy coupons through the U.S. federally-sponsored DTV Converter Box Coupon Program. (Ref - http://en.wikipedia.org/wiki/CECB)

I still own my old Panasonic TAU (27 inch flat screen tube SDTV) and occasionally turn it on. So buying a converter box for less than $10 was pretty exciting. So I started browsing https://www.dtv2009.gov/ and other related sites to gather more information :-)

Though the $40 coupon looked exciting at first look, I was able to find many serious flaws in this federal sponsored program.

  1. $40 is not a big deal for most of US resident. We pay more than $40 to car mechanic who spend an hour fixing something. US is a rich country and guess people can easily manage to buy converter box without any federal aid. Why don’t we use the fund in better causes?
  2. NTIA criteria for a qualified converter box is pretty stupid. Any device which doing anything more than simply converting a digital over-the-air television signal (ATSC) is dis-qualified. Any device with modern output ports (like DVI, HDMI, VGA etc) is dis-qualified. How dumb!
    Fed is investing millions of dollars in to something which is bound to turn into piece of junk in a year or two. Most of tube TV are pretty old by now and I don’t think that anyone will invest a single penny in repairing them after they turn bad or dead.

  3. This coupon program creates a big completion to dis-qualified but technically up-to-date converter boxes and DVRs. It is sad that now a future-proof box (with QAM, HDMI, DVI) priced at $70 competes with CECB $10 (would be $50 otherwise).

I think this program goes very opposite to Hybrid tax credit and effectively pushing people to stay on old technology. It is not expensive to include those modern features into converter box but Fed killed it.

If I can buy a QAM capable device (with this coupon), I may not need a second set-top-box from Comcast (at the expense of scrambled channels) and still use this device for many years. If I can buy a DVR (with this coupon), I can do a lot and stay up-to-date on technology. I feel that it would be definitely a better use of this coupon money.
(more…)

Posted in Techie Talks | 14 Comments »

Isolated MySQL Installation inside OpenVZ Cluster

Thursday, April 10th, 2008

Unless you keep your computer disconnected from a network and under a secure lock; there will always be potentials for security compromise.

This article explains an isolated and much secure MySQL setup layout. The container VPS for “database node” was a centos-5-minimal (centos-5-i386-minimal.tar.gz) and not assigned any IP address for added security. Here is the complete solution.

To install mysql inside “database node”

[root@centos ~]# vzyum 103 install mysql-server -y

The article mentioned at OpenVZ Wiki was helpful in whole planning but I did not like the idea of cron-script.

  • Expensive polling! it is a wastage of resources.
  • There will be a downtime until next cron-run.

So, I kept on experimenting for better solution. I tried mounting /vz/private/103/var/lib/mysql/ into “web node” but it was not working flawlessly. My following attempt with common shared directory worked like charm.

I created a common shared location /vz/shared and had it mounted as /shared in each VPS using mount script (you must chmod them to 755).

Content of /etc/vz/conf/101.mount (web node)
Content of /etc/vz/conf/102.mount (web node)
Content of /etc/vz/conf/103.mount (database node)

#!/bin/bash
# Mount script to bind-mount /var/something into a VPS
# Suggested by Sudhaker Raj (http://sudhaker.com)

[ -f /etc/vz/vz.conf ] || exit 1
[ -f $VE_CONFFILE ] || exit 1

. /etc/vz/vz.conf
. $VE_CONFFILE

echo -n “Mounting shared directory inside $VEID…”
if [[ -d /vz/shared ]]
then
mkdir -p $VE_ROOT/shared
mount -n –bind /vz/shared $VE_ROOT/shared
echo ” done”
else
echo ” failed”
fi

Next step was to change the mysql socket location from /var/lib/mysql/mysql.sock to /shared/mysql/mysql.sock

Content of /vz/private/101/etc/my.cnf
Content of /vz/private/102/etc/my.cnf
Content of /vz/private/103/etc/my.cnf

[mysqld]
datadir=/var/lib/mysql
#socket=/var/lib/mysql/mysql.sock
socket=/shared/mysql/mysql.sock

[mysql.server]
user=mysql
basedir=/var/lib

[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid

[client]
socket=/shared/mysql/mysql.sock

And do not forget to make relevant changes into php.ini and other applications using MySQL.

Bingo! Now both “web node” can communicate with the mysql server running inside isolated container as if it was local.

We also need correct permissions so that other processes can access the socket.

[root@vz103 ~]# chmod o+rx /shared/mysql
[root@vz103 ~]# ls -l /shared/
total 8
drwxr-xr-x 2 mysql mysql 4096 Apr 5 15:44 mysql
drwxr-xr-x 2 root root 4096 Apr 3 15:03 tmp

Cheers,
Sudhaker

Posted in OpenVZ, Secure Computing | 2 Comments »

Lighttpd MySQL PoweDNS setup using OpenVZ Cluster

Thursday, April 10th, 2008

Unless you keep your computer disconnected from a network and under a secure lock; there will always be potentials for security compromise.

Statement above is not to scare you from connecting your machine to network, but to give you an idea that there is nothing like a “perfectly secured and networked computer”. The best we can do is to harden the security and monitor it actively. Especially when it is a server system running 24×7 and serving your critical data to whole population.

Most part of this article is taken from my setup experience for my first dedicated server, which I tuned for my hosting needs. Thanks to my ISP, they hooked a KVM-IP switch to my box and allowed me to install my own true minimal CentOS with OpenVZ.

After many careful considerations and experiments, I decided to factor my hosting infrastructure into 3 VPS (virtual private server). Two counts of “web node” and one count of “database node” were configured to provide some level of fail-over and high availability.

Both “web node” are totally identical except their IP address. They both has a public IP assigned and run PowerDNS and “Lighttpd + PHP”. PowerDNS is configured for Round robin DNS and will redirect the request to any available “web node”. The “database node” has no IP assigned and provides communication over unix domain socket (or named socket). MySQL can not be reached over TCP hence adding one more layer of security from possible network attack.

Please check followings sub-articles for individual setup details.

  • Lighttpd - Lighty setup
  • PDNS - PowerDNS with MySQL backend
  • MySQL - No network configuration

Cheers,
Sudhaker

Posted in OpenVZ, Secure Computing | No Comments »

Install Firefox without adminstrator rights

Monday, March 24th, 2008

Source: WikiPedia

Mozilla Firefox (abbreviated officially as Fx, but also unofficially as FF) is a web browser descended from the Mozilla Application Suite, managed by the Mozilla Corporation. Firefox had about 15% of the recorded usage share of Web browsers as of January 2008 making Firefox the second-most popular browser in current use worldwide after Internet Explorer.Firefox uses the open-source Gecko layout engine, which implements some current Web standards plus a few features which are intended to anticipate likely additions to the standards.

Firefox includes tabbed browsing, a spell checker, incremental find, live bookmarking, a download manager, and a search system that uses Google. Functions can be added through around 2,000 add-ons created by third party developers;[2] the most popular include NoScript (script blocker), FoxyTunes (controls music players), Adblock Plus (ad blocker), StumbleUpon (website discovery), DownThemAll! (download functions) and Web Developer (web tools).

Firefox runs on various versions of Microsoft Windows, Mac OS X, Linux, and many other Unix-like operating systems. Its current stable release is version 2.0.0.12, released on February 7, 2008. Firefox’s source code is free software, released under a tri-license GPL/LGPL/MPL.

No wonder why you want to use Firefox for your day to day browsing experience. But your network administrator has not given you required rights and you are unable to install this wonderful browser on your laptop/desktop. Pretty bad, huh!

Well, there is an easy answer to it without breaking any rules.

Browse to PortableApps and download Mozilla Firefox, Portable Edition. Install it on to USB drive (or any local writable folder) and ENJOY!

This technique can be useful even if you have administrator rights. With Firefox your private information (like cookie, history, bookmarks, cache etc) are stored on the disk and exposes some risk. My suggestion will be to create a virtual encrypted disk using TrueCrypt and install Firefox PE into that. Now you can relax because your private informations are secured using some strong encryption algorithms.

Cheers,

Posted in Techie Talks, Web Development | No Comments »

Do not leak your million dollar idea unknowingly

Thursday, March 13th, 2008

Tom is discussing his next venture with his friend Sameer. They have done all the number crunching and are very excited about the opportunity. Everything is finalized and details are worked out. Right, they must be talking about an internet based idea (similar to youtube, orkut, facebook etc).

Next big thing is finding and reserving a perfect domain name for the operation. They started their favorite browser Firefox and jumped on to one of very popular registrar’s website. They started searching their name. They did like some of them but not very catchy. All of sudden someone popped the “perfect name” and got excited to find that it is still available. BINGO! They are happy but still not sure so did not reserve the domain name. They wanted to discuss more and decided to wait for few more days.

After 3 days when they were finally ready to register the domain :-) Guess what? It’s gone! They now see a web-spam there which is trying to sell everything from Viagra to “cheap flight tickets”.

This domain was not taken by anyone for years. What happened all of sudden? YOU LEAKED YOUR IDEA.

It is no longer a trade secret that domain-registrars sell their domain search history to “domain junkies” for a decent subscription fee. These junkies grab any good and catchy names immediately and try to re-sell it for bigger bucks. Many simply add them to their pool of domains engaged in pay-per-click based advertisement.

Moral of story is “never wait after finding your perfect domain, reserve it immediately”. If you still want to go with search and wait policy, do not use any registrar site to perform search queries. This can be also done using “whois” command that comes with most of Linux distributions.

A second piece of advice is “make sure you also reserve any similar domains names”. As an example, if you are planning to launch next cool hot deal site http://x1deals.com ; you should also reserve http://x1deal.com ; There can be a big loss due to typo-traffic (traffic generated by typing mistakes) and junkies are hunting for such opportunities.

Hope this helps in saving your next “million dollar idea” :-)

Cheers,
Sudhaker

Posted in Linux World, Techie Talks, Web Development | No Comments »

Google Sites makes Google Apps platform more complete

Monday, March 10th, 2008

I am using “Google Apps” for a long time to host email for my domains. It is not very complex to setup and works great (powered by gmail - wow)! I don’t have to worry about my mails being delivered to spam-folder or being rejected because my shared host IP was misused by other folks. “Google Apps” has a friendly limit of 500 emails per day, which is pretty decent for a normal usage.

The initial web builder was pretty basic and barely enough for “Hello world” or “Under construction”.

Things has become even better with “Google Sites” release, I’m playing with this new google-toy and will update this article very soon with my findings.

Cheers,

Posted in Techie Talks, Web Development | No Comments »

MyAdmin Advanced

Friday, February 29th, 2008

My last article on working as non-admin works great in home environment. But it won’t allow access to any network resources (file share, printer, etc) in corporate environment. This happens because local administrator user are not part of Windows domain and so treated as anonymous user.

Following new version of “MyAdmin” AHK (AutoHotkey) script overcomes the problem mentioned above.

; Some default values
LocalAdminGroup = Administrators
; Settings for local administrator
LocalAdminUser = admin
LocalAdminPass = secret
; Settings for normal user
WindowsDomain = domain
NormalUser = user
NormalPass = password
RunTarget = C:\Program Files\ExplorerXP\ExplorerXP.exe
IfExist, %RunTarget%
{
; Add normal user to local admin group
RunAs, %LocalAdminUser%, %LocalAdminPass%
RunWait, NET LOCALGROUP %LocalAdminGroup% %WindowsDomain%\%NormalUser% /ADD, , Hide
RunAs ; Reset to normal behavior.
; Execute target with elevated administrator permissions
RunAs, %NormalUser%, %NormalPass%, %WindowsDomain%
Run, %RunTarget%
; Wait for 200 ms
Sleep, 200
; remove itself from local admin group
RunWait, NET LOCALGROUP %LocalAdminGroup% %WindowsDomain%\%NormalUser% /DELETE, , Hide
RunAs ; Reset to normal behavior.
}
IfNotExist, %RunTarget%
{
MsgBox, Target (i.e. %RunTarget%) does not exist.
}

Please be informed to follow Aaron’s advise on Default Owner fix.

Cheers,

Posted in Auto Hotkey, Secure Computing | No Comments »

MyAdmin Script

Wednesday, February 27th, 2008

Are you are using non-admin account to work and browse on your machine?

If yes, following AHK (AutoHotkey) script can be very handy

; Settings for local administrator
AdminUser = admin
AdminPass = secret
RunTarget = C:\Program Files\ExplorerXP\ExplorerXP.exe
IfExist, %RunTarget%
{
RunAs, %AdminUser%, %AdminPass%
Run, %RunTarget%
RunAs ; Reset to normal behavior.
}
IfNotExist, %RunTarget%
{
MsgBox, Target (i.e. %RunTarget%) does not exist.
}

ExplorerXP is a very fast, small and compact FREEWARE which works great with RunAs. ExplorerXP can be used to perform any privileged tasks (add/remove programs, registry edit, etc) as admin user.

Windows Explorer does not start multiple instance without registry hack and complexity.

Cheers,

Posted in Auto Hotkey, Secure Computing | No Comments »

Gmail IMAP with SquirrelMail

Tuesday, February 26th, 2008

Friends,

I am listing steps required for setting up SquirrelMail to work with Gmail IMAP. This is especially useful when you like SquirrelMail or don’t have access to regular http://mail.google.com :-) You can even use it to brand your custom domain hosted at Google Apps and seamlessly integrate it your portal (if you can afford, consider buying Google’s Premium Edition which comes with API access at $50/user/year).

Steps:

Create a place holder for SquirrelMail and unpack the latest distribution

mkdir -p /home/squirrel/data/attachments
cd /home/squirrel/
chown -R apache.apache data
tar zxvf ~/downloads/squirrelmail-1.4.13.tar.gz

Configure the installation (do nothing simply save and quit).

cd squirrelmail-1.4.13
./configure

Append following lines into /home/squirrel/squirrelmail-1.4.13/config/config_local.php

$domain = ‘gmail.com’;
// IMAP settings
$imapServerAddress = ‘imap.gmail.com’;
$imapPort = 993;
$use_imap_tls = true;
$imap_auth_mech = ‘login’;
// SMTP settings
$smtpServerAddress = ’smtp.gmail.com’;
$smtpPort = 465;
$use_smtp_tls = true;
$smtp_auth_mech = ‘login’;
// Special folder setting
$trash_folder = ‘[Gmail]/Trash’;
$sent_folder = ‘[Gmail]/Sent Mail’;
$draft_folder = ‘[Gmail]/Drafts’;
// Attachment
$data_dir = ‘/home/squirrel/data/’;
$attachment_dir = ‘/home/squirrel/data/attachments/’;
// Optional -
$provider_name = ‘Gmail alternative by Sudhaker’;
$provider_uri = ‘http://sudhaker.com/’;

Create an alias in apache /etc/httpd/conf.d/squirrel.conf

Alias /sq “/home/squirrel/squirrelmail-1.4.13″
<Directory “/home/squirrel/squirrelmail-1.4.13″>
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>

Verify the setup by browsing to ${site_url}/sq/

User Id: example@gmail.com (or user@example.com)
Password: email_password

Please make appropriate changes for cPanel based hosting (shared hosting).

Please follow following step if SELinux is enabled.

[root@centos ~]# setsebool httpd_can_network_connect true

Please drop a comment if you find it useful.

Cheers,
Sudhaker

Posted in Linux World, Techie Talks, Web Development | 9 Comments »

Emporis Buildings

Monday, February 25th, 2008

Emporis.com is one of the world’s largest available platforms concerning building-related information. Here you find buildings, companies and photos in more than 50,000 cities worldwide.

You can find everything about any commercial building. This lookup site is extremely useful in finding some company

My workplaces: 575 Washington Blvd, Newport, PaineWebber Building, Western Electric Building, One World Financial Center, 50 Main Street, White Plains, 379 Thornall Street, Edison, Nine West Office Center

I sometime browse them during my nostalgic hours.

Cheers,

Posted in Techie Talks | 4 Comments »