2009-12-31

FreeBSD - Fundraising for FreeBSD Foundation

This will be the last post from me of this year and i think i owe my favorite OS too much and hopefully this will slightly, tiny, little, bitty post make my conscience feels better.

Please donate to FreeBSD Foundation.



About the FreeBSD Foundation


What is the FreeBSD Foundation?

The FreeBSD Foundation is a 501(c)(3) non-profit organization dedicated to supporting the FreeBSD Project. The Foundation gratefully accepts donations from individuals and businesses, using them to fund projects which further the development of the FreeBSD operating system. In addition, the Foundation can represent the FreeBSD Project in executing contracts, license agreements, and other legal arrangements which require a recognized legal entity. The FreeBSD Foundation is entirely supported by donations.

What can I expect from the FreeBSD Foundation?

The FreeBSD Foundation will support both the development and the popularization of FreeBSD, the world's best open source operating system. Here are some of the projects that the Foundation can and will support in the future:
  • Development of software for FreeBSD to benefit the user and developer community, including contract development of critical system infrastructure, porting of closed source applications such as Java(TM).
  • Obtaining computers and other equipment for developers to use toward improving FreeBSD, such as the network performance cluster, FreeBSD.org cluster, and personal development systems for developers.
  • Providing additional Internet infrastructure to aid in the development and distribution of FreeBSD.
  • Support developer communication and coordination, including financial support for developer summits and developer travel.
  • Encouraging the formation of FreeBSD user groups.
  • Cultivating press coverage and advertising the utility and availability of FreeBSD.


As you read, FreeBSD Foundation helps the FreeBSD community and that means it helps make FreeBSD a better OS. Unlike other OS that have funds to create hypes and noise, FreeBSD has always been "quiet and working" OS.

Major servers runs on FreeBSD. Major hardware runs on FreeBSD. FreeBSD deserve a better support in terms of funding.

In this seasons of giving, give some to FreeBSD. Donate to FreeBSD Foundation.

Peace.

FreeBSD - Known Vulnerabilities audit check on FreeBSD Ports

The FreeBSD Ports repository have a rich base of software. As of today, it has 21000 ++ ports. As we all know, all software have bugs. Some bugs leads to vulnerabilities. Vulnerabilities opens door to unwanted access, at least not to those have ill intentions.

Every now and then, FreeBSD sysadm tends to install or upgrade new ports. As such, we should be more aware of what bugs or vulnerabilities that comes with it. Even we may not be able to fix it, but at least we should be aware of it so that we can find alternatives to secure it.

For ports, there is a utility to check on what vulnerabilities have been reported on it. Here is how to install and update it frequently :

2009-12-14

OpenID - How to find out OpenID URL

Any of us easily owned a dozen accounts on different services on the internet. Be it Google, Yahoo, WordPress.com and others, these are just a few well known service providers. How about others? e.g. Slashdot (http://slashdot.org/), Stack Overflow(http://stackoverflow.com/), Server Fault(http://serverfault.com/) and the list goes on.

Luckily these sites are equip with OpenID. OpenID make our life easy by having 1 single sign on account (registered with the service providers) authenticate against multiple web sites.

e.g. an account with Google (or gmail) can be sign on into Slashdot, Stack Overflow, Server Fault and others.

Often, these website equip with OpenID sign on service have this "OpenID URL", but how do we get this "OpenID URL"? Or, what is this "OpenID URL"?

Here it is, the "OpenID URL" :

2009-10-15

Perl - Connect using SSH with Perl & CPAN module

It has been weeks since the last time blogging about Perl. My day to day job has been tying most of my free time and blah blah blah excuses ... :p

My job deals with FreeBSD server, 90% of my time. Daily routines includes checking server health status. FreeBSD has these periodic scripts that will report server health status to sysadm daily, but the emails are always being "ignore" as the info in it are too vast. So, i decided to cough out a simple Perl script that will use SSH to connect to the servers and pull some health status report. This post will talk about using cpan module's, NET::SSH::Perl, to execute commands then print out the results.

Purpose of this script :
  • connect to server using ssh
  • authenticate only using public key
  • run a command and print out the result

Perl modules used :
  1. Perl::Critic = perl's best practice
  2. Net::SSH::Perl = the basic of using ssh in perl
  3. Net::SSH::Perl::Key::RSA = authenticate using public key
  4. Class::ErrorHandler = needed by Net::SSH::Perl::Key::RSA module

To reduce the hiccups, install the modules listed above by using CPAN client.

Here is the script :

2009-10-08

Ubuntu - How to change default menu for Net Book Remix

Net Book Remix is another spin off of Ubuntu. It's strength is to make Ubuntu to run on Netbook, miniature laptop which target for internet applications users. Typically, the screen size are small (from 9" - 12"), thus it is light (0.8kg - 1.5kg) and runs on Atom processor. The kernel and programs on NBR (Net Book Remix) are tune to run leaner, to accommodate the limited processor speed. The limited processor is in fact a good thing, less heat generated and generally, NBR are quite "cool".

The most notable difference about NBR and the usual Ubuntu linux distribution is, it's menu. The "Ubuntu NetBook Desktop" is the menu that covers the whole desktop with menu items. But people like me, still prefer the "Classic Desktop", with the menu panel on top and windows panel at bottom. Most desirably is the desktop are visible with the frequent access files and programs in it.

So, how do we change the "Ubuntu NetBook Desktop" to the usual "Classic Desktop"? Here is how to do it :

2009-10-01

FreeBSD - For the love of all

For the love of the world, please do this.

Step 1 :
cd /usr/src
Step 2 :
make love

Enjoy the output :)

World Peace !!!

2009-09-30

FreeBSD - Download ports simultaneously with multiple connections

By default, ports uses 1 connection to download and thus unbearably slow when a server rate limit the connection. Alternatively, we can tell ports to use external utility in order to open multiple connections and download simultaneously.

2009-09-25

vim - Commenting multiple lines, block comment

Perl does not have block comment feature. The Acme::Comment module was the easiest way to make Perl do block commenting, with additional features, it allows customization of open & close punctuation mark.

Until yesterday, my first Perl code got some problem and had to seek help from the IRC channel perl-help @ irc.perl.org (these guys are really helpful, thanks dudes!). Just when they were helping me to solve the problem, Caelum tip me on how to block comment in Perl using vim. I thought it was a good idea as it doesn't need to load additional module to handle the block comment thing, which save some CPU processing.

Here it is :

2009-09-17

Network IP address calculator - for subnet and range of host

One of the task installing a new FreeBSD box was dealing with IP addresses. Usually, google a web based calculator would do the trick. But today's task is a bit different.

IPv6. A whole row of hexadecimal spinning in front of my eyes, just to figure out what is the range of IP that is usable. Web based IP calculator (based on java script) are not accessible using console based internet browser (links & lynx).

Spontaneously, searching the apt repository return some very interesting stuff.

Console based IP calculator. sipcalc.

Not only it is intelligent enough to figure out the input but also it is intelligent enough to generate useful output. Surprisingly, the output is scripting friendly (using grep and sed will parse the output).

These are the steps to install it under FreeBSD & Debian based distribution (e.g. Ubuntu) :

2009-09-14

Perl - How to install Perl module using CPAN shell

One of Perl's strength is it's repository of modules, thousands of modules. No need to re-invent the wheel, just think of what you wanna do and search for it (http://cpan.perl.org).

The CPAN modules are available through the CPAN shell. In this post, we will talk briefly about how to install the CPAN shell and show an example of installing a module.

2009-09-10

The Perl Ironman Challenge

Ironman Challenge. An effort to promote Perl within its community.

Accidentally stumble upon the challenge while searching for Perl's mailing lists and blogs.

I have always wanted to pick up a programming language. To buck up my system administration skill by scripting daily routines and system monitoring. And most importantly, write some web application with this much fascinated programming language that is well known for its TMTOWTDI (There's more than one way to do it !!!) flexibility.

This is my first post on the Ironman Challenge.

Why did I pick up the Challenge? A way to force myself to document what i have learn and also reminder myself to practice more. 1 post every week but no more then 10 days in between. I'll have to cough up with something i've learn, and i must learn. :p

At the same time, hopefully someone can spot what i have been missing or did wrong during my learning process. All constructive comments and suggestion is much appreciated.

Currently, i am working on converting the bash scripts i have, to perl. Reason to do so is getting a chance to familiarize myself with perl, with a goal. With this purpose, at least i don't bang around like a headless fly. Also, i think my bash scripts are some fast & dirty approach to accomplish things, which i think "use strict;" & "use warnings;" can fix/correct most of it. After a few days or so meddling around, manage to try out some condition & loop statements, date/time functions, database connections modules & some array operations. Huh, this is one topic for blogging.

At this stage, I am still trying to get around the documentation, perldoc. Most of the time, i'll be browsing "perldoc perltoc" to find out which functions and/or modules i can use. Still trying to figure out how to search for modules or functions.

CPAN. Comprehensive Perl Archive Network. There's definitely something for me to use, so that i don't have to "re-invent" the wheel. This is another nature of me, laziness. Re-using other people's code not only fulfill my laziness, but also make me write shorter code to accomplish my task.

The next post i will be talking about how to install & use modules.

That's all for now...

Adios !!!

2009-09-06

BIND - name server error "the working directory is not writable"

Recently, there has been a few incident on vulnerabilities of DNS server being exploited. Fortunately, Bind have release patches soon enough for the rest of us to start covering up the loop holes.

After an upgrade or installations of ISC Bind DNS server 9.6 on a FreeBSD box, we will need to stop and start "named" service. As usual, running the below command will restart it :
/etc/rc.d/named stop
/etc/rc.d/named start

During the restart of the service, a few lines of text pops up saying that the permission of some directories in "/var/named" was altered. By default, the named files will need to be owner and group of "bind" in order for it to run properly. But the script in "/etc/rc.d/named" seems to change some directories ownership to "root" and group ownership to "wheel". This actually causes some errors reported in the log file :
Sep  3 02:44:26 nameserver named[9999]: the working directory is not writable

Naturally, we would issued the command :
chown -R bind:bind /var/name/etc

to fix the permission problem. But after another restart of "named" service using the command :
/etc/rc.d/named restart

the permission revert back to "root" and "wheel". This causes problem when the DNS server transfer zone files from the Master DNS server. The "named" service would not be able to write the latest zone info into the file in the directories "/var/named", then it would create some temporary files.

After some investigation, it seems like the ownership define in "/etc/mtree/BIND.chroot.dist" was set in this way. We will need to redefine the ownership of the directories so that it stop changing the directories ownership back to "root" whenever the "named" service is started so that "named" service owner, "bind" user, which runs the DNS server will be able to write the zones files in "/var/named".

2009-09-04

Technorati blog claim fail error

This post is to record how to claim your blog in Technorati. The instruction received was to create a post with the codes provided then the claim process should complete. But it does not. The error below was showed when checking the status :
There was a problem finding your claim code.
If you have already verified above, please contact Technorati support with the following information :

* Please include the following error code: 400
* URL you are claiming : http://scratching.psybermonkey.net
* The name of your blog : Scratching My Needs
* Your contact info : myself@psybermonkey.net
* A short description of your blog and the type of content you like to write about. : This blog is all about Open Source, specifically about Freebsd, Linux and Perl.
* Does your blog have a RSS feed? Please see if you can supply us with an example URL of your feed. : Yes, the url is http://feeds2.feedburner.com/ScratchingMyNeeds

The instruction given from technorati when the codes was provided, did not work. There is a alternative way to claim the blog. That is, create a link on the post with the below html example :

<a href="http://technorati.com/claim/<the blog claim codes>" rel="me">Technorati Profile</a>

Which the "the blog claim codes" is the codes from Technorati, without the angle brackets (<>).

e.g.

<a href="http://technorati.com/claim/abc123xyx" rel="me">Technorati Profile</a>

Technorati should correct its instruction on how to claim the blog. Also, the support should actually buck up. If there wasn't any human(s) behind the support link, don't even put it up there. This confusion wasted 1 week of my time trying all kinds of post with the codes and figuring why the process does not work. Technorati, are you hearing???

2009-08-30

FreeBSD - How to use Meta Ports to install group of ports

Often, after a fresh new installation of FreeBSD, we have a set of programs we want to install. The conventional method would be installing it one by one in /usr/ports. Today, we will use meta ports to install the set of applications by just one "make install clean" rather then "cd" into individual directories and do "make install clean" for every ports.

Meta ports are, as the name implies, ports file that describe about the program we are installing. The ports file describe where & what to install for this ports to work. A sample of "where" would be "where to download the source", "where to install it" and so on. As for "what", it would be "what to install to fulfill the dependencies". In this post, we will take advantage of this "what". We will define the dependencies as the list of programs we want to install so that the ports will install it.

This is an example of how to do it :

2009-08-24

Apache - [warn] _default_ VirtualHost overlap on port 80, the first has precedence

Virtual Host. A feature that enables Apache to configure multiple domain into one web (http) server. This feature saves the need to run multiple instances of web server and thus saves resources.

After configuring the <VirtualHost> directives, some may encounter an error message :
Error : [warn] _default_ VirtualHost overlap on port 80, the first has precedence

This is due to the missing of a parameter, before any <VirtualHost> directives:
NameVirtualHost

2009-08-20

MySQL - Passwordless login within bash script

As like the previous post about passwordless login within Bash script, this post is about how to connect to MySQL database server using Bash script without MySQL client prompting for login.

Here it is :

2009-08-18

ssh - How to encrypt/tunnel internet traffic through ssh

When using an insecure internet connection (e.g. wireless), it is a good practice to tunnel internet traffic through ssh. Tunneling through ssh provide encryption of the traffic starting from local computer to the point ends where ssh server is. It is especially important to encrypt the traffic out of the local PC when using un-secure connection as other malicious intent users might be able to sniff packet off the current connection.

How does ssh tunneling works?

2009-08-15

SmokePing - How setup logging (or debuging)

SmokePing is an utility to keep track of the network latency from your network to various site. Its output are recorded in graph, for analysis purpose. Its configuration are simple and easy to setup. But some times, logging are needed to debug some probes failed to output to graph. The logging setup will need to edit some files to make sure it rotate itself and syslog needs to be notified.

Here is how you get your hands dirty :

WordPress - wp-cache plugin not working

WordPress plugin wp-cache is a plugin that caches the WordPress post the first time when someone visits it then it uses the cache next time when the same post needs to load again. This saves processing power and also improves user experience as WordPress posts are loaded faster.

For some reason, wp-cache stop working. The "Cache contents" in WP-Cache Manager (accessible from Settings --> WP-Cache) shows both "cached pages" and "expired pages" are "0" (zero) all the time.

The fix is :

2009-08-11

FreeBSD - Quick install guide (aka How to install FreeBSD)

Much great have been said on FreeBSD;
  • the license has all the freedom you need
  • server apps setup are mostly manual. no wizard of oz, no gui. Which makes the administrator have control over everything.
  • it boots faster
  • its stability is like rock, hard to crash :)
  • default installation are lean and mean. Is meant to be built from scratch. Ain't no rubbish you want on the system to trade for vulnerabilities.

Even though some of the above might scare off a normal user, no doubt it is still a great OS that no others can beat. Don't believe me? Try it yourself with the below few pictures (to guide) :

2009-07-29

Linux - Shorewall firewall with PPTP VPN dialup client

PPTP VPN uses protocol GRE on two way, both inbound and outbound. Setting up the firewall to allow PPTP VPN dialup client (e.g. Ubuntu's NetworkManager) to use protocol GRE is just a few steps in adding rules and interfaces. This post is based on the previous post "How to set up Shorewall firewall (alternate to FireStarter)", which is a quick tutorial on setting up Shorewall firewall on a single network interface. Here it is :

2009-07-28

Linux - How to set up Shorewall firewall (alternate to FireStarter)

There are a few option of firewall interface available on Linux for iptables, both GUI (Graphical User Interface) and CLI (Command Line Interface). FireStarter user interface on GUI is easy to use and configure. The only problem is it does not work properly with PPTP VPN dialup, it blocks protocol GRE. It does provide a workaround (dont ask, it is too painful to remember) but the steps are too tedious and involve the mixture of setup in command line and GUI, and this kind of setup always spells trouble.

Shorewall is another firewall interface that operate on CLI. This is taken from the Shorewall's introduction :

"The Shoreline Firewall, more commonly known as “Shorewall”, is high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files. Shorewall reads those configuration files and with the help of the iptables, iptables-restore, ip and tc utilities, Shorewall configures Netfilter and the Linux networking subsystem to match your requirements. Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system. Shorewall does not use Netfilter's ipchains compatibility mode and can thus take advantage of Netfilter's connection state tracking capabilities."

Shorewall's way of configuring iptables firewall made easy by just describing the rules and interfaces into a few files and the firewall is ready to go. Shorewall's website also provides extensive documentation on how it works and how to setup.

This post's intended to setup Shorewall in a few simple steps and thus, it is not really suitable to implement it on medium to large enterprise. Here it is :

2009-07-23

FreeBSD - Error installing KDE4 or Xine

Halfway through installing KDE4 or any ports that is related to Xine, ended fail with the below error message :






===>  Found saved configuration for libxine-1.1.16.3_1
=> xine-lib-1.1.16.3.tar.bz2 doesn't seem to exist in /usr/ports/distfiles/.
=> Attempting to fetch from http://superb-east.dl.sourceforge.net/sourceforge/xine/.
xine-lib-1.1.16.3.tar.bz2                     100% of 7293 kB  232 kBps 00m00s
===>  Extracting for libxine-1.1.16.3_1
=> MD5 Checksum OK for xine-lib-1.1.16.3.tar.bz2.
=> SHA256 Checksum OK for xine-lib-1.1.16.3.tar.bz2.
===>   libxine-1.1.16.3_1 depends on file: /usr/local/bin/perl5.8.9 - found
===>  Patching for libxine-1.1.16.3_1
===>   libxine-1.1.16.3_1 depends on file: /usr/local/bin/perl5.8.9 - found
===>  Applying FreeBSD patches for libxine-1.1.16.3_1
1 out of 1 hunks failed--saving rejects to src/combined/ffmpeg/Makefile.in.rej
=> Patch patch-src_combined_ffmpeg_Makefile.in failed to apply cleanly.
=> Patch(es) patch-config.rpath patch-configure patch-misc_Makefile.in patch-misc_libxine.pc.in patch-src:libffmpeg:libavcodec:h263.c patch-src:libffmpeg:libavcodec:mpeg12.c patch-src:libffmpeg:libavcodec:msmpeg4.c patch-src:xine-engine:xine_internal.h patch-src_audio_out_audio_oss_out.c applied cleanly.
*** Error code 1

Stop in /usr/ports/multimedia/libxine.
*** Error code 1

It seems that the patching for ffmpeg in libxine fail for some reason. Checking out the freebsd.org bugs database, it is due to ffmpeg in libxine does not need that patch. The solution to it is :

2009-07-22

Ubuntu - How to resume NetworkManager managing network interface

After manually editing /etc/network/interfaces for dynamically assigned IP or static IP, Network Manager (the icon sits on the upper panel with 2 monitor) stops working. Specifically it stop managing interface, but manually assigning IP through "ifconfig" or editing config files (/etc/network/interfaces) still works. Another reason NetworkManager stop working is after applying some updates between Intrepid (8.10) to Jaunty (9.04) it just stop working. Here is the solution :

2009-07-20

FreeBSD - How to install flash plugin or player to work with FireFox

This post is part of the "How to install FreeBSD as your Desktop" series and it shows how to install flash plugin onto FireFox internet browser in FreeBSD. Here it is :

2009-07-19

Freebsd - How to install FreeBSD as your Desktop

UPDATE : After testing PC-BSD for a while (more then 6 months), PC-BSD indeed is a FreeBSD variant that is superior in Desktop environment. Its user friendly installation and configuration have make FreeBSD so much more suitable running as an Desktop. Unless you're interested in figuring out how to tweak and turn FreeBSD to work in a Desktop, give PC-BSD a try, you'll love it!
Check it out at PC-BSD website !!!


PsyberMonkey is turning his desktop to FreeBSD and this is the work he has done :-

1. FreeBSD quick install guide (aka How to install FreeBSD).

2. make sure hardware are detected properly
  • How to install or add sound card driver module
  • wireless (how to still in progress)
  • ACPI (still having trouble making it work)
  • remote control through SSH (how to still in progress)
  • all others e.g. external drive formatted in FAT32, display card, track pad, external mouse, gigabit network card & etc are detected and function properly.

3. Using ports to install software - go to Section III.

4. Getting KDE, GNOME and XFCE up and running (how to still in progress)
Other miscellaneous stuff :

This post will be updated periodically to reflect the progress of using FreeBSD as a Desktop.

Adios !!!

2009-07-18

FreeBSD - How to disable or turn off the keyboard beep sound

A reminder to myself on how to disable the keyboard beep sound (serve as an alert) when ever an error occured in the console command line. It is control by a sysctl value. To stop it now on all console, execute :
sysctl hw.syscons.bell=0

To make it permanent, such as every time FreeBSD boots, disable the beep sound :
echo "hw.syscons.bell=0" >> /etc/sysctl.conf

Alternately, to disable only this console :
kbdcontrol -b off

Vaarwel !!!

2009-07-16

Freebsd - How to install or add sound card driver module

FreeBSD is getting more and more attention due to its stability and (well done) documentation. Geeks and nerds are getting their hands into installing FreeBSD onto their Desktop or Laptop.  Some might ask "Eh ??? Why ain't ya mentioning the servers? Is BSD.". Sound card, sound card belongs to multimedia. It's mostly meant for entertainment so it's gonna stay on the "personal" thing. e.g. Personal Computer, laptop, notebook, rig, moo or whatever you called it. :p

Back to the topic. This post will try to demo on how to install sound card driver onto FreeBSD.

2009-07-10

FreeBSD - How to upgrade the kernel or base system

The nature of FreeBSD is so rock-solid stable that some system administrator adopt the philosophy "if it ain't broken, don't fix it", others, beg to differ. Upgrading & patching of servers should be diligently carry out so that security vulnerabilities are minimize to the least (who can be sure of their servers are 100% secure ???), introduce to new application features (which geek doesn't like new stuff ???) & performance increase (meaner & leaner :) ). Patching can only be done to a certain level then it will need kernel and base system to compile and build the latest patches or upgrades.

Regular upgrade of the FreeBSD kernel and base system is a good way to follow the support schedule. It would mean that your server would have a longer life span in the production. Not because of some latest OS "GUI" release that demand higher RAM for the "processor hungry monster" lies beneath the OS "GUI" release. But rather, it fixes the bugs of the applications, gives you more new functions and make your hardware works harder & faster.

There are some hiccups to take note of. As with all OS upgrade, the will experience up time interruption (aka server down time) . Scenario such as :

:- The performance of the server have greatly draw by the upgrade process and impact the usual services the server runs. Thus the response time of the server fail to serve the users in time and affected the normal operation of the business.

:- The upgrades break the kernel or base system and the server fail to boot.

:- After the first boot up of the upgrade, the applications fail to compile properly and resulted the services fail to start.

:- The is your first FreeBSD upgrade and you can't predict what would happen and hiccups just like to happen at these times. :p

All of the above can be avoided as long as the below points are observe :
  • plan and schedule the upgrade with adequate time so that even hiccups happen, there are ample time to solve it.
  • plan a trial server upgrade or mock run of the upgrade to anticipate what hiccups might happen and test the solutions. Use the server backup and restore to another hardware, virtual machine or sandbox to test the server upgrade. Drop down every step and retry it if time permits to minimize the hiccups.
  • The is the most important one. Always backup/restore perform a full system backup with no less then 1 day of difference. The shorter time of the difference between the backup and the upgrade, the faster and painless the restore process is. This also mean shorter down time.

2009-07-02

Freebsd - Backup & restore for disaster recovery

Data are all around servers.. To name a few, file server, email server, LDAP server, web server, DNS server and these are just a few essential servers that make up part of IT section of your company. ERP, CRM, financial projection system, database server, accounting & payroll system are the example of business application. Imagine, what if "some" of these data are loss. It is also worth mentioning that data is so valuable to the company, that partial loss of it might lead to breaking your business continuity !!!

Most of the company operation are depending on these data in the server to make decisions. Data in the servers have never been so important.

Server data disaster recovery planing is a vital process in system administration. It directly shows how much the system administrators understand the importance their role in the business. Reason for data loss can be classified into 2 main categories, natural disaster and man made disaster. Natural disaster that causes data loss includes flood, earthquake, fire hazard and etc. Man made disaster (aka PBKC which denodes Problem Between Keyboard and Chair :p ) examples, hacking activities, accidental data deletion or over written and server maintenance e.g. patching, upgrades, developments, moving to a bigger size of hard disk & etc.

Disaster recovery involves planning, backup & restore. Planning will need identify which are the crucial data to backup and how frequent should it be backup. The next consideration will be what media should the data be save to. Generally, external hard disk (e.g USB) or network based storage (e.g. file server, ssh server, NAS, SAN) are the cheapest & fastest way to store the data. But if the data is to archive, it should go into media e.g. tape, CD, DVD and other optical media. Lastly, all planning and backup of the data should always test against restoration, or else why even plan to save it. :)

This post will concentrate on how to prepare for Server disaster recovery on a FreeBSD server. Do take note Database backup is not cover in this post as Database backup itself, have already a few strategy to look on.

There is an update for this post, please check out the updated post "FreeBSD – Backup and restore FreeBSD using Fixit CD".

2009-06-29

FreeBSD - Combine 2 (or more) NIC using network link aggregation and load balance (aka round robin)

Hard disk are getting bigger and bigger. Network interface card (NIC) and switch are getting cheaper and cheaper. It usually means more services can squeeze into a server. Combining multiple network interface into 1 big pipe would be a big plus for services that is bandwidth hungry. e.g. file server, email server & etc

Combining 2 or more network interface have a few advantages. One of them is load balancing. Load balancing enables the network interface card to share the load among the 2 or more network interface card defined. It serves as redundancy as well. But load balancing does not makes full use of the 2 or more network interface, it is meant to share network traffic load.

To fully utilize 2 or more network interface links, link aggregation should be used. Link aggregation is a method to combine 2 or more network interface to become a bigger pipe. It is also a way to combine 2 or more interface to use the same IP address. Using link aggregation can also create redundancy, if one of the link fails, the other links will take over.

This post is using FreeBSD as a server because FreeBSD have all the ports (software packages) you will need and server administration on it is made to ease systems administration daily task.Without further ado, below are the steps to configure 2 (or more) network interfaces to work as 1 big trunk or round robin :

2009-06-27

How to check hard disk transfer speed or timing

Storage are getting cheaper and cheaper. Almost a year ago, a 250 GB 2.5" portable hard disk would cost 120 bucks. But now, it only cost 100 bucks for a 500 GB hard disk. Size are getting bigger and bigger with the same monetary value but does the hard disk spins fast enough to fetch the big "gigabytes" in time? Of cause, given "enough" time, any rate of spin could fetch any size of data. Files are getting larger and larger, especially audio & video files. Fetching the files in an reasonable time is crucial.

Before we proceed to check out the command on how to check hard disk transfer speed or read timings, we will need to familiarize our self with hard disk naming convention. Here is a simple guide on how to identify hard disk naming convention in /dev (where device node are store) :

2009-06-26

Mozilla Firefox - common keyboard shortcut keys

Firefox have all the bells & whistles to make our internet life happy. Tabs, plugins, portability and keyboard shortcuts. Firefox keyboard shortcuts make browsing addictive, especially to system administrator, which our hands are on the keyboard most of the time. We could use mouse to browse it but wouldn't you think by keeping your hands on the keyboard would increase productivity? :)

Below are the list of keyboard shortcuts plus a few combination of mouse clicks which commonly used in Firefox. There are of cause other shortcuts available but this post only attempt to introduce you with the efficiency of using keyboard shortcuts (almost mouse-less) rather then trying to exhaust your brain memory in crunching the full list of keyboard shortcuts. You can print the below list of Firefox keyboard shortcut keys out and act as a Cheat Sheet. It can be useful in getting familiar initially using the keyboard shortcut keys. Here are the list :

2009-06-23

WordPress - plugin upgrade requesting "Connection Information"

This common error happens normally after a WordPress version upgrade. Upon upgrade of plugins, which normally we click on the "upgrade automatically" link on the plugins page, it prompt for "connection information" (with another line of "To performed the requested action, connection information is required.") with "hostname", "username", "password" & "Connection Type" required.

This issue is caused by certain wordpress essentials files or directory are not accessible by WordPress.

2009-06-21

PostgreSQL - How to reset user name "postgres" password

PostgreSQL is an open source RDBMS (Relational DataBase Management System) that is not only feature rich, fast and light but also easy to use. Its documentation available at its website is a superb way of learning as well. Browsing the documentation and you will find that its way of explaining is no "bullshit" approach, short and concise.

After the initial installation, one might forget to set the password after running the initial script to setup the database. After a while, naturally, we all forget the password. Below are the steps to reset the password for user name "postgres" :

Nokia E71 and E63 tips - shell or command line access using ssh (secure shell)

The Nokia E71 & E63 is a versatile phone for people that needs the business suite of application, e.g. email, messenger, documents & spreadsheet, camera and most importantly, the symbian platform. The symbian platform is widely used on mobile phones. Symbian's platform also have a wide variety of applications.

For *NIX system administration, shell access to the command line (using ssh) of the  servers are part of our life. Having to own Nokia E71 or E63 is one of the best thing as Putty is available on symbian platform. Putty is a symbian application that can connect to server using shell access or command line by ssh, which take advantage of the built-in QWERTY keyboard on Nokia E71 & E63. Putty also allow to use public key authentication, if the private key is installed on the phone or the memory card (mmc). It also allow to configure ssh (secure shell) client to connect to other ports then the default port 22.

2009-06-19

Nagios - Error "Error: Could not open command file '/var/spool/nagios/rw/nagios.cmd' for update"

After an upgrade of Nagios, Nagios re-schedule function for next service check is not working. The Nagios web interface complained "Error: Could not open command file '/var/spool/nagios/rw/nagios.cmd' for update". Its problem lies on the webserver was unable to access the file to update the schedule.

2009-06-18

sudo - How to create another root (equivalent) account on linux or freebsd

The usual root account are meant for critical task, such as single user mode related operation. It hails the power of the system, as well the power of destruction (try "rm -rf /" :p). That's the reason why a lot of company have a policy to seal the root account or make some red tape so that one will give up requesting to use it. But sealing the root account will make daily routine system administration task difficult to execute.

No worries, sudo is the tool to clone another account with root privilege or control the access of critical command of a linux or BSD box. Every command that runs through sudo will be log to /var/log/auth.log.

2009-06-17

Wordpress - missing tool bar from visual editor after upgrading wordpress

WordPress 2.8 is available for upgrade from either the Dashboard (by 1 click upgrade) or manually download it from wordpress.org and install it through command line. If you are using the first option, which upgrade through the Dashboard, you might noticed that after the upgrade, the Visual Editor might stop working or the tool bar is missing from the Visual Editor. Google it will bring you to wordpress.org and recommand you to do some tedious troubleshooting steps.

This blog have just upgraded and encounter the same problem. After following the recommendations, step 3 of it works, which is removing the current wp-includes and wp-admin folder then replace it with the latest version of it by downloading latest.tar.gz from wordpress.org and extract from it.

Ciao !!!

2009-05-24

Ubuntu - How to add or create hard disk partition and make it automatically mount

In Ubuntu, adding or managing new partition or hard disk should use UUID (Universally Unique Identifier) of the device rather then using the device node name. e.g. /dev/sda2, /dev/hda3, /dev/sda5 and etc. IMHO its advantage compare to the conventional way of mounting device, using /dev/sda or /dev/hda are :
  • UUID is unique when it comes to device node naming. e.g. multiple USB device plug in and out can generate different /dev/sda nodes.
  • UUID have been used by ubuntu by default to assign partition or hard disk in /etc/fstab.
  • UUID have 25616 of combination and it takes a very long time to exhaust it even though if we were to generate it fast enough. e.g. generating 1 trillion a nano second would take 10 years to exhaust it.
  • using UUID will list the partition or hard disk to appear in the 'File Browser' (aka Nautilus) under 'Places'.

This post will list 2 ways to get the UUIDs in order to make the new partition or hard disk automatically mount under Linux (or particularly Ubuntu), the command line and the GUI (Graphical User Interface) programs provided by Ubuntu.

2009-05-22

Start multiple command line screen session to run interactive jobs

As an BSD & Linux administrator, the command line is where we live. We eat, live & shit at the same place, command line screen. Some times, we can only afford to open a single terminal screen. It's kind of hard for us to be efficient as most of the time we multitask on a few bunch of screens.

Or, we need to run an interactive program over a long period of time which we want the result when it ends. Instead passing the program to run in the background which hides the result, the screen command is at disposal.

And most importantly, when combine with ssh (secure shell) it is uncomparablely fast and secure.

Screen is capable to detach from command line session and yet the program runs interactively in the background. The ability to switch from multiple screen will definitely help out when using the console session. Screen can even start in a few "screen session" in order to manage your task into separate groups. Screen also supports hot key (the meta control key with the combination of alphabet or digit) for common task.

Part I will guide any first time screen user on how to start a multiple screen command line to run multiple screen session. Proceed to Part II for a more advanced experience.

2009-05-20

MySQL - Common commands of database user account management

SQL database are used to store various kind of data in order for future retrieval. But data stored in SQL database is not only for future retrieval, it is also stored in such a way for faster (repeated) retrieval, structured manner in data organization, interchangeable between applications and most importantly, it provides a mean to store and search for really huge data by using SQL statement, query.

There are a lot of database currently available, e.g. PostgreSQL & MySQL. MySQL is one of the most popular database among open source database, same as PostgreSQL. Due to the hip of LAMP (which denotes Linux, Apache, MySQL, PHP), MySQL have made known to the mass audience. No doubts its performance and usability are, both MySQL & PostgreSQL, in par.

This post will not attempt to compare both excellent databases, rather, it will try to list out a few common uses of MySQL database in tips & shortcut way. Below are the list of common usage of MySQL permission and privileges :

2009-05-19

ssh - error "Host key verification failed" when trying to connect or copy a file to ssh server

The below error was display while trying to ssh or scp to a ssh server :










@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The RSA host key for domain-name.com has changed,
and the key for the according IP address xxx.xxx.xxx.xxx
is unknown. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
00:00:00:00:00:00:00:00:00:00:00:00:.
Please contact your system administrator.
Add correct host key in ~/.ssh/known_hosts to get rid of this message.
Offending key in ~/.ssh/known_hosts:xx
RSA host key for domain-name.com has changed and you have requested
strict checking.
Host key verification failed.
lost connection

2009-05-13

Nokia E71 and E63 tips and short cut keys

Nokia E71 and E63 are great phones, operating on Symbian S60 series operating systems. Its keyboard is easy to type, the LCD is sharp, the keys position are great and most importantly, the battery last long enough, approximately 5-7 days for an average user like me. The phone also comes with a lot of practical applications, e.g. word processor, spreadsheet, simple note pad, email client and etc.

The phone's operating systems is also able to upgrade from a normal PC or laptop with USB connectivity. The last upgrade my phone had have significantly improve the responsiveness and also some functionality. e.g. typing the phone book entry on the Home Screen will directly search for it (rather the usually need to access the phone book before able to search), press shift twice will activate the secondary input language and others.

But this post is about tips and shortcut keys available on the phone, below are some of it discovered along using the phone all this while :

2009-05-12

OpenOffice crashes after fail to recover documents

When launching openoffice, it starts to recover some files which previously did not save properly. After it recovers, it just display a message saying it needed to close due to some unexpected error. After retrying to start a few more times, the result is still the same. Reset the profile by using the below instructions :

2009-05-08

How to check user's information and profile

Other then digging /etc/passwd, there are other ways to check a user's profile on the server. "finger" can also do the same job.


e.g.
finger username

Arrivederci !!!

mkdir - make a whole set of directory, automatically if it does not exists

When organizing files, we often need to make a whole set of directories in order organize the files properly into directories. Most of the time, we will need to make a bunch of sub directories.

e.g.
"cd /directory" then "mkdir leve1", then "cd /directory/level1" then "mkdir level2", then "cd /directory/level1/level2" then "mkdir level3" and etc... In fact, there is a parameter for mkdir to create the whole set of directory, automatically.

2009-05-07

How to display route table or default gateway

Route table are part of the area to troubleshoot when a connection have problem. Route table can the the most frequent problem to look at after assigning an IP address. Other times, it is mainly for adding additional routes when wireless & wired connection are both in use. This post will attempt to list out a few ways to display route table and also how to assign default route aka default gateway in Linux & FreeBSD.

How to cd back to the previous directory

In Linux & FreeBSD, often we need to cd to a directory then ls to find out the files in that directory. Then only to find out we need to go back to the previous directory and do something else, and we will need to type "cd /very/long/directory/name/and/it/is/just/so/not/cool/to/do/".

2009-05-06

How to make grep highlight the keyword

By default, grep does not highlight the keyword or the search term. Making grep highlighting the search term can make the visibility of the keyword more obvious if it hide in between the words.