The Register Hacked & Defaced

Screen grab of the Register defaced

Today The Register was defaced by a Turkish group of hackers. It looks like the DNS was changed to point to the hacker’s nameservers.

$ whois theregister.co.uk

    Domain name:
        theregister.co.uk

    Registrant:
        Linus Birtles

    Trading as:
        The Register

    Registrant type:
        UK Sole Trader

    Registrant's address:
        Situation Publishing Limited
        PO Box 478
        Southport
        PR8 2ZW
        United Kingdom

    Registered through:
        NetNames Limited
        URL: http://www.netnames.co.uk

    Registrar:
        Ascio Technologies Inc t/a Ascio Technologies inc [Tag = ASCIO]
        URL: http://www.ascio.com

    Relevant dates:
        Registered on: before Aug-1996
        Renewal date:  14-Mar-2012
        Last updated:  04-Sep-2011

    Registration status:
        Registered until renewal date.

    Name servers:
        ns1.yumurtakabugu.com
        ns2.yumurtakabugu.com

    WHOIS lookup made at 21:42:31 04-Sep-2011

--
This WHOIS information is provided for free by Nominet UK the central registry
for .uk domain names. This information and the .uk WHOIS are:

    Copyright Nominet UK 1996 - 2011.

You may not access the .uk WHOIS or use any data from it except as permitted
by the terms of use available in full at http://www.nominet.org.uk/whois, which
includes restrictions on: (A) use of the data for advertising, or its
repackaging, recompilation, redistribution or reuse (B) obscuring, removing
or hiding any or all of this notice and (C) exceeding query rate or volume
limits. The data is provided on an 'as-is' basis and may lag behind the
register. Access may be withdrawn or restricted at any time.

Yumurta kabuğu? It mean “eggshell” if you believe this Turkish-English dictionary.

And if you are wondering who is yumurtakabugu.com then you won’t get far:

$ whois yumurtakabugu.com

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

   Domain Name: YUMURTAKABUGU.COM
   Registrar: ACTIVE REGISTRAR, INC.
   Whois Server: whois.activeregistrar.com
   Referral URL: http://www.activeregistrar.com
   Name Server: NS1.ACTIVE-DNS.COM
   Name Server: NS2.ACTIVE-DNS.COM
   Status: clientTransferProhibited
   Updated Date: 03-sep-2011
   Creation Date: 16-apr-2010
   Expiration Date: 16-apr-2020

>>> Last update of whois database: Sun, 04 Sep 2011 20:45:33 UTC <<<

NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar.  Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability.  VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Registration Service Provided By: Active-Domain LLC
Contact:  http://www.active-domain.com

Domain Name: yumurtakabugu.com
Expiry Date: 16-Apr-2020
Creation Date: 16-Apr-2010

Name servers:
ns1.active-dns.com
ns2.active-dns.com

Registrant Name: Whois Manager
Registrant Company: Whois Proof LLP
Registrant Email Address: m4l0j36f5ks@whoisproof.com
Registrant Address: PO Box 4120
Registrant City: Portland
Registrant State/Region/Province: OR
Registrant Postal Code: 97208-4120
Registrant Country: US
Registrant Tel No: +1.2024700599
Registrant Fax No: +1.8663666681

Admin Name: Whois Manager
Admin Company: Whois Proof LLP
Admin Email Address: m4l0j36f5ks@whoisproof.com
Admin Address: PO Box 4120
Admin City: Portland
Admin State/Region/Province: OR
Admin Postal Code: 97208-4120
Admin Country: US
Admin Tel No: +1.2024700599
Admin Fax No: +1.8663666681

Tech Name: Whois Manager
Tech Company: Whois Proof LLP
Tech Email Address: m4l0j36f5ks@whoisproof.com
Tech Address: PO Box 4120
Tech City: Portland
Tech State/Region/Province: OR
Tech Postal Code: 97208-4120
Tech Country: US
Tech Tel No: +1.2024700599
Tech Fax No: +1.8663666681


The data in this whois database is provided to you for information purposes only, that is, to assist you in obtaining information about or related to a domain name registration record. We make this information available "as is," and do not guarantee its accuracy. By submitting a whois query, you agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to: (1) enable high volume, automated, electronic processes that stress or load this whois database system providing you this information; or (2) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via direct mail, electronic mail, or by telephone. The compilation, repackaging, dissemination or other use of this data is expressly prohibited without prior written consent from us. The registrar of record is Active Registrar, Inc. We reserve the right to modify these terms at any time. By submitting this query, you agree to abide by these terms.

Tags: , ,

Pinax 0.9a1 SMTP.EMailBackend woes

I had some trouble sending email confirmation messages in Pinax from WebFaction:

(productionenv)[user@web]$ python manage.py retry_deferred
2 message(s) retried
(productionenv)[user@web]$ python manage.py send_mail
------------------------------------------------------------------------
acquiring lock...
acquired.
sending message 'Confirm e-mail address for Pinax' to user1@example.com
message deferred due to failure: {'user1@example.com': (504, '5.5.2 <webmaster@localhost>: Sender address rejected: need fully-qualified address')}
sending message 'Confirm e-mail address for Pinax' to user2@example.com
message deferred due to failure: {'user2@example.com': (504, '5.5.2 <webmaster@localhost>: Sender address rejected: need fully-qualified address')}
releasing lock...
released.
 
0 sent; 2 deferred;
done in 0.20 seconds
(productionenv)[user@web]$

The secret to debugging this is to note that ‘webmaster@localhost‘ is the cause of the rejection. If you did not configure your smtp.EMailBackend settings before you added the initial batch of users, then all the messages get stored with the default value ‘webmaster@localhost‘ (instead of pinax@example.com or whatever) and your mail exchanger will complain. In your Pinax/Django settings file you should have something similar:

# Email configuration
DEFAULT_FROM_EMAIL = 'Pinax <pinax@example.com>'
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_USE_TLS = True
EMAIL_HOST = 'smtp.webfaction.com'
EMAIL_HOST_USER = 'pinax_emailer' # Mailbox name from https://my.webfaction.com/mailbox/list
EMAIL_HOST_PASSWORD = 'password_goes_here'
EMAIL_PORT = 25
EMAIL_SUBJECT_PREFIX = '[Pinax] '

To solve this problem, you need to remove the deferred messages in the queue. You can do this by removing the rows in the ‘mailer_message’ table in your database. You could also remove the entries under the appropriate Django admin page (/admin/mailer/message/). Either way, you need to get rid of those messages because they are from webmaster@localhost and not pinax@example.com. If you don’t, they will be deferred forever and ever and evar and evaaarrr.

Once the offending messages have been removed, you can reverify another email and it will send out the verification email without issues:

$ python manage.py send_mail
------------------------------------------------------------------------
acquiring lock...
acquired.
sending message 'Confirm e-mail address for Pinax' to shoe@example.com
releasing lock...
released.
 
1 sent; 0 deferred;
done in 0.19 seconds

Tags: ,

Testing Marriage Equality in Python (aka I ♥ NY)

I ran the following code tonight and ran into some problems. I hope that this solution will help others:

Trinity:marriage_test kelvin$ python marriage.py 
F
======================================================================
FAIL: testEquality (__main__.equalityTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "marriage.py", line 24, in testEquality
    self.assertEqual(a, b, "Marriages not equal")
AssertionError: Marriages not equal
 
----------------------------------------------------------------------
Ran 1 test in 0.000s
 
FAILED (failures=1)
Trinity:marriage_test kelvin$

This is the test that was failing:

class equalityTests(unittest.TestCase):
 
  def testEquality(self):
    a = OppositeSexMarriage()
    b = SameSexMarriage()
    self.assertEqual(a, b, "Marriages not equal")

Fortunately the fix is straightforward (base Marriage on GoodLegislation):

class GoodLegislation(object):
  def __eq__(self, other):
    return self.__dict__ == other.__dict__
 
class Marriage(GoodLegislation):
  pass

This is the result that we were after:

Trinity:marriage_test kelvin$ python marriage.py
.
----------------------------------------------------------------------
Ran 1 test in 0.000s
 
OK
Trinity:marriage_test kelvin$

Congratulations to the good people of New York state. They became the sixth state to allow same-sex marriage.

Code available here!

Tags: , , , ,

Compile Python 2.5.6 for 64-bit CentOS/RHEL 5.6 (RedHat)

It is possible to build Python 2.5.6 as a 64-bit RPM for CentOS/RHEL(RedHat) 5.6:

[kelvin@campion ~]$ cat /etc/redhat-release 
CentOS release 5.6 (Final)
[kelvin@campion ~]$ python25
Python 2.5.6 (r256:88840, Jun 15 2011, 19:58:29) 
[GCC 4.1.2 20080704 (Red Hat 4.1.2-50)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>>

I’m going to follow the method detailed in a blog post by Bryan O’Sullivan and build an RPM using a source RPM from the Fedora Project. My system is a 64-bit virtual machine running CentOS 5.6. Except for a post-install update via yum, a static LAN IP and an Apache HTTPD, this machine is exactly what you would get if you installed the server from a netinstall:

[kelvin@campion ~]$ uname -a
Linux campion 2.6.18-238.el5 #1 SMP Thu Jan 13 15:51:15 EST 2011 x86_64 x86_64 x86_64 GNU/Linux

Build tools

First step is to install the tools and packages that you will need to build your Python RPM (~70mb with dependencies):

$ sudo yum install autoconf bzip2-devel db4-devel \
  expat-devel findutils gcc-c++ gdbm-devel glibc-devel gmp-devel \
  libGL-devel libX11-devel libtermcap-devel ncurses-devel \
  openssl-devel pkgconfig readline-devel sqlite-devel tar \
  tix-devel tk-devel zlib-devel rpm-build

Find a Python 2.5 source RPM

The last Fedora that shipped with Python 2.5 was Fedora 10 so we need to get that source RPM. Visit your closest Fedora 10 mirror and download it to your working directory:

[kelvin@campion ~]$ cd
[kelvin@campion ~]$ wget http://mirrordenver.fdcservers.net/fedora/releases/10/Fedora/source/SRPMS/python-2.5.2-1.fc10.src.rpm

Now that you have the source RPM, extract it (into a temporary build directory) with the following:

[kelvin@campion ~]$ mkdir -p /tmp/py25/{BUILD,RPMS,SOURCES,SPECS}
[kelvin@campion ~]$ rpm --define '_topdir /tmp/py25' -ivh python-2.5.2-1.fc10.src.rpm
warning: python-2.5.2-1.fc10.src.rpm: Header V3 DSA signature: NOKEY, key ID 4ebfc273
   1:python                 warning: user mockbuild does not exist - using root
warning: group mockbuild does not exist - using root
...

The ‘mock’ warnings refer to the Fedora build tool called ‘mock’ and they can be ignored. You have now extracted the source from the RPM and it resides in /tmp/py25.

Download the Python 2.5.6 source

At the time this post was written, Python 2.5 was due to be left unmaintained after Oct 2011. Alas, I have some unmigrated 2.5 apps so we need to get the latest Python 2.5 source and replace the BZipped tarball in the source RPM (ensure you download the BZipped source from the Python web site).

$ cd /tmp/py25/SOURCES/
$ wget http://www.python.org/ftp/python/2.5.6/Python-2.5.6.tar.bz2
$ ls -l Python-2.5.*
-rw-r--r-- 1 kelvin kelvin 9807597 Sep 24  2008 Python-2.5.2.tar.bz2
-rw-rw-r-- 1 kelvin kelvin 9821788 May 26 07:46 Python-2.5.6.tar.bz2

Edit the RPM spec and a patch file

You want to allow your RPM build to use the older 4.3 version of BerkeleyDB that ships with CentOS 5.6. You also want the RPM to use the source archive we just downloaded and not the one that came with the RPM. You need to make the following minor changes using an editor like vim or emacs or nano (yuk!):

$ cd /tmp/py25/SOURCES/
$ vim python-2.5-config.patch

Change line 251 (vim hint: in command mode ‘:251’ goes to line 251, ‘i’ enters insert mode, edit-edit-edit, ‘esc’ goes back to command mode, ‘ZZ’ saves and closes the file):

251
+DBLIBVER=4.3

Your RPM will now use the CentOS 5.6 standard BerkeleyDB version 4.3.

$ cd /tmp/py25/SPECS
$ vim python.spec

Edit these lines:

24
Version: 2.5.6
86
BuildPrereq: db4-devel >= 4.3
224
225
#%patch999 -p1 -b .cve2007-4965
#%patch998 -p0 -b .cve2008-2316

Your RPM build will now use the Python version 2.5.6 source archive in your SOURCES directory. The two CVE patches have already been applied in Python 2.5.6 so we must comment out those lines in the spec file so the included Fedora patches are not applied.

Build your Python 2.5.6 RPM

You are now ready to build the RPM. Go into the SPECS directory and build it:

$ cd /tmp/py25/SPECS
$ rpmbuild --define '_topdir /tmp/py25' --define '__python_ver 25' -bb python.spec

Once packaged, your RPMs can be found in the RPM directory (if you built an i386 version it will be in a different directory):

[kelvin@campion x86_64]$ cd /tmp/py25/RPMS/x86_64
[kelvin@campion x86_64]$ ls -l
total 13116
-rw-r--r-- 1 kelvin kelvin 6350252 Jun 15 20:12 python25-2.5.6-1.x86_64.rpm
-rw-r--r-- 1 kelvin kelvin  932782 Jun 15 20:12 python25-devel-2.5.6-1.x86_64.rpm
-rw-r--r-- 1 kelvin kelvin 1469432 Jun 15 20:12 python25-libs-2.5.6-1.x86_64.rpm
-rw-r--r-- 1 kelvin kelvin 3849692 Jun 15 20:13 python25-test-2.5.6-1.x86_64.rpm
-rw-r--r-- 1 kelvin kelvin  457052 Jun 15 20:12 python25-tools-2.5.6-1.x86_64.rpm
-rw-r--r-- 1 kelvin kelvin  329428 Jun 15 20:12 tkinter25-2.5.6-1.x86_64.rpm

Install your Python 2.5.6 RPM

Your 64-bit RPMs can be installed with one line:

[kelvin@campion x86_64]$ sudo rpm -ivh /tmp/py25/RPMS/x86_64/*.rpm
[sudo] password for kelvin: 
Preparing...                ########################################### [100%]
   1:python25               ########################################### [ 17%]
   2:python25-libs          ########################################### [ 33%]
   3:tkinter25              ########################################### [ 50%]
   4:python25-devel         ########################################### [ 67%]
   5:python25-test          ########################################### [ 83%]
   6:python25-tools         ########################################### [100%]
[kelvin@campion x86_64]$

Use your Python 2.5.6

Your new(-ish) Python 2.5.6 interpreter is invoked with python25 in order to preserve the system default Python 2.4 intrpreter used by yum and pretty much everything else on CentOS.

[kelvin@campion x86_64]$ python25
Python 2.5.6 (r256:88840, Jun 15 2011, 19:58:29) 
[GCC 4.1.2 20080704 (Red Hat 4.1.2-50)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import hashlib
>>>

Tags: , , , , ,

Doctoring EXIF data for Sun Media (aka Ignatieff in Kuwait)

Not Iggy

A lot hinged on the veracity of the picture — the low-resolution image furnished to Teneycke lacked critical metadata that would have helped determine the time the picture was taken. However, the report that accompanied the picture referred to those metadata. (Pierre Karl Peladeau
President and CEO of Sun Media Corporation
)

Before sending your hoax photos to anybody at Sun Media, you better make sure that you doctor the EXIF metadata because they will check – trust me. You’re a busy lobbyist and you don’t have time to learn all about this nerdy stuff (metadata wazzat???). No problem, this is what you do.

First, get your doctored photo and open it with a metadata editor like ExifTool There are others available but you’re in a rush and there is an election afoot and you have a ton of disinformation that has to get out – today!

Well, as luck would have it, there is no metadata on your pic. Don’t panic! Your Iggy pic backstory is that he was in Kuwait so you need to copy legit metadata from a pic taken in Kuwait. Go ask Google Image search, type “Kuwait army” and restrict your results to large pictures. The reason that we are selecting only “large” images is that we want the original/unedited large size pics taken by some US military photographer – the exact ones downloaded off the camera. They are always huge files. I found one from Military Sealift Command from 2007 which is good enough for our demo. Save it to your current working directory as we are going to copy the EXIF metadata to make it look like our hoax pic was taken in Kuwait.

Using ExifTool, copy all the metadata from the authentic Kuwait photo to your fake Iggy pic (only one command – w00t):

$ exiftool -tagsFromFile metadata_source.jpg not_ignatieff_exif.jpg

Now, if you’re particularly lazy or busy you can stop there since the metadata is now copied. If you have more time on your hands you can actually edit the individual entries and geocode the photo. Check out what we did:

$ exiftool -list not_ignatieff_exif.jpg
ExifTool Version Number         : 8.56
File Name                       : not_ignatieff_exif.jpg
Directory                       : .
File Size                       : 78 kB
File Modification Date/Time     : 2011:04:27 13:18:53-07:00
File Permissions                : rw-r--r--
File Type                       : JPEG
MIME Type                       : image/jpeg
JFIF Version                    : 1.02
Exif Byte Order                 : Little-endian (Intel, II)
Make                            : NIKON CORPORATION
Camera Model Name               : NIKON D2X
Orientation                     : Horizontal (normal)
X Resolution                    : 300
Y Resolution                    : 300
Resolution Unit                 : inches
Software                        : Adobe Photoshop CS2 Windows
Modify Date                     : 2007:09:24 12:06:07
Y Cb Cr Positioning             : Centered
Exposure Time                   : 1/180
F Number                        : 13.0
Exposure Program                : Aperture-priority AE
ISO                             : 100
Exif Version                    : 0221
Date/Time Original              : 2007:08:29 10:47:40
Create Date                     : 2007:08:29 10:47:40
Components Configuration        : Y, Cb, Cr, -
Exposure Compensation           : -2/3
Max Aperture Value              : 4.0
Metering Mode                   : Multi-segment
Light Source                    : Unknown
Flash                           : No Flash
Focal Length                    : 20.0 mm
User Comment                    : 
Sub Sec Time                    : 00
Sub Sec Time Original           : 00
Sub Sec Time Digitized          : 00
Flashpix Version                : 0100
Color Space                     : sRGB
Exif Image Width                : 2100
Exif Image Height               : 1395
Sensing Method                  : One-chip color area
File Source                     : Digital Camera
Scene Type                      : Directly photographed
CFA Pattern                     : [Red,Green][Green,Blue]
Custom Rendered                 : Normal
Exposure Mode                   : Auto
White Balance                   : Auto
Digital Zoom Ratio              : 1
Focal Length In 35mm Format     : 30 mm
Scene Capture Type              : Standard
Gain Control                    : None
Contrast                        : Normal
Saturation                      : Normal
Sharpness                       : Normal
Subject Distance Range          : Unknown
GPS Version ID                  : 2.2.0.0
Compression                     : JPEG (old-style)
Thumbnail Offset                : 934
Thumbnail Length                : 5386
Current IPTC Digest             : 460cf28926b856dab09c01a1b0a79077
Application Record Version      : 2
Copyright Flag                  : False
Global Angle                    : 30
Global Altitude                 : 30
XMP Toolkit                     : Image::ExifTool 8.56
Format                          : image/jpeg
Compressed Bits Per Pixel       : 2
Date/Time Digitized             : 2007:08:29 10:47:40-04:00
Flash Fired                     : False
Flash Function                  : False
Flash Mode                      : Unknown
Flash Red Eye Mode              : False
Flash Return                    : No return detection
Color Mode                      : RGB
ICC Profile Name                : sRGB IEC61966-2.1
Creator Tool                    : Adobe Photoshop CS2 Windows
Metadata Date                   : 2007:09:24 12:06:07-04:00
Derived From Document ID        : adobe:docid:photoshop:0f10c753-6154-11dc-9f27-a9bb9c4b68e4
Derived From Instance ID        : adobe:docid:photoshop:0f10c753-6154-11dc-9f27-a9bb9c4b68e4
Document ID                     : uuid:FF3F520BB86ADC11827AB2BAB20EBAFA
Instance ID                     : uuid:319A5A0FB86ADC11827AB2BAB20EBAFA
History                         : 
Quality                         : 60%
DCT Encode Version              : 100
APP14 Flags 0                   : [14], Encoded with Blend=1 downsampling
APP14 Flags 1                   : (none)
Color Transform                 : YCbCr
Image Width                     : 640
Image Height                    : 480
Encoding Process                : Progressive DCT, Huffman coding
Bits Per Sample                 : 8
Color Components                : 3
Y Cb Cr Sub Sampling            : YCbCr4:4:4 (1 1)
Aperture                        : 13.0
Shutter Speed                   : 1/180
Create Date                     : 2007:08:29 10:47:40.00
Date/Time Original              : 2007:08:29 10:47:40.00
Modify Date                     : 2007:09:24 12:06:07.00
Thumbnail Image                 : (Binary data 5386 bytes, use -b option to extract)
Image Size                      : 640x480
Light Value                     : 14.9
Scale Factor To 35 mm Equivalent: 1.5
Circle Of Confusion             : 0.020 mm
Field Of View                   : 61.9 deg
Focal Length                    : 20.0 mm (35 mm equivalent: 30.0 mm)
Hyperfocal Distance             : 1.54 m

Note: This is a parody entry. Don’t send any doctored pics to Sun Media. Also, don’t trust metadata as proof of anything.

Tags: , , , , , , ,

Manage multiple SSH private keys with IdentityFile

There are many guides that show you how to set-up your SSH client for password-less login using public-private key certificates. If you have different clients, you may have several different private keys. How can you manage them?

It was pointed out that ssh-agent and PuTTY’s Pagent can also be used to manage multiple private keys.

SSH has a per-user configuration file called ‘~/.ssh/config’ that it can use to select your private keys based on the remote user name and remote host by using wildcards. Let’s check out my ‘config’ file:

IdentityFile ~/.ssh/ids/%h/%r/id_rsa
IdentityFile ~/.ssh/ids/%h/%r/id_dsa
IdentityFile ~/.ssh/ids/%h/id_rsa
IdentityFile ~/.ssh/ids/%h/id_dsa
IdentityFile ~/.ssh/id_rsa
IdentityFile ~/.ssh/id_dsa

The percent-h and percent-r take the host and the remote user from your SSH user and hostname arguments. Consider this example command:

$ ssh remote_user@remote_hostname.example.com

From the example command, the SSH client would use the wildcards to seek the correct key to use:

~/.ssh/ids/remote_hostname.example.com/remote_user/

This means that if you had two private keys that you used to access two different servers, you would arrange them as follows. The first one is arranged as follows:

$ ls -l ~/.ssh/ids/remote.example.com/remote_user/
total 16
-rw-------  1 kelvin  staff  668 Mar 24 20:09 id_dsa
-rw-r--r--  1 kelvin  staff  610 Mar 24 20:09 id_dsa.pub
$ ssh remote_user@remote.example.com
[remote_user@remote ~]$

Our second example uses a simple hostname. If a remote user is not required, you can just use the hostname:

$ ls -l ~/.ssh/ids/webby.example.org/
total 16
-rw-------  1 kelvin  staff  668 Mar 24 20:09 id_rsa
-rw-r--r--  1 kelvin  staff  610 Mar 24 20:09 id_rsa.pub
$ ssh webby.example.org
[webby ~]$

For sure, these are totally contrived examples, but you can watch the cascade yourself by adding the verbosity flag(s) to your SSH client session (this one is my client’s WebFaction account):

Trinity:.ssh kelvin$ ssh -v user@user.webfactional.com
OpenSSH_5.2p1, OpenSSL 0.9.7l 28 Sep 2006
debug1: Reading configuration data /Users/kelvin/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to user.webfactional.com [192.168.0.254] port 22.
debug1: Connection established.
debug1: identity file /Users/kelvin/.ssh/ids/user.webfactional.com/user/id_rsa type -1
debug1: identity file /Users/kelvin/.ssh/ids/user.webfactional.com/user/id_dsa type 2
debug1: identity file /Users/kelvin/.ssh/ids/user.webfactional.com/id_rsa type -1
debug1: identity file /Users/kelvin/.ssh/ids/user.webfactional.com/id_dsa type -1
debug1: identity file /Users/kelvin/.ssh/id_rsa type 1
debug1: identity file /Users/kelvin/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'user.webfactional.com' is known and matches the RSA host key.
debug1: Found key in /Users/kelvin/.ssh/known_hosts:41
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/kelvin/.ssh/ids/user.webfactional.com/user/id_rsa
debug1: Offering public key: /Users/kelvin/.ssh/ids/user.webfactional.com/user/id_dsa
debug1: Server accepts key: pkalg ssh-dss blen 433
debug1: read PEM private key done: type DSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
Last login: Thu Mar 31 22:31:08 2015 from 192.168.0.200
[user@web ~]$

Tags: , , , ,

Speed up PHP with APC on Ubuntu 10.04LTS

Ubuntu 10.04 LTS makes it quite simple to set up a basic LAMP server using tasksel; however, the default PHP set up does not include APC, the Alternative PHP Cache, which speeds up many PHP applications like Drupal. In the past, setting up APC involved using PECL or installing from source, but with Ubuntu Lucid, the process has been simplified using apt-get.

First, let me identify my demo system. It is running Ubuntu 10.04 LTS Lucid and has been patched to the latest version:

$ uname -a
Linux demo 2.6.32-24-generic #43-Ubuntu SMP Thu Sep 16 14:17:33 UTC 2010 i686 GNU/Linux
$ lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 10.04.2 LTS
Release:	10.04
Codename:	lucid
$ sudo apache2ctl status | grep "Server Version"
Server Version: Apache/2.2.14 (Ubuntu) PHP/5.3.2-1ubuntu4.7 with Suhosin-Patch
$ apt-cache show php-apc | grep Version
Version: 3.1.3p1-2

Ubuntu has added a Debian package into universe that allows APC to be added to any system quite easily:

$ sudo apt-get install php-apc
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Suggested packages:
  php5-gd
The following NEW packages will be installed:
  php-apc
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0B/77.2kB of archives.
After this operation, 217kB of additional disk space will be used.
Selecting previously deselected package php-apc.
(Reading database ... 28911 files and directories currently installed.)
Unpacking php-apc (from .../php-apc_3.1.3p1-2_i386.deb) ...
Processing triggers for libapache2-mod-php5 ...
 * Reloading web server config apache2
   ...done.
Setting up php-apc (3.1.3p1-2) ...

Note: You must restart the web server to begin using APC

$ sudo apache2ctl graceful

Out of the box (er…package), APC has some sane defaults. If you are “a serious user,” you will want to change your configuration yourself. Seriously, that is what the documentation says:

serious users should consider tuning the following parameters…

To tweak your very serious APC installation, you can change the settings manually (using vim):

$ sudo vim /etc/php5/conf.d/apc.ini

The APC configuration file is seriously barren; it is little more than an extension include directive. You can add extra keys after reading the APC’s online documentation related to settings.

Finally, there is a small php script that provides more information on the operation of the APC module. Copy it to your web root and decompress it. You should change the default username and password used to protect the script by changing the username and password variables directly in the PHP code:

$ sudo cp /usr/share/doc/php-apc/apc.php.gz /var/www
$ sudo gzip -d /var/www/apc.php.gz
$ sudo vim /var/www/apc.php

Change credentials near line 41:

41
42
defaults('ADMIN_USERNAME','apc'); // Admin Username
defaults('ADMIN_PASSWORD','password'); // Admin Password - CHANGE THIS TO ENABLE!!!

Now, view your APC page (assuming your web server is at 192.168.0.6):

http://192.168.0.6/apc.php

Tags: , , , , , , ,

Debian 6 Squeeze and a HP Compaq DL380 G2

I was trying out the new Debian 6 Squeeze release on an old DL380 G2 and it complained about a missing piece of firmware (e100/d101m_ucode.bin). The missing code is a non-free binary-only module that you can install with firmware-linux-nonfree_0.28_all.deb. If you don’t install it then your network card won’t work.

To solve this issue, download the deb file and put it in the root of a thumbdrive. Plug the thumbdrive in the USB port at the back of your DL380 when prompted and Debian should find it if the deb-file is in the root of the drive (not buried in a folder somewhere). With this change I was able to get the network card going and it completed the DHCP set-up without further issues.

One way to avoid all this extra work is to install the OS using the installation disks that include the non-free binary modules. If you just want to get Debian running without the hassles of adding bits of non-free firmware then check out the installation media that includes the non-free firmware.

Nobel Peace Prize vs Confucius Peace Prize Primer

Just in case you missed it, China is behaving like a spoiled baby over the awarding of the Nobel Peace Prize to Liu Xiaobo. Frankly, he’s a guy that I never heard of before last week but the more I read about him the more I like him. Need help figuring this out? Me too!

What is it? Scandinavian award for peace established by Alfred Nobel. Chinese award for peace established by obscure NGO to deflect attention from Nobel award.
Established 1901 Last week maybe? (Dec 2010)
2010 recipient Liu Xiaobo (Chinese literary critic, writer, professor, human rights activist, and dissident) Lien Chan (Taiwanese politician and China apologist)
Reason Trying to bring democracy to a backwards ass nation. Publishing manifesto. Human rights work. Not being Liu Xiabo.
2010 nominees Liu Xiaobo, Morgan Tsvangirai, Svetlana Gannushkina, The Special Court for Sierra Leone, Democratic Voice of Burma, Sima Samar, Tony Blair, Bill Clinton, Denis Mukwege, Grandmothers Of The Plaza De Mayo, Lien Chan, Jimmy Carter, Bill Gates, Panchen Lama
Prize Medal, scroll and USD$1.4 million approx. USD$15,000 approx. (100,000 yuan)
Accepted by Empty chair Empty chair (or terrified child)
Disposition In jail in China Surprised in Taiwan
Aspect Nobel Peace Prize Confucius Peace Prize

Tags: , , ,

960gs Grid Templates for Fireworks

When starting a new grid-based design I use Adobe Fireworks for the initial screens. Here are my starter files for the 960 grid system in 12-column, 16-column and 24-column formats. I actually have never used the 24-column one but I made it anyway. Right click these and save them to your local drive.

Vertical guides only

Vertical and horizontal guides

Licensed under MIT & GPL licenses (your choice)

Tags: , , ,