Margus Pala is fixing IT!

What to do if there is problem with IT

Archive for September, 2011

Install Roboo to Ubuntu for DDOS protection.

Sep 25

Posted by smartman in Linux, Roboo, security, ubuntu | 2 Comments

I was fortunate enough to take part in Black Hat 2011 EU where was first public presentation of Roboo the HTTP mitigator http://www.ecl-labs.org/2011/03/17/roboo-http-mitigator.html. What is less fortunate is that it can be a pain to install, mostly because of dependency on perl modules. I have tried it a few times and present my experience in here.

Get yourself roboo which comes as a nginx module written in perl. Also get nginx example configuration. Newest versions are available in github https://github.com/yuri-gushin/Roboo. Place these files to those locations

/etc/nginx/nginx.conf
/opt/local/share/nginx/Roboo.pm
To avoid problem below modify first line of nginx.conf and change user nobody to www-data for example:
Starting nginx: [emerg]: getgrnam("nobody") failed in /etc/nginx/nginx.conf:1
configuration file /etc/nginx/nginx.conf test failed

It is tempting to install nginx from reposotory but you will get error.

Starting nginx: [emerg]: unknown directive "perl_modules" in /etc/nginx/nginx.conf:10
configuration file /etc/nginx/nginx.conf test failed

Read the rest of this entry »

Share on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit

How to listen internet radio like 1.fm in any media player eg Banshee or VLC

Sep 25

Posted by smartman in Linux, tips & tricks, ubuntu | 1 Comment

Sometimes I like to listen to internet radios when working at the computer. One of the best radios is 1.fm but no radio is perfect and you want to change channel from time to time. If several radio channels each played inside different browser window then it is a mess when changing station. You need to find currently playing window, stop it there, find another radio window and start in there. On the other hand changing radio channels in single media player is just a matter of clicking next button in keyboard.

Problem is that nobody tells you what is the URL you need to import Banshee for it to be able to play channel. Fortunately it is easy to find out. Firstly install wireshark and start capturing your network traffic. Next go to www.1.fm and start playing your favorite radio channel.

Once channel is playing write into Filter: field

tcp contains "audio/mpeg"

After hitting apply you will see about one line left. rightclick it and select “Follow TCP Stream”. Popup opens and in pink color you see 2 first lines like

GET /ftv-256k-mp3?rand=0.559427538421005 HTTP/1.1
Host: tai-03.egihosting.com

This is enough to put together radio station URL in Banshee or Rhythmbox. Some examples here

Country One: http://tai-02.egihosting.com/country-256k-mp3
Dance One: http://tai-02.egihosting.com/dance-256k-mp3
FTV Hit Radio: http://tai-03.egihosting.com/ftv-256k-mp3

Enjoy, comment and hit +1 button if this helped you.

Share on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit

Create new SVN repository into your ubuntu server

Sep 23

Posted by smartman in Linux, SVN | 1 Comment

Here i describe how I add new repositories to my SVN server once I start working on something new and interesting.

First create URL for repository so add following to vhost configuration

  <Location /svn/yourproject>
        DAV svn
        SVNParentPath /svn/yourprojeect
        SVNListParentPath on
        AuthType Basic
        AuthName "Yourproject svn"
        AuthUserFile /etc/subversion/yourproject.passwd
        Require valid-user
  </Location>

Create user and give the user a password

htpasswd -c /etc/subversion/yourproject.passwd youruser

Create directory for your svn and initialize svn repository in there.

mkdir /svn/yourproject/
svnadmin create /svn/yourproject/svnrepository
chown -R www-data:svn /svn/yourproject/
chmod -R g+wrs /svn/yourproject/
service apache2 restart

See also solution to problems that might arise.

Share on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit

Configure Apache to support multiple SSL sites on a single IP

Sep 14

Posted by smartman in apache, Linux, ssh, ubuntu | 7 Comments

You can host unlimited NameVirtualHost-s with http protocol. But how can you have many virtual hosts in vhost file over https? Not possible ????

Most of websites have some sort of CMS which has admin passwords and these must not be sent over plaintext, little security warning for admins is not a big problem. When using apache default conf and defining many VirtualHost-s for port *:443 you still see only one when you open any of these sites.

Problem can be located from error_log like this.

[Wed Sep 14 10:05:28 2011] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Wed Sep 14 16:06:28 2011] [warn] _default_ VirtualHost overlap on port 443, the first has precedence

Solution is to explicitly tell apache to host NameVirutalHost also for port 443 in addition to 80 which is default. Make sure you have something like htis in ports.conf or similar httpd configuration file.

<IfModule mod_ssl.c>
    NameVirtualHost *:443
    Listen 443
</IfModule>
Share on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit

SVN server setup using WEB DAV

Sep 13

Posted by smartman in Beginners, Linux, SVN, tips & tricks | 1 Comment

Good way to use SVN is through https and apache using mod_dav and mod_dav_svn.

While debugging and trying different settings I was able to see all of these error messages before correct combination for configuration was found. Best ways to debug are Eclipse SVN “Edit Repository Location” view that displays useful error message when clicking  finish. Apache access log and error log are also very useful.

Eclipse
Get repository folder children operation failed.
svn: Malformed XML

Netbeans
org.tigris.subversion.javahl.ClientException: Malformed XML

Error while performing action: Repository moved permanently to 'https://marguspala.com/testproject/'; please relocate

PROPFIND requests with a Depth of "infinity" are not allowed for /testproject/.

org.tigris.subversion.javahl.ClientException: svn: PROPFIND of '/testproject': 405 Method Not Allowed (https://marguspala.com)This could have the following meaning(s):
- the folder specified in the repository URL does not exist on the host
- your proxy does not allow the svn command you have invoked

1.2.3.4 - - [13/Sep/2011:12:38:03 +0200] "PROPFIND /testproject HTTP/1.1" 405 659 "-" "SVN/1.6.15 SVNKit/1.3.5 (http://svnkit.com/) r7406

To avoid most of these errors use Location conf exactly like this:

<Location /testproject>
 DAV svn
 SVNPath /svn/testproject
 AuthType Basic
 AuthName "Test svn project"
 AuthUserFile /etc/subversion/passwd
 Require valid-user
 </Location>

Most important is to never ever use trailing slash in Location directive.

Share on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit

What to keep in mind when moving site from one server to another

Sep 12

Posted by smartman in Linux, tips & tricks, ubuntu | No Comments

For backup purposes or just transferring website it is important to keep in mind following things

  • Dump database from old place and import it into new.
  • Copy web files to new machine.
  • Move website configurations to backup server. (vhosts.conf, httpd.conf ..)
  • Take SSL private keys and certificates with you. Less relevant if selfsigned keys are used.
  • If new server has different linux distribution with different default keys location then change https vhosts keys location.
  • New site must have all required software installed (php, mysql, httpd, apache modules)
  • New server must have all required directories present. (Custom folder for logfiles?)
  • Check if mysql has databases created before importing sql.
  • Check if mysql has database users created with correct privileges.
  • Change DNS records if ip was changed
  • Copy your syslog configuration
  • Review and Copy your iptables rules.

 

 

Share on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit

Identity ‘signupBean’ does not reference a MethodExpression instance

Sep 9

Posted by smartman in java, JSF | No Comments

Problem itself is simple. JSF h:commandButton or h:commadLink is pressed and error below happens.

javax.el.ELException: /index.xhtml @12,78 action="#{signupBean}": Identity 'signupBean' does not reference a MethodExpression instance, returned type: com.project.beans.SignupBean

If you see something similar then you have typo in your code. In your commandButton/commandLink is missing bean method specification.

<h:commandButton value="Login with gmail" action="#{signupBean}"></h:commandButton>

must be replaced with

<h:commandButton value="Login with gmail" action="#{signupBean.signup}"></h:commandButton>

Full stack trace to follow  Read the rest of this entry »

Share on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit

Little known skype feature – turning off chat notifications.

Sep 7

Posted by smartman in tips & tricks | No Comments

Skype is still quite popular IM in personal and business use even though it was bought by Microsoft. One very useful feature is on-demand group chats that can be created whenever and with whom wanted.

Problem here is that some chats can turn to be distractions with lot of jabber and you cannot also leave them because occasionally it contains important information.

Very simple solution is typing into chat window:

 /alertsoff

In effect chat window will not blink nor show itself regardless of action happening there. Once this chat gets quieter type into chat window:

 /alertson

and you get back all blinking action and popups.

For more info type:

/help

and you get full commands list below Read the rest of this entry »

Share on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit

PhoneGap vs native Android and iPhone app performance and features

Sep 2

Posted by smartman in android, iphone, jquery mobile, phonegap | 4 Comments

Overview

PhoneGap is mobile framework that allows developers to create HTML 5 and JavaScript pages and sun these inside mobile devices. Please bear in mind that “webserver” runs inside the device. It is also possible to display external pages using plugin called ChildBrowser. While PhoneGap does not support PHP it does support javascript libraries like jQuery mobile which enables you to script and create very good looking apps.

For beginners

When starting from scratch then learning development in phonegap is no easier than starting to learn for native android, iphone, windows phone, symbian or any other.

Features

Best feature ever with PhoneGap is that you can write app once and deploy this over 6 different platforms: Android, iPhone, WebOS(HP Palm), BlackBerry OS, Symbian and Samsung Bada. While this multiplatform support is working and widely advertised then in reality many features are not supported across all these platforms. Personally I am missing PhoneGap Facebook plugin support which extends only to android and iphone.

Permissions

Minimal requirement is internet. Even if your application does not send or receive a byte of traffic then because of internal workings of PhoneGap you must grant internet permission (android.permission.INTERNET). Other issue that bothers me is that on current implementation you cannot make camera pictures or photos without memory card write permission (android.permission.WRITE_EXTERNAL_STORAGE).

Plugins

PhoneGap is also extensible with plugins. Plugins are native code that will be called from Javascript. It is not too difficult to write plugin of your own if some features are missing that can be achieved only with native code.

One of the most interesting plugins is Analytics this allows you to track how users are using your app. There is not such feature for native apps that I know of.

Performance

I have noticed that on popular cheaper and slower phones with 600Mhz CPU there are some performance issues with mobile jquery and phonegap, you can test it on your own phone by browsing to http://jquerymobile.com/test/. Changing pages is not so smooth as it could be. On the other hand on more expensive phones these tweaks are hardly noticeable. I made some measurements on my own and PhoneGap is ca 3x slower than native code.

Conclusion

In conclusion it is recommended to use PhoneGap with simple apps to get best coverage over multiple platforms with least effort. If application logic needs more phone specific features then at first stage core app can be written in HTML5 and Javascript and extended with plugins which are written in native code by others or yourself. Demanding applications that rely heavily on phone builtin hardware is better to be written in native code, it makes app to perform better and it nothing beats native code in compatibility. Write your

Please comment ad hit +1 button above if this helped you.

Share on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit