Crea sito

How to sync your bashrc between servers

2

Sync out of the box – Sync your bashrc using a CVS

Sync your bashrc between servers

Sync your bashrc between servers

If you work on several Unix servers you may need to keep in sync your shell profile (bashrc, kshrc, zshrc, .profile, etc).

When available on the servers, you can use Rync, or if your servers are directly connected to Internet, you can use a CVS system (bazaar, git, cvs, svn) and store your user settings, for example, on github (Using Git and Github to Manage Your Dotfiles by Smalley Creative Blog).
Obviously you can also develop a script or a software that does something similar.

A nifty alternative, sync your bashrc with ssh

When you don’t want or you cannot use one of the above methods, an alternative is to use an awesome functionality of OpenSSH.

OpenSSH allow you to set a local command to be executed every time you successfully connect to a remote host.

We can use this functionality to just execute an scp of our .bashrc on each server we connect to.

$ cat .ssh/config
Host *
PermitLocalCommand yes
LocalCommand scp -q %d/.bashrc %h:

In this example we set for all the ssh connection (Host *) that we allow ssh to execute local commands (PermitLocalCommand yes). The command is specified in the last line, where %d is substituted by the local home directory and %h by the target host.

Using Host * is not a good idea except if you have a really basic and anonymous shell profile.

I usually have Host sections in my ssh/config file based on domain names (like *.simbiosi.org) and instead of a “naked” scp I advice to use a script that transfer a list of files only if they have not been synchronized previously (may be the subject of a future article)

The big advantage of using LocalCommand is that you don’t need to keep an inventory of the servers you connect to and neither setup manually all of them.

Have you ever played Diablo? (Tristram Diablo-Classical Guitar)

4

This is one of my favorite Diablo’s cover:

YouTube Preview Image

On the way to my workplace

0

image

Today it’s finally snowing!

Disable PC-BSD System Update Applet

0

To disable pc-systemupdatertray (the PC-BSD system update applet) it’s enough to execute the following command as root

pbreg set /PC-BSD/SystemUpdater/runAtStartup false

Safe with FreeBSD + Tor + Polipo + xxxterm

11

Staying absolutely safe on the Internet is nearly impossible. However, there are certain tools and software to help achieve at least a comfortable amount of anonymity and privacy.

Here I will explain how to setup a safe environment using PC-BSD (FreeBSD), TorPolipo and xxxterm.

xxxterm – a minimalist secured browser

xxxterm is a minimalist web browser with sophisticated security features built-in rather than through an add-on.

In addition to providing a familiar mouse-based interface like other web browsers, it offers a set of vi-like keyboard commands for users who prefer to keep their hands on the home row of their keyboard.

The default settings provide a secure environment. With simple keyboard commands, the user can “whitelist” specific sites, allowing cookies and scripts from those sites.

It is ISC licensed.

Tor – The Onion router

Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.

Polipo – a caching web proxy

Polipo is a small and fast caching web proxy (a web cache, an HTTP proxy, a proxy server). While Polipo was designed to be used by one person or a small group of people, there is nothing that prevents it from being used by a larger group.

PC-BSD – a FreeBSD based Operating System

PC-BSD is a user friendly desktop Operating System based on FreeBSD.

Known widely for its stability and security in server environments, FreeBSD provides an excellent base on which to build a desktop operating system.

PC-BSD uses a host of popular open source window managers and uses a custom-tailored application installer that puts popular applications in easy reach of users.

How to install and use them?

This is very easy, like drinking a cup of coffee (a home made good one please!)

Software installation(user is root)

portmaster www/xxxterm www/polipo security/tor

Configure tor

cp /usr/local/etc/tor/torrc.sample /usr/local/etc/tor/torrc
  • Add/Modify the following lines in /usr/local/etc/tor/torrc
RunAsDaemon 1

Configure polipo

cp /usr/local/etc/polipo/config.sample /usr/local/etc/polipo/config
  • Add/Modify the following lines in /usr/local/etc/polipo/config
socksParentProxy = "localhost:9050"

diskCacheRoot = ""

daemonise = true

logSyslog = true

Start tor and polipo daemons

tor_enable="YES"
polipo_enable="YES"

Configure xxxterm (with your regular user)

echo “http_proxy = http://127.0.0.1:8123/” >> ~/.xxxterm.conf

Start browsing the internet safe.

xxxterm

Careful internet is watching you!!!

Using the software discussed here cannot protect you against bad behavior. For instance, it is not very wise to login using your user name and passwords (especially if you use the same password everywhere) on to websites like GMail or Facebook. Using this software will not protect you from malicious Internet sites that collect your personal information or sites that phish you.

Also, software is not perfect. It may contain bugs and security holes. Do not rely completely on this software. Be careful.
As pointed out by one reader, this configuration, without hiding clients DNS requests, can be dangerous in the case someone wants to find you.

Therefore it’s absolutely important to run xxxterm with a socks proxy, this way the DNS query will be executed inside the tor network, giving you much more protection.

To do this you can install torsock and execute xxxterm through usewithtor

portmaster net/torsocks
usewithtor xxxterm

Don’t forget to comment the proxy in the xxxterm.conf

Acknowledgements

Thanks a lot to 10wattmindtrip for the help.

Un nuovo look per l’Android

0

Questo articolo è in draft, ma verrà rilasciato in versione definitiva molto presto

Sense Glass ADW Theme

Tema per Android

 

Facciamola breve

Con un qualsiasi Android disponibile sul mercato, dovrebbe essere possibile installare i seguenti temi e applicazioni per ottenere la stessa interfaccia che vedete qui sopra.

In realtà, essendo un Bastian Contrario di prima categoria, mi sono spinto molto più in là e conto di andare ben oltre.

Possiamo fare meglio?

Si, esorcizzare, liberare, migliorare, ma sopratuttare riconquistare il potere sul proprio smart phone.

Perché?

Quando ho comprato il mio HTC Desire (code name Bravo), mi sono subito reso conto che non era veramente mio, ma del mio operatore (che non cito per NON fargli pubblicità) e che difficilmente avrebbe reso disponibili gli aggiornamenti di Android ad un ritmo accettabile.

Un sistema non aggiornato è un sistema non solo obsoleto, ma anche esposto ad attacchi di cracker senza scrupoli o di ragazzacci perditempo.

Secondo me e secondo qualche milione di altri Bastian Contrari, quando compro qualcosa, deve essere di mia proprietà e mia soltanto, questo sembra un concetto ovvio, ma per esempio, quando compriamo un computer o uno smart phone come un Android, qualcun altro decide al nostro posto cosa installarvi e rende pure le cose molto difficili a chi non è d’accordo.

Se comprate un Android, un certo numero di applicazioni non potranno funzionare, in quanto non permessi root sul vostro telefono.

L’utente root è un amministratore del sistema, con il quale è possibile installare qualsiasi cosa, aggiornare il sistema e modificare a fondo il funzionamento del proprio dispositivo, adattandolo alle vostre esigenze. Quindi, ottenendo i permessi root sul vostro telefono, potete definitivamente dire che siete padroni del vostro smart phone.

In questo articolo, vi guiderò passo passo ad esorcizzare il vostro Android ed in particolare, per questo tutorial, userò il mio HTC Desire (Bravo).

Attenzione!!!

I produttori di telefoni non sostengono modifiche al software, che loro stessi forniscono con il vostro telefono e quindi fanno cadere la garanzia se fate le modifiche qui di seguito descritte.

È quindi assolutamente tassativo:

  1. Accettare che se qualcosa va storto pagherete di tasca vostra,
  2. Che siete liberi di restare schiavi e godervi i vantaggi della “protezione” del vostro padrone.
  3. Dovete assolutamente fare un backup completo del sistema se siete dei Bastian Contrari come me (arrendetevi almeno adesso!!!).

D’accordo, come…

Di seguito (nei prossimi giorni), vi dirò come fare a:

  1. Fare un backup.
  2. Ottenere i permessi root
  3. Godersi il potere ottenuto
  4. Risorse

Backup

Se non si è root è impossibile effettuare un backup completo, altra buona ragione per darsi da fare.

Non potendo effettuare un backup completo, non ci resta che effettuare un backup dei dati che ci interessano e per fare ciò, possiamo utilizzare alcune delle seguenti applicazioni:

Una volta che avete salvato quello che vi occorre, potete passare a  sbloccare il vostro Android.

Ho usato unrevoked con successo, ma vi consiglio di usare revolutionary.io (egualmente testato con successo), in quanto, pur essendo in via di sviluppo, è il risultato congiunto degli hacker di Unrevoked e Alpharev, a mio parere il miglior connubio che si possa immaginare nella scena Android.

Leggete per intero la pagina di Revolutionary e se avete problemi di comprensione chiedetemi!!!

Il processo è molto semplice, basta impostare il telefono in USB Debug, collegare il telefono alla presa USB del telefono, eseguire il programma fornito da Revolutionary.io e seguire le istruzioni.

Il processo durerà al massimo 5/6 minuti e al termine sarete root!!!

Adesso?

Una volta che sarete root, potrete finalmente:

  • Fare un backup completo
  • Installare degli aggiornamenti
  • Installare nuove ROM (il firmware del telefono che contiene il sistema di base)
  • Abilitare e usare funzionalità avanzate

Fare un backup completo

Adesso che siete root potete fare un backup completo utilizzando una applicazione specifica, come Titanium Backup, oppure dal menu recovery di clockworkmod (vedremo in futuro in dettaglio).

Sort IP Addresses with GNU sort

0

On UNIX like operating systems, an IP address can be sorted using the utility sort, part of the GNU Core utils

 sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4

-n, –numeric-sort          compare according to string numerical value

-t, –field-separator=SEP  use SEP instead of non-blank to blank transition

-k, –key=POS1[,POS2] start a key at POS1 (origin 1), end it at POS2

If you like a well written explanation of this, I invite you to read this article by Paul Heinlein.

Network notes.

0

Partially taken from http://www.tomax7.com/mcse/neteworking2005.htm

TCP/IP

Internet Protocol and the Transmission Control Protocol.

IP address is a 32-bit logical number to address a network device. IP are normally represented by decimal numbers, but could be useful sometimes to represent them in binary.

10101100.00010011.01011000.01001001
172. 19. 88. 73

An IP address is divided in 4 parts (each 8 bits), these parts are called octets. In the IPV4 there are 5 address classes:

Class A from 1 to 126, in binary the octet start with 0xxx
127 Reserved for loopback, 01111111
Class B from 128 to 191, in binary the octet start with 10xx
Class C from 192 to 223, in binary the octet start with 110x
Class D from 224 to 239, in binary the octet start with 1110 Don’t use. Reserved for the future.
Class E from 240 to 254, in binary the octet start with 1111

IANA reserved 4 address ranges to be used in private networks, these addresses won’t appear on the Internet avoiding IP address conflicts.

10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 that means:

- 10.0.0.0 through 10.255.255.255
- 172.16.0.0 through 172.31.255.255
- 192.168.0.0 through 192.168.255.255
- 169.254.0.1 through 169.254.255.254 (reserved for Automatic Private IP Addressing)


The meaning of 8,12 and 16 is

8 = 255.0.0.0
12 = 255.240.0.0
16 = 255.255.0.0

These are subnet mask.

A subnet mask is used to determine which part is the network (n) part and which is the host (H) part.
Default subnet masks:
Class A 255.0.0.0 that is nnnnnnnn.HHHHHHHH.HHHHHHHH.HHHHHHHH
Class B 255.255.0.0 that is nnnnnnnn.nnnnnnnn.HHHHHHHH.HHHHHHHH
Class C 255.255.255.0 that is nnnnnnnn.nnnnnnnn.nnnnnnnn.HHHHHHHH

Subnetting

Bitwise (logical AND) between IP address and subnet mask to have the IP of the network

10101100.00010011.01011000.01001001 172.19.88.73
11111111.11111111.11111111.00000000 255.255.255.0
———————————————————————————————–
10101100.00010011.01011000.00000000 172.19.88.0

To calculate how many subnet in a net mask I can have use the formula (2^n) -2 where n is the number of bits in either field. For example the subnet 255.255.240.0 (11111111.11111111.11110000.00000000 could have (2^4) – 2 = 14 subnets.

 

TWiki nor TWiki? Of course Foswiki!

0

Today is a great day, 3 weeks ago, almost all of the TWiki developers started a fork of the project because they were disagreeing Peter Thoeny (TWiki founder and project leader) strategies and initiatives.

The heir of TWiki
As of October 27th 2008, ‘TWiki’ is no longer the same – it is now commercial open source.
The people that drove TWiki development for the past decade feel the time has come to do so under a different name.

I was an addicted, satisfied and active TWiki user since the September 4th 2006, installing, upgrading and using it for an enterprise I’m working for.

But things change, wrong founder strategies and politics convinced most of all the community members to leave the project and to found a new one.
Of course, for obvious reasons, I support the Foswiki community

Let’s see the main reasons of the fork (from the Foswiki site):


January, February 2008: conflicts arise

In January 2008 Peter thoeny attempted to release TWiki 4.2.0 with a press release that suggested that TWIKI.NET were responsible for the release. This was withdrawn after community protests, and a request for clarification of the governance model added to the agenda for the summit.

July 2008: first governance proposal not accepted by the community

Peter Thoeny wrote up a proposal for the new TWiki governance model (link to that page revision). In short:

  1. Peter Thoeny is a Self Appointed “Benevolent Dictator for Life” (BDFL) — spiritual leader of the TWiki project. The BDFL appoints members of the Technical Board.
  2. The TWiki name and brand, and the twiki.org domain name are the property of the project founder Peter Thoeny and he has sole discretion in decisions related to these matters.

This proposal met considerable opposition from the community. It seemed to go against some already established, and more democratic decision structures. The role of BDFL met some strong resistance, although some members acknowledged the need for leadership.

September 2008: emotions rising, creation of a democratic board

Just before the TWiki Community Summit September 2008 in Berlin, the community learned that Peter Thoeny was not willing to discuss the role of BDFL or the TWiki brand.

Moreover, Peter would not be able to join the summit; instead Tom Barton would be attending.

At the summit, the attending TWiki community members (present physcially and by conference call) made these stands:

  • The BDFL position is not needed or appropriate for the community. The majority position was that this would not be an acceptable element of governance.
  • The participants expressed very strong reservations about TWIKI.NET’s control of the TWiki brand whose value, the participants felt, is primarily based on the volunteer contributions of many individuals.

At the end of the day, the group summarized it’s positions on these questions as follows:

  1. The license on the brand name “TWiki” should be a free (as in free beer and free speech) Public License given to the entire community, without having to sign an agreement.
  2. Peter Thoeny is considered the Chief Evangelist, but he will not have veto right, nor will he have the right to overthrow community decisions.

These demands should be followed, or the community would create a fork.

October 2008: undemocratic takeover

As a complete surprise, at 27 October 2008, 21:00 GMT, just a minute before the regular TWiki release meeting, the company TWIKI.NET announced unilaterally that the best for the TWiki.org project would be for them to take over governance (read the IRC logs).

In an undemocratic move, all TWiki Community members were barred from editing the twiki.org website. All contributors were required to accept a newly introduced set of terms of use in order to access the TWiki software. This implicitly meant accepting the new TWiki Governance model, in spite of the fact that the community had previously rejected this model. In addition, a new privacy policy was effectuated.

TWiki is now led by TWIKI.NET instead of the Open Source community.

No core contributors have agreed to continue development based on the new governance model.

Result: contributors split from twiki.org

Immediately after the announcement, a large group of community members have joined forces to continue development of TWiki. Working title: Foswiki.
The goals of Foswiki are:

  1. Found an association as a formal body for the project, including the reorganization of its governance down to all operational questions
  2. Guarantee a volunteer-friendly and democratic environment
  3. Release a new version of TWiki-compatible as soon as possible

790 commits in 3 weeks, and the project has now a name! Foswiki is growing up fast, strong and most of all Free!

As the Foswiki community is working like crazy to deliver the 1.0.0 version, I expect soon will be possible to switch from (almost) any TWiki installation to a Foswiki one.

There are not good excuses to keep the TWiki installation, as most of all the developers and TWiki freelancers moved to Foswiki. More over after the kick in the ass Peter gave to all the brilliant people worked for free to improve what was a good project.

Join it, taste it and spread it!

Disk Volume Manager notes

0

Some notes to use Veritas Volume Manager on Solaris

View configuration:

vxprint -th

List disks:
vxdisk list
vxdisk -o alldgs list (shows deported disks)

Replace a failed drive:

vxprint to see which disk is failed. Take note of disk media (dm) and disk group (dg) name.
vxdiskadm to remove (item 4) the failed disk. If there are not hot spare disks answer “none”

Replace phisically the disk.

vxdiskadd to initialize (just initialize) the disk. Say “not” (n) to default disk name, make it as spare disk and to encapsulate it. Don’t set the media disk name but just exit. The new disk is now initialized.

vxdiskadm to substitute the failed/removed disk (option 5).

  • Enter the media disk name.
  • The access name (like c#t#d#s#).