LVM Beauty

I started using lvm today…it simply rocks. Nothing more nothing less. I won’t say much…just take a look at this…and you decide if it’s worth it…
The following actions were performed WITHOUT unmounting ANY disks…

# df -HT /dev/koko/test
Filesystem Type Size Used Avail Use% Mounted on
/dev/koko/test
reiserfs 200G 7.2G 193G 4% /lvm

# resize_reiserfs -s -100G /dev/koko/test (reducing the partition by 100Gb)

# lvreduce -L100G /dev/koko/test (reducing the logical volume by 100Gb)

# df -HT
Filesystem Type Size Used Avail Use% Mounted on
/dev/koko/test
reiserfs 93G 7.2G 86G 8% /lvm

LVM made my day 😉

New voice chat for our wireless network

Some of you might know that I am part of the local wireless network in the city I live. Until today we used Ventrilo for our voice chats. The problem with ventrilo is that it only accepts 8 simultaneous connections…no more than 8 people can join the server in the unregistered version and we are more than 10 and have lots of friends joining our chats from all over the world (arizona, london. germany, etc,etc). We tried to contact ventrilo to register it…but they don’t accept any further registrations (!?!?!).
quote from their site:

Update: At the current time we are not accepting any new license applications. Any other licensing issues should be directed to the sales@ventrilo.com account.

I had set up TeamSpeak but we never used it because we had some problems. We had not managed to set up correctly the NAT(+ port forwading) from the dsl (that connects us to the Internet) in order for people coming from the Internet to be able to join our conversations. I just did that 5mins ago 🙂
For an unknown reason whenever I used the default ports for listening I saw no packets (using ethereal)came from the dsl to the box inside the wireless…the ISP probably has some kind of firewall to that port…who knows why though…so I changed the port the Teamspeak server listens (which wasn’t that easy because I had to “guess” that I can only change that through the webinterface and not through the .ini lying inside the dir the program runs….d0000000000h). At least now it’s fully working!

happy voice-chatting for us!
YEAH!

There goes my uptime…

After 36 days and for no apparent reason my main machine at home running windows XP rebooted while I was taking a nap.
The “infamous” event viewer shows nothing as usual and the pc is on a UPS. No rational explanation…apart from: “Hey man! it’s Windows…what did you expect?”. I expect from my OS to tell me what happens to my machine…what service freaked out THAT much that made the machine to reboot.
Maybe the machine found out a way to say: “Make me gentoo…plz!”

I’ll satisfy it’s needs when my exams are over at the end of the month. After all the only reason I wanted that machine open all day and night was to overcome the 27 day barrier that a friend posed XP would stand…I reached 36…but still, there’s a big: WHY? WHY? WHY ?

Qmail + vpopmai l+ procmail + spamassassin

You might probably think that’s crazy…but yes it is possible. I have a qmail lazydog installation that has built in vpopmail. But no mailer is complete these days unless it features antispam and antivirus protection. So I though I should implement spamassassin + clamav. I won’t show how to setup spamd or clamd but how to process and deliver mails to users.
How it works:
inside each domain in vpopmail there’s a .qmail-default file that it has probably something like this,

| /home/vpopmail/bin/vdelivermail ” /home/vpopmail/domains/DOMAINNAME/postmaster

But we want to use procmail, so we make it like this:

| preline /usr/bin/procmail -p -m /home/vpopmail/etc/procmailrc

My procmailrc file:

# qmail Lazydog procmailrc file
SHELL=”/bin/bash”
VHOME=`/home/vpopmail/bin/vuserinfo -d $EXT@$HOST`
VERBOSE=”no”

# Make sure that we have a .Spam and .Virus folder to sort spam and virus into.
# This will create directorys under the ~vpopmail/domains///Maildir
# direcory. This directory will be created as soon as the user
# recives any mail. It simply creates the .Spam and .Virus directories,
# as well as subscribes them to courier-imap
:0wic
* ? test ! -d $VHOME/Maildir/.Spam
|( /var/qmail/bin/maildirmake $VHOME/Maildir/.Spam ; /bin/echo “INBOX/Spam” >> $VHOME/Maildir/.bincimap-subscribed )
:0wic
* ? test ! -d $VHOME/Maildir/.Virus
|( /var/qmail/bin/maildirmake $VHOME/Maildir/.Virus ; /bin/echo “INBOX/Virus” >> $VHOME/Maildir/.bincimap-subscribed )

# Run Anti-Virus and Anit-spam tests.
:0fw
| /var/qmail/bin/scanmail.sh

:0:
* ^X-Virus-Status: INFECTED
$VHOME/Maildir/.Virus/

# Sort anything marked as SPAM into the users Maildir/.Spam/
:0:
* ^X-Spam-Status: YES
$VHOME/Maildir/.Spam/

# Everything else goes to the users default Maildir/
#:0:
#*
#$VHOME/Maildir/
:0w
| /home/vpopmail/bin/vdelivermail ” bounce-no-mailbox

notice the last 2 lines, they make procmail return the mail back to vpopmail so any quotas or other options are applied. Take a look at the Spam and Virus folders that are created inside each everyone’s account. scanmail.sh that is referred inside procmailrc is provided by the lazydog package. You can configure it as you want ..and it has a lot of options on how viruses and spam is treated.

Have fun with your secure and without spam mail….you do use smtp auth and ssl patches for your smtp+imap…don’t you ?

Something was wrong…

The blog had a prob and I couldn’t login. I really don’t know what ‘exactly’ was wrong…but I created a second database and started moving the data from the old db to the new bit by bit. Export – Import…Export – Import. Finally I got it working…
Then I exported both the working db and the non-working one, diff-ed them and saw that for a strange reason the last post I had made on the old db had gone between two others…like that:
(49, 1, ‘2004-08-28 17:10:26’, ‘2004-08-28 14:10:26’,
(57, 1, ‘2004-09-05 01:03:37’, ‘2004-09-04 22:03:37’,
(53, 1, ‘2004-08-31 03:46:59’, ‘2004-08-31 00:46:59’

Everything looks ok now…let’s hope it stays that way 🙂

Bad Routing HOW-TO

I recently bought a Linksys WRT54GS as an AP but until placing it on the roof I use it for testing. What I had done and was absolutely wrong was this:rnIn my configuration I had 2 pcs behind the switch ports (of Linksys) and the whole Linksys machine connected to another switch of mine. On that second switch my wireless client and another 2 pcs are connected (already confused ? 🙂 ). What I had been testing were the routing capabilities of the linksys. Due to my fault I had set up linksys to route all traffic (LAN & WAN instead of just WAN) through a gateway far away on the wireless network. With that setup I had perfect pings for machines behind the (linksys) switch ports (1ms) but lousy pings (10-20ms) for the linksys switch itself. I couldn’t figure out what was wrong until I pinged -r the switch IP…what I saw was that the packets were going from my pc to the switch…then to the gateway on the wireless network and back to my pc…
just try to imagine this:
PC1–switch(1)–WRT–switch(1)–my wrls client–AP(1)–remote wrls client–gateway router–remote wrls client–AP(1)–my wrls client–switch(1)–WRT–PC1

Nice heh ?

Get rid of the ads!

Ads in the net are getting more and more annoying. We once had banners..then came popups…then javascript ads…now we have flash ads…ads floating over webpages asking you to shut them down and misleading you to another website and many many more “styles” of ads.
What you need to get rid of them is a machine with linux running the squid proxy and this beautiful addon for squid…AdZapper!
I won’t say more…just take a look at the pics of yahoo mail with and without proxy…
Where r the ads mommy ?

There you go kiddo...

You are free to chose what you want now 🙂

Fixing (?) a hard disk with errors

A couple of days ago I found out that one of my 200GB JB Western Digital drives had some errors. While trying to access certain paths under linux (with reiserfs) I always got a kernel panic in the same directories/files. The disk is still under warranty since it was bought on march 2003 (WD has 3 years warranty for it’s JB model disks) but I wondered if I could do anything by myself to fix it.
Looking inside WD’s website I’ve found out a very usefull tool called DLG Diagnostic that you can use to check on the disk. So, that was the first step…to check if the disk did have errors.
I downloaded the ALWAYS usefull Ultimate Boot CD which includes the utility of WD inside and MANY MANY others. I booted with the cd..fired up the utility and started checking. The quick test told me the disk had errors and if I wanted to repair them. Sure I did…so I let it finish the quick test. It took about 9 minutes. In the main menu of the program there is an option called extended test…so I fired up that one too. While spinning the disk and going from sector to sector it hang a while at sector 151…hmmmm.
It kept going for about an hour and when finished it told me that the disk had errors. “Press R to correct them” ->> RRRRRRRRRRRRRRR
It told me it had 10 errors. But I wasn’t so sure it had fixed them so I ran the extended test again. 5 errors. And again…3 erros…And again 1 error. And again…. 0 errors. YEAH!
After the Extended test option there is a “low-level format” option that fills drive with 0s. I had already backed up my data so I fired up that option. 13 Hours to finish…wow.
Results after it finished ? No errors whatsoever…no test hanging at sector 151 and the drive is perfectly clean. At least that’s what I think…I will test today and report later. Since this disk was part of a raid array and that array is now corrupt I am planning to fiddle around with LVM.

I also feel really jealous of my friend patroklos because he is flying today to Tokyo, Japan to present a paper of his. Damn I want to go to Japan too. snif.

The world collides…

Crypto 2004 reports say that people have been able to produce collisions for hash algorithms!
Some chinese authors reported a family of collisions for hash functions. In the beggining their report had an error on md5 (and it was renamed as md5′ collision) but they corrected their report and extended the collision to the real md5 algorithm. In the same report they introduce a collision on the SHA-0 algorithm that a lot of people fear it can be extended to the industry standard SHA-1.

We know from their “architecture” that all hash functions can have collisions…the problem is that these people found the way to reproduce them in reasonable computing time.

Quoting someone else on a thread, this is what can easily happen now:

An example of what you might do with this. You could request an SSL certificate (for your real identity) from a certificate authority. After the response comes back, you can then use that response (which is based on the MD5 of your identity+key) to “authenticate” a carefully chosen different certificate, one which claims that you are LargeBankOrSoftwareCorp., but which has the same MD5 as your real identity. You can then present this to other people in order to convince them that you are someone whom you are not.

Read this to reproduce the collision yourself: http://www.tcs.hut.fi/~mjos/md5/

Read the comments on this thread:
http://www.freedom-to-tinker.com/archives/000661.html

Crypto

Last night I’ve found a very nice little game. It’s called Crypto Game! It has built in phrases encrypted with a monographic cipher and you have to decrypt the phrase. It’s more like a mind excercise than real cryptanalysis. But it’s still quite some fun 🙂

As my friend patroklos notes on his blog, there are rumours on the net about SHA-1 breaking and md5 collisions. Is that good news or bad news ? Is it time for some people to start feeling insecure or is it time to start implementing more secure techniques ?

2 WordPress patches (hacks)

I am using wordpress for this blog and I am quite happy with it. But I had some special requests and I couldn’t find any hacks for what exactly I had been looking for.
What I wanted was the ability in password protected entries to protect the title name from the spying eyes of evil people (or search engines). I didn’t want people to be able to see the title of the entries they weren’t supposed to read.
I also wanted to stop the sometimes annoying auto-completion of tags when creating a new entry. I sometimes wanted to post fractions of code that were not complete and sometimes the results were different from what I had originally entered.

That’s why I asked the help of Angelos since I am a VERY lousy php coder.
He made these patches true. And here they are:
wordpress.passwdtitle.plus.noautocomplete.patch.tar.gz

Vedic Maths

Reading a yesterdays article on Wired about indian students learning Vedic maths to crack the university exams I was intrigued (as a math student myself) to find out what these maths are about.
Googling a bit brought me to this page: http://www.vedamu.org/Mathematics/course.asp
It’s an explanation of the sutras (formulas) vedic maths use to make various calculations with your own mind a LOT faster. After reading a bit I was able to calculate multiplications of 2 2digit numbers in under 2 seconds without any paper writing with ŨRDHVA TIRYAGBHYĀM (e.g 43*33=1419).

There are various other formulas inside there and it’s really worth reading if you are a math student of you need maths for your work. It’s a time saviour!

Olympics

Yesterday was the opening ceremony for the 28th Olympics, in Athens Greece (I live in Greece, for the few that don’t know it already). Was the show good ? Yes it was. In fact it’s the best that I can remember. I can hardly recollect any memories from 1988 (Seoul) , but I remember 1992 (Barcelona) , 1996 (Atlanta) and 2000 (Sydney). I think this ceremony was the best I’ve seen…and it SHOULD be for a million reasons.

If you don’t come from Greece then you probably won’t know that our country is living it’s biggest democratic period for the last 500++ years…and how long this period is ? 30 years! During these years this country has improved dramatically with the efforts of so many working people. And now on the 30th year comes this “great” event that costs our economy about 6-10 Billion Dollars!!
The supporters of the olympic games say that the revenue will be bigger than we can imagine (mostly from tourism) and that our country will be more respected and so on. That can be true…but you have to define when that will take place, counting and adding how many years in the future will still be under the effect of the olympics. Because we pay the money now…we have to know when we will take them back…if there’s such a chance.

Another great issue is to whom these games appeal. Do they appeal to the hard working labour man ? To the business man or to the millionaires ? The answer is probably the ones that profit from these games because they are the mostly interested in them. Who can go and watch the great opening ceremony when the cheapest ticket costs 100E (then goes to 350E,750E and 950E). There are people living with under 500E pensions in Greece…and these people were invited to go buy a ticket. Are these people that yell about cheap tickets and so on playing with us ? Playing with our nerves or just playing with the future of this country ? I’m sure there are funny stories to be told by many about ticket experiences,…but there’s one coming straight from the political scene of Greece. The president of the second biggest party in Greece, PASOK, which is supposed to be a socialist party, denied being given a ticket for the VIP seats…and bought one to go sit with “the people who vote for him”. The funny thing is his ticket costed 950E for each person of his family. So for him, his wife and his daughter he needs 2×950=2850E for a 3 hour spectacular show. Now that’s a socialist move!

What’s also very funny is the fact that most stadiums were built by foreign workers living in Greece “almost illegally”. Some of them were given the famous “green cards” but the state has the right to kick them out or not renew their cards for the following year. What’s that got to do with olympics ? The answer is really straightforward. When these people had accidents they were forced to lie about the accident, by telling that they’ve had it before entering the olympic workspaces, else they were to be thrown out of the country. So most of these people were practically working without any chance of getting some money if the had an accident. The whole matter was of course not covered by major newspapers/media because they wouldn’t be given the infamous “olympic advertisments”, and we all know how the media depends on the advertisting companies.

Money, money, money…that’s all about the olympics. Nothing more. We had the opportunity as Greeks to show the rest of the world what the true olympics are. But there wasn’t any chance that we were left alone to do it. A country that organizes olympic games without big sponsors is doomed. It’s funny to even speak about “Coca-Cola Torch Relay”. This is our way of showing to the world the olympic spirit ? By having a sponsor for the torch relay ? When in the past did someone have to pay to be a part of the relay ? Aren’t only the ones who deserve it, supposed to hold the torch ? Do I deserve to hold it because I can afford to pay 300E and a labour man that works all day and builts these magnificent stadiums isn’t ?

Just some pins here:

  • What’s the relation of Juan Antonio Samarank to Santiago Calatrava ? Was the second offered the work of the roof of the Olympic Stadium (and the money of course) as an exchange for Mr. Samarank’s support for Athens when he was president of the IOC back in 1997?
  • What’s Mrs. Angelopoulou (the president of the Athens 2004 comittee) husband doing as a living ? Where did he find the money to rebuild his ruining industrial businness ?
  • Will we ever see again acts like the ones from Tommie Smith and John Carlos in the olympics ?
  • I am really ashamed as a Greek for all that. That’s trully not like our past and I wouldn’t like it to be our future…

    P.S. Maybe I’ll write some more as the games go on. There are a lot of things to be said.

    Linux in Europe vs Greece

    While reading the news you can see that more and more European Governments/municipalities are planning to switch from Windows to Linux. As a recent example you can take Vienna and Munich (http://www.eweek.com/article2/0,1759,1635246,00.asp)
    In contrast to what’s happening in Europe and ignoring all the efforts of the local community( http://www.open-source.gr/, http://www.knoppel.org/) trying to convince the Greek government even for some “tests”, the greek Government signed last year a major contract with Microsoft for supporting it’s ministries with “windows servers” (tell me if it’s even rational to talk about windows “servers”..). What the prestigious greek government would earn from that ? hmmm, probably some highly rated officers/ministers got a great ammount of money in exchange for the “deal” they made…and secondly …the Greek Government (Ministry of Development) was given the right to see parts of the code of windows xp/2003. And here comes the big question…WHO will see that code? what will a minister (this link is the Ministry of Transportations and Communications.It doesn’t even have an english translation for foreign visitors and these people decide the technological future of us…damn) do with that code…what will he understand…and how much more secure does that make him feel ? It’s rhetorical…we all know the answer.

    There are times I feel pity for myself for being a greek at these “modern” times.

    P.S. Here is the link with the original announcement of the agreement.

    *Edit: California Government “Explore Open Source Alternatives”, omg…Arnie can think more than our politics…

    Simple Port Accounting

    Say you’ve got a server with various services running on multiple ports and you want to monitor how much traffic each port recieves or sends. I’ve written 2 small scripts to easily accomplish this task.
    The whole process is based on iptables rules & MRTG . You have to make some rules first on iptables according to what you want to monitor.
    As an example we will monitor web-server traffic on port 80 (HTTP) and port 443 (HTTPS).
    First come the iptables rules.
    iptables.sh


    #!/bin/bash
    ME="XXX.YYY.ZZZ.WWW"
    IPTABLES=/usr/sbin/iptables
    $IPTABLES -A INPUT -p tcp -d $ME --dport 80
    $IPTABLES -A INPUT -p tcp -d $ME --dport 443
    $IPTABLES -I INPUT -i eth0
    $IPTABLES -A OUTPUT -p tcp -s $ME --sport 80
    $IPTABLES -A OUTPUT -p tcp -s $ME --sport 443
    $IPTABLES -I OUTPUT -o eth0

    change the ME variable and add your ip inside the quotes. Then put this script someplace where you put scripts…I use /opt/scripts or /root/scripts, and make an entry to your rc.local (or any other script runs on boot time) to run this script on boot (I hope I won’t get any comments on how to do that…)
    Then comes the scripts that will take the stats gathered in iptables rules (you can see them by typing iptables -nvxL).
    First script is: port.sh


    #!/bin/bash
    HOSTNAME="/bin/hostname"
    IPTABLES="/usr/sbin/iptables"
    UPTIME="/usr/bin/uptime"
    $IPTABLES -nvxL | grep -w $1 | awk '{ print $2 }'
    $UPTIME | awk '{ print $3, $4, $5 }'
    $HOSTNAME

    Second script is: inout.sh


    #!/bin/bash
    HOSTNAME="/bin/hostname"
    IPTABLES="/usr/sbin/iptables"
    UPTIME="/usr/bin/uptime"
    if [ "$1" == "packet" ]; then
    $IPTABLES -nvxL | grep -w eth0 | awk '{ print $1 }'
    else
    $IPTABLES -nvxL | grep -w eth0 | awk '{ print $2}'
    fi
    $UPTIME | awk '{ print $3, $4, $5 }'
    $HOSTNAME

    You can give them a try by typing ./port.sh 80:


    1963705
    19120562
    58 days, 22:07,

    or ./inout.sh


    29086377134
    70585824723
    58 days, 22:16,

    or even: ./inout.sh packet


    514425312
    549647125
    58 days, 22:17,

    The inout script can take the word “packet” as a command line parameter to show you total packet information.

    What you need to do next is configure your mrtg to read these stats.
    mrtg.cfg


    WorkDir: /foo/bar/change/me
    Target[80]: `/opt/scripts/port.sh 80`
    MaxBytes[80]: 200000
    Title[80]: Port 80
    PageTop[80]: <h1>Port 80 Stats</h1>

    Target[443]: `/opt/scripts/port.sh 443`
    MaxBytes[443]: 200000
    Title[443]: Port 443
    PageTop[443]: <h1>Port 443 Stats</h1>

    Target[inout]: `/opt/scripts/inout.sh`
    MaxBytes[inout]: 2000000
    Title[inout]: Total Traffic
    PageTop[inout]: <h1>Total Traffic Stats</h1>

    Target[inoutp]: `/opt/scripts/inout.sh packet`
    MaxBytes[inoutp]: 2000000
    Title[inoutp]: Total Packets
    PageTop[inoutp]: <h1>Total Packet Stats</h1>

    Where workdir is a directory inside your web server served documents. For example…if your DocumentRoot is /var/www/mydomain/ make Workdir: /var/www/mydomain/mrtgstats
    Now fire up mrtg to read the specified .cfg file and you are done!
    # /foo/bar/mrtg/install/dir/mrtg /cfg/file/dir/mrtg.cfg

    and you will see some files being created inside “WorkDir: /foo/bar/change/me”.
    Add this line to your crontab
    */5 * * * * /foo/bar/mrtg/install/dir/mrtg /cfg/file/dir/mrtg.cfg
    And you will have automated results every five minutes.

    If you want to create a nice index.html to have all stats in one dir just do this:
    # /foo/bar/mrtg/install/dir/indexmaker –output=/foo/bar/change/me/index.html –title=”MY Port Stats” –enumerate –columns=1 /cfg/file/dir/mrtg.cfg

    Now go to http://yourhost/foo/bar/change/me and enjoy