#@$%!!

One of my boxes got hacked.  Ugh.  Fortunately it was a jump server that had no data.

I have 2 servers exposed to the Internet, a jump server and a reverse proxy.  The reverse proxy provides access to the web applications that I run.  The jump server I use for SSH access into my network from remote locations.

They never got full root access to the box, they didn’t modify the firewall configs and no additional processes were spawned.  What they did do was mess up the logging facility.

After rebuilding the box from scratch I’ve made authentication to be public key only.  I’m thinking of implementing a port knocking feature so that the pot does show up on a port scan.

Hard Drive Bites the Dust

On Thursday, March 26th, the 1.5Tb hard drive in my primary development box bit the dust.  Based on the diagnostics and sounds emanating from the drive, I believe I had a head crash. My first thought was “Oh no, when was the last time I backed up the data”. After a mad scramble I realized I could recover everything up to a point 2 weeks prior to the crash. Not bad. Could have been much worse.

My second thought was “Ok now what do I do with the machine?”. The machine is a few years old, but still has a lot of life left in it. It has an AMD 6-way processor with 16Gb of ram. I have been toying with the idea of using a SSD drive to speed up the machine. Just could never bring myself to take the plunge and rebuild the box from scratch.sandisk_ssd

I decided to purchase a 256Gb Sandisk SSD drive and a traditional 3Tb Seagate Hard Drive.

On my dev box I like to run Linux. Usually its one of the Fedora versions. Rebuilding the box, I decided to go with Centos 7.0 distro. The production websites that I have running are all on Centos 6.5 and it was time to start solifying on a common distro.

After researching the best partitioning method for SSD drives, I ended up putting the “/” and “/boot” partitions on the SSD. The “/swap” and “/home” partitions went on the Seagate drive.

Obviously I don’t have a way to benchmark the performance improvements with this set-up, however anecdotally, I do notice applications are very quick to start up and respond. Interestingly when I retrieve data from the network, there is very noticeable delay in getting the data. That is with a 1gb nic. With the old setup I couldn’t really differentiate between the application start up delays and the network delays.

Overall I very happy with the end result. If you have a box that is “mid-life”, installing a SSD drive can definitely improve the performance. Also this has reinforced the requirement to backup regularly.

Lost and Found My Phone

Samsung S4

Last night I discovered my phone was missing.  I knew I had it on the bus coming home.  In the house I realized it was not in the holster.  After searching the car I figured it was somewhere on the bus.

Cathy called the bus line to find out the bus was heading back to NYC for another run.  We thought that if I was lucky I might get the phone back in a couple for days.

I use Sprint’s family locator app to track the where abouts of MJ and Jill.  Actually I track their phones and because they would never separate from the phones, I can reliable find them.  The family locator app sends periodic messages to all the phones that I have tracking turned on, so Cathy and the kids all know that I can track them.

After getting off the phone with the bus line, Cathy turned to me and asked if I could track the phone with that software.  I had MJ install the family locator software on his phone and configure it to track mine.  We then spent the next 2 hours watching my phone travel up the turnpike, into the Port authority bus terminal and back down the turnpike.  We quickly called the bus line to find out the route the bus was taking and the stops.  Turned out the last stop was in our home town, Lincroft.

As we watched the bus travel, MJ and I drove over to the bus stop.  We had to wait only 5 minutes for the bus to arrive.  The bus line sent a text to the driver that someone lost their phone on the bus.  As I approached the bus, he was fully aware of  why I was there.  The phone was resting nicely between the wall of the bus and the seat.

The only downside was that before we started tracking the phone, I had started to look at the new Samsung S5.  Guess now I’ll have to wait a year before I upgrade to that phone.

Virtual Box

I’ve had hit-or-miss experiences with virtual OS’s on my home machine.  When I had an Apple powerbook, Parallels was awesome.  It just simply worked with no hassles.

On the Linux platform I have not been impressed with any of the virtualization packages until just a few days ago.  A colleague showed my Oracle’s Virtual Box software.   Just like Parallels, it just works on Linux.  No hassle, no fuss, no issues.

So far on my Fedora 17 desktop I have Windows 7 and CentOS 6.5 running.  By this evening Fedora 20 will be running as well.

 

Ruby on Rails and SQLite3

After upgrading to Fedora 17, I had to re-install Ruby on Rails.  I’m using Rails 3.2.7 with the news updates.  In the past I’ve always use MySQL server as the database, so I’ve always installed the database, drivers and associated gems.  Usually it takes an hour or two to get everything setup and working correctly.

Today I had the need to use SQLite.  The app I’m writing needs to have the data files local.  SQLite is the default database for Ruby on Rails, so I figured it would be no issue.  Wrong.

With installing rails, I installed all the Gems, not thinking that I was logged in as root.  Apparently the SQLite3 gem does not update the GEM_HOME environment variable correctly when you are logged in as root.

After many hours of frustration I came across a note where someone else resolved the error by uninstalling the SQLite Gem, making sure all remnants of the gem were gone and then re-installing it.  By “making sure all remnants…were gone”, I mean I had to make sure the sqlite3 gem no longer appeared when I ran the “gem list –local command”.  Since I had installed somethings as root and some as myself, I had to run the gem uninstall as different users until I had gotten rid of it.

The error I was receiving occurred while I tried to perform a rake db:migrate.  I received the error “cannot load file — sqlite3/sqlite3_native”.

After finally clearing out the sqlite3 gem, I made sure I was logged in as myself and re-installed the gem.  After re-installing the gem as myself, the GEM_HOME environment variable was updated correctly and “rake db:migrate” created my development database!

Installing Citrix 12.1 on Fedora 17

Instructions for installing Citrix Receiver 12.1 on a 32-bit system running Fedora 17 with the Gnome desktop.

The install was completed in essentially 5 steps:

  1. Install FFmpeg libraries from RPMFusion
  2. Install the Citrix Receiver 12.1 RPM
  3. Create & install a local policy for SELinux
  4. Export & Install the SSL Certificates
  5. Update the local policy for SELinux

While this is simple enough, finding the directories and reading through the log files can be tedious.  Below I’ve tried to capture the details for each of the steps I went through to enable the client to run.

The Citrix Receiver 12.1 needs FFmpeg libraries to run properly.  FFmpeg is available from RPMFusion. The RPM package I installed was the free repository for Fedora 15, 16 and 17.  This link will pull the RPM directly from RPMFusion.

After enabling the RPM Fusion repository, you need to install FFmpeg.

Then I pulled the Citrix Receiver 12.1 RPM and installed it.  This link will take you to Citrix’s Linux download page.

When I ran the Citrix Receiver, I got a file not found error message for $HOME/.ICAClient/All_Regions.ini.

The Citrix receiver is installed in /opt/Citrix/ICAClient.  I found the missing files in /opt/Citrix/ICAClient/config.  I copied all the files in this directory to $HOME/.ICAClient.

Three of the files in the config directory are links.  The symbolic links are relative, so copying the links to your home directory is useless.  The three files are: appsrv.ini, module.ini, wfclient.ini.  These three files are located in /opt/Citrix/ICAClient/nls/en directory.  I copied these three files into my $HOME/.ICAClient directory.

When I ran the Citrix Receiver, I was given some SELinux errors.  The Citrix Receiver, which has an application name of wfica, needs access to several files.  To clear up the SELinux issues I had to run the following 2 commands several times until all the files that wfica needed access to were added to my local policy file.

SELinux Commands to create a local policy:

# grep wfica /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

The semodule command appends your local policy file to the kernel module.  You need to run semodule as root and after running it, your local policy changes are incorporated into the kernel.  This means the changes will remain available after rebooting.

After a few iterations, the Citrix receiver would start up, but I would get an error on a SSL certificate.  The certificate involved was from Entrust.net.  To resolve this I needed to export the certificates from Mozilla and copy them in the keystore for Citrix.  To do this I, in Mozilla I went to edit / preferences / advanced / view certificates. I then scrolled down and found the certificate that was giving me the error.  Under Entrust.net, there are three certs. I selected all three and exported them.  Then from the directory I exported them to, I copied them to /opt/Citrix/ICAClient/keystore/cacert.

The Citrix Receiver started up, however there appeared to be some delays.  There appeared to be another file that Citrix needed access to, so I re-ran the two SELinux policy commands one more time to make sure I had enabled access for all the files.

The Citrix Receiver is running stable and I’ve had no other issues after following this recipe.

Hopefully this helps other.

 

 

Reprogramming the Comcast Remote

Universal Remotes

Comcast swapped out my cable box to resolve an intermittent problem that has been occurring the past few weeks.  They gave us a Cisco/Scientific Atlanta box.  The universal remote that came with the cable box was platinum colored. The universal remotes that came with the old box were silver colored.

I wanted the old remote to work with the new box so I have a fair chance of finding a remote in the house when I wanted to watch the TV.  It was easy to find instructions to program the remote to work with the TV and Stereo.  It was a bit more difficult to find out how to change the cable box.  The key was to unlock the remote.  After the remote was unlocked it was just a matter of finding the right 5-digit code.

I also wanted to change the default mode for volume control.  The remote uses the TV for the default volume control.  To change it I had to first perform a global volume unlock and then lock the default volume control to the right device.  In this case I wanted my stereo that was programmed under the Aux button to control the volume.

I’ve documented the steps and codes below to hopefully help someone else with a similar issue as well as document the steps for my future use.

 

To unlock / lock the remote:

  1. Press cable button
  2. Hold the Setup button until the cable button blinks twice
  3. Press 982
  4. The cable button will blink 4 times if unlocked.
  5. The cable button will blink 2 times if the remote locked.

 

To Program the Silver Remote to work with Cisco RNG cable Box:

  1. After unlocking the remote
  2. Press the cable button
  3. Hold the setup button until it blinks twice
  4. Enter a 5 digit code
  5. cable button will blink twice if the code is valid
  6. cable button will blink one long blink if the code is not valid
  7. Press the power button to test the code entered

 

Codes for the Silver Remote & Cisco RNG Cable Box:

  • 01877
  • 00877
  • 00477
  • 00008
  • 00237
  • 01982  <- This one worked for me

 

 Global Volume Unlock

  1. Hold Setup until the mode light blinks twice
  2. Press 993
  3. Press Vol+
  4. The mode light will blink 4 times confirming unlock

 

Restoring Global Volume Lock

  1. Press the mode that you want the global volume lock enabled on
  2. Hold the setup button until the mode light blinks twice
  3. Press 993
  4. Press the mode key
  5. The mode key will blink twice confirming global lock enabled

Citrix Client on Fedora 15

Recently I needed to use the Citrix client to connect to a virtual desktop. With Fedora 15, installing the Citrix client has gotten easier, but it still has some pitfalls. I could not get the Citrix client to run on 64-bit Fedora 15, only the 32-bit version. The problem with 64-bit was with OpenMotif and the support libraries that Citrix is expecting. Installation on 32-bit was easier.

1). Install OpenMotif. On Fedora type “sudo yum install openmotif”. The necessary library LibXp will be installed as a dependency.

2). Install the Citrix client. Go to Citrix web site, download the right Citrix receiver for your system.

The first time running the Citrix receiver, I received an SSL error. After some searching I found that the prerequisite SSL certificate is not automatically installed into the Citrix keystore. The exact error message I received was “you have not chosen to trust UTN-USERFirst-Hardware, the issuer of the servers security certificate (SSL Error 61)”.

To resolve the error I had to export the appropriate certificate from Mozilla and copy it into the Citrix keystore. To export it from Mozilla, go to “edit/preferences/advanced”. Click on the “encryption” tab and then on “view certificate”. Click on the “authorities” tab and scroll down the appropriate certificate. In this case it is the UTN-USERFirst-Hardware certificate. Click on export to save it to a file. Then copy that file to the Citrix keystore. The keystore is located at /usr/lib/ICAclient/keystore/cacerts.

After copying the necessary certificate, the Citrix receiver client fired up and connected to my server flawlessly.

Bye Bye Droid, Hello EVO

moneyAfter 18 months my Droid died. The front touch screen stopped working. It was very frustrating to not be able to answer incoming phone calls. I was also frustrated by Verizon. With my original contract long expired and the fact that I had three phones with them, they would not give me any kind of deals for a new phone. Verizon wanted me to spend more than $150 on the phone itself and enter into a 2 year contract that would cost me $180 per month.  Plus the current deal they were offering only provided one phone with data and had a 5Gb limit on the data plan.  Verizon wanted $60 to add a second phone to the data plan.

I had the complete opposite experience with Sprint.  First, they converted all three lines from Verizon to Sprint and provided for free new smart phones for all of us.  Second, the family plan they put us on provided unlimited data, messaging and mobile-to-mobile for all three phones. We also had a 1500 minute per month call usage when not dialing mobile-to-mobile.  With our current dialing usage for all three phones, it is a very heavy month when we use 1000 minutes a month, with most of the usage coming from me.  Third, they bought back my broken Droid and MJ’s cell phone.  Cathy’s cell phone was so obsolete, for a moment, I thought they might pay me to dispose of the phone myself.

Between the conversion credit for moving the three lines, plus the buy back of the old phones, we essentially get three months of service for free.  Total cost per month for all three phones to have the data plan, including taxes….$160 per month.

Talk about a no-brainer.

I ended up with the HTC EVO 4G.  MJ went with the EVO Shift.  Cathy was dragged into the 21st century, getting a Samsung EPIC.

Bluetooth Headsets

I’ve been wanting to get a blue tooth stereo headset to complement the Droid.  I really like the sound quality the Droid has, but hated the dangling wires that came with the ear buds.  Wired headsets were worse, because they would slide off my head when I was in a middle of an activity.

Last month for my birthday the kids bought me the Motorola S9 headsets.  I have to say it was a great birthday present.  They work great, they sound great and they are very light weight.  There are three buttons on each side of the headphones to control music play, volume and to answer incoming calls.

When I go jogging, biking or hiking, the head set stays firmly in place.  Ever try jogging with ear buds?  Forget it, they were constantly falling out.  These headphones stay in place.  If your looking for a new toy to add to your Droid, this headset is definitely worth the money.