June 30, 2014

php md5sum

#!/usr/bin/php -f
<?php
if (count($argv)<2) die("no file specified\n");

if (!file_exists($argv[1])) die ("file does not exist\n");
echo md5_file($argv[1])."\n";

June 25, 2014

git windows push hang 100%

Solution:

1. Download the latest git for windows http://git-scm.com/download/win
2. git config --global sendpack.sideband false

You can also hack the git binary (either on Server or on Client) to change the string "side-band-64k" to something different such as "side-bond-64k". This essentially disables git side-band.

http://billauer.co.il/blog/2012/10/git-pull-windows-freeze-receive-pack/

install gitweb on ubuntu/debian


you have to install the package gitweb sudo apt-get install gitweb

Then you have to edit the apache gitweb config file
$EDITOR /etc/apache2/conf.d/gitweb
change the line Alias /gitweb /usr/share/gitweb to Alias /git /usr/share/gitweb

open the /etc/gitweb.conf file:
you have to change the line $projectroot ".." to $projectroot "/code/git"
and change any other line containing /gitweb to /git for example
$stylesheet = "/gitweb/gitweb.css";
to $stylesheet = "/git/gitweb.css";


then reload you apache webserver with sudo /etc/init.d/apache2 force-reload


[Source:http://askubuntu.com/questions/10452/setting-up-gitweb-apache2]

June 13, 2014

Kernel bypassing networking

Here is a selection of the many kernel-bypass solutions that are available:
These products each take their own design approaches and it’s interesting to consider choices that they make.

  • Customized kernel device driver. netmap and DNA both fork standard Intel drivers with extensions to map I/O memory into userspace.
  • Custom hardware. Myricom and Napatech both distribute bespoke device drivers for their own custom hardware (ASIC for Myricom and FPGA for Napatech).
  • Userspace library. These solutions each provide unique libraries to access their extensions. The scope varies tremendously: Ethernet I/O, libpcap compatibility, hardware-assisted traffic dispatching for multiprocessing, buffer memory management, all the way up to entire TCP/IP socket layers.
  • Licensing. netmap is open-source, DNA requires a modest license for its userspace library, Napatech requires an NDA and depends on very expensive hardware.

June 11, 2014

golang http client Server Sent Event receiver

package main

import (
 "crypto/tls"
 "log"
 "bufio"
 "net/http"
 "time"
)

func main() {
 var client *http.Client
 tr := &http.Transport{
  TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
 }

 client = &http.Client{tr, nil, nil, 0 * time.Second}

 /* open a request, can't use httpclient.Get because we need the http.Request so we can close the connection later */
 req, err := http.NewRequest("GET", "https://dev1.advistatech.com/sse2.php", nil)
 if err != nil {
  log.Fatal(err);
 }

 resp, err := client.Do(req)
 if err != nil {
  log.Fatal(err);
 }
 log.Printf("connected\n");

 reader:=bufio.NewReader(resp.Body);
 for {
  line,err:=reader.ReadString('\n');
  if err != nil {
   log.Fatal(err);
  }else{
   log.Printf("resp:%s\n",line);
  }
 }

 //respbytes, _ := ioutil.ReadAll(resp.Body)
 //log.Printf("resp: %s\n", respbytes)

 resp.Body.Close()
}

June 10, 2014

California FTB live person

Service section at 800.852.5711.
The hours of operation are 7:00 a.m. - 5:00 p.m., Monday through Friday, except state holidays.
Choose the Business prompt 2 to then 4 to speak to a live representative.  

Openssl AES-NI Test

For OpenSSL versions after 1.0.1, AES-NI should be buit-in. This is how to test it:

Command A (with AES-NI) = openssl speed -elapsed -evp aes-128-cbc
Command B (Without AES-NI) = OPENSSL_ia32cap="~0x200000200000000" openssl speed -elapsed -evp aes-128-cbc

bit #33 denoting availability of PCLMULQDQ instruction (for AES-GCM computation);
bit #57 denoting AES-NI instruction set extension;

Results:
Command   16 bytes     64 bytes     256 bytes    1024 bytes   8192 bytes
------------------------------------------------------------------------
A         796435.32k   845155.61k   852750.59k   860752.55k   865828.86k
B         393740.06k   431465.71k   438168.23k   443452.42k   446458.54k

http://www.openssl.org/docs/crypto/OPENSSL_ia32cap.html

June 4, 2014

How to add a schema to OpenLDAP server

vim /tmp/borrame.conf
(this is what goes in the file)

include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/mypersonalschema.schema

mkdir /tmp/borrame.d
slaptest -f /tmp/borrame.conf -F /tmp/borrame.d

Edit the generated file
vim /tmp/borrame.d/cn\=config/cn\=schema/cn\=\{5\}mypersonalschema.ldif

I changed the three head lines to this:
dn: cn=mypersonalschema,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: mypersonalschema

Then I deleted these lines from the bottom of the file:

structuralObjectClass:
entryUUID:
creatorsName:
createTimestamp:
entryCSN:
modifiersName:
modifyTimestamp:

And at last I inserted the new schema to the ldap tree:
ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/borrame.d/cn\=config/cn\=schema/cn\=\{5\}mypersonalschema.ldif

Add LDAP user authentication to YellowDog Linux

/etc/ldap.conf
*************************************
host ldap-server-ip-address
base ou=Users,dc=advistatech,dc=com
ssl no
pam_password md5
*************************************

/etc/openldap/ldap.conf
*************************************
HOST ldap-server-ip-address
BASE ou=Users,dc=advistatech,dc=com
*************************************

/etc/pam.d/system-auth
*************************************
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so

account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100
account required /lib/security/$ISA/pam_unix.so
account [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_ldap.so

password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
password required /lib/security/$ISA/pam_deny.so

session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional /lib/security/$ISA/pam_ldap.so
*************************************

nsswitch.conf
**********************
passwd: files ldap
shadow: files ldap
group: files ldap
**********************

You can use "getent passwd" to  list all the users in the ldap server.

To make sshd work, restart the sshd service.