#!/usr/bin/php -f
<?php
if (count($argv)<2) die("no file specified\n");
if (!file_exists($argv[1])) die ("file does not exist\n");
echo md5_file($argv[1])."\n";
June 30, 2014
June 25, 2014
git windows push hang 100%
Solution:
1. Download the latest git for windows http://git-scm.com/download/win
2.
1. Download the latest git for windows http://git-scm.com/download/win
2.
git config --global sendpack.sideband false
You can also hack the git binary (either on Server or on Client) to change the string "side-band-64k" to something different such as "side-bond-64k". This essentially disables git side-band.
http://billauer.co.il/blog/2012/10/git-pull-windows-freeze-receive-pack/
install gitweb on ubuntu/debian
you have to install the package gitweb
sudo apt-get install gitweb
Then you have to edit the apache gitweb config file $EDITOR /etc/apache2/conf.d/gitweb
change the line
Alias /gitweb /usr/share/gitweb
to
Alias /git /usr/share/gitweb
open the /etc/gitweb.conf
file:you have to change the line
$projectroot ".."
to
$projectroot "/code/git"
and change any other line containing
/gitweb
to /git
for example $stylesheet = "/gitweb/gitweb.css";
to
$stylesheet = "/git/gitweb.css";
then reload you apache webserver with
sudo /etc/init.d/apache2 force-reload
[Source:http://askubuntu.com/questions/10452/setting-up-gitweb-apache2]
June 13, 2014
Kernel bypassing networking
Here is a selection of the many kernel-bypass solutions that are available:
- ntop.org DNA.
- netmap.
- Intel DPDK.
- Myricom Sniffer10G and DBL.
- 6WINDGate.
- SolarFlare OpenOnload.
- Napatech.
- Customized kernel device driver. netmap and DNA both fork standard Intel drivers with extensions to map I/O memory into userspace.
- Custom hardware. Myricom and Napatech both distribute bespoke device drivers for their own custom hardware (ASIC for Myricom and FPGA for Napatech).
- Userspace library. These solutions each provide unique libraries to access their extensions. The scope varies tremendously: Ethernet I/O, libpcap compatibility, hardware-assisted traffic dispatching for multiprocessing, buffer memory management, all the way up to entire TCP/IP socket layers.
- Licensing. netmap is open-source, DNA requires a modest license for its userspace library, Napatech requires an NDA and depends on very expensive hardware.
June 11, 2014
golang http client Server Sent Event receiver
package main import ( "crypto/tls" "log" "bufio" "net/http" "time" ) func main() { var client *http.Client tr := &http.Transport{ TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, } client = &http.Client{tr, nil, nil, 0 * time.Second} /* open a request, can't use httpclient.Get because we need the http.Request so we can close the connection later */ req, err := http.NewRequest("GET", "https://dev1.advistatech.com/sse2.php", nil) if err != nil { log.Fatal(err); } resp, err := client.Do(req) if err != nil { log.Fatal(err); } log.Printf("connected\n"); reader:=bufio.NewReader(resp.Body); for { line,err:=reader.ReadString('\n'); if err != nil { log.Fatal(err); }else{ log.Printf("resp:%s\n",line); } } //respbytes, _ := ioutil.ReadAll(resp.Body) //log.Printf("resp: %s\n", respbytes) resp.Body.Close() }
June 10, 2014
California FTB live person
Service section at 800.852.5711.
The hours of operation are 7:00 a.m. - 5:00 p.m., Monday through Friday, except state holidays.
Choose the Business prompt 2 to then 4 to speak to a live representative.
The hours of operation are 7:00 a.m. - 5:00 p.m., Monday through Friday, except state holidays.
Choose the Business prompt 2 to then 4 to speak to a live representative.
Openssl AES-NI Test
For OpenSSL versions after 1.0.1, AES-NI should be buit-in. This is how to test it:
Command A (with AES-NI) = openssl speed -elapsed -evp aes-128-cbc
Command B (Without AES-NI) = OPENSSL_ia32cap="~0x200000200000000" openssl speed -elapsed -evp aes-128-cbc
bit #33 denoting availability of PCLMULQDQ instruction (for AES-GCM computation);
bit #57 denoting AES-NI instruction set extension;
Results:
Command 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
------------------------------------------------------------------------
A 796435.32k 845155.61k 852750.59k 860752.55k 865828.86k
B 393740.06k 431465.71k 438168.23k 443452.42k 446458.54k
http://www.openssl.org/docs/crypto/OPENSSL_ia32cap.html
Command A (with AES-NI) = openssl speed -elapsed -evp aes-128-cbc
Command B (Without AES-NI) = OPENSSL_ia32cap="~0x200000200000000" openssl speed -elapsed -evp aes-128-cbc
bit #33 denoting availability of PCLMULQDQ instruction (for AES-GCM computation);
bit #57 denoting AES-NI instruction set extension;
Results:
Command 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
------------------------------------------------------------------------
A 796435.32k 845155.61k 852750.59k 860752.55k 865828.86k
B 393740.06k 431465.71k 438168.23k 443452.42k 446458.54k
http://www.openssl.org/docs/crypto/OPENSSL_ia32cap.html
June 4, 2014
How to add a schema to OpenLDAP server
vim /tmp/borrame.conf
(this is what goes in the file)
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/mypersonalschema.schema
mkdir /tmp/borrame.d
slaptest -f /tmp/borrame.conf -F /tmp/borrame.d
Edit the generated file
vim /tmp/borrame.d/cn\=config/cn\=schema/cn\=\{5\}mypersonalschema.ldif
I changed the three head lines to this:
dn: cn=mypersonalschema,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: mypersonalschema
Then I deleted these lines from the bottom of the file:
structuralObjectClass:
entryUUID:
creatorsName:
createTimestamp:
entryCSN:
modifiersName:
modifyTimestamp:
And at last I inserted the new schema to the ldap tree:
ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/borrame.d/cn\=config/cn\=schema/cn\=\{5\}mypersonalschema.ldif
(this is what goes in the file)
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/mypersonalschema.schema
mkdir /tmp/borrame.d
slaptest -f /tmp/borrame.conf -F /tmp/borrame.d
Edit the generated file
vim /tmp/borrame.d/cn\=config/cn\=schema/cn\=\{5\}mypersonalschema.ldif
I changed the three head lines to this:
dn: cn=mypersonalschema,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: mypersonalschema
Then I deleted these lines from the bottom of the file:
structuralObjectClass:
entryUUID:
creatorsName:
createTimestamp:
entryCSN:
modifiersName:
modifyTimestamp:
And at last I inserted the new schema to the ldap tree:
ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/borrame.d/cn\=config/cn\=schema/cn\=\{5\}mypersonalschema.ldif
Add LDAP user authentication to YellowDog Linux
/etc/ldap.conf
*************************************
host ldap-server-ip-address
base ou=Users,dc=advistatech,dc=com
ssl no
pam_password md5
*************************************
/etc/openldap/ldap.conf
*************************************
HOST ldap-server-ip-address
BASE ou=Users,dc=advistatech,dc=com
*************************************
/etc/pam.d/system-auth
*************************************
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100
account required /lib/security/$ISA/pam_unix.so
account [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_ldap.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional /lib/security/$ISA/pam_ldap.so
*************************************
nsswitch.conf
**********************
passwd: files ldap
shadow: files ldap
group: files ldap
**********************
You can use "getent passwd" to list all the users in the ldap server.
To make sshd work, restart the sshd service.
*************************************
host ldap-server-ip-address
base ou=Users,dc=advistatech,dc=com
ssl no
pam_password md5
*************************************
/etc/openldap/ldap.conf
*************************************
HOST ldap-server-ip-address
BASE ou=Users,dc=advistatech,dc=com
*************************************
/etc/pam.d/system-auth
*************************************
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100
account required /lib/security/$ISA/pam_unix.so
account [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_ldap.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional /lib/security/$ISA/pam_ldap.so
*************************************
nsswitch.conf
**********************
passwd: files ldap
shadow: files ldap
group: files ldap
**********************
You can use "getent passwd" to list all the users in the ldap server.
To make sshd work, restart the sshd service.