System Admin’s Weblog

That’s right. And it started to suck badly. I never had problems with spam with GMail so far. But, as from 2-3 weeks ago, i have at least 3 spam messages / day in my inbox. The e-mails come from another account set up in GMail using POP and all that crap. But, as google say on some lil movie i saw on youtube, they scan everything they get – this probably means including those other accounts you have set up in gmail interface. I just thought they’ll have some bayes filtering, you know, that cost effective filtering that compares the e-mails to the ones you put in in a bayes folder (let’s say spam folder in gmail) and it’s making a decision based on some cost matrix wether the messages is spam or not, and it learns what spam is based on what it finds in spam folder. I put a lot of spam messages in spam folder in gmail. But nothing happened. I still get the crap spam messages in inbox.

At least they shouldn’t praise so much their spam filter, ..at least, not now.

The requirements were to find a way to make secure VPN tunnel with the workplace, and dial-up VPN being not so secured, we opted for IPsec with L2TP, the built-in VPN client in Windows distributions – including my newly Windows Mobile 6.1, which i actually tested and works great with the VPN.

Basically, we’ll start with a fresh clean installation of Ubuntu Server, in my case, the lastest one 9.04. You start to apt-get everything you need:

apt-get update

apt-get install openswan xl2tpd

PPP is already installed so you won’t have any problems with it. This scenario will be a “road warrior”, because we want to be able to connect from every kind of internet connection to the company’s network – including home internet, 3G modem connected to the laptop, GPRS connection on the mobile phone, ..whatever.

Ok, so you’ll need to configure some files first. Let’s start with ipsec:

ipsec.conf

conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT

conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
left=99.99.99.99                  #your external IP address for the clients to enter in their VPN wizzard
leftnexthop=99.99.99.1    #your gateway
leftprotoport=17/1701
right=%any
rightprotoport=17/0

This is the default ipsec.conf configuration file that is installed together with openswan. Next, you’ll have to configure a secret for IPsec, and you’ll do that by configuring /etc/ipsec.secrets file:

99.99.99.99 %any : PSK “yourfavouritepresharedkey”

That should be all for IPsec to work. You just have to put it on startup with:

update-rc.d ipsec defaults

Ok, next, you’ll have to configure xl2tp to work. For that, there is a file called /etc/xl2tpd/xl2tpd.conf that needs to be edited:

[global]                                                                ; Global parameters:
ipsec saref = yes
listen-addr = 99.99.99.99
port = 1701                                                     ; * Bind to port 1701
auth file = /etc/ppp/chap-secrets       ; * Where our challenge secrets are
rand source = dev                     ; Source for entropy for random
[lns default]                                                   ; Our fallthrough LNS definition
exclusive = no                                          ; * Only permit one tunnel per host
ip range = 88.88.88.50-88.88.88.150     ; * Allocate from this IP range
local ip = 88.88.88.1                           ; * Our local IP to use
length bit = yes                                                ; * Use length bit in payload?
refuse pap = yes                                                ; * Refuse PAP authentication
refuse chap = yes                                               ; * Refuse CHAP authentication
require authentication = yes                    ; * Require peer to authenticate
name = vpn-srv                                        ; * Report this as our hostname
ppp debug = yes                                         ; * Turn on PPP debugging
pppoptfile = /etc/ppp/options.l2tpd                     ; * ppp options file

I guess this is almost self explanatory, ..but if you need some help on this, just put a comment. 2 files to go. First is the pppoptfile – /etc/ppp/options.l2tpd

/etc/ppp/options.l2tpd

asyncmap 0
auth
crtscts
lock
hide-password
modem
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
noipx

After configuring ppp to work with xl2tp, there is one more step for things to work – authentication. You accomplish that by editing the auth file /etc/ppp/chap-secrets

/etc/ppp/chap-secrets

user1      l2tpd     user1password    88.88.88.5

#specify an IP from the range or out of it; whenever user1 is logging in, it will get the same IP

user2      l2tpd     user2password *

# user2 will always get an IP from the range specified in the range from xl2tpd.conf file.

That’s about it. When I’ll feel like doing print screens, I’ll show you how you add your VPN connection in a Windows XP, but i guess you can already find that out with google search.

[update]: i tried the configuration i posted on my blog, but vista client behind NAT didn’t work at all. There are 2 things you should do:

1. registry modification on windows xp/vista:

for windows xp:
in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPsec create a DWORDcalled AssumeUDPEncapsulationContextOnSendRule and assign the hex value of “2″. This should allow both client and server behind NAT.

for windows vista:

in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent create a 32-bit DWORD called AssumeUDPEncapsulationContextOnSendRule and assign the same value of “2″ for the same reasons.

2. you should define private networks in ipsec.conf by adding this into ipsec.conf in config setup section:

virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12

It should work after all this.

[update2]: here is the latest configuration that worked, with computers behind NAT or not, with Vista or XP..works with all combinations – of course, with the registry key inserted where it has to be.

conn ROADW-NAT
rightsubnet=vhost:%priv
authby=secret
pfs=no
rekey=no
keyingtries=3
left=80.80.80.80
leftnexthop=80.80.80.1
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
dpddelay=15
dpdtimeout=60
dpdaction=clear
type=transport
auto=add

conn ROADW
authby=secret
pfs=no
rekey=no
keyingtries=3
left=80.80.80.80
leftnexthop=80.80.80.1
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
dpddelay=15
dpdtimeout=60
dpdaction=clear
type=transport
auto=add

and of course, insert this line in ipsec.conf:

virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12

This should work in every type of road warrior. Have fun!! The rest of the configuration files are exactly the ones from above..

It’s not about human cloning, ok?

It’s about VMware cloning. VMware, which is the new project i have to finish in few months – virtualizing almost every server we have. So, there are 2 ways to clone a physical machine:

- cold cloning – you boot the machine into a VMware converter ISO, operating system is off, no activity on the hard drive, and you get to clone everything just the way it was just before you shut down the machine. Configured IP address on the VMware converter that boots up has to have access to the VCenter or ESX machine in order for things to work.

- hot cloning – the physical machine is booted into the operating system it currently has. You start VMware converter on another machine. This machine has to have access to both physical machine that you want to virtualize and the VCenter / ESX machines, and they have to be visible to each other too. Bad part about this method is that the machine is not turned off, i mean, the operating system is not turned off, then hard drive might change during cloning, and data loss occurs.

Unfortunately, cold cloning is not working for me at all. It gives all kinds of errors. Yesterday i tried cold cloning again…made some changes and tried again..and so on, till i finally decided to close all services on the server and then do a hot cloning. I looked the error on VMware KB and they said it’s something related to network problems – something like the NICs are not configured with automatic negociation, ..or something like that. I made sure every NIC from ESX or the physical machine i wanted to virtualize were both auto-negociating speed and duplex and tried again. But i had the same problem. After closing every service on the machine, so no hard drive changes during cloning, and my computer at work coordinating the conversion from the VMware converter standalone, everything work great. Started everything at around 10pm. At 6:30 am i had almost 400GB of virtual machines (2 of them) converted from physical to virtual. All i had to do was changing IP addresses for the new VMware adapter on the host, and installing VMware tools. That was all. BTW, physical machines were Windows 2000.

Anyway, after a good night sleep, when i woke up in the morning at 7am, both machines were converted. No errors, too.

Well, i have this server on my hands, built from scratch, and used mostly for hosting websites and email. So, i had to make postfix use virtual tables with mysql, dovecot too..and so on. Anyway, after following some tuturial i made everything running except for smtp authentication using SASLAUTHD. So, on my CentOS 5.3 to make smtp authentication running, i had to create a smtpd.conf file in /usr/lib/sasl2/ with the following content:

pwcheck_method: saslauthd
mech_list: PLAIN LOGIN

And /etc/sysconfing/saslauthd should have the following content:

START=yes
PIDFILE=”/var/spool/postfix/var/run/${NAME}/saslauthd.pid”
SOCKETDIR=/var/run/saslauthd

MECH=pam

FLAGS==”-m /var/spool/postfix/var/run/saslauthd -r”

Usually, default saslauthd file doesn’t have any flags nor pidfile. After that, you should see saslauthd finally authenticating people. Bad part is that i spent almost whole day yesterday trying to figure this shit out. Hopefully, i’ll remember my post next time i’m in this kind of trouble.

make -f Makefile.init makefiles ‘CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_SASL_AUTH -I/usr/include/sasl -DUSE_SSL -I/usr/include/openssl/ -DUSE_CYRUS_SASL -DUSE_TLS -I/usr/include’ ‘AUXLIBS=-L/usr/lib/mysql/ -lmysqlclient -lz -lm -L/usr/lib/sasl2/ -lsasl2 -L/usr/lib -L/usr/lib/openssl/engines/ -lssl -lcrypto’

make

make install

This post is about linux resolver. It’s the one that reads /etc/resolv.conf and translates names into IPs. I had this problem with my linux at work. I wanted to resolve both internet hostnames and internal hostnames. For that i needed 2 nameservers. But the lame default resolver configuration works like this. Let’s say that /etc/resolv.conf looks like this:

nameserver 192.168.1.1 #for internal hosts

nameserver 194.102.1.1 #for external hosts

So, linux resolver tries the first nameserver. If the nameserver responds quickly it doesn’t try the second one. It ONLY tries the second one if the first times out. So if i try with this configuration to resolve internet hosts, it fails. Because it only tries the first nameserver, it replies in 1 ms so if i ask for yahoo.com, it tells me “unknown host”. Great. If i switch them, then it will only resolve internet hosts, but no internal ones.

After googling around, i found out that you can balance dns queries between resolv.conf entries. So, there’s a big chance that it will rotate just the way you need. So, to make it rotate, just add options rotate on the first line of resolv.conf, before other nameserver lines, it will then work beautifully.

So, Lightning is a calendar client for Mozilla Thunderbird. Nothing new. Well, installing the xpi on linux may give you some problems and that’s only because someone normal, like me, doesn’t get to the producer website to see the requirements, someone normal just installs the xpi. Anyway, ubuntu users should install libstdc++5 before installing the xpi from mozilla. If you already installed the xpi, then uninstall it, install the libstdc++5 using apt-get, and then reinstall the xpi file. It should work like a charm. The original linux system requirement for lightning (taken from mozilla website) are like this:

Linux kernel – 2.2.14 or higher with the following libraries or packages:

• glibc 2.3.2 or higher
• XFree86-3.3.6 or higher
• gtk+2.0 or higher
• fontconfig (also known as xft)
• libstdc++5
  (Many modern Linux distributions only package libstdc++6, which is incompatible with Lightning. Therefore please install the package “libstdc++5″ or “compat-libstdc++” on your system before installing Lightning)

Well, vmware on linux has a lil problem. When u try using the arrow keys in the virtual machine, they don’t work. You have to use the arrows from the numpad keys to work. So, eventually u have enough of this and want to solve this. So, in the home folder of the linux user u use for running vmware it should be a .vmware folder. Create a file called “config” in that folder (/home/youruser/.vmware/config) with the following content:

xkeymap.keycode.108 = 0×138 # Alt_R
xkeymap.keycode.106 = 0×135 # KP_Divide
xkeymap.keycode.104 = 0×11c # KP_Enter
xkeymap.keycode.111 = 0×148 # Up
xkeymap.keycode.116 = 0×150 # Down
xkeymap.keycode.113 = 0×14b # Left
xkeymap.keycode.114 = 0×14d # Right
xkeymap.keycode.105 = 0×11d # Control_R
xkeymap.keycode.118 = 0×152 # Insert
xkeymap.keycode.119 = 0×153 # Delete
xkeymap.keycode.110 = 0×147 # Home
xkeymap.keycode.115 = 0×14f # End
xkeymap.keycode.112 = 0×149 # Prior
xkeymap.keycode.117 = 0×151 # Next
xkeymap.keycode.78 = 0×46 # Scroll_Lock
xkeymap.keycode.127 = 0×100 # Pause
xkeymap.keycode.133 = 0×15b # Meta_L
xkeymap.keycode.134 = 0×15c # Meta_R
xkeymap.keycode.135 = 0×15d # Menu

Restart VMware and it should work.

So, i have to really blog about this, and in a good way, for they put a smile on my face, and made me trust them once more.

Let’s start with RPM Sports. For those who don’t know what i’m talking about, they’re the producers of the powerball i have. If you still don’t know what i’m talking about, visit their webpage. Akis rulez!!! Anyway…my powerball is a neon pro, and has some LEDs that lighten up with the more rotations the powerball has, and has a digital counter. I had a problem with the counter, ..it just stopped working. And a co-worker thought he’d try start the powerball on the floor, which kinda fucked it. Anyway, i wrote to the powerball producers about my counter and about what happened to my powerball, and they instantly decided they should send me the spare parts for me to change: the counter, the bottom shell, and the top shell. So this guy i talked for by e-mail..let’s say ..10 e-mails most, told me he’s gonna send those for free. Although when i bought this powerball in Romania they told me i have 6 months guarantee, RPM Sports tell everybody it’s lifetime. And i didn’t believe him till today. When my mom called me that i have waiting for me at the postal office. And he kept his word. He sent me everything i needed to make my powerball spin smoothly again. And that’s what i did today, replacing parts and test it. Kinda works better than it worked when i first bought it. ) Thanks Philip.

D-Link. As some of my friends know, i have a DIR-635 wireless-N router in my place giving me internet connection to everything wireless: my laptop, gf’s laptop, my cell phone. Today, while my internet connection was down, i discovered the firmware update page of the router. And after a quick internet check (the internet came back), i discovered a new firmware update and successfully applied it to my router. After that, a new menu item appeared – USB Settings. When i bought this, i thought the usb port was for storage or something, but after reading the manual, i realized that its purpose was waaay different. Well, after applying this firmware update, i discovered some new functionalities to my USB port on the router. So now, i can access a storage system attached to the router on that USB, using a D-Link software called SharePort. So, SharePort detects what the router has connected to its USB port and asks me if i wanna connect to it. After agreeing with that, it automatically appears in Computer window on my Vista. The only bad part is that it only supports 1 user connected to the USB at a time. Hopefully, they’ll fix that very soon.

Well, i’ve started looking for another online storage. And, i got into mozy.com. They look nice, they’re cheap, there’s unlimited storage, but they have a fucking shitty EULA. Why is it shitty? ..well, i’ll just copy and paste my whole e-mail that i sent to them, because i’m too fucking lazy to just write all of that again. So, here it is..

Hello,

i just made a test account to see if this worth paying or not, and, what can i say?..the software and backup system works great. But i also discovered the terms for this service, and i have some questions about some parts of it:

• You agree to indemnify, defend, and hold harmless Decho and its suppliers from any and all loss, cost, liability, and expense arising from or related to your data, your use of the Service, or your violation of these terms.

By this, you mean that in case of data loss, because of your server fail, or anything not related to the customer, thus related to the provider, i have to “indemnify, defend, and hold harmless Decho and its suppliers”? or it’s just related to data loss because of the customer?

• The Software and Service may collect certain non-personally identifiable information that resides on your computer, including, without limitation, statistics relating to how often backups are started and completed, performance metrics relating to the Software, and configuration settings. This information collected will be sent to Decho and may be used by Decho without restriction.

What exactly “without limitation” means? I know what non-personally identifiable information means, but maybe you’re interested on how much time i make use of yahoo messenger?..or mozilla thunderbird?..or you might install a keylogger to see how many “A” i press on the keyboard ..please explain “without limitation” better to me.

• When you back up data via the Service, you agree that we and our service providers may copy and store such data as part of the Service.

I’m not sure what “as part of the Service means”. Because i don’t want my data to be stored anywhere on your hardware without my consent and someone to have physical access to the hardware involved in the storage.

• Decho reserves the right at any time to modify, suspend, or discontinue providing the Service or any part thereof in its sole discretion with or without notice.

So, today i have my whole hard-drive backed “as part of the Service”, but tomorrow when i reinstall my operating system and try to restore things, i see my account disabled without notice? I really hope you’re kidding about this.

• Decho reserves the right at any time to modify this Agreement in its sole discretion, without liability to you. This Agreement, as amended, will be effective upon acceptance of registration for new users and effective for all existing users 15 days after the posting of any amended terms on the Mozy.com website. You agree to be bound by this Agreement, as modified. If you do not agree to any changes to this Agreement, you must terminate your account immediately.

Hopefully, i will be noticed on my e-mail about agreement changes?..or do i have to browse your website every day to see if something is changed to the agreement, and see if i still comply or not. In case i’m not, hopefully get a refund on my money paid.

And in “payment + refunds” i found this:

• You are free to cancel your account at any time. Similarly, Decho reserves the right to cancel any account at any time, for any reason, including, but not limited to, a breach of this Agreement or the EULA.

What exactly “for any reasons” means? If it rains too much, and my first name initial draws itself magically on the window of your office, and this upsets you, i get my account revoked and i loose all my files?..and that of course, “without notice”?

Please correct me if i’m wrong, but i must be out of my mind to pay for something like this, no matter how cheap this could be. If i want some online storage, and trust me, i tried almost every usable online storage there is, that has no guarantees and preferably cheap (or free), there’s always www.mybloop.com, which is free, and i didn’t even read their license agreement, and that’s because it’s free, and i can understand terms and agreement like you have on your website.

I know that not everybody reads the licence agreement, but i wanna know what happens to my personal files, pictures,..everything, and first of all, i don’t wanna loose any of them, so i need some guarantees.

Thanks in advance.

Best regards,
Radu

[update]: Motherfuckers still didn’t reply to my e-mail. I guess they’re still thinking of a reason for me to pay for their crap service.

Unfortunately, they let me down. First, they restricted access to upload page of their website, now i can’t install blooploader on my newly install vista, and i can’t even use the website upload flash utility… Too bad, i thought i searched enough…

Well now…searching again, for some online storage…

[update]: i gave it another shot to mybloop. Windows client doesn’t install right because it can’t download some zip file from they website, and the linux version of the client keeps crashing like a motherfucker…i’ve had it with this website and their tool..Maybe they’ll hire some good programmers sometime soon and i will try them again. For now, they suck..

So, yesterday i just reinstalled windows vista x64 ultimate on my laptop, after unsuccessfully trying to get a linux desktop on it. I fucking tried every fucking driver for my ATI Radeon Mobility HD3470, but none of them worked. So, back to windows.

I wanted to have my hotmail accounts directly into a mail client software. So, after being sick of Mozilla’s webmail software that suddenly didn’t work ..that was before i formatted everything..i tried using vista’s Windows Mail. Well, that was unsuccessful as well. But, nice thing, they recommended me to install Windows Live Mail. And i did, and beside that, some other Windows Live software, ..like Windows Live Writer.

So, Windows Live Mail eventually worked with my hotmail accounts, so now i have almost all accounts in one place – the one it’s missing is yahoo…and i am not going to pay to them very soon just to read my e-mail, and the new software i discovered was this Windows Live Writer. Despite all microsoft shit i have been using for years now, well, this one i like, mostly because it’s not only supporting blogging to microsoft blogging platform ..spaces, but also has support for different platforms like wordpress, blogger..and so on.

Well, this is my first post from this nice microsoft software, but if i don’t have problem with it, there’s more to come

[update]: it also recognizes wordpress categories…nice job!

So, 2 days ago i was getting my external hdd almost full, and i started looking for online storage that can fulfill my needs. Well, i needed something that can be easy to administer, large storage, no bandwidth limitations, and a desktop client/protocol to manage downloads/uploads. So i started trying everything out there. Bad part is that i’m going to enjoy a lot of spam to my only gmail account that didn’t had any..till today Anyway, after trying few solutions that were highly recommended on some reviews websites, i got over www.mybloop.com . So, what they offer?..well, about exactly the same with my needs. They offer unlimited space, unlimited bandwidth, and they offer a tool called “blooploader” for people to manage files they own over there. Good part is that the client is cross platform, has windows, mac and linux version, and the best part is that all this is completely free.

Some weeks ago i was looking for a bigger external drive, ..somewhere around 2TB, …but now, i’m just testing my internet speed, to see how much time it will take me to upload everything to mybloop )

I tried testing the client at home today, because i had some problems with it at work on both linux and windows platforms. And, i saw they don’t have the download link anymore for their client, because they  said people have problems connecting. So, now i understand it wasn’t my secured bank connection that stopped me from using blooploader, it was their servers.

Hopefully, they’ll solve this issue very soon, and of course, they’ll get ready for massive uploads from me

They almost rule!! And that’s because they have something i really wanted for some time now. So, what they have?..or..what they can do? Well, it’s simple. They can retrieve e-mails from yahoo and hotmail free accounts and put them in your GMX inbox. And the best part is, they offer POP3. So, GMail being my favourite webmail, i can collect yahoo and hotmail accounts to my gmx account, and then POP3 them to my gmail account. So i guess there is a God after all…

Too bad the “mail collector”, as God named his wonderful tool, is kinda buggy. Hopefully, God will keep working on it till it’s buggy-less Anyway, good luck to GMX team in perfecting this tool they have and which is the greatest of them all.

So, this post will be about 2 things I discovered today. One of them is a free messenger for many IM networks ..something like Miranda, Trillian, GAIM.. But, looks very nice, has many functionalities, and most IM features works in this multimessenger called Digsby. I checked file transfer and video & audio conference on YM network – works great! After this, i discovered some conectivity with few social networking websites, like ..facebook, myspace, …and twitter. I already knew what facebook is …what myspace is…what linkedin is..but i didn’t know about twitter.

In twitter you connect to people you already find there, meaning you’re following them – getting updates of what they write and shit. And other people can follow you, called themselves “followers”, and they get every update of the people they follow, including yourself. I already found someone who had an account on twitter, so now i’m following him ) And, i can get updates in my Digsby messenger, i can write new tweet directly from the interface, i can write e-mails to people from my contact list using Digsby. I don’t know…i’m just amazed of this messenger, and the idea of twitter, so now i’m their no.1 fan.

There is a new feature on google mail called “Themes”. You can access it from the settings>themes menu. I already changed my theme twice. Hopefully, i’ll stick to the current one for a long time – it’s called “Terminal”, and the nice thing is that there is no fucking image in the whole page. Not even “Gmail”..gmail is made of _ ( ) – | ..and things like that.. Anyway, cool feature..

The FortiGate series, meets enterprise-class requirements for network level and content level threat protection, performance, availability and reliability. They include all of the key security services provided by other FortiGate models, with integrated enterprise firewall, VPN, intrusion prevention, antivirus / antispyware, spam filtering, Web filtering and traffic-shaping services. With up to gigabit throughputs, high-availability features including automatic failover with no session loss, and multi-zone capabilities, units in the FortiGate enterprise series meet the requirements for mission critical enterprise applications.

Anyway, it’s a hardware appliance, has very high processing power (depends on the model, but the one they recommended to us, 310B, it’s the best for us), and it’s an integrated security solution with support for tunneling, firewall, IDS, antivirus, antispam, web filtering, ..and…last but not least, traffic shaping. Below i put some pics of the specifications of this product. Tomorrow i’ll start testing it. Nice toy…

So, this was the latest project for my work. It’s made by some company called Smoothwall and it’s basically a web content filter. It’s not just that, it’s just a solution useful for the company i work for, after googleing a lot for another solutions.

What does it do? …a lot. And some of them it’s doing good. You can see all the features on the producer website over here. I’ll just tell you why did i choose this solution:

- incredible support for integration with Active Directory

You can map security groups in AD to groups in NG, and you can make policies based on those groups in NG.

- realtime logs, user logs ..and most of all, custom reports.

- web filtering based on…everything, custom made url lists, and policies based on those lists.

- integrated clamAV + support for external ICAP server

- bandwidth limiting

- picture scanning

- updated categorized URL lists

…and many more. I can’t think about another one now. Too damn tired. And that’s because i wanna finish that fucking school, so i rescheduled my worktime till 8pm from monday to thursday so i can go to school.

It’s going to be in testing till the trial period will end. And the trial period will end soon, and that’s because the poor training of their support team. That’s ..i guess, the only weak spot they have. But, i don’t know how they are organized..sometimes they answer in 1 hour…sometimes in 2 days. And of course, i had problems implementing this shit, so i needed their support. Unfortunately, from the month they gave me, which ended yesterday, i only made it work the way i wanted it …guess when??..yesterday. So i asked this sales dude to extend my trial period, which he did, with another week. So this week is for testing…

For people trying to replace something like Surf Control Web, it’s the perfect solution. Actually, for people interested about pricing, i don’t know how much Surf Control Web costs, but this one, for 500 users, for 3 years, costs somewhere around E10.000, which i think that for a bank it isn’t that much, or a very big company trying to stop people from wasting time at work.

So, you’ll need the following:

- ubuntu desktop 8.04 fully updated – including kernel > 2.6.20 (i think the latest is 2.6.24 on that distro)

- huawei E220 (currently on Orange Romania)

First of all, make sure you have kernel > 2.6.20 by typing:

uname -r

After that, make sure you have “wvdial” command available. If you not, just apt-get install it.

Then, insert the SIM card from the modem in a cell phone, and remove the pin protection.

Create a file called .wvdialrc in your home directory (ex. /home/user/.wvdialrc) and put the following lines in it:

[Dialer Defaults]

Phone = *99#
Username = orange
Password = orange
Stupid Mode = 1
Dial Command = ATDT
Init1 = AT
Init2 = ATE0V1&F&D2&C1S0=0
Init3 = AT
Init4 = ATS0=0
Init5 = ATE0V1&F&D2&C1S0=0
Init6 = AT+CPMS=”SM”
Init7 = AT+CMGF=1
# below, you can replace “2″ by “0″ to force EDGE connection
Init8 = AT+COPS=0,0,”RO ORANGE”,2
Modem = /dev/ttyUSB0
Baud = 460800
ISDN = 0
Modem Type = Analog Modem

# below, you can set APN name; maybe your provider gave you in order to get fixed IP – in this case, it’s called “internet”
#Init9 = AT+CGDCONT=1,”IP”,”internet”;

After saving the file, run as “user” the command wvdial. It should work perfectly. BTW, it will try to connect more than 1 time before succeeding. Did the same thing to me. If it doesn’t work, make sure your linux loads the correct driver to this USB modem.

/var/log/messages should look like this:

Oct  3 02:03:27 xxx kernel: [ 4072.581107] usb 1-1: new full speed USB device using uhci_hcd and address 2
Oct  3 02:03:27 xxx kernel: [ 4073.038320] usb 1-1: configuration #1 chosen from 1 choice
Oct  3 02:03:27 xxx kernel: [ 4073.319908] usb 1-2: new full speed USB device using uhci_hcd and address 3
Oct  3 02:03:28 xxx kernel: [ 4073.747801] usb 1-2: configuration #1 chosen from 1 choice
Oct  3 02:03:28 xxx kernel: [ 4073.756208] hub 1-2:1.0: USB hub found
Oct  3 02:03:28 xxx kernel: [ 4074.103785] hub 1-2:1.0: 7 ports detected
Oct  3 02:03:28 xxx kernel: [ 4074.240712] usbcore: registered new interface driver usbserial
Oct  3 02:03:28 xxx kernel: [ 4074.240926] /build/buildd/linux-2.6.24/drivers/usb/serial/usb-serial.c: USB Serial support registered
for generic
Oct  3 02:03:28 xxx kernel: [ 4074.241394] usbcore: registered new interface driver usbserial_generic
Oct  3 02:03:28 xxx kernel: [ 4074.241420] /build/buildd/linux-2.6.24/drivers/usb/serial/usb-serial.c: USB Serial Driver core
Oct  3 02:03:28 xxx kernel: [ 4074.259436] /build/buildd/linux-2.6.24/drivers/usb/serial/usb-serial.c: USB Serial support registered
for airprime
Oct  3 02:03:28 xxx kernel: [ 4074.259720] airprime 1-1:1.0: airprime converter detected
Oct  3 02:03:28 xxx kernel: [ 4074.260264] usb 1-1: airprime converter now attached to ttyUSB0
Oct  3 02:03:28 xxx kernel: [ 4074.260347] usb 1-1: airprime converter now attached to ttyUSB1
Oct  3 02:03:28 xxx kernel: [ 4074.260403] usb 1-1: airprime converter now attached to ttyUSB2
Oct  3 02:03:28 xxx kernel: [ 4074.260431] usbcore: registered new interface driver airprime
Oct  3 02:03:28 xxx kernel: [ 4074.294027] usbcore: registered new interface driver libusual

Hopefully, it will work as beautiful as it worked for me. If it doesn’t, just send a comment.

At least, that’s what i thought first.

I have this server on my hands, i installed apache, php, mysql, postfix, dovecot, amavis, spamassasin and clamav. Worked great with the versions i installed first, but now has some problems with dovecot server – pop3/imap. I search the logs, even put a post in dovecot mailing lists. And since my first post, and my first reply, i started looking deeper into this shit.

I discovered that on sept 28th at 2:30am, dovecot login processes died suddenly. I also saw in mysqld.log that mysqld died around that time. So i thought, that dovecot being tied to mysql, that should be the problem. So, i manually stopped and started mysqld after 5 minutes – dovecot login processes were up and running. I looked into messages log, ..nothing. I looked into maillog, and saw that at 2:30am on sept 28th, postfix died and was restarted few minutes after…and so was amavis and spamd. Curious…who the fuck sends sigterms to my processes?..So i looked more in logs. I saw in secure log that even sshd was restarted at about that hour. So, my guess was that the server was restarted, or at least, because the boot log was empty, something was done to the virtual machine on which it’s installed. So i typed “w” on that server and saw that uptime was like an hour after my logs said that all those processes were stopped. So, now, my guess is, the guys hosting the virtual platform, did something to this server. I’m gonna report this to the owners and tell them what they should tell the providers. Hopefully, they’ll omit words like shit, fuck, crap…

Right..So this is what i gotta do at work. Mail server comparison. But, damn…not all mail servers on this planet, no. Just 3 of the solutions we brought to discussion. It will be between Zimbra Collaboration Suite 5.0, MDaemon + Security Plus addon, Exchange 2007 + SP1. It will be done by tomorrow, so i’ll put the results on here after i’m done. Hope it will be useful for someone.

So, what i’m trying to do these days at work is replacing the current mail server solution. Which actually, is a fucking big mess which includes: a lot of mail queues, before and after Postfix is dealing with it, renaming, auto-responder, e-mail lists stored in an OpenLDAP, user account stored in AD and OpenLDAP..and there’s a hook in AD that whenever some change occurs in AD, changes will be made in OpenLDAP.

Requirements for the new solutions are like this: user login and quota in AD, e-mail lists easily administrable by the list administrator (delegation of users to administer a list..or more), shared folders and calendars, antivirus + antispam. And all the crap to be easy to administer.

So, all the guys having something to say in this matter, said something different. Our windows guy said Exchange 2007. (personally, i didn’t try it, but exchange 2003 is a piece of shit..but only in my opinion, a linux guy ). My boss said Zimbra. Because he saw Yahoo mark on their page, and got so excited that he put me to test the open source version, which actually, doesn’t have that much, i’m still testing it to see what’s all its features, and how easy is to administer. As i saw after a successful installation (i just ignored the warnings that ‘zimbrasrv.mydomain.org’ can’t be found in the nameservers ), has this fancy java enabled web interface. As i told before, i didn’t test all the shit it can do, but i will this weekend. My linux administrator opinion was MDaemon. Right…a windows server. But it’s stable, has almost all the features they want (i don’t know about the mail lists being administrable by people, but i’ll dig more about this). Anyway..looks like a good idea to me at least.

So, this weekend i’ll test zimbra. I have MDaemon trial installed at work….and i don’t wanna test exchange. I hope i’ll make the best decision about this, because it’s going to take a long time to implement, and probably few years before someone gets another good idea about the mail solution in this company i work for.

So…next time, i’ll get back with some details about zimbra server – open source edition. Btw, while surfing the zimbra page, i just discovered “zimbra desktop”, some e-mail client application that wants to replace outlook, thunderbird and all those monsters. The good part about that application is that it let’s you get yahoo mail locally, for which now i use some webmail plugin from thunderbird. The bad part is ..that is a big fancy java..all the java and ajax you want, zimbra desktop has it. Personally, i hate it. Hope the mail server will impress me.

Asa..asta va fi simpla. Pentru cine va citi unde trebuie Am o masina virtuala cu Windows XP SP2 preinstalat. I-am facut update la SP3, dupa care….pula. Nu isi mai facea update la nimic. Intram pe pagina la microsoft.com, vedea ca sunt updateuri…da’ nu le instala. Dadea “failed”. Dupa ceva google search, am descoperit ca rezolvarea e chiar simpla. Deci:

1. my computer> c: > windows > system32
2. dreapta click pe Wups2.dll si “open with” -> si se cauta programul “C:\Windows\System32\Regsvr32″
3. se inregistraza dll-ul…si ..that’s it.

O mare labareala. L-am instalat pe o masina virtuala peste un XP sp2. A durat vreo juma de ora…si dupa restart…pula! Ecran albastru …si iar restart….si iar restart…pana m-am plictisit. I-am dat cu F8 si am selectat-o pe aia sa nu se mai restarteze daca o pune de un crash…si zice ca nush ce functie nu gaseste el in libraria GDI32.DLL. No shit!…eh…si dupa un mic google search am gasit si rezolvarea:

Bootezi cu un cd de windows (da’ merge si cu orice distributie de linux live CD), intri in recovery console (cu tasta ‘r’) si dai urmatoarele 2 comenzi:

>REN C:\WINDOWS\SYSTEM32\GDI32.DLL GDI32.DLL.OLD
>COPY C:\WINDOWS\SERVICEPACKFILES\I386\GDI32.DLL C:\WINDOWS\SYSTEM32\GDI32.DLL

Ii futi un restart, si merge dupa!
Ce mi se pare mie socant este ca Bill Gates, cu tot cu SP3 de cacat al lui, inca nu s-a prins de masina mea virtuala cu win xp crackuit in ultimul hal…da’ nu e timpul pierdut..

Ok…so today, i wanted to make a secure backup script using rsync and ssh. But i wated it unattended…meaning, no user intervension. And i actually did it, but with a lil google search that i’m going to spare you after reading this.

So, when you create a public/private key pair using ssh-keygen you can choose rsa or des cypher for it…and, when you set up your ssh client and server you have to specify a protocol version: 1 or 2. So, based of my google search and experiments today, ssh protocol v1 works only with rsa keys, and ssh protocol v2 work only with des keys. And…be very careful with the settings of paths…to your public and private keys…and should work like a charm..

Well..i got desperate with reading that CCNA Exploration curriculum. I tried on Firefox with flash plugin…didn’t work…i tried with Opera with flash plugin…didn’t work..the last thing was IE6 sp1 on wine + flash plugin. Well..useless, still didn’t work. So i tried to look for virtualization on my Ubuntu 7.10. First…i found Xen. Well..i installed Xen….some kernel support for Xen (so..another, different kernel) and turned out that the new kernel was a mess. At least for my Inspiron 1501. So, after installing all that shit, i deinstalled all of that shit, rebooted with my old working kernel. It worked as it used to. Ha..and they say “home of the Xen® hypervisor, the powerful open source industry standard for virtualization.”. Well..it wasn’t easy enough for me to set up in minutes ..so i googled for something else.

And i found VirtualBox. Of course…they have a commercial version for those who wanna use this on 500 computers in a company…but has the OSE version (Open Source Edition) which is available on Ubuntu repository. It’s simple to install…simple to administer…has this GUI shit that offers pretty much all that you need. So, i proudly recommend VirtualBox if you want virtualization on a linux host without headaches. Now i have my Ubuntu 7.10 and a Windows XP SP2 “genuised” running both at the same time like a charm.

3 things you have to get done in order for VirtualBox to work:

1. make sure that its module is inserted into your kernel and if not, run something like “/etc/init.d/vboxdrv start” and it’s gonna get into your kernel right away. As i remember about my installation, for some reason when i installed this using “apt-get install …” kernel module wasn’t inserted, so i had to start that vboxdrv again.

2. your username has to be in the vboxusers group. You can easily accomplish that from a root terminal:
usermod -a -G vboxusers your_username

3. after you install your guest operating system, some things in the documentation posted on their site will not work. That’s because you didn’t install VirtualBox Additions. That’s easy to do. So..you installed Windows on your guest machine..you will see that you’ll even have some driver problems…That’s all gonna disappear with those Additions. So you can install those Additions from the guest window menu…“Devices > Install guest Additions”. This will download a small 5MB iso from the internet and insert it into your guest CD-ROM device. Double click the .exe file…and you’ll have driver problems solved…and filesharing between host and guest will work as a charm.

That’s it…i’ve stayed till 4am last night to get my “genuised” windows up to date and with CCNA Exploration curriculum working. And..funny thing..it didn’t work on the newly installed IE7 with pop-up blocker disabled and other bullshit…but worked on Firefox. Daaamn!

Or…Content Management System. Put in simple words: you wanna make a website, and don’t wanna spend 2000E on that site. So, what are your choices?..Learn PHP/MySQL, HTML…pay some indian dude to make it – that if he’s not running with your money…or use a CMS. So yes…you can build websites using a CMS. Well, looking for the best one out there, and open source (yeah..i want something cheap…even free) i found this website where they gave awards to some of them. So..for overall award, the winners are:

1. Drupal
2. Joomla!
3. CMS Made Simple

Well, i also remember from the first time i looked for CMS, one called Mambo, and actually, i’ve seen some websites made in Mambo, but don’t know why isn’t it an award winner on that page. Today i tested joomla!, just because i’ve seen that their “extension” page…well…has a lot of content. Didn’t count the number of extensions, but they’re a lot of them, and if you google search for “joomla templates” you will find some great free templates, especially the ones from siteground.com. Have fun building websites, instead of paying too much for them.

Yeap..i finally got this working. Took me ..well..a lot of time…about 1 hour and a half..but it’s working. I even started configuring some routers in my config…and works beautiful. My advice?..umm..use a i386 version of linux…deb or rpm based, doesn’t matter, cause if u’ll use a x86_64 u’ll spend more than 1 hour and a half for just compiling them for that architecture ( i did…few days ago..when i was using a 64 bit version of ubuntu – now i changed to 32 bit version). Next advice: run it as root. If you don’t..you’ll have problems when dynagen is trying to decompress the image and creating its own files. So..root is another of my advice. Then…when i tried to telnet a router…well…nothing happened. You have 2 choices: 1. modify /etc/dynagen.ini to open a terminal session ( well..actually i couldn’t start gnome-terminal for the telnet command in dynagen, so i suggest the second choice ) 2. use the command “list” to see started routers and the port they’re using and then manually open a gnome/kde/whatever terminal and type “telnet localhost portnumber“. And…last advice. I first tried to use a 2611XM model. If you look in documentation on the internet you’ll see that 2600 series only works with uncompressed IOS. You will also find that using “unzip -p c2600.bin > c2600.image” you can uncompress the IOS and then use the image file, should work. Well..SHOULD work, but didn’t for me. Dynamips told me that couldn’t load the c2600.image file. I now use a compressed IOS (.bin file) of the 7200 series and works beautiful so i suggest the compressed c7200 bin file.

That’s all…hope it will work for you…if u have any comments, put a comment or something, maybe i can help you out..

When i first saw the movie below, i knew it was time to reformat my laptop and try this “compiz fusion” on my laptop. So i did. That day, when i first saw this, i moved everything i got on my laptop to my other linux samba server, and formatted it…and installed ubuntu 7.10. They said that compiz fusion is enabled by default in that OS. Bullshit…u have to install a few more packages for it to work, but u can find them easily on the internet, like i did.

So…it works perfectly…doesn’t consume so much processor and memory…actually..my memory usage is pretty low, around 20% or something..but it increases when i start using too many windows, applications and i transfer things through my network. Anyway…i’m proud of the change…hope i will be in a few months too.