tag:blogger.com,1999:blog-19268655338900249522024-03-12T17:05:48.659-07:00Achintha Gunasekara Technical BlogAchintha Gunasekarahttp://www.blogger.com/profile/14234285347304435086noreply@blogger.comBlogger23125tag:blogger.com,1999:blog-1926865533890024952.post-67265908345694688072016-07-10T20:08:00.000-07:002016-07-10T20:08:35.134-07:00A Deep Dive into DynamoDB Partitions<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEhdLg8oIoRwDGf8Rx5DHm-PV-APflKO_rYuxN68LD7P4-oTdj9tMG2ndJx9R0VYlkbtRohb6LmuNsqOAxp2a04Vcu6T2jRCbTnQ-dJetEpz5tA0thD864JjyC6wdwFrHNpNIAW5VWIeiQ/s1600/maxresdefault.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="225" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEhdLg8oIoRwDGf8Rx5DHm-PV-APflKO_rYuxN68LD7P4-oTdj9tMG2ndJx9R0VYlkbtRohb6LmuNsqOAxp2a04Vcu6T2jRCbTnQ-dJetEpz5tA0thD864JjyC6wdwFrHNpNIAW5VWIeiQ/s400/maxresdefault.jpg" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
Have a read of my article on DynamoDB performance on Shine Consulting Blog.<br />
<br />
<a href="https://blog.shinetech.com/2016/06/27/a-deep-dive-into-dynamodb-partitions/" target="_blank">Shine Consulting Blog - A Deep Dive into DynamoDB Partitions</a>Achintha Gunasekarahttp://www.blogger.com/profile/14234285347304435086noreply@blogger.com0tag:blogger.com,1999:blog-1926865533890024952.post-61647767038823820592016-07-10T20:01:00.001-07:002016-07-10T20:06:10.895-07:00The Emergence of The 3 Towers: DevSecOps<span id="goog_1570049721"></span><span id="goog_1570049722"></span><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfxoo9HD3dTdkeVYrmOvCCEis7kMDvu5PGyaczvo4NVcShS_mX2IHE16faA5zDu7rnJq7bpMUBnlSpeVZqBNIDE-SYgDt0TqcOSjCTq8blF5PRSA7ODmvZEo24HhCQ0oAEw_IH7Wohm07L/s1600/three-towers.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfxoo9HD3dTdkeVYrmOvCCEis7kMDvu5PGyaczvo4NVcShS_mX2IHE16faA5zDu7rnJq7bpMUBnlSpeVZqBNIDE-SYgDt0TqcOSjCTq8blF5PRSA7ODmvZEo24HhCQ0oAEw_IH7Wohm07L/s400/three-towers.jpg" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
Have a read of my article on DevSecOps on Shine Consulting Blog.<br />
<br />
<a href="https://blog.shinetech.com/2016/05/13/the-emergence-of-the-3-towers-devsecops/" target="_blank">Shine Consulting Blog - The Emergence of The 3 Towers: DevSecOps</a>Achintha Gunasekarahttp://www.blogger.com/profile/14234285347304435086noreply@blogger.com0tag:blogger.com,1999:blog-1926865533890024952.post-88560956052145572552016-02-16T20:47:00.000-08:002016-02-16T20:53:00.943-08:00Setting up Mail Forward on AWS with Postfix<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3DXii4REjGyLVFkZNU6C9cKWhR9xG6uEgoR66XsjD9RNRwOrkBmnlBlHL3HWu7XbiY2Mc2Fzlm4anwRM39sqpwmOM3VqvAaOTEtYg5ZW5CaXvhs_zUhew-Tu9Tj41D0g1unmFkYgP-OWG/s1600/postfix-logo.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3DXii4REjGyLVFkZNU6C9cKWhR9xG6uEgoR66XsjD9RNRwOrkBmnlBlHL3HWu7XbiY2Mc2Fzlm4anwRM39sqpwmOM3VqvAaOTEtYg5ZW5CaXvhs_zUhew-Tu9Tj41D0g1unmFkYgP-OWG/s1600/postfix-logo.gif" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
I have recently moved all my personal domains across to AWS Route 53. One feature I really missed after the migration was the ability to mail forward. With my previous service provider, I had all emails coming into my <a href="http://achinthagunasekara.com/">achinthagunasekara.com</a> domain forward to one email address. But AWS doesn't provide the direct support for forwarding emails like that.<br />
<br />
This is the solution, I came up with to get around this issue. My domain is <a href="http://achinthagunasekara.com/" target="_blank">achinthagunasekara.com </a>and you should change this to match yours.<br />
<br />
First of all, launched a nano EC2 instance with an Ubuntu image. Nano instance is powerful enough for the amount of mail I get thought to this domain, but you should consider using a powerful instance, if you are expecting high volume of emails.<br />
<br />
Then assign an elastic IP address to this instance.<br />
<br />
On route 53, create a A Record pointing the subdomain mail.achinthagunasekara.com to the new elastic IP address.<br />
<br />
Then create a MX record pointing all my incoming mail to mail.achinthagunasekara.com<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoK1-R3eTi6n3_iToaXuxJDtADbsuYR_hSZRHqBfxIMkwbjPbz2-u4mFq6hyCsHKzpkxlUxIe0rIi7CYZB5bx0rV9enz6-TAu35I1T0ksFyQUmLdSpnp5t6fS4u1wDDuUFM6OCj1Jhun22/s1600/Screen+Shot+2016-02-17+at+3.19.47+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoK1-R3eTi6n3_iToaXuxJDtADbsuYR_hSZRHqBfxIMkwbjPbz2-u4mFq6hyCsHKzpkxlUxIe0rIi7CYZB5bx0rV9enz6-TAu35I1T0ksFyQUmLdSpnp5t6fS4u1wDDuUFM6OCj1Jhun22/s400/Screen+Shot+2016-02-17+at+3.19.47+PM.png" width="333" /></a></div>
<br />
<br />
Log into the newly created instance using SSH.<br />
<br />
Use the package manager to install Postfix (I've used apt-get as my instance was running Ubuntu)<br />
<br />
<span style="color: lime; font-family: "courier new" , "courier" , monospace;">apt-get install postfix</span><br />
<br />
Open the main postfix configuration file<br />
<br />
<span style="color: lime; font-family: "courier new" , "courier" , monospace;">vi /etc/postfix/main.cf </span><br />
<br />
Add the following lines to the file<br />
<br />
<span style="color: lime; font-family: "courier new" , "courier" , monospace;">virtual_alias_domains = achinthagunasekara.com</span><br />
<span style="color: lime; font-family: "courier new" , "courier" , monospace;">virtual_alias_maps = hash:/etc/postfix/virtual</span><br />
<br />
Now create a file called /etc/postfix/virtual<br />
<br />
<span style="color: lime; font-family: "courier new" , "courier" , monospace;">vi /etc/postfix/virtual</span><br />
<br />
Now to forward mail from admin@achinthagunasekara.com to me@mydomain.com, add the following like to the file.<br />
<br />
<span style="color: lime; font-family: "courier new" , "courier" , monospace;">admin@achinthagunasekara.com me@mydomain.com</span><br />
<br />
To forward all mail coming to achinthagunasekara.com to me@mydomain.com, add the following like to the file.<br />
<br />
<span style="color: lime; font-family: "courier new" , "courier" , monospace;">@achinthagunasekara.com me@mydomain.com</span><br />
<br />
Save and close the file.<br />
<br />
Run the following command to finalize the configuration and restart Postfix.<br />
<br />
<span style="color: lime; font-family: "courier new" , "courier" , monospace;">postmap /etc/postfix/virtual</span><br />
<span style="color: lime; font-family: "courier new" , "courier" , monospace;">service postfix reload</span><br />
<br />
Now we are nearly there. Next thing is to go back to your EC2 instance and modify the security group. Make sure you're allowing incoming connections on TCP port 25.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirbfNLYq7cPlQKytARBCp8ayqiPOPSYEHGdayuyVWuhM5Lqic97attCZdqQ4qjef9wiICVjKyof1OmhfwkQCf5mYxwzvkbNEZFbJ5K3DZ7Ki2ECOE-G9H2aZqA39oeNk7DJtwmXMI8rkzd/s1600/Screen+Shot+2016-02-17+at+3.30.24+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="67" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirbfNLYq7cPlQKytARBCp8ayqiPOPSYEHGdayuyVWuhM5Lqic97attCZdqQ4qjef9wiICVjKyof1OmhfwkQCf5mYxwzvkbNEZFbJ5K3DZ7Ki2ECOE-G9H2aZqA39oeNk7DJtwmXMI8rkzd/s400/Screen+Shot+2016-02-17+at+3.30.24+PM.png" width="400" /></a></div>
<br />
That's it. Now send an email to your domain and test it!<br />
<br />
<h3>
Debugging</h3>
<br />
Any errors would be logged to /var/log/mail.log and /var/log/mail.err files.<br />
<br />
Tail these files, while sending an email to check for incoming connections and errors.<br />
<br />
<span style="color: lime; font-family: "courier new" , "courier" , monospace;">tail -f /var/log/mail.log</span>Achintha Gunasekarahttp://www.blogger.com/profile/14234285347304435086noreply@blogger.com0tag:blogger.com,1999:blog-1926865533890024952.post-61287597295784058212015-11-15T18:52:00.000-08:002015-11-15T18:52:53.458-08:00Customising Command Line PromptCustomising command line prompt is helpful as we can display useful information. Such as Git branch when browsing though a repository. <br />
<br />
I have done this on a Mac, but you can do this on any Unix base OS.<br />
<br />
To customize your terminal open your bash profile file at the following path.<br />
<br />
<span style="color: lime; font-family: Courier New, Courier, monospace;">vi ~/.bash_profile</span><br />
<br />
Here is a sample configuration, I've added to customize my command line.<br />
<br />
<span style="color: lime; font-family: "courier new" , "courier" , monospace;"># Define some colours<br />RESET="\[\017\]" <br />RED="\[\033[31;1m\]" <br />GREEN="\[\033[0m\]" <br />BLUE="\[\033[34m\]" <br />YELLOW="\[\033[33;1m\]" <br /># Path to git-prompt.sh below is specific to a Mac. Update this to suit your environment.<br />git_prompt=/Applications/Xcode.app/Contents/Developer/usr/share/git-core/git-prompt.sh <br /># Read the file<br />[[ -r $git_prompt ]] && source $git_prompt <br />PS1="${BLUE}\u${GREEN}@\h:${RED}\W ${YELLOW}\$(__git_ps1 '(%s)')${GREEN}$ " </span><br />
<br />
In the above configuration, I can see my username (\u) in blue, host name (\h) in green, current directory (\W) in red and git branch in yellow. If the current directory is not a Git repository, git branch is not displayed.<br />
<div>
<br /></div>
<div>
EG (in a git repository):</div>
<div>
<br /></div>
<div>
<span style="color: blue;">achintha</span><span style="color: lime;">@localhost:</span><span style="color: red;">tmp</span> <span style="color: yellow;">(master)</span><span style="color: lime;">$</span></div>
<div>
<span style="color: lime;"><br /></span></div>
<div>
EG (other than a git repository):</div>
<div>
<br /></div>
<div>
<span style="color: blue;">achintha</span><span style="color: lime;">@localhost:</span><span style="color: red;">tmp</span> <span style="color: lime;">$</span><br />
<br />
Here's a list of other available options you can use,<br />
<br />
\d – Current date<br />
\t – Current time<br />
\h – Host name<br />
\# – Command number<br />
\u – User name<br />
\W – Current working directory (ie: Desktop/)<br />
\w – Current working directory with full path (ie: /Users/Admin/Desktop/)</div>
Achintha Gunasekarahttp://www.blogger.com/profile/14234285347304435086noreply@blogger.com0tag:blogger.com,1999:blog-1926865533890024952.post-32432910740453426872015-08-26T16:47:00.000-07:002015-08-26T17:27:25.733-07:00How to Setup a VPN Gateway Server on Amazon VPC Using Ubuntu<br />
<br />
In my last post, I’ve talked about setting up a site-to-site VPN using Sophos UTM 9 and strongSwan IPsec running on Amazon EC2 instance. So the idea was to create a VPC on AWS and connect this VPC to my home network. Setup on my last article works fine to connect to a single instance, but if we are to connect the entire VPC subnet to my home network subnet, I had to setup an instance as a gateway and route all the VPN traffic though that gateway. This is the instance I have installed strongSwan on. This involved setting up NAT on that instance.<br />
<br />
Please refer the <a href="http://blog.achinthagunasekara.com/2015/08/how-to-connect-aws-vpc-and-local.html" target="_blank">this post</a> to see how to setup a IPSetup tunnel.<br />
<div>
<br /></div>
<div>
To recap, my AWS VPC has the CIDR block of 172.32.0.0/16. I have two subnets on my home network - 192.168.0.0/24 and 10.242.2.0/24. I have connected my home network and the VPC together using a IPSec tunnel.<br />
<br />
Here's the setup in a digram.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimYkwssSsYx7B5YrB9nHr7bqJCm-vKy66hR8Kp6eQiI8KDeLEEycyKvyGkn1h-zl0FWYv1UTLVaHWAh99zw_Mlnh6u86pd8JMgAVTZnUlIQgufRxT29lZzn6dFWJ5vlogwYjzHxbpevwqv/s1600/Blank+Flowchart+-+New+Page.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="262" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimYkwssSsYx7B5YrB9nHr7bqJCm-vKy66hR8Kp6eQiI8KDeLEEycyKvyGkn1h-zl0FWYv1UTLVaHWAh99zw_Mlnh6u86pd8JMgAVTZnUlIQgufRxT29lZzn6dFWJ5vlogwYjzHxbpevwqv/s400/Blank+Flowchart+-+New+Page.png" width="400" /></a></div>
<br /></div>
<div>
<br />
Lets see how to do that. I have used Ubuntu free tier instance to setup the gateway.<br />
<br />
First create a VPC as below. Also name them accordingly, because AWS IDs are hard to remember!<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzyPuzhR2aSPB6PPlFmoDz0RcAw7pLjL3dwnSPpKbIqGHIVsrZaVotHU1Iwx_Q9s86kdUSGeFv42OWFrxJwxlj8AwL-dQbkCxkIimldMP393NAboycBUxMj0YYY5V004YX7LKrQVvb0Tym/s1600/Screen+Shot+2015-08-27+at+9.16.17+am.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="56" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzyPuzhR2aSPB6PPlFmoDz0RcAw7pLjL3dwnSPpKbIqGHIVsrZaVotHU1Iwx_Q9s86kdUSGeFv42OWFrxJwxlj8AwL-dQbkCxkIimldMP393NAboycBUxMj0YYY5V004YX7LKrQVvb0Tym/s400/Screen+Shot+2015-08-27+at+9.16.17+am.png" width="400" /></a></div>
<div>
<br /></div>
<div>
So my VPC has the CIDR block of 172.32.0.0/16</div>
<div>
<br /></div>
<div>
Setup 2 subnets on this VPC as below. I used 172.32.0.0/24 for the private subnet and 172.32.1.0/24 for the public subnet.</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZxHxTAU6qfXyUfkXAm9uU4TquUmgnhGvINMjvfk5_bYmN_92Pq6AvN4XZZRZpBtbRIH0l8Yh2wdkJPcMU7TAK6zXx7ifA3FUc0j_Zg8S9dt8Poba6jyL8WfwvPZfsSjtqLFsbX1tS8UwO/s1600/Screen+Shot+2015-08-27+at+9.19.36+am.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="58" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZxHxTAU6qfXyUfkXAm9uU4TquUmgnhGvINMjvfk5_bYmN_92Pq6AvN4XZZRZpBtbRIH0l8Yh2wdkJPcMU7TAK6zXx7ifA3FUc0j_Zg8S9dt8Poba6jyL8WfwvPZfsSjtqLFsbX1tS8UwO/s400/Screen+Shot+2015-08-27+at+9.19.36+am.png" width="400" /></a></div>
<div>
<br /></div>
<div>
Now it's time to create a Internet Gateway. Please attach the internet gateway to the VPC we just created.</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZe5K-FtS2ttyk8KAC355NBuY8-3Jz8luGAuiq6fC9DaXHer_qnfX4YKWeA0lnjML5-yuS15ScNWbQaBX4WH7BkE-CO248rS_ONuu6EsO7sNDnYbdRHvZ0NBESDwFk6k0ROrxSDIgZhwFA/s1600/Screen+Shot+2015-08-27+at+9.20.46+am.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="48" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZe5K-FtS2ttyk8KAC355NBuY8-3Jz8luGAuiq6fC9DaXHer_qnfX4YKWeA0lnjML5-yuS15ScNWbQaBX4WH7BkE-CO248rS_ONuu6EsO7sNDnYbdRHvZ0NBESDwFk6k0ROrxSDIgZhwFA/s400/Screen+Shot+2015-08-27+at+9.20.46+am.png" width="400" /></a></div>
<div>
<br /></div>
<div>
Now it's time to create 2 route tables. One for private subnet and one for public subnet.</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEinGCYTQJbhkZvFQ89LTe9_dMwMSB2ZvDCVB1biJCaosjrqrg_EAsE581FW5PMW7mSwiu9fVfslHJp8ssZBewDch702drHYHZ_bCySH4wLar4jGIxjL1zUkdmygsguScDN2nCHgf5wv1odm/s1600/Screen+Shot+2015-08-27+at+9.21.38+am.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="57" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEinGCYTQJbhkZvFQ89LTe9_dMwMSB2ZvDCVB1biJCaosjrqrg_EAsE581FW5PMW7mSwiu9fVfslHJp8ssZBewDch702drHYHZ_bCySH4wLar4jGIxjL1zUkdmygsguScDN2nCHgf5wv1odm/s400/Screen+Shot+2015-08-27+at+9.21.38+am.png" width="400" /></a></div>
<div>
<br /></div>
<div>
We'll only configure the route table for the public subnet for now. We'll come back to the private one. This is a very simple route table. Anything other than local traffic, we'll route the Internet gateway.</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivppsBdfXM_r5Bg1bb7JMSh7yjTPxqTQicGWpVIQ3hTKCOjRcqjVOjEqnZ5zTJdljA2cr7Wdgn2dak-yKUYI-QYKHqXZ6258sGVSdFpUQeCqfQdPLCYZ75Sf8sld4fAihUgabl9RNRtFzw/s1600/Screen+Shot+2015-08-27+at+9.26.44+am.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="208" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivppsBdfXM_r5Bg1bb7JMSh7yjTPxqTQicGWpVIQ3hTKCOjRcqjVOjEqnZ5zTJdljA2cr7Wdgn2dak-yKUYI-QYKHqXZ6258sGVSdFpUQeCqfQdPLCYZ75Sf8sld4fAihUgabl9RNRtFzw/s400/Screen+Shot+2015-08-27+at+9.26.44+am.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
That's it. Now run up a instance of Ubuntu on public subnet (172.32.1.0/24). You can use the basic settings. Nothing too fancy here. Use an Elastic IP so our public IP won't change when we stop and start this instance.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQ_sa1NVVwYWGPydMLQKdV5jBns9-KukQminipmThatITesjFIJyZNqjRzM9HsODlbmMkDsdeMTfKn0gSqY2SCjXJjO3-hOtXEcbmKijlIpq2uBGV3NZsoyhCHljYN1BeSzTvOtlvnagny/s1600/Screen+Shot+2015-08-27+at+9.29.54+am.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="196" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQ_sa1NVVwYWGPydMLQKdV5jBns9-KukQminipmThatITesjFIJyZNqjRzM9HsODlbmMkDsdeMTfKn0gSqY2SCjXJjO3-hOtXEcbmKijlIpq2uBGV3NZsoyhCHljYN1BeSzTvOtlvnagny/s400/Screen+Shot+2015-08-27+at+9.29.54+am.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Create an assign a security group for this instance. I have called this security group "singapore-sg-vpc1-gateways". You'll need to allow connections such as SSH into this. As you can see below, I have also opened up UDP port 500 and 4500. These ports are used by IPSec. I'm planning on setting this gateway as a VPN gateway as well.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEioSdFUptQWGD37hnf0-jsIlJAzzcr0oNUWUfFoSQs8ONbYTT__2Wz93oiJFH624x_T8l-522ISNmzW3cTPpBSgd4cy17xLH1FuDFWZVTpgmqDf0X779zGCDpv45Z5ubb6jS-kyUo86fF03/s1600/Screen+Shot+2015-08-27+at+9.33.03+am.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="245" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEioSdFUptQWGD37hnf0-jsIlJAzzcr0oNUWUfFoSQs8ONbYTT__2Wz93oiJFH624x_T8l-522ISNmzW3cTPpBSgd4cy17xLH1FuDFWZVTpgmqDf0X779zGCDpv45Z5ubb6jS-kyUo86fF03/s400/Screen+Shot+2015-08-27+at+9.33.03+am.png" width="400" /></a></div>
<div>
<br /></div>
Another tricky bit: Disable Source/Destination check on the instance <br />
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibVnR193-T01PbbvM6HCiNzSxGV2yqQUByTu_FjoDUx01D5ZGmOruAUyaW4pS73uEIfN-gunMf0n_wWNsGYywG3WD1D_pzvPqKOwOMegP5T62C6W5gZL8aNyaTAV7Fty5FnckuOdvCzTdf/s1600/Screen+Shot+2015-08-27+at+9.37.01+am.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="192" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibVnR193-T01PbbvM6HCiNzSxGV2yqQUByTu_FjoDUx01D5ZGmOruAUyaW4pS73uEIfN-gunMf0n_wWNsGYywG3WD1D_pzvPqKOwOMegP5T62C6W5gZL8aNyaTAV7Fty5FnckuOdvCzTdf/s400/Screen+Shot+2015-08-27+at+9.37.01+am.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
In few minutes, the new instance will start up and ready to be configured.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
But before that, now we are ready to configure the route tables for the private subnet. I have added all my home network subnets to route though the VPN Gateway server (Ubuntu instance we've just setup). All the other Internet traffic will be routed though the Internet gateway. Have a look at the image below.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhSKx0ETVxijBY2WNNZXvTcqJl0wVxAx5EGq9ipG3ic_9Urk9F9wZ-QOzUmqZJsQsNQNN0Zxj3ypsDC89b8OOYVXGSxXNb_pSgTC0H8vMqoOnmGhiTb9MlruUI5P8UUJSl6oo0b-_NbEEsK/s1600/Screen+Shot+2015-08-27+at+9.40.21+am.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="261" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhSKx0ETVxijBY2WNNZXvTcqJl0wVxAx5EGq9ipG3ic_9Urk9F9wZ-QOzUmqZJsQsNQNN0Zxj3ypsDC89b8OOYVXGSxXNb_pSgTC0H8vMqoOnmGhiTb9MlruUI5P8UUJSl6oo0b-_NbEEsK/s400/Screen+Shot+2015-08-27+at+9.40.21+am.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Now we are all done with AWS VPC configuration. Next thing to do is to configure the VPN Gateway Server to do NAT.</div>
<div>
<br /></div>
<div>
SSH into the VPN Gateway Server.</div>
<div>
<br /></div>
<span style="color: lime; font-family: Courier New, Courier, monospace;">ssh -i ~/AWS_Key.pem ubuntu@XX.XX.XX.XX</span></div>
<div>
<br /></div>
<div>
Now run the following commands on the Gateway Server to make NAT work.</div>
<br />
<span style="color: lime; font-family: Courier New, Courier, monospace;">echo '#!/bin/sh
echo 1 > /proc/sys/net/ipv4/ip_forward</span><br />
<div>
<span style="color: lime; font-family: Courier New, Courier, monospace;"><br /></span></div>
<div>
<span style="color: lime; font-family: Courier New, Courier, monospace;">iptables -t nat -A POSTROUTING -s 172.32.0.0/16 -j MASQUERADE
' | sudo tee /etc/network/if-pre-up.d/nat-setup</span></div>
<div>
<span style="color: lime; font-family: Courier New, Courier, monospace;"><br /></span></div>
<div>
<span style="color: lime; font-family: Courier New, Courier, monospace;">sudo chmod +x /etc/network/if-pre-up.d/nat-setup</span></div>
<div>
<span style="color: lime; font-family: Courier New, Courier, monospace;"><br /></span></div>
<div>
<span style="color: lime; font-family: Courier New, Courier, monospace;">sudo /etc/network/if-pre-up.d/nat-setup</span><br />
<br />
That's it! Now we have the VPN Gateway Server working with NAT. Next thing I had to do was to setup a IPSec tunnel between my home Sophos UTM 9 and AWS VPC VPN Gateway Server we've just setup. Please follow <a href="http://blog.achinthagunasekara.com/2015/08/how-to-connect-aws-vpc-and-local.html" target="_blank">this article</a> to do so.</div>
<div>
<br /></div>
<div>
Please make sure to replace my CIDR blocks with your own, if you're following this article.</div>
Achintha Gunasekarahttp://www.blogger.com/profile/14234285347304435086noreply@blogger.com2tag:blogger.com,1999:blog-1926865533890024952.post-9538291468141864062015-08-24T20:51:00.001-07:002015-08-26T16:55:13.257-07:00How to Connect a AWS VPC and Local Network via VPN Using Sophos UTM 9 and strongSwanSo few weeks ago, I finally finished setting up my home lab. I used Sophos UTM 9 as my gateway. There were few reasons for using Sophos UTM 9. Major one being it’s completely free for home use. Also it’s incredibly easy to configure. So with the gateway, I can VPN into my home network and use my local resources from anywhere. It might be a overkill for a home network, but if it can be done, why not?<br />
<br />
Recently I’ve started using Amazon AWS for hosting my personal website. So I was thinking that it’d be nice, if I could monitor my AWS servers with the same monitoring system I use to monitor other machines on my home network. I use Nagios for this. I decided to join my AWS VPC to my home network via VPN. Easiest option was to buy a Sophos UTM 9 instance from AWS marketplace and use it as a VPN gateway, but it seemed like a huge waste of money given the fact Sophos UTM from AWS market place costs close to a grand a year. <br />
<br />
I decided to look for open source VPN servers. That’s when I found strongSwan. It seemed easy to configure and I could just run it on a Ubuntu instance with minimal system requirements.<br />
<div>
We are going to need a public IP for this instance. But setup a Elastic IP so it won't change when you stop and start the instance.<br />
<br />
For more information about Sophos UTM click <a href="https://www.sophos.com/en-us/products/unified-threat-management.aspx" target="_blank">here</a>.<br />
For more information about strongSwan click <a href="https://www.strongswan.org/" target="_blank">here</a>.<br />
<br />
This is how to configure it.<br />
<br />
Create a VPC on your AWS instance. I’m not going to talk setting it up here. Then start up a instance with Ubuntu. I used the free tier one.<br />
<br />
Then we can start installing and Configuring strongSwan.<br />
<br />
Run an update on the system first. <br />
<br />
<span style="color: lime; font-family: Courier New, Courier, monospace;">apt-get update</span><br />
<br />
Then install strongSwan with apt-get<br />
<br />
<span style="color: lime; font-family: Courier New, Courier, monospace;">apt-get install strongswan</span><br />
Now we have all the software we need. Next step is to configure strongSwan. In this configuration there are two important files.<br />
<br />
/etc/ipsec.conf <br />
/etc/ipsec.secrets <br />
<br />
ipsec.conf file holds all configuration items related to strongSwan and ipsec.secrets file holds shared keys.<br />
<br />
First we need to edit ipsec.conf file. Open the file with a text editor. I used vi.<br />
<br />
<span style="color: lime; font-family: Courier New, Courier, monospace;">vi /etc/ipsec.conf</span><br />
<br />
And enter the following content. I’ll explain the context in a second.<br />
<br />
<span style="color: lime; font-family: Courier New, Courier, monospace;">conn %default<br /> ikelifetime=8h<br /> keylife=1h<br /> rekeymargin=3m<br /> keyingtries=%forever<br /> keyexchange=ike<br /> authby=psk<br /> ike=3des-sha1-modp1024<br /> esp=3des-md5-modp1536<br /> auto=route<br /> left=172.32.1.63<br /> leftid=ip-172-32-1-63<br /> leftfirewall=no<br /> right=vpn.achinthagunasekara.com<br /> rightid=@gateway1.achinthaguasekara.com</span></div>
<div>
<span style="color: lime; font-family: Courier New, Courier, monospace;"><br />conn home_lan<br /> leftsubnet=172.32.0.0/16<br /> rightsubnet=192.168.0.0/24<br /><br />conn home_ssl_vpn<br /> leftsubnet=172.32.0.0/16<br /> rightsubnet=10.242.2.0/24</span><br /></div>
<div>
As you can see we use Internet Key Exchange (ike) for this. If you use ike2 it won’t work, because Sophos UTM uses a older version of IPSec.<br />
<br />
Then we need to configure our left (AWS) and right (Home Network) subnets. You’ll need to adjust these values to match your network configuration.<br />
Have a look at the “right” configuration item. I used myvpn.achinthagunasekara.com as my IP address. I have a DNS entry that points myvpn.achinthagunasekara.com to my IP address. However my internet provider hasn’t provided me with a static IP, so I had to use No-IP service. Have a look at their website and it’s a free service. I won’t take about setting up dynamic DNS here.<br />
<br />
Then I used gateway1.achinthaguasekara.com as my VPN ID for the UTM. I’ll talk about setting this up in a bit.<br />
<br />
Also I have 2 subnets at home - 192.168.0.0/24 and 10.242.2.0/24. I have added a configuration item for each subnet above as you can see (home_lan, home_ssl_vp).<br />
<br /></div>
<div>
Now we are done with this file.<br />
<br />
Next open ipsec.secrets file.<br />
<br />
<span style="color: lime; font-family: Courier New, Courier, monospace;">vi /etc/ipsec.secrets</span><br />
<br />
All we need to enter here is our shared key between these two hosts. You’ll see some comments on the file, but ignore them and add this line to the bottom of the file.<br />
<br />
<span style="color: lime; font-family: Courier New, Courier, monospace;">172.32.0.10 myvpn.achinthagunasekara.com : PSK abc123</span><br />
<br />
Again I have used myvpn.achinthagunasekara.com instead of the IP address. Make sure you enter the spaces in the above line as it is or it won’t work! (There is a space before : symbol and one more after it) Also I've used abc123 as the key here, but you should use something stronger.</div>
<div>
<br />
Now you can start your IPsec server.<br />
<br />
To start the server simply run the following command.<br />
<br />
<span style="color: lime; font-family: Courier New, Courier, monospace;">ipsec start</span><br />
<br />
You can replace “start” with “stop” to stop the service or “status” to get the status of the service.<br />
<br />
Now we are almost done with the configuration on AWS. <br />
<br />
Last thing is we need to update the VPC route table to route all traffic for 192.168.0.0/24 to go though the VPN gateway (172.32.0.10).<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEje1PRTOXPL9bvxZPiqSMU9p56eznXRdgbFL3wcI_7Z1EAXttLFcvpb6pLoX31pojYWUCfti_9PU95CxTAKjLKkD0UqtJNEkGK_ajXZfxMHBWPw1QQJ-WK_ErIgwtoc1vUenqPdtwA2jFdc/s1600/Screen+Shot+2015-08-25+at+1.32.26+pm.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="152" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEje1PRTOXPL9bvxZPiqSMU9p56eznXRdgbFL3wcI_7Z1EAXttLFcvpb6pLoX31pojYWUCfti_9PU95CxTAKjLKkD0UqtJNEkGK_ajXZfxMHBWPw1QQJ-WK_ErIgwtoc1vUenqPdtwA2jFdc/s400/Screen+Shot+2015-08-25+at+1.32.26+pm.png" width="400" /></a></div>
<br />
Also make sure, your AWS Security Group is not blocking any UDP traffic on ports 500 and 4500 as below. These ports are used for IPsec communication.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg97X5f6O7xvuQKDVkZXgfic7YWR65d849ZeQlT32WSWLTFj4M2eDVe7aqW00irr8gCeb9CEusPVq8wO6wWbNP-Ri_DvrdozViDQYtSAf21WC4mimINyIBO_hlTJobJwheYTXdjGXJw3ryl/s1600/Screen+Shot+2015-08-25+at+1.32.41+pm.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="216" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg97X5f6O7xvuQKDVkZXgfic7YWR65d849ZeQlT32WSWLTFj4M2eDVe7aqW00irr8gCeb9CEusPVq8wO6wWbNP-Ri_DvrdozViDQYtSAf21WC4mimINyIBO_hlTJobJwheYTXdjGXJw3ryl/s400/Screen+Shot+2015-08-25+at+1.32.41+pm.png" width="400" /></a></div>
<br />
That’s it. Now let's setup the UTM.<br />
<br />
Login to the UTM.<br />
<br />
Click on Site-to-Site VPN and then IPSec.<br />
<br />
Now select Advanced tab and select Hostname as the VPN ID type. Enter your hostname as the VPN ID.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZfjnwq63UET6VfVzsEWvKDrhQTRJT-RMDTvxjm1ax7TtjLFDJ1f2OuSWMjX_U5mqYJN5h4LE55zf3j7kX6DUx0GcFPr8gjdVnXXvyqhH1Jd8Q8J1wtTMpcnyp85z25hs064OUJUfmtt5D/s1600/1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="196" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZfjnwq63UET6VfVzsEWvKDrhQTRJT-RMDTvxjm1ax7TtjLFDJ1f2OuSWMjX_U5mqYJN5h4LE55zf3j7kX6DUx0GcFPr8gjdVnXXvyqhH1Jd8Q8J1wtTMpcnyp85z25hs064OUJUfmtt5D/s400/1.png" width="400" /></a></div>
<br />
<br />
Now select Remote Gateways tab and add the newly created gateway as below.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2hbX2k3GU6JzRviktFei3Bo9qUnBPPK9LT5S_dv4Ny62UIEinh9ZDqyU3Cik7C9gC4N7J900a9usbwI7X1kdH0Oav-QwU-MDKM1qLyia4pjP7U7qoA9OkdpR1_E2DAlFd4gXPyWoLYTGS/s1600/1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2hbX2k3GU6JzRviktFei3Bo9qUnBPPK9LT5S_dv4Ny62UIEinh9ZDqyU3Cik7C9gC4N7J900a9usbwI7X1kdH0Oav-QwU-MDKM1qLyia4pjP7U7qoA9OkdpR1_E2DAlFd4gXPyWoLYTGS/s400/1.png" width="257" /></a></div>
<br />
Then enter the key we've setup earlier (abc123 in my case).<br />
<br />
Then go to Connections and setup a new connection using the Remote Gateway as below.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhlX3eM9p3u4UD1R1TBCSzwVkQT-h_KiP1E9s3HK1BplXwWnIrCF5cxOouSYwgV0qfgZloUiYPfNqEAwki4eQx3RH1O3SfGp5O3_Az4gF_amoCZRy3X5bDjuPs0q835L7jhwUKNz1mVm46T/s1600/Screen+Shot+2015-08-27+at+9.52.47+am.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhlX3eM9p3u4UD1R1TBCSzwVkQT-h_KiP1E9s3HK1BplXwWnIrCF5cxOouSYwgV0qfgZloUiYPfNqEAwki4eQx3RH1O3SfGp5O3_Az4gF_amoCZRy3X5bDjuPs0q835L7jhwUKNz1mVm46T/s400/Screen+Shot+2015-08-27+at+9.52.47+am.png" width="250" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
As you can see, I have added both my home subnets to the Local Networks section - 192.168.0.0/24 and 10.242.2.0/24. Second subnet (10.242.2.0/24) is only used when remote users VPN into my UTM. I have added this to the tunnel so I can access my AWS VPC directly when I connect to my home network remotely using VPN.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Make sure to select all the local networks that must have access to this VPN tunnel.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
If all working, you'll be able to see the tunnel is successfully established as below.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-MxM7rfIy1OxCc2j1XgTkUqHtgl1Or1su_Beyid4rtkH9ZmiUlInACvdN5OuSruPDY2WXq1f9xowTxrAELISztAg8IEkeXCm92_ft9tTRx1CtmrRpWFBRYLGn6JH6H168BSO-lCvbV1tG/s1600/1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="111" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-MxM7rfIy1OxCc2j1XgTkUqHtgl1Or1su_Beyid4rtkH9ZmiUlInACvdN5OuSruPDY2WXq1f9xowTxrAELISztAg8IEkeXCm92_ft9tTRx1CtmrRpWFBRYLGn6JH6H168BSO-lCvbV1tG/s400/1.png" width="400" /></a></div>
<h3>
Troubleshooting</h3>
<div class="separator" style="clear: both; text-align: left;">
If you are having any issues, click on the Live Log button on the Sophos UTM.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAJS9Da9l_-XR3wQYcxkWpiSaNOo5mmfEaEJfstI3s7g_stuQdFezjlYjF0QbGcLvGYFUU8CbHLCYf0DZf13QJjravzom7khJ-W2rMo6T9qphnLMBbDkMHIXaWvh6sDBMHgiTmfM2EdyAZ/s1600/1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="192" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAJS9Da9l_-XR3wQYcxkWpiSaNOo5mmfEaEJfstI3s7g_stuQdFezjlYjF0QbGcLvGYFUU8CbHLCYf0DZf13QJjravzom7khJ-W2rMo6T9qphnLMBbDkMHIXaWvh6sDBMHgiTmfM2EdyAZ/s400/1.png" width="400" /></a></div>
<div class="separator" style="clear: both;">
Or tail the log messages on the strongSwan VPN gateway. Log files are located at /var/log/syslog </div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
<span style="color: lime; font-family: Courier New, Courier, monospace;">tail -f /var/log/syslog</span></div>
</div>
Achintha Gunasekarahttp://www.blogger.com/profile/14234285347304435086noreply@blogger.com0tag:blogger.com,1999:blog-1926865533890024952.post-14676313825980156002015-08-13T17:29:00.000-07:002015-08-13T17:38:36.274-07:00Activating a Windows Server 2012 R2 Evaluation Installation With a Valid LicenseI was trying to activate a Windows Server 2012 R2 server that I installed as an evaluation.<br />
However when I entered the license key I was getting an error message.<br />
<br />
"That key can be used to activate this edition of Windows. Please try a different key"<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdAIcL_KlOuhF-nWRF0T9OUyKNaaWtN8XJ11WQu98E_NgaPD9WOzdqrHCf0ZxugVYDJGdYyCe6iHTo1VaBNTv_mHmF-vvKL8Z_qa3wYg51kHG9sRfGaPIEf4u0s90rQwM6VC6WRR85u4jg/s1600/Screen+Shot+2015-08-14+at+10.08.46+am.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="204" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdAIcL_KlOuhF-nWRF0T9OUyKNaaWtN8XJ11WQu98E_NgaPD9WOzdqrHCf0ZxugVYDJGdYyCe6iHTo1VaBNTv_mHmF-vvKL8Z_qa3wYg51kHG9sRfGaPIEf4u0s90rQwM6VC6WRR85u4jg/s400/Screen+Shot+2015-08-14+at+10.08.46+am.png" width="400" /></a></div>
<br />
So after doing some digging on the internet I found the following command to remove the existing<br />
key and add a new key.<br />
<div>
<br /></div>
<div>
To remove the current key I ran,</div>
<br />
<span style="color: lime; font-family: Courier New, Courier, monospace;">slmgr -upk</span><br />
<div>
<br /></div>
<div>
To install the new key I ran the following command with the new key,</div>
<div>
<br />
<span style="color: lime; font-family: Courier New, Courier, monospace;">slmgr -ipk XXXX-XXXX-XXXX-XXXX </span></div>
<div>
<br /></div>
However I got a wired error and it failed.<br />
<br />
“Error: 0xC004F069 On a computer running Microsoft Windows non-core edition, run ‘slui.exe 0x2a 0xC004F069′ to display the error text”<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQxdm21NeU9-Dum2X2_HoREPYhBfoy2-aRig2iGg5m8d087qf-cweFPHIadVVA0gxqULkCa66YpHH6xC-o028Meny3cN8C9z0kOJIoor32FGJlcgL8tJUSoqPrNTjE-GVRcHa4NfsEl8_c/s1600/Screen+Shot+2015-08-14+at+10.29.49+am.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="136" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQxdm21NeU9-Dum2X2_HoREPYhBfoy2-aRig2iGg5m8d087qf-cweFPHIadVVA0gxqULkCa66YpHH6xC-o028Meny3cN8C9z0kOJIoor32FGJlcgL8tJUSoqPrNTjE-GVRcHa4NfsEl8_c/s400/Screen+Shot+2015-08-14+at+10.29.49+am.png" width="400" /></a></div>
<br />
<div>
<br /></div>
<div>
So after doing more digging on the internet I found some more information.<br />
<br />
found the <a href="http://technet.microsoft.com/en-us/library/hh825157.aspx">DISM TechNet reference </a>and the DISM.exe /Online /Get-TargetEditions command. It seems like I need to change the Windows edition when activating. So I had to customise the command as below and ran it again (I'm activating Windows Server 2012 R2 Standard Edition).<br />
<br />
<span style="color: lime; font-family: Courier New, Courier, monospace;">DISM /online /Set-Edition:ServerStandard /ProductKey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX /AcceptEula</span></div>
<div>
<br /></div>
<div>
and WooHoo! it worked! Server needs a reboot once you run this command though.</div>
Achintha Gunasekarahttp://www.blogger.com/profile/14234285347304435086noreply@blogger.com0tag:blogger.com,1999:blog-1926865533890024952.post-50002176939151448122015-08-06T18:19:00.001-07:002015-08-17T15:57:17.337-07:00Monitoring ESXi Machines with NagiosI was looking for a way to monitor my ESXi 6.0 machine and stumbled upon a script. However there were few issues with the script and I had to modify it.<br />
You can download the modified version from my GitHub. <a href="https://github.com/achintha85/check_vmware_api" target="_blank">Click here</a> to download.<br />
<h3>
</h3>
<h3>
Dependency Packages</h3>
<br />
I'd assume you have a working Perl installation. Please install following packages using yum as well.<br />
<br />
<span style="color: lime;"><span style="font-family: "Courier New",Courier,monospace;">yum intall cpanm<br />yum erase perl-XML-SAX-Base-1.04-1.el6.rf.noarch<br />yum install perl-XML-SAX<br />yum install perl-Nagios-Plugin libuuid* perl-XML-LibXML<br />yum install perl-Crypt-SSLeay<br />yum install openssl-devel<br />yum install libuuid-devel perl-YAML perl-Devel-CheckLib gcc perl-CPAN libxml2-devel.x86_64</span></span><br />
<br />
Also install the following Perl modules using CPAN and CPANM<br />
<br />
<span style="color: lime;"><span style="font-family: "Courier New",Courier,monospace;">cpan -i JSON::PP<br />cpan -i Fatal<br />cpan -i Class::MethodMaker<br />cpan -i Env<br />cpan -i Class::MethodMaker<br /><br />cpanm Params::Validate<br />cpanm Monitoring::Plugin<br />cpanm XML::LibXML::Common XML::LibXML Class::MethodMaker</span></span><br />
<h3>
</h3>
<h3>
Installing vSphere Perl SDK for vSphere 6.0 </h3>
<br />
Download vSphere Perl SDK for vSphere 6.0 from <a href="https://developercenter.vmware.com/web/sdk/60/vsphere-perl" target="_blank">VMware downloads</a><br />
<br />
Run the installation script in downloaded SDK to install as below,<br />
<br />
<span style="color: lime;"><span style="font-family: "Courier New",Courier,monospace;">./vmware-install.pl --prefix=/opt/vmwarecli EULA_AGREED=yes</span></span><br />
<h3>
</h3>
<h3>
Running the Script </h3>
<br />
Now you should be able to run the script and get status from the ESXi server.<br />
<br />
EG:<br />
<br />
To get CPU usage,<br />
<br />
<span style="color: lime;"><span style="font-family: "Courier New",Courier,monospace;">./check_vmware_api.pl -D hypervisor1 -u ESXi_USER -p ESXi_PASSWORD -l cpu -s useage -w 92 -c 98</span></span><br />
<br />
To get up time,<br />
<br />
<span style="color: lime;"><span style="font-family: "Courier New",Courier,monospace;">./check_vmware_api.pl -H hypervisor1 -u </span></span><span style="color: lime; font-family: 'Courier New', Courier, monospace;">ESXi_USER</span><span style="color: lime;"><span style="font-family: "Courier New",Courier,monospace;"> -p ESXi_PASSWORD -l uptime</span></span><br />
<br />
Please run the script as below to get a full list of available options<br />
<span style="color: lime;"><span style="font-family: "Courier New",Courier,monospace;"><br />./check_vmware_api.pl</span></span>Achintha Gunasekarahttp://www.blogger.com/profile/14234285347304435086noreply@blogger.com1tag:blogger.com,1999:blog-1926865533890024952.post-72951990306579960642015-08-06T17:39:00.001-07:002015-08-06T19:04:12.200-07:00How to Configure Sendmail to Work with Gmail SMTP Relay on CentOS 7I was trying to setup notifications on my home Nagios server. However I couldn't get sendmail to send an email because I don't have a static IP with my home internet connection. Every time I restart my modem, my external IP gets changed and it seems to be black listed and I couldn't send any emails to my iColud account.<br />
<br />
The solution was simple. All I had to do is to configure sendmail to relay all my mail though Google's SMTP servers. However configuring this wasn't as smooth as I though. There were dependency requirements and after almost giving up, I got this to work! Here's how...<br />
<h3>
Installing Sendmail</h3>
Install sendmail with yum (sendmail-cf is needed for configation of sendmail)<br />
<br />
<span style="color: lime;"><span style="font-family: "Courier New",Courier,monospace;">yum install sendmail sendmail-cf</span></span><br />
<br />
Then install sendmail-cf for configation of sendmail.<br />
<h3>
Additional Packages</h3>
Then Install cyrus-sasl-plain package.<br />
<br />
<span style="color: lime;"><span style="font-family: "Courier New",Courier,monospace;">yum install cyrus-sasl-plain.x86_64</span></span><br />
<br />
If your SASL installation doesn’t have the “plain” and “login” lib you will have authentication problem with Gmail. You can see why when you get to the sendmail configuration in the later steps. The common error in the /var/log/maillog is this:<br />
<br />
<span style="color: lime;"><span style="font-family: "Courier New",Courier,monospace;">AUTH=client, available mechanisms do not fulfill requirements</span></span><br />
<br />
This took me a really log time to debug, because this error message isn't very clear.<br />
<h3>
</h3>
<h3>
Creating Certificates</h3>
<br />
Then go to /etc/mail directory and create a directory called certs inside.<br />
<br />
Generate cakey.pem private key and sendmail.pem certificate by running following two command.<br />
<span style="color: lime;"><br /></span>
<span style="color: lime;"><span style="font-family: "Courier New",Courier,monospace;">openssl req -new -x509 -keyout cakey.pem -out cacert.pem -days 3650</span></span><br />
<span style="color: lime;"><span style="font-family: "Courier New",Courier,monospace;">openssl req -nodes -new -x509 -keyout sendmail.pem -out sendmail.pem -days 3650</span></span><br />
<br />
Enter the appropriate information when you're generating the certificates, such as your name, organization and email address.<br />
<br />
I also copied /etc/pki/tls/certs/ca-bundle.crt to /ect/mail/certs and included it in the sendmail configuration file.<br />
<br />
<span style="color: lime;"><span style="font-family: "Courier New",Courier,monospace;">cp /etc/pki/tls/certs/ca-bundle.crt /etc/mail/certs </span></span><br />
<br />
Other wise you’ll see some error like this:<br />
<br />
<span style="color: lime;"><span style="font-family: "Courier New",Courier,monospace;">unable to get local issuer certificate</span></span><br />
<br />
The reason is that the ca bundle file has the Gmail certificate issuer. Although I read it somewhere that email still goes out with this error. Nonetheless, we don’t need to see this if we can fix it.<br />
<h3>
</h3>
<h3>
Configuration Gmail Authentication </h3>
<br />
Then I have the /etc/mail/auth/client-info looks like the following. This is to store the authentication details to my Gmail account. (Create a directory called auth inside /etc/mail to keep this file separate form other files)<br />
<br />
<span style="color: lime;"><span style="font-family: "Courier New",Courier,monospace;">AuthInfo:smtp.gmail.com “U:root” “I:username@gmail.com” “P:password” “M:PLAIN”</span></span><br />
<span style="color: lime;"><span style="font-family: "Courier New",Courier,monospace;">AuthInfo:smtp.gmail.com:587 “U:root” “I:username@gmail.com” “P:password” “M:PLAIN”</span></span><br />
<br />
If you use Gmail hosted email with your own domain name, you will have username@hostname.tld in there.<br />
<br />
Make sure run:<br />
<br />
<span style="color: lime;"><span style="font-family: "Courier New",Courier,monospace;">makemap -r hash /etc/mail/auth/client-info.db < /etc/mail/auth/client-info</span></span><br />
<br />
and chmod 600 on client info files<br />
<h3>
</h3>
<h3>
Sendmail Configuration</h3>
<br />
Now open /etc/mail/sendmail.mc file<br />
<br />
Add the following lines after "dnl # be sent out through an external mail server:" line<br />
<br />
<span style="color: lime;"><span style="font-family: "Courier New",Courier,monospace;">FEATURE(`authinfo',`hash /etc/mail/authinfo/gmail-auth.db')dnl</span></span><br />
<span style="color: lime;"><span style="font-family: "Courier New",Courier,monospace;">define(`SMART_HOST',`smtp.gmail.com')dnl</span></span><br />
<span style="color: lime;"><span style="font-family: "Courier New",Courier,monospace;">define(`RELAY_MAILER_ARGS', `TCP $h 587')</span></span><br />
<span style="color: lime;"><span style="font-family: "Courier New",Courier,monospace;">define(`ESMTP_MAILER_ARGS', `TCP $h 587')</span></span><br />
<span style="color: lime;"><span style="font-family: "Courier New",Courier,monospace;"><br /></span></span>
<span style="color: lime;"><span style="font-family: "Courier New",Courier,monospace;">define(`CERT_DIR', `/etc/mail/certs')</span></span><br />
<span style="color: lime;"><span style="font-family: "Courier New",Courier,monospace;">define(`confCACERT_PATH', `CERT_DIR')</span></span><br />
<span style="color: lime;"><span style="font-family: "Courier New",Courier,monospace;">define(`confCACERT', `CERT_DIR/ca-bundle.crt')</span></span><br />
<span style="color: lime;"><span style="font-family: "Courier New",Courier,monospace;">define(`confCRL', `CERT_DIR/ca-bundle.crt')</span></span><br />
<span style="color: lime;"><span style="font-family: "Courier New",Courier,monospace;">define(`confSERVER_CERT', `CERT_DIR/sendmail.pem')</span></span><br />
<span style="color: lime;"><span style="font-family: "Courier New",Courier,monospace;">define(`confSERVER_KEY', `CERT_DIR/sendmail.pem')</span></span><br />
<span style="color: lime;"><span style="font-family: "Courier New",Courier,monospace;">define(`confCLIENT_CERT', `CERT_DIR/sendmail.pem')</span></span><br />
<span style="color: lime;"><span style="font-family: "Courier New",Courier,monospace;">define(`confCLIENT_KEY', `CERT_DIR/sendmail.pem')</span></span><br />
<span style="color: lime;"><span style="font-family: "Courier New",Courier,monospace;"><br /></span></span>
<span style="color: lime;"><span style="font-family: "Courier New",Courier,monospace;">define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')</span></span><br />
<span style="color: lime;"><span style="font-family: "Courier New",Courier,monospace;">TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')</span></span><br />
<br />
Build sendmail.cf from sendmail.mc. Use the following command,<br />
<br />
<span style="color: lime;"><span style="font-family: "Courier New",Courier,monospace;">m4 sendmail.mc > sendmail.cf</span></span><br />
<br />
Now restart sendmail.<br />
<br />
<span style="color: lime;"><span style="font-family: "Courier New",Courier,monospace;">systemctl restart sendmail</span></span><br />
<br />
Send an email using the following command<br />
<br />
<span style="color: lime;"><span style="font-family: "Courier New",Courier,monospace;">echo "Subject: test" | /usr/lib/sendmail -v youremail@yourdomain.com</span></span><br />
<br />
For debugging data, please look at /var/log/maillog file.<br />
<h3>
</h3>
<h3>
Additional Information</h3>
<br />
To empty your mail queue run the following command,<br />
<br />
<span style="color: lime;"><span style="font-family: "Courier New",Courier,monospace;">rm -rf /var/spool/mqueue/*</span></span><br />
<br />
To delete all mail for root, run the following command,<br />
<br />
<span style="color: lime;"><span style="font-family: "Courier New",Courier,monospace;">cat /dev/null > /var/spool/mail/root</span></span><br />
<br />
When I was doing this configuration, I found this <a href="http://www.phinesolutions.com/sendmail-gmail-smtp-relay-howto.html" target="_blank">article</a> to be greatly helpful.Achintha Gunasekarahttp://www.blogger.com/profile/14234285347304435086noreply@blogger.com1tag:blogger.com,1999:blog-1926865533890024952.post-73799588366523972142015-07-08T20:04:00.000-07:002015-07-08T20:04:12.853-07:00Join RHEL/CentOS to Active Directory Domain 2012 R2Joining a Linux Server to a windows domain is one of the more advanced tasks in Linux administration, however can be accomplished with the help of a few simple tools.<br /><br />Login as root<br /><br />Install the per-requisites using following command,<br /><br />yum -y install nscd.x86_64 pam_krb5.x86_64 samba-winbind.x86_64<div>
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidKaA885D7jxnX52caSCuDBj2183IL04dWo0YLS5n5f6dj_lW2dwhHMbvUC0H8sSjurrhZeP1OiLGqz_CI_xXEuU0j54iYtROmaQFD-8Y-TTvaY9zmN3ah7_0MfMze24OeAb3_Hq8IrTb_/s1600/Screen+Shot+2015-07-09+at+12.46.42+pm.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidKaA885D7jxnX52caSCuDBj2183IL04dWo0YLS5n5f6dj_lW2dwhHMbvUC0H8sSjurrhZeP1OiLGqz_CI_xXEuU0j54iYtROmaQFD-8Y-TTvaY9zmN3ah7_0MfMze24OeAb3_Hq8IrTb_/s1600/Screen+Shot+2015-07-09+at+12.46.42+pm.png" /></a></div>
<div>
<br /></div>
<div>
<br />Once installed, open authconfig-tui util</div>
<br />
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEihY34AChboIGWwK5n5835u7NfiILPiY8eiBG5n4voTvmjpEokiGIrVuQFdcyNlSNif-YkbthhwnoNj10Y7k7l-FXaahI2bWY8nLbyN9IU9JHoaoxHWWKX8KPRZJpFu8fkx1Lk_Q4T09mOs/s1600/Screen+Shot+2015-07-09+at+12.54.39+pm.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEihY34AChboIGWwK5n5835u7NfiILPiY8eiBG5n4voTvmjpEokiGIrVuQFdcyNlSNif-YkbthhwnoNj10Y7k7l-FXaahI2bWY8nLbyN9IU9JHoaoxHWWKX8KPRZJpFu8fkx1Lk_Q4T09mOs/s1600/Screen+Shot+2015-07-09+at+12.54.39+pm.png" /></a></div>
<div>
<br /></div>
<div>
<br />Configure exactly as shown on the screen</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyd6Hfu1sJ9e7Ywu5H9dRnJ0YdmiE3pRBhTFZmiNnRQBccpXibDZ5N1Tmw_EvfuX5WbKBKW6Iyu8vlmJHVzjM0G3t0OhFUjHhASEhXfW71MlgSx1_0X09j4t4QdNuCPQSRHIoY9xo4OxVJ/s1600/Screen+Shot+2015-07-09+at+12.55.23+pm.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyd6Hfu1sJ9e7Ywu5H9dRnJ0YdmiE3pRBhTFZmiNnRQBccpXibDZ5N1Tmw_EvfuX5WbKBKW6Iyu8vlmJHVzjM0G3t0OhFUjHhASEhXfW71MlgSx1_0X09j4t4QdNuCPQSRHIoY9xo4OxVJ/s1600/Screen+Shot+2015-07-09+at+12.55.23+pm.png" /></a></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
Now part 2 (customize for your domain)</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0kC1lB4a_oxO6qxABF-pCfoZJ27H4v9ZjrxW2V5GbKrKjgj03LjmYjSERwLKcBjg81f4kvO_zN5cglzakNibdIufeYKsNxsTKY_Njqg653LfCaI7b2kKx1H7slkW7lbSURJ6YHYKpjRkb/s1600/Screen+Shot+2015-07-09+at+12.56.08+pm.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0kC1lB4a_oxO6qxABF-pCfoZJ27H4v9ZjrxW2V5GbKrKjgj03LjmYjSERwLKcBjg81f4kvO_zN5cglzakNibdIufeYKsNxsTKY_Njqg653LfCaI7b2kKx1H7slkW7lbSURJ6YHYKpjRkb/s1600/Screen+Shot+2015-07-09+at+12.56.08+pm.png" /></a></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div>
Make sure it’s not set to /sbin/nologin otherwise domain users will not have shell access<br /><br />Save the config<br /><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNhCxnWtb9ynAGeZ4gYFyzPbjHx7E4riTqFGlGSjfhbvYa6Q3KPcRehUJiRtMBDrGBF3pPvXBfa7JlyfTBniCZ19XELLdZHFywQe9hflnAWXIwgFGIaqcVw53qOLNdnNo7zL3qAvnl-4Tw/s1600/Screen+Shot+2015-07-09+at+12.56.57+pm.png" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-right: 1em; text-align: center;"><img border="0" height="188" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNhCxnWtb9ynAGeZ4gYFyzPbjHx7E4riTqFGlGSjfhbvYa6Q3KPcRehUJiRtMBDrGBF3pPvXBfa7JlyfTBniCZ19XELLdZHFywQe9hflnAWXIwgFGIaqcVw53qOLNdnNo7zL3qAvnl-4Tw/s320/Screen+Shot+2015-07-09+at+12.56.57+pm.png" width="320" /></a><br /><br />Now enter your windows domain administrator password (only works with administrator)</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgzFThnULDhU2I5lynOLlzyfZQVPUfTIgOYVALN0PWPuzJNHqoMFG39XZm0dRcrUonCCD8a0E_lScVfw2Hkwr7ctiiWbtDuIUMtPdZDUUuPRCAptjjQC7W6-oUowVgj4NAh6ddVoD-SSr8Q/s1600/Screen+Shot+2015-07-09+at+12.57.07+pm.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="173" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgzFThnULDhU2I5lynOLlzyfZQVPUfTIgOYVALN0PWPuzJNHqoMFG39XZm0dRcrUonCCD8a0E_lScVfw2Hkwr7ctiiWbtDuIUMtPdZDUUuPRCAptjjQC7W6-oUowVgj4NAh6ddVoD-SSr8Q/s320/Screen+Shot+2015-07-09+at+12.57.07+pm.png" width="320" /></a></div>
<div>
<br /><br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
Joined the domain successfully<br /><br />Now from here reboot<br /><br />you should notice a object in Active Directory Users & Computers<br /><br />to login as a domain user use the following DOMAIN/username</div>
<div>
<br /></div>
<div>
<a href="http://blog.zwiegnet.com/linux-server/join-centos-to-active-directory-domain/" target="_blank">Reference</a></div>
Achintha Gunasekarahttp://www.blogger.com/profile/14234285347304435086noreply@blogger.com0tag:blogger.com,1999:blog-1926865533890024952.post-58340220792864345102015-05-06T19:08:00.001-07:002015-05-06T19:09:13.093-07:00How to test an IMAP server by using telnet<h2>
How to test an IMAP server by using telnet</h2>
What you need<br />
<ul>
<li>The host name of the IMAP server (for use in the telnet command)</li>
<li>The IMAP user name (for use in the LOGIN command)</li>
<li>The IMAP user’s password (for use in the LOGIN command)</li>
</ul>
<h3>
Encryption</h3>
<br />
For added security, you can encrypt your IMAP connection. This requires that your server supports SSL or TLS and that you have access to an SSL/TLS client program, for example OpenSSL, to use instead of telnet.<br />
<br />
As the port-number normally is 993, an example OpenSSL command would be openssl s_client -connect imap.example.com:993 -quiet. (If you would like to see the public key of the server, as well as some other encryption-related information, omit -quiet.) The server should then start an IMAP session, displaying a greeting such as the * OK Dovecot ready example below.<br />
<h3>
What to do</h3>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">The initial telnet: > symbolises your shell prompt.</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"><br /></span>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">telnet: > telnet imap.example.com imap</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">telnet: Trying 192.0.2.2...</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">telnet: Connected to imap.example.com.</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">telnet: Escape character is '^]'.</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">server: * OK Dovecot ready.</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">client: a1 LOGIN MyUsername MyPassword</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">server: a1 OK Logged in.</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">client: a2 LIST "" "*"</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">server: * LIST (\HasNoChildren) "." "INBOX"</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">server: a2 OK List completed.</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">client: a3 EXAMINE INBOX</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">server: * FLAGS (\Answered \Flagged \Deleted \Seen \Draft)</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">server: * OK [PERMANENTFLAGS ()] Read-only mailbox.</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">server: * 1 EXISTS</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">server: * 1 RECENT</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">server: * OK [UNSEEN 1] First unseen.</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">server: * OK [UIDVALIDITY 1257842737] UIDs valid</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">server: * OK [UIDNEXT 2] Predicted next UID</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">server: a3 OK [READ-ONLY] Select completed.</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">client: a4 FETCH 1 BODY[]</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">server: * 1 FETCH (BODY[] {405}</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">server: Return-Path: sender@example.com</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">server: Received: from client.example.com ([192.0.2.1])</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">server: by mx1.example.com with ESMTP</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">server: id <20040120203404.CCCC18555.mx1.example.com@client.example.com></span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">server: for <recipient@example.com>; Tue, 20 Jan 2004 22:34:24 +0200</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">server: From: sender@example.com</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">server: Subject: Test message</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">server: To: recipient@example.com</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">server: Message-Id: <20040120203404.CCCC18555.mx1.example.com@client.example.com></span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">server: </span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">server: This is a test message.</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">server: )</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">server: a4 OK Fetch completed.</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">client: a5 LOGOUT</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">server: * BYE Logging out</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">server: a5 OK Logout completed.</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"><br /></span>
<a href="http://www.anta.net/misc/telnet-troubleshooting/imap.shtml" target="_blank">Reference</a>Achintha Gunasekarahttp://www.blogger.com/profile/14234285347304435086noreply@blogger.com0tag:blogger.com,1999:blog-1926865533890024952.post-23383034948133920642014-10-22T15:39:00.001-07:002014-10-22T15:47:38.380-07:00Cross-Domain Requests in JavascriptIf you are developing a modern web-based application, chances are you:<br />
<ul>
<li>Are using javascript on the client side. </li>
<li>Need to integrate with services that are not completely under your control (or that reside in a different “origin”). </li>
<li>Have been confronted by this error message in your browser’s console: </li>
</ul>
<br />
<span style="color: red;">XMLHttpRequest cannot load</span> http://external.service/. <span style="color: red;">No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin '</span>http://my.app<span style="color: red;">' is therefore not allowed access.</span><br />
<br />
Every time I need to integrate a web app with some external service or some server-side API I have no complete control over, I bump into this error. Google has not yet provided me with a concise description of the problem or an overview of alternatives to perform Cross-Domain requests, so this post will serve as a personal future reference.<br />
<h2>
<span style="font-size: large;">Same-Origin PolicySame-Origin Policy</span></h2>
We are seeing this error because we are violating something called the Same-Origin Policy (SOP). This is a security measure implemented in browsers to restrict interaction between documents (or scripts) that have different origins.<br />
<br />
The origin of a page is defined by its protocol, host and port number. For example, the origin of this page is (‘http’,’jvaneyck.wordpress.com’, 80). Resources with the same origin have full access to each other. If pages A and B share the same origin, Javascript code included on A can perform HTTP requests to B’s server, manipulate the DOM of B or even read cookies set by B. Note that the origin is defined by the source location of the webpage. To clarify: a javascript source file loaded from another domain (e.g. a jQuery referenced from a remote CDN) will run in the origin of the HTML that includes the script, not in the domain where the javascript file originated from.<br />
<br />
For Cross-Origin HTTP requests in specific, the SOP prescribes the following general rule: Cross-Origin writes are allowed, Cross-Origin reads are not. This means that if A and C have a different origin, HTTP requests made by A will be received correctly by C (as these are “writes”), but the script residing in A will not be able to read any data -not even the response code- returned from C. This would be a Cross-Origin “read” and is blocked by the browser resulting in the error above. In other words, the SOP does not prevent attackers to write data to their origin, it only disallows them to read data from your domain (cookie, localStorage or other) or to do anything with a response received from their domain.<br />
<br />
The SOP is a Very Good Thing™. It prevents malicious script from reading data of your domain and sending it to their servers. This means that some script kiddie will not be able to steal your cookies that easily.<br />
<h2>
Performing Cross-Domain requests</h2>
Sometimes however, you have to consciously perform Cross-Domain requests. A heads up: This will require some extra work.<br />
<br />
Examples of legitimate Cross-Domain requests are:<br />
<br />
You have to integrate with a third-party service (like a forum) that has a REST API residing in a different origin.<br />
Your server-side services are hosted on different (sub)domains.<br />
Your client-side logic is served from a different origin than your server-side service endpoints.<br />
…<br />
Depending on the amount of control you have over the server-side, you have multiple options to enable Cross-Domain requests. The possible solutions I will discuss are: JSONP, the use of a server-side proxy and CORS.<br />
<br />
There are other alternatives, the most widely used being a technique using iframes and window.postMessage. I will not discuss it here, but for those interested an example can be found here.<br />
<h2>
Example of a failing Cross-Origin request</h2>
Consider the following scenario: a page with origin A want to perform a GET request to a page with origin B. This is what happens:<br />
<br />
The browser issues this request correctly to the server:<br />
<br />
<blockquote class="tr_bq">
GET / HTTP/1.1</blockquote>
<br />
The server returns the response:<br />
<br />
<blockquote class="tr_bq">
HTTP/1.1 200 OK<br />
Content-Type: application/json; charset=utf-8<br />
Content-Length: 57<br />
<br />
{<br />
"response": "This is data returned from the server"<br />
}</blockquote>
<br />
Upon reception of the response however, the browser blocks the response from propagating further and instead raises the Same-Origin violation error as shown above. For example, if you are using jQuery, the done() callback of your GET request will never get fired and you will not be able to read the data returned from the server.<br />
<br />
<h2>
JSONP</h2>
<br />
JavaScript Object Notation with Padding (JSONP in short) is a way of performing cross-domain requests by exploiting the fact that script tags in HTML pages can load code coming from a different origin. Before we go into detail, I would like to state that it has some major issues: <br />
JSONP can only be used to perform Cross-Domain GET requests. <br />
The server must explicitly support JSONP requests. <br />
You should have absolute trust in the server providing JSONP responses. JSONP could expose your website to a plethora of security vulnerabilities if the server is compromised. <br />
<br />
<br />
JSONP relies on the fact that <script> tags can have sources coming from different origins. When the browser parses a <script> tag, it will GET the script content (residing on any origin) and execute it in the current page’s context. Normally, a service would return HTML or some data represented in a data format like XML or JSON. When a request is made to a JSONP-enabled server however, it returns a script block that executes a callback function the calling page has specified, supplying the actual data as an argument. In case your head just exploded, consider the following example to make things more tangible.<br />
<br />
A page on origin 3000 wants to get some info from a resource residing in a different origin 3001. Page 3000 contains the following script tag:<br />
<br />
<blockquote class="tr_bq">
<script <br />
src='http://localhost:3001?callback=myCallbackFunction'><br />
</script></blockquote>
<br />
When the browser parses this script tag, it will issue the GET request as normal:<br />
<br />
<blockquote class="tr_bq">
GET /?callback=myCallbackFunction HTTP/1.1</blockquote>
<br />
Instead of returning raw JSON, the server returns a script block containing a function call to the function specified in the url, passing in the output data as an argument:<br />
<br />
<blockquote class="tr_bq">
HTTP/1.1 200 OK<br />
Content-Type: application/javascript<br />
</blockquote>
<blockquote>
myCallbackFunction({'response': 'hello world from JSONP!'});</blockquote>
<br />
This script block is evaluated as soon as the browser receives it. The function call inside the script block is evaluated in the context of the current page. This page contains a definition for the callback function, which can do something with the data:<br />
<br />
<blockquote class="tr_bq">
<script><br />
function myCallbackFunction(data){<br />
$('body').text(data.response);<br />
}<br />
</script></blockquote>
<br />
To summarize:<br />
<br />
<ul>
<li>Since JSONP works by including a script tag (be it in plain HTML or programmatically) which is fetched by a GET request, it only supports Cross-Origin HTTP GETs. If you want to use another HTTP verb (like POST, PUT or DELETE), you cannot use the JSONP approach. </li>
<li>This approach requires you to completely trust the server. The server could be compromised and return arbitrary code that will be executing in the context of your page (thus allowing access to your site’s cookies, localStorage, etc.). You could mitigate this by using frames and window.postMessage to sandbox cross-domain JSONP calls. For a concrete example on how to implement this. </li>
</ul>
<br />
<h2>
Server-side proxy</h2>
<br />
An alternative to circumventing the Same-Origin Policy to perform Cross-Domain requests is to simply not make any Cross-Domain requests at all! If you use a proxy that resides in your domain, you can simply use this to access the external service from your back-end code and forward the results to your client code. Because the requesting code and the proxy reside in the same domain, the SOP is not violated.<br />
<br />
This technique does not require you to alter any existing server-side code. It does require having a server-side proxy server that resides in the same domain as the Javascript code running in the browser.<br />
<br />
For completeness, I’ll give a quick example:<br />
<br />
Instead of performing a GET directly on http://localhost:3001, we are sending a request to a proxy server in our own 3000 domain:<br />
<br />
<blockquote class="tr_bq">
GET /proxy?urlToFetch=http%3A%2F%2Flocalhost%3A3001 HTTP/1.1</blockquote>
<br />
The server will perform the actual GET request to the external service. Server-side code can perform “cross-origin” requests without a problem, so this call succeeds. The proxy server just pipes the result to the client:<br />
<br />
<blockquote class="tr_bq">
HTTP/1.1 200 OK<br />
Content-Type: application/json; charset=utf-8<br />
{<br />
"response": "This is data returned from the server, proxy style!"<br />
}</blockquote>
<br />
Note that this approach also has some serious drawbacks. For example, we haven’t touched upon security-related topics in this post. If the third-party service uses cookies for authentication you cannot use this approach. Cookies for the external domain are not accessible by your own JavaScript code and are not sent to your proxy server, so there is no way to provide the cookies containing the user’s credentials to the third party service.<br />
<h2>
CORS</h2>
Chances are you’re experiencing a slight queasy feeling in your stomach by now. If you feel the previous mechanisms all have that “hacky” smell, you are absolutely right. The previous approaches are all bypassing a legitimate browser security mechanism and bypassing it will always be somewhat dirty. Luckily, there exists a cleaner solution: Cross-Origin Resource Sharing (or CORS in short).<br />
<br />
CORS provides a mechanism for servers to tell the browser it is OK for requesting domain A to read data coming from domain B. It is done by including a new Access-Control-Allow-Origin HTTP header in the response. If you remember the error message of the introduction, this is exactly what the browser is trying to tell you. When a browser receives a response from a Cross-Origin source, it will check for CORS headers. If the origin specified in the response header matches the current origin, it allows read access to the response. Otherwise, you get the nasty error message.<br />
<br />
A concrete example:<br />
<br />
Requesting origin 3000 makes the GET call as usual:<br />
<br />
<blockquote class="tr_bq">
GET / HTTP/1.1</blockquote>
<br />
The server in origin 3001 checks whether this origin may access the data and augments the response with an additional Access-Control-Allow-Origin header listing the requesting origin:<br />
<br />
<blockquote class="tr_bq">
HTTP/1.1 200 OK<br />
Access-Control-Allow-Origin: http://localhost:3000<br />
Content-Type: application/json; charset=utf-8<br />
Content-Length: 62<br />
{<br />
"response": "This is data returned from the CORS server"<br />
}</blockquote>
<br />
When the browser receives the response it compares the requesting origin (3000) to the origin listed in the Access-Control-Allow-Origin header (also 3000). Since they match, the browser allows the response to be interpreted by code residing in the 3000 origin.<br />
<br />
As always, there are some limitations to this approach. For example, older versions of Internet Explorer only partially support CORS. Also, for all but the simplest requests you have to double the amount of HTTP requests (see: preflighting CORS requests). <br />
<h2>
References </h2>
* Content of this article is taken from <a href="http://jvaneyck.wordpress.com/2014/01/07/cross-domain-requests-in-javascript/">here</a>Achintha Gunasekarahttp://www.blogger.com/profile/14234285347304435086noreply@blogger.com0tag:blogger.com,1999:blog-1926865533890024952.post-77577287226170973652014-10-19T13:56:00.000-07:002014-10-19T13:57:34.345-07:00Windows server 2008 / 2008 R2 AD Time Sync with External NTP Server<span style="font-family: Arial,Helvetica,sans-serif;">As AD servers provide time to machines in a domain it is important to have AD servers synchronized with an reliable time source.<br /><br />On AD server, you should run command prompt with administrative rights (right click / run as administrator).<br /><br />First check difference between your server and external time source (in my example 192.168.0.1)<br /><br /><i>w32tm /stripchart /computer:192.168.0.1 /samples:5 /dataonly</i><br /><br />Example:<br /> </span><br />
<blockquote class="tr_bq">
<span style="font-family: Arial,Helvetica,sans-serif;">C:\>w32tm /stripchart /computer:192.168.0.1 /samples:5 /dataonly</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;">Tracking 192.168.0.1 [192.168.0.1:123].</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;">Collecting 5 samples.</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;">The current time is 20/10/2014 7:50:58 AM.</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;">07:50:58, +00.1643852s</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;">07:51:00, +00.1643980s</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;">07:51:02, +00.1644108s</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;">07:51:04, +00.1644236s</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;">07:51:06, +00.1801061s</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"></span></blockquote>
<span style="font-family: Arial,Helvetica,sans-serif;"><br />Confiure your server to use external NTP time source for sync:<br /> </span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><i>w32tm /config /manualpeerlist:192.168.0.1,0×8, /syncfromflags:manual /update</i><br /><br />Example:<br /> </span><br />
<blockquote class="tr_bq">
<span style="font-family: Arial,Helvetica,sans-serif;">C:\>w32tm /config /manualpeerlist:192.168.0.1,0×8, /syncfromflags:manual /update</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"></span></blockquote>
<span style="font-family: Arial,Helvetica,sans-serif;"><br />The command completed successfully.<br /><br />Force sync immediately:</span><br />
<br />
<span style="font-family: Arial,Helvetica,sans-serif;"><i>w32tm /resync</i><br /><br />Now retry the first command to see the results:</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"></span><br />
<br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-family: Arial,Helvetica,sans-serif;">Example:</span></span><br />
<br />
<blockquote class="tr_bq">
<span style="font-family: Arial,Helvetica,sans-serif;">C:\>w32tm /stripchart /computer:si.pool.ntp.org /samples:5 /dataonly</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;">Tracking 192.168.0.1 [192.168.0.1:123].</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;">Collecting 5 samples.</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;">The current time is 20/10/2014 7:51:50 AM.</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;">07:51:50, +00.1803420s</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;">07:51:52, +00.1647293s</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;">07:51:54, +00.1647421s</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;">07:51:56, +00.1647549s</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;">07:51:58, +00.1647677s</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"></span></blockquote>
Achintha Gunasekarahttp://www.blogger.com/profile/14234285347304435086noreply@blogger.com0tag:blogger.com,1999:blog-1926865533890024952.post-76076301167265891772014-01-16T16:18:00.001-08:002014-01-16T16:19:00.405-08:00Monitoring NETGEAR ReadyNAS via PRTGI use Paessler PRTG; to import this file, here's how you do it:<br />
<div>
<br /></div>
<div>
<ol>
<li>Get Paessler MIB Importer v2 (a free download, <a href="http://www.paessler.com/tools/mibimporter">http://www.paessler.com/tools/mibimporter</a>)</li>
<li>Download the ReadyNAS MIB file (search for SNMP on the ReadyNAS site, <a href="http://www.readynas.com/?cat=41">http://www.readynas.com/?cat=41</a>)</li>
<li>Launch MIB importer and select "Import | MIB File"</li>
<li>Select the MIB file and click "Open". If all is well, it will think for a minute and then say "import successful".</li>
<li>Click File | Save and save the file as "ReadyNAS.oidlib".</li>
<li>Copy the oidlib file to your PRTG server in the folder C:\Program Files\PRTG Network Monitor\snmplibs</li>
<li>Go to your PRTG user interface and right click on the ReadyNAS device. Select "Add Sensor".</li>
<li>In the sensor select screen, choose "SNMP". </li>
<li>Click "SNMP Library" and select "readynas.oidlib". If the file doesn't show up yet, close and re-open your PRTG user interface and it will re-scan the folder and find your oidlib file.</li>
<li>Click next and select all the monitors you care about.</li>
</ol>
</div>
Achintha Gunasekarahttp://www.blogger.com/profile/14234285347304435086noreply@blogger.com1tag:blogger.com,1999:blog-1926865533890024952.post-46162626691592025402012-09-18T15:14:00.003-07:002012-09-18T15:16:08.665-07:00Java 7 - GUI<div class="separator" style="clear: both; text-align: left;">
Interesting video about new GUI features in Java 7.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen='allowfullscreen' webkitallowfullscreen='webkitallowfullscreen' mozallowfullscreen='mozallowfullscreen' width='320' height='266' src='https://www.youtube.com/embed/a6w6qHNtgZc?feature=player_embedded' frameborder='0'></iframe></div>
<br />Achintha Gunasekarahttp://www.blogger.com/profile/14234285347304435086noreply@blogger.com0tag:blogger.com,1999:blog-1926865533890024952.post-67099844511483853252012-04-25T15:38:00.001-07:002014-01-26T15:56:53.498-08:00Difference Between a Method and a Function<div class="separator" style="clear: both; text-align: left;">
Simple Answer is to this question is function is just a part of code that executes code and can return something. A method is, in Object Oriented Programming, a function that is bound to a class. As in C# there are no stand-alone functions, every function in C# is a method just like in Java.</div>
<br />
Let's start with properties. Properties are characteristics of an object. Examples of objects? JFrame, JButton in Java are objects. Objects can also be defined through class definitions and are instantiated when called upon and used in a program.<br />
<br />
Methods are tasks that are tied directly to an object. They occur when an action takes place upon that object. They do not exist without the presence of that object.<br />
<br />
Sub Routines (otherwise known as Independent Sub Functions) are functions that are completely INDEPENDENT of OBJECTS. That means that they can be called from anywhere in the program. They do not have a "return value," though they can return information to the calling function via parameter passing by reference.<br />
<br />
Functions are code blocks thay create change on some variable or object. They are not necessarily tied to an object (though all methods are functions) and usually have a "return value" that is caught and used somehow in the calling function. Most often, this return value is stored in a variable, though the function call itself can be used in a subsequent function call (example: Dim sum as Integer = Add(getnumber() + 2) )<br />
<div>
<br /></div>
<div>
<a href="http://wiki.answers.com/Q/What_is_the_difference_between_function_and_method">Reference 1</a></div>
<div>
<a href="http://wiki.answers.com/Q/What_is_the_difference_between_function_and_method">Reference 2</a></div>
Achintha Gunasekarahttp://www.blogger.com/profile/14234285347304435086noreply@blogger.com0tag:blogger.com,1999:blog-1926865533890024952.post-9635336480411499382012-03-08T17:29:00.002-08:002012-03-08T17:29:38.052-08:00Ten disappointments with iOS 5.1<span class="Apple-style-span" style="background-color: white; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 17px;"></span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://static.arstechnica.net/assets/2012/03/iphone-mute-4f567bc-intro-thumb-640xauto-31114.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="200" src="http://static.arstechnica.net/assets/2012/03/iphone-mute-4f567bc-intro-thumb-640xauto-31114.jpg" width="400" /></a></div>
<div style="margin-bottom: 1.308em;">
<br /></div>
<div style="margin-bottom: 1.308em;">
While the focus of Wednesday's <a href="http://arstechnica.com/apple/news/2012/03/liveblog-apples-march-7-ipad-event-in-san-francisco.ars" style="color: #ff5b00; text-decoration: none;">Apple event</a> was primarily on "the new iPad" and the perpetual hobby that is the <a href="http://arstechnica.com/apple/news/2012/03/updated-apple-tv-with-1080p-hd-ability-to-arrive-march-16-at-99.ars" style="color: #ff5b00; text-decoration: none;">Apple TV</a>, we would be remiss to forget iOS 5.1. Past point releases of the OS included notable improvements like Game Center in iOS 4.1, and the Nitro JavaScript engine, better Home Sharing, and Personal Hotspots in iOS 4.3. While Apple updated apps, and released the stunning <a href="http://arstechnica.com/apple/news/2012/03/iphoto-coming-to-ios-for-499.ars" style="color: #ff5b00; text-decoration: none;">iPhoto for iOS</a>, how is iOS 5.1 itself likely to be compared to past releases? To some, it will be a little disappointing. </div>
<div style="margin-bottom: 1.308em;">
With the help of Ars's <a href="http://arstechnica.com/civis/viewtopic.php?f=19&t=1168473" style="color: #ff5b00; text-decoration: none;">Macintosh Achaia</a> to refine the points for this article, here are ten annoyances that will remain with us as part of iOS—at least until the next iOS release rolls around.</div>
<h3 style="line-height: 1.308em;">
System Requirements</h3>
<div style="margin-bottom: 1.308em;">
Ever type an URL in Safari and see a short pause on the second or third letter as browsing history is searched? These senior Safari moments and other performance complaints on older hardware will not cease with iOS 5.1. Any additional snappiness or better battery life will be, at best, subjective.</div>
<h3 style="line-height: 1.308em;">
File Management</h3>
<div style="margin-bottom: 1.308em;">
There will be no iDisk replacement because buying Dropbox was both Plan A <em>and</em> Plan B, that is unless Plan A is the end of discrete file management in Apple’s vision of personal computing. That would also explain the current OS X Finder.</div>
<h3 style="line-height: 1.308em;">
Syncing</h3>
<div style="margin-bottom: 1.308em;">
Syncing will still not <em>really</em> be syncing. Delete a contact or calendar event on an iOS device and it rightly disappears everywhere. Delete content like podcasts or movies and everything reappears when synced unless deleted from the computer running iTunes. We're still waiting for post-PC equality.</div>
<h3 style="line-height: 1.308em;">
Mail</h3>
<div style="margin-bottom: 1.308em;">
Mail needs work. There's still no junk mail filtering on iOS devices, and if filtering is too CPU intensive or battery draining, how hard would it be to allow marking junk mail for the server side of things? Signatures by mail account is another simple improvement, too. Collapsable folders and sub-folders would be another.</div>
<h3 style="line-height: 1.308em;">
Notification Center</h3>
<div style="margin-bottom: 1.308em;">
Notification Center also remains unfinished. Little annoyances, like "Clear" buttons so small they appear designed for <em>Homo floresiensis</em>, will remain tiny. All notifications will remain from all calendars, as well, even though Calendar itself allows hiding calendars from view. Don’t expect Notification Center on the iPad to actually use the larger display any time soon, either.</div>
<h3 style="line-height: 1.308em;">
Messages</h3>
<div style="margin-bottom: 1.308em;">
Messages still continues to treat the same person sending a text from different sources as different people, despite Contacts understanding that people have more than one phone number or e-mail address.</div>
<h3 style="line-height: 1.308em;">
Photo Stream</h3>
<div style="margin-bottom: 1.308em;">
While Photo Stream finally allows for the deletion of indiscriminate pictures, does it matter if Photo Stream can’t really be shared? You can pay $4.99 for iPhoto, and most will, but why isn't there a Photo Stream website for all to see whether or not that’s an iPhone in your pocket?</div>
<h3 style="line-height: 1.308em;">
App Store</h3>
<div style="margin-bottom: 1.308em;">
Imagine going to the grocery store and being forced to buy one item and leave before coming back for something else. Welcome to the App Store, which kicks you entirely out of the app after every purchase.</div>
<h3 style="line-height: 1.308em;">
Mute</h3>
<div style="margin-bottom: 1.308em;">
There will probably never be a visual indicator for the menu bar showing the iPhone is muted. You can just stare at the side of the iPhone instead of the display, or put hand in pocket and finger the switch to see if it vibrates.</div>
<h3 style="line-height: 1.308em;">
Default Apps</h3>
<div style="margin-bottom: 1.308em;">
You will continue to be unable to delete applications like Weather or Stocks on your iOS device. Yep. Still.</div>
<h3 style="line-height: 1.308em;">
What else?</h3>
<div style="margin-bottom: 1.308em;">
One could go on, and some will no doubt disagree on the validity of some choices, but there’s another point to be made. Apple will easily sell 100 million iOS devices this year, perhaps as many as 200 million. Those buying will very likely continue to report the highest level of satisfaction with Apple’s handhelds and tablets. It’s hard to find disappointment in that.</div>
<span class="Apple-style-span" style="background-color: white; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 17px;"><a href="http://arstechnica.com/apple/news/2012/03/ten-disappointments-with-ios-51.ars">References</a> </span>Achintha Gunasekarahttp://www.blogger.com/profile/14234285347304435086noreply@blogger.com0tag:blogger.com,1999:blog-1926865533890024952.post-83410464490315376842012-03-01T16:30:00.003-08:002014-01-26T16:01:40.004-08:00Note Taking Apps on iPadLast week I decided to replace my notepad and ballpoint pen with a iPad and a stylus. I was hoping this would make my life much easier without having to look for missing papers and notebooks. With this decision, it came the quest to find a good note taking app for iPad. As usual I wanted this app to Sync everything I note down across all my devices.<br />
<br />
First I found this app called <a href="http://itunes.apple.com/au/app/penultimate/id354098826?mt=8">Penultimate</a>.<br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
This is a pretty nifty app for AUD .099 and works pretty great. It also has wrist protection and so you can take notes as you were using a paper note pad. There are custom paper designs built in and you can buy more designs if you want to.This app allows you to create and manage 100s of notebooks. Also it has a very handy feature to backup to a directory on <a href="http://www.dropbox.com/">Dropbox</a>. Also you can backup to a note book in <a href="http://www.evernote.com/">Evernote</a> if you want to. (we'll talk about this next). I've been using this app for over a week now and I'm getting use it very well. I might be better off with a good Stylus rather than the cheap one I have right now, but for now they seems to make a pretty good combination.<br />
<br />
<a href="http://www.evernote.com/">Evernote</a><br />
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
This is a document management tool. You can get a iPhone and iPad version from Apple App Store as well as a Mac version from Mac App Store. For those of you using Linux or Windows, you can use the web interface, which is very similar to Mac application. This tool allows you to organize your text notes, PDF docs, Images and even voice notes into directories and store them in a central location. These data gets sync between all your devices where you have <a href="http://www.evernote.com/">Evernote</a> app installed. However those of you who don't would have to use the web interface, which is really easy to mater. </div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Right now, I do all my handwritten notes using <a href="http://itunes.apple.com/au/app/penultimate/id354098826?mt=8">Penultimate</a> and then transfer them to <a href="http://www.evernote.com/">Evernote</a>, so no matter where I go, I'd always have all my notes with me.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Till next time...</div>
Achintha Gunasekarahttp://www.blogger.com/profile/14234285347304435086noreply@blogger.com0tag:blogger.com,1999:blog-1926865533890024952.post-75705809552641680902012-01-05T20:38:00.000-08:002014-01-26T15:59:46.279-08:00Feature of BuxferI've been a Buxfer user since early 2009. After doing lots of research over the internet I chose Buxfer to be my personal money managing software. There are lots reasons I like Buxfer. First of all I had the freedom to add my own manual accounts and transactions. Also it allowed me to do transfers between my accounts. I wasn't forced to enter my online banking log in information to download transactions. It was a great piece of software. Also mobile version of the website is very user friendly and I could enter my transactions on the go. This is why I'd choose a cloud finance software over a desktop one any day for personal use.<br />
<br />
<div class="separator" style="clear: both;">
However since early 2011, Buxfer seems to be loosing it's quality. Site went down for 4 days in January 2011 and they lost a moth worth of my transactions. This is not acceptable for a finance software. It makes you seriously wonder about their back up procedures and security of very confidential information.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Again December 2011, there seems to be few bugs such as balances wasn't updating properly and scheduled transactions were massed up. I emailed the owners of the company and it took them days to fix these issues. I still have a issue with my tags which hasn't been fixed for months now. That is when I started to look for a alternative tool to Buxfer, but my search for a new finance tool has not been successful so far.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
However I found 2 alternative services that are free and almost meet my requirements. </div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
1. GNU Cash - <a href="http://www.gnucash.org/">www.gnucash.org</a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
GNU cash is a free open sourced accounting software. It does everything Buxfer does for you. One of the problems I faced is this is a desktop application. So I need to have access to a PC that this software is installed. However this software runs on Mac, Linux and Windows which is very flexible. You can save your data file on a file sharing service such as Dropbox and have access to that file from multiple locations. However what puts me off is not having access to my data on my iPhone.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
2. Clearcheckbook - <a href="https://www.clearcheckbook.com/">https://www.clearcheckbook.com</a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
This is a service very similar to Buxfer. You can have almost all the features you'd get with Buxfer. There's a basic free membership and a paid premium membership. Premium membership allows you to upload data files such as CSV. Also it can predict your financial feature based on your current and scheduled transactions. But there is a one problem. You don't get the fancy smooth user interface that Buxfer gives you. Also if you add a new tag or a transaction, you'd need to refresh the page for it to appear on your widgets. However they have a quite fancy iPhone app, it's lot better than Buxfer's mobile web app. </div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Anyways I've decided to stick with Buxfer for a little bit longer and backup my transactions every month. If they decided to shut Buxfer down in the near feature, I'd sadly have to switch to one of the above solutions. I'm hoping insted of shutting Buxfer down, the owners would open source it or sell it. So one my favorite service can remain on the internet... </div>
Achintha Gunasekarahttp://www.blogger.com/profile/14234285347304435086noreply@blogger.com0tag:blogger.com,1999:blog-1926865533890024952.post-48544571813401299762012-01-05T15:02:00.000-08:002014-01-26T16:00:06.545-08:00SSH login without password<div class="separator" style="clear: both; text-align: left;">
Your aim</div>
<br />
You want to use Linux and OpenSSH to automize your tasks. Therefore you need an automatic login from host A / user a to Host B / user b. You don't want to enter any passwords, because you want to call ssh from a within a shell script.<br />
<div>
<br />
How to do it<br />
<br />
First log in on A as user a and generate a pair of authentication keys. Do not enter a passphrase:</div>
<div>
<br /></div>
<div>
<span class="Apple-style-span" style="color: orange;">a@A:~> ssh-keygen -t rsa </span></div>
<div>
<span class="Apple-style-span" style="color: orange;">Generating public/private rsa key pair. </span></div>
<div>
<span class="Apple-style-span" style="color: orange;">Enter file in which to save the key (/home/a/.ssh/id_rsa): </span></div>
<div>
<span class="Apple-style-span" style="color: orange;">Created directory '/home/a/.ssh'. </span></div>
<div>
<span class="Apple-style-span" style="color: orange;">Enter passphrase (empty for no passphrase): </span></div>
<div>
<span class="Apple-style-span" style="color: orange;">Enter same passphrase again: </span></div>
<div>
<span class="Apple-style-span" style="color: orange;">Your identification has been saved in /home/a/.ssh/id_rsa. </span></div>
<div>
<span class="Apple-style-span" style="color: orange;">Your public key has been saved in /home/a/.ssh/id_rsa.pub.</span></div>
<div>
<span class="Apple-style-span" style="color: orange;">The key fingerprint is:
3e:4f:05:79:3a:9f:96:7c:3b:ad:e9:58:37:bc:37:e4 a@A
</span><br />
<br />
<br />
Now use ssh to create a directory ~/.ssh as user b on B. (The directory may already exist, which is fine):</div>
<div>
<br /></div>
<div>
<span class="Apple-style-span" style="color: orange;">a@A:~> ssh b@B mkdir -p .ssh </span></div>
<div>
<span class="Apple-style-span" style="color: orange;">b@B's password:
</span><br />
<br />
Finally append a's new public key to b@B:.ssh/authorized_keys and enter b's password one last time:</div>
<div>
<br /></div>
<div>
<span class="Apple-style-span" style="color: orange;">a@A:~> cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys' </span></div>
<div>
<span class="Apple-style-span" style="color: orange;">b@B's password:
</span><br />
<br />
From now on you can log into B as b from A as a without password:</div>
<div>
<br /></div>
<div>
<span class="Apple-style-span" style="color: orange;">a@A:~> ssh b@B hostname
B</span><br />
<br />
<br />
A note from one of our readers: Depending on your version of SSH you might also have to do the following changes:<br />
Put the public key in .ssh/authorized_keys2<br />
Change the permissions of .ssh to 700<br />
Change the permissions of .ssh/authorized_keys2 to 640<br />
<br />
<a href="http://linuxproblem.org/art_9.html">Reference</a></div>
Achintha Gunasekarahttp://www.blogger.com/profile/14234285347304435086noreply@blogger.com0tag:blogger.com,1999:blog-1926865533890024952.post-79487166295405473682011-10-11T16:29:00.000-07:002014-01-26T16:00:25.623-08:00Tweaking Fedora 15 and GNOME 3<div class="separator" style="clear: both; text-align: left;">
Fedora 15 is out now and features GNOME 3.0. All in all I would say I’m very happy with F15, but to get the GNOME Shell working the way I wanted to it required a little tweaking.</div>
<br />
<div>
<span class="Apple-style-span" style="font-size: large;">Setup</span><br />
<br />
Most of these changes will require sudo access, and the use of the GnomeTweakTool program or the gconf-editor utility. To enable sudo access you must either add your user to the ‘wheel’ group, or manually edit the sudoers file with the visudocommand. I won’t cover this in more detail here as there are already plenty of tutorials for this task out there.<br />
<br />
To install the gconf-editor tool simply use the following command:</div>
<div>
<br /></div>
<div>
<span class="Apple-style-span" style="background-color: #fff2cc; color: blue;">$ sudo yum install gconf-editor
</span><br />
<br />
<span class="Apple-style-span" style="font-size: large;">Gnome Tweak Tool</span><br />
<br />
The GNOME 3.0 release saw a lot of customization features disappear from the desktop. This is understandable, as it’s hard to present users (in this case themers or normal desktop users) with stable customization options when you are still working on the system’s design. To help restore some of this functionality the GnomeTweaksTool has been created. It will allow you to change system fonts, set GTK and GNOME Shell themes, change icon sets, and even re-enable the minimize button! </div>
<div>
<br /></div>
<div>
The tool is easy to install:</div>
<div>
<br /></div>
<div>
<span class="Apple-style-span" style="background-color: #fff2cc; color: blue;">$ sudo yum install gnome-tweak-tool
</span><br />
<br />
<span class="Apple-style-span" style="font-size: large;">The Minimize Button</span><br />
<br />
So far this has been one of the biggest complains I’ve heard about the GNOME Shell, and yet it is easily fixed. If you have the GNOME Tweak Tool installed simply change the option ‘Arrangement of buttons on the titlebar’ under the ‘Shell’ options.</div>
<div>
<br /></div>
<div>
If you are using gconf-editor navigate to desktop->gnome->shell->windows and change the value of button_layout to ‘:minimize,close‘. One can also add the maximize button this way by simply setting the value to’:maximize,minimize,close‘.</div>
<div>
<br />
<span class="Apple-style-span" style="font-size: large;">Power Off and Alternative Alt-Tab</span><br />
<br />
To have GNOME show a power off option in the status menu you can install the alternative-status-menu extension.</div>
<div>
<br /></div>
<div>
<span class="Apple-style-span" style="background-color: #fff2cc; color: blue;">$ sudo yum install gnome-shell-extensions-alternative-status-menu
</span><br />
<br />
Currently, GNOME Shell has application_based alt-tab behavior. To change this to the more traditional windows-based install the alternate-tab extension.$ sudo yum install gnome-shell-extensions-alternative-tab
<br />
<br />
<span class="Apple-style-span" style="font-size: large;">Dual Monitor Workspaces</span><br />
<br />
By default GNOME Shell only considers the main monitor a ‘workspace’. Any windows on additional monitors stay the same when switching from one workspace to another. </div>
<div>
<br /></div>
<div>
To change this behavior use gconf-editor to set the desktop->gnome->shell->windows->workspace_only_on_primary to false.<br />
<br />
<a href="http://chris.wailes.name/?p=111">Reference</a></div>
Achintha Gunasekarahttp://www.blogger.com/profile/14234285347304435086noreply@blogger.com0tag:blogger.com,1999:blog-1926865533890024952.post-55160809530187359982011-09-28T19:18:00.000-07:002014-01-26T15:57:56.435-08:00Creating a custom icon for the ‘Add to Home Screen’ on iPhoneiPhone users have the ability to add an icon to their home screen that directly links to a website URL. If left alone, the icon image is generated from a screenshot of your website, which will usually look like this:<br />
<ol>
<li>However, this icon can be customized, and after years of creating fav icons for desktop websites, why not customize the icon for mobile websites? Here’s how:</li>
<li>Create a 114px x 114px icon image – this larger size makes sure the icon is sharp even in <a href="http://gizmodo.com/5557210/what-is-the-iphones-retina-display">Retina Display</a>. Save it out as a png and load it onto the server in either the root directory or images path.</li>
</ol>
Apple automatically generates rounded corners and adds a glossy semi-circle on top, if you like that use this code:<br />
<div>
<br />
<div>
<span class="Apple-style-span" style="background-color: #666666;"><link rel="apple-touch-icon" href="imagefoldername/my-custom-icon.png"/></span></div>
<div>
<br /></div>
<div>
If you hate glossy shine, tell Apple to step off with this code and your icon will remain how you designed it, but still :<br />
<br /></div>
<div>
<span class="Apple-style-span" style="background-color: #666666;"><link rel="apple-touch-icon-precomposed" href="imagefoldername/my-custom-icon.png"/></span><br />
<br />
Now you have a fully custom experience for your mobile website users!<br />
<br />
*Android users can add an icon to a screen that will directly link to a URL also, but the process is a little more complicated, so I am not sure how many users actually know it can be done. While iPhone users have a “Add to Home Screen” option in the same area as “Add Bookmark” while actually viewing a website, Android users can only add the icon from the actual screen. So the process is save a bookmark while viewing a website, then go to a screen that has an empty spot for an icon, long-press in that empty spot to open the “Add to Home Screen” option, choose “Shortcuts”, then “Bookmarks” and then pick the bookmark you just saved in your browser. Wow, that was long. But the good new is, for those users who actually go through this process, they will be fed the same custom icon from the code above as well.</div>
</div>
<div>
<br /></div>
<div>
Reference: <a href="http://www.uncorkedstudios.com/blog/2011/09/06/creating-a-custom-icon-for-the-add-to-home-screen-on-iphone/">Click here</a></div>
Achintha Gunasekarahttp://www.blogger.com/profile/14234285347304435086noreply@blogger.com0tag:blogger.com,1999:blog-1926865533890024952.post-30883662826296517622011-09-26T20:22:00.000-07:002011-09-26T20:22:14.322-07:00Welcome!Welcome to my IT blog. I'll be talking about my experiments and new findings over next few weeks. Also if I find any helpful tips to system administration, networking, programming or anything related to IT, I'd post it here. So visit sometime soon again!Achintha Gunasekarahttp://www.blogger.com/profile/14234285347304435086noreply@blogger.com0