Category: Linux

Posted on

Google Chrome OS – do we want another monoculture?

Google Chocolate Factory ?! wtf
Google Chocolate Factory

Yes, Google has open-sourced Chrome OS, its much discussed browser based operating system. But as usual, the open sourcing only says so much about its openness. Wait, no – its only open ‘on the hole’. After all, this isn’t something you can load on any PC. And it’s not much of an operating system. You can’t load local applications – not even one.

As part of its crusade to move more and more of our lives onto the web – and onto its own web services in particular  – Google has shunned the desktop entirely. And in doing so, it has shown a certain Apple-like quality: Like the Jobsian cult, Google is intent on tightly coupling hardware and software. The company – dare we say – is closing the market to certain hardware. Gasp.

But the ultimate irony is that after years of criticizing Microsoft for bundling its OS with its browser, Google has nearly made them one and the same. Yes, you can run third-party applications – but only web applications, online services of the sort offered most notably by, well, Google. And you certainly can’t use a third party browser.

More here.

Posted on

Network Throughput & Performance Testing

Iperf is a a modern alternative for measuring maximum TCP and UDP bandwidth performance. Iperf allows the tuning of various parameters and UDP characteristics and reports bandwidth, delay jitter and datagram (packet) loss. Ports of iperf are available for almost every OS. Iperf can be downloaded here.

Alternatively, using Netcat (NC) and a piping content to /dev/urandom (or /dev/zero) on a *nix box can create a testing environment.

Listen and pipe to /dev/null on one machine:

nc –l –p 777 | /dev/null

Connect and pipe 1 gig of random data on the other:

dd if=/dev/urandom bs=1M count=1024 | nc 192.168.1.5 777 –q 10

For real time stats use pipeviewer:

dd if=/dev/urandom bs=1M count=1024 | pv | nc 192.168.1.5 777 -q 10

The only bottleneck in this case would be /dev/urandom. Although a data source which is hard to compress makes sense when testing an unknown path, a less-expensive random number generator should be considered.

Posted on

Restore a single domain in Plesk 9.2.1 (Linux)

If you have correctly configured your Plesk backups, using the ‘pleskbackup’ command line utility then single domain restores don’t have to be complicated!

Note that this outline expects that you have a pleskbackup script similar to the following in place at /etc/cron.daily/z-plesk-backup:

echo Plesk Nightly Backup
echo
/bin/mv /psabu/dump6 /psabu/dump7
/bin/mv /psabu/dump5 /psabu/dump6
/bin/mv /psabu/dump4 /psabu/dump5
/bin/mv /psabu/dump3 /psabu/dump4
/bin/mv /psabu/dump2 /psabu/dump3
/bin/mv /psabu/dump1 /psabu/dump2
/usr/local/psa/bin/pleskbackup server --output-file=/psabu/dump1
echo
echo Backup File Sizes:
echo
/usr/bin/du -csh /psabu/dump*
echo
echo Backup Complete!

Restore Process

1. Make sure the domain you need to restore is not listed in the “Domains” list in Plesk.
Continue reading “Restore a single domain in Plesk 9.2.1 (Linux)”

Posted on

How do I remove a passphrase from an OpenSSL key?

Have you grown tired of typing your passphrase every time your secured application starts? You can decrypt your key, removing the passphrase requirement, using the rsa or dsa option, depending on the signature algorithm you chose when creating your private key.

If you created an RSA key and it is stored in a standalone file called key.pem, then here’s how to output a decrypted version of the same key to a file called newkey.pem.

# You'll be prompted for your passphrase one last time
openssl rsa -in key.pem -out newkey.pem

Often, you’ll have your private key and public certificate stored in the same file. If they are stored in a file called         mycert.pem, you can construct a decrypted version called newcert.pem in two steps.

# You'll need to type your passphrase once more
openssl rsa -in mycert.pem -out newcert.pem
openssl x509 -in mycert.pem >>newcert.pem

More helpful instructions on OpenSSL certificate, CA and key management can be found here.

Posted on

Layer Four Traceroute (LFT) and WhoB

LFT, short for Layer Four Traceroute, is a ‘traceroute’ application that works much faster than traditional Linux (traceroute) and Windows (tracert) options and can bypass restrictive packet-filters (firewalls). More importantly, LFT implements numerous other features including AS number lookups, loose source routing and netblock name lookups.

What makes LFT unique? LFT is the all-in-one traceroute tool because it can launch a variety of different probes using ICMP, UDP, and TCP protocols, or the RFC1393 trace method. For example, rather than only launching UDP probes in an attempt to elicit ICMP “TTL exceeded” from hosts in the path, LFT can send TCP SYN or FIN probes to target arbitrary services. Then, LFT listens for “TTL exceeded” messages, TCP RST (reset), and various other interesting heuristics from firewalls or other gateways in the path. LFT also distinguishes between TCP-based protocols (source and destination), which make its statistics slightly more realistic, and gives a savvy user the ability to trace protocol routes, not just layer-3 (IP) hops. With LFT’s verbose output, much can be discovered about a target network.

Here’s example output from LFT:

[root@server src]# lft -e -A -N -s 2222 -d 80 -m 2 -M 2 -a 5 -c 20 -t 800 -H 30 www.google.com
Tracing ............*****.........................T
TTL LFT trace to hkg01s01-in-f103.1e100.net (64.233.189.103):80/tcp
1 [2XXX] [MY-AS] core-rtr1.myserver.net (200.0.0.1) 0.7/0.8ms
2 [4750] [csloxinfo-th] wan-mywan.net (203.0.0.9) 13.0/13.1ms
3 [4750] [csloxinfo-th] ge-1-1-CT45.csloxinfo.net (203.146.11.205) 13.4/13.4ms Continue reading "Layer Four Traceroute (LFT) and WhoB"