tag:blogger.com,1999:blog-98578192024-03-13T11:32:54.345+08:00Response.Write()cerita-cerita...Unknownnoreply@blogger.comBlogger24125tag:blogger.com,1999:blog-9857819.post-79258246966858222992017-05-01T01:00:00.000+08:002017-05-01T01:00:45.480+08:00Remote support service for Open Source operating system and softwareIf you are having issues with Linux and Open Source software, and require assistance or guidance, I can help you with minimal fee. I'm also providing system consultation if you are planning to deploy Open Source solution. Do contact me at email sharuzzaman@gmail.com<br />
<br />
Some of the software that I'm capable of supporting or consulting:<br />
<ol>
<li>Linux (Debian, Ubuntu, CentOS, RHEL)</li>
<li>Webserver (Apache httpd, nginx)</li>
<li>SSL certificate purchasing and deployment</li>
<li>BackupPC desktop backup</li>
<li>Puppet and Ansible</li>
<li>Squid proxy</li>
<li>pfSense</li>
<li>Mail server solution (postfix, dovecot, spamassassin)</li>
<li>Shell scripting</li>
</ol>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-9857819.post-74792103868634096372016-07-31T01:27:00.001+08:002016-07-31T01:27:36.770+08:00Generating random password with BashIf you want to create secure and random password, you can install several software that can help you, such as:<br />
<br />
<ol>
<li>makepasswd</li>
<li>passwordmaker-cli</li>
<li>apg</li>
<li>pwgen</li>
</ol>
But, what if you don't want to install all this software, and using your Bash shell instead.<br />
<br />
You can actually do that.<br />
<br />
The command that I commonly use to generate secure and random password is below:<br />
<br />
<span style="font-family: "Courier New",Courier,monospace;">cat /dev/urandom | base64 | head -n1|tr -cd '[:alnum:]'|cut -c-16</span><br />
<br />
This command will generate password with 16 character. If you want it to be longer or shorter, change the last number. Beware that password less than 8 characters can be bruteforced fairly easily with modern hardware.<br />
<br />
There are other method that use date +%s as the input source, but I would not recommend it because the number is too predictable. If a hacker knows that you generate password using the date method, he can quickly build a dictionary of password with different length and start bruteforcing your site with the dictionary.<br />
<br />
Please test the command above, and leave comment if you have any question.<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-9857819.post-55706890913889387272015-10-20T02:19:00.000+08:002015-10-20T03:06:33.882+08:00Using Pageant with Cygwin SSH, error with ssh-dss keyRecently, I tried to configure Cygwin SSH to use Pageant. No big issue, just launch the Cygwin installer, and look for package named <span style="font-family: "Courier New",Courier,monospace;">ssh-pageant</span><br />
<br />
After installation, execute Pageant on your Windows computer, and load the required SSH key<br />
<br />
Then in your Cygwin terminal, execute the following command:<br />
<br />
<span style="font-family: "Courier New",Courier,monospace;">$ `ssh-pageant`</span><br />
<br />
Make sure the backtick is included in the command<br />
<br />
Then try to SSH to your server using the command<br />
<br />
<span style="font-family: "Courier New",Courier,monospace;">$ ssh -A root@yourserver.com</span><br />
<br />
If you are getting a password prompt, you are facing the same problem that I got.<br />
<br />
The main issue here is the version of SSH included in latest Cygwin is version 7 or higher. Version 7 have deprecated the support for <span style="font-family: "Courier New",Courier,monospace;">ssh-dss</span>, which is used by Puttygen<br />
<br />
To check if you are indeed being restricted to use <span style="font-family: "Courier New",Courier,monospace;">ssh-dss</span> key, SSH again to your server, but this time add <span style="font-family: "Courier New",Courier,monospace;">"v"</span> to the option so that you can see what happening during the connection:<br />
<br />
<span style="font-family: "Courier New",Courier,monospace;">$ ssh -Av root@yourserver.com</span><br />
<br />
You will see this line:<br />
<br />
<span style="font-family: "Courier New",Courier,monospace;">debug1: Skipping ssh-dss key imported-openssh-key for not in PubkeyAcceptedKeyTypes</span><br />
<br />
To overcome this issue, just create a file call config in ~/.ssh<br />
<br />
<span style="font-family: "Courier New",Courier,monospace;">$ touch ~/.ssh/config</span><br />
<br />
Edit the content of the file to include this line:<br />
<br />
<span style="font-family: "Courier New",Courier,monospace;">Host *<br /> PubkeyAcceptedKeyTypes +ssh-dss</span><br />
<br />
Try to SSH to your server again, you should now be able to login without any prompt asking for password, as the key required is being supplied by Pageant.<br />
<br />
Hope this solve your problem.<br />
<br />
Reference for this issue was obtained from: <a href="http://blog.ayrtonaraujo.net/2015/09/using-openssh-7-0-with-legacy-ssh-implementations/">http://blog.ayrtonaraujo.net/2015/09/using-openssh-7-0-with-legacy-ssh-implementations/</a><br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-9857819.post-38026973572846264802015-07-01T16:43:00.000+08:002015-07-01T16:49:45.470+08:00HP ServiceGuard command listRecently, I'm doing more work on HP-UX and the HP ServiceGuard, a high-availability cluster software produced by HP that runs on HP-UX and Linux.<br />
<br />
Here are the command that I frequently use. The list is not final, and I will keep updating it.<br />
<br />
Halt cluster<br />
<code>cmhaltcl</code><br />
<br />
Shutdown package<br />
<code>cmhaltpkg [package name]</code><br />
<br />
Get the cluster config<br />
<code>cmquerycl -q [quorum server] -C /home/user/cmclconfig.ascii -n [node1] -n [node2]</code><br />
<br />
Get the quorum server<br />
<code>cd /etc/cmcluster grep QS_HOST *</code><br />
<br />
Apply configuration<br />
<code>cmapplyconf -v -C /etc/cmcluster/cmclconfig.ascii</code><br />
<br />
Start cluster<br />
<code>cmruncl</code><br />
<br />
Node join cluster<br />
<code>cmrunnode</code><br />
<br />
Check cluster package<br />
<span style="font-family: "Courier New",Courier,monospace;">cmviewcl </span>- view information about a high availability cluster<br />
<br />
Bring up cluster<br />
<span style="font-family: "Courier New",Courier,monospace;">cmrunnode [node1] [node2] [node3] [node4]</span><br />
<ul></ul>
<span style="font-family: "Courier New",Courier,monospace;">cmrunpkg</span><br />
<br />
<span style="font-family: "Courier New",Courier,monospace;">cmhaltnode</span>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-9857819.post-12227330142981660192013-10-31T14:46:00.000+08:002013-10-31T14:46:51.630+08:00Howto: Calculate exponent or power in BashI have been looking on how to calculate exponent or power in Bash, but most website or blog will show the calculation by using bc (a command line calculator)<br />
<br />
I prefer not to use bc in my script, as it is a dependency to another application.<br />
<br />
Luckily, I found this blog after searching the Internet for few hours. <a href="http://blog.sanctum.geek.nz/calculating-with-bash/">http://blog.sanctum.geek.nz/calculating-with-bash/</a><br />
<br />
In essence, if you want to calculate exponent or power in Bash, just use this notation:<br />
<br />
<span style="font-family: "Courier New",Courier,monospace;">**</span><br />
<br />
Example:<br />
Gigabyte is 1024^3. In bash notation:<br />
<br />
<span style="font-family: "Courier New",Courier,monospace;">gigabytes=$((bytes / (1024**3)))<br />
<br />
[user@server]$ </span><span style="font-family: "Courier New",Courier,monospace;">echo $((10737418240/(1024**3)))<br />
10</span><br />
<br />
Bear in mind that bash calculation only return round number.<br />
<br />
Happy scripting :) Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-9857819.post-91372472138772022422013-08-22T12:47:00.002+08:002013-08-22T20:54:25.684+08:00Howto: Extract all email address from Google ContactsLet's say you want to extract all email address from your contacts in Google Contacts, and export it somewhere else. Yes you can just export the CSV file, and then upload. The other service will do the import and cleanup for you. But, if you just want to share the email address, why give them other info that they are not suppose to have?<br />
<br />
OK. Here are the steps to only extract email address using command line. I'm using Cygwin, but it should be similar if you are using Linux or other Unix-based operating system.<br />
<br />
Follow this steps:<br />
<br />
1. Select Contacts in Gmail<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-FaS9J5wQhns/UhWOZE5Ov7I/AAAAAAAAAuk/tYd4LRzDv_o/s1600/selectcontacts.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-FaS9J5wQhns/UhWOZE5Ov7I/AAAAAAAAAuk/tYd4LRzDv_o/s1600/selectcontacts.png" /></a></div>
<br />
2. Your contacts will be shown. Click More > Export<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-PYnWoYaZDXo/UhWPDs0vsmI/AAAAAAAAAuo/UOqA91QYNzs/s1600/moreexport.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-PYnWoYaZDXo/UhWPDs0vsmI/AAAAAAAAAuo/UOqA91QYNzs/s1600/moreexport.png" /></a></div>
<br />
<br />
3. Select All Contacts and Google CSV format, then click Export<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-KJeLfzY1vEg/UhWPiLw5CHI/AAAAAAAAAuw/7bpW5mteCjA/s1600/exportcontacts.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="199" src="http://3.bp.blogspot.com/-KJeLfzY1vEg/UhWPiLw5CHI/AAAAAAAAAuw/7bpW5mteCjA/s320/exportcontacts.png" width="320" /></a></div>
<br />
<br />
4. Save the file somewhere. I save it in C:\google.csv . If you are using Cygwin, the file is accessible using the path \cygdrive\c\google.csv<br />
<br />
5. Now come the interesting part, to extract the email address. The data is separated by comma, and we don't really know which column holds the email address. So we must iterate all column, and extract anything that resembles an email address. Here is the command:<br />
<br />
<span style="font-family: "Courier New",Courier,monospace;">$ grep @ google.csv | awk -F, '{for(i=1;i<=NF;i++) if ($i ~ /@.*\./) {printf "%s\n", $i};}' | awk -F" ::: " '{for (i=1;i<=NF;i++) {print $i};}' |sort |uniq</span><br />
<br />
6. Let's break the command apart<br />
<br />
7. <span style="font-family: "Courier New",Courier,monospace;">grep @ google.csv</span><br />
<br />
This command will get line that contain "@" character. The result is lines that contain "@", with multiple column, separated by comma ","<br />
<br />
8. <span style="font-family: "Courier New",Courier,monospace;">awk -F, '{for(i=1;i<=NF;i++) if ($i ~ /@.*\./) {printf "%s\n", $i};}'</span><br />
<br />
This command let awk know that the field separator is comma (-F,). It will loop through all the field <span style="font-family: "Courier New",Courier,monospace;">(for(i=1;i<=NF;i++)).</span> If that field match an email pattern <span style="font-family: "Courier New",Courier,monospace;">($i ~ /@.*\./)</span>, it will print that field.<br />
<br />
9. <span style="font-family: "Courier New",Courier,monospace;">awk -F" ::: " '{for (i=1;i<=NF;i++) {print $i};}'</span><br />
<br />
Some of the field will have multiple email address separated by " ::: ", because it groups the email address together. This command will split the field using " ::: " separator <span style="font-family: "Courier New",Courier,monospace;">(-F" ::: ")</span> then loop through each field, and print each of them<br />
<br />
10. <span style="font-family: "Courier New",Courier,monospace;">sort</span><br />
<br />
This command will sort the output<br />
<br />
11. <span style="font-family: "Courier New",Courier,monospace;">uniq</span><br />
<br />
This command will remove any duplicates.<br />
<br />
12. In the end you will get a list of emails. But, you must understand that the output might not be 100% clean. Some of your contact might put their email with their name, or the note area of your contact might contain additional information that resembles email. You need to clean up your output, but the effort will be small.<br />
<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-9857819.post-30170206373052176112013-04-04T13:11:00.000+08:002013-04-04T17:42:21.451+08:00How To: Boot from USB drive even if your BIOS won't let youThis post is a continuation from my post about <a href="http://sharuzzaman.blogspot.com/2013/01/how-to-easy-centos-63-installation.html" target="_blank">How To: Easy CentOS 6.3 installation using USB thumb drive</a><br />
<br />
After I finished setting up the USB thumb drive, one of the machine that I'm going to install did not allow me to boot from USB, because the BIOS did not support that capability.<br />
<br />
As I'm not going to burn the CentOS 6.3 Installer ISO into a CD-RW, just for this machine, I searched the Internet to find solution to this problem. And I found it.<br />
<br />
The solution is called <a href="http://www.plop.at/en/plopkexec.html" target="_blank">plopKexec</a>. This software, when you boot from the CD drive, will search if there are any USB drive attached to the system, and will try to load the Linux bootloader from that drive.<br />
<br />
<b>How to use it:</b><br />
<br />
<ol>
<li>Visit the URL <a href="http://www.plop.at/en/plopkexec.html">http://www.plop.at/en/plopkexec.html</a></li>
<li>Click on Download</li>
<li>Dowload the plopkexec.iso file</li>
<li>Burn the ISO file into CD-R or CD-RW</li>
</ol>
On the computer that you want to install using USB drive<br />
<ol>
<li>Plug in your USB drive into any USB port</li>
<li>Put the plopkexec CD into the CD drive</li>
<li>Power on your computer</li>
<li>The CD will boot, an the menu from your USB thumb drive will shown</li>
<li>Select <b>"Install or upgrade an existing system"</b> and continue installing CentOS 6.3 as normal</li>
</ol>
Here's the screenshot of plopkexec loading the GRUB menu from my USB thumb drive<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-ZNoW0bk0-_s/UV0KJYMt03I/AAAAAAAAAkc/NqKRgcEyzR8/s1600/plopkexec.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="220" src="http://4.bp.blogspot.com/-ZNoW0bk0-_s/UV0KJYMt03I/AAAAAAAAAkc/NqKRgcEyzR8/s400/plopkexec.png" width="400" /></a></div>
<br />
That's it.<br />
<br />
Simple way to solve your USB booting issue :) <br />
<br />
Please leave comment if this solution have helped you.<br />
<br />
Thanks.Unknownnoreply@blogger.com3tag:blogger.com,1999:blog-9857819.post-17707164208403562852013-01-03T12:26:00.001+08:002013-01-03T17:00:05.468+08:00How To: Easy CentOS 6.3 installation using USB thumb driveRecently, I need to do <a href="http://www.centos.org/" target="_blank">CentOS</a> 6.3 installation on two machine that could be 32-bit or 64-bit processor. I have downloaded the minimal install ISO for both architecture, but I thought it could be a waste to burn multiple CD-RW, just to use it maybe only once.<br />
<br />
Then, I search the Internet on the simplest and easiest way to install CentOS 6.3 by using USB thumb drive. After learning from few website, and facing some trouble, this post will teach you the simplest and easiest way.<br />
<br />
<b>What you will require:</b><br />
<ol>
<li>Minimal install ISO for CentOS 6.3. Get it from your local mirror.</li>
<li>USB thumb drive - must be bigger that the size of the ISO. For minimal install, 1GB is good enough.</li>
<li><a href="http://unetbootin.sourceforge.net/" target="_blank">UNetbootin</a> software - I download the Windows version, because my work laptop is Windows</li>
</ol>
The instruction given here is by using Windows. If you use Linux, you need to find out how to format the USB thumb drive in FAT32 <br />
<br />
<b>How to do it:</b><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-JOVE7-mKHa4/UOUFs61SaRI/AAAAAAAAAis/ia_AYBo99Wg/s1600/format.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="386" src="http://4.bp.blogspot.com/-JOVE7-mKHa4/UOUFs61SaRI/AAAAAAAAAis/ia_AYBo99Wg/s400/format.png" width="400" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-61c6AVz2NUA/UOUGPnZjJAI/AAAAAAAAAi0/Lc2A63fnNno/s1600/format2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://3.bp.blogspot.com/-61c6AVz2NUA/UOUGPnZjJAI/AAAAAAAAAi0/Lc2A63fnNno/s400/format2.png" width="230" /></a></div>
<br />
<b>Format the USB thumb drive </b><br />
<ol>
<li>Plug your USB thumb drive into the USB port on your Windows laptop/PC</li>
<li>Your USB thumb drive should be detected, or a pop-up will say that your USB thumb drive is not formatted.</li>
<li>If detected, say drive F:, right click and select Format</li>
<li>If you got pop-up in step 2, proceed with Format</li>
<li>Select FAT32 as file system.</li>
<li>Tick Quick Format as format option</li>
<li>Click Start</li>
<li>Your USB thumb drive will be formatted with FAT32 </li>
</ol>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-zjWI2dOtXXE/UOUG0KisojI/AAAAAAAAAi8/az6uTB4SiKs/s1600/unetbootin.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="292" src="http://4.bp.blogspot.com/-zjWI2dOtXXE/UOUG0KisojI/AAAAAAAAAi8/az6uTB4SiKs/s400/unetbootin.png" width="400" /></a></div>
<br />
<b>Transfer ISO content to USB thumb drive using UNetbootin</b><br />
<ol>
<li>Download and launch UNetbootin</li>
<li>Select Diskimage and click the ". . ." button. Find the ISO and click Open</li>
<li>Make sure Type is USB drive and the Drive letter is what your Windows detect.</li>
<li>Click OK</li>
<li>Your ISO content will be copied to USB thumb drive</li>
</ol>
It actually did not end here. If you proceed with installation by using the USB thumb drive, the installer will say that it cannot find the ISO image.<br />
<br />
<b>Follow this instruction: </b><br />
<ol>
<li>Copy the ISO file that you use with UNetbootin to the root of the USB thumb drive, eg. the ISO file should be F:\CentOS-6.3-i386-minimal.iso</li>
</ol>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-5ZGcQ_iVVmc/UOUHV2cR3uI/AAAAAAAAAjE/G4RjTOoExp0/s1600/isoinusb.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="313" src="http://3.bp.blogspot.com/-5ZGcQ_iVVmc/UOUHV2cR3uI/AAAAAAAAAjE/G4RjTOoExp0/s400/isoinusb.png" width="400" /></a></div>
<br />
<br />
Now, proceed to boot up the machine that you want to install with CentOS 6.3 with your USB thumb drive. Make sure the machine BIOS support booting up from USB.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-EI5tkCODH30/UOVHwG0iN5I/AAAAAAAAAjU/7TK-H5uJlac/s1600/usb.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="221" src="http://3.bp.blogspot.com/-EI5tkCODH30/UOVHwG0iN5I/AAAAAAAAAjU/7TK-H5uJlac/s400/usb.png" width="400" /></a></div>
<br />
During installation, you will be asked where to find the installation image, select from hard disk.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-PfJ1DTiQ2fc/UOVIf7aiXHI/AAAAAAAAAjc/4qn1D4VZfOc/s1600/installerpartition.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="221" src="http://4.bp.blogspot.com/-PfJ1DTiQ2fc/UOVIf7aiXHI/AAAAAAAAAjc/4qn1D4VZfOc/s400/installerpartition.png" width="400" /></a></div>
<br />
When asked for partition that hold the image, just select OK.<br />
<br />
That's it. If you have any issue, please leave a comment.<br />
<br />
Thanks :)Unknownnoreply@blogger.com2tag:blogger.com,1999:blog-9857819.post-32128027760010055122012-10-30T14:30:00.001+08:002012-10-30T14:32:45.485+08:00Putty, Xming, CentOS X Forwarding not workingIf you are using Putty to forward your X session on CentOS Linux, make sure you have this requirement.<br />
<br />
<u><b>Putty</b></u><br />
<br />
Make sure Enable X11 Forwarding is enabled<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-vjGexF04FjU/UI9yYKrBGnI/AAAAAAAAAiM/4k6E7T7woi4/s1600/enable_x_forwarding.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-vjGexF04FjU/UI9yYKrBGnI/AAAAAAAAAiM/4k6E7T7woi4/s1600/enable_x_forwarding.png" /></a></div>
<br />
<br />
<u><b>CentOS</b></u><br />
<br />
Make sure package <span style="font-family: "Courier New",Courier,monospace;">xorg-x11-xauth</span> is installed. <b><span style="color: red;">This is very important</span></b><br />
<br />
<u><b>Xming</b></u><br />
<br />
No special setting required. Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-9857819.post-59507548129476807982011-10-03T11:21:00.000+08:002011-10-03T11:21:08.776+08:00How to to list all packages by size for RPM and DEBYou might be experiencing an issue where you don't have enough space for "/" in your server. Usually, the biggest thing that consume the space is your software installed in the server.<br />
<br />
So, for sure you want to remove the biggest software package installed on the server to recover back the space.<br />
<br />
The question is, how do you list all packages installed and sort it by size?<br />
<br />
I found the answer from this website: <a href="http://www.pixelbeat.org/docs/packaging.html">http://www.pixelbeat.org/docs/packaging.html</a><br />
<br />
The command that you should use is:<br />
<br />
For RPM:<br />
<div style="font-family: "Courier New",Courier,monospace;">
rpm -q -a --qf '%10{SIZE}\t%{NAME}\n' | sort -k1,1n</div>
<br />
For DEB:<br />
<div style="font-family: "Courier New",Courier,monospace;">
dpkg-query -W --showformat='${Installed-Size;10}\t${Package}\n' | sort -k1,1n</div>
<br />
That's all. Remove the package by using Yum or Aptitude so that they can automatically find the correct dependencies for the removed package.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-9857819.post-15205900108828150522011-08-26T12:53:00.000+08:002011-08-26T12:53:22.346+08:00Check machine firewall if you are configuring network firewallI have wasted 2 days of my time trying to figure out what is really happening with my firewall config. The story is like this. I tried to configure a 3 NIC firewall machine for my office using Shorewall. For the DMZ zone, I put a test machine with Apache HTTPD installed to test if I can connect to it. With example from this site: <a href="http://www.shorewall.net/three-interface.htm">http://www.shorewall.net/three-interface.htm</a> . I can have my laptop in the local area to surf the Internet by configuring NAT/MASQ. I can SSH to the test web server, I can ping the server, but what really bugging me is that I cannot access the test web page hosted on the server.<br />
<br />
When I tried to connect from firewall to the web server in DMZ by using links/elinks, the application returned error "No route to host". Weird. I tried to check my routing table, and search the Internet for clue. Tried to play around with default gateway for the DMZ, but in the end, I still cannot connect to the web server.<br />
<br />
I even scrapped the whole thing and start again from scratch by following the example from this website: <a href="http://wiki.debian.org/HowTo/shorewall">http://wiki.debian.org/HowTo/shorewall</a> . Still cannot access.<br />
<br />
Then, while searching for solution on the Internet again, I found a forum that ask a poster whether the firewall on the machine itself is turned on. That struck me like lightning. I straight away SSH to the web server in the DMZ and issue the command "service iptables stop".<br />
<br />
Going back to my laptop and hit refresh in the web browser, voila!! The page is there!!<br />
<br />
I slapped my forehead 3 times for this silly mistake :D<br />
<br />
So, moral of the story, if you are configuring firewall for your network, make sure you turn off firewall on the machine so that you are not being fooled into thinking that your firewall configuration is problematic.<br />
<br />
2 day wasted, but really priceless experienced learned :)<br />
<br />
By the way, <a href="http://www.shorewall.net/">Shorewall </a>really rocks :)Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-9857819.post-33755586648286182852011-08-02T15:50:00.000+08:002011-08-02T15:50:06.442+08:00SSH reverse tunnel one way connection with HTTP proxyWow.. the title is so long. But I think I need to title this post like that so that Google or other search engine can find it easily.<br />
<br />
Now, let's proceed with the blog post.<br />
<br />
Consider this scenario:<br />
<ul>
<li>You need to connect to a CentOS Linux server on your customer's data center</li>
<li>The server outgoing connection is blocked by external firewall beyond your control, which means you cannot SSH to other server on the Internet</li>
<li>You need to update the software installed on the server by using Yum</li>
<li>You are connected to the CentOS Linux server by using Windows desktop and Putty </li>
</ul>
How are you going to solve the issue?<br />
<br />
Most solution on the Internet shows the SSH reverse tunnel method with the assumption that you can SSH to external server on the Internet, and use that tunnel to forward whatever port that you want to use. That might not always be the case.<br />
<br />
This is the solution that I have created that will show you how to solve the scenario above. It will require:<br />
<ol>
<li>Windows desktop</li>
<li>Putty SSH client</li>
<li>AnalogX proxy </li>
</ol>
The idea is to create port 8080 on CentOS Linux server, that will be forwarded to the Windows desktop on port 6588. AnalogX will use the port 6588 to proxy the Internet connection on the Windows desktop.<br />
<br />
So, how to configure this stuff?<br />
<br />
<b>1. Configure Putty</b><br />
<br />
Launch your Putty SSH client and click <span style="font-family: "Courier New",Courier,monospace;">Session</span>. Fill in your CentOS Linux server domain name or IP address. Make sure the port is correct.<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-qke31zaFXb8/Tjed2c0cZbI/AAAAAAAAAXQ/eNhqrrjYiOE/s1600/putty_configuration.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-qke31zaFXb8/Tjed2c0cZbI/AAAAAAAAAXQ/eNhqrrjYiOE/s1600/putty_configuration.jpg" /></a></div>
<br />
Now, click <span style="font-family: "Courier New",Courier,monospace;">Tunnels </span>under <span style="font-family: "Courier New",Courier,monospace;">SSH </span>under <span style="font-family: "Courier New",Courier,monospace;">Connection</span>. Fill in the information as in the image below. Make sure you select the <span style="font-family: "Courier New",Courier,monospace;">Remote </span>option. Click <span style="font-family: "Courier New",Courier,monospace;">Add</span>.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-PDJJj9koCsc/Tjeek1xKS9I/AAAAAAAAAXU/TrFZ4AYDjso/s1600/ssh_port_forwarding.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-PDJJj9koCsc/Tjeek1xKS9I/AAAAAAAAAXU/TrFZ4AYDjso/s1600/ssh_port_forwarding.jpg" /></a></div>
<br />
After you click <span style="font-family: "Courier New",Courier,monospace;">Add</span>, your setting will be like this image.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-XL7yIA1vBTE/TjefB7WnUrI/AAAAAAAAAXY/AjBogK2QOYI/s1600/ssh_port_forwarding_finish.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-XL7yIA1vBTE/TjefB7WnUrI/AAAAAAAAAXY/AjBogK2QOYI/s1600/ssh_port_forwarding_finish.jpg" /> </a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Now, click <span style="font-family: "Courier New",Courier,monospace;">Open</span>, and login to the server as root. If you run the command</div>
<div class="separator" style="clear: both; text-align: left;">
</div>
<div style="font-family: "Courier New",Courier,monospace;">
# netstat -nap |grep 8080</div>
<br />
you will found out that port 8080 is available on the server and in <span style="font-family: "Courier New",Courier,monospace;">LISTEN </span>mode, as shown in the image below.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-ZU2ZVrKyTaM/TjegfVeIvbI/AAAAAAAAAXc/W42PGY9pqRU/s1600/netstat.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="313" src="http://4.bp.blogspot.com/-ZU2ZVrKyTaM/TjegfVeIvbI/AAAAAAAAAXc/W42PGY9pqRU/s640/netstat.jpg" width="640" /></a></div>
<br />
Left it there for a moment, while we setup the AnalogX proxy.<br />
<br />
<br />
<b>2. AnalogX proxy</b><br />
<br />
AnalogX proxy is a freeware simple proxy software for Windows. You can download the software from its website at <a href="http://analogx.com/contents/download/Network/proxy/Freeware.htm">http://analogx.com/contents/download/Network/proxy/Freeware.htm</a><br />
<br />
Install the software as normal, and launch it after installation. You will see the AnalogX proxy icon on your Windows taskbar.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-0itLAl7T_bA/TjeiT19CpxI/AAAAAAAAAXg/-zRMnwljhbc/s1600/analogx_taskbar.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="45" src="http://1.bp.blogspot.com/-0itLAl7T_bA/TjeiT19CpxI/AAAAAAAAAXg/-zRMnwljhbc/s640/analogx_taskbar.jpg" width="640" /></a></div>
<br />
Right click the icon, and click Configure. You will be shown the configuration as below. Make sure at least HTTP is ON.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-9ohJupqnd-4/TjeitsCBvsI/AAAAAAAAAXk/bRDJ2m4Sz7A/s1600/analogx_configure.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-9ohJupqnd-4/TjeitsCBvsI/AAAAAAAAAXk/bRDJ2m4Sz7A/s1600/analogx_configure.jpg" /> </a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
With AnalogX proxy running, you have establish outgoing connection from the Linux server to your desktop by using SSH tunnel.</div>
<div class="separator" style="clear: both; text-align: left;">
</div>
<div class="separator" style="clear: both; text-align: left;">
</div>
<div class="separator" style="clear: both; text-align: left;">
</div>
<div class="separator" style="clear: both; text-align: left;">
</div>
<div class="separator" style="clear: both; text-align: left;">
</div>
<b>3. Configure Yum</b><br />
<br />
Now, in order to update the software installed on the Linux server, Yum must know how to connect to the Yum repositories that contain updates.<br />
<br />
Luckily, Yum only need to know the http proxy available, and an update can be performed easily.<br />
<br />
To make Yum use http proxy, type this command as root<br />
<br />
<div style="font-family: "Courier New",Courier,monospace;">
# export http_proxy=http://localhost:8080</div>
<br />
This command will configure system-wide proxy setting for the Linux server.<br />
<br />
When you issue the command<br />
<br />
<div style="font-family: "Courier New",Courier,monospace;">
# yum check-update</div>
<br />
Yum will use the http proxy connection that you have created through SSH tunnel from your Windows desktop, to the AnalogX proxy running on your desktop, to the Internet.<br />
<br />
<br />
<b>Conclusion</b><br />
The solution that I have created above will help you to achieve your goal to update the CentOS Linux server with the latest update. This setup will also work for apt tools in Debian and Debian-derivatives<br />
<br />
If you are using Linux desktop, you can change AnalogX proxy with 3proxy, Squid, or nginx. The SSH remote port can be configured by using simple SSH options. The details is for you to figure out ;)<br />
<br />Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-9857819.post-8249691772648596162011-01-28T16:42:00.001+08:002011-03-29T23:14:42.959+08:00Dan Pink on the surprising science of motivationThis talk is good and so true, you need to watch it yourself. And then try it at your organization (if you are the boss), or promote it at your organization (if you are the worker)<br />
<br />
<a href="http://www.ted.com/talks/lang/eng/dan_pink_on_motivation.html">http://www.ted.com/talks/lang/eng/dan_pink_on_motivation.html</a>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-9857819.post-48733029231606465202010-10-01T17:39:00.001+08:002010-10-01T17:39:48.743+08:00Several important Bash shortcutI've been using Bash a lot, and sometimes when typing long command line, having to press the arrow button multiple times to go to the first character is very tiring.<br />
<br />
This are few important shortcut that I start to use:<br />
<br />
<span style="font-size: large;">Ctrl + a - Jump to the start of the line<br />Ctrl + e - Jump to the end of the line<br />Alt + d - Delete word<br />Alt + f - Move forward a word, where a word is composed of letters and digits</span><br />
<span style="font-size: large;">Alt + b - Move backward a word</span><br />
<br />
More info from this blogpost : <a href="http://linuxhelp.blogspot.com/2005/08/bash-shell-shortcuts.html">http://linuxhelp.blogspot.com/2005/08/bash-shell-shortcuts.html</a><br />
<br />
Or from Bash Reference Manual regarding Readline Movement : <a href="http://www.gnu.org/software/bash/manual/bashref.html#Readline-Movement-Commands">http://www.gnu.org/software/bash/manual/bashref.html#Readline-Movement-Commands</a>Unknownnoreply@blogger.com2tag:blogger.com,1999:blog-9857819.post-70881714597649171922010-06-24T21:47:00.000+08:002010-06-24T21:47:05.255+08:00Looking for undergraduates that interested to learn and practicing PHP and MySQLHi all,<br /><br />I'm looking for undergraduates in IPTA/IPTS, preferably
between 1st year to 3rd year, that are interested to learn and practice
PHP and MySQL.<br /><br />The undergraduates should be studying around Klang
Valley for logistics reason.<br />
<br />The requirement is, they will be assigned a task or mini project,
and they will learn on their own what ever topic needed in PHP and MySQL
in order to complete the task or the mini project.<br /><br />If they
manage to complete the mini project, which I expected to be around 1
month depending on complexity, they will be rewarded with cash. The
amount will be informed before the task start.<br />
<br />During the project, I will be available for consultation, and I
expect the candidate to have a face-to-face discussion about the project
progress with me, preferably once a week.<br /><br />At the end of the
project, the whole code and documentation will become my intellectual
property, but they are allowed to quote the project name and knowledge
that they have gained for their own curricular vitae.<br />
<br />If you an undergraduate and you are interested, please send your
curricular vitae to my email at <a href="mailto:sharuzzaman@gmail.com" target="_blank">sharuzzaman@gmail.com</a><br /><br />If you know any
undergraduate that would be interested, please forward them this info,
and ask them to send their curricular vitae to my email above.<br />
<br />Thanks.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-9857819.post-81618646494602460642010-05-20T18:09:00.001+08:002010-05-21T09:51:57.222+08:00Suppressing getopts unknown option error message in kshI'm writing a new ksh (Korn Shell) script today. Before this, I only write bash script, and I believe the knowledge that I gain today will be valuable to a lot of people.<br />
<br />
When I'm trying to use getopts in ksh, the script complain that there are "unknown option" after I put some option that are not available.<br />
<br />
Let see the code, and the way it respond.<br />
<br />
<span style="font-family: "Courier New",Courier,monospace;">user@computer $ cat -n getopts.sh</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> 1 #!/bin/ksh</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> 2</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> 3 while getopts "h" arg</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> 4 do</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> 5 case $arg in</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> 6 h)</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> 7 echo "Help!"</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> 8 ;;</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> 9 ?)</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> 10 echo "Others"</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> 11 ;;</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> 12 esac</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> 13 done</span><br />
<br />
<span style="font-family: "Courier New",Courier,monospace;">user@computer $ ./getopts.sh -h</span><br />
<span style="font-family: "Courier New",Courier,monospace;">Help!</span><br />
<br />
<span style="font-family: "Courier New",Courier,monospace;">user@computer $ ./getopts.sh -a</span><br />
<span style="font-family: "Courier New",Courier,monospace;">./getopts.sh[13]: -a: unknown option</span><br />
<span style="font-family: "Courier New",Courier,monospace;">Others</span><br />
<br />
I expect when I put the option "-a", the script will just output "Others" without any issue. But it does not. Something is not correct with the code.<br />
<br />
Searching the Internet for answer, I found this very informative site: <a href="http://aplawrence.com/Unix/getopts.html">http://aplawrence.com/Unix/getopts.html</a><br />
<br />
At first read, the site did not specifically mentioned that you have to put leading ":" to suppress the errors, but after reading it the second time, I got the idea, especially after reading this word:<br />
<br />
<blockquote>
<i>The leading ":" works like it does in "getopt" to suppress
errors</i></blockquote>
<br />
So, to solve the issue, some minor modification has to be done to the script above. Let see the updated script and the output after the modification.<br />
<br />
<span style="font-family: "Courier New",Courier,monospace;">user@computer $ cat -n getopts.sh</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> 1 #!/bin/ksh</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> 2</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> 3 <b>while getopts ":h" arg</b></span><br />
<span style="font-family: "Courier New",Courier,monospace;"> 4 do</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> 5 case $arg in</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> 6 h)</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> 7 echo "Help!"</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> 8 ;;</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> 9 ?)</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> 10 echo "Others"</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> 11 ;;</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> 12 esac</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> 13 done</span><br />
<br />
<span style="font-family: "Courier New",Courier,monospace;">user@computer $ ./getopts.sh -h</span><br />
<span style="font-family: "Courier New",Courier,monospace;">Help!</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> </span><br />
<span style="font-family: "Courier New",Courier,monospace;">user@computer $ ./getopts.sh -a</span><br />
<span style="font-family: "Courier New",Courier,monospace;">Others</span><br />
<br />
<br />
Voila! The problem solved :)<br />
<br />
Happy scripting :)Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-9857819.post-36355770494062211262010-03-29T01:18:00.000+08:002010-03-29T01:18:56.886+08:00Alternative way to grep IP address accurately from log fileThis post is an alternative way to grep IP address from log file, as a reply for <a href="http://linuxwave.blogspot.com/">Hisham Mohd Aderis</a> (linuxwave) <a href="http://linuxwave.blogspot.com/2010/03/grepping-ip-address-accurately.html">post</a>.<br />
<br />
Let say we have a log file that contain IP address as below<br />
<br />
$ cat ipadd.txt<br />
192.168.1.1<br />
192.168.1.10<br />
192.168.1.11<br />
192.168.1.100<br />
192.168.1.101<br />
<div>
<br /></div>
<div>
If we use just grep to get 192.168.1.1, all the IP address will be returned. This is because the default setting for grep regular expression is greedy, which means that it will match anything that have full or part of the string that we are searching for.</div>
<div>
<br /></div>
<div>
<div>
$ grep 192.168.1.1 ipadd.txt</div>
<div>
192.168.1.1</div>
<div>
192.168.1.10</div>
<div>
192.168.1.11</div>
<div>
192.168.1.100</div>
<div>
192.168.1.101</div>
<div>
<br /></div>
<div>
But, grep got a "-w" switch that will match only the word that we are looking for.</div>
<div>
<br /></div>
<div>
<div>
-w, --word-regexp</div>
<div>
Select only those lines containing matches that form whole</div>
<div>
words. The test is that the matching substring must either be</div>
<div>
at the beginning of the line, or preceded by a non-word</div>
<div>
constituent character. Similarly, it must be either at the end</div>
<div>
of the line or followed by a non-word constituent character.</div>
<div>
Word-constituent characters are letters, digits, and the</div>
<div>
underscore.</div>
<div>
<br /></div>
<div>
So, to match an IP address correctly, we should use the command as below</div>
<div>
<br /></div>
<div>
<div>
$ grep -w 192.168.1.1 ipadd.txt</div>
<div>
192.168.1.1</div>
<div>
<br /></div>
<div>
<div>
$ grep -w 192.168.1.10 ipadd.txt</div>
<div>
192.168.1.10</div>
<div>
<br /></div>
<div>
As shown, the IP address will be matched to the one that we are looking for.</div>
<div>
<br /></div>
<div>
Happy scripting. :)</div>
</div>
</div>
</div>
</div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-9857819.post-87468193385749180692010-01-04T16:09:00.000+08:002010-01-04T16:09:54.227+08:00My 2010 resolutionA lot of people failed to achieve their last year resolution. I did not make any resolution last year, but I believe I made a lot of progress last year. New job, better salary, Suse Linux Professional 10 certification, ITIL v3 Foundation certification... quite an achievement I would say.<br />
<br />
Most people also think, resolution should be made on new year day, but I think, resolution should be made year round. In Islam, there is a concept of daily <a href="http://www.sunnah.org/tasawwuf/muhasabah.htm">muhasabah</a> before you goes to sleep, to think what you have done good today, what you have not done what you should be doing, what bad thing that you have done and what you should do tomorrow to make sure it is a better day than yesterday, and you become a better person than yesterday.<br />
<br />
So, if you still don't have you 2010 resolution, read this article first: <a href="http://www.quirkology.com/UK/Experiment_resolution.shtml">New Year's Resolutions Experiment</a><br />
<br />
In essence, the article mention that <br />
<blockquote>
<i>Men were significantly more likely to succeed when asked to engage in
either goal setting (e.g., instead of trying to lose weight in general,
aiming to lose a pound each week), or focusing on the rewards associated
with achieving their goal (e.g., being more attractive to the opposite
sex). <br /><br />
Women were more successful when they told their friends and family about
their resolution, or were encouraged to be especially resilient and not
to give up because they had reverted to the old habits (e.g., if dieting,
treating a chocolate binge as a temporary setback rather than as failure).
</i>
<br />
</blockquote>
It also said that it is better to have only one resolution, and the resolution is specific.<br />
<br />
For 2010, I have several resolution, but I will try my best to achieve it for the length of the year. Here goes:<br />
<br />
<b>1. Be a Red Hat Certified Engineer</b><br />
<b>2. Learn Python, become a master, and get certified. </b><br />
<b>3. Be a Debian Developer</b><br />
<br />
Resolution number 3 will be very tough, but I know I should start doing something to become a Debian Developer. Let see if I can achieve what I have planned here by the end of the year :)<br />
<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-9857819.post-89484927639140447852009-12-17T16:38:00.000+08:002009-12-17T16:38:22.418+08:00Basic and fundamental knowledgeI was recently asked with some basic and fundamental question, directly related to Linux system administration job. When you are already a senior engineer, most of the time you will forget about the fundamental, or don't really care about it. But truth is, you still need to know about it, because it is so fundamental. People will judge you with this basic information to know that if you are really knowledgeable and your level is what you really say you are at. I'm not able to answer all the question satisfactorily, and feel somewhat ashamed about it. <br />
<br />
Let's learn it together.<br />
<br />
<br />
<b>1. What is the difference between a network hub and a network switch? </b><br />
<br />
When I search Google for the answer, I believe this site put it very nicely. Take a look at <a href="http://www.duxcw.com/faq/network/hubsw.htm">http://www.duxcw.com/faq/network/hubsw.htm</a> . In essence:<br />
<ul>
<li>Hub repeats the packet it receive on one port to the other port available</li>
<li>The bandwidth is shared across all the ports. If the hub is 10Mbps, with 5 ports, then each port can only transfer at max 2Mbps</li>
<li>Switch divides the network into multiple segment thus a pair of ports can communicate without affecting other pair of ports</li>
<li>Switch maintains a table of destination address and its port, so when a packet arrives, it will send the packet to the correct port</li>
<li>The bandwidth of the port is dedicated. If the switch is 10Mbps, with 5 ports, when port 1 connect to port 2, the bandwidth is 10Mbps for that instance, and when port 3 connect to port 4, the bandwidth is also 10Mbps for that instance</li>
</ul>
<br />
<b>2. How many bit are there in a MAC address?</b><br />
<br />
I cannot answer this question correctly. <b>The answer is 48 bit.</b> This site provides the information: <a href="http://compnetworking.about.com/od/networkprotocolsip/l/aa062202a.htm">http://compnetworking.about.com/od/networkprotocolsip/l/aa062202a.htm</a> . In essence:<br />
<ul>
<li>MAC address have 12 digit hexadecimal number</li>
<li>1 hex = 4 bit, thus 12 hex = 48 bit</li>
<li>Hex symbol is 0123456789ABCDEF</li>
<li>The first 6 hex digit represent the manufacturer<br /></li>
</ul>
<br />
<b>3. What is the difference between TCP and UDP?</b><br />
<br />
Wikipedia have the answer: <a href="http://en.wikipedia.org/wiki/User_Datagram_Protocol#Comparison_of_UDP_and_TCP">http://en.wikipedia.org/wiki/User_Datagram_Protocol#Comparison_of_UDP_and_TCP </a><br />
<ul>
<li>TCP is Transmission Control Protocol</li>
<li>TCP is connection oriented link</li>
<li>When a machine send a TCP packet, the receiving machine have to send back acknowledgment packet when it arrive</li>
<li>If sending machine fail to get the acknowledgment after certain time period, the packet will be resend again.</li>
<li>Example of TCP usage is between web server and web browser</li>
</ul>
<ul>
<li>UDP is User Datagram Protocol</li>
<li>UDP never guarantees that a packet will arrive at destination</li>
<li> When a machine send a UDP packet, it is not expecting acknowledgement from the receiving machine.</li>
<li>Example of UDP usage is audio streaming, and DNS</li>
</ul>
<br />
<b>3. What information are available in TCP packet? Name some of them.</b><br />
<ul>
<li> Source address</li>
<li>Destination address</li>
<li>Checksum</li>
</ul>
<br />
<b>4. What flag are available in TCP packet? Name some of them.</b> <br />
<br />
I also cannot answer this question correctly. The answer are: <br />
<ul>
<li>SYN</li>
<li>ACK<br /></li>
</ul>
<b><br /></b><br />
<b> 5. When you execute "uptime" command, there are 3 numbers at the end of the line. What are they?</b><br />
<br />
Answer here: <a href="http://linux.die.net/man/1/uptime">http://linux.die.net/man/1/uptime</a> . The 3 numbers are load averages for the past 1, 5, and 15 minutes.<br />
<br />
<br />
<b>6. What is the meaning of the load average number?</b><br />
<br />
Here is the answer: <a href="http://www.lifeaftercoffee.com/2006/03/13/unix-load-averages-explained/">http://www.lifeaftercoffee.com/2006/03/13/unix-load-averages-explained/</a> . It means "the average sum of the number of processes waiting in
the run-queue plus the number currently executing over 1, 5, and 15
minute time periods."<br />
<br />
<br />
<b>7. How do you know that the server is busy from the number?</b><br />
<br />
The best answer probably from this site: <a href="http://www.teamquest.com/resources/gunther/display/5/index.htm">http://www.teamquest.com/resources/gunther/display/5/index.htm</a> . For this question, I answered if the number is 2 or bigger, then the server is busy or under heavy load. This is relative, and you will know from experience handling Linux or Unix machines.<br />
<br />
<br />
<b>8. What happen when the machine is busy?</b><br />
<br />
I answered, the most noticeable clue is that you have trouble accessing the server remotely. When you SSH to the server, it will take a while before you are able to login. This is because the SSH connection is encrypted and the server will need to decrypt the data before able to give you access. Encryption and decryption takes big amount of CPU cycle, and if the machine is already busy, you will see it will take some time before you are able to login.<br />
<br />
Other than that, if the machine have small amount of memory, you will see a lot of disk activity, because the OS is swapping the application that resides in memory, but is not executed, to the disk to make way for application that have higher priority.<br />
<br />
<br />
<b>9. How do you list processes running in the machine?</b><br />
<br />
Use the command "ps"<br />
<br />
<b><br /></b><br />
<b>10. How do you terminate a misbehaving application?</b><br />
<br />
Use the command "kill -9 <appname>". The number 9 is sending the SIGKILL signal. To terminate application with the same name, use "pkill <appname>"<br />
<br />
<br />
<b>11. What other signal available?</b><br />
<br />
This site summarize it: <a href="http://linux.about.com/od/commands/l/blcmdl7_signal.htm">http://linux.about.com/od/commands/l/blcmdl7_signal.htm</a> . Other signal available is SIGHUP and SIGTERM. I answered SIGHUP is to restart an application, but most information in Internet said that SIGHUP is to re-read configuration file or to stop an application. You might need to search for more concrete answer.<br />
<br />
SIGTERM is terminate signal sent to application to stop it gracefully. When application receive a SIGTERM, it will do the necessary process to make sure it is stopped cleanly.<br />
<br />
<br />
<b>12. What is the difference between SIGKILL and SIGTERM?</b><br />
<br />
SIGTERM is a graceful termination signal. The application that receive the signal will try its best to stop or notify any dependency, and then terminating itself. For example, if a parent process got SIGTERM, and it has few child process, the parent process will notify the child process that the parent is being terminated, and the parent might also send SIGTERM to the child to terminate them before terminating itself. SIGTERM can be ignored if the application was programmed to do so.<br />
<br />
For SIGKILL, the application will be directly terminated by the OS. No information will be sent to any dependencies of the program. If a program have a child process, that child process might become orphan or zombie because its parent has been killed and it has no clue on what to do next. This kind of issue might cause further instability to the server if the server is already have some issue.<br />
<br />
<br />
<b>13. Have you experienced application that will not terminate even after you send SIGKILL signal? How do you terminate such application?</b><br />
<br />
More info here: <a href="http://en.wikipedia.org/wiki/Zombie_process">http://en.wikipedia.org/wiki/Zombie_process</a> . That application is called zombie application. To find zombie application, use command "ps aux | grep Z", where the zombie application will have Z as its status. You cannot killed a zombie application because it is already dead. What I usually do is, if the zombie process have a parent process, I will terminate the parent process, where most of the time the zombie process will terminate because its dependency to its parent has been terminated.<br />
<br />
But, there are cases that, when you terminate the parent process of the zombie, the zombie will then use process with PID 1 as its parent. Process with PID 1 is the init process, and it is the first process to run when the server starts. If this happen, you have no other way to kill the zombie other than rebooting the server.<br />
<br />
<br />
<b>14. What actually pkill command do?</b><br />
<br />
pkill will list the PID of the process that have the name as specified, then will terminate the application one by one. The default signal sent is SIGTERM.<br />
<br />
<br />
That's all. I have learned quite a lot after this event. Hopefully this post will be helpful to someone out there.<br />
Got comment? Let me know. :)<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-9857819.post-91907557164492250732009-11-10T18:17:00.000+08:002009-11-10T18:17:10.348+08:00Tracing bitmap in InkscapeDuring BOF session in <a href="http://mygosscon.oscc.org.my/2009/">MyGOSSCON 2009</a>, Nuhaa a.k.a <a href="http://cawanpink.net/">cawanpink</a> representing <a href="http://fosschix.my/">FOSSchix.my</a>, was presenting on how to use <a href="http://www.inkscape.org/">Inkscape</a> to produce graphic images. After her presentation, I inform her that Inkscape has the capability to trace bitmap into vector graphic, so that if you want to scale the image, it will not become blur (when scale down) or become boxy (when scale up). I guide her the step to produce the vector image. I believe a lot of Inkscape user also did not know much about this capability. This post will explain the step.<br />
<br />
Step: <br />
<ol>
<li>Search <a href="http://images.google.com/">Google Images</a> for the image that you want to trace. Usually you would like to trace logo to be use somewhere else. When you search for image, try to find big or medium size image. In this example, I want to search for 1Malaysia logo. </li>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/_B0umfWxvhps/SvkxXw_ayXI/AAAAAAAAABE/Ja3Y2LZC3so/s1600-h/googleimagesearch.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/_B0umfWxvhps/SvkxXw_ayXI/AAAAAAAAABE/Ja3Y2LZC3so/s400/googleimagesearch.jpg" /></a>
<br /></div>
<br />
<br />
<li>Download the logo to your computer. Here is the logo that I got. </li>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/_B0umfWxvhps/SvkxtmzPyNI/AAAAAAAAABM/i-dJEGE-y_M/s1600-h/1_malaysia.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/_B0umfWxvhps/SvkxtmzPyNI/AAAAAAAAABM/i-dJEGE-y_M/s400/1_malaysia.jpg" /></a>
<br /></div>
<br />
<br />
<li>Open the bitmap image in Inkscape. </li>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/_B0umfWxvhps/SvkzSCxRZII/AAAAAAAAABU/R3RNDK_7uLM/s1600-h/loadimage.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/_B0umfWxvhps/SvkzSCxRZII/AAAAAAAAABU/R3RNDK_7uLM/s400/loadimage.jpg" /></a>
<br /></div>
<br />
<br />
<li>Press Ctrl+A to select all the image. Then select the menu Path > Trace Bitmaps </li>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/_B0umfWxvhps/SvkzqYSyg6I/AAAAAAAAABc/tlkiFT0GzyI/s1600-h/menuselect.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/_B0umfWxvhps/SvkzqYSyg6I/AAAAAAAAABc/tlkiFT0GzyI/s400/menuselect.jpg" /></a>
<br /></div>
<br />
<br />
<li>Dialog option will be displayed. Select the option Colors, Stack scans and Remove background. After that, click the Update button. You will see a preview of the trace. If you are happy with the preview, click OK </li>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/_B0umfWxvhps/Svk0QWChFzI/AAAAAAAAABk/CO3AyOX-Qu0/s1600-h/option.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/_B0umfWxvhps/Svk0QWChFzI/AAAAAAAAABk/CO3AyOX-Qu0/s400/option.jpg" /></a>
<br /></div>
<br />
<br />
<li>The vector image will be available on top of the bitmap image. If you select the logo, you can move it around. In the picture below, I move the vector image to the right. </li>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/_B0umfWxvhps/Svk0xJ3QqsI/AAAAAAAAABs/5hVwCrYx10w/s1600-h/tracecomplete.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/_B0umfWxvhps/Svk0xJ3QqsI/AAAAAAAAABs/5hVwCrYx10w/s400/tracecomplete.jpg" /></a>
<br /></div>
<br />
<br />
<li>You can delete the bitmap image then move back the vector image to the canvas. After that you can do anything with the vector image. Here, I made a clone of the image, then scale it down. The image is still sharp because it is a vector. </li>
</ol>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/_B0umfWxvhps/Svk1ch5onDI/AAAAAAAAAB0/OVS7S3MKB6E/s1600-h/cloneandscale.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/_B0umfWxvhps/Svk1ch5onDI/AAAAAAAAAB0/OVS7S3MKB6E/s400/cloneandscale.jpg" /></a> <br /></div>
<br />
That's all. You can save the vector image to SVG format if you want to edit it again in the future.<br />
<br />
Happy drawing! :)<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-9857819.post-11565039431984587222009-11-05T18:01:00.001+08:002009-11-05T18:05:43.130+08:00Programming in PostScriptI have found my new craze! It is programming in PostScript! :D<br />
<br />
What is PostScript, you may ask? <a href="http://en.wikipedia.org/wiki/PostScript">PostScript</a> is a programming language optimized to print graphic and text. You can think it as a page description language, much like HTML is the document description language for the web. <br />
<br />
It all started when <a href="http://elhilal.blogspot.com/">Najmi</a> <a href="http://tech.groups.yahoo.com/group/mypenguin99/message/16983">posted</a> to <a href="http://tech.groups.yahoo.com/group/mypenguin99/">MyPenguin99</a> mailing list about the powerfulness of Python to generate a PDF file. It is called <a href="http://simson.net/notepaper/">Simson Garfinkel's Notepaper Generator</a>. Upon closer inspection, I found out that it is not the Python that is powerful, but it is the PostScript language that is powerful that you can program your paper document to look like what you want it to be.<br />
<br />
The Python script is just a script that help you to either enable or disable a feature, change the owner of the paper, and generate the calendar to be put into the PostScript file. From the PostScript file, it is converted to PDF by using <a href="http://pages.cs.wisc.edu/%7Eghost/doc/AFPL/6.50/Ps2pdf.htm">ps2pdf</a> command line program.<br />
<br />
Suddenly, a question pops in my head. How hard it is to hand-coded a Postscript file? I have never program a PostScript before and don't know the answer. But I'm going to find out.<br />
<br />
Few years back when I'm an electronic engineering student, graph paper is one of my tools of the trade. Back then, when I'm running out of graph paper, I have to buy a graph paper pad with 10 sheet in it, even though I might only need a single sheet to complete my assignment.<br />
<br />
So, to challenge myself for the PostScript programming, I'm planning to create a 1 mm by 1 mm grid that will occupy an A4 paper, with about 1 inch border from the edge of the paper. That should be easy, I think.<br />
<br />
And actually, it is easy! I just learned PostScript in 2 days from information available on the Internet, and also found a PDF file from Adobe called <a href="http://www-cdf.fnal.gov/offline/PostScript/BLUEBOOK.PDF">"PostScript Language Tutorial & Cookbook"</a>. It contains all the command that you need to know about programming in PostScript. Search Google using the keyword <a href="http://www.google.com.my/search?q=postscript+tutorial&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a">"postscript tutorial"</a>.<br />
<br />
PostScript is not hard. It is stack-based in the same manner as RPN calculator. And this is easy for me because I program Motorola microcontroller using stack-based instruction in assembly language during my university days :)<br />
<br />
The result of the PostScript file can be viewed without having to print it out, by using <a href="http://pages.cs.wisc.edu/%7Eghost/gsview/">GSview</a> for Windows. You can also use <a href="http://www.gnome.org/projects/evince/">Evince</a> for Gnome or <a href="http://okular.kde.org/">Okular</a> for KDE. The PostScript file can be converted to PDF file<br />
by using <a href="http://sourceforge.net/projects/pdfcreator/">PDFCreator</a> in Windows, or <a href="http://pages.cs.wisc.edu/%7Eghost/doc/AFPL/6.50/Ps2pdf.htm">ps2pdf</a> command line in Unix/Linux/BSD.<br />
<br />
Below are two screenshot of GSview, one viewing the A4 paper in whole, and the other zooming the paper to its width.<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_B0umfWxvhps/SvKc2_3agxI/AAAAAAAAAA0/tuQxAm6vpKw/s1600-h/gsview.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/_B0umfWxvhps/SvKc2_3agxI/AAAAAAAAAA0/tuQxAm6vpKw/s400/gsview.jpg" /></a><br />
</div><br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_B0umfWxvhps/SvKdKsUeUqI/AAAAAAAAAA8/SuF2N1cy9Dc/s1600-h/graph-zoom.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/_B0umfWxvhps/SvKdKsUeUqI/AAAAAAAAAA8/SuF2N1cy9Dc/s400/graph-zoom.jpg" /></a><br />
</div><br />
Get the source from the URL below. Now I can start to create my own <a href="http://en.wikipedia.org/wiki/Getting_Things_Done">GTD</a> paper organizer. :D<br />
<br />
Enjoy! :)<br />
<br />
<a href="http://sharuzzaman.tripod.com/file/graph.ps">http://sharuzzaman.tripod.com/file/graph.ps</a>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-9857819.post-28104182407446177792008-06-03T23:40:00.002+08:002008-06-04T01:38:00.178+08:00Having fun with Apache reverse proxyToday I managed to configure an <a href="http://httpd.apache.org/">Apache </a>reverse proxy. Why do I need a reverse proxy? Consider this scenario:<br /><ol><li>I got 2 public IP: 192.0.2.1 and 192.0.2.2</li><li>Firewall hold all the public IP via IP aliasing (eg. eth0:1 = 192.168.0.2.1, eth0:2 = 192.0.2.2)</li><li>I'm running authoritative DNS on my firewall</li><li>I initially have 2 webserver inside firewall, with IP address 172.16.0.1 (xavier) and 172.16.0.2 (magneto)</li><li>My domain name is example.com</li><li>Subdomain www.example.com is served by xavier, and webmail.example.com is served by magneto</li><li>DNS was configured so that www.example.com will be resolved to public IP 192.0.2.1 and webmail.example.com will be resolved to public IP 192.0.2.2</li><li>IPTables was used to redirect port 80 from public IP to its corresponding private IP (eg. 192.0.2.1 -> 172.16.0.1)</li><li>All webserver must run on port 80 and is using Apache 2.x.<br /></li></ol>Now, I want to add another web server with IP address 172.16.0.3 (cyclops), that should serve the subdomain dev.example.com<br /><br />How can I do that? I only have 2 public IP! I cannot use other non-standard port!<br /><br /><span style="font-weight: bold; text-decoration: underline;">The solution?</span><br /><br />It comes in the mixture of DNS and Apache reverse proxy.<br /><br />On DNS:<br />- add subdomain dev.example.com to resolve to public IP 192.0.2.1<br />- restart DNS service<br /><br />On Apache 2.x web server in xavier (172.16.0.1)<br />- make sure mod_proxy is enabled in /etc/httpd.conf<br />- create a new file in /etc/httpd/conf.d/ (eg. dev.example.com.conf)<br />- in the file, put the following directives<br /><br /><pre><br /><VirtualHost 172.16.0.1><br />ProxyPreserveHost On<br />ProxyPass / http://172.16.0.3/<br />ProxyPassReverse / http://172.16.0.3/<br />ServerName dev.example.com<br />ProxyRequests Off<br /><br /><Proxy *><br />Order deny,allow<br />Allow from all<br /></Proxy><br /></VirtualHost><br /></pre><br /><br />- restart Apache service<br /><br />That's it. Try to surf the new subdomain http://dev.example.com using anonymous surfing site (eg. <a href="http://anonymouse.org/">http://anonymouse.org/</a>) and you should be presented with the content of cyclops web server.<br /><br /><span style="font-weight: bold; text-decoration: underline;">How does it work?</span><br /><br />- The subdomain dev.example.com will be resolved to public IP 192.0.2.1 by our DNS server.<br />- Request for port 80 to dev.example.com will be forwarded to the Apache web server running on xavier (172.16.0.1)<br />- On xavier, the VirtualHost directive is aware that it is serving for subdomain dev.example.com<br />- But that directive contains a ProxyPass instruction to pass all request (hence "/" or root directory) to the server cyclops (172.16.0.3)<br />- It also have the directive ProxyPassReverse to pass everything received from cyclops back to the client as if the root (/) is on the server<br />- Other directive is left as an exercise to the reader to find out<br /><br /><span style="font-weight: bold; text-decoration: underline;">Other usage of Apache reverse proxy</span><br /><br />- Reverse proxy can be used to mask/map port 80 to webserver hosted on non-standard port (eg. 8080) **I believe IPtables port manipulation can achieve the same result<br /><br />- Shield not-so-secure I*S web server running on not-secure-at-all W*s host.<br />This will not protect against SQL injection or other web-based attacks. It can help to shield the server from OS related attacks because client will see that the webserver is Apache running on Linux, not I*S running on W*s. You might want to take a look at <a href="http://www.modsecurity.org/">mod_security</a> for added protection<br /><br /><br />Have fun :)Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-9857819.post-73102546444567347952008-05-09T00:33:00.003+08:002008-05-09T01:45:27.973+08:00Using shell script to solve problemI'm translating KDE4 to Malay language, but when I'm in the kdebase folder, I cannot determine which files that should be translated, and also have been neglected for some time. While I can check each file manually to determine its translation status, I'm really lazy to do the same thing again and again.<br /><br />By using shell script, I can automate the task and become more lazier :P<br /><br />Requirement:<br />List all po files according to date, older to newer, and only contain fuzzy or untranslated message.<br /><br />Solution:<br /><br /><pre>sharuzzaman@debian:/kde4-stable/kdebase$ cat -n list.sh<br />1 #!/bin/bash<br />2<br />3 for file in `ls -tr *.po`<br />4 do<br />5 output=`msgfmt -o /dev/null --statistics $file 2>&1`<br />6 fuzzyuntranslate=`echo $output | grep -e "fuzzy\|untranslated"`<br />7 if [ "$fuzzyuntranslate" != "" ]<br />8 then<br />9 echo $file<br />10 fi<br />11 done<br /></pre><br /><br />Let's take a look at the solution, line by line.<br /><br />Line 1: Declare the script as a Bash script<br /><br />Line 2: Blank space for clarity<br /><br />Line 3: This is the starting point of the "for" loop. The command "ls -tr *.po" will list all po files according to date and reversed, which means older to newer. We quote the command in backtick `` because we want the command to be executed, and the output to become the array of file name for variable "file"<br /><br />Line 4: The "do" is the part in the "for" loop that we process our list of files.<br /><br />Line 5: Execute the command "msgfmt -o /dev/null --statistics $file 2>&1" and put the result in variable "output". The 2>&1 redirection is required because the output for msgfmt is printed on stderr, not stdout, so we redirect it to stdout in order to capture it.<br /><br />Line 6: Echo back the variable "output" and check if it contain the word "fuzzy" or "untranslated" using grep. Put the result in variable "fuzzyuntranslated". If the variable "output" did not contain the word that we search for, the variable "fuzzyuntranslated" will be blank. We use "grep -e" because we have regular expression "|" that carry the meaning "or" on the command<br /><br />Line 7: Check if the variable "fuzzyuntranslated" is not blank (which means either contain fuzzy, untranslated, or both fuzzy and untranslated)<br /><br />Line 8: Then<br /><br />Line 9: Print out the file name that match our requirement.<br /><br />Line 10: Close the if block with fi<br /><br />Line 11: Close the do block with done<br /><br /><br />That's it. We have completed our requirement.<br /><br />The output should be a long list of filename. I can pipe it to "head" to get only the first 10 line of the filename.<br /><br /><pre>sharuzzaman@debian:/kde4-stable/kdebase$ ./list.sh |head<br />kdmgreet.po<br />nsplugin.po<br />kdialog.po<br />kdebugdialog.po<br />kcmkwindecoration.po<br />kcmusb.po<br />kcmstyle.po<br />kdmconfig.po<br />kcmscreensaver.po<br />khtmlkttsd.po<br /></pre><br /><br />Happy scripting :)Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-9857819.post-5719388833146842082007-07-23T01:49:00.000+08:002007-07-23T02:41:05.564+08:00Journey to NetBSD world - part zero<img style="FLOAT: left; MARGIN: 0px 10px 10px 0px; WIDTH: 200px; CURSOR: hand" alt="" src="http://i80.photobucket.com/albums/j173/sharuzzaman/NetBSD.png" border="0" />I’m always unhappy with Linux memory requirement for old and small memory PC. I have an Intel Pentium 133 MHz, with 64 MB RAM. Installing minimal <a href="http://www.debian.org/">Debian</a> Linux, without any other application will eat up as much as 50 MB of RAM, leaving only about 14 MB for application. On percentage basis, Linux took about 78% of system memory.<br /><br />Few people that I have asked about this issue, advise me to recompile the kernel, and remove any unnecessary thing that is available in the kernel. Well, being lazy, I want an OS that when installed out-of-the-box, will use small enough memory, while leaving a lot more for application.<br /><br />I have heard about <a href="http://www.netbsd.org/">NetBSD</a> for a long time, since I started using Linux in 2001. But, I don't have the courage to use it; maybe because when I first use Linux, I thought Linux is hard enough. BSD-based OS must be harder. But sometimes, necessity can be a good motivator for you to try something new.<br /><br />In this part zero, I will explain the preparation that I have done to install NetBSD on the machine. Because the machine already got Debian Sarge, I don't want to format it because I think it might come handy later. So, I bought a used 2GB hard disk drive, just for this exercise. It's not that expensive, only RM 16 <img src="http://i80.photobucket.com/albums/j173/sharuzzaman/happy.gif" /><br /><br />Because the PC can be considered a dinosaur, it can only boot from floppy and hard disk. There is no way to boot from CD. So, to get the floppy boot image, I browsed to <a href="http://ftp.netbsd.org/pub/NetBSD/NetBSD-3.1/i386/installation/floppy/">http://ftp.netbsd.org/pub/NetBSD/NetBSD-3.1/i386/installation/floppy/</a> and then downloading boot1.<span class="blsp-spelling-error" id="SPELLING_ERROR_0">fs</span> and boot2.<span class="blsp-spelling-error" id="SPELLING_ERROR_1">fs</span> using IE. (My office is using IE, <span class="blsp-spelling-error" id="SPELLING_ERROR_2">btw</span> <img src="http://www.geocities.com/sharuzzaman/tongue.gif" />)<br /><br />Then I download <span class="blsp-spelling-error" id="SPELLING_ERROR_3">WinRawrite</span> from <a href="http://www.chrysocome.net/rawwrite">http://www.chrysocome.net/rawwrite</a> to write the image into a couple of floppy disk. The write process complete, but when I tried to boot the floppy, the machine keeps rebooting. <span class="blsp-spelling-error" id="SPELLING_ERROR_4">Hmm</span>... why this is happening? NetBSD don't like my PC? NetBSD is not good enough? <img src="http://www.geocities.com/sharuzzaman/confused.gif" /> (scratching my head)<br /><br />Reading again the installation document, they already mentioned that the image must be downloaded in “binary” format. Downloading using web browser will result in the image downloaded as “<span class="blsp-spelling-error" id="SPELLING_ERROR_5">ascii</span>” format. They advised to download the image using FTP client, and setting the client to download in binary format.<br /><br />This time, the Debian installation really comes handy. I plug again the Debian hard disk; reboot the computer, and FTP into NetBSD ftp site. Download the image using binary format, then write the image into floppy disk. I write the image using dd command available in Debian.<br /><br /><span style="font-family:courier new;">dd if=boot1.<span class="blsp-spelling-error" id="SPELLING_ERROR_6">fs</span> of=/<span class="blsp-spelling-error" id="SPELLING_ERROR_7">dev</span>/<span class="blsp-spelling-error" id="SPELLING_ERROR_8">fd</span>0<br />dd if=boot2.<span class="blsp-spelling-error" id="SPELLING_ERROR_9">fs</span> of=/<span class="blsp-spelling-error" id="SPELLING_ERROR_10">dev</span>/<span class="blsp-spelling-error" id="SPELLING_ERROR_11">fd</span>0</span><br /><br />I re-plug the blank hard disk, then boot the computer with the NetBSD boot floppy, and few minutes later, NetBSD installation menu comes up on the screen. Wee… I manage to boot NetBSD <img src="http://i80.photobucket.com/albums/j173/sharuzzaman/happy.gif" /><br /><br />On next part of the journey, I will show what option I select during the installation, and how it progress after that. Till next time.Unknownnoreply@blogger.com0