rootninja

I was in Borders or Barnes and Nobles the other day and I saw a bunch of books with the number 2012 on the cover.  I’m sure there are tons of people trying to cash in on the next big end-of-the-world scenario which is sometime around the equinox on December 21st in the year 2012.  So here’s a bunch of interesting facts about the number 2012.

It’s a year in which there are five Wednesdays in February. The last time this happened was 1984 and the next would will be in 2040.

It’s a Canyon Number. The structure of the digits represents a canyon. The first and last digits are the same, but all the digits inbetween are progressively smaller as you get toward the center position.  The biggest number that matches this pattern is 9876543210123456789.  If you laid this out on a scantron, it would look like a giant V.

a(n)=1/120*n*(n^4+10*n^3+35*n^2+50*n+144). This sequence starts like this: 2, 8, 24, 60, 131, 258, 469, 800, 1296, 2012, 3014.  I’m sure somewhere to someone, this means something crazy.

Number of binary sequences of length n containing exactly one subsequence 001.  Come on now, doesn’t this sound like there should be a spooky reasoning behind this?  Ok there’s not, it just is what it is.

Triangle read by rows: T(n,k) is number of paths from (0,0) to (3n,0) that stay in the first quadrant (but may touch the horizontal axis), consisting of steps u=(2,1),U=(1,2), or d=(1,-1), and having sum of the heights of its pyramids equal to k (a pyramid is a sequence u^pd^p or U^pd^(2p) for some positive integer p, starting at the x-axis; p is the height of the pyramid). So now you’re asking where the heck did he get all these stupid facts?

No, I didn’t look all these up in a bunch of books.  I found a site where you can plug in any sequence of number(s) and it will tell you all about them.  Freaking great when you run across a sequence you know you recognize but don’t know the name of, or that you need the formula for!!!  Freaking amazing, I know right?

Online Encyclopedia of Integer Sequences

http://www.research.att.com/~njas/sequences/Seis.html

Continue reading

2012, math

Mmm… Hydrogen. Leave a comment if you’re an HHO’er. If you don’t know what HHO refers to, or you disagree with the definition. I’m curious to see if anyone stops by!

Continue reading

Got a process that you want to restart in a script but it doesn’t respond nicely?  Use the sleep command in your script and check its status after you start, stop, or kill it.  After incrementally backing off a few times, waiting longer and longer, I give up and exit with an error.  But you could come back later, or basically raise an exception by saving the value of “$?”. You can do this as you start a process and want to make sure it’s fully up and running before moving on because it dies sometimes unexpectedly.  There’s a ton of uses for sleep.

DAEMON=myapp
sudo /etc/rc.d/init.d/$DAEMON start
sleep 1
if [ `sudo ps -ef | grep -c $DAEMON` == "1" ]; then
sleep 2
if [ `sudo ps -ef | grep -c $DAEMON` == "1" ]; then
sleep 3
if [ `sudo ps -ef | grep -c $DAEMON` == "1" ]; then
sleep 3
if [ `sudo ps -ef | grep -c $DAEMON` == "1" ]; then
echo
echo “ERROR: $DAEMON did not restart.”
echo “Quitting Early!…”
exit 1
fi
fi
fi
fi

Continue reading

howto, processes, scripting, shell, sleep

The evil google empire has singled out my website and banned me for no apparent reason what-so-ever.  Those pricks couldn’t handle stroking the big $11 check once every few months for my super duperest blog.

The Google Team is out to get you, how to make them pay in 4 easy steps:

My Adsense account got banned.  Help!

1. Take a deep breath, calm down, and try to figure out why your account was banned. Know thy enemy.  You’re going to want to find evidence that there has been a mistake and to do that you’re going to need to know what the problem was in the first place.  While reading this, in your head it should sound something like, “well duh”.  Google might just tell you there were invalid clicks and that doesn’t exactly say much.  If you get slashdotted, dugg, or any variation of those with all the other social networking sites out there, you may get an influx of clicks.  If you’re under shared hosting, there’s probably a bunch of miscreants among you, physically sharing your server.  If you’ve ever had a VISA or American Express credit card, you’ve probably been hit with the hold on your account because of irregular usage patterns.  Your problem with google could be this simple in the end.
2. Contact Google Adsense. After you’ve calmed down!  Be professional and courteous to them.  Treat the problem with a cold and calculating seriousness that makes no bones about it.  It’s nothing personal, just business.  Don’t acuse, assault, or in any other terms annoy the people you’re asking to help you out.
3. Do you homework. If you have logs or other forms of evidence that you think proves you and your websites innocence, then by all means send it to them.  Include this type of information in your initial contact.  Don’t wait until your follow up to provide any proof or it might look made-up.
4. Patience Danielson. You may not get an instant response.  And by instant, I mean any time soon.  If you don’t hear anything after a few days, send a follow up message to them.  Wait a few more days and try again.  It would be better to have patience than to irk or otherwise annoy.

Continue reading

adsense, ban, google, money, silly

[user@localhost ~]$  cat ~/.ssh/id_rsa.pub ~/.ssh/id_dsa.pub | ssh user@remotehost ’sh -c “cat - >> ~/.ssh/authorized_keys”‘

You’ll be prompted for the password just this one last time.  This is perfect for running a script that runs several remote commands through ssh.  Here’s a script that checks for your keys and adds them if they’re not there.  You’ll get prompted for a password twice if the keys didn’t already exist, and then no more.

#!/bin/sh
MY_NAME=`hostname`
MY_IPADDR=`hostname -i`

CHECK_KEYS=`ssh user@remotehost “touch ~/.ssh/authorized_keys > /dev/null 2> /dev/null; \
chmod 700 ~/.ssh/authorized_keys; grep -e $MY_NAME ~/.ssh/authorized_keys”`

LENGTH=`expr $CHECK_KEYS” : ‘.*’`
if [ $LENGTH -lt 3 ]; then
# cat the keys
else
# they already exist
fi

Another way around the password prompting issue from running a bunch of ssh commands is to branch the script and have one branch check your hostname to make sure you’re not the remote host and then start running all your commands.  When you get to the stuff you want to do remotely, echo the script across your ssh tunnel and execute it.  Now in the script, go into the 2nd branch that only runs if the hostname check matches the remote host, and it will skip down to this part on the remote run.  This gets around having a 2nd script with all your remote commands in it.  It might not be elegant, but it works!

#!/bin/sh
if [ `hostname` != $1 ]; then
# you ran this script with the remote host as the 1st argument, so it’s not going to be equal, and it will run these commands
# do a bunch of local stuff here
cat $0 | ssh user@remotehost /bin/bash `hostname`

else

# i’m here because i’ve been called on the remote host
REMOTEHOST=$2
# now i can run commands as if they were local.  executing `hostname` now would now return the remotehost name.  So any variables you want to carry over to the remote host, such as where I was called from, just add them as additional arguments when you cat the script and grab them from $2, $3, … etc. when you enter this else clause!
fi

Continue reading

authorized_keys, bash, ssh

I wouldn’t do it this way for a production network, but i’ve set up similar configurations for testing in vmware, in a research environment, and in a production environment.  So instead of a step by step, here’s a quick run through… It should clear up some of the missing pieces when you try to go from a basic ldap server to multiple servers with startTLS encryption.

If you haven’t done this before, you might want to break it into pieces like getting just the primary LDAP  server up with no encryption first.  But you can find those how-to’s anywhere.  Go big or go home right?

On the Server, become root and install OpenLDAP packages.

The machine you designate as the ’server’ will need “openldap-servers” and “openldap-clients” because you’ll want the server to be a client of itself. You’ll also need “nss_ldap” which, from yum info, allows LDAP to be used as a primary source of aliases, ethers, groups, hosts, networks, protocol, users, RPCs, services, and shadow passwords, and contains PAM support for password changes, V2 clients, Netscape’s SSL, ypldapd, Netscape Directory Server password policies, access authorization, and crypted hashes.

$ sudo su -
# yum install openldap-server openldap-clients nss_ldap

Generate a master password using slappasswd, copy and paste this password into slapd.conf

# /usr/sbin/slappasswd
New password:
Re-enter new password:
{SSHA}kc20D+e1Q25OXi39YnfVvj8zSrSto3TT

My LDAP primary server’s hostname is “server1″.  I’ll also set up a replica server named “server2″.  My network’s domain is “mydomain.com”.  So your /etc/openldap/slapd.conf.  I’m going to setup both servers and the encryption all at the same time.  If you run into issues after all this, you might not know which part you’ve messed up at, but starting ldap using lots of logging will let us figure out where it’s hung up.  This should all come out fine and work like a charm, so just go for it. But if you really don’t like that approach, feel free to skip the encyption and/or replica server parts (comment them out and delete the “tls_ssf=256″ parts iin slapd.conf) and come back to them later.  Only the last section stating with comment “Replica” will be different on your replica server2.  They’ll point to your primary server, server1, of course!

The finished version of /etc/openldap/slapd.conf should look like this:

include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/misc.schema
allow bind_v2
pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

TLSRandFile /dev/random
TLSCipherSuite HIGH:MEDIUM:+SSLv2:+SSLv3:RSA
TLSCACertificateFile  /etc/openldap/cacerts/slapd1.pem
TLSCertificateFile    /etc/openldap/cacerts/slapd1.pem
TLSCertificateKeyFile /etc/openldap/cacerts/slapd1.pem

access to attrs=shadowLastChange,userPassword,shadowMax,shadowWarning
by tls_ssf=256 ssf=256 self write
by tls_ssf=256 ssf=256 anonymous auth
by * none
access to *
by tls_ssf=256 ssf=256 users read
by tls_ssf=256 ssf=256 self write
by tls_ssf=256 ssf=256 * read
by * none

database        bdb
suffix          “dc=mydomain.com”
rootdn          “cn=Manager,dc=mydomain.com”
rootpw  {SSHA}kc20D+e1Q25OXi39YnfVvj8zSrSto3TT
directory       /var/lib/ldap

timeout 30
cachesize 2500
checkpoint 256 30
searchstack 8

# Indices to maintain
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub

# Replicas
replica uri=ldap://server2.mydomain.com:389
bindmethod=simple
binddn=”cn=Manager,dc=mydomain.com”
credentials=PlainTextPassword
replogfile /var/lib/ldap/master-replog

The replica’s slapd.conf will include this part instead of the last section:

updatedn "uid=Manager,dc=mydomiain.com"
updateref ldaps://server1.mydomain.com

Create a self signed certificate on server1 and do it again on server2.

Put both pem files on both servers and on all clients.  Clients need the public part so they can talk to either server in case one goes kaboom! and a replica server has to take over for awhile.  Make sure you use the server’s hostname for “Common Name” when you’re creating them.  You can fill in the rest with whatever junk you want.

# cd /etc/openldap/cacerts/
# openssl req -newkey rsa:2048 -x509 -nodes \
-out server.pem -keyout server.pem -days 3650

You’ll get a server.pem file with the private key and certificate together.  The clients only need the certificate part in their /etc/openldap/cacerts/ directory in order to communicate with the servers.  If you want to save time and it’s just for demo installation, you can just leave the keys in there and copy the files to everyone.  NO I DO NOT RECOMMEND THIS FOR ANY TYPE OF PRODUCTION ENVIRONMENT!  I’m just saying that if you want to save time and you’re just testing this stuff out in virtual machines or a private network, then it will work!

Import the local accounts into the LDAP database.

It’s easiest if you just create all the local accounts you want to start with, using whatever method you normally use to make them.  I use useradd from the commandline.

# useradd -u 1234 -g 1234 -G wheel zerocool

Run the migration script to fill the ldap database with your accounts.

# /usr/share/openldap/migration/migrate_all_offline.sh
Creating naming context entries…
Migrating groups…
Migrating hosts…
…

Don’t panic!  They’re not actually migrating, they’re replicating.  Your local accounts will still be there and they’ll actually be looked at first on any machine because you’ll put “ldap” at the end of any lines in /etc/nsswitch.conf.  This means ldap will be considered after everything lese defined.  Think of it like how /etc/hosts supercedes DNS lookups.

Make sure the ldap user (automatically created by your openldap package installation) owns the files in your database directory and the certificates.

# chown -R ldap:ldap /var/lib/ldap
# chown ldap:ldap /etc/openldap/cacerts/*.pem

Edit /etc/sysconfig/ldap

You want to make it start LDAP and LDAPS so it will listen on ports 389 and 689.  It’s probably not necessary, but maybe you’ll run into a legacy application that uses encryption but doesn’t like StartTLS.

# cat /etc/sysconfig/ldap
…
# At least one of SLAPD_LDAP, SLAPD_LDAPI and SLAPD_LDAPS must be set to ‘yes’!
#
# Run slapd with -h “… ldap:/// …”
#   yes/no, default: yes
SLAPD_LDAP=yes

# Run slapd with -h “… ldapi:/// …”
#   yes/no, default: no
SLAPD_LDAPI=no

# Run slapd with -h “… ldaps:/// …”
#   yes/no, default: no
SLAPD_LDAPS=yes

Copy DB_CONFIG.example to the database directory.

If you don’t have this file or something like it, renamed to “DB_CONFIG” in there, you will see warnings when you try to start the ldap service.  So just copy and forget about it.

# cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/

At this point, the server side of things is done, however, you won’t be able to verify this until you set up the server as a client.  So continue on with server1.  Edit /etc/ldap.conf and tell it the server, where in the tree to start searching from, and where to get encryption info from.  Or you can just run /usr/bin/authconfig-tui which is provided by package “authconfig”.  This will prompt you for all the fields necessary to configure the machine for ldap.  I use “localhost” for the server, but the actual dns name or ip address for the server for the clients.

Configure /etc/ldap.conf on the clients (and the server so it can be a client of itself)

# cat /etc/ldap.conf
base dc=mydomain.com
uri ldap://localhost
timelimit 3
bind_timelimit 3
idle_timelimit 3600
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,tomcat,radiusd,news,mailman,nscd
ssl start_tls
tls_checkpeer yes
tls_cacertfile /etc/openldap/cacerts/slapd.pem
tls_randfile /dev/random
tls_cacertdir /etc/openldap/cacerts
pam_password md5

Configure the OS to actually acknowledge LDAP’s existence

Add “ldap” to the passwd, shadow, and group lines in /etc/nsswitch.conf and edit PAM settings. If you used authconfig-tui, this will get added automagically for you. When you’re done nsswitch should include this:

# grep ldap /etc/nsswitch.conf
passwd:     files ldap
shadow:     files ldap
group:      files ldap

Start the ldap service on the primary and replica servers.  You should see the primary server start both slapd and slurpd while the replica just starts slapd.  That’s it.

Continue reading

encryption, howto, ldap, replica, starttls

I need to talk to a little box that has an ip address and accepts tcp input to send on to a giant LED display.  I’m going to send messages across it as if it were the stock market tickers streaming along, or like the rolling display in Times Square that reports the news.

What do I want to use to do this while keeping it simple and straight forward? Java? C++? hmm… no wait I know, Python!!!  It’s just so freaking easy to do in Python.  Python is quickly becoming my favorite language.  There’s so much support for it, its like you can do just about anything in Python now-a-days!

So here’s a basic little test application to send some messages just so I can make sure the communication works.

from socket import *

host = 10.1.2.3

port = 80

s = socket(AF_INET, SOCK_STREAM)

s.connect((host, port))

s.send(”TEST123\n”)

That’s about as simple as it can get.  This won’t get us very much, but it’s a start and it lets me know I am talking to the right host, and that it’s accepting my connection.  If there was some sort of ACL on the little black box or it was listening for UDP, i’d get an immediate “Connection Refused” message when I executed this code and it got to the s.connect line.

I could start here and later build a nice app that makes letters and words scroll by.  Maybe I’ll even connect multiple displays and locate them physically next to each other.  Then I could have a message scroll through one display and then through the next, and the next.  But i’m getting ahead of myself here.

class mysocket:
        def __init__(self, sock=None):
            if sock is None:
                self.sock = socket.socket(
                    socket.AF_INET, socket.SOCK_STREAM)
            else:
                self.sock = sock
        def connect(host, port):
            self.sock.connect((host, port))
        def mysend(msg):
            totalsent = 0
            while totalsent < MSGLEN:
                sent = self.sock.send(msg[totalsent:])
                if sent == 0:
                    raise RuntimeError, "socket connection broken"
                totalsent = totalsent + sent
        def myreceive():
            msg = ''
            while len(msg) < MSGLEN:
                chunk = self.sock.recv(MSGLEN-len(msg))
                if chunk == '':
                    raise RuntimeError, "socket connection broken"
                msg = msg + chunk
            return msg

Continue reading

python, sockets

Create some new directories:

/var/spool/prngd/

/var/run/

Create a startup script for the random number generator in /etc/init.d

#!/bin/sh
# 10/04/2008
# Purpose: start, stop, status script for prngd
case “$1″ in
’start’)
/usr/local/sbin/prngd /var/spool/prngd/pool /var/run/egd-pool
;;
’stop’)
/usr/bin/kill `ps -ef | /usr/bin/grep prngd | /usr/bin/grep local | /usr/bin/awk ‘{print $2}’`
;;
’status’)
if [ "`ps -ef | /usr/bin/grep prngd | /usr/bin/grep local`" ]; then
echo prngd is running…
else
echo prngd is stopped.
fi
;;
*)
echo “Usage: $0 { start | stop | status }”
exit 1
;;
esac
exit 0

Create a startup script for sshd in /etc/init.d

#! /bin/sh
#
# start/stop the secure shell daemon
case “$1″ in
’start’)
# Start the ssh daemon
if [ -f /usr/local/sbin/sshd ]; then
echo “starting SSHD daemon”
/usr/local/sbin/sshd &
fi
;;
’stop’)
# Stop the ssh deamon
PID=`/usr/bin/ps -e -u 0 | /usr/bin/fgrep sshd | /usr/bin/awk ‘{print $1}’`
if [ ! -z "$PID" ] ; then
/usr/bin/kill ${PID} >/dev/null 2>&1
fi
;;
*)
echo “usage: /etc/init.d/sshd {start|stop}”
;;
esac

Don’t forget to link them both in /etc/rc2.d so they’ll start automatically.  I used 50 and 99 to try to make sure that prngd starts before sshd fires up.

# cd /etc/rc2.d

# ln -s ../init.d/prngd S50prngd

# ln -s ../init.d/sshd S99sshd

Create ssh public key pairs.  Don’t change these output names, the daemon expects them to be named like this and if you change them, you’ll see an error like no key found, ssh v1 not starting.  But who really cares, right?

# /usr/local/bin/ssh-keygen -d -f /usr/local/etc/ssh_host_dsa_key -N “”

# /usr/local/bin/ssh-keygen -b 1024 -f /usr/local/etc/ssh_host_rsa_key -t rsa -N “”

# /usr/local/bin/ssh-keygen -t rsa1 -f /usr/local/etc/ssh_host_key -N “”

Start the daemons and you should be good to go.  If you’re getting PRNGD not seeded errors, go take care of some other stuff, it will eventually stop as long as you installed prngd properly and started it up.  Generating the keys will probably take forever if you’re on an old Ultra 1 like me, give them a minute or two.  Entropy will take forever+1.  You can fill the seed files with garbage data if you want to speed it up.  If you’re still getting PRNGD errors an hour later, you could try the kernel patch to add /dev/random /dev/urandom support directly to the kernel.  (Sun patch 112438-03) I chose not to because I didn’t want to risk something going terribly wrong with this machine.  It’s unique in my environment and been shoved in a corner and forgotten about for a long time until now!

I also installed bash and top.  Bash was a no brainer!  I hate old ksh shells with broken backspaces, arrow keys, and lack of a command history.  They were both installed with pkgadd -d, no additional script writing or directory creating necessary.  If you have library issues after installed, run ldd on the binaries and do a google search to find what libraries packages you need.

Continue reading

ancient, bash, egd, gcc, popt, prngd, rsync, solaris, ssh, ssl, sun, sunfreeware, sunos, top, zlib

There’s a lot to do in Saints Row 2, so in order to get from mission to mission the quickest, you’ll want to surround yourself with the fastest cars available.  Get to your crib and find the “Customize Gang” area.  You get three gang cars that will randomly appear throughout the game in your hoods.  Ditch the slow ones you start with and use some exotics and maybe throw in a hummer or 4 door sport sedan.

This will make it easier to get to wherever you want to be because whenever you’re in your gang lands, you’ll see your cars all over the place.  When you see one, just press up on the dpad to recruit the driver and he’ll stop the car and get out immediately.  Normally when you try to carjack exotics on the street, they take off as soon as you make your move.  I like the exotics because they turn and brake quickly and get up to full speed the fastest, but it seems like all cars have the same top end speed.

Fly helicopters when you can.  The best ones in the game are the ambulance, police, and news helicopters.  That is, until you get the attack chopper.  But you won’t get to fly it outside of a mission until you’re at the end game.  All of the choppers fly about the same, but you’ll probably notice the Thompson chopper is almost broken.  You have to fly it pretty slow or else don’t even think about raising your altitude and flying straight at the same time.  You’ll end up upside down, crashing into stuff, and then exploding.

There were a lot of things in Grand Theft Auto that I didn’t like, such as annoying cousins calling me every five minutes wanting to get picked up.  The story line just got boring.  With all of the side missions and diversions available in Saints Row 2, you won’t get bored for a second.  And the story throughout the cut scenes is the best I’ve seen yet.  Other than the occasional glitch or complete freeze up, it’s one of the best games i’ve played. I like the idea of having melee styles, but the developers should have put more work into the hand to hand combat system

Continue reading

games, howto, lamborghini, review, saintsrow2, xbox