Me in IT UNIX/Linux consultancy

Using the program SCP is not needed, use this scipt to use SSH for transferring files:

To use this trick in a shell script-wrapper:

Now "replace" the normal SCP by using an alias:

One flaw of this script is that all options will have to be configured statically in .ssh/config.

A jail broken Apple iPhone with OpenSSH installed is accessible over the internet using ssh and the default root password "alpine".

You can use a short script to find IP addresses that have port 22 open and try to login. You can run this script from your Mac or any Linux machine.

The IP-addresses of IP-addresses that have port 22 open are stored in /tmp/scan-iphones/open/*. Some of these IP-addresses are not iPhones, so not every IP-address listed there are vulnerable. To stop the script press [CTRL]+[c] or type touch /tmp/scan-iphones/stop.

Now that you have IP addresses where you can login, use one of these "features":

Read all text messages

From your Mac or any Linux machine, type:

See the call history

Listen to voicemails

From your Mac or any Linux machine, type:

Open the finder, drag the .amr files on Quicktime to listen to them.

To secure your iPhone, you can use one or more of these measures:

• Change the "root" password - On the Terminal, type # passwd.
• Change the "mobile" password - On the Terminal, type # passwd mobile.
• Disable OpenSSH start at boot time - Don't know how to do this yet.
• Stop OpenSSH for now - launchctl load -w /Library/LaunchDaemons/com.openssh.sshd.plist.
• Set "PermitRootLogin" to "No" - in /private/etc/ssh/sshd_config.
• If all fails: Uninstall OpenSSH - Using the tools that installed OpenSSH.

I hate it when people use week numbers, like "week 34". Week numbers are mostly not printed on any calendar or schedule. So; here is how to convert a date to a week number and a weeknumber to a date.

Converting the current date to a week number

This is an easy one, because the man page of date simply explains: %U - Displays week of the year(Sunday as the first day of the week) as a decimal number[00 - 53] . All days in a new year preceding the first Sunday are considered to be in week 0.

Converting a specific date to a week number

A little harder, that why you don't have to figure it out yourself, just copy-paste and replace to meet your requirements:

Converting a week number to a specific date

This is not an easy one and requires a very nasty trick. To get a day in week 23 for example, use this command:

(See that 23 is the week number you'd like to get a date from.)

We all love The Pirate Bay, I guess the Danish people do too.

Now that The Pirate Bay is blocked for Danish people, here is a recipe for connecting to The Pirate Bay after all.

UPDATE: Simply visit The Pirate Bay through Me in IT Consultancy.

1. Use a web-proxy in some other country.
This is a very simple trick. Go to either Proxify, Zend2, or any other anonymous proxy and enter http://thepiratebay.org/.

2. Use a proxy in some other country.
Find yourself an open proxy in any country but Denmark.
This trick is a little harder, because it's not very easy to find a working open proxy and the proxies that are open tend to be shutdown or closed sooner or later.

3. Setup an SSH-tunnel via some other country.
This is an even more difficult trick, but works rather stable. It requires your to have access to a Linux or UNIX box somewhere outside Denmark.
Using OpenSSH:

$ ssh -L 8080:thepiratebay.org:80 machine-in-other-country.example.com

When that's successful; visit http://localhost:8080 from your web browser.

Using Putty:

1. Open Putty. We are going to make a new profile, so be sure to save it.
2. Fill in the "Host name (or IP address)". This is the (free account on a) machine your are connecting to outside Denmark.
3. Click "Connection" - "SSH" - "Tunnels".
4. The source port is the entry of the tunnel, use "8080" for example.
5. The destination is where the tunnel is sent to. Set it to thepiratebay.org:80.
6. Click "Add". Be sure to save this session, so you don't have to type this all again.
7. Click "Open" to start the connection and the tunnel.

When that's successful; visit http://localhost:8080 from your web browser.

Good luck on you!

It's been one month (23 days) since I move to Amazons EC2, aka Amazon Cloud, aka AWS. Overall I am very pleased with the performance of my instance, which I use as a webserver. Also the extra volumes perform great. It's been up for 100% in Januari 2009.

Here are some numbers so you can get an estimate of what Amazon EC2 cost:

$0.11 per Small Instance (m1.small) instance-hour (or partial hour)	537 Hrs	$59.07
$0.100 per GB Internet Data Transfer - all data transfer into Amazon EC2	22.554 GB	$2.26
$0.170 per GB Internet Data Transfer - first 10 TB / month data transfer out of Amazon EC2	32.379 GB	$5.50
$0.010 per GB Regional Data Transfer - in/out between Availability Zones or when using public IP or Elastic IP addresses	0.023 GB	$0.01
$0.12 per GB-month of provisioned storage	23.073 Count	$2.77
$0.11 per 1 million I/O requests	4,398,873 Count	$0.48
Total		$70.09

Overall I'd recommend Amazon EC2, but it's a little more expensive than an average Private Hosting plan, but this setup is more scalable.

As a freelancer in Dutch IT, you will almost always use a contracting company. This company makes an initial contact with the end-customer and receives and pays your invoices.

When you are in contact with a new contracting company, you can check IT Bemiddelaars to see what a company has done before, compare rates and cost.

When you would like to review an "IT bemiddelaar", please go to IT Bemiddelaars to enter the information you'd like to share.

Besides the extensive OpenVPN documentation I couldn't really find a step by step guide on how to setup an OpenVPN server and client.

I want to be able to connect my Fedora Core 10 laptop to the home-network via a Fedora Core 10 server.

Overview of the network setup

The server is 192.168.0.1, running Fedora Core 10 with openvpn 2.1. Newer versions are likely to work as well.
The laptop has a dynamic IP address.

Setting up the server

Please read the OpenVPN documentation if you run into troubles.

First setup the Certificate Authority keys.

Now setup the Server key and the Diffie Hellman key.

And build the client keys, each client needs its own key, with a unique Common Name. The IP address assigned to the client is related to the Common Name, so if you use non-unique Common Names, you will have conflicting IP addresses.

Start the server by issuing:

Setting up the client

Move the ca.cert, client1.crt and client1.key to the client, in /etc/openvpn/keys and copy the configuration. You will need to modify the client.conf a little bit.

Start the client:

Checking if it worked

On both server and client issue ifconfig tun0 to see what IP-address is assigned to the entry of the tunnel. From the either end of the tunnel you should be able to ping the other end. Also tcpdump -n -i tun0 should work.

Hope this works for you as well, check out /var/log/messages for information. /etc/init.d/openvpn status dump a status of all connected clients to /var/log/messages.

It's very difficult to get grip on the estimates price of a "simple" LAMP server. Here are some numbers to help you get an accurate estimate of a LAMP server.

The setup

• One small Linux (Fedora) instance in Europe.
• One 30 Gb volume in Europe.
• Two 1 Gb volumes in Europe.
• Apache, Mysql on the same machine and PHP.
• Average daily visitors: 8000.

The price and numbers

• 730 small instance hours = $ 80.30
• 32 Gb of provisioned storage = $ 3.84
• 95 Gb traffic in = $ 9.50
• 27 Gb traffic out = $ 4.59
• 5 million IO requests = $ 0.55
• TOTAL $ 98.78 (Without tax)

So as a conclusion: One average webserver costs around $ 120,- (with tax) per month to run on the EC2. There are cheaper solutions to host your website(s), but Amazon EC2 provides the option to add a machine in a couple of minutes or even automated. This flexibility is not found in many other products.

While experimenting with Amazons interpretation of cloud computing, here is what I did to create persistent storage, create an instance and attach the storage to the instance.

Install and configure the local tools.

Go to Amazons developer section and download, unpack and install the files. Now edit ~/.bashrc (or any other file that is executed at login) and add this:

As you can see, I have the tools installed in ~/.ec2, the JAVA_HOME is set for a Mac OS X machine and I use the European Amazon infrastructure. Get a list of these regions with ec2-describe-regions.

Create a keypair.

Check out the wonderful section on Paul Stamatiou's website at "Getting Started". It describes how to create and use the keys.

Open ports 22 and 80.

You will have to authorize access from the internet to port 22 and 80, or any other. Here is how it's done:

default refers to all machines unless specified differently.
The option -p refers to a port number.

Create an instance.

An instance can be seen as an individual machine. It's virtual, but who cares about that? I use the image "ami-2a0f275e", but see other images can be used as well. Use ec2-describe-images -o amazon to get a list of available images owned (-o) by amazon.

The option -z specifies an "availability zone". Get a list of these zones with ec2-describe-availability-zones.
The option -k specifies what key to use. If you don't use this option, you will not be able to login using SSH.

Create a volume.

To allocate some space on the S3 infrastructure of Amazon, use this command:

The option -s 1 specifies that the size is 1 Gib.
The option -z is used to determine the availability zone, it needs to match the instance's zone.

Attach the volume to the instance.

When the volume is created; assign it to an instance with this command:

This only makes the device available, you will have to partition, format and mount it to use it.
The argument vol-38a24751 describes the volume to attach. Use ec2-describe-volumes to get a list of available volumes.
The option -i specifies the instance. Use ec2-describe-instances to get a list of available instances.
The option -d specifies the name under which Linux will recognize the volume. Login to you machine, type dmesg to see if attaching has worked. This is the ouput I got:

Logging into your instance

Login to your machine using SSH:

The option -i specifies the identity to use.
The argument MACHINE needs to be replaces with the public DNS name of you instance. Get a list of the named using describe-instances.
If you like to type less; add this to your ~/.ssh/config file:

From the moment on that you have added this configuration, you can simply login to your instance without any options, just the DNS name of the instance.

Formatting and mounting the volume.

Now that you are ready, login and type:

Mount the volume (once) by issuing:

There is 924 Megabytes (Mb) available. so you'll lose some 80 Mb's for the filesystem.

Setting a static IP.

You can continue to use the instance with this "static" IP, but to associate one IP with this instance, follow these steps. First register an IP:

You will see the IP printed on your screen.

Now link the IP with an instance.

Conclusion.

The Amazon elastic compute cloud and S3 facilities work great, I'm not sure about the availability of EC2, not about S3, but Amazon states that S3 should be more "secure" then storing stuff in the local storage of the instance.

Permissions in Linux (or UNIX) can be difficult to understand. Here is a step-plan to determine the right combination of permissions.

Either read in the "Explanation" field in the table below what you want to do, or do ls -l and see what it means. Each object (file, directory, sockets, device, etc) has 10 positions to indicate what's possible with the object. For example you could see -rwxr-x---. You can split the 10 positions up into these parts:

• The 1st character: what kind of object is it; - for file, d for directory, s for socket.
• The 2nd until and including the 4th character: the permissions for the owner of the object.
• The 5th until and including the 7th character: the permissions for the group that owns the object.
• The 8th until and including the 10th character: the permissions for others.

Numeric	Readable	Explanation
0	---	No access.
1	--x	Execute access.*
2	-w-	Write access.**
3	-wx	Write and execute access.***
4	r--	Read access.
5	r-x	Read and execute access.
6	rw-	Read and write access.
7	rwx	Read, write and execute access.

*= This is an odd combination, executing something that's not readable is not possible.
**= A strange combination; writing when you are not able to read.
***= This is an weird combination, you can't execute when you can't read the file, though you may write the file.

There are some special permission sets. When you see an "s" or an "S" on the location where you'd expect an "x", this means:

• "s" for the owner - If somebody is allowed to execute the script (group or other) then it's executed as if it was executed by the user. This is called a "set user id bit" or "suid" and can be set by appending a 4 to a permission set. For example: chmod 4755 object.
• S for the owner - The set user id bit was set, but no execute permissions were set in the first place. This is a broken set of permissions, but may be achieved by chmod 4650 object.
• s for the group - When somebody is allowed to execute a script (user or other) then it's executed as if it was executed by the group. This is called a "set group id bit" or "sgid" and can be set by appending a 2 to a permission set. For example: chmod 2775 object. This bit on a directory means all files in that directory that will be created, will be owned by the group that owns the directory.
• S for the group - The set group id bit was set, but no execute permissions were set in the first place. This is a broken set of permissions, but can be achieved by executing chmod 2745 object.