Friday, 11 April 2014
Patching Your OpenShift Origin Against Heartbleed vulnerability
Recently the heartbleed bug was exposed which existed in all the services that used OpenSSL 1.0.1 through 1.0.1f (inclusive) for years already. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet by reading the memory of the system without need of any kind of access.
I've been administering OpenShift applications recently and this post outlines the measures I took to secure the OpenShift applications from this critical vulnerability.
In order to check if you are vulnerable or not, you can either check OpenSSL version:
Alternatively, you can use one of the online tools or the offline python tool to check if you are vulnerable or not.
Note that in case of OpenShift origin, you will have to update the OpenSSL package in brokers and nodes such that all the OpenShift apps are secure.
Once completed, verify the installation of patched version:
We'll have to restart the proxy systems (node-proxy) for the nodes for the effect of the patch. In fact, we will have to restart all the services that use the vulnerable OpenSSL versions.
I hope this helps :)
Read more...
I've been administering OpenShift applications recently and this post outlines the measures I took to secure the OpenShift applications from this critical vulnerability.
In order to check if you are vulnerable or not, you can either check OpenSSL version:
# openssl version -a
OpenSSL 1.0.1e-fips 11 Feb 2013
built on: Wed Jan 8 07:20:55 UTC 2014
platform: linux-x86_64
OpenSSL 1.0.1e-fips 11 Feb 2013
built on: Wed Jan 8 07:20:55 UTC 2014
platform: linux-x86_64
Alternatively, you can use one of the online tools or the offline python tool to check if you are vulnerable or not.
Note that in case of OpenShift origin, you will have to update the OpenSSL package in brokers and nodes such that all the OpenShift apps are secure.
# yum install -y openssl
Once completed, verify the installation of patched version:
# openssl version -a
OpenSSL 1.0.1e-fips 11 Feb 2013
built on: Tue Apr 8 00:29:11 UTC 2014
platform: linux-x86_64
# rpm -q --changelog openssl | grep CVE-2014-0160
- pull in upstream patch for CVE-2014-0160
OpenSSL 1.0.1e-fips 11 Feb 2013
built on: Tue Apr 8 00:29:11 UTC 2014
platform: linux-x86_64
# rpm -q --changelog openssl | grep CVE-2014-0160
- pull in upstream patch for CVE-2014-0160
We'll have to restart the proxy systems (node-proxy) for the nodes for the effect of the patch. In fact, we will have to restart all the services that use the vulnerable OpenSSL versions.
# systemctl restart openshift-node-web-proxy.service
# /bin/systemctl reload httpd.service
# /bin/systemctl reload httpd.service
I hope this helps :)
Read more...
Patching Your OpenShift Origin Against Heartbleed vulnerability
2014-04-11T02:04:00+05:45
Cool Samar
fedora|heartbleed|openshift|openssl|security|
Comments
Labels:
fedora,
heartbleed,
openshift,
openssl,
security
Bookmark this post:blogger tutorials
Social Bookmarking Blogger Widget |
Saturday, 7 December 2013
MyISAM to InnoDB Engine Conversion
We are doing lots of MyISAM to InnoDB migrations in our production environment and since the engine conversion needs to be done for each table, its good to generate a script to do so when you have huge number of databases each having several tables. Here is the quick script to generate script for MyISAM to InnoDB engine conversion.
Once the SQL script is generated, all you need to do is run the sql file to your database server.
Note that while InnoDB is generally the better engine than MyISAM and MySQL has InnoDB as default engine since 5.5, MyISAM has its own benefits and you should make performance analysis in preferably a test environment while converting the engine type.
Read more...
mysql -u <user> -p -e "SELECT concat('ALTER TABLE \`',TABLE_SCHEMA,'\`.\`',TABLE_NAME,'\` ENGINE=InnoDB;') FROM Information_schema.TABLES WHERE TABLE_SCHEMA in ('database1', 'database2', 'databaseN') AND ENGINE = 'MyISAM' AND TABLE_TYPE='BASE TABLE'" | tail -n+2 > alter.sql
Once the SQL script is generated, all you need to do is run the sql file to your database server.
$ mysql -u <user> -p < alter.sql
Note that while InnoDB is generally the better engine than MyISAM and MySQL has InnoDB as default engine since 5.5, MyISAM has its own benefits and you should make performance analysis in preferably a test environment while converting the engine type.
Read more...
MyISAM to InnoDB Engine Conversion
2013-12-07T14:36:00+05:45
Cool Samar
database administration|mysql|
Comments
Labels:
database administration,
mysql
Bookmark this post:blogger tutorials
Social Bookmarking Blogger Widget |
Monday, 18 November 2013
Install HTTrack On CentOS
Since I could not find the rpm in the repo, here is the quick How To to install HTTrack website copier on CentOS.
This should do all. If you wish not to install zlib compression support, you can skip the first step and run the configure as ./configure --without-zlib. I hope this helps :)
Read more...
$ yum install zlib-devel
$ wget http://download.httrack.com/cserv.php3?File=httrack.tar.gz -O httrack.tar.gz
$ tar xvfz httrack.tar.gz
$ cd httrack-3.47.27
$ ./configure
$ make && sudo make install
$ wget http://download.httrack.com/cserv.php3?File=httrack.tar.gz -O httrack.tar.gz
$ tar xvfz httrack.tar.gz
$ cd httrack-3.47.27
$ ./configure
$ make && sudo make install
This should do all. If you wish not to install zlib compression support, you can skip the first step and run the configure as ./configure --without-zlib. I hope this helps :)
Read more...
Install HTTrack On CentOS
2013-11-18T19:00:00+05:45
Cool Samar
centos|fedora|tricks and tips|
Comments
Labels:
centos,
fedora,
tricks and tips
Bookmark this post:blogger tutorials
Social Bookmarking Blogger Widget |
Sunday, 10 November 2013
JPEG To PDF With Imagemagick
ImageMagick is an awesome toolkit with several powerful features for image creation and manipulation. You can use ImageMagick to translate, flip, mirror, rotate, scale, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bezier curves. Here, I will show how you can use ImageMagick suite to convert JPEG to PDF quickly.
First make sure imagemagick suite is installed in your system.
Ubuntu/Debian
CentOS/Fedora
Below are some of the examples of using convert which is a part of ImageMagick to convert Jpeg to PDF.
Single Image
Multiple Images
Resize and Convert
Negate and Convert
You can actually use different available switches to get your output as expected. I usually use PdfTk in conjunction with this technique to work in different scenarios and it really works great. I hope this helps :)
Read more...
First make sure imagemagick suite is installed in your system.
Ubuntu/Debian
$ sudo apt-get install imagemagick
CentOS/Fedora
$ sudo yum install imagemagick
Below are some of the examples of using convert which is a part of ImageMagick to convert Jpeg to PDF.
Single Image
$ convert image.jpg image.pdf
Multiple Images
$ convert 1.jpg 2.jpg 3.jpg output.pdf
Resize and Convert
$ convert -resize 80% image.jpg image.pdf
Negate and Convert
$ convert -negate image.jpg image.pdf
You can actually use different available switches to get your output as expected. I usually use PdfTk in conjunction with this technique to work in different scenarios and it really works great. I hope this helps :)
Read more...
JPEG To PDF With Imagemagick
2013-11-10T16:40:00+05:45
Cool Samar
command line|imagemagick|linux|pdf|pdf tool|pdftk|tricks and tips|
Comments
Labels:
command line,
imagemagick,
linux,
pdf,
pdf tool,
pdftk,
tricks and tips
Bookmark this post:blogger tutorials
Social Bookmarking Blogger Widget |
Saturday, 9 November 2013
Fix Your Ubuntu
Recently Ubuntu has been known for turning into an advertising company and has been accused of not protecting user's privacy so just came across this site that fixes your ubuntu by applying some patches to turn off some of the invasive features of Ubuntu.
FixUbuntu.com
Read more...
FixUbuntu.com
Read more...
Fix Your Ubuntu
2013-11-09T09:29:00+05:45
Cool Samar
bash|ubuntu|ubuntu 12.10|ubuntu 13.04|ubuntu 13.10|
Comments
Labels:
bash,
ubuntu,
ubuntu 12.10,
ubuntu 13.04,
ubuntu 13.10
Bookmark this post:blogger tutorials
Social Bookmarking Blogger Widget |
Wednesday, 6 November 2013
Recursion and Memoization - A Fibonacci Example
In this post, I will try to describe why memoization can be a great optmization technique in the recursive function implementations with an example of fibonacci sequence.
Straight from Wikipedia, memoization is an optimization technique used primarily to speed up computer programs by having function calls avoid repeating the calculation of results for previously processed inputs.
Basically, we maintain a lookup table and store the computer values for particular cases which lets us query and use the corresponding value for particular case present in the lookup tables. This reduces function call overheads. Now in order to understand why this is a great optimization technique in recursion, lets first draw a recursion tree for finding nth term in fibonacci sequence.
We can clearly see the calls to fib() with same arguments several times. For example, fib(1) is called 5 times and fib(2) 3 times. Thus, we are repeating same calculations multiple times and imagine how this would look like for large value of n. If we would have maintained the value of fib(n) in the lookup table when computed the value for the first time.
The python code without memoization looks like below and notice the runtime:
And, now with the memoization, you will notice significant improvement in runtime.
If you run and compare above two codes, you will find that the addition of memoization significantly improves the performance of recursive functions. Recursion are generally known to be terribly slow however memoization can make the difference insignificant. Some languages now provide memoization as the language feature natively or via third party APIs such as groovy memoize.
Read more...
Straight from Wikipedia, memoization is an optimization technique used primarily to speed up computer programs by having function calls avoid repeating the calculation of results for previously processed inputs.
Basically, we maintain a lookup table and store the computer values for particular cases which lets us query and use the corresponding value for particular case present in the lookup tables. This reduces function call overheads. Now in order to understand why this is a great optimization technique in recursion, lets first draw a recursion tree for finding nth term in fibonacci sequence.
fib(5) /\ / \ / \ / \ fib(4) fib(3) /\ /\ / \ / \ / \ / \ / \ / \ fib(3) fib(2) fib(2) fib(1) -> 1 /\ /\ /\ / \ / \ / \ / \ / \ / \ / \ / \ / \ fib(2) fib(1) fib(1) fib(0) fib(1) fib(0) -> 0 /\ | | | | | / \ 1 1 0 1 0 fib(1) fib(0) | | 1 0
We can clearly see the calls to fib() with same arguments several times. For example, fib(1) is called 5 times and fib(2) 3 times. Thus, we are repeating same calculations multiple times and imagine how this would look like for large value of n. If we would have maintained the value of fib(n) in the lookup table when computed the value for the first time.
The python code without memoization looks like below and notice the runtime:
#!/usr/bin/python def fib(n): if n == 0: return 0 if n == 1: return 1 val = fib(n-1) + fib(n-2) return val print fib(50)
And, now with the memoization, you will notice significant improvement in runtime.
#!/usr/bin/python known = {0:0, 1:1} def fib(n): if n in known: return known[n] known[n] = fib(n-1) + fib(n-2) return known[n] print fib(50)
If you run and compare above two codes, you will find that the addition of memoization significantly improves the performance of recursive functions. Recursion are generally known to be terribly slow however memoization can make the difference insignificant. Some languages now provide memoization as the language feature natively or via third party APIs such as groovy memoize.
Read more...
Recursion and Memoization - A Fibonacci Example
2013-11-06T22:49:00+05:45
Cool Samar
algorithms|python|recursion|
Comments
Labels:
algorithms,
python,
recursion
Bookmark this post:blogger tutorials
Social Bookmarking Blogger Widget |
Friday, 18 October 2013
Pattern Based Database GRANT In MySQL
At our workplace, we need to manage database access for different teams and rather than adding another grant on the addition of new database, I've been following a pattern based database access grants in MySQL.
We let different teams work on replicas of same database and hence append the terms such as _dev and _qa as the database prefix. And, we define GRANTS based on these patterns. An example would be something like below:
I hope this proves useful for some of you guys :)
Read more...
We let different teams work on replicas of same database and hence append the terms such as _dev and _qa as the database prefix. And, we define GRANTS based on these patterns. An example would be something like below:
GRANT ALL ON `%\_dev`.* TO 'user'@'%' IDENTIFIED BY 'password' WITH GRANT OPTION;
I hope this proves useful for some of you guys :)
Read more...
Pattern Based Database GRANT In MySQL
2013-10-18T10:35:00+05:45
Cool Samar
database administration|mysql|tricks and tips|
Comments
Labels:
database administration,
mysql,
tricks and tips
Bookmark this post:blogger tutorials
Social Bookmarking Blogger Widget |
Thursday, 17 October 2013
How I am Trying To Keep My Eyes Safe On Computer
Lately I've been on computer a lot and with this, the usual problem with most computer users has started to bother me. Going through some of the blogs online for keeping eyes safe while using computer, I came through few suggestions and in this post, I'm writing how I'm trying to keep my eyes safe. Though not tremendously helpful for everybody, I thought I would share this and you could also use my technique.
The problem with computer addicts is not getting their eyes off the computer for much longer period and though I've been trying to remember to keep my eyes off the computer in regular interval, I usually never implement this.
My two principles based on my readings on different websites are:
But, you can not really follow the rules so easily and I had to find some other alternative to do so. This is how I am doing it now.
Create two cron jobs for each of the above mentioned methods such that notify-send is triggered in each 20 minutes and each 2 hours informing you to keep yourself safe from computers. So my /etc/crontab looked like this:
You need to replace techgaun with your username and need to give correct path to the ico file if you like to use icon like me. Otherwise, you could just omit the icon in notify-send command. I hope this proves useful for some of you :)
Read more...
The problem with computer addicts is not getting their eyes off the computer for much longer period and though I've been trying to remember to keep my eyes off the computer in regular interval, I usually never implement this.
My two principles based on my readings on different websites are:
- 20-20-20: In the 20 minutes interval, keep your eyes away for 20 seconds (& view other objects which are around 20 feet away)
- 2 hrs rule: In the 2 hours interval, stay away from computers for at least 2 minutes.
But, you can not really follow the rules so easily and I had to find some other alternative to do so. This is how I am doing it now.
Create two cron jobs for each of the above mentioned methods such that notify-send is triggered in each 20 minutes and each 2 hours informing you to keep yourself safe from computers. So my /etc/crontab looked like this:
*/20 * * * * techgaun export DISPLAY=:0.0 && /usr/bin/notify-send -i /home/techgaun/Samar/scripts/eye_inv.ico "20 - 20 - 20" "Time to take rest. Keep your eye safe :)" 01 */2 * * * techgaun export DISPLAY=:0.0 && /usr/bin/notify-send -i /home/techgaun/Samar/scripts/eye_inv.ico "2 hrs eye rest" "Time to take rest for 2 minutes. Keep your eye safe :)"
You need to replace techgaun with your username and need to give correct path to the ico file if you like to use icon like me. Otherwise, you could just omit the icon in notify-send command. I hope this proves useful for some of you :)
Read more...
How I am Trying To Keep My Eyes Safe On Computer
2013-10-17T10:05:00+05:45
Cool Samar
centos|linux|tricks and tips|ubuntu|ubuntu 12.04|ubuntu 12.10|
Comments
Labels:
centos,
linux,
tricks and tips,
ubuntu,
ubuntu 12.04,
ubuntu 12.10
Bookmark this post:blogger tutorials
Social Bookmarking Blogger Widget |
Subscribe to:
Posts (Atom)