Marcos Placona Blog

Programming, technology and the taming of the web.

Category: Linux (page 2 of 3)

My findings about Linux, as well as some hints and tips on bash and terminal

Google Chrome OS and e few more changes

Reading time: 3 – 5 minutes

Yesterday the Google team posted an entry on all their blogs about a new operating system that is to come. They are going to call it Google Chrome OS.

The blog entry doesn’t really give away a great deal of details, but it states that this new OS will be open source, and be as lightweight as Google Chrome (the browser) is.
I have to be honest and say that initially I was very reluctant and sceptical about using Google Chrome, and it took me a while (about 6 months) to finally give up and give it another try.

In fact it’s been proving to be very stable, and really much faster than Firefox now. I still use Firefox on a daily basis, as it’s got all the plugins I need, and some of them are really necessary for my workflow, and I don’t know what I’d do without them.

Back to the OS announcements, I have a very “crude” impression that this is like another Linux distro, but with a Google’s face. I saw this comment on twitter this morning and really agreed with it.

Obviously I might be completely wrong and precipitated here, as I’ve been on Chrome’s release, but that was the impression the blog post left on me.
Also I wonder if it’s a way of Google saying “You tried to compete with us on our biggest tool, now we try to do the same on yours”. What I mean here is that Microsoft recently came up with Bing, which is a search engine aimed to compete with Google’s own search engine, and now it might be payback time.

Also, I really have a feeling that making it open source is not an act of kindness at all, as Google themselves said they will be getting help from the open source community to work on their OS. The reason why I think it’s just an act of kindness is the same reason why I think most open source projects (or at least some of them) do. They can get people to do things for them that they can’t really do.

I’ll give an example. Let’s say Windows has a very nice feature that Google Chrome OS doesn’t have. It would look bad, and sometimes be illegal for Google to go on and copy it. Of course people do it all the time, but wouldn’t it be more “graceful” if somebody else implemented this feature and signed his name? That way you can be exempt of every possible retaliation, as you’re only responsible for the core functionalities, and the ones you release, but you can’t really keep control of versions being released by “unscrupulous” third parties.

That’s more or less how I think things work, but obviously again I might be totally wrong, and this is only my sole opinion and point of view.
I really love Google and their products, and really think they have a great potential, and have some of the brightest minds, so by no reason they would need to copy anything or be competitive in an unfair way. I can really say the same about Microsoft, but still, that’s me.

On a side-note, I would like to say that after *only* 5 years in beta, Google Mail has finally reached a point where it’s no longer beta, and has its final version. It’s really funny and feels weird that they suddenly went from beta to final, as the email software has been stable for almost 4 years now.

The same happened to Google Calendar, Google Docs and Google Talk. It’s as if they suddenly realized that they forgot to remove the word beta of their logos, and did it all in one go.

I’d like to invite people to have a nice discussion and express their feelings on the comments about this whole Google Chrome OS vs Windows vs Linux.

CFML 101 – Protecting Railo admin folder

Reading time: 4 – 6 minutes

I have seen people asking this question more than two times now, so I decided it’s about time I write a blog post about it. In ColdFusion it was really easy to solve this problem, as CFIDE is a physical folder, so you could simply move it away from the webroot, and it wouldn’t be accessible to the entire world.

On Railo it’s a bit trickier, as the admin and server folders are virtual directories, hence you can’t simply “move it away”. Obviously it’s password protected, so people won’t simply have access to it and screw up with your configuration, but a more will powered person could easily brute force into it.

I have to reinforce here that a really will powered lad would probably break into anything, or even log into your server and make it a real mess. It’s always good to have this false security sensation though, so I’ll post here how I do my own security.
I use Apache HTTPD as my webserver, so all the steps described here will be related to it, and placed on the httpd.conf (/etc/httpd(or apache2)/conf on Linux and {apache_dir}Apache2.2conf)
We’ll start by creating a new location on the bottom of httpd.conf

<Location /railo-context/admin>
  Order deny,allow
  Deny from all
  Allow from 123.456.78 127.0.0.1 100.200.300.400
</Location>

We use location, because we can’t refer to a directory, as railo-context/admin IS NOT a physical directory. We then “say” we want this directory to be forbidden to every single IP except for a list we specify (delimited by a space for each IP).

Notice that the first IP I specified does not have the last part of it. for apache it means anything starting with 123.456.78 will pass. Something like (123.456.78.*). This is normally used by companies, where you will have a range of IP’s that need to access the admin.
On the second one I specify that I want my own server to be able to see it, in case I want to login to Railo admin from the local computer itself.
The third one is just a simple IP. Put as many as you find necessary.

We now have our administrative folders restricted to only a range f IP’s. Any other IP get’s a message saying it’s forbidden, and will never resolve, as the IP’s won’t match.

Time to reload our configuration so the changes get applied:

sudo /etc/init.d/httpd reload

Now for the security freaks:

If you are like me, and can never have enough, you can go even further by applying directory security to it, so anyone that even tries to hit the page will be prompted for login and password. Should they guess your login and passwords, they’re IP will still need to match and they will need to know your Railo’s password.
That’s how we do it:
Create a .htpasswd file anywhere you fancy. in this example we’ll create it on our dummy user’s home folder:

htpasswd -c /home/dummy/.htpasswd jane

and

htpasswd /home/dummy/.htpasswd peter

For each other user you want to create inside this same file. notice I don’t use -c on the second example, as I don’t need to create the file anymore, but simply append it with a new user and password. You can read more about it here.
We now go back to out httpd.conf and change our recently created location:

<Location /railo-context/admin>
Order deny,allow
Deny from all
Allow from 123.456.78 127.0.0.1 100.200.300.400
AuthUserFile /home/dummy/.htpasswd
AuthGroupFile /dev/null
AuthName "You must have a valid login and password to access this page."
AuthType Basic
<Limit GET>
require valid-user
</Limit>
</Location>

Same old thing until we reach AuthUserFile, as this “tells” Apache where to look for the password file we’ve just created, so when someone tried to login, it’ll go to the file and see if the values match. You can put any authentication message and limit the number of requests that can be made to this page, so brute force won’t break it, as it’ll error after a few attemtps.
Now, when you try to hit this folder, you will be prompted for login and password. If your login and password satisfy the server, it will then check if you IP matches with the range previously specified. If the server “is happy” with all that, you will then be able to see Railo’s admin page, but will still have to type your pasword to be able to see it. Once authenticated you no longer need to type the login and password for that session.
Don’t forget to reload your configurations again:

sudo /etc/init.d/httpd reload

I by no means think this is the best way to go, but it’s one way. There’s hundreds of ways to secure your folder, but this one is the one i found to be the easiest and most bullet proof.
Feel free to use the comments to post different ways, and I might update this post with it.

Installing YUM on CentOS 5

Reading time: 2 – 2 minutes

This is really for my future reference, but I thought someone would bump into that any time. I’m configuring a new CentOS 5 server and for my surprise it didn’t come with yum installed.

rpm -Uvh http://mirror.centos.org/centos-5/5.2/os/i386/CentOS/elfutils-libs-0.125-3.el5.i386.rpm
rpm -Uvh http://mirror.centos.org/centos-5/5.2/os/i386/CentOS/gmp-4.1.4-10.el5.i386.rpm
rpm -Uvh http://mirror.centos.org/centos-5/5.2/os/i386/CentOS/readline-5.1-1.1.i386.rpm
rpm -Uvh http://mirror.centos.org/centos-5/5.2/os/i386/CentOS/python-2.4.3-21.el5.i386.rpm
rpm -Uvh http://mirror.centos.org/centos-5/5.2/os/i386/CentOS/python-iniparse-0.2.3-4.el5.noarch.rpm
rpm -Uvh http://mirror.centos.org/centos-5/5.2/os/i386/CentOS/libxml2-2.6.26-2.1.2.1.i386.rpm
rpm -Uvh http://mirror.centos.org/centos-5/5.2/os/i386/CentOS/libxml2-python-2.6.26-2.1.2.1.i386.rpm
rpm -Uvh http://mirror.centos.org/centos-5/5.2/os/i386/CentOS/expat-1.95.8-8.2.1.i386.rpm
rpm -Uvh http://mirror.centos.org/centos-5/5.2/os/i386/CentOS/python-elementtree-1.2.6-5.i386.rpm
rpm -Uvh http://mirror.centos.org/centos-5/5.2/os/i386/CentOS/sqlite-3.3.6-2.i386.rpm
rpm -Uvh http://mirror.centos.org/centos-5/5.2/os/i386/CentOS/python-sqlite-1.1.7-1.2.1.i386.rpm
rpm -Uvh http://mirror.centos.org/centos-5/5.2/os/i386/CentOS/elfutils-0.125-3.el5.i386.rpm
rpm -Uvh http://mirror.centos.org/centos-5/5.2/os/i386/CentOS/rpm-python-4.4.2-48.el5.i386.rpm
rpm -Uvh http://mirror.centos.org/centos-5/5.2/os/i386/CentOS/m2crypto-0.16-6.el5.2.i386.rpm
rpm -Uvh http://mirror.centos.org/centos-5/5.2/os/i386/CentOS/python-urlgrabber-3.1.0-2.noarch.rpm
rpm -Uvh http://mirror.centos.org/centos-5/5.2/os/i386/CentOS/yum-metadata-parser-1.1.2-2.el5.i386.rpm
rpm -Uvh http://mirror.centos.org/centos-5/5.2/os/i386/CentOS/yum-3.2.8-9.el5.centos.1.noarch.rpm
yum -y update

Flash player for Linux

Reading time: < 1 minute

They finally made it! Adobe just released the Flash Player for Linux.
Now Linux users can deploy apps using the free Adobe Flex® 2 Software Developers Kit (SDK), Adobe Flash Player 9 and Flex Data Services 2 Express.
All this for free… nothing… nada… niente!
So if you’re using Linux, it’s a must to go to www.adobe.com/go/getflashplayerlinux and download it now!

Ripping MP3′s on Ubuntu

Reading time: < 1 minute

Mark Lynch posted how to rip MP3′s on Ubuntu.

I’ve never tested doing this, but will give it a try later

Check it out

Older posts Newer posts