May 2013 - Page 2 of 2 - ☩ Walking in Light with Christ - Faith, Computing, Diary ☩ Walking in Light with Christ

Archive for May, 2013

Linux: Limiting user processes to prevent Denial of Service / ulimit basics explained

Monday, May 20th, 2013

Linux limiting max user processes with ulimit preventing fork-bombs ulimit explained

To prevent from various DoS taking advantage of unlimited forks and just to tighten up security it is good idea to limit the number of maximum processes users can spawn on Linux system. In command line such preventions are done using ulimit command.

To get list of current logged in user ulimit settings

hipo@noah:~$ ulimit -a

core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 16382
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) unlimited
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

As you see from above output, there is plenty of things, that can be limited with ulimit.
Through it user can configure maximum number of open files (by default 1024), e.g.:

open files (-n) 1024
You can also set the max size of file (in blocks) user can open – through:

file size (blocks, -f) unlimited
As well as limiting user processes to be unable to use more than maximum number of CPU time via:

cpu time (seconds, -t) unlimited
ulimit is also used to assign whether Linux will produce the so annoying often large produced core files. Those who remember early time Linux distributions certainly remember GNOME and GNOME apps crashing regularly producing those large useless files. Most of modern Linux distrubutions has core file produce disabled, i.e.:

core file size (blocks, -c) 0
For Linux distributions, where for some reason core dumps are still enabled – you can disable them by running:>

noah:~# ulimit -Sc 0
By default depending on Linux distribution max user processes ulimit is either unlimited in Debian and other deb based distributions or on RPM based Linuces versions of (Fedora, RHEL, CentOS, Redhat) is 32768.

To ulimit a current logged in user to be able to spawn maximum of 50 processes;

hipo@noah:~$ ulimit -Su 50 hipo@noah:~$ ulimit -a

core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 16382 max locked memory (kbytes, -l) 64 max memory size (kbytes, -m) unlimited open files (-n) 1024 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes (-u) 50 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited

-Su – assigns max num of soft limit to 50, to set a hard limit of processes, there is the -Hu parameter.

Imposing ulimit user restrictions, lets say a max processes user can run is set via /etc/security/limits.conf

In limits.conf, there are some commented examples, e.g., here is paste from Debian:

#*               soft    core            0
#root            hard    core            100000
#*               hard    rss             10000
#@student        hard    nproc           20
#@faculty        soft    nproc           20
#@faculty        hard    nproc           50
#ftp             hard    nproc           0
#ftp             –       chroot          /ftp
#@student        –       maxlogins       4

The @student example above, i.e.:

@student hard nproc 20

– sets maximum number of 20 processes for group student (@ – at sign signifies limitation is valid for users belonging to group).

As you can see there are soft and hard limit that can be assigned for user / group. soft limit sets limits for maximum spawned processes by by non-root users, soft limit can be modified by non-privileged user.
hard limit assigns maximum num of processes for programs running and only privileged user root can impose changes to that.
To add my user hipo to have limit of maximum 100 parallel running processes I had to add to /etc/security/limits.conf

hipo@noah:~$ echo 'hipo hard nproc 100' >> /etc/security/limits.conf

ulimit shell command is a wrapper around the setrlimit system call. Thus setrlimit instructs Linux kernel with interrupts depending on ulimit assigned settings.

One note to make here is whether limiting user has to use Linux system in Graphical Environment, lets say GNOME you should raise the max number of spawned processes to some high number for example at least 200 / 300 procs.

After limitting user max processes, You can test whether system is secure against fork bomb DoS by issuing in shell:

hipo@noah:~$ ulimit -u 50 hipo@noah~:$ :(){ :|:& };: [1] 3607 hipo@noah:~$ bash: fork: Resource temporarily unavailable bash: fork: Resource temporarily unavailable

Due to the limitation, attempt to fork more than 50 processes is blocked and system is safe from infamous denial of service fork bomb attack

Tags: bashrc, denial of service, Linux, linux user, maximum number, memory size, message queues, priority, signals, time priority
Posted in Computer Security, Linux, System Administration | No Comments »

Merging pictures on Linux command shell with ImageMagick merge

Friday, May 17th, 2013

It is generally useful to combine multiple pictures into single one. A example case, where merging pictures on Linux is necessary is if you previously used ImageMagick's convert command line tool to convert PDF file (pages) to JPEG / PNG pictures. Unfortunately convertion with convert(as far as I know is only capable of generating multiple picture files instead of one single one), thus you further need montage to merge pages in separate photos to one. In my case I had my Curriculum Vitae in PDF and I needed to have same PDF in single photo for my applications for online Job Employment Belarusian portal site rabota.tut.by.

montage is one of numerous ImageMagick package script (plugins).
On all major Linux distributions (Debian / Ubuntu, Fedora, CentOS, RHEL, SuSE) montage comes installed together with imagemagick deb / rpm package.

Whether you don't have montage on Debian / Ubuntu and deb derivatives install it via:

linux:~# apt-get install --yes imagemagick ....
On CentOS, Fedora, RHEL, SuSE to install montage:

[root@centos ~]# yum -y install imagemagick ....

To merge two JPEG Photos into single PNG format picture:
linux:~$ montage -geometry +2+2 Picture-1.jpeg Merged-picture.png

Combining more photos, lets say my 8 Pages photos output from previous PDF convert to pictures is done with:

linux:~$ montage -geometry +8+8 CV_Georgi_Georgiev_bg-0.png \ CV_Georgi_Georgiev_bg-1.png \ CV_Georgi_Georgiev_bg-2.png \ CV_Georgi_Georgiev_bg-3.png \ CV_Georgi_Georgiev_bg-4.png \ CV_Georgi_Georgiev_bg-5.png \ CV_Georgi_Georgiev_bg-6.png \ CV_Georgi_Georgiev_bg-7.png \ CV_Georgi_Georgiev_bg.png
montage has plenty of useful other options, to do various photo montages from command line. Other way to merge photos with montage is by using:

linux:~$ montage -mode concatenate -tile 1x input-pic*.jpg out.jpg

Merging photos is also possible by using directly convert.

Combining multiple photos into single JPEG or PNG with Imagick convert is done with:

linux:~$ convert -append input-pic-*.jpg combined-picture.jpg

Other example use of montage is located on ImageMagick's montage's script site here

Tags: bg 2, command line tool, command shell, geometry, georgi, ImageMagick, imagemagick package, jpeg photos, Linux, linux distributions, merging pictures, portal site, rhel, single one, Ubuntu
Posted in Everyday Life, Linux and FreeBSD Desktop, System Administration, Various | No Comments »

Linux: Fixing Qmail server qmail-smtpd port 25 slow (lagged) connect problem

Thursday, May 16th, 2013

After updating my Debian Squeeze to latest stable packages from repository with standard:
# apt-get update && apt-get upgrade

I routinely checked, if afterwards all is fine with Qmail?, just to find out connect to port 25 was hell delayed about 40-50 seconds before qmail responds with standard assigned Mail Greeting.
I Googled long time to see if I can find a post or forum thread discussing, exact issue, but though I found similar discussions I didn't found anything that exactly match problem. Thus I decided to follow the good old experimental try / fail method to figure out what causes it.

elow is pastes from telnet, illustrating delays in Qmail SMTP greeting respond:

# telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'.
# telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'.
# telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'.

I spend about 2 hours, checking Qmail for the standard so common errors, usually causing it to not work properly following my previous article testing qmail installation problems …

After going, through all of possible causes the only clue for problems, were some slowness with spamassassin. This brought me the idea that something is done wrong with spamassassin .I tried disabling, Spamassassin Razon and Pyzor restarting spamd through (in my case done not via the standard start/stop debian script) but through daemontools with svc and qmailctl i.e.:

# svc -d /service/spamd # svc -u /service/spamd # svc -a /service/spamd # qmailctl restart * Stopping qmail-smtpdssl. * Stopping qmail-smtpd. * Sending qmail-send SIGTERM and restarting. * Restarting qmail-smtpd. * Restarting qmail-smtpdssl. * Restarting qmail-pop3d. This doesn't help, so I continued trying to figure out, what is wrong .One assumption for slow qmail-smtpd responce was of course slow DNS resolve issues. I checked /etc/resolv.conf to find out server is configured to use local configured DJBDNS server as first line DNS resolver. I used djbdns for it is simple and easy to configure, however it is a bit obsolete so it was possible bottleneck. After commenting line to use localhost 127.0.0.1
and settings as primary DNS Google Public DNS 8.8.8.8, problem persisted so problems with hosts resolving was obviously not the problem.

I pondered for about 30 minutes, checking again all logs and checking machine processes. Just to remember before I experienced similar issues caused by unresolving RBL (blacklist IP) hosts. I checked configured SPF records in
(process list) and noticed following 4 hosts;

# ps auxwwf

7190 ? S 0:00 tcpserver -vR -l /var/qmail/control/me -c 30 -u 89 -g 89 -x /etc/tcp.smtp.cdb 0 25 rblsmtpd -t0 -r zen.spamhaus.org -r dnsbl.njabl.org -r dnsbl.sorbs.net -r bl.spamcop.net qmail-smtpd /var/qmail/control/me /home/vpopmail/bin/vchkpw /bin/true

I checked one by one hosts and find out 1st two hosts in line are no longer resolving (blacklist is no longer accessible) as before:

zen.spamhaus.org, dnsbl.njabl.org

DNSBL (DNS blocklist) is configured on this host via /service/qmail-smtpd/run, hence to remove two unresolvable hosts forcing the weird qmail-smtpd connect delay I had to modify in it:

RBL_BAD="zen.spamhaus.org dnsbl.njabl.org dnsbl.sorbs.net bl.spamcop.net"

RBL_BAD="dnsbl.sorbs.net bl.spamcop.net"
After a close examinations in mail server config /var/qmail/control/spfrules, found one other Unresolvable SPF Blacklist host configured ;
# cat /var/qmail/control/spfrules include:spf.trusted-forwarder.org
To move that one I null-ed file:

# cat /dev/null > /var/qmail/control/spfrules
Finally to take affect all changes, launched Qmail start:

# qmailctl restart Restarting qmail: * Stopping qmail-smtpdssl. * Stopping qmail-smtpd. * Sending qmail-send SIGTERM and restarting. * Restarting qmail-smtpd. * Restarting qmail-smtpdssl. * Restarting qmail-pop3d.
To check all was fine afterwards, again used telnet:

# telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 This is Mail Pc-Freak.NET ESMTP
Mail greeting now appears in about 2-3 seconds time.

Tags: clue, daemontools, google, google public, mail, pop3d, public dns, qmail installation, razon, responce, slowness, SMTPD, spamd, squeeze, stable packages
Posted in Linux, Qmail | 2 Comments »

How to create user with only FTP access on Linux

Saturday, May 11th, 2013

Linux access only to ftp How to prohibit ssh access on GNU Linux

Creating user with access only through FTP is vital in daily routine system administration job. The reason why it is good to disable SSH access to users which don't need it is of course better security. Disabling access to ssh shell for users which don't need it prevents you for user to run malicious code usually exploits or some DDoS Fork bombs – like the infamous Linux shell Denial of Service string;

`:(){ :|:&};:`

Better not try above string on productive server 😉
So back to the topic here how to add Linux FTP only user;

1. Create a regular user with adduser or useradd (depending) on GNU / Linux distribution

adduser is available across most Linux distributions nowadays, however I remember in past there was some distros which had useradd instead. Anyways for most adduser should be ok. As of time of writting both 3 main stream Linux distributions Slackware, Debian and Fedora has adduser.

linux:~# adduser new-user-for-ftp-only

Adding user `new-user-for-ftp-only' …
Adding new group `new-user-for-ftp-only' (1006) …
Adding new user `new-user-for-ftp-only' (1005) with group `new-user-for-ftp-only' …
Creating home directory `/home/new-user-for-ftp-only' …
Copying files from `/etc/skel' …
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for new-user-for-ftp-only
Enter the new value, or press ENTER for the default
    Full Name []: New Linux User Only for FTP access
    Room Number []:
    Work Phone []:
    Home Phone []:
    Other []:
Is the information correct? [Y/n] Y

linux:~#
2. Change user shell /bin/bash to /bin/false

Again depending on Linux distribution by default /bin/bash /bin/sh or /bin/whatever shell will get added. To make just created user access to SSH disabled. Change shell to /bin/false – a tiny program which just returns a FALSE value and quits immediately.

There are two ways to do so;

a) Edit directly /etc/passwd with vim / joe

linux:~# vim /etc/passwd
Go to end of file and find the record for user, should be smth like:

new-user-for-ftp-only:x:1005:1006:New Linux User Only for FTP access,,,:/home/new-user-for-ftp-only:/bin/bash
Change to;

new-user-for-ftp-only:x:1005:1006:New Linux User Only for FTP access,,,:/home/new-user-for-ftp-only:/bin/false
b) Use chsh cmd

linux:~# chsh new-user-for-ftp-only

Changing the login shell for new-user-for-ftp-only
Enter the new value, or press ENTER for the default
Login Shell [/bin/bash]: /bin/false

linux:~# grep -i new-user-for-ftp-only /etc/passwd

new-user-for-ftp-only:x:1005:1006:New Linux User Only for FTP access,,,:/home/new-user-for-ftp-only:/bin/false

3. Testing if ssh access to new user is disabled

linux:~# ssh new-user-for-ftp-only@localhost

new-user-for-ftp-only@localhost's password:
Linux noah 2.6.32-5-amd64 #1 SMP Mon Feb 25 00:26:11 UTC 2013 x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Connection to localhost closed.

Tags: adduser, change user, distros, fedora, ftp access, home directory, linux distribution, linux shell, linux user, main stream, most linux distributions, routine system administration, unix password, user information, useradd
Posted in Computer Security, System Administration, Various | 2 Comments »

The day of Victory over Nazism Russia and Belarus

Thursday, May 9th, 2013

Today 9th of May in Russia, Belarus, Ukraine and Kazakhstan still celebrate the day of Victory over Nazism in World War II. In relation to that in those country the day is official holiday. And everyone celebrates for great heroism of Soviet Soldiers who beat up Germany and Hitler's Nazism regime.
Unfortunately in Bulgaria and many of ex-countries part of Soviet Union does not celebrate it anymore. Today in Bulgaria we mark up the Artificial Holiday of Creation of European Union.

Лев Лещенко и хор МВД России – День Победы [HD] – The day of Victory

Вставай страна огромная. / Rise up Big Country

Парад Победы на Красной площади 9 мая 2012 (полное видео)/ Day Parade of the Red Square 9-th of May 2012

Tags: bulgaria, european union, everyone, germany, holiday, mark, official, relation, russia, Soviet Soldiers, Soviet Union, today, Ukraine
Posted in Everyday Life, Rant, Various | No Comments »

Linux: Understanding uptime command Load Avarage statistics / When load avarage is high?

Wednesday, May 8th, 2013

GNU / Linux load avarage explained load avarage from top command

There is probably no Linux system administrator who, don't have idea about system Load Avarage. Most of admins however does have some brought idea about what kind of load avarage is critical but doesn't have good understanding on the 3 digits returned as a load avarage i.e. – load average: 2.47, 2.27, 2.02 shown in above ascii graphs ( generated by tload command).

What is Load Avarage ?

The number of blocking processes in the run queue averaged over a certain time period.

A blocking process is a process that is waiting for something to continue. Typically, a process is waiting to use:

CPU Time, Disk Input / Output oper. or Network I / O

Thus logically the higher the Load Avarage, the more processes has to wait for access to CPU, HDD and Network I/O.

The most two common commands used where load avarage appear are;

w – who

and

uptime

mx:/home/hipo# w 11:07:56 up 513 days, 1:04, 1 user, load average: 1.92, 1.95, 1.84 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT hipo pts/0 www.pc-freak.net Thu19 0.00s 0.06s 0.02s sshd: hipo [priv]

mail:/home/hipo# uptime 11:03:59 up 513 days, 1:00, 2 users, load average: 2.11, 1.91, 1.81

Other common place to check load avarage is in top cmd:

mail:/home/hipo# top
Linux top command load avarage showing server system load 3 digits of load avarage explained

a) Optimum machine use – Load Avarage 1

So what does load avarage: 1.74, 1.90, 1.83 really means? The 3 digits are showing system load avarage over the last 1, 5 and 15 minutes time. Meaning;

– before 1 minute system had a load of 1.74
– 5 minutes before it was 1.90
– and 15 minutes back 1.83

Usually Load Avarage of more than 1 is considered critical. If a system is working with a load avarage of 1 this means the system is working capacity. In best cases in terms of optimizing processes on server with hardware it is good the system is working in load of 0.70 or 0.80. Whether a traffic the machine gets is planned in most cases a load avarage of exactly 1 means machine hardware is properly utilized. However whether the load avarage is hitting over 1 this usually means you have to think about moving server to new hardware. It is general rule of thumb that if system load is exceeeding 0.70 it is time to migrate to better hardware.

b) Load avarage on Multi-core / Multiprocessor servers

Load avarage of 4 on 4 CPU cores server hardware is optimum one. Each core / CPU on machine should get maximum of load avarage 1. Load avarage of 1 means CPU is utilized in 100%. Load avarage of 4 on 4 CPU server hardware means all 4 processors are working in their maximum power of 100%. For people who have multi processor server the best way to show utilization is by running htop. There all 4 CPUs will show idle of 0%.

Hence rule to calculate normal load avarage for server is;

1 Load Avarage per CPU. Therefore for 24 CPU Intel Xeon hardware. Load Avarage under 1*24.00 = 24.00 is considered normal. On such a server whether load avarage jumps to 50.00 / 70.00 or above server becomes totally irresponsive and it is very likely to hang because of over-heating. Even if it continues working it will work extremely slow and even simply operations like ssh to it will become hardly possible and sometimes even access via ssh will be not possible.

Therefore Rule of Thumb for calculating which load avarage is okay for a server is;

Number of CPU / Cores should not exceed digit returned in Load Avarage stats

c) Critical – Load avarage >5 – A sure sign for unresponsive or soon to hang server

On Computers with just 1 CPU, load avarage of 5 is sure sign running services will lag brutally and server will become inaccessible. For multicore / multiprocessor servers big troubles can be expected, whether load avarage is about 1/2 of the maximum number of of Load Avarage; (for 8 CPU Multicore hardware). A load avarage of 8 + ( 1/2 * 8 ) = 12 is sure sign system is stoned and running services inaccessible.

d) load avarage: 1.74, 1.90, 1.83 – Is 1 / 5 or 15 minutes LA numbers more important to consider?

All are important however 5 and 15 minutes load avg. give better indication on what's happening with machine as current load can peak for just a second to a higher number, being misleading.

To get number of CPU / Cores use cmd;

mail:/home/hipo# grep 'model name' /proc/cpuinfo | wc -l 24
For more precise info on CPU type and model use;

mail:/home/hipo# cat /proc/cpuinfo

processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 44
model name      : Intel(R) Xeon(R) CPU           E5645 @ 2.40GHz
stepping        : 2
cpu MHz         : 2400.094
cache size      : 12288 KB
physical id     : 0
siblings        : 12
core id         : 0
cpu cores       : 6
apicid          : 0
initial apicid : 0
fpu             : yes
fpu_exception   : yes
cpuid level     : 11
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good xtopology nonstop_tsc aperfmperf pni dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm dca sse4_1 sse4_2 popcnt lahf_lm ida arat tpr_shadow vnmi flexpriority ept vpid
bogomips        : 4800.18
clflush size    : 64
cache_alignment : 64
address sizes   : 40 bits physical, 48 bits virtual
power management:
……
………

If you hit abnormal high load avarage, it is useful to check in top process list what is top process / processes causing highest system load. It is useful to run ps with following arguments

mail:/home/hipo# ps axuwwf

Look in STAT column. Processes in STAT have 3 states;

R – Running
S – Sleeping
D – Waiting for something

Usually processes with status of D – are ones causing problems. If you get D STAT-ed processes check further what's wrong with them and fix it. If there are none, simply, number of clients using machine pop-ed up meaning you need to quickly move to better hardware host.

e) Getting notified via email whether load avarage exceeds certain value

A good way to get notified or do certain action like restarting Apache WebServer or other common process causing high loads is through monit. Monit is very usefukl for notifying on high load avarages or even better for Restarting processes imposing high loads.

You can always use a few liners shell script to mail to email or SMS2Email mailbox similar to this tiny shell script to restart apache on high load.There is also a Ruby lang tool – Scout to monitor and report high load avarages

Tags: cpu time, digits, disk input, freak, good understanding, hipo, Linux, linux system administrator, mail, oper, queue, sshd, statistics, time period
Posted in Linux, System Administration | No Comments »

Trip to Geographical Center of Europe Polotsk Belarus

Tuesday, May 7th, 2013

I spend 3 days from last week with my beloved girlfriend Svetlana in Polotsk Belarus. Since I'm here in Belarus for only 21 days, I'm trying to see as much as possible from what is remarkable from this beautiful green country. Polotsk is famous with;

Polotsk (ÐŸÐ¾Ð»Ð¾Ñ†Ðº) is old Orthodox Christian Spiritual center and oldest city of Belarus (founded y. 862)
It is famous for being home city of Saint Efrosinia Polotskaya
Polotsk is Geographical Center of Europe
Saint Ephrosinia Church (12th century) – where Cross of st. Efrosinia is kept
Museum of Book-printing – one of the best in Europe
"The Stone of Boris" – monument of old Slavonic culture
Spaso Efrosinievsky Nuns Monastery (Convent) – (established y. 1582) – monastery islocated 15 minutes from Central Train Station

It is interesting that probably the greatest Belarusian enlightener enlightener Frantsysk Skorina was born in Polatsk, Skorina is among most important people of Belarus of all time. It was in Polotsk also when first Belarusian "printer" was used.

I went to Polotsk with absoultely no idea what to expect. To reach there we travelled on a Belarusian train in a sleeping coupe. Mentioning train I should say train station in Minsk is very well organized and looks very European, the only inconvenient thing from other Western countries trains is you have to call Train Station and reserve ticket in advance. If you don't do so there is a high risk there are no free tickets.

Ð’Ð¾ÐºÐ·Ð°Ð» Vokzal Central Train Station Minsk Belarus

Central Railway Station Minsk, Belarus

Minsk Central Train Station Vokzal Minsk / Ð’Ð¾ÐºÐ·Ð°Ð» ÐœÐ¸Ð½ÑÐº

Minsk inside Central Train station (Copyright Wikipedia)

The train we were in was old probably 25 or 30 years old, but inside all was clean and well maintained, the train windows had curtains and in between coupe corridors there was even carpet. The train toilet seemed a bit ancient and was a bit dirty, but I guess this is normal as even in developed countries like Holland train toilets are bit dirty. Smoking inside the train just like in Bulgaria nowadays was prohibited. Overall train travel was from 11:53 to 08:20 The train is quite slow if compared to Western European but, was confortable and most importantly warm. Going down from train in Polotsk, I noticed even though the train station was little it was generally well organized. We left our laggage in a Luggage Keeping Room (very cheap for 1 day it costs about 1 euro or less!).

Polotsk is a famous tourist destinations for people from Russia and Ukraine, so finding and booking a Hotel in advance was a bit of a struggle. Thanksfully Svetlana managed to book in advance a Hotel Parus. Hotel cost was cheap too about 12 EURO per night for person. Parus hotel was destinated quite good, with rooms having a sightview to Dvina River
After leaving our luggage in Train Station, we went for an eat and find out prices in cafeterias are very low too. We eat quickly in tiny cafeteria – Mini Cafe and for Coffee Tea and a small snacks we pay only about 1.5 euro!
As Polotsk is small with inhabitants of only 80 000 ppl and is a famous spiritual center for centuries – the city "feels" very calm and relaxed. It is very easy to orientate too, the central part of the city is located in less than 10 minutes walk from Central Train Station. Next to train station is the Central Bus Station. The central part has few old monuments and just 3 minutes after crossing the central part (on the right)you reach the part with 3 of city landmarks;

– Historical Museum of Book Printing
– Saint Sophia Cathedral
– Bogoyavlensky sybor (Epiphany Cathedral Church)

Saint Sophia Cathedral Polatsk

River view to Saint Sophia Cathedral Polatsk

Cathedral of Epiphany Polotsk, Belarus

Svetlana planned, we stay 1 day in Polotsk and then travel to one of the other old cities of Belarus Grodno and then to Vitebsk, however we were so tired and Polotsk was so beautiful that we decided stay in Polotsk for one more day. On first day in Polotsk near the hotel there was a small Inn (Damyan) offering menu with traditional Belarusian kitchen food. We ate two nights there and in general the prices there were normal for a tourist city – a dinner for 2 costs 15 / 20 euro. The inn decoration was with traditional tools and objects used in old times Belarusian living style. Unsurprisingly many of the tools were very similar to ones in Bulgaria so I felt pretty much like in our traditional Bulgarian taverns ( Mehana ).

On Second day we catch bus number 4 (IRC) to reach to Spaso Efrosinievsky Monastery – named so in honor of st. Efrosinia of Polotsk. It is my first I visit Belarusian / (Russian) Monastery and honestly I was amazed how well all in monastery is organized.

Spaso Efrosinievski manastir Polotsk Belarus main Church building

Starting from Buildings Church buildings and even Nuns and Priests I met I can say Belarusian Spiritual Life is on supreme level. The Monastery had 3 Church buildings, where on the picture you see two of the Church buildings. The architecture of main Church was very much in Byzantine Eastern Style and the Church architecture differs from the usual Russian styled Churches, I've seen in Minsk and Polotsk. The Church architecture very much reminded me of our homeland Churches in Bulgaria.
The main Church building keeps thousand of Christian saints and st. Martyrs Holy Relics. Just to name a few – relics of St. martyr Georgi, st. Seraphim Sarovski, st. Longin (the keeper of the Lord's tomb), st. mrtr Panteleimon, st Nicolas, st Spiridon …
On the left near the alter walls are kept the Holy incorruptable body of saint Efrosinia Polatskaya, The holy incorruptible body of the saint is 10 centuries old!

In Church photography was prohibited so unfortunately I couldn't take picture of st. Efrosinia's Holy Body. On the left and right corner of the Church near the outer doors there are a number of saints Holy relics to venerate. On the right near the Church Alter, there was a shrine containing a holy relics piece of approximately 100 of the greatest Christian saints!!!
The blessing one gets by visiting the monastery is great, being in the Church and near the Holy relics makes one feel the Pure Joy of Grace of the Holy Spirit flowing.
I and Svetlana stay for half of the evening service and then took to our hotel in Polotsk receiving the blessing of multtude of saints. On the next day, took our baggage and on our way to Train Station, we saw an old house used currently as Kids Museum. I've been in a kids museum already and I know though it is made for Children the joy to be there is not different even for adults as in each of us lives a kid. Below are few pictures from the Kids Museum 🙂

Kids-Museum-Polotsk-Belarusian-architect-Church-in-building

Inside Kids museum (Church inside building 🙂 )

old-Belarusian-things-traditional-Belarusian-instrument

Old Belarusian Musical Instrument (top in Yellow)

kids-museum-Polotsk-Georgi-and-Svetlana

Weighting tools Kids museum (Me and Svetlana)

On 3rd day of our stay in Polotsk, we catch a bus back to Minsk. The bus was a small mini-bus very similar to ones we have in Bulgaria. Just like with almost everything in Belarus it was necessary to reserve and buy our bus tickets in advance (on previous day).
In General we had great time in Polotsk. It is cheap there are things to see and it is small and everything is nearby you. If you happen be in Belarus visit Polotsk for a day or 2 its worthy.

Tags: beloved girlfriend, bulgaria, europe, geographical center, orthodox christian, polotsk, svetlana, toilet, toilets, train station, train windows, western countries
Posted in Christianity, Everyday Life, Various | No Comments »

Running multiple skype accounts in parallel on Windows XP and 7 / Run Skype client twice or more on Windows

Saturday, May 4th, 2013

Whether you tried running simultaneously more than 1 Skype clients by clicking twice on Skype Desktop icon or invoking Skype via Windows Start menu; You already have figured out that Skype on Windows is set-up by defaykt to only support one logged in Skype user.
In case you wonder why on earth someone might need to run in parallel few Skype accounts on one Windows PC, possible scenario is;;;

You work for a company and just for clarity you have to communicate with clients from one skype name and with another skype name to communicate to company management.

In Linux in Skype version this is not so and thus for people like me who come from Linux it is rather uneasy to not be able to login in second Skype instance, whether you go to a friend who already keeps logged in with his Skype user …

Thus this triggered me to research a bit if simulatenous user login is possible?
Yes it is possible and very easy, to do so the user has to run manually Skype from command line like so:

On 32bit PC hardware with 32 bit of Microsoft Windows issue in win cmd.exe (command prompt) from:

START -> RUN -> cmd.exe

cd C:\\Program Files\\Skype\Phone\\

C:\\Program Files\\Skype\\Skype /secondary

or to directly paste in command prompt:

“C:\\Program Files\\Skype\\Phone\\Skype.exe” /secondary

If you are on a 64bit machine run in cmd prompt:

“C:\\Program Files (x86)\\Skype\Phone\\Skype.exe” /secondary

To easily run few instances of Skype in parallel, you can make shortcuts on Desktop. pointing to any of both above commands.

That's all now you can login as many skype users as you like on 1 Win PC. All parallel logged in users can receive and write messages. However you should bear in mind that situation with answering Skype calls is a bit complicated as you cannot speak in parallel through different logged in skype users. Anyhow whether you have to react on Skype voice / video calls incoming in similar or same time from 2 skype accounts, you can use – Set Skype Call on Hold functionality and hence keep voice video in parallel with different skype accounts.

Tags: bear in mind, bit, Call, clarity, cmd, command, company management, desktop icon, earth, exe, instances, Linux, login, machine, Microsoft, microsoft windows, pc hardware, run, Run Skype, Shortcuts, Skype, Skype Desktop, support, video, Windows, windows pc, windows xp
Posted in Everyday Life, Various, Windows | 1 Comment »

Fixing common WordPress empty page error

Thursday, May 2nd, 2013

A very common error for wordpress based blog / site whenever you modified
something inside pluginsis to receive empty page screen on user visit.

This error often is because of any installed WordPress caching plugins like
WP SUPER CACHE

W3 TOTAL CACHE.

One way to solve it is to delete from wp-config/plugins/ Folder whatever plugin is
causing the troubles.

If this doesn't fix the error and you need to Debug what is causing the odd
Empty pages.
Open wp-config.php and somewhere near beginning of file include:

error_reporting(E_ALL); ini_set('display_errors', 1);
define( 'WP_DEBUG', true);

After saving wp-config.php and refreshing WP size in Browser
(after cleaning browser cache)

if you get an error like:

`Fatal error: Allowed memory size of 8388608 bytes exhausted (tried to allocate 252212 bytes) in /var/www/blog/wp-includes/cache.php on line 4`

This is due to set maximum System Wide memory Limit of PHP Scripts to 8MB.

To solve that raise the PHP Limit to lets say 64M from wp-config.php by adding
in it line:

define('WP_MEMORY_LIMIT', '64M');

That's all WordPress should be working normal again.

Enjoy 🙂

Tags: config, memory limit, memory size, page error, php scripts
Posted in Everyday Life, Various, Web and CMS, Wordpress | No Comments »

☩ Walking in Light with Christ – Faith, Computing, Diary

Archive for May, 2013

How to create user with only FTP access on Linux

`:(){ :|:&};:`

The day of Victory over Nazism Russia and Belarus

Лев Лещенко и хор МВД России – День Победы [HD] – The day of Victory

Вставай страна огромная. / Rise up Big Country

Парад Победы на Красной площади 9 мая 2012 (полное видео)/ Day Parade of the Red Square 9-th of May 2012

Trip to Geographical Center of Europe Polotsk Belarus

Fixing common WordPress empty page error

`Fatal error: Allowed memory size of 8388608 bytes exhausted (tried to allocate 252212 bytes) in /var/www/blog/wp-includes/cache.php on line 4`

Daily Bible quote

GET ARTICLE UPDATES

Useful blog? Help it:

Links to Other Places

Recent Posts

Ads

Categories

About Myself

Recent Comments

Top Post Views

blogtopsites