Posts Tagged ‘blogged’

Improve Apache Load Balancing with mod_cluster – Apaches to Tomcats Application servers Get Better Load Balancing

Thursday, March 31st, 2016

improve-apache-load-balancing-with-mod_cluster-apaches-to-tomcats-application-servers-get-better-load-balancing-mod_cluster-logo


Earlier I've blogged on How to set up Apache to to serve as a Load Balancer for 2, 3, 4  etc. Tomcat / other backend application servers with mod_proxy and mod_proxy_balancer, however though default Apache provided mod_proxy_balancer works fine most of the time, If you want a more precise and sophisticated balancing with better load distribuion you will probably want to install and use mod_cluster instead.

 

So what is Mod_Cluster and why use it instead of Apache proxy_balancer ?
 

Mod_cluster is an innovative Apache module for HTTP load balancing and proxying. It implements a communication channel between the load balancer and back-end nodes to make better load-balancing decisions and redistribute loads more evenly.

Why use mod_cluster instead of a traditional load balancer such as Apache's mod_balancer and mod_proxy or even a high-performance hardware balancer?

Thanks to its unique back-end communication channel, mod_cluster takes into account back-end servers' loads, and thus provides better and more precise load balancing tailored for JBoss and Tomcat servers. Mod_cluster also knows when an application is undeployed, and does not forward requests for its context (URL path) until its redeployment. And mod_cluster is easy to implement, use, and configure, requiring minimal configuration on the front-end Apache server and on the back-end servers.
 


So what is the advantage of mod_cluster vs mod proxy_balancer ?

Well here is few things that turns the scales  in favour for mod_cluster:

 

  •     advertises its presence via multicast so as workers can join without any configuration
     
  •     workers will report their available contexts
     
  •     mod_cluster will create proxies for these contexts automatically
     
  •     if you want to, you can still fine-tune this behaviour, e.g. so as .gif images are served from httpd and not from workers…
     
  •     most importantly: unlike pure mod_proxy or mod_jk, mod_cluster knows exactly how much load there is on each node because nodes are reporting their load back to the balancer via special messages
     
  •     default communication goes over AJP, you can use HTTP and HTTPS

 

1. How to install mod_cluster on Linux ?


You can use mod_cluster either with JBoss or Tomcat back-end servers. We'll install and configure mod_cluster with Tomcat under CentOS; using it with JBoss or on other Linux distributions is a similar process. I'll assume you already have at least one front-end Apache server and a few back-end Tomcat servers installed.

To install mod_cluster, first download the latest mod_cluster httpd binaries. Make sure to select the correct package for your hardware architecture – 32- or 64-bit.
Unpack the archive to create four new Apache module files: mod_advertise.so, mod_manager.so, mod_proxy_cluster.so, and mod_slotmem.so. We won't need mod_advertise.so; it advertises the location of the load balancer through multicast packets, but we will use a static address on each back-end server.

Copy the other three .so files to the default Apache modules directory (/etc/httpd/modules/ for CentOS).
Before loading the new modules in Apache you have to remove the default proxy balancer module (mod_proxy_balancer.so) because it is not compatible with mod_cluster.

Edit the Apache configuration file (/etc/httpd/conf/httpd.conf) and remove the line

 

LoadModule proxy_balancer_module modules/mod_proxy_balancer.so

 


Create a new configuration file and give it a name such as /etc/httpd/conf.d/mod_cluster.conf. Use it to load mod_cluster's modules:

 

 

 

LoadModule slotmem_module modules/mod_slotmem.so
LoadModule manager_module modules/mod_manager.so
LoadModule proxy_cluster_module modules/mod_proxy_cluster.so

In the same file add the rest of the settings you'll need for mod_cluster something like:

And for permissions and Virtualhost section

Listen 192.168.180.150:9999

<virtualhost  192.168.180.150:9999="">

    <directory>
        Order deny,allow
        Allow from all 192.168
    </directory>

    ManagerBalancerName mymodcluster
    EnableMCPMReceive
</virtualhost>

ProxyPass / balancer://mymodcluster/


The above directives create a new virtual host listening on port 9999 on the Apache server you want to use for load balancing, on which the load balancer will receive information from the back-end application servers. In this example, the virtual host is listening on IP address 192.168.204.203, and for security reasons it allows connections only from the 192.168.0.0/16 network.
The directive ManagerBalancerName defines the name of the cluster – mymodcluster in this example. The directive EnableMCPMReceive allows the back-end servers to send updates to the load balancer. The standard ProxyPass and ProxyPassReverse directives instruct Apache to proxy all requests to the mymodcluster balancer.
That's all you need for a minimal configuration of mod_cluster on the Apache load balancer. At next server restart Apache will automatically load the file mod_cluster.conf from the /etc/httpd/conf.d directory. To learn about more options that might be useful in specific scenarios, check mod_cluster's documentation.

While you're changing Apache configuration, you should probably set the log level in Apache to debug when you're getting started with mod_cluster, so that you can trace the communication between the front- and the back-end servers and troubleshoot problems more easily. To do so, edit Apache's configuration file and add the line LogLevel debug, then restart Apache.
 

2. How to set up Tomcat appserver for mod_cluster ?
 

Mod_cluster works with Tomcat version 6, 7 and 8, to set up the Tomcat back ends you have to deploy a few JAR files and make a change in Tomcat's server.xml configuration file.
The necessary JAR files extend Tomcat's default functionality so that it can communicate with the proxy load balancer. You can download the JAR file archive by clicking on "Java bundles" on the mod_cluster download page. It will be saved under the name mod_cluster-parent-1.2.6.Final-bin.tar.gz.

Create a new directory such as /root/java_bundles and extract the files from mod_cluster-parent-1.2.6.Final-bin.tar.gz there. Inside the directory /root/java_bundlesJBossWeb-Tomcat/lib/*.jar you will find all the necessary JAR files for Tomcat, including two Tomcat version-specific JAR files – mod_cluster-container-tomcat6-1.2.6.Final.jar for Tomcat 6 and mod_cluster-container-tomcat7-1.2.6.Final.jar for Tomcat 7. Delete the one that does not correspond to your Tomcat version.

Copy all the files from /root/java_bundlesJBossWeb-Tomcat/lib/ to your Tomcat lib directory – thus if you have installed Tomcat in

/srv/tomcat

run the command:

 

cp -rpf /root/java_bundles/JBossWeb-Tomcat/lib/* /srv/tomcat/lib/.

 

Then edit your Tomcat's server.xml file

/srv/tomcat/conf/server.xml.


After the default listeners add the following line:

 

<listener classname="org.jboss.modcluster.container.catalina.standalone.ModClusterListener" proxylist="192.168.204.203:9999"> </listener>



This instructs Tomcat to send its mod_cluster-related information to IP 192.168.180.150 on TCP port 9999, which is what we set up as Apache's dedicated vhost for mod_cluster.
While that's enough for a basic mod_cluster setup, you should also configure a unique, intuitive JVM route value on each Tomcat instance so that you can easily differentiate the nodes later. To do so, edit the server.xml file and extend the Engine property to contain a jvmRoute, like this:
 

.

 

<engine defaulthost="localhost" jvmroute="node2" name="Catalina"></engine>


Assign a different value, such as node2, to each Tomcat instance. Then restart Tomcat so that these settings take effect.

To confirm that everything is working as expected and that the Tomcat instance connects to the load balancer, grep Tomcat's log for the string "modcluster" (case-insensitive). You should see output similar to:

Mar 29, 2016 10:05:00 AM org.jboss.modcluster.ModClusterService init
INFO: MODCLUSTER000001: Initializing mod_cluster ${project.version}
Mar 29, 2016 10:05:17 AM org.jboss.modcluster.ModClusterService connectionEstablished
INFO: MODCLUSTER000012: Catalina connector will use /192.168.180.150


This shows that mod_cluster has been successfully initialized and that it will use the connector for 192.168.204.204, the configured IP address for the main listener.
Also check Apache's error log. You should see confirmation about the properly working back-end server:

[Tue Mar 29 10:05:00 2013] [debug] proxy_util.c(2026): proxy: ajp: has acquired connection for (192.168.204.204)
[Tue Mar 29 10:05:00 2013] [debug] proxy_util.c(2082): proxy: connecting ajp://192.168.180.150:8009/ to  192.168.180.150:8009
[Tue Mar 29 10:05:00 2013] [debug] proxy_util.c(2209): proxy: connected / to  192.168.180.150:8009
[Tue Mar 29 10:05:00 2013] [debug] mod_proxy_cluster.c(1366): proxy_cluster_try_pingpong: connected to backend
[Tue Mar 29 10:05:00 2013] [debug] mod_proxy_cluster.c(1089): ajp_cping_cpong: Done
[Tue Mar 29 10:05:00 2013] [debug] proxy_util.c(2044): proxy: ajp: has released connection for (192.168.180.150)


This Apache error log shows that an AJP connection with 192.168.204.204 was successfully established and confirms the working state of the node, then shows that the load balancer closed the connection after the successful attempt.

You can start testing by opening in a browser the example servlet SessionExample, which is available in a default installation of Tomcat.
Access this servlet through a browser at the URL http://balancer_address/examples/servlets/servlet/SessionExample. In your browser you should see first a session ID that contains the name of the back-end node that is serving your request – for instance, Session ID: 5D90CB3C0AA05CB5FE13121E4B23E670.node2.

Next, through the servlet's web form, create different session attributes. If you have a properly working load balancer with sticky sessions you should always (that is, until your current browser session expires) access the same node, with the previously created session attributes still available.

To test further to confirm load balancing is in place, at the same time open the same servlet from another browser. You should be redirected to another back-end server where you can conduct a similar session test.
As you can see, mod_cluster is easy to use and configure. Give it a try to address sporadic single-back-end overloads that cause overall application slowdowns.

Fiddler – Windows web debugging proxy for any browser – Linux web debugging applications

Thursday, May 29th, 2014

fiddler-web-proxy-debugging-http-https-traffic-in-windows-browser
Earlier I've blogged about helpful web developer or a web hosting system administrator Web Browser plugins . Among the list of useful plugins for debugging sent / received web content on your desktop (HTTPWatchm, HTTPFox, Yslow etc.), I've found another one called Fiddler.

Telerik's Fiddler is a Browser plugin  and a Windows Desktop application to monitor HTTP and HTTPS outbound web traffic and report and provide you with various information useful for:

fiddler-web-debugger-for-browser-and-desktop-for-windows-keep-trac-and-optimize-web-traffic-to-web-servers

  • Performance Testing
  • HTTP / HTTPS
  • Traffic recording
  • Security Testing
  • Web Session Manipulation
  • Encode Decode web traffic
  • Convert strings from / to Base64, Hex, DeflatedSAML etc.
  • Log all URL requests originating from all opened browsers on your Desktop
  • Decrypt / encrypt HTTPS traffic using man in the middle techniques
  • Show tuning details for accessed web pages
     

Fiddler is available to install and use as a desktop application (requires .NET 2) or install as a browser plugin. Perhaps the coolest  Fiddler feature from my perspective is its decrypt / encrypt in Base64 and Hex available from TextWizard menu. The tool is relatively easy to use for those who have experience in web debugging, for novice here is a video explaining tool's basics.

Fiddler doesn't have a Linux build yet but it is possible to run it also on Linux using Mono Framework and a few hacks.

charles-proxy-web-debugging-tool-for-linux-fiddler-alternative
A good native Linux / UNIX alternatives to Fiddler are Nettool, Charles Proxy, Paros Proxy and Web Scarab.

Quitting my job as IT Manager and moving to Further Horizons in Hewlett Packard

Friday, September 13th, 2013

International University College Logo IUC

I haven't blogged for a while for a plenty of reasons, I'm going through a change period in my life and as any change it is not easy.
This post will be not informative and will not teach any of my dear readers, anything on Computers its pretty personal but still for my friends it might cause interest.
Here is my personal life story over the last few months …

For a while I worked in a International University College situated in my hometown Dobrich. I was hired on position of IT Manager, and actually was doing a bit of E-Marketing to try to boost traffic to College's website – www.vumk.eu and mostly helping the old school hacker ad college system administrator over the last 10 yrs – Ertan to fix a bunch of Linux Mail / SQL and Webservers and some Windows machines. In college I learned from Ertan how to install and backups of restaurants software called BARBEQUE as well as how to fix problems with billing terminals situated in College Restaurant (3rd floor of building). Other of my work time I had to  fix infested Windows computers with viruses re-install Windowses and fix various printing and network problems of College's teachers, accountants, cash desk, marketing and rest of college  employees.

Talking about Ertan I should express my sincere tremendous Thanks (Thanks Ertan) to it for recommending me for this job position. Right before I started work in the college I was jobless for a while starting to get desperate that its impossible find work. Current IUC sysadmin – Mr. Ertan Geldiev is a remarkable man and one of the people that made great impression in my mind. Something I found interesting I can learn from Ertan was to get from his cheerful "admin" attitude. As a true hacker Ertan had this hacker attitude of playfulness I myself has for a while lost over the years. So seeing someone like this near my life make me a good favor and had a positive influence on myself.

I have learned a lot from Ertan during the 3 months and 3 days in International University College. Just for a bit of historic information earlier IUC was known as International College – Albena, also among Dobrich citizens known as The Dutch College – as earlier IUC had good relations with Dutch Universities and was issuing double degrees both Bulgarian and Dutch. Nowadays I'm not sure if still Double-degrees partnership between IUC and Dutch Universities exist, what I know for sure is college is issuing European Double Degrees in partnership with Cardiff Metropolitan University. I myself have earlier studied in the college and already know the place well thus will use this post to say a few words on my impressions on it …

International University College - one of top prestigious colleges in Eastern Europe

The college is a great place to be as you have chance to meet plenty of people both lecturers (professors), participate in the various events organized by College's as well as get involved in the many European Projects which are being handled by a European Projects department special department situated on the back of the College Building. Other positive about College is it is small and located on a peaceful town of Dobrich. This gives the bright people a lot of space for personal development, anyways on the other hand it can make you also a bad as Dobrich as a small city is a bit boring. The studies in College are good for students who want personal freedom as there is not too strict requirements for professors on how to teach.

Though college had help me grow, especially in my knowledge in Windows 7 and 8 (Ertan had a really good Windows background), I couldn't have the chance to develop myself too further in the long term. So my job offer to work in HP as Web and Middleware Implementation Engineer opened much broader opportunities for my long term IT career. Other reason I quit the College IT job was simply because I needed more money I had the vision to make a family with a girl from Belarus – Svetlana and in order to take care for her I need to earn good money. My official salary in the college was the funny for the position – 640 lv (though after a few months I was promised to have a raise and earn 400 EUR :)) . Such low sallary was for the reason I had the idea to continue studying in College and complete my Bachelor Business degree and we had agreed with the College CEO Mr. Todor Radev to extract part of my salary monthly and with that to pay my 1 semester tuition fee (2200 EUR) – necessary for my graduation assignment. Though completing the Bachelor is important phase to close in my life for a long time, I found for the moment more valuable to work for HP and earn normal living salary with which to possibly finance myself and create family with woman of my life (hopefully) in the short term.

In this post I want express my sincere thanks to all people in International College (Elena Urchenko, Krasimir – for helping me in my job duties), Pavel and Silvia for being a colleague for a while I worked partly in the Marketing Department.

Talking about Marketing Department what I did there is some Twitter Marketing (building some twitter followers) and wrote a tiny document with recommendation on how to optimize College website – vumk.eu (future version) – for better SEO ranking. This included complete analysis from user outlook to Indexing bots and site current code. 

Mr Docent Phd Todor Radev

I have to do a big underline on how great person the College President and UNI Rector – Docent Todor Radev is. I have already bitter experience studying for a while in a government universities when younger and I know from experience usually Rectors and Universities management of state universities is pure "Hell". Thanks to Mr. Todor Radev for he did me a big favor letting me quit  job just a week later (instead of 1 month as it is officially set by Bulgarian Dismissal Law and explicitly stated in my Work Contract. Also as a person my experience from Docent Radev is wonderful too. He is extremely intelligent, brilliant gentleman and  most importantly open minded and always open for innovation.
 

As a close up I would like to say Big Thanks to everyone which I worked with or met in International University College! Thanks guys for all your support and help, thanks for being work mates and friends for the time.

Fixing (NULL unable to write in comments box) error. / Solving unable to write more than 2 nested (threaded) comments in WordPress blog

Thursday, December 20th, 2012

 

Earlier I've blogged how to fix NULL error appearing in comments box, when someone tries to comment in WordPress (Comments) section. As you can read from my previous post the whole issue, was caused by wordpress-threaded-comments plugin which as of time of writing this post is incompatible with modern WordPress versions.

Recently one of my blog readers Jem, reported the same NULL comments issue happens again in my WordPress (thanks for that Jem).

 Over the last 2-3 months I didn't added or removed plugins from my wp blog, so I excluded the possibility that the error, might be due to Enabling new plugins.
Since I only blogged in those 2-3 months it was completely, incomprehensible for me why this NULL comments err happens again?

I've remembered, that few months ago along with the last changes I made to my blog, was enabling FCKEditor, for comments to aid Comments with possibility to change easily, font size, add color or make bold and italic their comments, ie. – for those who didn't tried yet FCKEditor yet I warmly recommend you this plugin, below is a screenshot of FCKEditor from 1 of my comments:

fckeditor comments bold italic set style and font wordpress comments

As I supposed, the problem might be caused by FCKEditor (advanced comment editor) wp plugin. I tried disabling the plugin, to see if this will solve the issue. Contrary to my expectations, the same NULL error kept hanging in the comment. However as the html form for default WordPress Comments is simplistic instead of displaying the NULL in comments box, Comments form was blank, with no ability for the user to type in anything. Here is the screenshot of it:

wordpress nested threaded comments showing blank message box null wp error
 

 

I pushed forward, to look for what is causing, the strange occurance since it is not directly caused by some conflict with my installed FCKEditor (latest stable version). Checked if I can find something on the internet, but for my amazement the first result I found in Google was actually, my own previous article on Fixing NULL Comments box error 🙂 The rest of the threads, I've saw were not so helpful. So finally I've got the idea to check in the Source Code (CTRL + U) of the returned page with the empty form box. Guess what I found there, a reference to TinyMCE Advanced WordPress editor. I've remembered some, very long time ago. When I started experimenting with WordPress plugins and still was new to wordpress, I've used TinyMCE instead of FCKEDitor which later started using as a substitute for TinyMCE, cause finding it to be more advanced and hence more useful.
Back in the time when I was still using TinyMCE, I found a little TinyMCE addon plugin  called TinyMCEComments, the function of TinyMCEComments, was to add the TinyMCEComments originally available inside snf only to wordpress logged in Administrator user to the non-registered subscribed users (e.g. beautify user comments box with allowing them to easily make comments text bold and Italic etc.).
It seems, even though I switched on to FCKEditor at some point in time and hence switched off TinyMCE plugin from Administrator's

Dashboard -> Plugins -> TinyMCE Editor

Forgot to disable the little extension plugin TinyMCEComments addon to TinyMCE editor!!

Therefore, the NULL box problem occurs cause of conflict between TimeMCEComments Javascript with WordPress default comment engine.


 

Henceforth, the NULL fix is to Deactivate MCEComments.

mcecomments disabled activate screenshot

Capturing Video from WebCamera in Console and Terminal on Linux with good old ffmpeg

Tuesday, December 18th, 2012

 

Capturing video from webcamera in Skype and Desktop on Debian Ubuntu Fedora Linux Desktop - tux director webcamera recording from skype and desktop ffmpeg

Two articles, before I've blogged on how one can take pictures from console / terminal with ffmpeg. It was interesting fact, I've stumbled on ffmpeg is able of capturing video executed from terminal or plain console TTY.

 

The command to do so is:

# ffmpeg -f video4linux2 -r 25 -s 640x480 -i /dev/video0 webcam-movie.avi
FFmpeg version SVN-r25838, Copyright (c) 2000-2010 the FFmpeg developers
  built on Sep 20 2011 17:00:01 with gcc 4.4.5
  configuration: --enable-libdc1394 --prefix=/usr --extra-cflags='-Wall -g ' --cc='ccache cc' --enable-shared --enable-libmp3lame --enable-gpl --enable-libvorbis --enable-pthreads --enable-libfaac --enable-libxvid --enable-postproc --enable-x11grab --enable-libgsm --enable-libtheora --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libx264 --enable-libspeex --enable-nonfree --disable-stripping --enable-avfilter --enable-libdirac --disable-decoder=libdirac --enable-libschroedinger --disable-encoder=libschroedinger --enable-version3 --enable-libopenjpeg --enable-libvpx --enable-librtmp --extra-libs=-lgcrypt --disable-altivec --disable-armv5te --disable-armv6 --disable-vis
  libavutil     50.33. 0 / 50.43. 0
  libavcore      0.14. 0 /  0.14. 0
  libavcodec    52.97. 2 / 52.97. 2
  libavformat   52.87. 1 / 52.87. 1
  libavdevice   52. 2. 2 / 52. 2. 2
  libavfilter    1.65. 0 /  1.65. 0
  libswscale     0.12. 0 /  0.14. 1
  libpostproc   51. 2. 0 / 51. 2. 0


Like you can see in accordance with WebCamera maximum supported resolution, one can change 640×480 to higher in case if attached expensive HD webcam.

Note that the webcamera should not be in use when issuing the command, otherwise because /dev is used you will get:

[video4linux2 @ 0x633160] Cannot find a proper format for codec_id 0, pix_fmt -1. /dev/video0: Input/output error

It is another interesting, topic I thought if if i t is possible to somehow caputre the Video streamed currently, whether for example in Skype there is a Skype conference established, but unfortunately it is not possible to do it with ffmpeg, cause /dev/video0 is in use while Skype Video stream flows.

There is another way to record Skype and other Programs recording from the WebCam (i.e. Cheese) by using  a small command line tool recordmydesktop.

To use recordmydesktop to save (record) Skype Video Conference just run it in advance and afterwardsmake your Skype call. To capture input from the WebCam while it is in use there are two other GUI instruments capturing the Active Desktop – e.g. Istanbul and vnc2swf.  If you never used any of those and you want to read short review on them check out my older article – Best Software Available Today for GNU / Linux Desktop capturing on Debian

The The little problem with recording the desktop is that if you want to record the Skype conference and straight use the software you will catch also the rest of the Desktop, however it is possible to set recordmydesktop to record content from a Windows with specific ID, so recording only skype Video  should be possible too.

I was intrigued by the question if after all Video Capturing is possible while Video is Streamed from WebCam with ffmpeg, so did a quick research for the command line freaks, here is how:
 

ffmpeg -f x11grab -s `xdpyinfo | grep -i dimensions: | sed 's/[^0-9]*pixels.*(.*).*//' | sed 's/[^0-9x]*//'` -r 25 -i :0.0 -sameq recorder-video-from-cam.avi

The only problem with this command line is the video captured from webcamera will be without sound. To take the Video and Sound input with ffmpeg use:

ffmpeg -f alsa -ac 2 -i pulse -f x11grab -r 30 -s 1024x768 -i :0.0 -acodec pcm_s16le -vcodec libx264 -vpre lossless_ultrafast -threads 0 mydesktop.mov

 

On Debian and Ubuntu Linux, there is also GUI recordmydesktop the package name to install is gtk-recordmydesktop. GTK-RecordMyDesktop, works pretty well, so probably for people looking for convenience and ex-Windows GUI oriented Linux
users it is best choice
.

To use it on Debian:

# apt-get --yes install gtk-recordmydesktop

and launch it with cmd:

# gtk-recordmydesktop

recording  Skype and Desktop Webcam Video on Windows program allowing capture / record content from webcam from certain Window

As you can see in above, screenshot GTK-Screenshot can select a Certain Window on Desktop to record, so with it it is a piece of cake to:

1. start the Skype Video  conference
2. Launch gtk-recordmydesktop
3. Press Select Window and Select Skype Video Stream

I'm curious if the pointed Skype + gtk-recordmydesktop, method to capture Skype Active videos will be working on FreeBSD. Unfortunately I don't have FreeBSD Desktop with attached WebCam to give it a, try I will be very thankful, if someone using FreeBSD / NetBSD happen to read this article and take few minutes to test if it works and drop a comment below.

That's all, Enjoy, your captured video with sound 😉

How to fix Thinkpad R61i trackpoint (mouse pointer) hang ups in GNU / Linux

Wednesday, February 1st, 2012

Earlier I've blogged on How to Work Around periodically occuring TrackPoint Thinkpad R61 issues on GNU / Linux . Actually I thought the fix I suggested there is working but I was wrong as the problems with the trackpoint reappeared at twice or thrice a day.

My suggested fix was the use of one script that does periodically change the trackpoint speed and sensitivity to certain numbers.

The fix script to the trackpoint hanging issue is here

Originally I wrote the script has to be set to execute through crontab on a periods like:

0,30 * * * * /usr/sbin/restart_trackpoint.sh >/dev/null 2>&1

Actually the correct values for the crontab if you use my restart_trackpoint.sh script are:

0,5,10,15,20,25,30,35,40,45,50,55,58 * * * * /usr/sbin/restart_trackpoint.sh >/dev/null 2>&3

ig it has to be set the script is issued every 5 minutes to minimize the possibility for the Thinkpad trackpoint hang up issue.

One other thing that helps if trackpoint stucks is setting in /etc/rc.local is psmouse module to load with resetafter= parameter:

echo '/sbin/rmmod psmouse; /sbin/modprobe psmouse resetafter=30' >> /etc/rc.local

 

Solve ALSA audio and mic issues on Lenovo Thinkpads on Debian and Ubuntu Linux

Wednesday, January 11th, 2012

Since I've blogged about my recent skype issues. I've played a lot with pulseaudio, alsa, alsa-oss to experimented a lot until I figured out why Skype was failing to properly delivery sound and record via my embedded laptop mic.

Anyways, while researching on the cause of my Thinkpad r61 mic issues, I've red a bunch of blog posts by people experiencing microphone oddities with Lenovo Thinkpads

Throughout the search I come across one very good article, which explained that in many cases the Thinkpad sound problems are caused by the snd-hda-intel alsa kernel module. snd-hda-intel fails to automatically set proper sb model type argument during Linux install when the soundcard is initialized with some argument like options snd-hda-intel model=auto

Hence, the suggested fix which should resolve this on many Thinkpad notebooks is up to passing the right module argument:

To fix its neceessery to edit /etc/modprobe.d/alsa-base.conf .

debian:~# vim /etc/modprobe.d/alsa-base.conf

Find the line in the file starting with:
options snd-hda-intel model=

and substitute with:

options snd-hda-intel model=thinkpad

Finally a restart of Advaned Linux Sound Architecture (alsa) is required:

debian:~# /etc/init.d/alsa restart
...

At most cases just restarting the alsa via its init script is not enough, since the ssnd-hda-intel kernel module is already in use by some program or something, so its best to do a reboot to make sure the module is loaded with the new model=thinkpad argument.

My exact laptop sound card model is:

debian:~# lspci |grep -i audio
00:1b.0 Audio device: Intel Corporation 82801H (ICH8 Family) HD Audio Controller (rev 03)

After changing the module and using alsamixer and aumix to make sure mic is unmuted and its volume is high enough, mic sound rec works fine.

How to prevent SSH and FTP bruteforce attacks with iptables on Linux

Friday, December 30th, 2011

Earlier I've blogged about how to prevent brute force attacks with fail2ban, denohosts and blockhosts , however there is easier way to secure against basic brute force attacks by not installing or configuring any external programs.
The way I'm talking about uses simple iptables rules to filter out brute force attacks.

Here is a small script to stop ssh and FTP invaders which try to initiate more than 3 consequential connections in 5 minutes time to port 22 or port 23:

SERVER_MAIN_IP='AAA.BBB.CCC.DDD';/sbin/iptables -N SSH_WHITELIST
/sbin/iptables -A INPUT -p tcp --dport 22 --syn -m recent --name sshbr --set
/sbin/iptables -A INPUT -p tcp --dport 22 --syn -j SSH_WHITELIST
/sbin/iptables -A INPUT -p tcp --dport 22 --syn -m recent --name sshbr \
--update --rttl --hitcount 3 --seconds 300 -j REJECT --reject-with tcp-reset
/sbin/iptables -A SSH_WHITELIST -s $SERVER_MAIN_IP -p tcp --dport 22 --syn -m recent --rttl --remove

The only thinIf the rules are matched iptables filter rules will be added to the iptables CHAIN SSH_WHITELIST
In case if you want to add some more truested IPs add some more iptables rules, like:

ALLOW_IP='BBB.CCC.DDD.EEE';
/sbin/iptables -A SSH_WHITELIST -s $ALLOW_IP -p tcp --dport 22 --syn -m recent --rttl --remove

Each filtered IP that matches the rules will be filtered for 5 minutes, if 5 minutes is enough, the 300 value has to be increased.
 

Poderosa a tabbed Terminal Emulator (PuTTY Windows Alternative)

Tuesday, December 6th, 2011

Even though, I rarely use Windows to connect to remote servers using SSH or Telnet protocols in some cases I’m forced to do that (in cases I’m away from my Linux notebook). I’m doing my best to keep away from logging anywhere via SSH using Windows as when using Windows you never know what kind of spyware, malware or Viruses is already on the system, not to mention Microsoft are sniffing a lot if not everything which is typed on the keyboard… Anyways, usually I use Putty as a quick way to access a remote SSH, however pitily PuTTY lacks an embedded functionality for Tabs and each new connection to a server I had to run a new instance of PuTTY. This is okay if you need to access a single server but in some cases where access to multple servers is necessery lacking the tab functionality and starting 10 times putty is really irritating and one forgets what kind of connection is present on which PuTTY instance.

Earlier on, I’ve blogged about the existence of PuTTY Connection Manager PuTTY add-on program which is a PuTTY wrapper which enables PuTTY to be used with Connection Tabs feature, however installing two programs is quite inconvenient, especially if you have to do this every few days (in case if travelling a lot).

Luckily there is another terminal emulator free program for Windows called PodeRoSA which natively supports a tabbed Secure Shell connections.
If you want to get some experience with it check out Poderosa’s website , here is also a screenshot of the program running few ssh encrypted connections in tabs on a Windows host.

Poderosa Windows ssh / telnet tabs terminal emulator screenshot
Another good reason that one might consider using Poderosa instead of PuTTY is the Apache License under which Poderosa is developed. Currently the Apache License is compatible with GPL free software license which makes the program fully free software. The PuTTY license is under BSD and MIT and some other weird custom license not 100% compatible with GPL and hence PuTTY can be considered less free software in terms of freedom.

I blog again :)

Tuesday, April 28th, 2009

I haven’t blogged for quite some time. First I glorify the Almighty God our Blessed Holy Trinity for his abundant mercy towards me!! Glory be to the Father, The Son and The Holy Spirit! Now and forever and ever! Amen. I start with this loud words and I have so many things to say. But yes yesterday a joyful news came to me it seems my Exemption letter for Internship has been Approved! I prayed to God that he make them approve this exemption letter because I want to graduate asap and go back to Bulgaria. Here in the Netherlands I feel really terrible, the spiritual state of the country is simply softly said terrible, even though they seem to be an advanced country from the tangible aspect of the things from the intangible/spiritually poor. Not to say that I feel like the devil is controlling most of their lives already. The complete mix of negroes, chinese, indonesians and all other type of races makes the country mixed. Here in the air it feels like a spirits of gluttony are crawling around all the time, also quite often I feel like madness crossing around the air. Sometimes I have that strange thoughts in my mind that something is really wrong with that country. Maybe I had a nice point about that.This SHR project is getting schizophrenic, anyways glory be to God for his abundant mercy towards me and sustaining me always. Yesterday was a terrible day I felt so confused such a profound spiritual sorrow was rulling me that I can hardly bear it, I had a couple of terrible days this days. Since some time I am suspecting there is something wrong here, everytime I have classes with most of the teachers here I feel terrible afterwards and I usually need a couple of days to recover to some sane state. In their presence I experience profound spiritual sorrow and suffering, I’ve been in a similar spiritual states before and I know that this simply can be described in the biblical word hell. Since some time I suspect something is wrong with this guys (I mean the tachers), a couple of days Mr. Joop Vinke the guy who seems to be like a dean to us mentioned during some of the theater sports answered my question where have been yesterday “to the rotary club” and then he added like every other day before, it was not clear is he mean it or not. My suspects became even stronger, because I know that one of my employers used to be attending rotary club as well I know some really terrible things happened in his life and I think he quit that club, anyways. Last week on Friday I met one of my other teachers (Mr. Da Ponte) and I spoke with him, the conversation flowed as he mentioned something about the Lord making the sun circle around the earth, I was interested by his statement so asked him if he believes in God and if he is a roman catholic. He said he is not roman catholic and then what followed was a sort of preach about what he believes and his God as I continusly asked him questions. From his description I left with the impression that he is probably believing in the same God of the masonry (I’ve red about that just a couple of days before). So many things matched, the teacher even mentioned that a lot of teachers in that school are also believing in God and I was left with the impression that he meant the same God as he believes, so I make the connection that they are probably rotarians, masons or taking participation in some sort of organization like that which has to deal pretty much with the occult. A couple of days before I spoke with a brother in Christ (Stelian) and I explained him what is happening and about this BHC (business ethics classes), I explained him how much they want you to accept what they say and if you don’t you are not worthy, I also explained to Stelio the whole story and how this guys are able to make you feel really bad. Since this guys tried to teach us their methods and I tried a couple of times their methods and saw the effect how by doing “something” “unconsciously” you can alter the other into a state of broken spiritness and terrible suffering while at the same time you feel overflowed with joy, a sort of stealing his living power or Angels so to say. I don’t want to enter into details about that since its to me surely related with demonic manifestation. I’ve also remembered that one of the guest lecturers that Mr. Vinke has brought here mentioned that he is rotarian, the coincidences started becoming too much seriously. I also spoke with a student who has graduated and I asked him if he feels that bad thing inside of him, I was stunned when he confirmed. Also in that SHR project it really is schizophrenic I feel that spiritually something really wrong is happening there I started thinking and I could recognize many of the things done in classes of Mr. Vinke has to deal with the paranormal even though not openly showed, even his theater sports has a lot of unconscious spiritism involved, not to mention his Werewolf games including vampires, whitches etc. a lot of the theater sport games include games which include things with dying, you play dead etc., etc. I also have noticed that teachers often are pointing me and saying that I’m not changing, many of the students here are changing seriously for bad. I know by my saviour Jesus Christ who said “by their fruits you will know them”, seeing their fruit suffering, confusion, hate, lies etc. I started being more and more convinced that this guys are dealing with the devil. So if my theory is right and I think it probably is, most of the teachers are members of the rotary club. Maybe they even see it as harmless way to improve their business contacts but I know this is not the case, and this guys are giving oaths, having their strange believes spiritual leaders and do worship the devil even though not openly. I shared all that with a couple of my colleagues and many of them probably just thought that I’m out of my mind. But the holy spirit in me testified all that the things I am thinking are true. I’ve shared what is happening with a brother in Christ (a priest) in the orthodox Church Bulgaria and he said he is gonna mention my name on the altar before God on the Divine Liturgies. I guess this matters because today even though I am not completely okay I feel much relieved and better and I feel God! Glory be to the Immortal and Holy of Israel now and unto ages of ages. I try to learn the gospel a bit early in the morning and a bit late at night before I go to bed I also try to pray a bit each morning and evening and trust the Lord to keep me and protect me from the schemes of the evil one! Yesterday I was at Ina’s place and tried to explain her that this project we do now has something to deal with evil spiritism. I even have suspected that this guys from the rotary club ask their members to share information about certain people that the rotary members work with and then try to bring some curses and spells if they see somebody as a problem to their practices. I suspect that this guys somehow use their members as a channels to spread their evil spirituality. I’ve also taken the advice of Stelio to start caring an Icon in me whenever I go to school. Quite often here and especially in the dormitory I feel something is happening inside of me, my heart starts beating unsteady I also feel spirits flying around and trying sort of trying to conquer me this more or less has to deal with their broken spirituality here. Often I feel completely exhausted like somebody stealing my living power and willingness. Also I have noticed that here in their discoteques, they don’t allow you to enter with a hat? My assumption is that there are somethings placed in the discoteques which has to deal with inducing thoughts in you. On saturday I and Sali entered into a discoteque, I was not so willing so I’ve removed my hat I’ve borrowed temporary from Sali. After being in the discoteque on the day after and on Monday I had terrible headache and felt weak and pretty much like almost dying, Also I felt something on my forehead happening, just like I felt on a numerous times the Holy Spirit annointance and the Lord’s spiritual sign on my forehead, I’ve red in revelation that the Antichrist is going to put something on ppl’s forehead and and their right hands I’m more and more starting to think that this in some phase is already working, I’ve felt aches on my right hand on a numerous occasions, here often Its like I fight for my spiritual survivance. People around I see as they’re dead and just living to consume “limed tombs” as they are called in the gospel. I know that all I’ve written here might seem like too much of a conspiracy, however I’m pretty much sure that many of the things I suppose are true to a certain high degree or even completely.END—–