Archive for the ‘Curious Facts’ Category

7th of July The Feast of Saint Nedelya Kyriakia one of the most honored woman saints in Bulgarian Orthodox Church and few words of the history of Sofia Second biggest Cathedral Church St. Nedelya

Thursday, July 8th, 2021

Saint_nedelja_(kyriaki)_bulgarian_icon_19th-century

Saint Nedelya is a major Cathedral in Sofia Bulgaria dedicated to an early Christian saint Kyriaki (martyred year 289 AD). It is is a second biggest Cathedral Church in Bulgaria and a place where they serve the Holy Liturgy daily. The Patriarch and most notable spiritual leaders of the Bulgarian orthodox church do hold services there regularly.

Coffin_with_holy-relics_of-saint-Stefan_Uros_II_Milutin

Coffin with Holy Relics of Saint Stephan Urosh II Milutin in the St Nedelya Sofia Church right corner near alter wall

Saint Nedelya Church  is a beautiful peace of Christian art the Church is also known in XX-th century as Holy King (because the incorruptable Holy Relics of Sebian King Saint Stephan Urosh II ( Milutin ) are found in the Church).

Sveta_Nedelia_ikona-arapovski-manastir.
Saint Nedelya Icon Arapovski Monastery Bulgaria

The fact that Saint Nedelya is the second Church by spiritual importance for Bulgaria is not a coincidence and this is related to the high veneration of saint martyr Nedelya (Kyriakia) Bulgarians had for the saint through the years especially in the Second Bulgarian kingdom during the reigh of King Asen's Dynasty (12-th 13-th century). The incorruptable Holy relics of the saint Kyriakia has been transferred to Trnovo (Tarnovo) the capital of Bulgaria at that time by saint Patriarch Euthymius (Evtimij) of Tarnovo (who was the last patriarch head of Bulgarian Orthodox Church during the Second Bulgarian Kingdom, right  before the fall of Bulgaria under the Turkish slavery (Yoke).
 

Saint Martyr Nedelya ( Kyriakia) died in July 7th 289 A.D.

Saint_Nedela_Kyriaki_Icon_by_Dicho_Zograf_in_Saint_Kyriaki_Church_in_Debrene_1844

Saint Nedelya Debrene Church iconographer Dicho Zograph from year 1844

Inspired by the great deed and the great grace received by receiving the incorruptable relics of the saint, saint Euthymius wrote a glorofication called "Praise to the Holy Great Martyr (Nedelya)". The Nedelya word meaning in Bulgarian Language is Sunday and is a literal translation from Greek's Kyriaky.

St_Kyriaki_Church_-Constantinople-crop

Saint Kyriaky dedicated Church, Istanbul Turkey

The veneration for saint Kyriaky has been quite common in medieval times one of the major Churches in Constantinople (today Istanbul) is dedicated also to saint Kyriaki.

According to Church tradition described by patriarch Evtimij, we know saint Nedelya has been born in Asia Minor and has been a child who has been long awaited kid that was gifted by God. Saint Kyriaki's was born in responce to her parents Dorotheus and Eusebia many fervent beseach prayers begging for a kid that will help Christ's salvation plan for the mankind.

 She was brought up in the truths of Christ from an early age.

At a very young age, she decided to dedicate her life to God. She happened to live at the time before Saint Constantine The Great when still the ligth of Christianity did not yet overcome the false believes of paganism in the time of the peresuction by emperor Diocletian. This was the time of persecution against Christian confessors and brutal violence against Christians – they were persecuted, imprisoned, exiled or forced to renounce their faith. Nedelya was thrown into prison and tortured, and her parents were exiled to the town of Miletin. The miraculous healing of her wounds, as well as her refusal to worship pagan idols, led the authorities to sentence her to death as they believed she is doing her wonderful healing by some strange whichcraft.

Kyriaki was tortured again by Apollonius, the successor of Hilarion. She was thrown into a fire, but the flames were extinguished, and then to wild beasts, but they became tame and gentle. Apollonius then sentenced her to death by the sword. As she was given a little time to pray, she asked God to receive her soul and to remember those who honoured her martyrdom. Upon completing her prayer, she rendered her soul to God before the sword was lowered on her head. Pious Christians took her relics and buried them. At the time of her death, she was 21 years old.[

At her place of death, after prayer, Sunday surrendered her spirit to God before the sentence is carried out exactly on her feast date (July 7, 289). For early Christians the day of death or martyrdom was considered the date of the real birthday for eternal life in heve. Nedelya died at the age of 22, as saint Patriarch Euthymius of Trnovo writes, "Dying in a short time, she fulfilled long years, because her Lord's soul was satisfied, purity – great enough, feats enough …"

The Second Biggest Bulgarian Cathedral is dedicated to saint Nedelya

Sveta-Nedelia-Monolithic-second-biggest-Cathedral-in-Bulgaria

Saint Nedelya Church, Sofia – Capital of Bulgaria

As many of the Churches in Bulgaria the history of Saint Nedelya's Church in Capital of Bulgaria, Sofia  goes back to distant X-th century and as many of the Churches of the time was most lilely laying on a stones and built of wood as Churches used to be built of that time. Today's architecture of the Church is of the XIX century.

St_Nedela_Cathedral_Old_Church_in_Sofia_Bulgaria_September_2005-pic

The church became famous during the assassination attempt by Bulgarian Communist Party (BCP / BKP) on April 16, 1925 during the funeral of General Konstantin Georgiev, when it was destroyed. Then on this sad date for the Bulgarian history, 193 people mainly from the country's political and military elite were killed and about 500  bystander believers, who attended the liturgy were injured. The assault was perhaps the worst terrorist act in the history of Bulgaria, and at that time in the world. The aim of the temple blowing assault was to kill King Boris III, who was not in the Church at the time because he was slightly late for the service by the providence.

After this bloody terrorist act of the Bulgarian Communist Party, the church board of trustees assigned the architectural bureau "Vasilyov – Tsolov" (architect Ivan Vasilyov and architect Dimitar Tsolov) the restoration of the church. Renovation began in June 1927. By the spring of 1933, an almost new, huge central-domed temple was built with a length of 30 meters, a width of 15.50 meters and a height of the dome of 31 meters. The surviving two-row gilded iconostasis has been returned to the temple.

The church was solemnly consecrated again on April 7, 1933. The fresco decoration was made from 1971 to 1973 by an artistic team led by Nikolai Rostovtsev. Around 2015, the Church iconography has been fully restored and is amazingly beautiful worthy to see, if you happen to visit Bulgaria.

The names of the Twelve apostles of Christ – Feast of the Twelve Glorious and Primal Apostles in Eastern Orthodox Church (30th of June)

Wednesday, June 30th, 2021

Roman_Domitilla-Katakomben_Fresko__Christus_und_die_12_Apostel__und_Christussymbol__Chi_Rho__1
Jesus and his Twelve Apostles, fresco with the Chi-Rho symbol ☧, Catacombs of Domitilla, Rome

One day after the June 29 the Feast of The Glorious and First among Apostles Peter and Paul  on 30th of June according to so called new calendar in the Eastern Orthodox Church comes, the remembrace of Feast of the gathering of 12 Glorious apostles (Σύναξη των Αγίων Δώδεκα Αποστόλων).

Simon_ushakov_last_supper_1685

The Secret Supper (Christ and the 12 Apostles iconographer Simon Ushakov y. 1685 (Jude the Iscariot the traitor without a halo)

"The names of the 12 Holy Apostles are: Simon (called Peter), Andrew his brother, Jacob the Zabedee and John his brother, Philip and Bartholomew, Thomas and Mathew (tax collectors), James, son of Alphaeus and Levi called (Thadeus), Simon The Canonite and Jude the Iscariot who has betrayed Christ"

(Gospel of Mathew 10:2-4)

 

13 When morning came, he called his disciples to him and chose twelve of them, whom he also designated apostles: 14 Simon (whom he named Peter), his brother Andrew, James, John, Philip, Bartholomew, 15 Matthew, Thomas, James son of Alphaeus, Simon who was called the Zealot, 16 Judas son of James, and Judas Iscariot, who became a traitor.

(Luke 6:13-16)

15 And in those days Peter stood up in the midst of the disciples, and said, (the number of names together were about an hundred and twenty,)

16 Men and brethren, this scripture must needs have been fulfilled, which the Holy Ghost by the mouth of David spake before concerning Judas, which was guide to them that took Jesus.

17 For he was numbered with us, and had obtained part of this ministry.

18 Now this man purchased a field with the reward of iniquity; and falling headlong, he burst asunder in the midst, and all his bowels gushed out.

19 And it was known unto all the dwellers at Jerusalem; insomuch as that field is called in their proper tongue, Aceldama, that is to say, The field of blood.

20 For it is written in the book of Psalms, Let his habitation be desolate, and let no man dwell therein: and his bishoprick let another take.

21 Wherefore of these men which have companied with us all the time that the Lord Jesus went in and out among us, (Acts 1:15-26)

Synaxis_of_the_Twelve_Apostles_by_Constantinople_master_early_14th_circa_Pushkin_museum

The Synaxis of the Twelve Apostles. Russian, 14th century, Moscow Museum.

"Jesus had other desciples as well that were seventeen and other circles of desciples around each of the pupils, however they have alwasys been considered less venerable as they did not been so close to Christ and did not understand so well the mysterios of Christ's teaching and did not persevere as mcuh as the twelve and the seventeen of desciples. Those had been been distinguished among the King, those who have been the closest people to the Teacher" (Saint John Chrysostomos)

In Constantinople Saint King Constantine ( y. 274 – 337 ), has built a famous Church dedicated to the 12 Apostles. In historian documents there is data for a first time the feast is celebrated in the V-th century.

While the memory of each apostle has a separate day in the Church calendar yearly circle, they 12 apostles are sharing the same honor, because the Holy Scriptures and the Tradition glorifious their high efforts for building the Church on top of the corner stone that is Jesus Christ himsef and for their perseverance to accept martyrdom for Christ, thus to accent this they're is this special feast the Gathering of the 12 Glorious Apostles on 30th of June. As the Holy Scriptures says they're a friends of God (John 15:14), and when the Son of Man (Jesus) sits on the glory of his power, they all are to sit on 12 thrones, to judge the 12 Hebrew tribes (Mathew 19:28). 

In first centuries the Church has been feasting all the apostles together, Later she has included saint Apostle Paul, again the full list of names of the apostles are as follows:

1. Saint Apostle Peter the First Called (commemorated 29 June and 16 of January)

2. Saint apostle Andrew the First Called – as has been called by Christ together with Peter (30 November)

3.  Saint Jacob the Zebedee (30 April)

4. Saint Apostle John the Zebedee – the evangelist (26 September and 8 May)

5. Saint Apostle Philip (14 November)

6. Saint apostle Bartholomew or Nathanael (11 June and 25 August)

7. Saint apostle Thomas (6 October)

8. Saint apostle Mathew – evangelist (16 November)

9. Saint Apostle Jacob – son of Alpheus 9 October)

10. Saint Apostle Jude – fleshly brother of Christ (son of Joseph), called also Thadeus and Levi (19 June)

11. Saint Apostle Mathew (Mathias) (9 August)

12. Saint Apostle Paul  (Paul of Tarsus) (29 June)

The Church books define the feast day as the "Gathering of the Twelve", because this number of 12 apostles is initial and depics Christ essence of Completeness (as he is All in everything) Mathew (10:1-5)

 

ASCII Art studio – A powerful ASCII art editor for Windows / Playscii a cool looking text editor for Linux

Monday, June 28th, 2021

This post is just informative for Text Geeks who are in love with ASCII Art, it is a bit of rant as I will say nothing new, but I thought it might be of interest to some console maniac out there 🙂

ascii art studio aas program windows xp professional drawing program screenshot

While checking stuff on Internet I've stumbled on interesting ASCII arts freak software – >ASCII Art Studio. ASCII Art Studio is unfortunately needs licensing is not Free Software. But anyways, for anyone willing to draw pro ASCII art pictures it is a must see. Check it out;

Isn't it like a Plain Text pro Photoshop ? 🙂 Its a pity we don't have a Linux / BSD Release of this wonderful piece of software. I've tried with WINE (Windows Emulator) on Linux to make the Ascii Art Studio work but that was a fail. It seems only way to make it work is have Windows as a worst case install a Virtual Machine with VirtualBox / Vmware and run it inside if you don't have a Windows PC at hand.

Of course there are stuff on Linux to ascii art edit you can use if you want to have a native software to edit ASCIIs such as Playscii. Unfortunately Playscii is not an easy one to install and the software doesn't have a prepared rpm or deb binary you can easily roll on the OS and you have to manually build all required python modules and have a working version of python3 to be able to make it work.

I did not have much time to test to install it and since I faced issues with plascii install I just abandoned it. If some geek has some more time anyways I guess it is worse to give it a try below is 2 screenshots from PLAYSCII official download page. 

playscii_shot1-official.

As you see authors of the open source playscii whose source is available via github choose to have an amazing looking ascii art text menus, though for daily ASCII art editing it is perhaps much more complicated to use than the simlistic ASCII Art Studio

playscii_shot2-official

There is other stuff for Linux to do ASCII Art files text edit like:
JaVE (this one I don't personally like because it is Java Based),  Ascii Art Maker or Pablow Draw Linux (unfortunately this 2 ones are proprietary).

Pentecost the Birthday of the Church and the receival of the Gifts of Holy Spirit of Faith, Hope, Love for the Mankind

Saturday, June 19th, 2021

For one more year it is Pentecost 50 days after the celebrated Easter (Resurrection of Christ), we celebrate the feast that marked the birth of the Church as a Body of Christ that is binding all its members us the ordinary people who are baptized in the Name of The Father, The Son and The Holy Spirit.

Pentecost is a day of mystery that turned human history, as the same Spirit who was in Christ and has been in the Father in the Holy Trinity has descended from Heaven sent as a helper to each and every believer in Christ to strenghten and guide him in his narrow path to the Kingdom of Heaven and the Eternal salvation promised by the Savior Christ.

There is many books written about Pentecost but no book or intellectual thought is capable to transpond one's experience of receiving the Holy Spirit in the Soul and Heat of man. This glorious event is experienced by every Christian during baptism and the following Mystery of Chrismation when the Priest baptizes a new member in the name of God and is experienced, by us in the mystery of repentence when crying for our bad deeds and transgressions of the law of God, we cry in sorrow to God asking for forgiveness and renewal. The descent of the Holy Spirit over us is supernatural event that put the beginning of the contemporary understanding in our contemporary civillization of supernaturality and the realm of spirits as we understand them today where the Spirit of God is over all things.

On Pentecost it is the Holy Spirit who descended towards the Holy Apostles giving them the Super natural powers to Heal The Sick, Prophecise, speak in all human tongues, chase away evil spirits and do multitude of unseen wonderworks in human history that are continuing even to this day in the Church. The Holy Spirit has gifted all Church members with the gifts of the Spirit of Faith, Hope and Love, Endurance, Manhood, and all the virtues of man that were in Christ not because of a human effort but for the Love of God for man.
The abiding of the Holy Spirit in man is a never ending Heaven and a bliss granted for man for free. Saint Seraphim of Sarov has well described in his Conversation with Motovilov what is the experience to have the God the Holy Spirit in One's self.

The_Descent-of-the_Holy_Spirit-Soshestvie-Svetago-Duha

A bit more on the facts around the Descent of the Holy Spirit to the Apostles is in my prior article here , though this is just a very basic attempt to transfer the meaning of the feast as definitely all the books on the earth and all the human knowledge put together is like a drop in the universe compared to Holy Spirit itself.

The Spirit of Truth which the world could not comprehend was sent by Jesus Christ first to the apostles and the desciples and then to each and every Christian member of the One Holy Eastern Orthodox Church throughout human history until the end of ages.

Pentecost_Rabula_Gospels-6th-century
One of the most ancient icons of the Pentecost Syriac Rabbula Gospels 6th century

Happy Feast to All Christians ! Happy Birthday Church !

Saint Georgi of Sofia “the Newest” Bulgarian Confessor Christian saint martyred 1534 AD during reign of Turkish Sultan Selim in Medieval Serdika (Sofia)

Tuesday, June 1st, 2021

Saint-Martyr-George-of-Sofia-Georgi-Sofijski-in-traditional-wear-kalpak

Troparion, voice 4 
With a soul wounded by the love of your God, the wise George the Glorious, he preached to the ungodly, Christ God, trampled with his feeth, the Turkish heresy; and when he adorned himself with the crown of martyrdom, you ascended to the heavenly multitudes: ask Christ God to preserve your homeland, this city (Sofia) and the people who always worship your deeds.

On 26-th of May the Bulgarian Orthodox Church celebrates the memory of one of the great Bulgarian Martyr saints Saint Georgi the Newest. 
С~тый Геԝ̀ргїй Софїѝскїй Новѣ̀йшїй)  St. Georgi (The Bulgarian equivalent name of George) is one of the 3 saints holding the name Georgi which has confessed Christianity refused to accept islam and accepted Martyrdom for Christ in period of 1396 till year 1530 and one of the 9 famous Sofia city saints. Saint Georgi of Sofia the Newest was named after the highly venerated in Bulgarian just like in whole Christian world saint George.

saint-Georgi-Sofijski-saint-great-martyr-George-and-The-Mother-of-God-iconostasis

St. Georgi was born in the city of Medieval Sofia (Sredetz), fortress of Serdika today’s Sofia in a family of Ivan and Maria – a wealthy and society recognized family of that time. He has born after a fervent and lengthly prayers of his parents who couldn’t have children for a long time and has been given a kid by the prayers of Saint Great Martyr George
It is important to say Georgi (the newest) celebrated on 26-th of May is a different saint from St. Georgi called “the new” whose memory in the Church is commemorated on 11-th of February.

saint-Georgi-Sofijski-noveishij-icon

Miracle making icon of saint Georgi Sofiyski (currently in the Church in yard of Alexandrovska Hospital Sofia)

The young Georgi quickly learned to write and read, a skills that only the most educated people usually coming from noble families could do. His favourite activity
in his free time when he was not in help of his parents was reading the Holy Scriptures.
He was grown by his parents in Christian goodness and fervency for the Christian faith.

Sveti_Georgi_Novi-Sofijski-wall-painting-icon-st-George-Sofia
Aged 25 he orphaned as his beloved father passed away to Christ. Georgi posessesed an extraordinary beauty,  sharp mind and virtues, seeing the young man in his grief the local Turkish authorities tried as they usually do to attract the youngster to the islamic faith to make their way to interact with Georgi and do their business easier and most importantly have Georgi in their auhotirities congregation consisting only of people belonging to the islam as it was up to the Ottoman Turkish consistution law of the day.

To attract Georgi, turks first tried with hypocritical kindness and a care for the young to help him raise in the power of authorities of the city, not succeeding with that they have, they have forcefully wrapper the Muslim turban on his head and proclaimed him officially Muslim. Feeling offended by the ungodly deed of this enemies of Christ, immediately the saint throw the imposed turban on the ground and trampled on it.
The enraged muslim crowd seing his public offence for the prophet Muhammed handed him over to the Qadi in the court.

Neither the seductive promises of high office nor the cruel tortures could break the unshakable firmness of his Christian faith. The judge ordered that his body be cut into strips from head to toe and that the wounds received be scorched with dirty candles, which made the martyr’s body so hot that his face could not be seen. But all efforts were in vain.

The final verdict of the judge followed – Georgi to be hanged on the main barn in the city of Sofia, where there was a furnace for melting iron and copper ore. The execution command also stated that his body should remain on the gallows for three days in order to begin to decay, so that the faith of the Christians in the incorruptible relics of the saints and in the resurrection of the dead to be refuted and hence disgrace christianity. However, exhausted from his suffering mrtr. Georgi died at the hands of the executioners before they managed to hang him. To fulfill the command turks, anyhow  hung him on a rope to show the sentence has been successfully carried out.

For three days the  body hung on the gallows without any sign of decomposition, and on the contrary, an unusual fragrance of the holy relics of the martyr wafted through the barn. His mother sat under the gallows and grieving his beloved son hugged her son’s legs, staying next three three days to her son. The hanging took place on May 26, 1530 (according to other document sources in 1534). Thus on 26th of may the Church set a service in memoriam.

Ancient-Church-ROtonda-St-George-Sofia-Bulgaria

5-th Century Church of Rotonda  St. George Centre of Sofia

The-Grave-of-Saint-Georgi-Sofiyski-Grobat-na-sv-Georgi-nai-novi

Saint Georgi Sofiyski / Saint George of Sofia the Newest grave near Rotonda Church Saint George in City Center of Sofia, Bulgari

After the expiration of the sentence, the kadi handed over the body of the martyr to be buried in a Christian way, and the burial was solemnly performed by the then Metropolitan of Sofia Jeremiah in the church “St. the great martyr George the Victorious ”. Now these relics are in obscurity. The mother of the martyr died on the 40th day of George’s death and was buried at her son’s feet.

These events took place during the reign of Sultan Suleiman I Kanuni (the Legislator) also known as Suleiman the Magnificent. This “Golden Age” for the Ottoman Empire was a time of unheard of atrocities against Christians in the territory of the empire and very difficult times for the Bulgarian people. The reign of Suleiman I and his father Selim I was a time of obscurantism and severe persecution of the Christian population, a time during which many Christian new martyrs on Balkans had the courage to defend their faith.

saint-Georgi-Sofijski-newest-icon-painting

The capture, trial and torture of St. George of Sofia The latest took place near the then Sofia. Today the place is located in the yard of the famous Alexandrovska Hospital which was a King’s hospital during the times of Kingdom of Bulgaria after liberation took place from the Turks in 1878 y.. The exact location where martyrdom occured is between street St. Georgi Sofiyski ”and“ Pencho Slaveykov ”Blvd.

There was a large stone cross with an inscription on the site, which a few years after 1944, due to the risk of being destroyed, was collected by Sofia priests and is still preserved in the altar of the church “St. Georgi Pobedonosets ”on Blvd. Partriarch Euthymius”. Until the 1940s, a liturgical procession was held from the place of death of the saint to the Rotunda on May 26.
Nowadays happily, the old Lithia tradition is being renewed and a small Lithia is conducted by Bulgarian Orthodox Christian clergy and layman.

In the garden next to the building of the Second Surgical Clinic there was a stone cross, which indicated the place and history of the martyrdom of the saint, and today a temple was built in honor of the saint.

Church-of-saint-Georgi-Sofijski-in-Alexandrovska-hospital-Sofia-Bulgaria-the-place-of-martyrdom-of-saint-Georgi-Sofijski
source: Lives of the Saints. Synodal Publishing House, Sofia, 1991, edited by Parthenius, Bishop of Lefkada and Archimandrite Dr. Athanasius (Bonchev).

Saint_Georgi-naj-novi_Sofijski

HOLY MARTYR GEORGE OF SOFIA THE NEWEST, PRAY GOD FOR US!

How to check Linux server power supply state is Okay / How to find out a Linux Power Supply is broken

Wednesday, January 6th, 2021

2U-power-supplies-get-status-if-Power-supply-broken-information-linux-ipmitool

If you're a sysadmin and managing remotely Linux servers, every now and then if a machine is hanging without a reason it useful to check the server Power Supply state. I say that because often if the machine is mysteriously hanging and a standard Root Cause Analysis (RCA) on /var/log/messages /var/log/dmesg /var/log/boot etc. did not bring you to any different conclusion. The next step after you send a technician to reboot the machine is to check on Linux OS level whether Power Supply Unit (PSU) hardware on the machine does not have some issues.
As blogged earlier on how to use ipmitool to manage remote ILO remote boards etc. the ipmitool can also be used to check status of Server PSUs.

Below is example output of 2 PSU server whose Power Supplies are functioning normally.
 

[root@linux-server ~]# ipmitool sdr type "Power Supply"

PS Heavy Load    | 2Bh | ok  | 19.1 | State Deasserted
Power Supply 1   | 70h | ok  | 10.1 | Presence detected
Power Supply 2   | 71h | ok  | 10.2 | Presence detected
PS Configuration | 72h | ok  | 19.1 |
PS 1 Therm Fault | 75h | ok  | 10.1 | Transition to OK
PS 2 Therm Fault | 76h | ok  | 10.2 | Transition to OK
PS1 12V OV Fault | 77h | ok  | 10.1 | Transition to OK
PS2 12V OV Fault | 78h | ok  | 10.2 | Transition to OK
PS1 12V UV Fault | 79h | ok  | 10.1 | Transition to OK
PS2 12V UV Fault | 7Ah | ok  | 10.2 | Transition to OK
PS1 12V OC Fault | 7Bh | ok  | 10.1 | Transition to OK
PS2 12V OC Fault | 7Ch | ok  | 10.2 | Transition to OK
PS1 12Vaux Fault | 7Dh | ok  | 10.1 | Transition to OK
PS2 12Vaux Fault | 7Eh | ok  | 10.2 | Transition to OK
Power Unit       | 7Fh | ok  | 19.1 | Fully Redundant

Now if you have a server lets say on an old ProLiant DL360e Gen8 whose Power Supply is damaged, you will get an from ipmitool similar to:

[root@linux-server  systemd]# ipmitool sdr type "Power Supply"
Power Supply 1   | 30h | ok  | 10.1 | 100 Watts, Presence detected
Power Supply 2   | 31h | ok  | 10.2 | 0 Watts, Presence detected, Failure detected, Power Supply AC lost
Power Supplies   | 33h | ok  | 10.3 | Redundancy Lost


If you don't have ipmitool installed due to security or whatever but you have the hardware detection software dmidecode you can use it too to get the Power Supply state

[root@linux-server  systemd]# dmidecode -t chassis
# dmidecode 3.2
Getting SMBIOS data from sysfs.
SMBIOS 2.8 present.

 

Handle 0x0300, DMI type 3, 21 bytes
Chassis Information
        Manufacturer: HP
        Type: Rack Mount Chassis
        Lock: Not Present
        Version: Not Specified
        Serial Number: CZJ38201ZH
        Asset Tag:
        Boot-up State: Critical
        Power Supply State: Critical

        Thermal State: Safe
        Security Status: Unknown
        OEM Information: 0x00000000
        Height: 1 U
        Number Of Power Cords: 2
        Contained Elements: 0

To find only Power Supply info status on a server with dmideode.

# dmidecode –type 39

monitoring-power-supply-hardware-information-linux-ipmitool

Plug between the power supply and the mainboard voltage / coms ATX specification

This can also be used on a normal Linux desktop PCs which usually have only 1U (one power supply) on many of Ubuntus and Linux desktops where lshw (list hardaware information) is installed to get the machine PSUs status with lshw 

 root@ubuntu:~# lshw -c power
  *-battery               
       product: 45N1111
       vendor: SONY
       physical id: 1
       slot: Front
       capacity: 23200mWh
       configuration: voltage=11.1V
        Thermal State: Safe
        Security Status: Unknown
        OEM Information: 0x00000000
        Height: 1 U
        Number Of Power Cords: 2
        Contained Elements: 0


Finally to get an extensive information on the voltages of the Power Supply you can use the good old lm_sensors.

# apt-get install lm-sensors
# sensors-detect 
# service kmod start

# sensors
# watch sensors


As manually monitoring Power Supplies and other various data is dubious, finally you might want to use some centralized monitoring. For one example on that you might want to check my prior Zabbix to Monitor Hardware Hard Drive / Temperature and Disk with lm_sensors / smartd on Linux with Zabbix.

Hack: Using ssh / curl or wget to test TCP port connection state to remote SSH, DNS, SMTP, MySQL or any other listening service in PCI environment servers

Wednesday, December 30th, 2020

using-curl-ssh-wget-to-test-tcp-port-opened-or-closed-for-web-mysql-smtp-or-any-other-linstener-in-pci-linux-logo

If you work on PCI high security environment servers in isolated local networks where each package installed on the Linux / Unix system is of importance it is pretty common that some basic stuff are not there in most cases it is considered a security hole to even have a simple telnet installed on the system. I do have experience with such environments myself and thus it is pretty daunting stuff so in best case you can use something like a simple ssh client if you're lucky and the CentOS / Redhat / Suse Linux whatever distro has openssh-client package installed.
If you're lucky to have the ssh onboard you can use telnet in same manner as netcat or the swiss army knife (nmap) network mapper tool to test whether remote service TCP / port is opened or not. As often this is useful, if you don't have access to the CISCO / Juniper or other (networ) / firewall equipment which is setting the boundaries and security port restrictions between networks and servers.

Below is example on how to use ssh client to test port connectivity to lets say the Internet, i.e.  Google / Yahoo search engines.
 

[root@pciserver: /home ]# ssh -oConnectTimeout=3 -v google.com -p 23
OpenSSH_7.9p1 Debian-10+deb10u2, OpenSSL 1.1.1g  21 Apr 2020
debug1: Connecting to google.com [172.217.169.206] port 23.
debug1: connect to address 172.217.169.206 port 23: Connection timed out
debug1: Connecting to google.com [2a00:1450:4017:80b::200e] port 23.
debug1: connect to address 2a00:1450:4017:80b::200e port 23: Cannot assign requested address
ssh: connect to host google.com port 23: Cannot assign requested address
root@pcfreak:/var/www/images# ssh -oConnectTimeout=3 -v google.com -p 80
OpenSSH_7.9p1 Debian-10+deb10u2, OpenSSL 1.1.1g  21 Apr 2020
debug1: Connecting to google.com [172.217.169.206] port 80.
debug1: connect to address 172.217.169.206 port 80: Connection timed out
debug1: Connecting to google.com [2a00:1450:4017:807::200e] port 80.
debug1: connect to address 2a00:1450:4017:807::200e port 80: Cannot assign requested address
ssh: connect to host google.com port 80: Cannot assign requested address
root@pcfreak:/var/www/images# ssh google.com -p 80
ssh_exchange_identification: Connection closed by remote host
root@pcfreak:/var/www/images# ssh google.com -p 80 -v -oConnectTimeout=3
OpenSSH_7.9p1 Debian-10+deb10u2, OpenSSL 1.1.1g  21 Apr 2020
debug1: Connecting to google.com [172.217.169.206] port 80.
debug1: connect to address 172.217.169.206 port 80: Connection timed out
debug1: Connecting to google.com [2a00:1450:4017:80b::200e] port 80.
debug1: connect to address 2a00:1450:4017:80b::200e port 80: Cannot assign requested address
ssh: connect to host google.com port 80: Cannot assign requested address
root@pcfreak:/var/www/images# ssh google.com -p 80 -v -oConnectTimeout=5
OpenSSH_7.9p1 Debian-10+deb10u2, OpenSSL 1.1.1g  21 Apr 2020
debug1: Connecting to google.com [142.250.184.142] port 80.
debug1: connect to address 142.250.184.142 port 80: Connection timed out
debug1: Connecting to google.com [2a00:1450:4017:80c::200e] port 80.
debug1: connect to address 2a00:1450:4017:80c::200e port 80: Cannot assign requested address
ssh: connect to host google.com port 80: Cannot assign requested address
root@pcfreak:/var/www/images# ssh google.com -p 80 -v
OpenSSH_7.9p1 Debian-10+deb10u2, OpenSSL 1.1.1g  21 Apr 2020
debug1: Connecting to google.com [172.217.169.206] port 80.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type 0
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
debug1: ssh_exchange_identification: HTTP/1.0 400 Bad Request

 


debug1: ssh_exchange_identification: Content-Type: text/html; charset=UTF-8


debug1: ssh_exchange_identification: Referrer-Policy: no-referrer


debug1: ssh_exchange_identification: Content-Length: 1555


debug1: ssh_exchange_identification: Date: Wed, 30 Dec 2020 14:13:25 GMT


debug1: ssh_exchange_identification:


debug1: ssh_exchange_identification: <!DOCTYPE html>

debug1: ssh_exchange_identification: <html lang=en>

debug1: ssh_exchange_identification:   <meta charset=utf-8>

debug1: ssh_exchange_identification:   <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">

debug1: ssh_exchange_identification:   <title>Error 400 (Bad Request)!!1</title>

debug1: ssh_exchange_identification:   <style>

debug1: ssh_exchange_identification:     *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 10
debug1: ssh_exchange_identification: 0% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.g
debug1: ssh_exchange_identification: oogle.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0
debug1: ssh_exchange_identification: % 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_
debug1: ssh_exchange_identification: color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}

debug1: ssh_exchange_identification:   </style>

debug1: ssh_exchange_identification:   <a href=//www.google.com/><span id=logo aria-label=Google></span></a>

debug1: ssh_exchange_identification:   <p><b>400.</b> <ins>That\342\200\231s an error.</ins>

debug1: ssh_exchange_identification:   <p>Your client has issued a malformed or illegal request.  <ins>That\342\200\231s all we know.</ins>

ssh_exchange_identification: Connection closed by remote host

 

Here is another example on how to test remote host whether a certain service such as DNS (bind) or telnetd is enabled and listening on remote local network  IP with ssh

[root@pciserver: /home ]# ssh 192.168.1.200 -p 53 -v -oConnectTimeout=5
OpenSSH_7.9p1 Debian-10+deb10u2, OpenSSL 1.1.1g  21 Apr 2020
debug1: Connecting to 192.168.1.200 [192.168.1.200] port 53.
debug1: connect to address 192.168.1.200 port 53: Connection timed out
ssh: connect to host 192.168.1.200 port 53: Connection timed out

[root@server: /home ]# ssh 192.168.1.200 -p 23 -v -oConnectTimeout=5
OpenSSH_7.9p1 Debian-10+deb10u2, OpenSSL 1.1.1g  21 Apr 2020
debug1: Connecting to 192.168.1.200 [192.168.1.200] port 23.
debug1: connect to address 192.168.1.200 port 23: Connection timed out
ssh: connect to host 192.168.1.200 port 23: Connection timed out


But what if Linux server you have tow work on is so paranoid that you even the ssh client is absent? Well you can use anything else that is capable of doing a connectivity to remote port such as wget or curl. Some web servers or application servers usually have wget or curl as it is integral part for some local shell scripts doing various operation needed for proper services functioning or simply to test locally a local or remote listener services, if that's the case we can use curl to connect and get output of a remote service simulating a normal telnet connection like this:

host:~# curl -vv 'telnet://remote-server-host5:22'
* About to connect() to remote-server-host5 port 22 (#0)
*   Trying 10.52.67.21… connected
* Connected to aflpvz625 (10.52.67.21) port 22 (#0)
SSH-2.0-OpenSSH_5.3

Now lets test whether we can connect remotely to a local net remote IP's Qmail mail server with curls telnet simulation mode:

host:~#  curl -vv 'telnet://192.168.0.200:25'
* Expire in 0 ms for 6 (transfer 0x56066e5ab900)
*   Trying 192.168.0.200…
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x56066e5ab900)
* Connected to 192.168.0.200 (192.168.0.200) port 25 (#0)
220 This is Mail Pc-Freak.NET ESMTP

Fine it works, lets now test whether a remote server who has MySQL listener service on standard MySQL port TCP 3306 is reachable with curl

host:~#  curl -vv 'telnet://192.168.0.200:3306'
* Expire in 0 ms for 6 (transfer 0x5601fafae900)
*   Trying 192.168.0.200…
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x5601fafae900)
* Connected to 192.168.0.200 (192.168.0.200) port 3306 (#0)
Warning: Binary output can mess up your terminal. Use "–output -" to tell
Warning: curl to output it to your terminal anyway, or consider "–output
Warning: <FILE>" to save to a file.
* Failed writing body (0 != 107)
* Closing connection 0
root@pcfreak:/var/www/images#  curl -vv 'telnet://192.168.0.200:3306'
* Expire in 0 ms for 6 (transfer 0x5598ad008900)
*   Trying 192.168.0.200…
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x5598ad008900)
* Connected to 192.168.0.200 (192.168.0.200) port 3306 (#0)
Warning: Binary output can mess up your terminal. Use "–output -" to tell
Warning: curl to output it to your terminal anyway, or consider "–output
Warning: <FILE>" to save to a file.
* Failed writing body (0 != 107)
* Closing connection 0

As you can see the remote connection is returning binary data which is unknown to a standard telnet terminal thus to get the output received we need to pass curl suggested arguments.

host:~#  curl -vv 'telnet://192.168.0.200:3306' –output –
* Expire in 0 ms for 6 (transfer 0x55b205c02900)
*   Trying 192.168.0.200…
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x55b205c02900)
* Connected to 192.168.0.200 (192.168.0.200) port 3306 (#0)
g


The curl trick used to troubleshoot remote port to remote host from a Windows OS host which does not have telnet installed by default but have curl instead.

Also When troubleshooting vSphere Replication, it is often necessary to troubleshoot port connectivity as common Windows utilities are not available.
As Curl is available in the VMware vCenter Server Appliance command line interface.

On servers where curl is not there but you have wget is installed you can use it also to test a remote port

 

# wget -vv -O /dev/null http://google.com:554 –timeout=5
–2020-12-30 16:54:22–  http://google.com:554/
Resolving google.com (google.com)… 172.217.169.206, 2a00:1450:4017:80b::200e
Connecting to google.com (google.com)|172.217.169.206|:554… failed: Connection timed out.
Connecting to google.com (google.com)|2a00:1450:4017:80b::200e|:554… failed: Cannot assign requested address.
Retrying.

–2020-12-30 16:54:28–  (try: 2)  http://google.com:554/
Connecting to google.com (google.com)|172.217.169.206|:554… ^C

As evident from output the port 554 is filtered in google which is pretty normal.

If curl or wget is not there either as a final alternative you can either install some perl, ruby, python or bash script etc. that can opens a remote socket to the remote IP.

8 October year 927 the feast of Bulgarian Orthodox Church become autocephalous independent from Constantinople

Monday, October 12th, 2020

On 8 of October 927 the Bulgarian Orthodox Church has become autocephalous, this historical event is quite memorable for me as it happens to be almo  my birthday.
Thus I found it worthy to write few raw lines on the feast. This post will probably will not be of interest to any serious historian but still might be interesting for people keen on history.

The requirement of Church organization on the Bulgarian lands that is indepedent from the center of Christianity as of then Constantinople has existed with the Glorious and World changing event of receiving Holy Baptism of the Ruler of Bulgaria Saint King Boris-Mikhail in year 864 from Constaniple's Emperor Mikhail III who ruled Byzantine Empire from year (842 – 867).
 

saint-Apostle-equal-King-Boris-Mihail-The-Baptizer-of-Bulgaria
The event for the history of the Civilillized world and the Christian history wordwide is only comparable to the act of saint emperor Constantine's Milano Edict  The Edict of Milan (LatinEdictum Mediolanense, Greek: Διάταγμα των ΜεδιολάνωνDiatagma tōn Mediolanōn) was the February AD 313 agreement to treat Christians benevolently within the Roman Empire. Which opened the doors for Christianity to not only be equal religion within the empire but even to become official religion for the Eastern Roman (Byzantine empire).

Milanos-Edict-year-313-313ad-milanedicta

Assembly of Synod of Holy Fathers

The Milano's edict is today little known both in Eastern and Western world as people have more interest for money and business than to truth, virtues and history, so I find it useful to share with readers this forgotten history …

saint-emperor-Constantine

Saint Emperor Constantine

Western Roman Emperor (and later canonized for Saint) Constantine I and Emperor Licinius, who controlled the Balkans, met in Mediolanum (modern-day Milan) and, among other things, agreed to change policies towards Christians following the Edict of Toleration issued by Emperor Galerius two years earlier in Serdica (today the city of Sofia Bulgaria).
The document is found in Lactantius' De Mortibus Persecutorum and in Eusebius of Caesarea's History of the Church.

It was already a set path for Europe to become Christian and the majority of people and missionaries all through europe has spread the Good words of the Lord Jesus Christ throgh the European lands. Many missionaries both in Greece and the Balkans as well as the far lands of Kiev and North has been preaching for the coming centuries. Christianity has become already official religion for big part of the civillized (non-barbarian) world such as the Hellenes, France, Germany, Hungary,Romania, Ukraine, Belarus, Russia etc.. Monastic life has been also well established all through europe and many missionaries has come from the far deserts of Egypt to baptize and teach Christianity in the West in Ireland, England and even the Netherlands in the 7th century. Rome as a Christian center of the Western Empire even though the hardships has established and in the rule of Charlemagne has seriously expanded Christianity in the west.

The largest unbaptized lands with a paganism at that time seems to be few tribes such as the Vikings, the Gotts, The Traks and perhaps the Slavs. The biggest part of which seems to be the Slavs who has been settled in a large parts of Balkans Bulgaria, Serbia, Macedonia as well as Croatia, Chech, Poland and even in far Moscow.

This people has been following a peaceful paganism and has been still unenlightened. Thanks to Saint Cyril and Methodius and 7 pupils Saint Gorazd, saint Naum, saint Sava, saint Angelarius and Saint Clement of Ohrid (known as Ohridski) tireless work for Christ to translate the Holy Bible in the so called Church-Slavonic which in practice is a form of Ancient Bulgarian (in Glagolitic Script – Glagolica) which was mainly used before saint Clement Ohridski and other pupils of Saint Methodius such as the medieval famous author of many early Christian books Constantine of Preslav who worked in the Preslav Scriptorium and Christian school.
Constantine-of-Preslav-a-Holy-Church-books-and-bible-translator-and-copier-Konstantin_Preslavski

Constantine of Preslav

Saint King Boris-Mikhail  in that time took the right decision to baptize his large for that time lands populated by Bulgarians and Slavs under his rule and enlighten them with the Gospel and faith in the Jesus Christ and the true God the Holy Trinity (the Father the Son and the Holy Spirit).

It took him quite a long to decide whether to baptize his country citizens with the faith from the Western Empire (The Latins) or the Eastern Empire (the Byzantines) who at that time has been in process of creating and establishing the Great Church Schism from year 1054, and due to that he led a corresponce to both Byzantine empire as well as pope Nicolas I. 

One of the questions asked to both the The Pope and the Byzantine emperor has been about his desire of the Bulgarian Church to be an independent Church with independent head and ruleship that is able to take an independent decisions for its destiny. He wanted that as he was understanding the importance for the Cultarial freedom of Bulgaria from Helinism or the Latins. As he found that the Pope can't offer him too much and considering the closeness of the Byzantine empire to his lands as well seeing the Eastern Christianity to be more indepth and filled with beauty he has baptized from Byzantia and has received a Byzantian archibishop.
In the beginning the church services and the preach in Bulgaria has been in Greek and due to the common Bulgarian and Slavs couldn't understand Christianity. Thanks to the Holy Brothers Cyril and Methodius and the acceptance of their pupils by saint King Boris slowly in Preslav and Pliska in 9th 10th century and Ohrid in middle of 10th – 11th century a Spiritual Schools and Scriptoriums has been established which allowed a few years later gradually to have for Bulgaria the Holy Gospel and Church services to be served in the Bulgarian language (in the better understood by both Bulgariand and Slavs cyrllic).

saint-Boris-I-Michael-Baptism-of-Bulgarians-Ioan-Skilica

The baptism of Bulgarians Ioan Skilica (John Skilica)

Saint King Boris-Mikhail completed his earthly life as a humble Monk in the last years of his life, he has put on the throne Vladimir Rasate who tried to bring back paganism and faith in Tangra after his death. When heard about the evilness of his first born son and the hostility to Christianity and his plans to overrule the work of his father Saint King Boris is famous for getting out of the Monastery fighting again his son and with a Miracle about which is written even to the Pope to have win with his weaker supporter army against Vladimir-Rasate. He has blinded his son and put on the throne his second Son, King Simeon who has been officially later recognized by Romans and Byzantines the title usually only given to Byzantine Emperors  – Basileus of Bulgarians (Emperor of Bulgarians).

On the summoned in year 893 Council of Preslav together with the enthronization of King Simeon as a Bulgarian Ruler it was taken as a decision to change the Greek language in the Church with the Old Bulgarian (liked to be called in Russian sources as Church Slavonic). During his governship King Simeon (893 – 927) has gradually changed the Greek higher clergy with a Bulgarian and Created the Bulgarian Exarchate.

Veliki-Preslav_fortress_main-ancient-Christian-center-in-the-10th-century-on-the-Balkans

Veliki Preslav Fortress 

The-medieval-world-famous-Golden_Church_in_Veliki_Preslav-the-round-Church-ruins.

The Golden Church Saint John also known as the Round Church built by Simeon I the Great in Preslav built in 907, aiming to show the
high importance of the new established Bulgarian Church – Known to have been one of most beautiful Churches in Europe

During the rulership of Simeon's (second son) successor saint King Peter I (927 – 970 ) rise on throne, thanks to his wise politics and a lot of efforts to increase the prestige and spirituality in the Church following the path of his father. The Bulgarian Church has been recognized officially by the byzantine Emperor as an independent Church with a Mother Church the Church of Constantinople (today governed by the Ecumenical patriarch of Constantinople Bartholomew).

During the diplomatic negotiations between the King and the ruler of Byzantines Roman Lakapin  in year 927, the emperor has re-ratified the earlier disputed
as well the Church canonical uplifting ordination  of the head of Bulgarian Church the exarch to be a Patriarch of Bulgaria.

8-october-927-the-bulgarian-church-becomes-autocephalous-independent-1

Byzantines has always questioned the title of "Basileus of Bulgarians" with which King Simeon I the Great used to sign his documents, as Basileus was believed to be only supremacy title of the Byzantine emperor. The proud Byzantines did not wanted to accept another new-born Nation with less than 3 centuries of history could be their rivalry neither political nor spiritual and morever to be on the same importance in the known World with authority of the Eastern Emperor.

The archives of Vatican keeps a copies of the decision of the emperor's synclitis (meeting) for the recognition of the Bulgarian Patriarchy officially on 8th of October.
For a First Bulgarian Patriach was selected Patriach Damian (Drystyr) nowadays the city of Silistra with a patriachal seat in medieval city of Veliki Preslav (Great Preslav). Soon after the Patrairchal seat was moved to Silistra.

https://upload.wikimedia.org/wikipedia/commons/thumb/d/d7/Sv.Ahil_church.jpg/1280px-Sv.Ahil_church

Saint Ahil Church (Bulgarian Patriarchy) main seat in Prespa

The Eparchy of Dorostol has been existing even to this day, even though the exarchs and patriachal seat and patriachs through the centuries has been concentrated in the mother patriarchal city for our Church Preslav and in Ohrid as well as later for II centuries in city of Turnovo until 1393 when in city of Tarnovo (Trnovo) Fall raided by the Ottoman Turkish invaders. 
During the Ottoman's slavery of Bulgaria it has ceased to exist and has been reduced by the Turkish mostly under the influence of Patriarch of Constantinople to Archibishopship center in Ohrid.

History-of-Bulgarian-Patriarchy-Patriarshia-of-Tarnovo

The Patriarchal Church Ascension of Christ in Carevetz (The city of Kings) Hill Turnovo

After the Liberation of Bulgarian in the Russian-Turkish Bulgarian liberation war (1877 – 1878) in which Bulgaria has been liberated. The Bulgarian Church has been an Exarchy for a while in a dark period when the Bulgarian Church was recognized by the Phanariots (The Greeks). The Schism put over the Bulgarian Church was removed in 22 February 1945 y., few weeks after the enthronement of Patriarch Stephan I of Bulgaria. Unfortunately the next years coincided with the dark years of the imposed totalitarian regime of the Bulgarian Communist Party (BCP), which led to active persecution of the Church, the humilation and torture of priest and Church leaders and martyrdom of many clergymen and people who were against the unhuman kind of the new power that take over.

Boris_Nevrokopski-Metropolitan-a-saint-killed-by-the-Communistic-atheist-regime-in-Bulgaria

One of those many martyrs for Christ is a supposedly a saint Boris Razumov of Nevrokop who was killed by a order of communists by an orthodox priest to his own eparchy who has joined the party by the order of the BCP.

 

Improve SSL security: Generate and add Diffie Hellman key to SSL certificate for stronger line encryption

Wednesday, June 10th, 2020

Diffie–Hellman key exchange (DH) is a method of securely exchanging cryptographic keys over a public channel and was one of the first public-key protocols as conceived by Ralph Merkle and named after Whitfield Diffie and Martin Hellman. DH is one of the earliest practical examples of public key exchange implemented within the field of cryptography.

Traditionally, secure encrypted communication between two parties required that they first exchange keys by some secure physical means, such as paper key lists transported by a trusted courier. The Diffie–Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher.

DH has been widely used on the Internet for improving the authentication encryption among parties. The only note is it useful if both the communication sides A and B are at your control, as what DH does is just strenghten the already established connection between client A and B and not protect from Man in the Middle Attacks. If some malicious user could connect to B pretending it is A the encryption will be established.

diffie-hellman-explained

Alternatively, the Diffie-Hellman key exchange can be combined with an algorithm like the Digital Signature Standard (DSS) to provide authentication, key exchange, confidentiality and check the integrity of the data. In such a situation, RSA is not necessary for securing the connection.

TLS, which is a protocol that is used to secure much of the internet, can use the Diffie-Hellman exchange in three different ways: anonymous, static and ephemeral. In practice, only ephemeral Diffie-Hellman should be implemented, because the other options have security issues.

Anonymous Diffie-Hellman – This version of the Diffie-Hellman key exchange doesn’t use any authentication, leaving it vulnerable to man-in-the-middle attacks. It should not be used or implemented.

Static Diffie-Hellman – Static Diffie-Hellman uses certificates to authenticate the server. It does not authenticate the client by default, nor does it provide forward secrecy.

Ephemeral Diffie-Hellman – This is considered the most secure implementation because it provides perfect forward secrecy. It is generally combined with an algorithm such as DSA or RSA to authenticate one or both of the parties in the connection.

Ephemeral Diffie-Hellman uses different key pairs each time the protocol is run. This gives the connection perfect forward secrecy, because even if a key is compromised in the future, it can’t be used to decrypt all of the past messages.

diffie-hellman-dh-revised

DH encryption key could be generated with the openssl command and could be generated depending on your preference using a 1024 / 2048 or 4096 bit encryption.
Of course it is best to have the strongest encryption possible i.e 4096.

The Logjam attack 

The Diffie-Hellman key exchange was designed on the basis of the discrete logarithm problem being difficult to solve. The most effective publicly known mechanism for finding the solution is the number field sieve algorithm.

The capabilities of this algorithm were taken into account when the Diffie-Hellman key exchange was designed. By 1992, it was known that for a given group, G, three of the four steps involved in the algorithm could potentially be computed beforehand. If this progress was saved, the final step could be calculated in a comparatively short time.

This wasn’t too concerning until it was realized that a significant portion of internet traffic uses the same groups that are 1024 bits or smaller. In 2015, an academic team ran the calculations for the most common 512-bit prime used by the Diffie-Hellman key exchange in TLS.

They were also able to downgrade 80% of TLS servers that supported DHE-EXPORT, so that they would accept a 512-bit export-grade Diffie-Hellman key exchange for the connection. This means that each of these servers is vulnerable to an attack from a well-resourced adversary.

The researchers went on to extrapolate their results, estimating that a nation-state could break a 1024-bit prime. By breaking the single most-commonly used 1024-bit prime, the academic team estimated that an adversary could monitor 18% of the one million most popular HTTPS websites.

They went on to say that a second prime would enable the adversary to decrypt the connections of 66% of VPN servers, and 26% of SSH servers. Later in the report, the academics suggested that the NSA may already have these capabilities.

“A close reading of published NSA leaks shows that the agency’s attacks on VPNs are consistent with having achieved such a break.”

Despite this vulnerability, the Diffie-Hellman key exchange can still be secure if it is implemented correctly. As long as a 2048-bit key is used, the Logjam attack will not work. Updated browsers are also secure from this attack.

Is the Diffie-Hellman key exchange safe?

While the Diffie-Hellman key exchange may seem complex, it is a fundamental part of securely exchanging data online. As long as it is implemented alongside an appropriate authentication method and the numbers have been selected properly, it is not considered vulnerable to attack.

The Diffie-Hellman key exchange was an innovative method for helping two unknown parties communicate safely when it was developed in the 1970s. While we now implement newer versions with larger keys to protect against modern technology the protocol itself looks like it will continue to be secure until the arrival of quantum computing and the advanced attacks that will come with it.

Here is how easy it is to add this extra encryption to make the SSL tunnel between A and B stronger.

On a Linux / Mac / BSD OS machine install and use openssl client like so:
 

# openssl dhparam -out dhparams1.pem 2048
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
……………………………………………………….+………..+………………………………………………………+


…..
…. ………………..++*++*

Be aware that the Diffie-Hellman key exchange would be insecure if it used numbers as small as those in our example. We are only using such small numbers to demonstrate the concept in a simpler manner.

 

# cat dhparams1.pem
—–BEGIN DH PARAMETERS—–
MIIBCAKCAQEAwG85wZPoVAVhwR23H5cF81Ml4BZTWuEplrmzSMOR9UNMnKjURf10
JX9xe/ZaqlwMxFYwZLyqtFQB2zczuvp1j+tKkSi4/TbD6Qm6gtsTeRghqunfypjS
+c4dNOVSbo/KLuIB5jDT31iMUAIDJF8OBUuqazRsg4pmYVHFm1KLHCcgcTk5kXqh
m8vXoCTlaLlmicC9pRTgQLuAQRXAF8LnVLCUvGlsyynTdc0yUFePWkmeYHMYAmWo
aBS6AMFNDvOxCubWv9cULkOouhPzd8k0wWYhUrrxMJXc1bSDFCBA7DiRCLPorefd
kCcNJFrh7rgy1lmu00d3I5S9EPH/EyoGSwIBAg==
—–END DH PARAMETERS—–


Copy the generated DH PARAMETERS headered key string to your combined .PEM certificate pair at the end of the file and save it

 

# vim /etc/haproxy/cert/ssl-cert.pem
….
—–BEGIN DH PARAMETERS—–
MIIBCAKCAQEAwG85wZPoVAVhwR23H5cF81Ml4BZTWuEplrmzSMOR9UNMnKjURf10
JX9xe/ZaqlwMxFYwZLyqtFQB2zczuvp1j+tKkSi4/TbD6Qm6gtsTeRghqunfypjS
+c4dNOVSbo/KLuIB5jDT31iMUAIDJF8OBUuqazRsg4pmYVHFm1KLHCcgcTk5kXqh
m8vXoCTlaLlmicC9pRTgQLuAQRXAF8LnVLCUvGlsyynTdc0yUFePWkmeYHMYAmWo
aBS6AMFNDvOxCubWv9cULkOouhPzd8k0wWYhUrrxMJXc1bSDFCBA7DiRCLPorefd
kCcNJFrh7rgy1lmu00d3I5S9EPH/EyoGSwIBAg==
—–END DH PARAMETERS—–

…..

Restart the WebServer or Proxy service wher Diffie-Hellman key was installed and Voila you should a bit more secure.