Play Audio Music CDs in Linux console / terminal in the 21 Century mission hard but possible


July 30th, 2024


Compact discs (CD's) ain't dead yet but there easy straigh use on free operating systems Linux / FreeBSD / OpenBSD is starting to deteriorate. That is quite normal I guess, as CDs are no longer officially produced or sold for few years in America and there is no Audio CD bookstores, neither in europe and perhaps there are just few in europe, perhaps CD are used somewhere in Africa and Asia, but most modern world has officially buried them.

However as I love old stuff and I had the opportunity, I bought an old Audio CD (fake copy one 🙂 of Judas Priest Screaming for Vengence and the famous Jimi Hendrix  (Best Complilation) Experience an improvised shelf-book store selling books by a half deaf aging guy who sells books for years in Dobrich in the center.
And to remember the young years of Rock Roll wanted to play it on my very old but still kicking Lenovo Thinkpad R61 notebook (that is now 16 years old but thanksfully it still works and kicks ass with a Debian GNU / Linux 10 Buster.)

The task is very easy and as I have a Window Maker (Wmaker) on it in order to save myself an extra loading of this a kind of "archaic machine" and tried to play my CDs with everything at hand thus I tried first to play the CD in console with the good old but gold cdplay with which I have played a dozens of Audio CDs back in the days … 

# cdplay

just to find out the CD got red and started to roll but I get no sound via the Sound Card 🙁

Next thing, i assumed was the problem might be the pulseaudio process blocking the sound card to be used, preventing cdplay to be able to properly channel the sound to the sound card, that used to be quite of classical problem, if you remember, thus I tried to run the cdplay via the aoss (Wrapper script to facilitate use of alsa oss compatibility library.)

Before using oss of course i've loaded the snd-pcm-oss kernel module, to make the sound blaster be able to use the old obsolete Open Sound System.

# modprobe snd-pcm-oss

# aoss cdplay

Though that aoss trick worked for some programs that used old Open Sound System scheme to output sound, it doesn't unfortunately, at that case.
 

Strange enough my sound card is properly identified by the Debian Linux and I can play MP3 songs, as well browse videos in youtube and other Internet resources in Firefox and even the pulseaudio process that is running in the background is spitting sounds out of the Notebook Speakers.

The laptop doesn't seem to have any sound driver or Sound Card issues, as I can normally play my old .XM and .MOD  sound extension files with the good old mikmod

 

# mikmod

as well as I can even normally play MIDI audio files by using the timidity tool as well as with playmidi

# timidity HitTheLights.mid

# playmidi HitTheLights.mid


Just to proove the MIDIs can be played normally via the Sound Blaster (for a more on the topic check my previous article talking in depth about Linux and MIDI – Play Midis on Linux / Make Linux MIDI Ready for the Future – Enable embedded MIDI music to play in a Browser, Play MIDIs with VLC and howto enjoy Midis in Text Console.

Next logically to make sure, something is not wrong with audio drivers, I tried to play some music normally with, the standard console players I have played with for years on Linux mpg123 / mpg321 for reference check my Listening music in text mode in Linux console but this was no luck again …

I tried even to install the opencubicplayer ( Linux port) music player and tried to open the CD, but even though the CD can be heard to be rolling in the CD drive no sound was outputed out of the laptop speakers.

 

open-cubic-player-screenshot-on-linux

Thus to resolve tried everything at power starting from increasing any missing volumes via the aumix command, as often in the past I remember the problem in such situations is the sound volume is decreased to zero percentage or completely muted.

# aumix


aumix-with-linux-htop-screenshot-animated-gif

as well as with 

# alsamixer


Alsamixer-control-sound-volume-linux-screenshot

Nevertheless, every possible volume up volume was raised and everything looked cool as I could play normally music on machine or in a browser, the AUDIO CD Music refused to play out of the Speakers.
 

Playing the Audio CD via success with mplayer

The work around to make it play was up to a one liner with mplayer

# mplayer -cdrom-device /dev/cdrom cdda://

To easify the play of CDs I've created for my self a tiny one liner script to run it.

 

#!/bin/bash
mplayer -cdrom-device /dev/cdrom cdda://

I've called the script playcd.sh, made it executable and placed it under /usr/local/bin

# vim /usr/local/bin/playcd.sh
#!/bin/bash
mplayer -cdrom-device /dev/cdrom cdda://


# chmod +x /usr/local/bin/playcd.sh

 

Playing Audio CDs with VLC (VideoLAN Media Player)

I've vlc client installed on my Linux box, if you don't have it, do:

# apt install –yes vlc

Then roll on the CD with vlc with passing it the location to the CD, usually one of the down two pointers should work:

# vlc vcd:///dev/sr0

# vlc vcd:///dev/cdrom

If you want to loop the Tracks to play forever

# vlc –loop vcd:///dev/cdrom

By the way vlc can do much more than you think as you can even play youtube with it, for example you can try it with the Axel Folly classics Mod file, by running it like this.

# vlc https://www.youtube.com/watch?v=SlyK_elUmIw


Cheers and Enjoy CD audio on Linux  ! 🙂

No Comments »

« Previous Post
Next Post »

The Church Rejoices + Daniil Metropolitan of Vidin chosen and Enthroned as Head of Bulgarian Orthodox Church. Dostoin / Axios !


July 3rd, 2024

The Church Rejoices + Daniil Metropolitan of Vidin chosen and Enthroned as Head of Bulgarian Orthodox Church. Dostoin / Axios !

Patriarch_Daniil-the-new-canonically-and-officially-elected-Patriarch-of-Bulgaria-and-Metropolitan-of-Sofia

Metropolitan Daniil is our Officially and canonically elected Patriarch of Bulgaria and Metropolitan of Sofia (the choice was made in a complex selection system) during a Church national Assembly on 30th of June 2024.

The whole Church rejoices as a dark cloud was over the Church as people were scared, un-worthy patriarch might be selected.

The procedure of selection of new patriarch depends on matching, certain criterias for the candidate.

According to the Ustav of Bulgarian Orthodox Church (Establishment Law document, Church established rules statues)

New Patriarch Candidate should match following criterias:

  • To have been on a cathedra as metropolitan and have governed a diocese for at least 5 years
  • To be not be younger than 50 years of age (should be 50+ years old).
  • To be distinguished within the Church to have right thoughts on the Orthodox faith and the exact observance of church order and laws.
  • To enjoy a good and honorable name both before the people and before the government of the country

Procedure for electing a patriarch

On 20th of June of 2024, after internal voting in the Holy Synod, following the Church statuses, after 42 turns of votes of individually each Bishop and Metropolitan voting for his favorite, the 3 candidates for patriarch were emitted.

1. In the first round, the candidate who collected 2/3 of the votes of the voters present wins
2. If this does not happen, a second round is reached with the two candidates who received the most votes in the first round
3. In the second round, the candidate with a simple majority wins.

The results out of the elections on the Patriarchical choice National Church assembly results were as so:

Three Patriarchical Candidates

 

Three-candidates-for-Patriarch-na-Bulgaria-as-of-20-June-2024.
 

Name Candidate 1st voting 2nd voting
Daniil Metropolitan Vidinsky 51 votes 69 votes
Grigoriy Metropolitan Vrachanski 64 votes 66 votes
Gavriil Metropolitan Lovchanski 19 vote does not qualify


Patriarch Daniel (Bulgarian: Патриарх Даниил, romanized: Patriarh Daniil) has received his monk name after Saint Daniil the Stylite, one of the most notable Stylites in the Church history.

Early life and Education

Secular name Atanas Trendafilov Nikolov (Bulgarian: Атанас Трендафилов Николов; born 2 March 1972) in a town of Smolyan. He was born in a good and healthy family, his father Trendafil Nikolov is born in a small village near Smolyan (Kremene) and served as a police officer, his mother Zlatka Nikolova used to be a  teacher in the field of Informatics in Economy scohol in Smolyan.

He completed his primary and secondary education in his hometown and later served in the military. In 1996, he began studying English Philology at Sofia University, but being grown in the spirit of love for history and the motherland Bulgaria, he soon found out field of Philosophy does not provide enough to match his wide interests in history of the world and history of Bulgaria. Being touched by Gods love and having a desire to learn more about Christianity and his homeland orthodox christianity and learn more about philosophy but from the perspective of the Orthodoxy obviously guided by Gods provide, the following year during the hard years of national financial catastrophe and church schism in 1997 he transferred to the Faculty of Theology of the same university Saint Kliment Ohridski

In 1997 he also become candidate for monk novice in the notorious monastery of Hadji Dimovo (in honour of Saint Great Martyr George)  which was at that time of Spiritual Leadership of Metropolitan Natanail of Nevrokop, where he graduated in 2002 and which was one of the best monasteries capable of giving a solid basis for true and high standard spiritual life.

Becoming a Monk

On August 7, 1999, he was ordained a monk by him and the next day he was ordained as a hierodeacon. On July 21, 2004, he was sent for obedience to the Nativity of the Virgin Monastery (Rojenski Monastery) in Rozhen, and on November 27, he was ordained a hieromonk by his diocesan bishop.
On June 1, 2006, he was elevated to the rank of archimandrite.

Daniil-as-vicar-Bishop-of-Metropolitan-Joseph-of-America-of-Bulgarian-Orthodox-Church


Recognized as exceptional choosen person and Levereged to a Bishop by metropolitan Natanail Nevrokopski
Note: Nevrokov Eparchy is the eparchy in which Saint John of Rila Monastery belongs to, Metropolitan Natanail was among the most loved person in Bulgarian Church

On January 20, 2008, he was ordained as a Bishop with the title of Dragovitski and was appointed vicar of the Metropolitan of Neurokop Natanail

Nevrokopski-Metropolitan-Natanail
Metropolitan Nathanail Nevrokopsky (titled as the consience of the Bulgarian Church)

His ordination was carried out by Patriarch Maxim (the previous patriarch before Patriarch Neofit) in collaboration with Metropolitans + Ioanikiy of Sliven, + Dometian Vidinsky, + Kyril Metropolitan of Varna and Veliko Preslav, Grigoriy of Velikoturnovsky, Neofit of Rusensky, Natanail of Nevrokopsky, Gavriil Lovchansky and bishops Evlogius of Adrianople, Abbot of the Rila Monastery, Naum Stobiyski at that time Chief Secretary of The Holy Synod, Theodosius of Devol, Constantine of Marcianopol and John of Znepol (currently Metropolitan of Varna and Veliko Preslav chosen after decease of Metr. Kiril).

Hadji Dimovski monastery become also famous also for being the spiritual school for  Metropolitan Serafim of Nevrokop (chosen after's Metropolitan Natanail Nevrokopsky pass away to Christ).

On 15 June 2010, Daniel was appointed vicar of the diocese in the US, Canada and Australia of the Bulgarian Patriarchate. On 2 December 2011, the Holy Synod "took note of the letter from Metropolitan Joseph of the USA, Canada and Australia, notifying that permission had been received from the American emigration authorities to fulfill the obedience assigned by the Holy Synod to Bishop Daniel of Dragovitski who can already leave and take on responsibilities, as metropolitan vicar of the USA, Canada and Australia".
He was considered the most likely successor to Metropolitan Joseph of America (Bosakov).

Served as vicar bishop in the American, Canadian and Australian dioceses from 2011 until February 4, 2018 (for 7 years).
He was chosen to become the Metropolitan of Vidin (after the decease of Metr. Dometian) from February 4, 2018 to June 30, 2024.

In December 2018, Metropolitan Daniel condemned the Unification Council in Kyiv, calling it uncanonical. In his opinion, the actions of Patriarch Bartholomew are non-canonical, since he encroached on someone else's canonical territory.

Daniil is the originator of the introduction of religious education in the Bulgarian school and for many years worked for it to be included as a subject in the curricula.

On 21 July 2004, Daniel was sent for obedience to the Rozhen Monastery of the Nativity of the Blessed Virgin Mary. On 27 November of the same year he was ordained hieromonk by his diocesan bishop. On 1 June 2006, he was elevated to the rank of archimandrite. On 20 January 2008, he was consecrated Bishop of Dragovitia and vicar of the diocese of Nevrokop diocese.

Metropolitan of Vidin 4 February 2018 – 30 June 2024

Metropolitan-Daniil-in-times-as-a-Metropolitan-of-Vidin

On 4 February 2018, he was elected by the Synod to the post of Metropolitan of Vidin. Vidin was the last city that fall under the Ottoman hordes, and perhaps his zeal for truthfulness and orthodoxy and the Bulgarian nation was the reason Gods providence in that hard times to have chosen him to be head of this small but historically rich and important eparchy.

In December 2018, Metropolitan Daniel condemned the Unification Council in Kyiv, calling it uncanonical. In his opinion (based on Church Canons of Ecumenical Councils), the actions of Patriarch Bartholomew are non-canonical, since he encroached on someone else's canonical territory.

https://pc-freak.net/images/Patriarch-Daniil-Bartholomeow-patriarch-of_Constantinople-guest-on-patriarhical-enthronement

Perhaps for the Ecumenical Patriarch Bartholomew, the selection by the Gods providence for Daniil to be the next patriarch of Bulgaria, was quite a shock as the expected patriarch to choose was Gregory who if chosen should have been titled Gregory the II-nd as we already had a patriarch with this name , during the Second Bulgarian Kingdom  (saying this by memory), but mans thoughts are very different from Gods thoughts as the Holy scriptures says.

After the death of the former Patriarch of the Bulgarian Orthodox Church Neophyte in March 2024 and respective mourning period, then Metropolitan of Vidin, Daniel was one of the three shortlisted candidates to ocuppy the patriach position together with Metropolitan Gregory of Vratsa and Metropolitan Arsenius of Sliven.[7] On 30 June 2024, at the patriarchal electoral Church-People's Council in Sofia, Metropolitan Daniel was elected the new Patriarch of Bulgaria, Metropolitan of Sofia.

Patrirach-Daniil-of-Bulgaria-Blessing-soon-after-his-selection
Picture of Patriarch Daniil Blessing, right after his selection and his "radiation" with Patriarchal Ensignias, the Patriarchical Wand stick, The Cross, Panagias …

Daniil-Metropolitan-of-Sofia-and-Patriarch-of-Bulgaria

Pre-selected moments of the enthronization of new Bulgarian Patriarch Daniil of Bulgaria by Sonya Ankova

Currently he is the canonical 4th Patriarch of the new History of the Bulgarian  Orthodox Church, currently serving as Patriarch of All Bulgaria since June 30 !

His choosing and Enthroning was surprise for many influential people in the history and was just another proof the Church of Bulgaria is Governed by Jesus Christ and the selection was made by the Holy Spirit of God itself !

 

Daniil the New Bulgarian Patrhiarch, the Forth Patriarch by Bulgarian National TV (BNT) Chapter I

Lets all say Достоин / Axios !!!, just like many has proclaimed during the official introduction of Daniil as Patriarch with a special enthronization Ceremony.
The selection day 30 of June this year was by God's providence on the Sunday of All Saints, this year this day coincided also with the Assembly of All Holy Apostles day commemoration dedicated to All Apostles of Christ (the 12, the 70th of desciples and the rest of rings of desciples  of Christ who have done apostolic mission sent by him). The Assembly of Apostles feast is always celebrated  in the Church always 1 day after the Great feast of Saint Apostle Peter and Apostle Paul's day. 
The day after on the day the first Holy Liturgy was served by tradition by the new Patriarch and it was the Summer Feast of Saint Cosmo and Damianos  and  one of the 3 major feasts of Saint John of Rila (The Return of the Holy Relics of Saint John of Rila into Bulgaria) .

Patriarch Daniil  is the youngest patriarch of Bulgaria in our history of the Bulgarian Church, currently aged 51, since its establishment in year 870 (1154 years ago) and a lot of hope by many, that his Church rulership will be mostly beneficial for the whole Church and nation and will raise up the confidence and self-esteem of the nation, and shed light on the nation and attract more of the youth, that is living a life away from the Church even though baptized,  back in the Church.

Lets pray and wish the new Patriarch Daniil, a lot of increasement of Health, Love and Faith for everyone and Wisdom to guide the flock of Christ through the hardships of current turmoiled times of desperation and confusion as well as good health to serve as a Patriarch for Many Years !

For Many and Blessed Years his Holiness Patriarch of Daniil ! Metropolitan of Sofia and Patriarch of All Bulgaria !

1 Comment »

« Previous Post
Next Post »

Console Video edit Rotate, Merge, Scale, Trim add background music to Video files on Linux and UNIX with ffmpeg


June 18th, 2024

https://www.pc-freak.net/images/linux-video-edit-few-basic-tricks-edit-cut-combine-put-background-music-to-video-on-like-os-unix.png

GNU / Linux and other Free as in Beer OS-es such FreeBSD and OpenBSD as well as other UNIX variants are definitely not the best platform to do Video edit, as the best one is obviosuly MAC OS-es for being a veteran in the field of graphic edit for a long time but over the time its capabilities are slowly but surely evolving. 
However Linux users can also do the basic video edit stuff quite easily with ffmpeg and few other tools.
 The general things one faces when snapshotting videos is the video might be turned around or in the wrong angle and you want it to rorate, or you have two three or more video files and you would like to merge the ones in one or you would like to Trim a period in the beginning of a Video or Trim some time you don't need out of the video at the end end, merge multiple MP3 files into single recording or including a background music to a video.

Doing such a things has a lot of possibilities with tools such as ffmpeg, imagemagick and mencoder and it is mostly useful if you're a console guy or you need to write a program that does video rorate or video merge in PHP / Perl / Python etc.
 

1. Rotating Videos in Linux

Rotate a Video in 90 degrees

Rotating a video assuming that you have the ffmpeg tool installed is as easy as:

# ffmpeg -i in-video-file.mov -vf "transpose=1" out-video-file.mov

Supported value arguments for ffmpeg ranspose option
0 = 90CounterCLockwise and Vertical Flip (default)
1 = 90Clockwise
2 = 90CounterClockwise
3 = 90Clockwise and Vertical Flip


2. Flip the video clip Vertically

# ffmpeg -i out.mov -vf "vflip" out2.avi


If you don't have ffmpeg, just install it with apt or yum:

On Debian 

# apt install –yes fmpeg


On Redhat based distros

# yum install -y ffmpeg

ffmpeg is easily installed by bsd ports with the package manager for example on FreeBSD it is up to :

# pkg install ffmpeg


3. Merge (Concatenating) Videos with ffmpeg / mencoder / avimerge on Linux

Go to the directory containing all the videos you would like to merge and merge them with belowsimple one liner:

# ffmpeg -f concat -i \
<(for f in $PWD/*.avi;do echo "file '$f'";done) \
-c copy output.avi


To merge multiple set of lets say ( sequential ) Video files on Linux with mencoder and produce a single video file:

# mencoder -oac copy -ovc copy 1.AVI 2.AVI 3.AVI 4.AVI -o Single-common-out-video.avi

mencoder is available also by default on most distros if not install it with:

On Deb based Linuz:

# apt install mencoder –yes

On Fedora / CentOS … rpm based:

# yum install -y mencoder

The old and now obsolete transcode audio / video converter could also be used:

 # avimerge -i file-input1.avi file-input2.avi -o output-file.avi


4. Scaling a video to a concrete resolution

It might happen to you that some video files could not be concatenated with other video file because its resolution is smaller (or different) than the recorded material,
to come around this you need to scale it.

# Scale video resolution to 1920×1080 pixels

# ffmpeg -i input-video.mp4 -vf scale=1920:1080 output-video.mp4


5. Trimming the beginning of a Video with ffmpeg

A recording will often contain parts in the beginning that you don't need and have to beto be removed from the video stream:

# Remove the first three seconds (Common scenario)

# ffmpeg -i input.mp4 -ss 3 -c copy output.mp4


6. Trimming the end of MP4 video with ffmpeg

The same is true for the end of a video materials often:

# Remove everything after 5 minutes and 32 seconds

#ffmpeg -i input.mp4 -t 00:05:32 -c copy output.mp4

Both, -ss and -t, can also be combined into one command.


7. Adding Background Music to a Video with ffmpeg

To add a concrete background music to a video stream, track the volume had to be lowered first:


7.1 Reduce the volume MP3 music file by 50% with ffmpeg

# ffmpeg -i input.mp3 -filter:a "volume=0.5" output.mp3


7.2 Combine multiple audio tracks into one single recording stream

# Concatenate multiple mp3 voice files into one
# ffmpeg -i "concat:input-song1.mp3|input-song2.mp3|input-song3.mp3" -c copy output-concatenated-single-song.mp3

One thing to consider is that once you want to add a background music stream to a video stream, both the video and the song has to be of the same length, otherwise attempts to merge the background audio track with fail
 due to the length of the audio track not matching the length of the video.
This can be resolved by generating a silent audio track and concatenating it to the end of the audio track to make the video and music match:

# Generate 33 seconds of silence
# ffmpeg -f lavfi -i anullsrc=channel_layout=5.1:sample_rate=48000 -t 33 output.mp3


Finally, to merge the audio track into the video track:

# Merge video with existing audio track and another audio track

# ffmpeg -i input.mp4 -i input.mp3 -filter_complex "[0:a][1:a]amerge=inputs=2[a]" -map 0:v


Sum it up what learned

In this article was shown how to convert multiple Videos into a single one, scaling a video to a graphics resolution, trip a video at the beginning and at the end, add background movie tracks as a sound on Linux.
As you can imagine this stuff is quite useful and used by many, many websites online to do a different Video and sound editing included in a millions of Frontend / Backend webscritt Scripts around silently doing its stuff.
There is much more to be done with this tools, but for a starter of a video edit newbies it should on Linux and enthusiasts to manage own managed small private clouds, hope this stuff will be useful for a introductionary.

Cheers ! 🙂 

No Comments »

« Previous Post
Next Post »

How to filter an IP, and IP range or domain to access to access service with /etc/hosts.allow /etc/hosts.deny , filtering Network range to sshd tcp port 22 through sshd service


June 4th, 2024

how-to-allow-and-deny-services-without-firewall-on-linux-logo-picture-tux

If you want to filter a range of IPs to be able to or unable to access a TCP port service because someone is trying to brute force you from the network or just because you don't want a connected LAN IPs to have access to your server for whatever security reasons. The simplest way you can do IP and IP range restrictions to allow or disable access towards a Linux server via defining allow or prohibition rules in  /etc/hosts.allow and /etc/hosts.deny.

This files are there and useful since the beginning of UNIX OS-es and has been widely used on Linux in the past and rarely known by people nowadays.

 

The hosts.allow and hosts.deny files could be used on a Linux system to deny connection attempts from one or more IP addresses, hostnames, or domains. 
/etc/hosts.allow and /etc/hosts.deny are just a plain text configuration file with a rather simple syntax, that can be used for decades to allow or filter IPs without applying a special firewall rules like iptables locally.
It can work with any TCP wrapped service on your system. The hosts.deny file is used in conjunction with hosts.allow to determine whether a connection attempt gets accepted or denied.

In this small tutorial, you will see an example of the hosts.allow file and how to use it to allow or deny connections to IPs or networks, as well as how a simple prohibition to access SSH service only via specific IP network can be done.

For full understanding of hosts.allow / hosts.deny file, check the manuals man hosts.allow , man hosts.deny, man hosts_options, man hosts_options.

root@pcfreak:~# apropos hosts|grep -iE '^hosts.*'
hosts.equiv (5)      – list of hosts and users that are granted "trusted" r command access to your system
hosts (5)            – static table lookup for hostnames
hosts.allow (5)      – format of host access control files
hosts.deny (5)       – format of host access control files
hosts_access (5)     – format of host access control files
hosts_options (5)    – host access control language extensions

General hosts.allow / hosts.deny syntax

The /etc/hosts.allow and /etc/hosts.deny understood syntax form is: 

service : host/network

Each value is separated by a colon :

You can also supply an option, but this is not as common. We will cover some other niche choices below. More options can be added if necessary, with each one separated by another colon.

service : host/network [:

The following line would allow all traffic to the sshd service. ALL is used as a wildcard.

sshd : ALL

Few examples to allow access to SSH Daemon from IPv4 and IPv6
This line would allow connections from all hosts on the 10.11 network. Connections from all other hosts can then be denied by the hosts.deny file. This type of configuration would work as intended since the allow line precedes our corresponding deny line in the other file, thus will be triggered first.

sshd : 10.11


Accept connections from a particular IPv4 and IPv6 address
 

sshd : 10.10.136.241
sshd : [2a02:2143:88f1:5c00:9991:9daa:b580:aee2]

 

Rather than using IPs, you can also specify hostnames to accept or deny connections from.

sshd : some.host

 

Accept connections from all hosts using the main domain .pc-freak.net domain name.

sshd : .pc-freak.net

You can also use a wildcard for both the service and the host/network field. This will accept all connections to any service. This would make all other rules (including those in hosts.deny) irrelevant, as all connections will be accepted by this rule before they have a chance to be denied.

ALL : ALL

The EXCEPT operator can be used to create an exception in an otherwise all allowing rule. 
For example, this rule would allow all connections from the .pc-freak.net domain name, except for one sub-domain org.pc-freak.net

sshd : .pc-freak.net EXCEPT org.pc-freak.net


Allow connectivity towards SSH TCP port 22 for all IP / hosts except for certain IPs and domains
 

To control connectivity towards sshd service via allow hosts  /etc/hosts.allow for all except a bad.host and a certain IP range:

 

sshd : ALL : allow
sshd : bad.host : deny
sshd : 85.5.1. : deny (1)

 

Disable access to all remote services to the network

Lets say if you're running the Linux as  desktop station and you want to disable access to any local services running on TCP ports

If you want to be paranoid and disable all remote access to server to any IP network, you can do it with:

# echo "ALL: ALL" >/etc/hosts.deny


Completely allow access to a certain running TCP port service on server
 

To allow completely access to a service
 

service_name : ALL : allow

Allow access for a a range of IPs subnet

You can also specifcy the IP netmask range to allow, like this:

ALL : 192.168.0.0/255.255.254.0

 

Allow access to all server network services for a domain except for a certain domain
 

Enable access to ALL running server services listening on TCP port except for domain

ALL : .example.com EXCEPT skiddie-attacker.example-domain.com


Allow access to al services except to a service for a local port range via hosts.allow

Here is example onw how to use hosts.allow file to allow connections all running server services except access to VSFTP, coming from Local LAN IPs with netmask /24 (e.g. from the 192.168.0.x.):

ALL EXCEPT vsftpd : 192.168.0

 


Filtering IPs and IP Ranges from within /usr/sbin/sshd openssh service via /etc/ssh/sshd_config (allow and disable access to concrete IPs trying to brute force you)
 


Lets say however, you don't want to do the filtering of openssh connections via hosts.allow / hosts.deny but rather on a SSH Service level, this can be done with the following /etc/ssh/sshd_config configuration.

# vim /etc/ssh/sshd_config

Match Address *,!192.168.1.0/24
    ForceCommand /bin/false

For more on the use of Match Address check documentation with man 5 sshd_config


To re-load the opensshd config

# systemctl restart sshd

 

Of course manually filtering villains is a tedious task and ultimately to save yourself time and inconvenience to regullary look up within /var/log/security or /var/log/messages (depending on the Linux distribution) and the configuration for SSHD to login imposters you would prefer to use fail2ban (if you're not familiar with fail2ban check out my previous article on how to easily Stop ssh bruteforce authentication attempt Attacks with fail2ban or if you want to use the Linux native way check out the article how to prevent SSH and FTP bruteforce attacks with IPtables.

No Comments »

« Previous Post
Next Post »

All Debian Linux package repository apt sources.list file for Debian versions 6, 7, 8, 9, 10, 11 and 12


May 31st, 2024

debian-package-management-repositories-for-all-distributions

If you have to administrate legacy Debian servers, that keeps hanging either for historical reasons or just because you didn't have time to upgrade it up to latest versions, machines that are hanging in the hangar or a mid office building Old server room, doing nothing but simply NAT (Network Address Translation), Proxying, serving  traffic via Squid / Haproxy / Apache / Varnish or Nginx server but you still want to have the possibility to extend the OS even though it is out of date / End of Life reached and out of support as well as perhaps full of security holes, but due to its unvisibility on the Internet hanging in a Demilitarized network the machine stayed on the Local (DMZ)-ed network and still for example you need to install simple things for administration reasons locally on the machine, for example nmap or netcat or some of the network tools for monitoring such as iftop or iptraf etc. you might find out unfortunately that this is not possible anymore, because the configured /etc/apt/sources.list repository mirror is no longer available at its URL. Thus to restore the functioning of apt and apt-get pkg management tools on Debian you need to correct the broken missing package mirrors due to resructurings on the network with a correct ones, originally provided by Debian or eventually if this doesn't work a possible Debian package archive URL. 

In this article, I'll simply provide such URLs you might use to correct your no longer functioning package manager due to package repositoriy unavailibility, below are the URLs (most of which that should be working as of year 2024). To resolve the issues edit and place the correct Debian version you're using.

1. Check the version of the Debian Linux

# cat /etc/debian_version


or use the universal way to check the linux OS, that should be working on almost all Linux distributions

# cat /etc/issue
Debian GNU/Linux 9 \n \l

2. Modify /etc/apt/sources.list and place URL according to Debian distro version

# vim /etc/apt/sources.list


3. Repositories URL list Original and Archived for .deb packages according to Debian distro release
Debian 6 (Wheezy)

Original repostiroes (Not Available and Not working anymore as of year 2024)

 

Old Archived .deb repository for 6 Squeeze

deb http://archive.debian.org/debian squeeze main
deb http://archive.debian.org/debian squeeze-lts main


​Debian 7 (Wheezy)

Original repostiroes (Not Available and Not working anymore as of year 2024)

Old Archived .deb repository for Jessie (still working as of 2024) :

deb http://archive.debian.org/debian wheezy main contrib non-free
deb http://archive.debian.org/debian-security wheezy/updates main

( Security updates are not provided anymore.)

NOTE:  If you get an error about keyrings, just install it
 

# apt-get install debian-archive-keyring


Debian 8 (Jessie)
Original .deb package repository with non-free included for Debian 8 "Jessie"

deb http://deb.debian.org/debian/ jessie main contrib non-free
deb http://ftp.debian.org/debian/ jessie-updates main contrib
deb http://security.debian.org/ jessie/updates main contrib non-free

Old Archived .deb repository for 8 Jessie (still working as of 2024):

deb http://archive.debian.org/debian/ jessie main non-free contrib
deb-src http://archive.debian.org/debian/ jessie main non-free contrib
deb http://archive.debian.org/debian-security/ jessie/updates main non-free contrib
deb-src http://archive.debian.org/debian-security/ jessie/updates main non-free contrib

 

# echo "Acquire::Check-Valid-Until false;" | tee -a /etc/apt/apt.conf.d/10-nocheckvalid

# apt-get update

# apt-get update && apt-get upgrade

 

 If you need backports, first be warned that these are archived and no longer being updated; they may have security bugs or other major issues. They are not supported in any way.

deb http://archive.debian.org/debian/ jessie-backports main


Debian 9 (Stretch)
Original .deb package repository with non-free included for Debian 9 "Stretch":
 

deb http://deb.debian.org/debian/ stretch main contrib non-free
deb http://deb.debian.org/debian/ stretch-updates main contrib non-free
deb http://security.debian.org/ stretch/updates main contrib non-free

Archived old repository .deb for Stretch :

deb http://archive.debian.org/debian/ stretch main contrib non-free
deb http://archive.debian.org/debian/ stretch-proposed-updates main contrib non-free
deb http://archive.debian.org/debian-security stretch/updates main contrib non-free


Debian 10 (Buster)
Origian repository URL:

deb http://deb.debian.org/debian/ buster main non-free contrib
deb http://deb.debian.org/debian/ buster-updates main non-free contrib
deb http://security.debian.org/ buster/updates main non-free contrib

 

Fixing unworking backports for Debian 10 Buster


Change the /etc/apt/sources.list URL with this one

deb http://archive.debian.org/debian buster-backports main contrib non-free


If you want to list packages installed via the backports repository only, that needs to be replaced with newer versions (if such available from the repository)

# apt list –installed | grep backports
# dpkg –list | grep bpo
# dpkg –list | grep -E '^ii.*bpo.*'

ii  libpopt0:amd64                        1.18-2                         amd64        lib for parsing cmdline parameters
ii  libuutil3linux                        2.0.3-9~bpo10+1                amd64        Solaris userland utility library for Linux
ii  libzfs4linux                          2.0.3-9~bpo10+1                amd64        OpenZFS filesystem library for Linux


Debian 11 (Bullseye)
Origianl repository address:

deb http://deb.debian.org/debian bullseye main contrib non-free
deb http://deb.debian.org/debian bullseye-updates main contrib non-free
deb http://security.debian.org/debian-security bullseye-security main contrib non-free

Debian 12 (Bookworm)
Original Repository :
 

deb http://deb.debian.org/debian bookworm main contrib non-free-firmware non-free
deb http://deb.debian.org/debian bookworm-updates main contrib non-free-firmware non-free
deb http://security.debian.org/debian-security bookworm-security main contrib non-free-firmware non-free

Add Backports to sources.list

deb http://deb.debian.org/debian bookworm-backports main


Thats all, hopefully that would help some sysadmin out there. Enjoy !

No Comments »

« Previous Post
Next Post »

How to view WIFI Passwords for Profile from command line with netsh on Windows 10


May 29th, 2024

how-to-find-out-your-wifi-password-on-windows-10

The common way, if you have connected to a Wireless Network Access Point and saved the password in Windows is to view the password via Windows GUI interface, via menus following few easy steps:

1. Settings -> Network and Internet -> Network and Sharing Center

network-and-sharing-center
2. Click on (Wifi Network name) for which you need password and 
3. In View your active networks section

select-wifi
4. When the Wi-Fi network status window opens, click Wireless Properties

wireless-properties
5. Move to the Security Tab and check the checkbox, next to "Show Characters" to view the network password.

show-wifi-password-windows-10
 

Nevertheless as a system administrator you might have wondered, how you can easily review in plain text Saved Wireless Networks Wi-FI passwords, without using the Graphical Interface via a direct command line cmd.exe?
Such thing is helpful on maintaining multiple Windows 10 hosts, especially if you have a telnet or SSH remote administration enabled or you have a domain of PCs.
To do so open cmd.exe command prompt and run:

C:\Users> netsh

netsh>wlan show profile

Profiles on interface Wi-Fi:

Group policy profiles (read only)
———————————

User profiles
————-
All User Profile : WIFI_Pofile-name
All User Profile: Hotel stage 2
All User Profile: Home Wifi
All User Profile: HP_Custom

Now lets review the clear text password of the profile from netsh console:

netsh>wlan show profile "WIFI_Pofile-name" key=clear

Profile WIFI_Pofile-name on interface Wi-Fi:
===================================================

Applied: All User Profile

Profile information
——————-
Version : 1
Type : Wireless LAN
Name : WIFI_Pofile-name
Control options :
Connection mode : Connect automatically
Network broadcast : Connect only if this network is broadcasting
AutoSwitch : Do not switch to other networks
MAC Randomization : Disabled

Connectivity settings
———————
Number of SSIDs : 1
SSID name : "WIFI_Pofile-name"
Network type : Infrastructure
Radio type : [ Any Radio Type ]
Vendor extension : Not present

Security settings
—————–
Authentication : WPA2-Personal
Cipher : CCMP
Authentication : WPA2-Personal
Cipher : GCMP
Security key : Present
Key Content : Very-secret-password-for-WIFI-plain-text

TADADAM !

We see the password key text Saved WIFI Passwords plain text !

Note that sometimes, if you have a Hidden Wifi Network the command to use to reveal the plain text password with netsh would be:

C:\Users> netsh wlan show profile "name=SSID hidden WiFi Net" key=clear


This trick is very much used today by "hackers" e.g. script kiddies, who break up into others windows.
It is also useful if you want to have a quick way to review plain text passwords for WIFI accounts with organization, lets say if you're a security expert and doing some kind of periodic Security audits within a corporation on multiple Domain attached computers.

Thanks to Martin Petrov (Amridikon) for his trick as I've learned first time from his blog https://mpetrov.net, which is full of many computer geek goodies stuff.

Of course this approach can be easily scripted with a short PowerShell script:
 

netsh wlan show profile |
    Select-String '(?<=All User Profile\s+:\s).+' |
    ForEach-Object {
        $wlan = $_.Matches.Value
        $passw = netsh wlan show profile $wlan key=clear |
            Select-String '(?<=Key Content\s+:\s).+'

        [pscustomobject]@{
            Name     = $wlan
            Password = $passw.Matches.Value
        }
    }

 

If you need the script View-all-wifi-passwords-plaintext-windows10.ps1 to reuse it download it from here.
 

Windows-WiFi-PasswordRevealer-ScreenShot
There is also some freeware tools online which can help you reveal passwords, saving you any typing, that might be useful if you want to delegate the task to a non-sysadmin user, you can simply point him and ask him to install a GUI Win tool like Wifi Password revealer (that makes showing plain text passwords piece of cake) and let user reveal his passwords for himself, if needs the password to share it to a colleague 🙂
That's all folks, Happy hacking !

No Comments »

« Previous Post
Next Post »

How to run multiple processes in parallel with xargs


May 29th, 2024

In our company there is a legacy application which developers run in multiple consoles launching its in intedependent components together in different consoles by simply running each component, the question comes then how this can be scripted so no waste of people is done to manually run the different componets from different parallel consoles. To achive the run in parallel of the multiple programs in parallel and background it with xargs and eval (integrated bash command) in Linux from a single script you can use a simple one liner like in the example.

#run in parallel
xargs -P <n> allows you to run <n> commands in parallel.
time xargs -P 3 -I {} sh -c 'eval "$1"' – {} <<'EOF'
program1; sleep 1; echo 1
program2 ; sleep 2; echo 2
program3; sleep 3; echo 3
echo 4
EOF

You can attune the delay up to the exact requirements or completely remove it and the multi run script is ready, enjoy.

No Comments »

« Previous Post
Next Post »

Our baby Ekaterina becomes 6 months on 17 of May, 5 days after our boy Dimitar become 4 years. Sum it up my year 2023 experience, lessons learned.


May 17th, 2024

Our baby Ekaterina becomes 6 months on 17 of May, 5 days after our boy Dimitar become 4 years. Sum it up my year 2023 lessons learned.

This article is a bit late in time but I started writing it quite a long time ago in the beginning of 2024.
But as my various duties as a husband, employee, a volunteer in the Church and computer hobbyist as well as the attempts to still keep up some normality with all the stressful kind of wife that is in the large cities as Sofia.
I could post it just today and what has reminded me is simply our daughter Ekaterina has a half birthday today.
Below I'll pinpoint some important things that happened through the year, starting with a harsh and gloomy Intro 

A bit of Overview, things globally seem to be worsening

Life is ticking fast. Life is more boring than thought. Finding a cell people to hang on around is a difficult and almost impossible task. Real People are becoming less and less. Consumerism is already the only thing that matters for most people.

Love between people (unconditional love) is almost gone. Money are the ones dictating what people should do. No real communities anymore exists (COVID-19) has messed up the heads of people.
Christianity is severily partitioned as schisms are seen to plague even the True Christian faith of Eastern Orthodoxy, a hidden persecution against the true pastors is ongoing in many orthodox Churches. War in Ukraine a total disaster for everyone. Politicians as usual using Church to force their own agenda lead by territory and monetary interests. There is a brutal onging economic crisis turmouling the world noone speaks seriosly about. The usual work duties requirements are increasing but sallary payments decreasins.Life expenses are gradually raising as the World Economic Crisis is firing.

People who has suffered COVID numerous times has certainly bad effects on health, many people who have survived COVID and the rest of numerous viruses that has hit us over the past had worsened vision and hearing.

The Artificial Intelligence (AI) starts to kicks and puts even more mess in the already messy world especially as it is some kind of another marketing baloon similar to the WWW Domains business baloon. The AI such as ChatGPT, WormGPT, Google Bard said to outsmart our professions (though the facts are still not encouraging enough as the Hype is great, plus the results with collaboration with AI seems to not be fact proof enough yet). The Rapid evolution of technologies has put many moral dilemas and life is becoming harder to bear as the stress of using techonlogies and the higher expectations by humans and their constant requirement to collaborate with technologies (Smart Phone, Tablets Computers, ATMs, Terminals, Cars, Banks, Cards, Virtual currencies and complex systems which claim to simplify life of man makes the human body more fragile sick.

The lack of good and ecologically brew food is also a great factor, as most people who live in large cities eats mostly industrial quality food (and there is no real way to find out whether a food is really ecological even if it is sold as such). In Todays more and more tech inter connected world between People noone can live a normal private life (as often our datas shared on line are leaked to hacker groups after a resource or system is hacked), that poses a number of other challenages and dangers.
Privacy has also become almost impossible task, as we don't have a real or full knowledge on how much of our data seen or processed on our phones is staying at our side and how much shared with Security agencies such as CIA, Musad and KGB etc.

Everything is steering us Camares, Phones, Photos, Social Networks and loneliness is often felt so real. 
Most people living in economic slavery, even though doesn't really even recognize the cell they live in due to the smartphones and many virtual false options given. Complexity of life is increasing as one should have too much skills to manage even simple tasks. Lack of people to fill in open gaps about professions and work, same time generally not too much work capacity or willingness to do people is also a great of issue.

The world is more and more starting to look like it is described in anti-utopias books like Brave new World, 1984, Animal Farm.

Even though this hardships and birth pains, that are typically described by Saint Evangelist John in the Book of Reveleation,


The Birth of Ekaterina on 17th November 2023 another hope for the World


With every new kid coming to this earth it is a God blessing for everyone and another oportunity for individuals to grow and raise another meaningful person, that might make the world a little bit of a better place. Even though today is scary to have a kid because of the harsh situation, it is better to stay helpful for the best and share the joy to have second kid born.

i'm happy for God blessed me with second child a baby Ekaterina born on 17 of November 2023.

https://www.pc-freak.net/images/Snimka_izpisvane_Ekaterina-S_Vasko-Kolev-i-Mitko-Ivanov.jpg
Day of Discharge of the Sheinovo Child Birth Hospital, Sofia with Little Baby Ekaterina

During birth Baby Ekaterina was born around 3300 gr of weight, thanksfully the birth of wife was a natural birth. But sadly I had to in parallel take care about the other kid Dimitar, (since he did not attend the Kindergarden for some time), Clean up the house and prepare everything for the acceptance at home of new baby, and buy threats to treat multitude of people who are close and nearby. I'm thankful to Vasil Kolev and Mitko for attending the Official hospital Discharge.

Sheinovo-s-Vasko-Ekaterina-Dimi-i-Svetlana

Dimi-s-Ekaterina

Below is another picture of the now grown baby Ekaterina 4 months later for a one day trip to Balchik (sea resort) near my home city Dobrich

Ekaterina-na-4-Meseca
 

Exactly today on 17th of May 2024 on the feast day of Saint Nicolas (New Martyr of Sofia)  and the feast of Gathering of Bataks New Martyrs (we have been in the Batak basilica of the martyrdom, during Svetlana was pregnant with the baby).  Ekaterina becomes exactly 6 months she is a very lively baby in the moment she had some temporature and on a baby antibiotics but her overall look and development looks very good thankfully !

During this year personally review the 2023, Helped as Alter server (ipodeacon) in the Holy Liturgies in Saint George (Dyrvenica) https://www.svgeorgi.com as a ipodeacon, on many services, together with Archimandrite Father Flavian.
Summery time i was able to Visited many monasteries nearby

Sofia with Father Flavian. Just to name a few of the multitude of monasteries visited, The 7 Thrones, Praveshki Monastery Saint Teodor Tiron, Seslavski Monastery near Sofia, Saint Petka (near Bankia), Etropolski Monastery, Rilski Monastery, Troyan Monastery, German Monastery, Kremikovski monastery, Glozhenski monastery, Tetevensky monastery Saint Ilija Travelled to Teteven and many others.
Just for reference the monasteries and holy places one could visit in Bulgaria are thousands and this makes the country quite interesting to travel around. The high spirituality which the nation had in the past has left a lot of spiritual inheritance for us. Which however nowadays, we do not value and protect …

Has visited multiple times, monastery of Saint Marina situated near village of Krumovo in between Dobrich and Varna. Also visited Ahtopol (i won't say i'm too impressed – maybe i was in the wrong season and with a pregnant woman) and Tsarevo, Pomorie and Nessebar (for the Feast of Dormition of Holy Theotokos).

To speak the truth has been a heavy and hard year a lot of spiritual sorrow, sicknesses and lack of direction, internal family problems between me wife, my nerves totally strained and I have no clear direction as eyes sems to be deteriorating and I often though about leaving it all behind and going to a monastery. Quite disappointed from the realities I've seen. Bulgaria is very beautiful country but everything seemed too messed … 

Also i've had too many temptations, drived a lot our old minivan KIA Carens 2006, which helped me to significantly increase my car driving habits, and hopefully now I become a better driver .
Middle of May had to pay car taxes and expenses in SDI, paid for standard Vignette starting from June as prior year.

Tried to read my prayers daily Morning and Evening prayers + (rule), that turned to be much harder than thought as it takes up to 30 minutes morning and 1 hour evening times (with some of the additional prayers I try to keep).
Also had been blessed to be able to receive the Holy Communion many, many, many times.

Tried to bring the Kid Dimitar regularly on a Church services in Holy Trinity Church (the Slatina (an ex-village) and Sofia district main temple), situated 10 minutes from Svetlostruy where we live currently, as well as bring him to Dyrvenica regulary, and thanksfully he also took part in Christ misteries for many, many times throughout the year.

Spend and I have to say perhaps lost a lot of time hanging with Alexander (The singer), drinking beers – that was a bad idea but as this helped me a bit to get away my focus from sad stuff and cheer me up, it had a positive effect as well. Health, seems to be critical, especially with the high stresses I experienced before and near birth of our daughter Ekaterina. I was also heavily involved in taking care for our kid who is now 3.8 years next year 12 of May to become 4 years. 

Also I sung a lot on services as a main singer mainly Evening services as often due to the lack of people to sing the service there is necessity to sing services, sing also a few times a Holy Liturgy and as usual sung every Monday and Friday for the Sanctification of Waters and on a Akathist prayer to the Holy Theotokos (Mother of God). Lately don't have enough time to read too much books.
My Work computer notebook (failed to apply) Windows Updates shipped by WL and I've been sent a new laptop which came early 2024. Exchanging work computer due to failing update is funny and absurd but I survived this one too …
In the begining of 2024, our beloved colleague Dimitar Paskalev has left our team in Worldline and that also one of the hardships, we have to bear an extra amount of things to do when he is gone as he is an excellent system administrator, programmer and business consultant consultant.

People's knowledge thought increasing makes things hard to be fixed more and more. As finding a solution becomes more expensive or sometimes impossible to resolve software issues on a hardware that cannot be tracked it is way easier to simply exchange the hardware. Same is true nowadays for both computers, cars and pretty much everything. If it breaks don't fix it but exchange it with a new, that seems to be valid more and more.

This is product of hardcore consumerism society, we humanity turned out and this is going to destroy the planet obsiously but seems noone really cares, even with the International Summits for reduce of Emitions etc., i'm pretty convinced from what I see is done that is just a pure marketing for countries as well as simple populism.
 Ecology is something people has to seriously think about though, because the life style with driving cars everything as we did and hyper consumption is destructional for both people, environment (nature), animals, this is pretty clear observing how the natural environments gets destroed more and more due to conustruction works and industrial waste etc.

The news read about Ukraine and Israel has been mostly troubling and together with the techonlogization and degradation of Society has convinced me the hope for this world is almost gone. Doesn't look like there is any "Road Ahead" as some "visionaries" are foreseeing (i'm talking about the insane book of Bill Gates, called the "Road Ahead", which is picturing a great future with a lot of developments due to technology (what a blatant non-sense). It seems what we observe is starting to become quite opposite to Bill Gates, Ilon Musk and the rest of "visionaire" idols of the world visions as all is falling apart more and more and unresolvable issues are much more.


The technological enslavement of people has been continuing, though it has been presenting as this is making people much more free and happy, it is exactly the opposite, prople become more and more dependent on technology and on the road to become a subordinates of technology than controillers.
 Most young people are suffering completely of addictions to technology, has very low literacy and I'm noticing most of teenagers couldn't properly express themselves, quite sadding. A lot of young people seeing the sad reality are turning to sub-culture, just like it was in the end of 1990s but the difference is now, people are separated each one hanging in his tech device and community across the common problem of isolation of the individual, that was sharing and communing with others is not really too much possible in the 21 century.

Many good peoples in the Church has passed away, I've suffered a lot during the summer from the heat, hardly beated. After the COVID seems to have passed through a long COVID and some depressions, which I don''t know whether managed to deal with even now, the Church has helped a lot to keep on track as feelings were overwhelming, most likely due to the nightmare war between orthodox Russia and Ukraine (remember The Gospel says it God''s punishment becomes from his own people). We Bulgarians are at mind wars, as some people take Russia's' positions and others Ukraine (Pro and Anti-Russian attitudes) prevail, everywhere. The same is I guess among all ex-USSR countries The Patriarch Neofit become quite sick. In terms of Work the first part of Year up to end of Summer has been more heavy, but mainly stress at work is not from work complexity but the messiness in the Company Worldline.
In end of Autumn passed all required company trainings. Tried also to blog as regularly as I could but blogging is becoming harder and harder task, as my eyes degrades. Tried to play some Arcades as that has been funny for me but nowadays don't have too much of a free time to play on the handheld consoles. Life in Sofia is quite heavy as distances are putting its toll ((though there is pretty much everyhing) the amount of stress is destructionary for the personality.

I did not have much of achievements this year at work but I guess with years, the energy of person is reducing (just like the motivation due to the messy stuff that is unvailing in the world). With age seems one can do less and less except if he is not some kind of mania mode.
Also the lack of recognition for what is done at work and the type of Corporate stuff that is mostly like a (Social) Socialist company, makes one to be not much motivated to complete much, the other issue is it seems times ticks too fast (just as Christ says in the Gospel because of lawfulness of people, time will be shortened this prophecy seems to be fulfilling and for those who can see it they can see how time reduces and one can do much less than he could some years ago).  Days are flying quickly. There are too many experienes all the time and due to information overburn, the mind becomes very unfocused.
Having any even simple kind of focus becomes a luxury nowadays, as we''re bombarded from everywhere with false preaches of advertisement and people's idea and stereotypes of the world.

I remeber about my youth and how simple we lived with my grand parents, and how much happiness was in that and compare to noaways over-stressed and complex world and often, miss that old times (that even though) physically harsh has been much more graceful than today.

In terms of technology I have the desire to go out of the Technological slavery but for that you need to have a co-minded person ( wife), which agrees to live a more simple wife, which i don't have in the moment.

Why I saw technological slavery, well it is what it is, in the past technology was really making the life of one easier and even today, many technologies are doing so. However being online 10 to 12 hours a day is no longer a conforting, especially if about 6 to 8 hours of your midful time is to be hired at work and stay on a chair in front of the computer and to do complex mind stuff, that after 10-15 to 20 years, destroys the psyche and the body .

Being intelligent is also a big problem in the 21 century as you see much more of the usual people and you see most interactions between people are simply manipulative and dictated by the desire to attain something.
The communication between most people is based on "receive" as much as you could and give out as little as possible and on the principle of always do gain in everything.  People do things to receive and not to give including me … that is totally the opposite of the teaching of Christ who says "It is more blessed to give, than to take".

About entertainment for the year was mostly traveling and going for a Night dinners in Emilian with Angel, Alexander and gathering together with Vasil Kolev (A researcher in the Bulgarian Academy of Science BAN, specalist in the field of Frequencies and Signals) and a very good Christian and man who helped a lot together with Emilian and Angel.
Perhaps part of the entertainment was our after-work stuff we did with Dimitar Paskalev and Georgi Stoyanov which was more happening in beginning of 2023 and has deteoriated as I had a lot of personal issues and did not have enough time to do computer stuff together after work.

Silvia also helped me a lot with the kid, as I needed help, and suffered with informational and physical overload, perhaps that is common for those with kids.

As said we got born our second baby who my wife decided to name Ekatherina after Saint Ekatherina (St. Catherine of Alexandria), a good selection for name as saint Ekatherina is a great woman martyr saint I love much and that helped me in hardships many times.

Have to say, i am very sad that I don't see people to love each massively, this has to be endured but it is hard. Also I feel sad I can't do much my to change the world for better both by work and action and my weak prayers. 
Near end of year I had severe pain and left leg inflamation, after having a multtiude of health disturbances in parallel with the pregnancy of Svetlana. Also often i feel very disconnected from everything, perhaps I'm seeing much harsh reality than expected and being raised more or less in the spirit of idealism  it is really hard to accept the reality as it is. Also with the aging it is a common and well known fact that we become much less flexible as in the youth age past.
Thanks God the year has passed and in the new year 2024, I hope for the best as everyone but as the monks say Spiritual life is based on  the two columns of "Ora" and "Labora" = Work and Prayer, so the coming year depends heavily on my perseverance to do this two and of course follow God's main commandments love God with all my heart and all my being and love my neighbor as myself !

One very notable event to say is early in 2024 Metropolitan JOANIKIJ (Joanichius) of Sliven has passed to Christ aged 82 on 9 of January (The day on which passed my beloved grandather Marin passed away),  This year it turned 20 years since my beloved grandfather Marin has passed. He used to be a man of honor and goodness that was rare for the 20th century and he is among main persons for example to follow the good path of helping everyone and love everyone.

Let God have mercy on his soul and receive him in Heaven.The brother of Patriarch of Bulgaria Neofitos (The Proto-Psalt and director of the Cathedral Choire of Saint Alexander Nevsky Proto-Psalt Dimitar passed) as well as a lady called Violeta who was helping in Holy Trinity Church and suffering multiple diseases passed to Christ.

Patriarch-Neofit-of-Bulgaria-mourning-the-good-patriarch-of-the-Bulgarian-Church

Soon after our beloved Metropolitan of Sofia and Patriarch Neofit passed away to Christ as well followed by a very sad period of 40 days of moruning ,after his passing as he was the head of the Bulgarian Orthodox Church and has been a true monk, everyone in Bulgaria loved too much – see a biography short article about this great person and perhaps saint of new times here.

To close this article as it could be much, much more lenghtly I can only say.

Thanks God for the 2023 and Lord Jesus Christ have mercy on us the Sinners for the upcoming 2024 !

No Comments »

« Previous Post
Next Post »

Haproxy Enable / Disable Application backend server configured to roundrobin in emergency case via haproxy socket command


May 2nd, 2024

haproxy-stats-socket

Haproxy LB backend BACKEND_ROUNDROBIN are configured to roundrobin with check health check port  (check port 33333).
For example letsa say haproxy server is running with a haproxy_roundrobin.cfg like this one.

Under some circumstances however if check port TCP 33333 is UP, but behind 1 or more of Application that is providing the resources to customers misbehaves ,
(app-server1, app-server2, app-server3, app-server4) members , Load Balancer cannot know this, because traffic routing decision is made based on Echo port.

One example scenario when this can happen is if Application server has issue with connectivity towards Database hosts:
(db-host1, db-host2, db-host3, db-host4)

If this happens 25% of traffic might still get balanced to broken Application server. If such scenario happens during OnCall and this is identified as problem,
work around would be to temporary disable the misbehaving App servers member from the 4 configured roundrobin pairs in haproxyproduction.cfg :

For example if app-server3 App node is identified as failing and 25% via LB is lost, to resolve it until broken Application server node is fixed, you will have to temporary exclude it from the ring of roundrobin backend hosts.

1.  Check the status of haproxy backends

echo "show stat" | socat stdio /var/lib/haproxy/stats

As you can see the backend is disabled.

Another way to do it which will make your sessions to the server not directly cut but kept for some time is to put the server you want to exclude from haproxy roundrobin to "maintenace mode".

echo "set server bk_BACKEND_ROUNDROBIN/app-server3 state maint" | socat unix-connect:/var/lib/haproxy/stats stdio

Actually, there is even better and more advanced way to disable backend from a configured rounrobin pair of hosts, with putting the available connections in a long waiting queue in the proxy, and if the App host is inavailable for not too short, haproxy will just ask the remote client to keep the connection for longer and continue the session interaction to remote side and wait for the App server connectivity to go out of maintenance, this is done via "drain" option.

echo "set server bk_BACKEND_ROUNDROBIN/app-server3 state drain" | socat unix-connect:/var/lib/haproxy/stats stdio

 

  • This sets the backend in DRAIN mode. No new connections are accepted and existing connections are drained.

To get a better idea on what is drain state, here is excerpt from haproxy official documentation:

Force a server's administrative state to a new state. This can be useful to
disable load balancing and/or any traffic to a server. Setting the state to
"ready" puts the server in normal mode, and the command is the equivalent of
the "enable server" command. Setting the state to "maint" disables any traffic
to the server as well as any health checks. This is the equivalent of the
"disable server" command. Setting the mode to "drain" only removes the server
from load balancing but still allows it to be checked and to accept new
persistent connections. Changes are propagated to tracking servers if any.


2. Disable backend app-server3 from rounrobin 


 

echo "disable server BACKEND_ROUNDROBIN/app-server3" | socat unix-connect:/var/lib/haproxy/stats stdio

# pxname,svname,qcur,qmax,scur,smax,slim,stot,bin,bout,dreq,dresp,ereq,econ,eresp,wretr,wredis,status,weight,act,bck,chkfail,chkdown,lastchg,downtime,qlimit,pid,iid,sid,throttle,lbtot,tracked,type,rate,rate_lim,rate_max,check_status,check_code,check_duration,hrsp_1xx,hrsp_2xx,hrsp_3xx,hrsp_4xx,hrsp_5xx,hrsp_other,hanafail,req_rate,req_rate_max,req_tot,cli_abrt,srv_abrt,comp_in,comp_out,comp_byp,comp_rsp,lastsess,last_chk,last_agt,qtime,ctime,rtime,ttime,
stats,FRONTEND,,,0,0,3000,0,0,0,0,0,0,,,,,OPEN,,,,,,,,,1,2,0,,,,0,0,0,0,,,,0,0,0,0,0,0,,0,0,0,,,0,0,0,0,,,,,,,,
stats,BACKEND,0,0,0,0,300,0,0,0,0,0,,0,0,0,0,UP,0,0,0,,0,282917,0,,1,2,0,,0,,1,0,,0,,,,0,0,0,0,0,0,,,,,0,0,0,0,0,0,-1,,,0,0,0,0,
Frontend_Name,FRONTEND,,,0,0,3000,0,0,0,0,0,0,,,,,OPEN,,,,,,,,,1,3,0,,,,0,0,0,0,,,,,,,,,,,0,0,0,,,0,0,0,0,,,,,,,,
Backend_Name,app-server4,0,0,0,0,,0,0,0,,0,,0,0,0,0,UP,1,1,0,1,0,282917,0,,1,4,1,,0,,2,0,,0,L4OK,,12,,,,,,,0,,,,0,0,,,,,-1,,,0,0,0,0,
Backend_Name,app-server3,0,0,0,0,,0,0,0,,0,,0,0,0,0,MAINT,1,0,1,1,2,2,23,,1,4,2,,0,,2,0,,0,L4OK,,11,,,,,,,0,,,,0,0,,,,,-1,,,0,0,0,0,
Backend_Name,BACKEND,0,0,0,0,300,0,0,0,0,0,,0,0,0,0,UP,1,1,0,,0,282917,0,,1,4,0,,0,,1,0,,0,,,,,,,,,,,,,,0,0,0,0,0,0,-1,,,0,0,0,0,

Once it is confirmed from Application supprt colleagues, that machine is out of maintenance node and working properly again to reenable it:

3. Enable backend app-server3

echo "enable server bk_BACKEND_ROUNDROBIN/app-server3" | socat unix-connect:/var/lib/haproxy/stats stdio

4. Check backend situation again

echo "show stat" | socat stdio /var/lib/haproxy/stats
# pxname,svname,qcur,qmax,scur,smax,slim,stot,bin,bout,dreq,dresp,ereq,econ,eresp,wretr,wredis,status,weight,act,bck,chkfail,chkdown,lastchg,downtime,qlimit,pid,iid,sid,throttle,lbtot,tracked,type,rate,rate_lim,rate_max,check_status,check_code,check_duration,hrsp_1xx,hrsp_2xx,hrsp_3xx,hrsp_4xx,hrsp_5xx,hrsp_other,hanafail,req_rate,req_rate_max,req_tot,cli_abrt,srv_abrt,comp_in,comp_out,comp_byp,comp_rsp,lastsess,last_chk,last_agt,qtime,ctime,rtime,ttime,
stats,FRONTEND,,,0,0,3000,0,0,0,0,0,0,,,,,OPEN,,,,,,,,,1,2,0,,,,0,0,0,0,,,,0,0,0,0,0,0,,0,0,0,,,0,0,0,0,,,,,,,,
stats,BACKEND,0,0,0,0,300,0,0,0,0,0,,0,0,0,0,UP,0,0,0,,0,282955,0,,1,2,0,,0,,1,0,,0,,,,0,0,0,0,0,0,,,,,0,0,0,0,0,0,-1,,,0,0,0,0,
Frontend_Name,FRONTEND,,,0,0,3000,0,0,0,0,0,0,,,,,OPEN,,,,,,,,,1,3,0,,,,0,0,0,0,,,,,,,,,,,0,0,0,,,0,0,0,0,,,,,,,,
Backend_Name,app-server4,0,0,0,0,,0,0,0,,0,,0,0,0,0,UP,1,1,0,1,0,282955,0,,1,4,1,,0,,2,0,,0,L4OK,,12,,,,,,,0,,,,0,0,,,,,-1,,,0,0,0,0,
Backend_Name,app-server3,0,0,0,0,,0,0,0,,0,,0,0,0,0,UP,1,0,1,1,2,3,58,,1,4,2,,0,,2,0,,0,L4OK,,11,,,,,,,0,,,,0,0,,,,,-1,,,0,0,0,0,
Backend_Name,BACKEND,0,0,0,0,300,0,0,0,0,0,,0,0,0,0,UP,1,1,1,,0,282955,0,,1,4,0,,0,,1,0,,0,,,,,,,,,,,,,,0,0,0,0,0,0,-1,,,0,0,0,0,


You should see the backend enabled again.

NOTE:
If you happen to get some "permission denied" errors when you try to send haproxy commands via the configured haproxy status this might be related to the fact you have enabled the socket in read only mode, if that is so it means the haproxy cannot be written to and therefore you can only read info from it with status commands, but not send any write operations to haproxy via unix socket.

One example haproxy configuration that enables haproxy socket in read only looks like this in haproxy.cfg:
 

 stats socket /var/lib/haproxy/stats


To make the haproxy socket read / write mode, for root superuser and some other users belonging to admin group 'adm', you should set the haproxy.cfg to something like:

stats socket /var/lib/haproxy/stats-qa mode 0660 group adm level admin

or if no special users with a set admin group needed to have access to socket, use instead config like:

stats socket /var/lib/haproxy/stats-qa.sock mode 0600 level admin

No Comments »

« Previous Post
Next Post »