Every now and then I have to work on servers running CentOS or Fedora Linux. Very typical problem that I observe on many servers which I have to inherit is the previous administrator did not know about the existence of NTP (Network Time Protocol) or forgot to install the ntpd server. As a consequence the many installed server services did not have a correct clock and at some specific cases this caused issues for web applications running on the server or any CMS installed etc.
The NTP Daemon is existing in GNU / linux since the early days of Linux and it served quite well so far. The NTP protocol has been used since the early days of the internet and for centuries is a standard protocol for BSD UNIX.
ntp is available in I believe all Linux distributions directly as a precompiled binary and can be installed on Fedora, CentOS with:
[root@centos ~]# yum install ntp
ntpd synchronizes the server clock with one of the /etc/ntp.conf defined RedHat NTP list
server 0.rhel.pool.ntp.org
server 1.rhel.pool.ntp.org
server 2.rhel.pool.ntp.org
To Synchronize manually the server system clock the ntp CentOS rpm package contains a tool called ntpdate : Hence its a good practice to use ntpdate to synchronize the local server time with a internet server, the way I prefer to do this is via a government owned ntp server time.nist.gov, e.g.
[root@centos ~]# ntpdate time.nist.gov
8 Feb 14:21:03 ntpdate[9855]: adjust time server 192.43.244.18 offset -0.003770 sec
Alternatively if you prefer to use one of the redhat servers use:
[root@centos ~]# ntpdate 0.rhel.pool.ntp.org
8 Feb 14:20:41 ntpdate[9841]: adjust time server 72.26.198.240 offset 0.005671 sec
Now as the system time is set to a correct time via the ntp server, the ntp server is to be launched:
[root@centos ~]# /etc/init.d/ntpd start
...
To permanently enable the ntpd service to start up in boot time issue also:
[root@centos ~]# chkconfig ntpd on
Using chkconfig and /etc/init.d/ntpd cmds, makes the ntp server to run permanently via the ntpd daemon:
If you prefer to synchronize periodically the system clock instead of running permanently a network server listening (for increased security), you should omit the above chkconfig ntpd on and /etc/init.d/ntpd start commands and instead set in root crontab the time to get synchronize lets say every 30 minutes, like so:
The time synchronization via crontab can be also done using the ntpdate cmd. For example if you want to synchronize the server system clock with a network server every 5 minutes:
ntp package is equipped with ntpq – Standard NTP Query Program. To get very basic stats for the running ntpd daemon use:
[root@centos ~]# ntpq -p
remote refid st t when poll reach delay offset jitter
======================================================
B1-66ER.matrix. 192.43.244.18 2 u 47 64 17 149.280 41.455 11.297
*ponderosa.piney 209.51.161.238 2 u 27 64 37 126.933 32.149 8.382
www2.bitvector. 132.163.4.103 2 u 1 64 37 202.433 12.994 13.999
LOCAL(0) .LOCL. 10 l 24 64 37 0.000 0.000 0.001
The remote field shows the servers to which currently the ntpd service is connected. This IPs are the servers which ntp uses to synchronize the local system server clock. when field shows when last the system was synchronized by the remote time server and the rest is statistical info about connection quality etc.
If the ntp server is to be run in daemon mode (ntpd to be running in the background). Its a good idea to allow ntp connections from the local network and filter incoming connections to port num 123 in /etc/sysconfig/iptables :
-A INPUT -s 192.168.1.0/24 -m state --state NEW -p udp --dport 123 -j ACCEPT
-A INPUT -s 127.0.0.1 -m state --state NEW -p udp --dport 123 -j ACCEPT
-A INPUT -s 0.0.0.0 -m state --state NEW -p udp --dport 123 -j DROP
Restrictions on which IPs can be connected to the ntp server can also be implied on a ntpd level through /etc/ntp.conf. For example if you would like to add the local network IPs range 192.168.0.1/24 to access ntpd, in ntpd.conf should be added policy:
# Hosts on local network are less restricted.
restrict 192.168.0.1 mask 255.255.255.0 nomodify notrap
To deny all access to any machine to the ntpd server add in /etc/ntp.conf:
restrict default ignore
After making any changes to ntp.conf , a server restart is required to load the new config settings, e.g.:
[root@centos ~]# /sbin/service ntpd restart
In most cases I think it is better to imply restrictions on a iptables (firewall) level instead of bothering change the default ntp.conf
Once ntpd is running as daemon, the server listens for UDP connections on udp port 123, to see it use:
r freedomYesterday silently with zero publicity, Bulgarian representatives ratified the ACTA (Trade agreement for fighting counterfeit.) The name sounds really good, but it has not much to do with what ACTA is about, when applied to digital medias and data sharing. The ACTA legislation has been ratified in Tokyo last week, where 22 of the European Union membership countries signed in favour of these "malicious" treaty.
The basic idea of ACTA looks tempting as it gives more freedoms to copyright holders, however if you look closely you will understand actually this copyright infringement clauses are not so in favour of us the users but mostly in favour of multinational corporations. For all those who have not heard about ACTA and SOPA in short this is anti freedom of speech treaty, which if put in action could lead to serious filtering of the internet. The ACTA 's controversial treaty has already raised an outcry from dozens of computer literated individuals who daily use the internet. Unfortunately, ACTA is less known among non-tech guys … and hence most people on the internet have no about its existence.
If ACTA is ratified and set to be valid as a legislation to Bulgaria, this could lead to total Internet censorship in BG (more or less like it is in china now). ACTA legislation will make sharing files via torrents and other P2P community file sharing networks a criminal activity. Another effect of ACTA is that practically free software which reads a proprietary formats like DVD becomes illegal in Europe (like it is currently in America) and I will become guilty for just reading the non-free format.. As a result of ACTA our ISP (Internet Service Providers) will be forced to log and keep all traffic flowing through their (Routering servers). Filters on a local ISP level that will be censoring free speech could also become totally lawful… Already there are plenty of ANTI-ACTA and ANTI-SOPA propaganda website which are trying to bring some more awareness to the public for the issue… Once an individual is suspected, to fraudulent activity or anything that breaks what is in ACTA is he is presumed to be guilty of crome … Just watch the two videos below and you will see how terrible the consequence could be if this legislation is integrated with todays Bulgarian government laws. If you're hearing for ACTA for a first time and you live in a country which has still not rafitied ACTA as a local country legislation, make sure you spread the word and let all your friends about the bad impact of this anti-human legislation. We have to really stand up and protest to retain our digital freedom !
The Internet can be censored if Protect IP ACT (PIPA) and Stop Online Piracy Act (SOPA) are put in action !
During the install of a new Debian GNU/Linux server I was in a real hurry, so I mistakenly choose a wrong timezone of US/Pacific
As a consequence the server date and time was incorrect and I had to fix that to adjust to the proper server location which of this case was:Europe/London
Here is the quick fix:
debian:~# dpkg-reconfigure tzdata
Next I choose my timezone from the ncurses interface navigating with arrow keys and used ntpdate to synchronize the time for the server like so:
debian:~# ntpdate time.nist.gov
3 Aug 16:02:26 ntpdate[26658]: adjust time server 192.43.244.18 offset 0.000802 sec
I don’t know how many of you have realized but today our societies, especially in the Developed and the second world are suffering from a serious problem that not-many still realize.
I’m talking about the problem of NO IDENTITY ! In this dynamic world, where technological changes happens every second and we are required to change our lifes and behaviour too rapidly suddenly this problem is becoming to become a real society peril.
Let me explain what I mean. Everyday, more and more people are using the Internet and all kind of technological gadgets (IPhones, Ipads, Tablets, Notebooks, desktop computers, E-readers you name it).
While we do constantly and daily are forced to adopt and become part of this virtual realities, be it social networks like Facebook , Xing , micro blogging online services like Twitter or even a simple user blog, most of the times we interact with this puvlic services or technology, we are supposed to come with a new identity.
Each of this services urge us to have a new login account attached to some kind of a new virtual reality one has to build.
Therefore the fake online identities, we constantly build which often are established around our dreams and wanna bees (something we’re not in real life) is constantly growing for each of us in every single day.
Most of the middle or hardcore Internet users today has already built an imaginary online image of ourselfs (in this number including myself).
To give an example I’ll again take facebook, as it is one of the most heavily used online fake identity generators today. If one enters facebook and finds, some of his old a real life buddies from the past and matches the online identity the person has built for himself with the person we used to know, very often the difference is quite shocking.
Online almost everybody want to look cool the coolest to attract other people to himself. As people online look and does “judge” on one’s self competencies, qualities and goodness simply based on the outlook of how one presents himself.
Suddenly from normal sane persons million of persons are getting into the “self-presenting” competition which is getting, more and more severe with every new person that gets into a certain online community. Most people online today in building this multiple false images of themselves, try to present only the their good positive sides, while the bad sides are often left behind.
Of course the definition of what is good and what is bad is dictated by the opinion of the masses, as most people prefer to be like the rest in order to escape of the terrible reality of being isolated from the society mass.
With all said if we consider that today’s families are highly disfunctional and the people’s relations are already quite fake and people are building this multiple-fale faced images even in real life makes things even more tragic.
Now to put everything above in order, let me go back to the NO IDENTITY ISSUE and what I mean by that. Let me settle it down, during our interatction with technology and the Internet, little by little as a consequence of being exposed to all this identities and to our multiple newly created virtual identities one starts to loose his own self-established identity and starts constantly looking to have newer and newer identities.
The tendency is instead of look in yourself and be what you’re, that you follow some fake vague virtual dreams of million of people online who try to share and expose mostly things which are not created just to catch the attention.
The whole things with technology and Internet and the heavy use of it as a logical consequence, learns people to put multiple masks and hide behind the masks their own natural-self. The story of masks is so bad that nowdays, many people put the masks of themselves created in the virtual reality pleading that this is their new self.
Many people today act without having any core philosophy, rules or a stable reason to step into. Money, human lust, wordly vanity and popularity are the main drives for the masses.
Our Christian faith who has sustained us through the centuries and helped us grow a sane societies is starting to get into the back-stage, moved by some openly anti-christian hollywood super stars.
I believe the story of NO-IDENTITY corresponds well with buddhistic ideas (highly embraced by modern societies). This buddhistic ideas preach that one must loose his identity to join the state of Nirvana (yet another anti-chrisitian philisophy). The story of NO-IDENTITY is a story of constant unceasing change and lookup for something that never can be found. It’s like a endless prizeless race.
If many of us take the time and ask themselves the question “Who am I?”, I’m quite sure rarely there will be persons able to answer. As I mentioned facebook earlier I would also suggest you to read Why open social networks like facebook and twitter are big evil as it also quite much relates to the whole problem of people little by little loosing their identity. Today many businesses and companies are trying to preach some cohesion through a shared people identity. From a normal sane person perspective this kind of ideology is seriously flawed, it even contradicts basic science.
Yet there is hope, I believe many people will realize sooner or later that this fakeness and a fake face images that we build daily doesn’t lead us anywhere and will stop the ideotism of trying to pretend different on the net.
I’ve been struggling with fixing a nasty error with wicd network manager for about 2 hours. The exact error message I faced was:
Connection Failed: Bad Password
The issue occured after some suggested updates from the Ubuntu graphical update tool. The wireless network to which it was connected was a WPA-PSK (WPA2) Passphrase authentication. The network key was properly typed in and was working well on another system so the error Connection Failed: Bad Password made no sense.
There was nothing unusual in /var/log/wicd/wicd.log , that made me even more curious about what might be causing the error.After a lot of try outs and a lot of readings and tests I finally got the cause of the weird Bad Password errors produced by wicd
Weirdly enought, somehow the Ubuntu package update tool has installed the default gnome network-manager package. The installed network-manager package has mismatched somehow the way wicd connects to wireless networks and as a cause the wpa_supplicant binary was not properly invoked.
As a consequence of the network-manager being present on the system the wpa_supplicant process which made the exact connection to the wireless network was not launching in, the exact wpa_supplicant invocation missing was:
According to latest scientific research conducted in Stanford University USA .
People who actively use computers and internet has been the object of the research in 2009.
Social Networks, Tablets Smartphones etc. provides more and more possibilities for us to access information.
Most of modern people today tend to loose approximately between 8 and 10 hours a day either using Internet, a PC, Word-excel, their mobile phone or some kind of other mobile gadget like let’s say IPAD.
Most of today’s technologic goods we use to make our lives easier are multitasking. The brain itself is not adjusted to work in such a multi-tasking mode as a direct consequence of being in contact with this multi-tasking for a long periods of time it gets altered. Suddenly it starts being multitasking, or in other words starts processing information in parallel.
As the amount of information is constantly increasing online and we’re in contact with more and more information and moreover the altered way of our brains which starts working in multi-tasking the brain-overflows or (information brain overlow) is starting being more and more occuring event.
The consequence of this complexity is starting to impact us seriously as we tend to get addicted to technology usage and day by day it seems that the amount of information our brains are able to process is decreasing.
Logically enough the long-term consequence of a an internet addiction or any kind of technology addiction, plus the tremendous amounts of information we do think over daily is starting to show up the negative consequences on our psyche and (soul)
The brain starts changing the way it gets information as it adapts itself to “not remember”, as the information to be processed daily is so much that it couldn’t really comprehend it.
A good example for multi-tasking which if not all most of the users on the Internet today use daily is one of terriblest things ever created facebook, in my of my previous articles I’ve blogged about why social networks are big evil read it here and it seems this new information about brain altering caused bhy multi-tasking is just another supporting reason on why it’s better not to use social networks like facebook and twitter.
The endless amount of information according to the Stanford University research has prooven that the endless amount of information is pernicioufor our (brains) minds and is in many ways similar to the excessive amount of sugar in the body.
The scientiests which conducted the research does recommend to heavy computer and tech users (like me), to self-control themselves and be on a tech-diet (e.g. not use technology completely for at least 1 or 2 days every week).
Another serious damage which was prooven according to Stanford’s scientiests research was that people’s brains who have a severe exposure to internet or phone usage tend to have very serious problems with contentration and are very easily distracted. This in a long term surely leads to a chaotic way of living obviously. Suddenly it seems technology to be slowly becoming even more deadly and destructive than drugs.
Many people would say this kind of research is not true, but I can confirm that for instance many of the proven facts are things I have experiences myself in my daily life, so I believe what the research has prooven is mostly true.
This research was just another one after a month before other scientiests has prooven that Mobile Phone use leads to alteration of the brain chemistry Apart from all the said negative consequences of use of technology for human brain is the problem with technology today heavily used as a way to spy on personal privacy I wonder be glad to hear in the comments section for other people like me who have problems with concentration and have a very short time memory (I myself have serious problem with that one).
I’ve recently figured out that some of the SPF records I’m using for some of the administrated by me mail servers, was found to be incorrect by Microsoft’s mail servers for hotmail.com, msn.net and live.com .
Probably the SPF records that I used by so far were found to be incorrect by other mail account service providers also. As a consequence of this wrongly considered SPFs” Microsoft mail servers were either rejecting my mail server messages or putting the received messages in the Junk folder.
The SPF records which were shown as incorrect according to Microsoft SPF checking Mechanism called SenderID SPF Record Wizard were defined in my bind dns domain zone file as follows:
mydomainname.com. IN TXT "v=spf1 mx ip4:123.124.128.125 ~all"
Using this TXT SPF record dns configuration Microsoft’s Sender ID SPF Record Wizard claimed I had no SPF records at all e.g., checking with the wizard I was returning the error
No SPF Record Found
Microsoft’s Sender ID Framework SPF Record Wizard is available from: The URL address http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/.
Therefore if you’re experiencing some kind of difficulties with sending properly email messages to Microsoft mail domain names or to some other major mail providers like Yahoo, it’s very likely that you might have a misconfigured SPF record just like me.
To deal with the situation I had to check my SPF record with the simple:
"v=spf1 a -all"
The complete TXT record which needs to be placed in the zone file of your domain name looks like so:
mydomainname.com. IN TXT "v=spf1 a -all"
The the meaning of this TXT SPF record is that the IP address in the “A” record for the name is theonly IP address that’s allowed to use that server’s name
After that change hopefully if you’re experiencing mails entering automatically in Junk filter / mail folder with msn.com, hotmail.com, live.com or yahoo.com this problems should be immediately solved.
Checking again with the the Microsoft SenderID online tool I got an output that my SPF record is correct like you read below the output that poped up from Microsoft’s page:
Sender ID Framework SPF Record Wizard
Step 2 of 4: Display Published DNS Records
The wizard has checked DNS for information about prize.bg including: SPF, MX and A records. This information is displayed below.
If an SPF record was found, you can verify its contents here and use the remaining steps of this wizard to modify the record if necessary. If no SPF record was found, you can use information from the domain’s MX and A records to create a new SPF record.
Click Next to continue.
SPF Record Found One or more functional SPF record(s) have been found for the domain mydomain.com The full text of the domain’s SPF record is as follows.
v=spf1 a -all
Another tool which helped me a lot in debugging problems with my SPF records is found on the address http://www.kitterman.com/spf/validate.html so it might be wise to use it as well in order to check that your SPF records are correct.