Skip to content

Posts from the ‘Operating System’ Category

30
May

ICMP Identifier field in UDP between Linux and OSX

Ping packet is traditionally created as a raw packet and formatted into ICMP ECHO REQUEST. The problem with creating a raw socket requires root privilege. It is alright if the program is running as part of the system service under root anyway. However, running as a non privilege user, the program requires extra care by configuring the setuid bit which poses security risks e.g. the program may have memory leak which can be hijacked with shellcode.
Read more »

Advertisements
19
Jun

PowerDNS: Configuring and Running Authoritative & Recursor Servers In The Same Host.

This article gives a quick introduction of setting up PowerDNS (pdns) Authoritative and Recursor servers, and also demonstrates a scenario that how we need to use both in the same host.

DNS

DNS has two type of server operations: Authoritative and Recursive. Most common use of DNS servers is authoritative. For those who don’t know the difference, here is a good introduction. Both are for different purposes, also both types of server can be operated individually and cooperatively under the same host. Read more »

23
Mar

Checklist to configure headless and offline Ubuntu 14 system

Headless

Grub Failsafe boot

Set the boot failsafe prompt to have some timeout instead of indefinite wait

echo 'GRUB_RECORDFAIL_TIMEOUT=5' >> /etc/default/grub
update-grub

Grub RecordFail boot

In some cases, a power outage can cause the Ubuntu stuck in the GRUB menu indefinitely in the next boot which causes headless system to hang. Here is more info of the issue. To avoid that, add the following line to /etc/default/grub:

GRUB_RECORDFAIL_TIMEOUT=$GRUB_TIMEOUT

Then runs update-grub. Alternatively, runs this command and it will remove the issue in the next boot.

grub-editenv create

Fsck fix

Don’t ask when fs needs checking

echo 'FSCKFIX=yes' >> /etc/default/rcS

Offline

Automatic Check New Release

/etc/update-manager/release-upgrades

[DEFAULT]
Prompt=never

Apport – sending bug/crash reports

/etc/default/apport

enabled=0

Postfix – Mail transfer agent

update-rc.d postfix disable

apt-check – periodic apt check

/etc/apt/apt.conf.d/10periodic

APT::Periodic::Update-Package-Lists "0";

More to come when I find out more ….

1
Oct

Creating Bash 4.3.27 source package

Due to the severity of shellshock bug, I have to patch some of the internal legacy systems, like FreeBSD 8.0 which there are no more updates available. The only way I can update is to download the source from GNU site and build from that. However, the main source package is only available at version 4.3.0 at the time of writing. To remove the shellshock bug, it needs at least version 4.3.25. Although all the patches are located in the bash-4.3-patches directory, not of all them were created by pointing to “../bash-4.3” directory, some with different names.

So here it is, I have created this bash source package 4.3.27 with all these patches. I built it on FreeBSD and it passed the env test.

17
Nov

Extract a list of symbols from stock exchange indices

As far as I know there is no free web service that can produce a single page of stock symbols from a stock exchange. Moreover, for webpages that produce stock symbols, all of them only output with pagination. However, the easiest webpage to extract the symbols list is the Yahoo finance. This article shows how to extract a full list of symbols with a few repeated commands.

For Yahoo Finance, each page list approximately 50 symbols and it takes 3 calls to get all the symbols of FTSE 100 stock exchange. Here are the commands:

# Return the first 49 symbols
curl -s "http://uk.finance.yahoo.com/q/cp?s=%5EFTSE" | grep -o '>[A-Z]*\.L</a>' | sed -n "s/>\(.*\)<\/a>/\1/p"
# Return the next 50 symbols
curl -s "http://uk.finance.yahoo.com/q/cp?s=%5EFTSE&c=1" | grep -o '>[A-Z]*\.L</a>' | sed -n "s/>\(.*\)<\/a>/\1/p"
# Return the final symbol (last page)
curl -s "http://uk.finance.yahoo.com/q/cp?s=%5EFTSE&c=2" | grep -o '>[A-Z]*\.L</a>' | sed -n "s/>\(.*\)<\/a>/\1/p"

For Dow Jones Industrial Average, it returns 30 symbols

curl -s "http://finance.yahoo.com/q/cp?s=%5EDJI" | grep -o 'q?s=[A-Z]*">[A-Z]*' | sed -n 's/.*=.*">\([A-Z]*\)<\/a>/\1/p'

For Nasdaq Composite, it is the same as above except changing the cp query to s=%5IXIC and repeat for many pages with parameter c. Alternatively, you can use this link to download the whole list.

11
Oct

Installing new kernel within Linux kickstart

I have to build a Ubuntu installer ISO using the kickstart utility but I need the installer to install a particular version of kernel. Here is the link for a quick guide on setting up Ubuntu kickstart. First, I added the following line into %packages section in the installer build script to install the target kernel package, ks.cfg: Read more »

12
Dec

VMplayer: How to bridge to a specific network port

Suppose you need to bridge another network interface under your VM to a specific physical network port. First, you need to create a vmnet port and bind with that specific port. Here are the commands:

vmnet-bridge -n 2 -i eth1  -d /var/run/vmnet-bridge-2.pid -1vmnet2
mknod /dev/vmnet2 c 119 4
vmnet-netifup -d /var/run/vmnet-netifup-vmnet2.pid /dev/vmnet2 vmnet2
ifconfig vmnet2 up

Read more »

25
Aug

(Mac) Taking screenshots with mouse pointer not supported by Grab

In Mac, both Preview and Grab can take screenshots but Grab can also capture the mouse pointer. If you want different mouse cursor look, then you have to select your desired pointer type in Grab -> Preferences. Read more »

2
Apr

FreeBSD /usr/ports build with all the default options

Something to remind myself

make -DBATCH install clean
30
Mar

Changes to make CutyCapt bypassing ssl certificate confirmation

I need to use CutyCapt to run with https url on server side. However, it doesn’t support https url. A patch for bypassing the SSL certificate confirmation has been submitted on this page (and other additional features). However that change has never been pulled to the main release. So I tried to apply the patch to the source, the patch process didn’t work and the build failed. Read more »