graphicriver.net/item/32-realistic-moder…
graphicriver.net/item/high-quality-web-b…
codecanyon.net/item/css3-mega-drop-down-…
codecanyon.net/item/sleek-design-pure-cs…
codecanyon.net/item/basic-clean-pricing-…
codecanyon.net/item/mega-pricing-tables/…
www.myvectorstore.com/
www.pplstock.com
www.iconshelf.nl/
Monthly Archives:: February 2011
pfSense Firewall / Router
pfSense is a free, open source customized distribution of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution. pfSense is a popular project with more than 1 million downloads since its inception, and proven in countless installations ranging from small home networks protecting a PC and an Xbox to large corporations, universities and other organizations protecting thousands of network devices.
This project started in 2004 as a fork of the m0n0wall project, but focused towards full PC installations rather than the embedded hardware focus of m0n0wall. pfSense also offers an embedded image for Compact Flash based installations, however it is not our primary focus.
Config Server —
A Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application for Linux servers. This has UI integration with cPanel and is setup to run on cPanel. Cool!
DIY GS300 Door Lock Actuator Repair
Here is one for the to do list. DIY GS300 door lock actuator repair. The seller’s name is tag16c and if you are looking for the motors a good place to start your search is “Mabuchi” the part number that we have been using FC 280PT-22125 If you go to Mabuchi website you can also see there are several other that will work but they want you buy quantities that are high, like 10K, there only like 30 cents a piece.
Kinect Motion Tracking Interface
I came across some cool stuff showcasing the interfaces that have been developed for the Kinect. First up is OpenNI. From the website:
“As a first step towards this goal, the organization has made available an open source framework – the OpenNI framework – which provides an application programming interface (API) for writing applications utilizing natural interaction. This API covers communication with both low level devices (e.g. vision and audio sensors), as well as high-level middleware solutions (e.g. for visual tracking using computer vision).”
Next up is the FAAST toolkit.
The FAAST toolkit allows one to map gestures captured thru the Kinect interface with keyboard keystrokes to enable control of games an apps.
Generating KEY/CSR/CRT with OpenSSL on Windows
I had to generate a CRT for a server that runs Windows but has Apache and OpenSSL installed. I figured I'd do a quick key/csr/crt refresher.
First go to the /bin directory in the OpenSSL install and run openssl.exe
First, generate a keyfile. Thawte is pushing the use of 2048 bit sized keyfiles, so substitute if needed.
genrsa -des3 -out keyfile.key 1024
Next -- verify the keyfile:
rsa -noout -text -in keyfile.key
Create a unsecured version of the keyfile so Apache doesnt ask for a password every time it loads. Apache.conf
rsa -in keyfile.key -out unsecured.keyfile.key
Create the actual CSR:
req -new -key keyfile.key -out certificate.csr
If you get this error:
OpenSSL req -new -key digitss.key -out digitss.csr
Unable to load config info from /usr/local/ssl/openssl.cnf
Run this to specify the config file instead:
OpenSSL req -new -key keyfile.key -out certificate.csr -config openssl.cnf
Now just point Apache at the keyfile, and install the cert when it arrives.
FPGA/ASIC Programming
Came across a pair of sites that are good for beginners:
UPnP/ DLNA Servers
While googling around, I found this interesting wiki entry listing open source UPnP/DLNA clients: elinux.org/DLNA_Open_Source_Projects
Which then led me to a few cool looking projects…
Enna: enna.geexbox.org
GMediaServer: www.gnu.org/software/gmediaserver/
MiniDLNA (This ine is developed by Netgear for their line of NAS devices): sourceforge.net/projects/minidlna/
Rygel: live.gnome.org/Rygel
Linux Disk Usage Visualization in the Console with ncdu
A disk usage analyzer with an ncurses interface, aimed to be run on a remote server where you don’t have an entire gaphical setup, but have to do with a simple SSH connection. Think SpaceMonger but without the varus called windows 😉
ncdu aims to be fast, simple and easy to use, and should be able to run in any minimal POSIX-like environment with ncurses installed.
Kippo — SSH Honeypot
Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.
Some interesting features:
* Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included
* Possibility of adding fake file contents so the attacker can ‘cat’ files such as /etc/passwd. Only minimal file contents are included
* Session logs stored in an UML compatible format for easy replay with original timings
* Just like Kojoney, Kippo saves files downloaded with wget for later inspection
* Trickery; ssh pretends to connect somewhere, exit doesn’t really exit, etc
Sounds like fun!
rsyslog Purge Older MYSQL Log Entries
Rsyslog supports writing to the database. Like with log files, the rsyslogd writes the data, but does not delete (or export) it. If you need the data only for a period of time, simply deleting excess data might be a workable solution.
You can start a script via cron job, e. g.
mysql -u database-userid -pdatabase-password -e “DELETE FROM SystemEvents WHERE ReceivedAt < date_add(current_date, interval -1 day)” database-name
.htaccess Cheat Sheet
Here is a simple cheatsheet for the .htaccess file:
Enable Directory Browsing
Options +Indexes
## block a few types of files from showing
IndexIgnore *.wmv *.mp4 *.avi
Disable Directory Browsing
Options All -Indexes
Customize Error Messages
ErrorDocument 403 /forbidden.html
ErrorDocument 404 /notfound.html
ErrorDocument 500 /servererror.html
Get SSI working with HTML/SHTML
AddType text/html .html
AddType text/html .shtml
AddHandler server-parsed .html
AddHandler server-parsed .shtml
# AddHandler server-parsed .htm
Change Default Page (order is followed!)
DirectoryIndex myhome.htm index.htm index.php
Block Users from accessing the site
deny from 202.54.122.33
deny from 8.70.44.53
deny from .spammers.com
allow from all
Allow only LAN users
order deny,allow
deny from all
allow from 192.168.0.0/24
Redirect Visitors to New Page/Directory
Redirect oldpage.html www.domainname.com/newpage.html
Redirect /olddir www.domainname.com/newdir/
Block site from specific referrers
RewriteEngine on
RewriteCond %{HTTP_REFERER} site-to-block\.com [NC]
RewriteCond %{HTTP_REFERER} site-to-block-2\.com [NC]
RewriteRule .* – [F]
Block Hot Linking/Bandwidth hogging
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ – [F]
Want to show a “Stealing is Bad” message too?
Add this below the Hot Link Blocking code:
RewriteRule \.(gif|jpg)$ www.mydomain.com/dontsteal.gif [R,L]
Stop .htaccess (or any other file) from being viewed
order allow,deny
deny from all
Avoid the 500 Error
# Avoid 500 error by passing charset
AddDefaultCharset utf-8
Grant CGI Access in a directory
Options +ExecCGI
AddHandler cgi-script cgi pl
# To enable all scripts in a directory use the following
# SetHandler cgi-script
Password Protecting Directories
Use the .htaccess Password Generator and follow the brief instructions!
Change Script Extensions
AddType application/x-httpd-php .gne
gne will now be treated as PHP files! Similarly, x-httpd-cgi for CGI files, etc.
Use MD5 Digests
Performance may take a hit but if thats not a problem, this is a nice option to turn on.
ContentDigest On
The CheckSpelling Directive
From Jens Meiert: CheckSpelling corrects simple spelling errors (for example, if someone forgets a letter or if any character is just wrong). Just add CheckSpelling On to your htaccess file.
The ContentDigest Directive
As the Apache core features documentation says: “This directive enables the generation of Content-MD5 headers as defined in RFC1864 respectively RFC2068. The Content-MD5 header provides an end-to-end message integrity check (MIC) of the entity-body. A proxy or client may check this header for detecting accidental modification of the entity-body in transit.
Note that this can cause performance problems on your server since the message digest is computed on every request (the values are not cached). Content-MD5 is only sent for documents served by the core, and not by any module. For example, SSI documents, output from CGI scripts, and byte range responses do not have this header.”
To turn this on, just add ContentDigest On.
Enable Gzip – Save Bandwidth
# BEGIN GZIP
# Combine the below two lines – I’ve split it up for presentation
AddOutputFilterByType DEFLATE text/text text/html text/plain text/xml text/css
application/x-javascript application/javascript
# END GZIP
Turn off magic_quotes_gpc
# Only if you use PHP
php_flag magic_quotes_gpc off
Set an Expires header and enable Cache-Control
ExpiresActive On
ExpiresDefault “access plus 1 seconds”
ExpiresByType text/html “access plus 7200 seconds”
ExpiresByType image/gif “access plus 518400 seconds”
ExpiresByType image/jpeg “access plus 518400 seconds”
ExpiresByType image/png “access plus 518400 seconds”
ExpiresByType text/css “access plus 518400 seconds”
ExpiresByType text/javascript “access plus 216000 seconds”
ExpiresByType application/x-javascript “access plus 216000 seconds”
# Cache specified files for 6 days
Header set Cache-Control “max-age=518400, public”
# Cache HTML files for a couple hours
Header set Cache-Control “max-age=7200, private, must-revalidate”
# Cache PDFs for a day
Header set Cache-Control “max-age=86400, public”
# Cache Javascripts for 2.5 days
Header set Cache-Control “max-age=216000, private”
MySQL – Monitor live SQL queries as they process
I have read this can cause adverse performance affects and therefore should only be used for troubleshooting or on a dev box (as is my case)
=> Open your MySQL configuration file, normally it located at /etc/mysql/my.cnf
=> Look for a this line
# log=/var/log/mysql/mysql.log
=> remove the # and save the file
log=/var/log/mysql/mysql.log
=> Now, restart your mysql server to take immediate effect
$ /etc/init.d/mysql restart
=> Now we just tail the log file:
$ tail -f /var/log/mysql/mysql.log
IIS Flash MIME type
I have to configure IIS to handle Flash files from time to time.
Add a new MIME Type
File Extension: .flv
MIME Type: video/x-flv