"free" command in FreeBSD!

It is really funny! It never occurred to me to use the "free" command on any FreeBSD box to check my physical memory and swap usage until this morning to realize that there is no such command on BSD!!!
Anyway, there is a port replacement called "freecolor" on FreeBSD which can be installed from "/usr/ports/sysutils/freecolor" which does the same as "free" command on Linux.
To find out more about RAM usage in FreeBSD check bellow:
http://www.cyberciti.biz/faq/freebsd-command-to-get-ram-information

My Photo Blog is Up!

Finally my Photoblog is up and running. It's been more than a year since I started thinking of running my personal photo blog but I could not find the right software and besides my website did not support MySQL before which for many open content management applications is a requirement. Anyway its available at "http://www.itbuzzer.net/photoblog"
Thanks to Yashar Amirabedin for introducing me "Pixelpost".

New ideas shine!

These days great ideas are coming to my mind to make the things around my work better, and bring back fun!

PPTP Client on Linux

I was trying to install PPTP client on a CentOS 5.3 to initiate a PPTP VPN session but it was not as easy as I did before! I had this experience on a Fedora Core 10 which could be accomplished only by a single yum install command! This resulted in installation of the pptp client itself and a tool called pptpsetup which is a text based wizard to generate the required configuration file.
On CentOS its a different story!
First, the PPTP client is not included in the default repositories! So Arrfab repository must be first added to /etc/yum/repos.d/.
Second, there is no "pptpsetup" included and the replacement is an GUI tool called "pptpconfig" which requires to be installed independently also available in arrfab. During the pptpconfig installation from arrfab repository you will run into another problem; some library dependencies are required that can not be founded in the default CentOS repository and to solve this you have to install the RPMForge repository and you are done!
I am still looking for the pptpsetup on CentOS which is apparently gone missing!

Picasa Face Recognition Feature

I am a fan of digital photography and my favorite photo management software has been Picasa for a long time. Google has recently released the latest version which is 3.5 and it means new improvements and new features are offered. Among all of them the new "Named Tags" feature is the greatest! What it does is:
First:
Once installed, it will start scanning all your photos for "face detection" and this might take a very very long time! for me it took about 24 hours as I have an archive of 20GB pictures! The result of this is a large collection of face thumbnails it has detected in all your photos.
Second:
Now its your turn to tell the software "who" is every thumbnail by naming them.
Third:
Picasa will categorize your pictures by person but you will notice a "Question Mark" on some of your pictures which means Picasa has categorized that picture but it is not sure whether he is the right person! So this is the tuning part which we are teaching Picasa about its face recognition skills!
For those with a large collection it will take a pretty much time to fix everything!

Picasa download page: http://picasa.google.com/

Site to Site VPN between a Cisco Router and Linux Server

I am working on a project to implement a site-to-site VPN between a Linux box and a Cisco router. At first it might seem an easy question but its not that easy because of some requirements and compatibility issues and I working hard on it to figure it out. Currently I am looking into the followings:

• OpenVPN
• Openswan (Seems to be the right choice!)
  
• StrongSwan
• Frees/WAN

There are online resources explaining how to a establish a site to site VPN between a linux and a Cisco PIX firewall or Cisco VPN Concentrator but not for cisco IOS based routers!

Umount: Device is Busy

I don’t know how many times this happened for you but it its common that when we initiate the umount [mount point] we keep receiving the "umount: [mount point] : device is busy" message.
This means that a process is using that mount point and the quickest way to find out which process or user is using it, is to use the fuser command and then if we are sure that no one is working on that mount point we can kill the process.
fuser -u [mount point] tells which user is using it and fuser -k [mount point] kills the process which is using that mount point!
Watch out when you kill the process! This may result in loosing or corrupting data if someone else is working on that directory!
check this for further detail about fuser:
Fuser (UNIX)

Server response: No properly formed ip addresses

The other day I was looking into a problem on one of our hosting servers running Parallels Plesk 8.6. The server's license had just entered his grace period and retrieving the key resulted an error message as "Server response: No properly formed ip addresses" which seemed very odd! At first I thought maybe its a firewall issue but I was wrong. For me restarting the httpsd service resolved the issue (/usr/local/psa/admin/bin/httpsdctl restart) but I couldn't find out the root cause.

Data Center Cooling

I have taken a Data Center design course recently and I am learning some great new stuff. This course has brought a lot of important things to my attention which I couldn't see before while they were in front of my eyes! Maybe that's because I am not directly responsible for the mechanical and electrical things in our data center and I just care about the servers, the network and services on our servers. This course is about the physical infrastructure which includes power, cooling, physical structure, cabling and etc. It touches on different topics but does not go much into the details so I have started googling about the topics. APC has great documents and since I am very keen on the cooling system topic I recommend the following:

• Air Distribution Architecture Options for Mission Critical Facilities
• Explanation of Cooling and Air Conditioning Terminology for IT Pros
• Ten Steps to Solving Cooling Problems
• The Different Types of Air Conditioning Equipment for IT Environments

CAT-5

Humor from packetlife.net:

The things we do and the things we like to do!

There are "things we do" and things "we like to do"!
For "things we do" we have always time but for things "we like to do" we never find the time!!! Sounds ridiculous but this is how it works for us!

Sacrifices must be made!

In the last three or four weeks bad things happened to me all at the same time which resulted in some conflicts at work loosing my passion towards my work environment. In this fight someone close to me which I have trust in him and I believe he has the the best intention for my career development, raised a fundamental question and that was were I wanted to be in 10 years? Having a normal life, a car, a home or being someone that affects the world around him?
I was angry at the time and I didn't answer him but to be honest with myself, I like to be the one that affects the world around him!
To be that, a lot of sacrifices must be made!!!

Long Time, No Post!!!

It's been a long time since my last post! Its not that I have no time to write but the reason is that I am touching too many technologies at the same time each day and the atmosphere of my job has been changed. Instead of acting as an implementer I am there to lead things and if there is a tie on the way I am supposed to break it! This means that I am not supposed the get that mush deep into technology than before but I have the understand the underlying concepts and architecture. Dealing with non-tech matters like dealing with difficult people is another painful task!
So, I am not sitting in my cubicle and spend time studying, researching and implementing new stuff!
I am either on the phone or on the run! People approach me for their problems so every time someone approaches me it means trouble! It would be naive to think that someone calls me to say hello!
After all I love the job because I have to deal with a variety of technologies and there is always something to learn.

The Mac World is Embracing Me!

I am getting crazy about MAC OS X! A company "MacBook Air" was given to me last Wednesday and my manager gave a quick tour on how MAC works and I spent two days on it to find and setup all the stuff I need to handle my daily tasks. Now I am seriously thinking of getting an iMac for home and I can not stop thinking of it!!!

Cisco beginner command cheat sheet

I was thinking of a Cisco beginners / Essential command cheat sheet so I started looking around and came across the following which was helpful but not what I was exactly looking for and thought it might be good idea to share it. It includes more than 20 cheat sheets:
Cheat Sheets - PacketLife.net

Cryptography FAQ

If you are looking for a reference to understand Cryptography the following is a good starting point:
Crypto FAQ
It does not provide details on all the concepts and as the title says, it is just an FAQ and gives you an overall view of all the cryptography jargon!

A PDF version is available at:
ftp://ftp.rsasecurity.com/pub/labsfaq/rsalabs_faq41.pdf
or
http://www.rsasecurity.com/rsalabs/faq/files/rsalabs_faq41.pdf

Windows Multiple Desktops

I was looking for a virtual desktop solution on windows platform so that I can manage my works easier and don't get caught in a messy screen full of windows! Microsoft has provided a free tool on it as part of its PowerToys package (Virtual Desktop Manager) but I was expecting something more flexible which I finally ended up with VirtuaWin. With VirtuaWin you can easily move between four different desktops and transfer your open windows to any desktop you like.

Openfire an easy to use IM Server

Openfire (formerly wildfire) from "Ignite Realtime" is a free and easy to install IM server based on XMPP protocol which is available for Windows, Linux and Mac platforms.
I have tried the windows version and it worked nice. Its client is named "spark" and there is a web-based client (Sparkweb) available as well.
I got to this simple and easy IM server while I was searching for a Linux client for Microsoft Live Communication Server. I have crawled a lot a of forums and after all it seems that there is no solution to that in the Linux world yet. Some posts on using Wine was available but the people who tested it didn't come out with a positive result.

How to Send Windows Events to Syslog Server

Once we have our Syslog server up and running we can easily configure all our network devices and Linux/Unix like servers to send their events to the Syslog server but this is not true for Microsoft Windows Servers as Microsoft do not support Syslog.
There are free softwares to convert Microsoft Windows Event Viewer logs into Syslog format and send it over to our Syslog server though.
I am going to introduce three different windows to Syslog forwarders here.
I have introduced the first one before and still insist on using the first one since it has more flexibility over the others like filtering out any messages we don't like to be forwarded or adding other applications log files and its development team is more active:
1- Datagram SyslogAgent
2- Eventlog to Syslog (Purdue University)
One of my visitors noted this one and I ran an initial test on it and it seems to be working fine and it is worth to see what he/she has commented:

"Purdue University has an outstanding Eventlog to Syslog utility. It's lightweight and completely free. It also runs on Win2k3, Vista, 32-bit and 64-bit systems.
I use it to forward event logs from about 160 servers, and have had no issues whatsoever."

3- NTSyslog
I had some issues with this one last time I tried to set it up so I gave up on this one.

Secure Your Apache

Once you start searching for a topic like "Securing Apache" or "Hardening Apache" you will get hundreds of results and everyone tries to set out his own security concerns. The fact is that not every recommendation applies to our environment but we need to study and take into consideration all possible approaches to secure our web server. Some of these guides are too much complicated and strict and some too mild!
The following is a very basic and reasonable list of things we have to do to bring minimum security to our Apache server. Of course, Server Hardening comes first!

1. Hide the Apache Version number, and other sensitive information.
2. Make sure Apache is running under its own user account and group.
3. Ensure that files outside the web root are not served.
4. Turn off directory browsing.
5. Turn off server side includes.
6. Turn off CGI execution.
7. Don't allow apache to follow symbolic links.
8. Turn off support for .htaccess files.
9. Run mod_security.
10. Disable any unnecessary modules.
11. Make sure only root has read access to apache's config and binaries.

For technical details on these and more steps follow the bellow link:
20 ways to Secure your Apache Configuration

My Firefox Add-ons

Here is the list of my favorite firefox add-ons:
FireFTP:
Des: Easy to Use FTP Client
Link: http://fireftp.mozdev.org/
Domain Details:
Des: Displays Server Type, IP Address with Location Flag.
Link: https://addons.mozilla.org/en-US/firefox/addon/2166
Live IP Address:
Des: Displays your IP address in Status Bar
Link: https://addons.mozilla.org/en-US/firefox/addon/1731
ScreenGrab:
Des: Saves current web page or part of it as image file
Link: Screengrab! :: Firefox Add-ons
Read it later:
Des: The title explains what it does!
Link: https://addons.mozilla.org/en-US/firefox/addon/7661
Showcase:
Des: A thumbnail view of currently opened tabs
Link: Firefox Showcase :: Firefox Add-ons
Download Statusbar:
Des: The title explains what it does!
Link: Download Statusbar :: Firefox Add-ons
ReloadEvery:
Des: Reloads your pages automatically on every x seconds
Link: ReloadEvery :: Firefox Add-ons
HTTP Live Header:
Des: Shows the http dialogue between your browser and the destination web server.
Link: https://addons.mozilla.org/en-US/firefox/addon/3829

JPGraph Error

I asked a colleague of mine to set up a PHP-Syslog-NG (http://code.google.com/p/php-syslog-ng/) as the central logging system of all our devices and servers. He did this on a FreeBSD 7.0 and everything started working fine but the "Graph" section which works with JPGraph couldn't draw any Graphs and it came up with this message: "JpGraph Error Font file "/usr/share/fonts/truetype/msttcorefonts/verdana.ttf" is not readable or does not exist..
After some digging into the codes and configs I got over the problem following the bellow steps:

1. Install TrueType font on FreeBSD (XfStt).
2. Fetch the "verdana.ttf" font and place it in the directory that XfStt created for TrueType fonts.
3. Change the default "TTF_DIR" parameter.

Step 1:
An easy way to use TrueType fonts in BSD is to install XfStt which is available through ports collection at "/usr/ports/x11-servers/Xfstt/".
After the installation a directory will be created for TrueType fonts at "/usr/local/lib/X11/fonts/TrueType/".
Step 2:
downloading verdana.ttf and placing it in "/usr/local/lib/X11/fonts/TrueType/".
I fetched my copy from "http://www.afosteo.org/Download/Fonts/"
Step 3:
The final step is to point JPgraph TTF_DIR parameter inside the jpg-config.inc configuration file to to proper location.
jpg-config.inc is located at "/usr/svr/php-syslog-ng/html/includes/jpgraph"

Make Putty Tab Based!

Everyone knows Putty well but I always prefer to use SecureCRT because I can open different connections in a tab based manner, I can easily clone my sessions in case I need more than one session to the same device mainly for debugging or diagnostic reasons and I can save my connections into a database which easily can be backed up (Putty stores the sessions into registery!).
The good part about Putty is free, it is handy and requires no installation!
Well there are always great people out there to make things work better and thanks to Ramesh I have leaned that there is a free add-on called "Putty Connection Manager" which does all the job I pointed out earlier. You have your Tabbed based interface, You can clone your sessions and everything is stored in a database and above all it makes putty look more modern ;)
There are many other useful add-ons for Putty and you can learn about them through the following link:
The Geek Stuff » Turbocharge PuTTY with 12 Powerful Add-Ons - Software for Geeks #3:

Email Security Vocabulary!

Improve your email security Terminology:

• Domainkeys (http://en.wikipedia.org/wiki/DomainKeys)
• DKIM (http://en.wikipedia.org/wiki/DomainKeys_Identified_Mail)
• SenderID (http://en.wikipedia.org/wiki/Sender_ID)
• SPF (http://en.wikipedia.org/wiki/Sender_Policy_Framework)
• BATV (http://en.wikipedia.org/wiki/Bounce_Address_Tag_Validation)
• DNSBL (http://en.wikipedia.org/wiki/DNSBL)
• Spamtrap (http://en.wikipedia.org/wiki/Spamtrap)
• DCC (http://en.wikipedia.org/wiki/Distributed_Checksum_Clearinghouse)
• Greylisting (http://en.wikipedia.org/wiki/Greylisting)
• Nolisting (http://en.wikipedia.org/wiki/Nolisting)
• Callback Verification (http://en.wikipedia.org/wiki/Callback_verification)
• Spamassassin (http://en.wikipedia.org/wiki/SpamAssassin)
• Bayesian Filtering (http://en.wikipedia.org/wiki/Bayesian_filter)
  
• Backscatter (http://en.wikipedia.org/wiki/Backscatter_(e-mail))
• Hashcash (http://en.wikipedia.org/wiki/Hashcash)
• Tarpitting (http://en.wikipedia.org/wiki/Tarpitting)

TCPDUMP Tutorial

TCPDUMP is a wonderful command line tool which helps analyzing and troubleshooting network traffic on a Linux host.

The tcpdump options I use the most are:

• -n : Don't resolve hostnames.

• -nn : Don't resolve hostnames or port names.

• -v, -vv, -vvv : Increase the amount of packet information you get back.

The followings are the most tcpdump expressions I use:

Display any traffic souring and destining a specific host:

• tcpdump host "Host Address"

Display any traffic sourcing a specific host:

• tcpdump src "Host-address"

Display any traffic destining a specific host:

• tcpdump dst "Host-address"

Display any ICMP traffic:

• tcpdump icmp

Display traffic sourced or destined a specific network:

• tcpdump net "net-address"

Display any traffic sourcing or destining a specific port:

• tcpdump port "port-number"

Display any traffic sourcing a specific port:

• tcpdump src port "port-number"

Display any traffic destining a specific port:

• tcpdump dst port "port-number"

It is also possible to use "AND", "OR", and "Excpet":

You can learn more about tcpdump options and expressions with great examples at this location: http://dmiessler.com/study/tcpdump/

MultiMail - SMTP Stress Testing Tool

For a while I was looking for an email stress tool which could help me sending hundreds of emails to a single mail server with designated properties like a specific subject, body or attachment.
MultiMail is a free SMTP stress tool:
CodeProject: MultiMail 2.0 - Freeware SMTP stress testing tool. Free source code and programming help

Subpixel Rendering and ClearType

Subpixel rendering is a technology which makes the texts on your computer display screen appear more clear. The first thing I loved about IE7 when it first came out was the difference between the appearance of texts on IE7 and Firefox and I wished I could have the same text quality on Firefox until I found the solution when my IE7 started crashing again and again a couple of days ago and I had to make a complete move to Firefox!
ClearType is the Microsoft implementation of subpixel rendering technology and it is "turned off" in Windows XP, by default. it can be turned on though. On Vista Computers it is turned on by default.
ClearType can be "turned on" at OS or Application Level. In the case of IE7 and Microsoft Office 2007 it is turned on at the application level but to enjoy reading texts in other applications like firefox in windows XP it must be turned on at the OS level by downloading The "ClearType Tuner" from the following Link:
http://www.microsoft.com/typography/ClearTypePowerToy.mspx
Click on the following image to see the difference:
More information on ClearType:
ClearType - Wikipedia, the free encyclopedia

Dig DNS Lookup in Windows!

Every System Administrator dealing with DNS administration knows the power of "dig" command-line tool in Linux/Unix environment. But there are times when an administrator needs to monitor and troubleshoot DNS from a Windows station and she would then realizes the deprivation!
The good news is that many Linux/Unix tools have been ported to windows (Check my post about Windows IPFW) and one of them is the "dig" utility.

The windows version of "dig" can be downloaded and installed from here: http://members.shaw.ca/nicholas.fong/dig/


For those who are new to "dig" the following link helps:
Dig Howto: http://www.madboa.com/geek/dig/

A great Free IE7 add-on

IE7Pro is a free IE7 add-on which brings a lot of great features to your browsing.
The followings are the features I like the most about IE7Pro:
Search Bar: This makes IE7 search like Firefox which brings up a search bar and you can run live lookups.
Tab History: Keeps a history of all opened tabs and I can easily browse from this list
Tab Recovery: If for any reason IE7 closes unexpectedly and I have had a couple of opened tabs it will show me the list of opened tabs the next time I run IE7.
Save Session: if I save a session by loading it the next time it will open all tabs I had open at time the I saved the session. (Very useful and time saving)
Save Pages as Images: This is really wonderful! I can save a whole page in .PNG format and it works very quick.
Page Auto Refresh: This way I can set an interval on each tab which IE7 will automatically reload the page!
Auto-scroll: Once enabled it will scroll down a page automatically with a tunable speed.

Exchange Server 2007 Component Architecture

Microsoft changed the Exchange Server architecture dramatically in its 2007 edition and instead of just a Back-End and Front-End role there are five different roles; Hub-Transport, Edge-Transport, Mailbox, Client Access and Unified Messaging.

Download Microsoft Exchange Server 2007 Component Architecture Diagram From Here:
Microsoft Exchange Server 2007 Component Architecture

GFI Endpoint Security

For those who are very concerned over host security in terms of information theft or malicious code infections through CD/DVD, USB Storages,Tape Devices, Serial and Parallell ports, Printers, etc. GFI Endpoint will be the solution.
It works in a client/Server manner which the Endpoint Server controls hosts by deploying an agent to every desired host. (GFI also provides its agent in .msi file which is very good for large Active Directory Deployments.)
Endpoint makes it possible to block or put restrictions on each device type (Read-Only or Full-Access) based on users or groups and provides great reporting on all events.
If someone has Full-Access permission over any kind of available devices it will log all applications which were used and the filenames which were transfered or printed.
If you are wondering how to block access to USB and CD drives try GFI Endpoint.
For more info check GFI EndpointSecurity Here!