Showing posts from March, 2016

How to set up VPN user accounts

The VPN users are configured in the /etc/ipsec.secrets file. vim /etc/ipsec.secrets
Example content: # This file holds shared secrets or RSA private keys for authentication.
# RSA private key for this host, authenticating it to any other host
# which knows the public part. Suitable public keys, for ipsec.conf, DNS,
# or configuration of other implementations, can be extracted conveniently
# with "ipsec showhostkey".
: RSA vpnHostKey.der
: PSK 8cv+NkxY9LLZvwj4qCC2o/gGrWDF8d21jL

i88ca: EAP "qCC2o/gGL4qCC2o/gG"
spiderman: XAUTH "xauth_ikev1_example_password"In the example above the RSA private key file vpnHostKey.der stored in the /etc/openswan.d/private/ directory is not protected by symmetric encryption (a password). The PSK for IKEv1 connections is also defined. The format of the EAP MSCHAPv2 user credentials is: [<domain>\]<username> : EAP "<plaintext password>"
Add as many users as you like there. The first line allows all users with a v…

IPSEC Configuration of strongswan

The main ipsec configuration file is located in /etc/strongswan.d/. We are going to edit it:vim /etc/strongswan.d/VPN.conf
Place the following contents: # ipsec.conf - strongSwan IPsec configuration file

config setup
charondebug="ike 4, knl 4, cfg 4, net 4, esp 4, dmn 4, mgr 4"

conn %default

How to Generate the Server Host key pair

Server Host keypair is for the server to authenticate itself to clientsFirst the private key: ipsec pki --gen --type rsa --size 4096 --outform der > private/vpnHostKey.der
chmod 600 private/vpnHostKey.der
Generate the public key and use root ca to sign the public key: ipsec pki --pub --in private/vpnHostKey.der --type rsa | ipsec pki --issue --lifetime 888 --cacert cacerts/strongswanCert.der --cakey private/strongswanKey.der --dn "C=NL, O=Example Company," --san --san --san --san @ --flag serverAuth --flag ikeIntermediate --outform der > certs/vpnHostCert.derThe domain name or IP address of your server MUST be contained either in the subject Distinguished Name (CN) and/or in a subject Alternative Name (--san).  The built in Windows 7 VPN client needs the serverAuth extended key usage flag in your host certificate as shown above, or the client will refuse to connect. In addition, OS X 10.7.3 or older requires the ike…

How to create a self singed root CA private key and certificate

Creating a self singed root CA private key:cd /etc/ipsec.d/
mkdir private
mkdir cacerts
mkdir certs
mkdir p12
ipsec pki --gen --type rsa --size 4096 --outform der > private/strongswanKey.der
chmod 600 private/strongswanKey.der
Generate a self signed root CA certificate of that private key:ipsec pki --self --ca --lifetime 3650 --in private/strongswanKey.der --type rsa --dn "C=NL, O=Example Company, CN=strongSwan Root CA" --outform der > cacerts/strongswanCert.der
You can view the certificate properties with the following command: ipsec pki --print --in cacerts/strongswanCert.der
Example output: cert: X509subject: "C=NL, O=Example Company, CN=strongSwan Root CA"issuer: "C=NL, O=Example Company, CN=strongSwan Root CA"validity: not before Mar 31 19:51:50 2016, ok not after Mar 29 19:51:50 2026, ok (expires in 3649 days)serial: bd:84:de:fb:63:7e:84:f1flags: CA CRLSign self-signed authkeyId: ca:15:30:d4:d0:56:73:0a:da:ba:f1:71:49:e4:b9:5f:…

haveged - A simple entropy daemon

The haveged project is an attempt to provide an easy-to-use, unpredictable random number generator based upon an adaptation of the HAVEGE algorithm. Haveged was created to remedy low-entropy conditions in the Linux random device that can occur under some workloads, especially on headless servers. Current development of haveged is directed towards improving overall reliablity and adaptability while minimizing the barriers to using haveged for other tasks.

You can install haveged to speed up the key generation process:

apt-get install haveged
systemctl enable haveged
systemctl start haveged
Haveged provides a constant source of entropy and randomness.

How to install StrongSwan on Ubuntu

Step 1:
apt-get install strongswan strongswan-plugin-af-alg strongswan-plugin-agent strongswan-plugin-certexpire strongswan-plugin-coupling strongswan-plugin-curl strongswan-plugin-dhcp strongswan-plugin-duplicheck strongswan-plugin-eap-aka strongswan-plugin-eap-aka-3gpp2 strongswan-plugin-eap-dynamic strongswan-plugin-eap-gtc strongswan-plugin-eap-mschapv2 strongswan-plugin-eap-peap strongswan-plugin-eap-radius strongswan-plugin-eap-tls strongswan-plugin-eap-ttls strongswan-plugin-error-notify strongswan-plugin-farp strongswan-plugin-fips-prf strongswan-plugin-gcrypt strongswan-plugin-gmp strongswan-plugin-ipseckey strongswan-plugin-kernel-libipsec strongswan-plugin-ldap strongswan-plugin-led strongswan-plugin-load-tester strongswan-plugin-lookip strongswan-plugin-ntru strongswan-plugin-pgp strongswan-plugin-pkcs11 strongswan-plugin-pubkey strongswan-plugin-radattr strongswan-plugin-sshkey strongswan-plugin-systime-fix strongswan-plugin-whitelist strongswan-plugin-xauth-eap strongswan…

strongSwan is a complete IPsec implementation for Linux 2.6 and 3.x kernels

The focus of strongSwan is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface.

See more:
How to install StrongSwan on Ubuntu

Web Design Standard: Logo in the top left

Logo in the top leftNearly 100% of the websites had a clickable logo in the upper left corner of every page on the site. That seems a standard.

How to fix: "sudo: start: command not found"

It appears that Ubuntu switched to systemd as it's service framework in 15.04 instead of upstart. Before running the script on Ubuntu >= 15.04 you need to switch back to upstart by issuing the following command and then restarting: sudo apt-get install upstart-sysvInstall the upstart-sysv package, which will remove ubuntu-standard and systemd-sysv (but should not remove anything else -- if it does, yell!), and run sudo update-initramfs -u. After that, grub's "Advanced options" menu will have a corresponding "Ubuntu, with Linux ... (systemd)" entry where you can do an one-time boot with systemd.

If you want to switch back to systemd, install the systemd-sysv and ubuntu-standard packages.

How to list/show all groups on Linux

for entire group list use cut -d: -f1 /etc/group

How to show/list all users on Linux

cut -d: -f1 /etc/passwd

How to prevent SQL Injection in Java Code?

PreparedStatement is the way to go. PreparedStatement not only provides better performance but also shield from SQL Injection attack. If you are working more on Java EE or J2EE side, than you should also be familiar with other security issues including Session Fixation attack or Cross Site Scripting attack and how to resolve them.

JSF 2.x Expression Language (EL) Implicit Objects

facesContext: an instance of FacesContext. FacesContext contains all of the per-request state information related to the processing of a single JavaServer Faces request, and the rendering of the corresponding response.application: an instance of the ServletContext. A ServletContext instance provides access to the execution environment i.e. the servlet container.initParam: A Map of the initialization parameters of this web application.session: an instance of HttpSession.  A HttpSession can be used to bind objects, get  information about a session, such as the session identifier, creation time, and last accessed time. Session information is scoped only to the current web application (ServletContext), so information stored in one context will not be directly visible in another view: The current UIViewRoot for this view. UIViewRoot is the UIComponent that represents the root of the UIComponent tree.component: The UIComponent instance being currently processed at the time of…

How to set EclipseLink Logging for GlassFish

Assuming you have a domain called domain1: Edit $GLASSFISH_HOME/glassfish/domains/domain1/config/ and add the following lines:org.eclipse.persistence.level = FINEorg.eclipse.persistence.sql.level = FINEThe first allows you to see SQL statements.  The second must be set in order for SQL parameters to be seen, but it is not sufficient on its own.In your META-INF/persistence.xml, add the following element as a child of the<properties> element:
<property name="eclipselink.logging.parameters" value="true"/>You can change the log level by the following too: asadmin set-log-levels org.eclipse.persistence.level = FINE
asadmin set-log-levels org.eclipse.persistence.sql.level = FINE

Autotrack for analytics.js

Autotrack for analytics.js is a new solution to this problem. It attempts to leverage as many Google Analytics features as possible while requiring minimal manual implementation. It gives developers a foundation for tracking data relevant to today's modern web.

Google Analytics 360 Suite

Google Analytics 360 Suite is built for enterprise. It helps you better understand people, and how they behave, by giving you a better handle on all your marketing data. Get deep insights you can use to create more engaging experiences that are more meaningful to people and result in higher returns on all your marketing investments.


Nagios XI default mornitor port 5666 and 5667

For Nagios XI to monitor remote Linux servers on default port, we need
to open 5666 and 5667 in the to be monitored linux servers, for example:

vi /etc/sysconfig/iptables
-ARH-Firewall-1-INPUT-mstate--stateNEW-mtcp-ptcp--dport5667-s192.168.3.75-jACCEPT192.168.3.75 is your Nagios XI server

How to compare and find differences of table definitions between two MySQL databases

If you just need a report of the difference between two MySQL databases, use MySQL workbench.
While in MySQL Model mode, from the menu Database -> Compare Schemas..., you can compare by Model Schemata, script file or connect to the servers directly.

To generate a transformation report containing SQL statements for transforming the objects for conformity, you can use mysqldiff which is part of MySQL utilities.

Usage: mysqldiff --server1=user:pass@host:port:socket --server2=user:pass@host:port:socket db1.object1:db2.object1 db3:db4

For example, to generate the sql statement for transforming demo database into live database in the same server:

$ mysqldiff --server1=user:password@i88server demo:live --difftype=sql --force

The utility stops on the first occurrence of missing objects or when an object does not match. To override this behavior, specify the --force option to cause the utility to attempt to compare all objects listed as arguments.

demo is put before live, so the output is for how …

Openswan has been the de-facto Virtual Private Network software for the Linux community since 2005

If you are running Fedora, Red Hat, Ubuntu, Debian, Gentoo, or many others, Openswan is already included in your distribution! Just start using it right away.

Openswan is an IPsec implementation for Linux. It has support for most of the extensions (RFC + IETF drafts) related to IPsec, including IKEv2, X.509 Digital Certificates, NAT Traversal, and many others.

Example of Calling one constructor from another in Java

Instead of calling the constructor with the class name, use the keyword this.
public Contract() {
//some stuff here

public Contract(Integer salesid) {
this(); = salesid;

Liquidweb Webmail Login

Webmail Login
The login page for your domain’s webmail interface can be reached at:

(be sure to substitute your domain name for

To use a port number, simply add a colon followed by the port number to the end of the domain name or hostname.

Webmail – 2096

Cyber-dojo: Executing Your Code for Fun and Not-for Profit, an open source environment for practicing programming, demoing its features and discussing its history, design, underlying technology, difficulties and future

AWS Certificate Manager is a service that lets you easily provision, manage, and deploy Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services

SSL/TLS certificates are used to secure network communications and establish the identity of websites over the Internet. AWS Certificate Manager removes the time-consuming manual process of purchasing, uploading, and renewing SSL/TLS certificates. With AWS Certificate Manager, you can quickly request a certificate, deploy it on AWS resources such as Elastic Load Balancers or Amazon CloudFront distributions, and let AWS Certificate Manager handle certificate renewals. SSL/TLS certificates provisioned through AWS Certificate Manager are free. You pay only for the AWS resources you create to run your application.

Time / Date Diff function of MySQL

TIMESTAMPDIFF(unit,datetime_expr1,datetime_expr2) Returns datetime_expr2 − datetime_expr1, where datetime_expr1 and datetime_expr2 are date or datetime expressions. One expression may be a date and the other a datetime; a date value is treated as a datetime having the time part '00:00:00' where necessary. The unit for the result (an integer) is given by the unit argument. The legal values for unit are the same as those listed in the description of the TIMESTAMPADD() function. mysql> SELECT TIMESTAMPDIFF(MONTH,'2003-02-01','2003-05-01');
-> 3
mysql> SELECT TIMESTAMPDIFF(YEAR,'2002-05-01','2001-01-01');
-> -1
mysql> SELECT TIMESTAMPDIFF(MINUTE,'2003-02-01','2003-05-01 12:05:55');

How to check the port associated with a daemon / app

mysqld 2703 mysql 263u IPv6 2000876 0t0 TCP> (ESTABLISHED)

Successful marketing

Successful marketing teams are masters of both marketing and technology. With an increasing demand for cross-functional collaboration and personalized experiences, marketers must leverage technology to address the growing number of segments, personalized messages, and communication channels. It's an exciting time to be a marketer, particularly because the shift towards technology-driven marketing is opening up the door to new personalities and roles within the marketing department.

Apache Usergrid is an open-source Backend-as-a-Service (“BaaS” or“mBaaS”) composed of an integrated distributed NoSQL database,application layer and client tier with SDKs for developers looking torapidly build web and/or mobile applications

Apache usergrid provides elementary services (user registration & management, data storage, file storage, queues) and retrieval features (full text search, geolocation search, joins) to power common app features.It is a multi-tenant system designed for deployment to public cloud environments (such as Amazon Web Services, Rackspace, etc.) or to run on traditional server infrastructures so that anyone can run their own private BaaS deployment. For architects and back-end teams, it aims to provide a distributed, easily extendable, operationally predictable and highly scalable solution. For front-end developers, it aims to simplify the development process by enabling them to rapidly build and operate mobile and web applications without requiring backend expertise.

Must know HTTP headers for JAX-RS performance

Must know HTTP headers
The following HTTP headers are important parts of the JAX-RS if you care about the performance. These are best referred from the official HTTP specification document
▪ Cache-Control
▪ Expires
▪ Last-Modified
▪ If-Modified-Since
▪ If-Unmodified-Since
▪ ETag
▪ If-None-Match

How to configure the Nginx reverse proxy on AWS Elastic Beanstalk

AWS Elastic Beanstalksimplify the process of configuring the Nginx reverse proxy that runs on the web tier. You can place annginx.conf file in the .ebextensions/nginx folder to override the Nginx configuration. You can also place configuration files in the .ebextensions/nginx/conf.d folder in order to have them included in the Nginx configuration provided by the platform.
.ebextensions/nginx/nginx.conf – Overrides the Nginx configuration for the platform..ebextensions/nginx/conf.d – Files are included in the Nginx configuration provided by the platform. For more information, see Configuring the Reverse Proxy.

AWS Elastic Beanstalk simplifies the process of deploying and scaling web applications and services on AWS

AWS Elastic Beanstalk simplifies the process of deploying and scaling Java, .NET, PHP, Python, Ruby, Node.js, and Docker web applications and services on AWS. You simply upload your code and Elastic Beanstalk automatically handles the deployment, including capacity provisioning, load balancing, auto-scaling to application health monitoring. At the same time, you retain full control over the AWS resources powering your application and can access them at any time.

Data Visualisation with D3.js and Tableau

Data Visualisation:Among the most commonly mentioned tools for data visualisation are D3.js and Tableau. For D3.js, if you can imagine a data visualisation, a data scientist can achieve it using the software. Tableau is the most popular data visualisation tool out there at the moment allowing the compiling data from hundreds of inputs and then easily transforming the data into visualisations.

How to configure your Apache server to permit SSI (Server Side Includes)

Configuring your server to permit SSITo permit SSI on your server, you must have the following directive either in your httpd.conf file, or in a .htaccess file: Options +Includes This tells Apache that you want to permit files to be parsed for SSI directives. Note that most configurations contain multiple Options directives that can override each other. You will probably need to apply the Options to the specific directory where you want SSI enabled in order to assure that it gets evaluated last. Not just any file is parsed for SSI directives. You have to tell Apache which files should be parsed. There are two ways to do this. You can tell Apache to parse any file with a particular file extension, such as .shtml, with the following directives: AddType text/html .shtml
AddOutputFilter INCLUDES .shtml One disadvantage to this approach is that if you wanted to add SSI directives to an existing page, you would have to change the name of that page, and all links to that page, in order to give it …

JSGI, or JavaScript Gateway Interface, is an interface between web servers and JavaScript-based web applications and frameworks

Jack is a reference implementation of JSGI.

It has been included in and further developed by the CommonJS project.

Apple pauses iOS 9.3 update for older iPads and iPhones

According to Apple: 
Updating some iOS devices (iPhone 5s and earlier and iPad Air and earlier) to iOS 9.3 can require entering the Apple ID and password used to set up the device in order to complete the software update. In some cases, if customers do not recall their password, their device will remain in an inactivated state until they can recover or reset their password. For these older devices, we have temporarily pulled back the update and will release an updated version of iOS 9.3 in the next few days that does not require this step."

How to try iOS beta

To try the free beta here. You'll be asked to provide your Apple ID and agree to a terms of service. From there, hit "enroll your iOS device" on the "Getting Started" section. Back up your current iOS data and then hit "Download profile", where you'll be prompted to install beta software. You have to do this part on an iOS device. Once you've done that, go to Settings > General > Software Update to try it.

How to authorize Microsoft Surface for playback of iTunes content

To authorize Surface for playback of iTunes content:Click the menu icon in the top left of the window.Select iTunes Store and Authorize This Computer… in the menu.Enter your Apple ID and password in the new window, then click Authorize.

Paypal SMS/Text keywords

PayPal: Text BAL: get balance. SEND: send money. STOP: stop alerts. 
Reply "ALL" for all text keywords.
Std msg & data rates may apply.

Google Cloud Vision API empowers applications to both see and understand images

Google Cloud Vision API has powerful features such as label/entity detection, optical character recognition, safe search detection, facial detection, landmark detection, and logo detection; the Cloud Vision API gives applications unprecedented ability to comprehend the situation within an image.From Microsoft, with its Project Oxford, to niche startups like Cognitec and Lambda Labs; image analysis is proving to be an attractive space as it appeals across industries from marketing to security. Google has taken a unique approach in that it offers various image analysis techniques from a single platform. Where many companies focus on a single feature Google will go to market with a single platform for all image analysis techniques and features.

How to fix: Jenkins not executing jobs (pending - waiting for next executor)

Go to Manage Jenking -> Configure System and increase the number of executor from 0 to 1.

Check the slave node configuration. "Usage" field should be "Utilize this slave as much as possible" instead of "Leave this machine for tied jobs only".

The Jenkins admin console can run, even with the Master node offline. This can happen when Jenkins runs out of disk space.

To confirm, do the following

go to Jenkins -> Manage Jenkins -> Manage Nodes
examine the "master" node to see if it is offline. It may be reporting that the master node is out of disk space.

How to add or change a SSH key passphrase

Why do I need a passphrase?
Passwords aren't very secure. If you use one that's easy to remember, it's also easier to guess or brute-force (try many options until one works). If you use one that's random, it's hard to remember, and thus you're more inclined to write it down. Both of these are Very Bad Things.

This is why you're using SSH keys. Of course, using a key without a passphrase is basically the same as writing down a random password: anyone who gains access to your computer has gained access to every system you use that key with. This is also a Very Bad Thing. The solution is to add a passphrase to the SSH key for an extra layer of security.

How to avoid enter a long passphrase every time I use the key
Neither do I! Thankfully, there's a nifty little tool called ssh-agent that can securely save your passphrase, so you don't have to re-enter it. If you're on OS X Leopard or later your keys can be saved in the system's keychain to make yo…

How to generate a new SSH key

Generating a new SSH keyOpen Terminal. Paste the text below, substituting in your GitHub email address. ssh-keygen -t rsa -b 4096 -C ""
# Creates a new ssh key, using the provided email as a label
Generating public/private rsa key pair.
When you're prompted to "Enter a file in which to save the key," press Enter. This accepts the default file location. Enter a file in which to save the key (/Users/you/.ssh/id_rsa): [Press enter]
At the prompt, type a secure passphrase.  Enter passphrase (empty for no passphrase): [Type a passphrase]
Enter same passphrase again: [Type passphrase again]