Directing all VPN traffic through the OpenVPN concentrator

Problem

It is necessary for some users to have all their traffic directed through the OpenVPN concentrator. The number one reason for such a configuration is to protect the HTTP traffic over unsecured WiFi (a.k.a. hotspots).

Solution

Add to the bottom of the connecting client’s configuration file (typically under /etc/openvpn/clients.d the following line:
push "redirect-gateway"


Mac OS X fash disk burning

Overview

One of the neat aspects of OSX is that it has all the classic Unix tools available. Linux users know that dd is the command line tool to flash a CF card or a USB drive on Linux. Here is how to use dd on the Mac.

Steps

      Open a command line tool (terminal or xterm if you have X11.
      Itentify the drive to flash:

      • Eject and unplug the card
      • On the command line run diskutil list
      • Plug in your CF drive
      • On the command line run diskutil list. Your drive will be named /dev/diskN where N is the number of the drive.
      Flash the drive by running: sudo dd if=/Users/xxxxx/Desktop/pfSense.img of=/dev/rdiskN bs=1m (in this exmple I’m burning the pfSense.img file, replace it with the file you want to use to flash the firewall.
      Eject the drive: diskutil eject /dev/diskN

References:


Setting up Apache Authentication with htpasswd / htaccess

Authentication in Apache is done through htaccess, either from the configuration file, or from the .htaccess file in a given directory. Note that only full directories can be easily protected with this method.
Here is how: (first log in to the shell, as this method only works if
you have shell access)

$ cd .../html/protected_dir

$ cat > .htaccess

AuthType Basic

Authname "Protected KLC directory"

AuthUserFile ../../control/htpasswd

AuthGroupFile /dev/null

Require valid-user

+d

$ htpasswd -c ../../control/htpasswd user_name

[give passwd]

After the file is created for the first time, to
add more users:

$ htpasswd ../../control/htpasswd user_name

There are also more sophisticated authentication schemes available, that allow database driven authentication. Feel free to contact me for more information about those solutions.


Rebuild Postgres for specific platform

# rpm -i postgres-[version number].src.rpm

# rpmbuild -bb --target i686 /usr/src/redhat/SPECS/postgresql.spec

If you get a problem with unpackaged files, use the following trick:

vi /usr/lib/rpm/macros

An modify some of the lines as follows:

#

# Script gets packaged file list on input and buildroot as first parameter.

# Returns list of unpackaged files, i.e. files in $RPM_BUILD_ROOT not packaged.

#

# Note: Disable (by commenting out) for legacy compatibility.

#%__check_files         /usr/lib/rpm/check-files %{buildroot}

#

# Should unpackaged files in a build root terminate a build?

#

# Note: The default value should be 0 for legacy compatibility.

%_unpackaged_files_terminate_build      0

#

# Should missing %doc files in the build directory terminate a build?

#

# Note: The default value should be 0 for legacy compatibility.

%_missing_doc_files_terminate_build     0


How to create or apply a patch?

Often programmers that haven’t worked with patches before find it intimidating. Patches are actually very simple to deal with. Here is how.

Creating Patches


diff -u oldfile newfile > filename.patch

or

diff -urN /olddir /newdir > filename.patch

or

diff -urN -X excludes /olddir /newdir > filename.patch

diff options:
-u Output (default 2) lines of unified context.
-r Recursively compare any subdirectories found.
-N Treat absent files as empty.
-X FILE Exclude files that match any pattern in FILE.

Note: The -u options can be replaced with -c to create a context format diff file with a setting of two lines.

Applying Patches


gzip -cd patch.gz | patch -p0

or

bzip2 -dc patch.bz2 | patch -p0

or

patch -p0 < filename.patch

patch options:
-p NUM Strip NUM leading components from file names.


Which MySQL database engine to pick for a given table?

MySQL allows to select a different king of engine on a per table basis at creation time of each table. Each engine has its advantages and caveats. Here is a brief summary:

  • MyISAM: fastest disk based, least space requirement, non-transactional, slow crash recovery
  • InnoDB: slowest engine, transactional, fastest crash recovery
  • HEAP:fastest overall engine, limited by live memory, limited attribute types, no crash recovery

References:


Increase maximum table space in MySQL

For those of us that are still forced to used 32bit MySQL, there is a table size limit of 4GB by default (even though the file size limit on those systems is 4TB on ext3 – 2TB on NTFS).  Here is what to do to lift that limit:

ALTER TABLE tbl_name MAX_ROWS=1000000000 AVG_ROW_LENGTH=nnn;

You have to specify AVG_ROW_LENGTH only for tables with BLOB or TEXT columns; in this case, MySQL can’t optimize the space required based only on the number of rows.

If you want to make the default larger, then you can set the mysqld engine parameter myisam_data_pointer_size = 7 in /etc/my.cnf (or whereever your MySQL server config file is). The setting of 7 will allow 256TB table size.

References:

  1. MySQL 5.0 Reference Manual
  2. Overcoming MySQL’s 4GB Limit
  3. Vbulletin Community Forum

Screen Locking in Mac OS X

On Windows and Linux, it is simple to set up one’s workstation to have the screen locked when one steps away from the console.  On the Mac however, there is no explicit way to achieve that.  The following site has some good pointers: Quickly lock your screen

One of the best methods from the article is to “show the login window, without actually logging out. You can do this by
enabling fast user switching in the Accounts System Preferences panel.
Click the Login Options button (you’ll probably have to enter your
administrator password to do this), and then select the Enable Fast
User Switching option. Once you have fast user switching enabled,
you’ll see either an icon or a name in your menubar, depending on what
option you chose on the Login Options screen. Click on your name or
icon in the menubar and select Login Window from the drop-down menu.
The login window will appear. When you return to your Mac, login as you
usually do. All your applications will be just as your left them–even
your iTunes music will start up again where it stopped playing, even if
that means mid-song.”