Wednesday, April 25, 2007

Top 10 Classic Magic Decklist

10. Big Beef Land Destruction

Artifacts
1x Black Lotus
2x Jayemdae Tome
4x Juggernaut
5 Moxen
1x Sol Ring

Black
4x Dark Ritual
2x Demonic Hordes
1x Demonic Tutor
2x Drain Life
4x Hypnotic Specter
4x Juzam Djinn
4x Sinkhole
2x Terror

Green
1x Berserk
4x Ice Storm
2x Instill Energy
1x Regrowth

Land
4x Bayou
4x Forest
1x Library of Alexandria
7x Swamp

9. ProsBloom

4 x Infernal Contract
2 x Vampiric Tutor
1 x Drain Life
4 x Natural Balance
4 x Squandered Resources
4 x Cadaverous Bloom
3 x Abeyance
3 x Prosperity
4 x Memory Lapse
4 x Impulse
4 x Meditate
4 x City of Brass
4 x Gemstone Mine
5 x Swamp
4 x Forest
1 x Plains
5 x Island

8. Bazaar Reanimator

Black
4x Animate Dead
4x Ashen Ghoul
4x Dark Ritual
1x Demonic Consulation
4x Krovikan Horror
4x Nether Shadow
4x Shallow Grave
4x Vampiric Tutor

Blue
4x Deep Spawn

Gold
4x Nicol Bolas

Red
2x Crimson Hellkite

Land
4x Bazaar of Baghdad
4x Badlands
1x Diamond Valley
8x Swamp
4x Underground Sea

7. Vise Age

Artifacts
4x Black Vise
4x Howling Mine

Gold
3x Stormbind

Green
4x Ernham Djinn
4x Tinder Wall

Red
2x Fireball
4x Incinerate
2x Jokulhaups
4x Lightning Bolt
2x Orcish Lumberjack
2x Orgg
1x Shatter

Land
8x Forest
4x Karplusan Forest
8x Mountain
4x Strip Mine

6. The Rack / Balance Deck

Artifacts
1x Black Lotus
1x Candelabra of Tawnos
1x Chaos Orb
3x Library of Leng
1x Mox Emerald
1x Mox Pearl
1x Mox Ruby
2x Relic Barrier
4x The Rack

Green
1x Regrowth
3x Sylvan Library

Red
4x Chain Lightning
3x Fireball
4x Lightning Bolt

White
4x Balance
2x Consecrate Land
3x Disenchant

Land
4x Bazaar of Baghdad
1x Maze of Ith
4x Mishra’s Factory
4x Plateau
4x Savannah
4x Taiga

5. Erhnamgeddon

Artifacts
1x Feldon’s Cane
2x Fellwar Stone
1x Zuran Orb

Green
1x Autumn Willow
4x Ernham Djinn
1x Hurrican
4x Llanowar Elf
2x Sylvan Library
2x Whirling Dervish

White
3x Armageddon
1x Balance
3x Disenchant
2x Land Tax
2x Order of Leitbur
2x Serra Angel
4x Swords to Plowshares
2x Wrath of God

Lands
4x Brushland
8x Forest
7x Plains
4x Strip Mine

4. Kird Ape / Channelball

Artifacts
1x Black Lotus
1x Mox Ruby
1x Mox Sapphire
1x Mox Emerald
1x Sol Ring

Blue
1x Ancestral Recall
1x Counterspell
1x Time Walk
1x Timetwister

Green
1x Berserk
1x Channel
4x Elvish Archers
4x Giant Growth
4x Llanowar Elves
1x Regrowth

Red
4x Disintegrate
4x Fireball
4x Kird Ape
4x Lightning Bolt

Land
2x Forest
1x Library of Alexandria
1x Mountain
4x Strip Mine
4x Taiga
4x Tropical Island
4x Volcanic Island

3. Titania / Balance Deck


Artifacts
1x Black Lotus
1x Chaos Orb
4x Fellwar Stone
3x Howling Mine
4x Icy Manipulator
1x Ivory Tower
2x Jade Statue
5 Moxen
4x Relic Barrier
3x Winter Orb

Green
1x Regrowth
3x Titania’s Song

White
4x Balance
4x Disenchant
4x Swords to Plowshares

Lands
1x Forest
4x Mishra’s Factory
1x Mishra’s Workshop
2x Plains
4x Savannah
4x Strip Mine

2. The Deck

Artifacts
1 Black Lotus
2 Disrupting Scepter
1 Jayemdae Tome
1 Mirror Universe
1 Mox Emerald
1 Mox Jet
1 Mox Pearl
1 Mox Ruby
1 Mox Sapphire
1 Sol Ring

Sorceries
1 Demonic Tutor
1 Amnesia
1 Braingeyser
1 Timetwister
1 Time Walk
1 Recall
1 Regrowth

Instants
1 Ancestral Recall
2 Counterspell
4 Mana Drain
2 Red Elemental Blast
4 Disenchant
4 Swords to Plowshares Enchantments
2 Moat

Creatures
2 Serra Angel

Lands
4 City of Brass
4 Island
1 Library of Alexandria
3 Plains
3 Strip Mine
4 Tundra
2 Volcanic Island

Sideboard
2 Red Elemental Blast
2 Circle of Protection: Red
2 Dust to Dust
1 Zuran Orb
1 Balance
2 Blood Moon
1 Tormod's Crypt
2 Mana Short
1 Amnesia
1 Feldon's Cane

1. The Necrodeck

Artifacts
2x Icy Manipulator
1x Ivory Tower
2x Nevinyrral’s Disk
1x Zuran Orb

Black
4x Black Knight
4x Dark Ritual
3x Drain life
4x Hymn to Tourach
4x Hypnotic Specter
2x Icequake
1x Ihsan’s Shade
4x Necropotence
4x Order of the Ebon Hand
2x Sengir Vampire

Land
4x Strip Mine
18x Swamp

Tuesday, April 24, 2007

Blink Rider

This is my favorite deck today.

Blink Rider

Maindeck:

Creatures
4 Avalanche Riders
3 Court Hussar
3 Lightning Angel
3 Riftwing Cloudskate

Instants
4 Lightning Helix
4 Momentary Blink
4 Remand

Sorceries
4 Ancestral Vision
2 Demonfire
3 Rift Bolt
4 Stone Rain

Basic Lands
2 Island
2 Mountain
2 Plains

Lands
1 Adarkar Wastes
1 Battlefield Forge
4 Hallowed Fountain
4 Sacred Foundry
2 Shivan Reef
4 Steam Vents

Sideboard:
3 Giant Solifuge
4 Faith's Fetters
4 Disenchant
4 Cryoclasm

Friday, April 20, 2007

How-to: OpenBSD 3.8+Apache+PHP+MySQL

What this document is

This document aims to be a tutorial for easily getting an OpenBSD 3.8 installation up and running with Apache+PHP+MySQL. It is a collection of various information I've found on the Internet (see References) and my own personal experiences. I will be covering installation and initial setup of the MySQL and PHP packages along with several PHP extensions. I also briefly touch on a few security topics and then how to get OpenBSD to start Apache and MySQL at boot.

What this document isn't

This document is not intended to be a tutorial on how to install OpenBSD. This has already been covered more than sufficiently by the OpenBSD team and any attempt I make at duplicating it here would be redundant. This document is also not a complete reference for using Apache, PHP, or MySQL. Each of these projects has its own independent documentation which I could not begin to cover here. This document is in no way a total solution to securing a system. OpenBSD comes fairly secure and has an excellent track record of security, but security is a not a destination. It is a journey. It is up to you, the person at the keyboard, to keep the system patched, up to date, and to use good judgement when making system changes.

Installing OpenBSD 3.8

The OpenBSD Team has made excellent documentation on how to do this. I don't see much point in duplicating it here. Come back here when you are done installing OpenBSD and I'll help get you set up installing the rest of the system.
OpenBSD installation instructions

Installing PHP and MySQL

The pkg_add command is the preferred method of installing software on OpenBSD systems as it will automatically find and resolve any package dependencies (and there will be some here). Packages can be removed with pkg_delete. You'll need to be root to do all of this. First, we need to setup the environment for pkg_add. The following command tells pkg_add where to look for the packages we are going to tell it to get:

# export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/3.8/packages/i386/

Now onto adding the packages. I use the "-v" switch with pkg_add. This tells pkg_add to be verbose about what it's doing. I also redirect this output to the file packages for reviewing later if needed.

We'll start with MySQL 4 Server:

# pkg_add -v mysql-server-4.0.27.tgz > packages

Install PHP4:

# pkg_add -v php4-core-4.4.1p0.tgz >> packages

The ">>" appends to the end of the previously created file packages.

Enable the PHP4 module:

# /usr/local/sbin/phpxs -s
# cp /usr/local/share/examples/php4/php.ini-recommended /var/www/conf/php.ini

Install and enable PHP4_MySQL connectivity:

# pkg_add -v php4-mysql-4.4.1p0.tgz >> packages
# /usr/local/sbin/phpxs -a mysql

Install and enable MCRYPT:

# pkg_add -v php4-mcrypt-4.4.1p0.tgz >> packages
# /usr/local/sbin/phpxs -a mcrypt

Install and enable MHASH:

# pkg_add -v php4-mhash-4.4.1p0.tgz >> packages
# /usr/local/sbin/phpxs -a mhash

Install and enable DOMXML:

# pkg_add -v php4-domxml-4.4.1p0.tgz >> packages
# /usr/local/sbin/phpxs -a domxml

Install and enable IMAP:

# pkg_add -v php4-imap-4.4.1p0.tgz >> packages
# /usr/local/sbin/phpxs -a imap

Install PEAR libraries:

# pkg_add -v php4-pear-4.4.1p0.tgz >> packages

Install and enable GD to use PHP to manipulate graphics:

If you didn't install the X11 libraries when you installed the base system (it's a good idea not to install these if you're running a web server), use these commands: (Thanks to Craig McCormick for pointing out this previous oversight.)

# pkg_add -v php4-gd-4.4.1p0-no_x11.tgz >> packages
# /usr/local/sbin/phpxs -a gd

If you did install X11, then use these to install and enable GD:

# pkg_add -v php4-gd-4.4.1p0.tgz >> packages
# /usr/local/sbin/phpxs -a gd

Install and enable CURL:

# pkg_add -v php4-curl-4.4.1p0.tgz >> packages
# /usr/local/sbin/phpxs -a curl

Setting up MySQL

Now we need to secure MySQL a little bit. We do this by setting out root password for the MySQL server and then setting passwords for the two anonymous accounts that ship with MySQL with no password.

First start the server daemon:

# /usr/local/bin/mysqld_safe &

Set root password:

# /usr/local/bin/mysqladmin -u root password mypassword

Access the server with your new password:

# /usr/local/bin/mysql -u root -p

After you enter your MySQL root password, you'll be at a prompt. We'll enter a command to show us the users and hosts that exist so far. Then, we'll set the passwords. Enter the following at the prompt:

mysql> SELECT Host, User FROM mysql.user; mysql> SET PASSWORD FOR ''@'localhost' = PASSWORD('newpwd'); mysql> SET PASSWORD FOR ''@'host_name' = PASSWORD('newpwd');

Change @'host_name' to the value that corresponds to the name you gave your system, displayed on your screen under Host where User = root (i.e., www.freeyourbox.org)

It will be good practice for us to create a test database and a new user for that database:

mysql> CREATE DATABASE testdb; mysql> GRANT SELECT ON testdb.* TO 'testacct'@'localhost' -> IDENTIFIED BY 'l33tp4ssw0rd'; Query OK, 0 rows affected (0.03 sec)

Now make a table for the testacct user to select from later:

mysql> USE testdb Database changed mysql> CREATE TABLE new_table ( -> id int not null primary key auto_increment, -> name varchar (50) not null ); Query OK, 0 rows affected (0.04 sec)

View the table:

mysql> show tables; +------------------+ | Tables_in_testdb | +------------------+ | new_table | +------------------+ 1 row in set (0.00 sec)

Now we need to insert some data:

mysql> INSERT into new_table values ('NULL', 'h4x0r'); Query OK, 1 row affected (0.00 sec)

Select our data from the database to make sure everything is working ok:

mysql> SELECT id, name from new_table; +----+-------+ | id | name | +----+-------+ | 1 | h4x0r | +----+-------+ 1 row in set (0.00 sec)

Now exit MySQL by typing:

mysql> exit

On OpenBSD, apache comes chrooted in the /var/www directory. MySQL's default socket location is in /var/run/mysql/mysql.sock. This causes a problem since apache can't "see" the /var/run directory. To overcome this, we need to make a hard link to the mysql.sock socket file. This is achieved by typing the following at the command prompt:

# mkdir -p /var/www/var/run/mysql # ln -f /var/run/mysql/mysql.sock /var/www/var/run/mysql/mysql.sock

Configuring Apache

Now that MySQL and PHP are ready to go, we need to configure Apache. For Apache to use PHP, you'll need to locate the following line in /var/www/conf/httpd.conf and uncomment it:

AddType application/x-httpd-php .php

You'll also need to edit the Directory Index line to say:

DirectoryIndex index.html index.php index.phtml index.php4 index.php3

Now you need to change the Listen directive to reflect your network setup. Mine says:

Listen 192.168.8.7:80 Listen 127.0.0.1:80

You don't need the 127.0.0.1 unless you want to be able to connect from the server using lynx or some similar web browser. You also should change the ServerAdmin and the ServerName directives. Since my apache installation is only for internal use, I will be using an internal IP address for ServerName. You will more than likely need to change this to something like www.yourdomain.com. For this to work, you need to have a valid DNS record for your hostname.

ServerName www.freeyourbox.org ServerAdmin webmaster@freeyourbox.org

One thing I like to do to improve security is to disable directory listings if no index file is found. This can be done by inserting "Options -Indexes" between the DocumentRoot directory and the Directory / options and remove the Indexes option from Directory / like so: (Note: directory indexing IS already disabled by default on OpenBSD. I've put this in here as an example of how to do it)

DocumentRoot "/var/www/htdocs" ## Turn off directory listing by default and make allowed to only specific dirs Options -Indexes Options FollowSymLinks AllowOverride None

With this setup you will have to explicitly allow directory listing in any directories you will want to be able to list files in. An example is in order:

# allow indexes to specific directory AllowOverride None Options +Indexes

Now save the httpd.conf file. Then stop and start apache to reread the config with the following:

# apachectl stop # apachectl start

Testing MySQL and PHP

Ok, PHP and MySQL are installed. Apache is configured and running. Now we want to test our setup to make sure that it's really working. Create a new file in vi:

vi mysql_test.php

Enter the following into the file and save it:



PHP MySQL connection test

";
}

// good form to close the connection
mysql_close($conn);
// close the php
?>

Run the script:

lynx http://127.0.0.1/mysql_test.php

You should see:

The ID is 1 and the name is h4x0r

Disabling and configuring Services

OpenBSD does come with a few unnecessary services enabled by default in my opinion. I like to turn these services off. This is completely optional and you must do so according to your own needs.

# vi /etc/inetd.conf

Comment out the following:

#ident           stream  tcp     nowait  _identd /usr/libexec/identd     identd -el
#ident stream tcp6 nowait _identd /usr/libexec/identd identd -el
#daytime stream tcp nowait root internal
#daytime stream tcp6 nowait root internal
#time stream tcp nowait root internal
#time stream tcp6 nowait root internal

I also like to disable root login via ssh and only allow ssh version 2

vi /etc/ssh/sshd_config

Enter the following two lines:

Protocol 2
PermitRootLogin no

If you choose to do this, you need to create another user account to login in as and add this user needs to be part of the wheel group:

# useradd -m -G wheel "username"
# passwd "username"
# chmod 700 /home/"username"

Starting Apache and MySQL at boot

Apache and MySQL need to be set to start at boot time:

vi /etc/rc.conf

Set the following parameters for apache:

httpd_flags=""

If you disabled the services in /etc/inetd.conf above then you change this in /etc/rc.conf as well:

inetd=NO

To enable MySQL to run at boot enter the following line in /etc/rc.conf.local:

mysql=YES

Then enter the following in /etc/rc.local after the 'starting local daemons' and before the following echo '.' :

if [ X"${mysql}" == X"YES" -a -x /usr/local/bin/mysqld_safe ]; then echo -n " mysqld"; /usr/local/bin/mysqld_safe --user=_mysql --log --open-files-limit=256 & for i in 1 2 3 4 5 6; do if [ -S /var/run/mysql/mysql.sock ]; then break else sleep 1 echo -n "." fi done # # Apache chroot Settings mkdir -p /var/www/var/run/mysql sleep 2 ln -f /var/run/mysql/mysql.sock /var/www/var/run/mysql/mysql.sock fi

Your OpenBSD 3.8 system with Apache, PHP, and MySQL is now ready! Reboot the machine and make sure everything is running as it should be.

Happy web serving and enjoy!


Backup your MySQL databases automatically with AutoMySQLBackup

If you site relies on MySQL and stores its sensitive data in a MySQL database, you will most definitely want to backup that information so that it can be restored in case of any disaster (manual mistake to delete some data, software errors, hardware errors, server compromise, etc.). In a previous post I have presented that MySQL provides the basic tool (mysqldump) to perform database backups. This is required because backing up a database is a little different than backing up regular files.

With mysqldump anyone can write a small shell script and running it from cron, it will achieve an automatic backup solution. There are many such scripts already available freely and also many commercial solutions also (I assume as I have not tested any really ;) ). The script that I liked the most is AutoMySQLBackup, because it doesn’t have any real requirements (mysqldump of course is needed - in any mysql client package - and gzip or bzip2 to compress the resulting file) and has all the features I was looking for in such a script.

AutoMySQLBackup has all the features I needed: it can backup a single database, multiple databases, or all the databases on the server; each database is saved in a separate file that can be compressed (with gzip or bzip2); it will rotate the backups and not keep them filling your hard drive (as normal in the daily backup you will have only the last 7 days of backups, the weekly if enabled will have one for each week, etc.). It has also some other features (check the project homepage for full details), that I am not using myself (like email logs for example), but other peoples might find interesting.

The installation is very simple: just download the one file bash script and save it somewhere, customize it to fit your setup (only some basic changes are needed: like the MySQL user and password, backup location), make it executable and activate it in cron as needed (daily for example).

Here are the variables that I usually setup:

# Username to access the MySQL server e.g. dbuser
USERNAME=dbuser
# Username to access the MySQL server e.g. password
PASSWORD=password
# Host name (or IP address) of MySQL server e.g localhost
DBHOST=localhost
# List of DBNAMES for Daily/Weekly Backup e.g. "DB1 DB2 DB3"
DBNAMES="all"
# Backup directory location e.g /backups
BACKUPDIR="/var/backup/mysql"
# Mail setup
MAILCONTENT="quiet"

You can also run the script manually:

./automysqlbackup.sh.2.5

but probably you will want to enable it in cron and run daily. You can just dump it in the /etc/cron.daily/ folder and you should be done. :) .
Myself I like to place it in /opt and create a symlink to the file (to help with future updates of the script):

ln -s automysqlbackup.sh.2.5 automysqlbackup.sh

and run it from cron by placing in /etc/crontab something like:

#MySQL Daily backup
45 5 * * * root /opt/automysqlbackup.sh >/dev/null 2>&1

If needed, after the script is finished, you can save the backup folder where you placed the databases to a remote location (ftp, nfs, smb, or whatever) or another local medium (like tape for ex.). Saving to remote locations is not supported in the script itself so you will have to either mount the remote space locally (if it is possible… for nfs, smb, for ex.) and save directly onto it, or you will have to use another method to upload the files remotely (maybe you just have to include the backup folder used above in your regular backup script).

Are you using a different scrip to backup your databases? I would like to hear of it… Why did you like it? What features were you looking for? Or you had to write your own script because you have not found your needed features in any existing script available freely?

Setting Up a Server

This article teaches you, the reader, how to configure a GNU/Linux based server with three of the most important services that must be provided in a company, at home, a lab or anywhere else, both for clients and internal usage: web, database, mail. So it will be assumed that the idea is to host websites that use certain technologies such as a scripting language and a database (for dynamic sites), and also to act as a mailing tool, for sending and receiving email.

Consider that this article only shows some of the basic features for configuring these services, each program has much more in depth options. Entire books have been written just about Apache or MySQL. So, don't just stay with what you learn here, play around, read, learn; system administration is all about security and performance, so there's a lot more to discover.

I have also decided to show some optimization (tuning) techniques for a better performance. We will use only free/open source software in this article, thus,it is not necessary to buy commercial licenses. The software we will use is Debian GNU/Linux, Apache, MySQL, PHP and Postfix. The first three are what is called LAMP, where the P can stand for various server side scripting languages such as PHP, Perl and Python. In general, it represents the open source web platform (both for developing and using it). I have been using LAMP and Postfix for years and must say that, after trying lots of other programs of the same sort, it is the wisest choice if you want a powerful, easy to use/configure/maintain and secure server environment.

Why use Debian? I have always liked this distribution because it's easy to manage packages (programs) and system services. It is also very secure and stable, making it perfect for servers and any system that must run 24/7. It's huge package repository (over 15490) is more than enough to get the best use out of any computer system.

Why use Apache? Simple - it's currently the best, most secure and most used HTTP server. It also supports a huge amount of modules and extensions. Here are some specific benefits of Apache: support, efficiency, portability and customizability.

Why use MySQL? It's logo says it all: The world's most popular open source database. This DBMS is reliable, powerful and easy to manage and use. Also, we will use it with Postfix for better integration and performance.

Why use Postfix? If you ask any systems administrator why he/she uses Postfix as a Mail Transport Agent (MTA) the answer will be it's easy and fast. Another great feature is it's security and the wide amount of operating systems it can run on (BSD, Linux, AIX, Solaris, OSX, etc.)

Installing and Configuring Apache

We will use Apache 2 because it has been rewritten for better performance and security. It brings more out of the box optimizations for scalability and throughput, as opposed to version 1.3 (which is not even being maintained anymore). So let's get to it, we first download and install the essential software:\

apt-get install apache2

This will also install the following packages: apache2, apache2-common,apache2-mpm-worker and apache2-utils. Now, try connecting to localhost:80 and you should see a page saying that Apache as been configured correctly. If not,you might have something wrong with the network settings, but that's a whole different ball game. By default, when installing services in Debian it leaves them configured to start when you boot GNU/Linux so you don't have to worry about further system configuration. For controlling the daemon we have apache2clt or we can use Debian's init utilities:

/etc/init.d/apache2 start|stop|restart|reload|force-reload
apacheclt start|stop|restart|...

Apache2's configuration files, by default, are in /etc/apache2/. Whenever a configuration is modified, the server must be restarted. Here is a description of some of the more important files and directories:

  • apache2.conf is where the main configuration is, it used to be httpd.conf, so don't be fooled.
  • mods-available/ is the directory with all the modules that are available. The .load contain the Apache directives that are needed to load the modules. And the .conf are the configuration directives for each module.
  • mods-enabled/ is the directory that contains the symbolic links to the modules that we want to enable from mod-available/. At least the .load file must be there, so we will have: /etc/apache2/mod-enabled/modulex.load -> /etc/apache2/mod-available/modulex.load

Let's take this to practice, say we want to enable user directories:

(www.myurl.com/~someuser/). First uncomment the following in apache2.conf:

Next, we create the symbolic links for this module and restart the server:

cd /etc/apache2
ln -s mods-available/userdir.* /etc/apache2/mods-enabled/
/etc/init.d/apache restart

This works for all the modules you want to load. Now let's try some optimization methods. Apache uses a great deal of resources, specially RAM, because it accumulates whatever is necessary to accommodate what it's serving and this process never decreases until it is complete. This takes up as much RAM as the largest dynamic script.

To help reduce this problem, edit apache2.conf and enable KeepAlive (increases time) and set a low value for KeepAliveTimout (this will reduce the time the process waits without doing anything). Also, set the value for MaxRequestsPerChild around 20, depending on the amount of dynamic sites the server is hosting. The idea behind this is that when the process ends, it makes it start over again, but with lower RAM usage. However, by doing this, you might have to increase MaxClients around 50%.

Installing and Configuring MySQL

MySQL 5 introduces a number of new features, compared to older versions, such as new data types, precision math, better performance for storage, faster queries and better handling of certain types. The list goes on, so I recommend checking out the official documentation to see how you can take advantage of the latest version. To get it:

apt-get install mysql-server-5.0

libdbd-mysql-perl, libmysqlclient15off, mysql-client-5.0 and mysql-common will also be installed. Debian will also make sure MySQL starts at boot time. To control the daemon, I use the init script and voila!:

/etc/init.d/mysql start|stop|restart|reload|force-reload|status

To first start working with this database, the root password must be set. The word root does not apply to the system's root, but to the database administrator, however, it can be the same person. So let's set it and log in:

mysqladmin -u root password 'thepassword'
mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 10 to server version: 5.0.20a-Debian_1-log

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql>

If you don't like using the command line system (lazy sysadmins), there a couple graphical user interfaces for MySQL, such as MySQLCC (QT), gMySQLCC (GTK+), etc. Since everything is running fine (or should be) it's time to optimize. MySQL uses algorithms that let you run it with little memory, but you can give it options to increase the memory usage if you have more, and therefore increase performance. To lower the amount of time MySQL sits waiting, edit the configuration file: /etc/mysql/my.cnf and add/change the following (values may vary depending on your specific needs):

wait_timeout=60
connect_timeout=10
interactive_timeout=100
join_buffer_size=1M
query_cache_size=128M
query_cache_limit=2M
max_allowed_packet=16M
table_cache=1024

Installing and Configuring PHP

Now that we have our httpd server up and running we can setup PHP. Debian includes PHP5 in the official package repository, not too long ago only up to version 4 was supported. So let's get it:

apt-get install php5

Just like for Apache and MySQL, extra packages will have to be install as well: apache2-mpm-prefork, libapache2-mod-php5 and php5-common.

Now, add support for MySQL:

apt-get install php5-mysql

I also like to add some more packages for PHP, such as CLI, Pear, LDAP, IMAP, GD, mhash, ODBC and PostScript:

apt-get install php5-cli php-pear php5-ldap php5-imap php5-gd  php5-mhash php5-odbc php5-ps

The configuration file for PHP is located in /etc/php5/apache2/php.ini, every time you modify it, Apache must be restarted. So let's see if everything is working. First let's create a simple script, called information.php, in Apache's DocumentRoot, that is /var/www/information.php and inside it should go:

Now, fireup a browser and open www.mycompany.com/information.php. You should see a page with information about the PHP version that is installed. Also it provides some details about Apache, and all the PHP modules. Last, but not least, let's make sure MySQL and PHP are working well together. First, log in to MySQL and create a new database:

mysql> create database test;
Query OK, 1 row affected (0.00 sec)

mysql> exit
Bye


'

Create a new file, db.php, in the same directory and write:

 

Check your browser and you should see: connection success. Now for a little optimization. Usually compiling PHP scripts on the fly uses a lot of memory, so if your hosting several big web sites and have lots of users visiting, you might want to do something about this resource abuse. The solution is to use a program that keeps the scripts precompiled. The most popular include Zend Accelerator, Turck MMCache and PHP Accelerator. Performance can increase up to 200%.

Finally LAMP is up, running and optimized. You can also provide further services, such as more databases (PosgreSQL, Oracle, Informix, etc) and more server side languages (Perl, JSP, Python, etc).

Installing and Configuring Postfix

Postfix was originally written as an alternative to Sendmail, which is used in most mail servers around the world. Unfortunately, Sendmail is hard to use (and manage) and very bug prone, therefore securing it can be quite a task. This is why Postfix is a fantastic option. Just like with the rest of the software, we download and install it, with support with MySQL:

apt-get install postfix postfix-mysql

Leave the values dpkg suggests when configuring. The default configuration files are in /etc/postfix, we will only use main.cf. Once done, we create the postfix user for MySQL and the database for the emails:

  mysql -A -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4 to server version: 5.0.20a-Debian_2-log

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> use mysql;
Database changed
mysql> insert into user (host, user, password) values ('localhost', 'postfix', password('thepostfixpass'));
Query OK, 1 row affected, 3 warnings (0.00 sec)

mysql> insert into db (host, db, user, select_priv) values ('localhost', 'mail', 'postfix', 'Y');
Query OK, 1 row affected (0.00 sec)

mysql> create database mail;
Query OK, 1 row affected (0.01 sec)

Afterward, MySQL must be restarted to use the new user and database. If everything worked correctly, then there shouldn't be any problem logging in as postfix using the mail database. So now we create our tables, as root:

  mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 3 to server version: 5.0.20a-Debian_2-log

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> use mail;
Database changed
mysql> create table transport (
-> domain varchar(255) primary key,
-> transport char(8),
-> access varchar(2)
-> default 'OK');
Query OK, 0 rows affected (0.01 sec)

mysql> create table aliases (
-> id int(6),
-> alias varchar(255) primary key,
-> maildir varchar(255) not null,
-> access varchar(2)
-> default 'OK');
Query OK, 0 rows affected (0.00 sec)

mysql> create table remote_alias (
-> alias varchar(255) primary key,
-> rcpt varchar(255) not null);
Query OK, 0 rows affected (0.01 sec)

mysql> create table domain1 (
-> user varchar(255) primary key,
-> pass varchar(255) not null,
-> maildir varchar(255) not null,
-> active int(8)
-> default 1);
Query OK, 0 rows affected (0.00 sec)

The next step is configuring Postfix to support MySQL, so edit the configuration file and add:

  transport_maps=mysql:/etc/postfix/transport.cf
virtual_mailbox_base=/home/postfix
virtual_uid_maps=mysql:/etc/postfix/ids.cf
virtual_gid_maps=mysql:/etc/postfix/ids.cf
virtual_mailbox_maps=mysql:/etc/postfix/aliases.cf
virtual_maps=mysql:/etc/postfix/remote_aliases.cf

Since we are specifying files that don't exist, we must create them. In transport.cf write:

  user=postfix
password=thepostfixpass # the password used in MySQL
dbname=mail
table=transport
select_field=transport
where_field=domain
hosts=localhost

  user=postfix
password=thepostfixpass # the password used in MySQL
dbname=mail
table=aliases
select_field=maildir
where_field=alias
hosts=localhost

In ids.cf:

  user=postfix
password=thepostfixpass # the password used in MySQL
dbname=mail
table=aliases
select_field=id
where_field=alias
hosts=localhost

And for the final file, remote_aliases.cf:

user=postfix
password=thepostfixpass # the password used in MySQL
dbname=mail
table=remote_aliases
select_field=rcpt
where_field=alias
hosts=localhost

Lets now create the information for the domain1 example in MySQL:

mysql -A -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 8 to server version: 5.0.20a-Debian_2-log

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> use mail;
Database changed
mysql> insert into transport(domain, transport) values ('domain1.com', 'virtual:');
Query OK, 1 row affected (0.00 sec)

To add users to that domain, simply insert into the aliases table the data (you can get postfix's userid from /etc/passwd, for example:

mysql>insert into aliases values
(postfix_uid,'
user@domain1.com','domain1/user', 'OK');

Finally everything should be working smoothly. Make sure you constantly check the logs (/var/log/mail.log), even if everything is normal, because the first place you might detect an attack is there.

Run daily with at

UNIX provides a command called "at" which can be used to run jobs according to the specfied time.

To run a particular job in every hour, every day use the following set of commands in a file called "at.sh" which will be executed recursively everyday.

########### CUT HERE ##################

#! /usr/bin/sh

# dt is a variable used to store
# current date

dt=`date | cut -c5-10`

# tm is a variable used to store
# current time

tm=`date | cut -c12-13`

while [ $tm -le 23 ]
do

# "at" is the command ad -f is the
# option used to execute a specified
# file. "file Name" should be an
# executable file.

at -f ./"file Name" $tm $dt
tm=`expr $tm + 1`
done

# With out manual intervention, automatic
# change over to the next day's job
# scheduling

at -f ./"File Name" 2358 $dt
dt=`expr $dt + 1`
at -f ./at.sh 0002 $dt

########### CUT HERE ##################

Run on last sunday

If you want a job to run on the last sunday of every month, you can use the following syntax from within cron:

18 * * * 0 [`date "+%d"` -gt 24] && /path/to/script

i.e. on sundays at 18:00 check if the day of the month is greater than 24 - if so run the job (if 23 is
specified the job will run on the last 2 sundays of the month)

NOTE: There back-ticks around the date command, not single quotes.

Change the Suffix

If you want to change the suffix of multiple files, you can't do:

% mv *.abc *.def

However the following shell script can be used to do the required opperation:

***

Change all *.abc file to *.def the following shell script would work:

#!/bin/sh
for f in *.abc; do
mv $f `basename $f .abc`.def
done

How it works:

for f in *.abc; do

Set up a look for all files ending in .abc, and each time around setup $f as the filename

mv $f `basename $f.abc`.def

`basename $f .abc` takes the filename in $f and removes any trailing occurences of .abc, we then append .def to the result and the resulting command becomes "mv file.abc file.def"

done

Ends the "for" loop above.

Under "csh" or "tcsh" a similar thing could be done with:

foreach f in ( *.abc )
mv $f `basename $f .abc`.def
end

CentOS 5.0, OLPC, Linux Mint download statistics, Ubuntu "Feisty" delays, FreeBSD ZFS integration, interview with the "distro guy"

CentOS The most interesting release of the past week was undoubtedly the one delivered by the CentOS development team. CentOS 5.0, based on the recently released Red Hat Enterprise Linux 5, is the second project (after StartCom Enterprise Linux) that has successfully rebuilt Red Hat's latest enterprise distribution into an installable and fully-supported Red Hat clone. Although CentOS has never been able to break into the DistroWatch's top ten list, there is little doubt that this is a very popular distribution - especially on servers and business desktops. And its most important feature? Besides virtualisation, IPV6 support and other enterprise-level characteristics inherited from its famous parent, the most important one is its long-term support - CentOS 5.0 will be supported with security and bug-fix updates until at least March 2012. For more information about CentOS please visit the project's web site at CentOS.org.

CentOS

The CentOS 5.0 desktop
(full image size: 117kB, screen resolution: 1280x1024 pixels)


* * * * *

OLPC Another project that attracted much attention last week was the OLPC live CD. As many readers will know, OLPC, or One Laptop Per Child, is a Red Hat-sponsored initiative to develop a US$100 laptop designed for children in developing countries. Given the low-cost components of the laptop, Red Hat is also designing a heavily customised, light-weight operating system based on Fedora, but with a unique user interface called Sugar (see this review for some first impressions and screenshots). The first live CD image demonstrating the concepts of the user interface appeared on Red Hat's servers last week and the interest in it -- 122,000 download attempts were made within the first few days -- surprised the developers. Bear in mind that this is an early prototype designed for developers to demonstrate the product, so it will still undergo substantial changes before it is declared ready for deployment on the laptop.

* * * * *

Linux Mint Speaking about downloads, here is an interesting piece of statistics found in the latest Linux Mint weekly newsletter: "Seven mirrors were made available for [Linux Mint 2.2] Bianca. Three of them counted 592,950 downloads." Linux Mint has been climbing rather dramatically on the DistroWatch's Page Hit Ranking statistics and the download figures -- nearly 600,000 (!) downloads recorded by just three of the seven available mirrors -- confirm the simple truth: many Linux users are looking for a distribution that works out of the box, without any post-install installation of device drivers, multimedia codecs and browser plugins. Linux Mint has delivered exactly that. And although the advocates of Free Software will not be pleased by this fact, there is little doubt that many computer users are attracted to Linux not because it offers the freedom to modify the source code, but because it's good, it's fun, and it's free of cost.

* * * * *

Ubuntu The much awaited Ubuntu 7.04 "Feisty Fawn" release candidate failed to show up last week - due to several serious bugs: "The Ubuntu 7.04 release candidate has been delayed due to bugs discovered during validation testing, specifically problems with certain ATA chipsets and problems with the connection status displayed by the network-manager panel applet. There is no updated ETA yet, but the core development team is actively working on the problems and expects it to be a matter of days." The project expects the final release to take place later this week as scheduled, although a slight delay is still a possibility.

* * * * *

FreeBSD Here is something of interest to the users of the FreeBSD operating system. As announced by Pawel Jakub Dawidek on the FreeBSD current mailing list, the ZFS file system, originally developed by Sun Microsystems, has been integrated into FreeBSD: "I'm happy to inform that the ZFS file system is now part of the FreeBSD operating system. ZFS is available in the HEAD branch and will be available in FreeBSD 7.0-RELEASE as an experimental feature. Currently ZFS is only compiled as kernel module and is only available for i386 architecture. AMD64 should be available very soon, the other architectures will come later, as we implement needed atomic operations." And while on the subject of the BSD operating systems, the OpenBSD project has released the song that will accompany the upcoming release of OpenBSD 4.1. It is entitled Puffy Baba and the 40 Vendors.

* * * * *

Packt Publishing has published an interview with yours truly, the founder and maintainer of DistroWatch.com: "There's no dearth of Linux distributions. This isn't the first time I've said this. Neither will it be the last. But why the chaos? Why are there more failed distributions than successful ones? Ask the distro guy, Ladislav Bodnar, maintainer of DistroWatch.com. Excuse me if the above sounds like those 15-second commercials during super bowl. As a Linux journalist, DistroWatch is an important tool of my trade. For over half a decade the website has been keeping track of every distribution related activity. And like the many distros it lists, DistroWatch is a one-man show. From its humble beginnings, Bodnar has turned DistroWatch into the most comprehensive, and respected, directory of Linux distributions, it is today." Read more in Meet the Distro Guy.

The Best Linux Security Tools

You can never be too safe these days. Viruses, spyware, rootkits, remote exploits, you just never know what security issue is going to be your downfall. Thats why it is important as a Linux administrator to have an understanding of some of the best Linux security tools available to you. In this article, you will learn about ten of the best Linux security tools, and resources on how to use them to your advantage.


  • Nmap Security Scanner
    Nmap, which stands for “Network Mapper” is a free open source utility that allows you to explore and audit a network. From the website: “Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.”
    For Nmap installation documents, go here.
    There is a very useful tutorial here on the numerous scan types Nmap allows.
    This PDF is a great print-out reference that includes all of the major Nmap options.
  • Nessus Vulnerability Scanner
    Nessus is a vulnerability scanner that probes your network machines against an up-to-date security vulnerability database, alerting you of security holes, with detailed analysis on how to fix each hole. From the Nessus website: “Nessus is the world’s most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the world’s largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications.”
    See an example scan report here.
    For Nessus installation documents, go here.
    A nice technical guide to Nessus can be found here.
    The Nessus knowledge base is here.
  • Clam AntiVirus
    ClamAV is a GPL anti virus toolkit. The main purpose of ClamAV is the integration with mail servers, but can also be used to scan files for viruses on the command line. It provides a flexible and scalable multi-threaded daemon, a command line scanner and a virus database that is kept up to date. The most popular use of ClamAV is on a mail server, tied in with a anti-spam application like Spam Assassin.
    For installation help, go here.
    The Clam AntiVirus wiki can be found here.
    This PDF document covers all you need to know about ClamAV.
  • Snort
    Snort is one of the greatest weapons you can have in the fight against intrusions. Snort is mainly used in three different ways: as a packet sniffer, a packet logger, or as a complete intrusion detection system (IDS). From the website: “Snort is an open source network intrusion prevention system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.”
    The official Snort users manual can be found here.
    For a very complete comprehensive list of documents, go here.
  • Chkrootkit
    Chkrootkit is a tool designed to locally check for signs of a root kit on your Linux machine. “Root kits” are basically files that can hide on your machine after a break in that allow the attacker to gain access to your computer in the future.
    This PDF explains adding chkrootkit to your auditing arsenal.
  • Tripwire
    Tripwire is a security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems. Basically, tripwire has the ability to alert you when files have been modified on your system.
    A comprehensive guide to implementing tripwire can be found here.
    This is a nice howto on setting up tripwire.
  • Rootkit Hunter
    Rootkit Hunter is a great tool for analyzing and monitoring the security of your systems. Like Chkrootkit, this tool also checks for rootkits that may be hiding on your machine, as well as other tools on your system that may be potentially dangerous.
    A detailed guide on downloading and installing Rootkit Hunter can be found here.
  • Kismet
    From the website: “Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.” If you have a wireless network, or travel with a laptop, this security tool is a must have.
    This Kismet readme covers just about all you need to know.
    There is also a lot of useful information located within the Kismet forums.
  • Shorewall
    Shorewall is a very powerful and flexible firewall that utilizes iptables and Netfilter. Very flexible configuration allows the firewall to be used in a wide variety of firewall/gateway/router and VPN environments.
    The Shorewall Installation document can be found here.
    Here is a quick start guide to using Shorewall.
    Shorewall Features can be found here.
  • Ethereal (Now called Wireshark)
    Wireshark is a very popular network protocol anyalizer that has a varaiety of security features including a packet browser, live capture and offline analysis and more. Basically, Wireshark captures packets going across the network and displays them to you with as much detail possible. From the users guide: “You could think of a network packet analyzer as a measuring device used to examine what’s going on inside a network cable, just like a voltmeter is used by an electrician to examine what’s going on inside an electric cable (but at a higher level, of course).”
    Here is the Wireshark users guide.
    The Wireshark wiki is here.

Basic Networking Commands you should know!

This would be mostly (*)nix based command set - Here we go...

  1. ping {hostname}
    Lets you check whether your internet connection is alive or lost
    Example : ping techflock.blogspot.com

  2. traceroute {hostname}
    Lets you trace packets and find if your connection is broken beyond your ip address. Also can be used to track the number of hops to get to the hostname
    Example: traceroute techflock.blogspot.com

  3. ifconfig
    Find out your ip address, your network interfaces, transferred and received data information
    Example : ifconfig

  4. nslookup {hostname}
    Find out the dns name resolves to a IP - a way to test your dns server
    Example: nslookup techflock.blogspot.com

  5. dig {hostname}
    Does the same as above and provides other dns related information
    Example: dig techflock.blogspot.com

  6. netstat -a
    Find out all the open ports on your machine
    Example: netstat -a

  7. netstat -nt
    Display all the tcp based established connections on your machine
    Example: netstat -nt

  8. telnet {hostname} {port}
    Telnet or connect to a machine at the specified port to find out whether that machine/server is working right
    Example: telnet techflock.blogspot.com 80

Ofcourse, there are many other options within each of these commands which you can find out through the manual pages by typing man {command}

Update:
Some of the commands might be in /sbin or /usr/sbin paths and might not be in default PATH. So go and execute it from there! For Example: /sbin/ifconfig

Ctrl-D another use

Many Unix Admins use the C shell as their interactive shell. An often used feature of Csh is file completion - initiated with 'set filec'. It allows the Csh user to type in partial file names, and then press escape to get them completed where possible. A little known side effect of this is that Control-D (^D) will now generate file listings in the middle of command lines.

Example 1: (where @ is a space)
host > @^D
Lists the current directory

Example 2:
host >ln -s /usr/^D
Lists the /usr directory

host >tar cvf /dev/nrtape /usr/m^D
Lists all m* files in the /usr directory

In each case, after the listing, you get a new command line and are placed at the last point of edit.

Very handy if you you know what you wanted to do but forgot what you wanted to do it with!

Ping the host table

Here is a quick way to ping all the hosts in your host table. NOTE: Just make sure that there are no blank lines in it, and verify the ping command on your system exist after one ping. Your
mileage may differ slightly.

$ grep -v "#" /etc/hosts | awk '{print $1}' | while read host
> do
> ping -c 1 $host
> done

Or script it:

#!/bin/sh
grep -v "#" /etc/hosts | awk '{print $1}' | while read host
do
ping -c 1 $host
done

Thursday, April 19, 2007

Tracking of logins and logouts

In the .login file add the commands:
------------------------------------

echo login time `date` >> .daylogs/masterlog

grep -i "sun" .daylogs/masterlog > .daylogs/sunday.log
grep -i "mon" .daylogs/masterlog > .daylogs/monday.log
grep -i "tue" .daylogs/masterlog > .daylogs/tuesday.log
grep -i "wen" .daylogs/masterlog > .daylogs/wensday.log
grep -i "thu" .daylogs/masterlog > .daylogs/thursday.log
grep -i "fri" .daylogs/masterlog > .daylogs/friday.log
grep -i "sat" .daylogs/masterlog > .daylogs/saturday.log


In the .logout file add this line
-----------------------------------

echo logout time `date`>> .daylogs/masterlog

This script assumes you have a hidden directory called .daylogs this helps keep it out of sight and away from prying eyes and if you keep root ownership of the directory change the mode to:

chmod 744 .daylogs

This will not allow anyone to get in to the directory to look around.

Monday, April 16, 2007

Backup the remote essentials

There are many programs, data files, and especially license files that sit out on remote workstations and servers that you may should be backing up remotely.

If backing up the entire system puts a strain on your network, make sure that all the essential files at least get backed up.

Some files may be
/var/flexlm
/usr/local/flexlm
/var/netls
/var/license
/etc/passwd
/etc/hosts
/etc/groups
/etc/netgroups
/etc/shadow
/vmunix
/kernel
etc....

Thursday, April 12, 2007

Apple’s strongest security feature: the Mighty Mouse

We’ve all heard the stories and seen the movies about jealous PC users who break into Mac user’s houses while they’re sleeping and try to mess up their Macs. While Hollywood has perhaps sensationalized the stories slightly (often trying to shoehorn in a love story or car chase), the threat is all too real.

Apple computers have long held a virtually spotless record when it comes to warding off viruses and hacking attacks compared to its Windows-running rivals, but the fact is your Mac is just as vulnerable as any PC once someone has physical access to your computer. Leave your computer unattended for just a minute, and if someone really wanted to, they could quickly drag all your photos or music to the trash and empty it in about 20 seconds.

Apple to the rescue!

Luckily, Apple has got you covered with a $49 ($69 for the wireless version) security device known as the Mighty Mouse. Using a Mighty Mouse virtually ensures your computer will be inaccessible to just about any jealous PC-using evildoer who may wish to do your Mac harm.

Setup

Setup is easy; simply plug the mouse in, and you are good to go. In our tests, the average PC user who attempted to click on something using the Mighty Mouse took approximately 40% longer than with a conventional mouse. Even when they were able to click on something, they actually performed a right click 30% of the time. Those extra seconds add up, and usually allowed us time to get to our office and flick the lights on and off, thus scaring them away.

Total lock down

For the ultimate in security, Apple allows you to assign its Exposé feature to the Mighty Mouse (you can do this in System Preferences> Keyboard and Mouse).

If you assign Exposé’s “All Windows” function to the Mighty Mouse’s scroll wheel (middle button), the average PC user will only be able to perform an endless cycle of causing your windows to slide back and forth, never getting close to damaging or deleting any of your files. In our tests, all PC users walked away in frustration in under 2 minutes when the Exposé feature was applied.

Buying advice

The Mighty Mouse acts as a veritable Fort Knox, protecting your Mac from unwanted access the way no other device can, and it looks great doing it. We say $49 is a small price to pay to to get that little extra piece of mind that comes with knowing you’re files are safe from PC-loving evildoers.

Wednesday, April 11, 2007

Bash Hotkeys

Bash provides many hot keys to ease use. Like
ctrl-l -- clear screen
ctrl-r -- does a search in the previously given commands so that you don't
have to repeat long command.
ctrl-u -- clears the typing before the hotkey.
ctrl-a -- takes you to the begining of the command you are currently typing.
ctrl-e -- takes you to the end of the command you are currently typing in.
esc-b -- takes you back by one word while typing a command.
ctrl-c -- kills the current command or process.
ctrl-d -- kills the shell.
ctrl-h -- deletes one letter at a time from the command you are typing in.
ctrl-z -- puts the currently running process in background, the process
can be brought back to run state by using fg command.
esc-p -- like ctrl-r lets you search through the previously given commands.
esc-. -- gives the last command you typed.

Download of the Day: PDFCreator (Windows)

Windows only: Free, open source application PDFCreator is an all-in-one PDF Swiss Army knife.

Aside from the whole print-to-PDF functionality we're so fond of here at Lifehacker,pdfcreator.png PDFCreator has a slew of other wildly useful PDF tools, like encryption, autosave filing based on tags, and PDF merging. If PDFs aren't really your thing, you can even save files as PNG, JPG, and more. I mentioned doPDF a few weeks ago, but many readers were quick to put PDFCreator on the pedestal it deserves in the comments and show me the error of my ways. PDFCreator is free, open source, Windows only.

10 Questions Apple Must Answer in 2007 -- Revisited

Desight.Jugem.Jp-1


So Apple's had one HELL of a first quarter, haven't they? With tax day nearly upon us, I thought it might be a good idea to look back at how well Apple is answering the issues that I thought were important late in December of last year, especially now that the AppleTV is out in the market and the iPhone has set the world on fire with its hype flames. Or something. So click through -- we'll laugh, we'll cry, and we'll learn something about forecasting. Here, again, are the 10 Questions Apple Must Answer in 2007 -- and how well they're responding.

Technorati Tags: , ,

10. Is Apple ready to compete in two new fields (Home Theatre and Mobile Telephony)?

What I said then: For each of these new markets, the question remains: Will Apple come off the way they did in the PC market in the 1990s or the way they have in the digital media player market for the last five years? If Apple succeeds in both these spaces, they're well on their way to being established as the premier consumer electronics company. If they blow it, expect to see Apple called "beleaguered" by the media so fast your head will spin.

What I say now: I'd say yes. AppleTV has only been out for a few weeks, and people are going nuts customizing and hacking it, which is always a really good sign of reception. It would appear that they're ready for the market. The iPhone's feature set and design (which were unknown when I wrote the original post) show that Apple is ready to compete in the phone market, but it will be a long time before we know how well this gamble paid off. Either way, it's clear that Apple's got game in both these fields, and they aren't (yet) bursting under the pressure.

9. Will .Mac survive into 2008?

What I said then: Worst of all, Apple has inextricably linked the latest version of iLife to .Mac, meaning that iWeb is severely hampered without a .Mac subscription, firmly taking iLife from the best bundled suite of free apps around to deceptive loss leader for expensive services. iLife's a perfect comparison, actually. It went from zero to $79, and people kept buying it. That hasn't happened here. I think it's time for Apple to gracefully step away from .Mac and rewrite its iLife applications to work with other hosting solutions. Native Flickr support in iPhoto would be a great way to start.

What I say now: Apple has barely acknowledged that they make computers or software this year, let alone the service side of the equation. I think .Mac might carry on into next year just out of indifference, if nothing else.

8. Has the switch to Intel been successful from a third party software perspective?

What I said then: Given the recent release of a beta Universal Binary version of Adobe Photoshop, this one's actually on its way to being answered in the affirmative. Microsoft still hasn't announced a release schedule for a Universal version of Office, but that's actually less critical. Running Microsoft Word through Rosetta is typically plenty fast for most people. It will be a tremendous vote of confidence and continued success for Apple when Office for Mac Intel ships, but encouraging graphic design firms to upgrade is critical for Apple's workstation market. With Adobe Creative Suite 3 coming in 2007, Apple should continue to own professional creativity hardware for the future.

What I say now: Adobe announced that CS3 will ship this month, and Microsoft has been showing Office 2008 for Intel since January with a second quarter release date. I would say this is a definite affirmative.

7. What should Apple credit for soaring Mac sales?

What I said then: I have a sneaking suspicion that a major contributor to Apple's huge success this year was an artificial dip in demand in late 2005, after the time Apple said they would move all their computers to Intel in 2006. I know lots of Mac users who held out for the MacBook, even though they wanted a new computer much sooner. If Apple's growth in Mac sales doesn't keep up the pace next year, that might be the reason why.

What I say now: I'm an idiot. Apple's growth is sustaining itself. Switching has been its own virtue -- we're now far beyond the window where it's just existing users upgrading to Intel platforms.

6. What's Apple going to do with its new campus in Cupertino?

What I said then: Steve Jobs caused a stir in the Bay Area this spring when he just popped up at a Cupertino City Council meeting to announce that Apple would be building a new local, massive campus in addition to its world headquarters at One Infinite Loop. Little has been announced about the project since then, but it clearly points toward Apple's vision for itself going forward. It's a virtual certainty that they aren't just opening a bunch of new buildings so they have more people to work in their existing businesses. Apple has lots of roads open ahead of it, including phones, broader content management and even business consulting services. As Apple's next businesses go, so go the fortunes of their traditional strengths. For Mac users, the company's overall health is critical to our contentedness with our computers. Let's hope Steve has a great new plan.

What I say now: No new information here. I imagine it will partly depend on what happens next with the AppleTV and iPhone, of course...

5. Is Apple comfortable with Mac OS X as the "Big Tent" operating system?

What I said then: The company could choose to be the Big Tent party of operating systems, providing a safe, crash-proof shell for everyone else's work, but that more than anything else would slow development of native software. This could be disastrous. Apple needs to put a stake in the ground and play up its standards, or embrace all of refugees and truly be the computer for the rest of us. It can't try to be both and neither.

What I say now: Apple hasn't done a thing to stop people from multi-booting or even hacking the AppleTV like crazy. They'll take all comers these days.

4. Is Apple getting complacent with its industrial design?

What I said then: The only significant changes of form or design features of the 2006 macs was the addition of built-in iSights and, in the case of the MacBook, a new keyboard. Other than that, Apple was treading water. I've said for awhile that Apple was deliberately maintaining continuity to older models with the first Intel macs so they could go bolder with the next generation. One transitional generation and one radical reinvention. If they don't do that, they run the risk of falling behind.

What I say now: No matter what else, the iPhone looks really different from existing iPods and other Apple products. It's a thing of astounding beauty, and I'm just hoping to see its elegant good looks start to show up elsewhere in their product line.

3. What more can Apple do with the iPod?

What I said then: For all the talk of the true video iPod, I'm beginning to wonder if the product will be disappointing. If Apple brings out something that is like a normal iPod but with a bigger screen, will you be satisfied? I don't think I will. The iPod's biggest innovations have been in the form of its physical and software interface. I'm not sure that the touchpanes or touchwheels mooted for the device will be enough. To defend its lead, Apple has to go back to its strengths. For instance, I think the iPod has plenty of room to get lighter and thinner, as the MacBook Pro has done for laptops. It also needs to get friendlier to hold and become central to all home entertainment. Work with TV companies to integrate iPod docks to watch shows easily. Do whatever it takes to build on what people know and need and innovate from that perspective. It's easy to fall from the top -- just ask Sony.

What I say now: I think Apple has shown their concern in abundance here, and this is their conclusion: The iPod is already starting to end of life and have created the iPhone to create a platform protected for the future. An iPod with the iPhone interface won't be long in coming. Expect it by the end of the year. I was talking nonsense about that integration of iPod docks into TVs, though, wasn't I?

2. What's Apple up to do with Google?

What I said then: One of the juicier rumors of 2006 was all about what Apple and Google would do together. Eric Schmidt, Google's CEO is on Apple's board, and Mountain View and Cupertino are ridiculously close together. The two companies own customer opinion like no one ever has. What could they do together? I hate to cut this one short, but the answer is everything. Or nothing. Having lived through Taligent, AIM (I like to call it MIA), Pink, Blue and other strategic alliances under Apple, I don't have a lot of faith in their success. Let's keep wishing, though.

What I say now: Looks like mostly cozying up to get cool software on the iPhone. I'll continue to fantasize about something much bigger down the road, of course, but I think we'll continue to see Google produce, wait for it, search-based, ad-supported Web software. Shocking, I know.


1. Can Apple stay successful if Jobs steps down?

What I said then: Apple needs to start demonstrating that they aren't just the wild success of one of the most charismatic gurus in American business history. That can come from Steve, but he needs to do it soon. Apple is clearly capable of succeeding without him, but few in the cognoscenti believe it. While Apple is strong, Steve can start to work towards a more hands-off approach and cultivate a culture of hundreds of gurus instead of the one most believe in at this point. If they do that, Apple will be around until 2184.

What I say now: Nothing's changed. Steve is the brand even more than he was pre-iPhone. Let's just hope he's figuring it out in the background. And for those who have been wondering, I clearly meant 2084 in my original post, which is when Robotron will become an issue.


Friday, April 6, 2007

Comment out multiple lines

Ever wanted to comment out multiple lines of code while writing shell scripts in vi, but didn't want to pound your keyboard for half an hour doing it?

(I#Escape j.j.j.j. = carpal tunnel)

Here's the nerdy way to do it:

:.,+N-1 s/^/#/g

Where N-1 is the number of lines minus one that you want to comment out, and s/^/#/g is the regular expression (the pattern between the first two slashes is what you want to replace, in this case the beginning of the line, and the pattern between the last two slashes is what you want to replace it with).

For example, if you're a bad coder like me and want to comment out 500 lines of code, you would do:

:.,+499 s/^/#/g