December 23, 2013

Why You Should Implement equals() and hashCode() In Hibernate

It is not directly obvious why you should override and implement equals() and hashCode() in Hibernate. Here are two good documentation for why:

- Hibernate ORM documentation
http://docs.jboss.org/hibernate/orm/4.3/manual/en-US/html/ch04.html#persistent-classes-equalshashcode

JBoss Community Wiki
https://community.jboss.org/wiki/EqualsAndHashCode

Essential iptables on RHEL

I good getting starting guide and also very well explained is casting by Red Hat.'

Hardening access to network services with iptables
http://www.redhat.com/resourcelibrary/articles/training-webinars

Hardening Apache Web Server (httpd)

For hardening Apache Web Server, look at

http://benchmarks.cisecurity.org/downloads/browse/index.cfm?category=benchmarks.servers.web.apache

Hardening RHEL 6

For Red Hat Enterprise Linux 6 hardening, look at 

http://benchmarks.cisecurity.org/downloads/show-single/?file=rhel6.120

Packt’s $5 eBook Bonanza is back!

Following on from the success of last year’s festive offer, the publisher will be celebrating the holiday season with an even bigger $5 Bonanza.

From December 19th, customers will be able to get any eBook or Video from Packt for just $5. This sale covers every title in the 1700+ range and customers can grab as many as they like until January 3rd 2014 – more information is available at http://bit.ly/1jdCr2W.

December 21, 2013

Hardening RHEL5

The NSA has been getting a lot of attention in the media lately, but NSA has also published a lot of interesting document. A good example of that is the

Guide to the Secure Configuration of Red Hat Enterprise Linux 5
http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf

December 11, 2013

JBoss Vault in JBoss EAP 6.2.0 uses jceks as Default KeyStore Type

Today I upgraded to JBoss EAP 6.2.0, but ran into some trouble with the keystore I have. I have one for the SSL connector and one for the JBoss Vault.

To be able keep you old JBoss Vault keystore that is stored with the jks format you need to add the KEYSTORE_TYPE vault option.

</extensions>
<vault>
    <vault-option name="KEYSTORE_URL" value="/your/absolute/path/vault/vault.keystore"/>
    <vault-option name="KEYSTORE_PASSWORD" value="MASK-3/VY6BIQ1KQ9LdJmX8m9Vn"/>
    <vault-option name="KEYSTORE_ALIAS" value="vault"/>
    <vault-option name="SALT" value="12345678"/>
    <vault-option name="ITERATION_COUNT" value="45"/>
    <vault-option name="ENC_FILE_DIR" value="/your/absolute/path/vault/"/>
    <vault-option name="KEYSTORE_TYPE" value="jks"/>
</vault>
<management>

Reference

December 10, 2013

Changing Broadcom Driver In Ubuntu

I have a Broadcom Wireless Network Adapter and I had all sort of problem with the standard driver, Broadcom STA Wireless driver or wl that the module is called.

To identify which Broadcom chipset you have. Run:

$ lspci -vvnn | grep 14e4
45:00.0 Network controller [0280]: Broadcom Corporation BCM4313 802.11bgn Wireless Network Adapter [14e4:4727] (rev 01)

To identify which modules (driver) you are using (running):

$ egrep 'ssb|wl|brcmfmac|brcmsmac|bcma' /proc/modules 

I had the STA or wl module running. To remove all possible Broadcom modules.

$ sudo modprobe -r b43 ssb wl brcmfmac brcmsmac bcma 

And to really remove the default STA or wl module, also remove the debian package. After the purge, that remove configuration files as well, I double run apt-get with remove autoremove, which will remove unused package and finally I run clean, to clean the apt-get cache. All for precaution.

$ sudo apt-get purge bcmwl-kernel-source && sudo apt-get autoremove && sudo apt-get clean

Now you must test which driver/module that suites you best. I started with the b43 driver/module.

$ sudo apt-get install firmware-b43-installer
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following extra packages will be installed:
  b43-fwcutter
The following NEW packages will be installed:
  b43-fwcutter firmware-b43-installer
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 22.8 kB of archives.
After this operation, 120 kB of additional disk space will be used.
Do you want to continue [Y/n]? Y

To load the new module/driver.

$ sudo modprobe b43

Now test you installation, if successful reboot and double check, that everything is working correctly..

Other possible driver are b43legacy package firmware-b43legacy-installer and LP-PHY package firmware-b43-lpphy-installer.

For more hardware commands, please read http://magnus-k-karlsson.blogspot.se/2013/01/how-to-install-atheros-ar8161-ethernet.html

Reference

December 7, 2013

The Medibuntu Project has come to an end

For many people the first thing they have done after installing Ubuntu, was to add the Medibuntu repository. But now it is dead. See announcement Here.

But what is the impact? Not much. Ubuntu already offers most of the things that existed in Medibuntu and this only natural progress of the growth of Ubuntu.

December 5, 2013

Managing Network in RHEL 6

Tools

The simplest way to manage network settings is to use the system-config-network tool or the non-graphical variant system-config-network-tui

To start, stop, status all our network devices

$ service network [start|stop|status|restart]

Other useful tools are:

ifconfigDisplay our network settings.
pingUsed for check network connectivity
route -nDisplay routing and Gateway
tracerouteDisplay network routing to a host.
netstat -nrDisplay open ports.

Configuration

Main network configuration file is /etc/sysconfig/network-scripts/ifcfg-<name>.

Hostname

$ hostname 
tester1.example.com

Routing

Local routing for e.g. localhost, but also for static routing.

$ cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

Main routing configuration file. Any changes will be overwritten, unless disabled in above sysconfig network-scripts with PEERDNS=no.

$ cat /etc/resolv.conf 
$ Generated by NetworkManager
search example.com
nameserver 192.168.1.1

Reference

  • network-scripts: /usr/share/doc/initscripts-<version>/sysconfig.txt

November 27, 2013

Using the Automounter Service on RHEL 6

RHEL 6 ships with a convenient network mounter service, the automounter.

To check if the automounter is running.

$ service autofs status
automount (pid  2061) is running...

To use it, simply cd into the /net folder followed by nfs hostname.

$ cd /net/192.168.1.3
[root@tester1 192.168.1.3]# ll
total 0
dr-xr-xr-x. 4 root root 0 Nov 27 22:25 c

The remote network share will be unmounted automatically when unused for a configurable timeout.

$ grep -i timeout /etc/sysconfig/autofs 
...
TIMEOUT=300
...

Managing LVM with RHEL 6

Introduction

LVM (Logical Volume Manager) is a flexible way to handle disk space, since you can increase and decrease file systems, that is not possible to the same extent as in MBR (Master Boot Record) partitioning format.

NOTE: "It is generally recommended that you create a single partition that covers the whole disk to label as an LVM physical volume" [https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Logical_Volume_Manager_Administration/LVM_components.html#multiple_partitions]

The LVM is build up on three cornerstone.

  1. Physical Volume, PV
  2. Volume Group, VG
  3. Logical Volume, LV

Prerequisite

Create a new partition with type 0x8E Linux LVM.

$ fdisk -cu /dev/sda

Command (m for help): n
Command action
   e   extended
   p   primary partition (1-4)
p
Partition number (1-4): 3
First sector (205826048-488397167, default 205826048): 
Using default value 205826048
Last sector, +sectors or +size{K,M,G} (205826048-488397167, default 488397167): +1G

Command (m for help): t
Partition number (1-4): 3
Hex code (type L to list codes): L

 0  Empty           24  NEC DOS         81  Minix / old Lin bf  Solaris        
 1  FAT12           39  Plan 9          82  Linux swap / So c1  DRDOS/sec (FAT-
 2  XENIX root      3c  PartitionMagic  83  Linux           c4  DRDOS/sec (FAT-
 3  XENIX usr       40  Venix 80286     84  OS/2 hidden C:  c6  DRDOS/sec (FAT-
 4  FAT16 <32M      41  PPC PReP Boot   85  Linux extended  c7  Syrinx         
 5  Extended        42  SFS             86  NTFS volume set da  Non-FS data    
 6  FAT16           4d  QNX4.x          87  NTFS volume set db  CP/M / CTOS / .
 7  HPFS/NTFS       4e  QNX4.x 2nd part 88  Linux plaintext de  Dell Utility   
 8  AIX             4f  QNX4.x 3rd part 8e  Linux LVM       df  BootIt         
 9  AIX bootable    50  OnTrack DM      93  Amoeba          e1  DOS access     
 a  OS/2 Boot Manag 51  OnTrack DM6 Aux 94  Amoeba BBT      e3  DOS R/O        
 b  W95 FAT32       52  CP/M            9f  BSD/OS          e4  SpeedStor      
 c  W95 FAT32 (LBA) 53  OnTrack DM6 Aux a0  IBM Thinkpad hi eb  BeOS fs        
 e  W95 FAT16 (LBA) 54  OnTrackDM6      a5  FreeBSD         ee  GPT            
 f  W95 Ext'd (LBA) 55  EZ-Drive        a6  OpenBSD         ef  EFI (FAT-12/16/
10  OPUS            56  Golden Bow      a7  NeXTSTEP        f0  Linux/PA-RISC b
11  Hidden FAT12    5c  Priam Edisk     a8  Darwin UFS      f1  SpeedStor      
12  Compaq diagnost 61  SpeedStor       a9  NetBSD          f4  SpeedStor      
14  Hidden FAT16 <3 63  GNU HURD or Sys ab  Darwin boot     f2  DOS secondary  
16  Hidden FAT16    64  Novell Netware  af  HFS / HFS+      fb  VMware VMFS    
17  Hidden HPFS/NTF 65  Novell Netware  b7  BSDI fs         fc  VMware VMKCORE 
18  AST SmartSleep  70  DiskSecure Mult b8  BSDI swap       fd  Linux raid auto
1b  Hidden W95 FAT3 75  PC/IX           bb  Boot Wizard hid fe  LANstep        
1c  Hidden W95 FAT3 80  Old Minix       be  Solaris boot    ff  BBT            
1e  Hidden W95 FAT1
Hex code (type L to list codes): 8e
Changed system type of partition 3 to 8e (Linux LVM)

Command (m for help): p

Disk /dev/sda: 250.1 GB, 250059350016 bytes
255 heads, 63 sectors/track, 30401 cylinders, total 488397168 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x7f3d8c0f

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *        2048     1026047      512000   83  Linux
/dev/sda2         1026048   205826047   102400000   8e  Linux LVM
/dev/sda3       205826048   207923199     1048576   8e  Linux LVM

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.

WARNING: Re-reading the partition table failed with error 16: Device or resource busy.
The kernel still uses the old table. The new table will be used at
the next reboot or after you run partprobe(8) or kpartx(8)
Syncing disks.

$ reboot

The Most Imported Commands

$ man 8 lvm
...
pvcreate - Initialize a disk or partition for use by LVM.
pvdisplay - Display attributes of a Physical Volume.
...
vgcreate - Create a Volume Group.
vgdisplay - Display attributes of Volume Groups.
vgextend - Add Physical Volumes to a Volume Group.
vgreduce - Reduce a Volume Group by removing one or more Physical Volumes.
...
lvcreate - Create a Logical Volume in an existing Volume Group.
lvdisplay - Display attributes of a Logical Volume.
lvextend - Extend the size of a Logical Volume.
lvreduce - Reduce the size of a Logical Volume.

Create Physical Volume (PV), Volumme Group (VG) and Logical Volume (LV)

First lets create a new physical volume on the prerequisite partition.

$ pvcreate /dev/sda3 

Create volume group vg_test that span entire physical volume /dev/sda3

$ vgcreate vg_test /dev/sda3 
  Volume group "vg_test" successfully created

Create logical volumne with size 500 MB, named lv_test in volume group vg_test.

$ lvcreate -L 500M -n lv_test vg_test

The lvcreate will now create a device block file in /dev/vgName/lvName that we now can create a filesystem on and mount.

$ mkfs -t ext4 /dev/vg_test/lv_test
$ mkdir /data
$ mount /dev/vg_test/lv_test /data

Extends Logical Volume (LV)

Extend the logical volume lv_test with plus 500 MB.

$ lvextend -L +250M /dev/vg_test/lv_test 
  Rounding size to boundary between physical extents: 252.00 MiB
  Extending logical volume lv_test to 752.00 MiB
  Logical volume lv_test successfully resized

Now you need to grow the file system.

$ resize2fs -p /dev/vg_test/lv_test
resize2fs 1.41.12 (17-May-2010)
Filesystem at /dev/vg_test/lv_test is mounted on /data; on-line resizing required
old desc_blocks = 2, new_desc_blocks = 3
Performing an on-line resize of /dev/vg_test/lv_test to 770048 (1k) blocks.
The filesystem on /dev/vg_test/lv_test is now 770048 blocks long.

Verify/test the new size of /data.

$ df -h /data

Reduce Logical Volume (LV)

When reducing a file system, you need to unmount it first.

$ umount /data

Then reduce the actual filesystem.

$ e2fsck -f /dev/vg_test/lv_test
$ resize2fs -p /dev/vg_test/lv_test 512M
resize2fs 1.41.12 (17-May-2010)
Resizing the filesystem on /dev/vg_test/lv_test to 524288 (1k) blocks.
Begin pass 3 (max = 94)
Scanning inode table          XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
The filesystem on /dev/vg_test/lv_test is now 524288 blocks long.

After the actual file system is reduced, we can now shrink the logical volume.

$ lvreduce -L 512M /dev/vg_test/lv_test 
  WARNING: Reducing active logical volume to 512.00 MiB
  THIS MAY DESTROY YOUR DATA (filesystem etc.)
Do you really want to reduce lv_test? [y/n]: y
  Reducing logical volume lv_test to 512.00 MiB
  Logical volume lv_test successfully resized

Finally test/verify, by remounting and check disk space

$ mount /dev/vg_test/lv_test /data
$ df -h /data
Filesystem                   Size  Used Avail Use% Mounted on
/dev/mapper/vg_test-lv_test  496M   11M  461M   3% /data

Extends Volume Group (VG)

First create a new physical volume.

$ pvcreate /dev/sda4
  Physical volume "/dev/sda4" successfully created

Now lets extends existing volume group 'vg_test' with our new physical volume.

$ vgextend vg_test /dev/sda4 
  Volume group "vg_test" successfully extended

And last test/verify.

$ vgdisplay vg_test
  --- Volume group ---
  VG Name               vg_test
  System ID             
  Format                lvm2
  Metadata Areas        2
  Metadata Sequence No  5
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                1
  Open LV               0
  Max PV                0
  Cur PV                2
  Act PV                2
  VG Size               134.73 GiB
  PE Size               4.00 MiB
  Total PE              34492
  Alloc PE / Size       128 / 512.00 MiB
  Free  PE / Size       34364 / 134.23 GiB
  VG UUID               ItBewY-gWvu-tzUx-JIEj-gJb2-d8Jh-HdANUb

Reduce Volume Group (VG)

Remove existing volume group 'vg_test' with physical volume /dev/sda4.

$ vgreduce vg_test /dev/sda4
  Removed "/dev/sda4" from volume group "vg_test"

Test/verify

$ vgdisplay vg_test
  --- Volume group ---
  VG Name               vg_test
  System ID             
  Format                lvm2
  Metadata Areas        1
  Metadata Sequence No  6
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                1
  Open LV               0
  Max PV                0
  Cur PV                1
  Act PV                1
  VG Size               1020.00 MiB
  PE Size               4.00 MiB
  Total PE              255
  Alloc PE / Size       128 / 512.00 MiB
  Free  PE / Size       127 / 508.00 MiB
  VG UUID               ItBewY-gWvu-tzUx-JIEj-gJb2-d8Jh-HdANUb

Reference

  • lvm(8): lvm - LVM2 tools
  • pvcreate(8): pvcreate - initialize a disk or partition for use by LVM
  • vgcreate(8): vgcreate - create a volume group
  • lvcreate(8): lvcreate - create a logical volume in an existing volume group
  • vgextend(8): vgextend - add physical volumes to a volume group
  • vgreduce(8): vgreduce - reduce a volume group
  • lvextend(8): lvextend - extend the size of a logical volume
  • lvreduce(8): lvreduce - reduce the size of a logical volume
  • resize2fs(8): resize2fs - ext2/ext3/ext4 file system resizer

Encrypting Disks with LUKS in RHEL 6

Introduction

LUKS (Linux Unified Key Setup) is a standard for hard disk encryption. LUKS can encrypt both partition and LVM volumes. Here I will encrypt a partition.

Prerequisite

Creata a new partition with fdisk.

$ fdisk -cu /dev/sda

Command (m for help): n
Command action
   e   extended
   p   primary partition (1-4)
p
Partition number (1-4): 3
First sector (205826048-488397167, default 205826048): 
Using default value 205826048
Last sector, +sectors or +size{K,M,G} (205826048-488397167, default 488397167): +1G

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.

WARNING: Re-reading the partition table failed with error 16: Device or resource busy.
The kernel still uses the old table. The new table will be used at
the next reboot or after you run partprobe(8) or kpartx(8)
Syncing disks.

$ reboot 

Enrypt a Partition

First we need to encrypt the partition.

$ cryptsetup luksFormat /dev/sda3 

WARNING!
========
This will overwrite data on /dev/sda3 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase: 
Verify passphrase: 

Next step is to unlock the partition via luksOpen <blockDeviceFile> <luksname>. The cryptsetup will after create a new mapped blocked device file under /dev/mapper/<luksname>.

$ cryptsetup luksOpen /dev/sda3 luksname
Enter passphrase for /dev/sda3:  

Finally we format now the unencrypted partition we a file system and mount it.

$ mkfs -t ext4 /dev/mapper/luksname
$ mkdir /mnt/secret
$ mount /dev/mapper/luksname /mnt/secret

Persistently Mount Encrypted Partition

To make the mounting persisted we normally add the block device file in /etc/fstab, but with encrypted storage we also need to add the encrypted partition to the list of devices to be unlocked during system startup. That is done by adding the luksname and block device file to the /etc/crypttab.

$ vi /etc/crypttab

luksname    /dev/sda3

After that extra step, normally edit /etc/fstab.

$ vi /etc/fstab

/dev/mapper/luksname      /mnt/secret             ext4    defaults        1 2

Automatically Mount Encrypted Partition

To automatically unlock a encrypted partition we need to store the password on disk, has obvious security problems, but if wanted to the following.

$ echo -n "redhat" > /root/lukspassword
$ chown root:root /root/lukspassword
$ chmod 600 /root/lukspassword
$ ll /root/
...
-rw-------. 1 root root     6 Nov 27 12:12 lukspassword

$ cryptsetup luksAddKey /dev/sda3 /root/lukspassword

Now edit /etc/crypttab and add password file.

$ vi /etc/crypttab

luksName    /dev/sda3   /root/lukspassword

Reboot and verify, that no password is needed and that encrypted partition is mounted.

Remove Encrypted Partition

  1. Remove mapped block device file from /etc/fstab.
  2. Remove luksName from /etc/crypttab.
  3. unmount the mapped block device: umount /dev/mapper/luksname.
  4. Lock encrypted partition: cryptsetup luksClose luksname.

Reference

  • cryptsetup(8): cryptsetup - setup cryptographic volumes for dm-crypt (including LUKS extension)
  • crypttab(5): /etc/crypttab - encrypted block device table
  • fstab(5): /etc/fstab - static information about the filesystems

November 26, 2013

Managing Swap Space in RHEL 6

Introduction

The swap space is used by the OS to handle overflow for parts of the RAM that are currently not being used.

The recommended size of the swap space is depending on how much RAM you have.

  • < 2GB RAM, use 2 * RAM
  • >= 2GB RAM, use RAM + 2GB

How to Create a New Swap Partition

$ fdisk -cul /dev/sda

Disk /dev/sda: 250.1 GB, 250059350016 bytes
255 heads, 63 sectors/track, 30401 cylinders, total 488397168 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x7f3d8c0f

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *        2048     1026047      512000   83  Linux
/dev/sda2         1026048   205826047   102400000   8e  Linux LVM
$ fdisk -cu /dev/sda

Command (m for help): m
Command action
   a   toggle a bootable flag
   b   edit bsd disklabel
   c   toggle the dos compatibility flag
   d   delete a partition
   l   list known partition types
   m   print this menu
   n   add a new partition
   o   create a new empty DOS partition table
   p   print the partition table
   q   quit without saving changes
   s   create a new empty Sun disklabel
   t   change a partition's system id
   u   change display/entry units
   v   verify the partition table
   w   write table to disk and exit
   x   extra functionality (experts only)

Command (m for help): n
Command action
   e   extended
   p   primary partition (1-4)
p
Partition number (1-4): 3
First sector (205826048-488397167, default 205826048): 
Using default value 205826048
Last sector, +sectors or +size{K,M,G} (205826048-488397167, default 488397167): +1G

Command (m for help): t
Partition number (1-4): 3
Hex code (type L to list codes): L

 0  Empty           24  NEC DOS         81  Minix / old Lin bf  Solaris        
 1  FAT12           39  Plan 9          82  Linux swap / So c1  DRDOS/sec (FAT-
 2  XENIX root      3c  PartitionMagic  83  Linux           c4  DRDOS/sec (FAT-
 3  XENIX usr       40  Venix 80286     84  OS/2 hidden C:  c6  DRDOS/sec (FAT-
 4  FAT16 <32M      41  PPC PReP Boot   85  Linux extended  c7  Syrinx         
 5  Extended        42  SFS             86  NTFS volume set da  Non-FS data    
 6  FAT16           4d  QNX4.x          87  NTFS volume set db  CP/M / CTOS / .
 7  HPFS/NTFS       4e  QNX4.x 2nd part 88  Linux plaintext de  Dell Utility   
 8  AIX             4f  QNX4.x 3rd part 8e  Linux LVM       df  BootIt         
 9  AIX bootable    50  OnTrack DM      93  Amoeba          e1  DOS access     
 a  OS/2 Boot Manag 51  OnTrack DM6 Aux 94  Amoeba BBT      e3  DOS R/O        
 b  W95 FAT32       52  CP/M            9f  BSD/OS          e4  SpeedStor      
 c  W95 FAT32 (LBA) 53  OnTrack DM6 Aux a0  IBM Thinkpad hi eb  BeOS fs        
 e  W95 FAT16 (LBA) 54  OnTrackDM6      a5  FreeBSD         ee  GPT            
 f  W95 Ext'd (LBA) 55  EZ-Drive        a6  OpenBSD         ef  EFI (FAT-12/16/
10  OPUS            56  Golden Bow      a7  NeXTSTEP        f0  Linux/PA-RISC b
11  Hidden FAT12    5c  Priam Edisk     a8  Darwin UFS      f1  SpeedStor      
12  Compaq diagnost 61  SpeedStor       a9  NetBSD          f4  SpeedStor      
14  Hidden FAT16 <3 63  GNU HURD or Sys ab  Darwin boot     f2  DOS secondary  
16  Hidden FAT16    64  Novell Netware  af  HFS / HFS+      fb  VMware VMFS    
17  Hidden HPFS/NTF 65  Novell Netware  b7  BSDI fs         fc  VMware VMKCORE 
18  AST SmartSleep  70  DiskSecure Mult b8  BSDI swap       fd  Linux raid auto
1b  Hidden W95 FAT3 75  PC/IX           bb  Boot Wizard hid fe  LANstep        
1c  Hidden W95 FAT3 80  Old Minix       be  Solaris boot    ff  BBT            
1e  Hidden W95 FAT1
Hex code (type L to list codes): 82
Changed system type of partition 3 to 82 (Linux swap / Solaris)

Command (m for help): p

Disk /dev/sda: 250.1 GB, 250059350016 bytes
255 heads, 63 sectors/track, 30401 cylinders, total 488397168 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x7f3d8c0f

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *        2048     1026047      512000   83  Linux
/dev/sda2         1026048   205826047   102400000   8e  Linux LVM
/dev/sda3       205826048   207923199     1048576   82  Linux swap / Solaris

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.

WARNING: Re-reading the partition table failed with error 16: Device or resource busy.
The kernel still uses the old table. The new table will be used at
the next reboot or after you run partprobe(8) or kpartx(8)
Syncing disks.

$ reboot 

After reboot we need to format the new swap partition.

$ mkswap /dev/sda3 
Setting up swapspace version 1, size = 1048572 KiB
no label, UUID=b28d9a2c-51a4-45e8-a0d3-d4b457afa359

Next step is to activating it.

$ swapon -a /dev/sda3

To verify/list current swap spaces.

$ swapon -s
Filename    Type  Size Used Priority
/dev/dm-0                               partition 4095992 0 -1
/dev/sda3                               partition 1048568 0 -2

To make this new swap space persistent, we need to add this new swap space to /etc/fstab.

$ blkid /dev/sda3 
/dev/sda3: UUID="b28d9a2c-51a4-45e8-a0d3-d4b457afa359" TYPE="swap"

$ vi /etc/fstab 

UUID=b28d9a2c-51a4-45e8-a0d3-d4b457afa359 swap                    swap    defaults        0 02

Reboot and verify that new swap space is active.

How to Remove a Swap Partition

First deactive it.

$ swapoff /dev/sda3

Verify it is no longer active.

$ swapon -s
Filename    Type  Size Used Priority
/dev/dm-0                               partition 4095992 0 -1

IF YOU HAVE ADDED IT TO /etc/fstab, DO NOT FORGET TO REMOVE IT FROM THERE AS WELL!

Managing Partions With RHEL 6

Introduction

Most Linux distrobution, which is also the case with RHEL 6, uses the MBR (Master Boot Record) partitioning format. The MBR is designed to hold up to maximum 4 primary partition. If more is needed, you must use one primary as extended partition. And do not forget to let the extended partition use all remaining disk space. After creating an extended partition, you can create logical partition on the extended partiti

Graphical Tool

In a desktop RHEL, there is the graphical tool for managing our partition - palimpsest.

$ yum install gnome-disk-utility

A never GUI tool that is maybe better is parted. The good thing with this tool is that it also can resize and copy partitions.

$ yum install parted

Command Line

At the command line, you have the fdisk tool. When using the fdisk tool always use the following options:

  • -c Switch off DOS-compatible mode.
  • -u When listing partition tables, give sizes in sectors instead of cylinders.

Lets get started with fdisk and create a new primary partition.

$ fdisk -cu /dev/sda

Command (m for help): m
Command action
   a   toggle a bootable flag
   b   edit bsd disklabel
   c   toggle the dos compatibility flag
   d   delete a partition
   l   list known partition types
   m   print this menu
   n   add a new partition
   o   create a new empty DOS partition table
   p   print the partition table
   q   quit without saving changes
   s   create a new empty Sun disklabel
   t   change a partition's system id
   u   change display/entry units
   v   verify the partition table
   w   write table to disk and exit
   x   extra functionality (experts only)

Command (m for help): p

Disk /dev/sda: 250.1 GB, 250059350016 bytes
255 heads, 63 sectors/track, 30401 cylinders, total 488397168 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x7f3d8c0f

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *        2048     1026047      512000   83  Linux
/dev/sda2         1026048   205826047   102400000   8e  Linux LVM

Command (m for help): n
Command action
   e   extended
   p   primary partition (1-4)
p
Partition number (1-4): 3
First sector (205826048-488397167, default 205826048): 
Using default value 205826048
Last sector, +sectors or +size{K,M,G} (205826048-488397167, default 488397167): +500M

Command (m for help): p

Disk /dev/sda: 250.1 GB, 250059350016 bytes
255 heads, 63 sectors/track, 30401 cylinders, total 488397168 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x7f3d8c0f

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *        2048     1026047      512000   83  Linux
/dev/sda2         1026048   205826047   102400000   8e  Linux LVM
/dev/sda3       205826048   206850047      512000   83  Linux

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.

WARNING: Re-reading the partition table failed with error 16: Device or resource busy.
The kernel still uses the old table. The new table will be used at
the next reboot or after you run partprobe(8) or kpartx(8)
Syncing disks.

$ reboot

After reboot you can check your new primary partition.

$ fdisk -cul /dev/sda

Disk /dev/sda: 250.1 GB, 250059350016 bytes
255 heads, 63 sectors/track, 30401 cylinders, total 488397168 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x7f3d8c0f

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *        2048     1026047      512000   83  Linux
/dev/sda2         1026048   205826047   102400000   8e  Linux LVM
/dev/sda3       205826048   206850047      512000   83  Linux

Now lets create an ext4 file system on the new primary partition.

$ mkfs -t ext4 /dev/sda3

And mount it.

$ mkdir /extra
$ mount /dev/sda3 /extra

If you want RHEL to automatically mount your new partition at boot, you need to add that to /etc/fstab. And the recommended way to identify the partition is with it's UUID.

$ blkid /dev/sda3

$ vi /etc/fstab

UUID=b2b97c2f-f0cb-4b41-b297-7f7d36d2efd0 /extra                   ext4    defaults        1 2

And finally save and reboot.

November 25, 2013

How to Mount an USB Device in Linux

Short Version

1. Before inserting the USB, check which disks you already have.

$ ll /dev/sd*
brw-rw----. 1 root disk 8, 0 Nov 24 19:41 /dev/sda
brw-rw----. 1 root disk 8, 1 Nov 24 19:41 /dev/sda1
brw-rw----. 1 root disk 8, 2 Nov 24 19:41 /dev/sda2

2. Create a new directory under /mnt to which you will mount your USB.

$ mkdir /mnt/usb

3. Now insert the USB and mount it.

$ mount /dev/sdb <hit tab>
sdb sdb1

$ mount /dev/sdb1 /mnt/usb

4. Now you are ready to read and write to your USB.

5. To unmount.

$ umount /mnt/usb

Longer Version

In Linux a storage device is represented by a device file in /dev/.

The three letter naming convention for storage devices in Linux are:

  1. s - storage
  2. d - disc (such as SCSI, USB, SATA), cd - cd or dvd
  3. litteral order character, starting with a, then b, c, etc

Example: /dev/sda (SCSI, USB, SATA), /dev/sdb (SCSI, USB, SATA), /dev/scd (CD/DVD)

These device files represent the whole drive. Each drive is partitioned into partition. The first partition receives order number one, the next one two, etc

When a new storage device is added it will receive the last character order literal, here it is b (/dev/sdb). Another way to find out the device file is to tail the dmesg log file.

$ less /var/log/dmesg <hit enter>

...
<press shift+f (follow)>
Waiting for data... (interrupt to abort)

<Now insert USB>

sd ... [sdb] Assuming drive cache: write through
<press ctrl+c (quite)>

Here we see that the USB was allocated device name sdb. But when you mount you mount to a partition that contains a file system. And in general, most USB only have one partition, hence sdb1.

November 24, 2013

Securing SSH with Public/Private Key Authentication

The motive for using public/private key authentication are:

  1. Firstly for convinience, you no longer need to enter password (unless you encrypt your keys with password protected).
  2. Secondly, ones setup, you can remove password protection, which is a big cracking hole.

Prerequisite

The remote user needs to exist on the remote server. If it does not. Create it. And at least LOGIN ONES, so that it's home directory is created. Otherwise you can eagerly created the home directory when you add the user.

Here I will use the existing user root, for simplicity.

Client Side

Generate public and private keys, with NO password protection. I will here use the RSA algorithm and key length 2048 bits.

$ ssh-keygen -b 2048 -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/magnus/.ssh/id_rsa): <Enter>
Enter passphrase (empty for no passphrase): <Enter>
Enter same passphrase again: <Enter>
Your identification has been saved in /home/magnus/.ssh/id_rsa.
Your public key has been saved in /home/magnus/.ssh/id_rsa.pub.
The key fingerprint is:
90:da:b5:5a:db:59:be:34:04:6a:99:81:c3:d5:5d:25 magnus@tester1.example.com
The key's randomart image is:
+--[ RSA 2048]----+
|        .. . .E..|
|     . +  . .  . |
|      * o .      |
|     o + * .     |
|    . . S   o    |
|       + o =     |
|      . . o +    |
|           . o   |
|            .    |
+-----------------+

Next make sure that the ssh key directory and private key has proper file permission

$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/id_rsa

The last step is to copy the client public key to the server. You can either do that manually, or with the ssh-copy-id tool. Here I will use the tool.

$ ssh-copy-id -i ~/.ssh/id_rsa.pub root@remoteserver

If you were setting up public/private key authentication for a different user, please replace root in above command with you user.

Server Side

On the server side, open /etc/ssh/sshd_config and enable public/private key authentication

PubkeyAuthentication yes

Then restart the ssh daemon service.

$ service sshd restart

And finally verify that the keys directory and files have the proper file permission and SELinux type for your user.

$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/id_rsa

$ restorecon -Rv ~/.ssh

Test

Finally you need to test, to verify the installation. On the client machine switch to the user you had setup for and

$ ssh <your_user>@remoteserver

RHEL: How to Switch Users in Multiuser Runlevels

Switching User

To switch to a different user, e.g. student, run

$ su - student

To switch to root

$ su -

Runlevels

Most Linux distribution can be ran in 5 different runlevels. Runlevel 0 and 6 are special, which you can see below.

  • 0 - Shutdown
  • 1 - Single user mode, without network
  • 2 - Multiuser, without NFS (The same as 3, if you do not have networking)
  • 3 - Full multiuser mode, with network.
  • 4 - Unused
  • 5 - X11, graphical mode with network
  • 6 - Reboot

To see the current runlevel, type:

$ runlevel

The default runlevel is set in /etc/inittab.

How to Switch Runlevels

You can switch the runlevel with init, e.g. init 3. But from the graphical mode, there is also a keyboard shortcut.

ctrl + alt + F1 - for init 1, ctrl + alt + F2 - for init 2, etc.

November 23, 2013

Accessing Network Files via NFS and CIFS in Linux

Working with remote file system under Linux is not hard. Below I will show how to use the two most common remote file system used:

  • NFS - Network File System
  • CIFS - Common Internet File System

NFS

Show the NFS server’s export list.

$ showmount -e nfsserver.domain.com

Mount. Note that the directory /remote must exist before mount, if not create it with mkdir /remotenfs.

$ mount nfsserver.domain.com:/c/media /remotenfs

Unmount file systems

$ umount /remotenfs

CIFS

CIFS is the underlying remote file protocol used for samba server and which is the most common file server when having a mixed client environment with Windows and Linux.

Install client library

$ yum install samba-client

Show the CIFS server’s sharenames.

$ smbclient -L nfsserver.domain.com

Mount. Note that the directory /remote must exist before mount, if not create it with mkdir /remotecifs.

$ mount //cifsserver.domain.com/media /remotecifs

Unmount file systems

$ umount /remotecifs

Common vi commands

Most Linux server runs without a graphical interface and the most sure installed editor for file is the vi editor. But getting used with vi can be a little challenging. Below I will show you the most common vi commands.

Openvi file.txt
Close without saving:q!
Inserti
Quite editingESC
Write and close:wq
Copy line and paste lineyy + p
Delete line and paste linedd + P (capital)
Change wordcw
Browse to next workw
Browse to previous workb
Go to first line1G
Go to last lineG

Linux File and Special Permission

File Permission

The simplest file permission in Linux are the r (read), w (write), x (executable). These file permission yields for u (user), g (group) and o (other). They can be set both:

  • Symbolically: +-r, +-w, +-x
  • Numerically: r=4, w=2, x=1

Special Permission

There are three special permission: setuid, setgid and sticky. They can be both applied to files and directories, but then have different meanings.

Special Permission File Directory
setuid Only meaning for executable file: The executable file be be run as the file owner, not as the user that executes it.

Example /usr/bin/passwd
No effect.
setgid Only meaning for executable file: The executable file be be run as the file group, not as the user that executes it. All newly created file in directory, will inherit the parent directory group permission.
sticky No effect. All files created with a user that have write permission for a specific file can only remove that file, except for root.

Example: /tmp

To set the special permission:

  • Symbolically: setuid=u+s, setgid=g+s, sticky=o+t
  • Numerically: setuid=4, setgid=2, sticky=1

October 17, 2013

Java EE 7 released and Packt Publishing is having 50% sales

Before and after Oracle was buying Sun, the development of the Java language slowed down. But now Oracle is picking up speed. The Java Enterprise Edition 6 was released in December 2009 but now this summer, EE 7 was released. Not bad. So if you want to get up to speed with the new feature in EE7 and read ebooks the Packt Publishing is having a 50% sales on all its ebooks, so feel free to check it out on http://bit.ly/1bqvB29 and use the discount code COL50.

October 3, 2013

Keeping track of the different component version in EE 6 and EE 7

The Java Enterprise Edition has changed a lot from previously making heavy usage of XML configuration and now using Annotation instead, which leaves XML files almost empty compared to older EE version. But all these changes is also a headache to developers that must keep track of the different version in the different EE version. A good summary site for that is

http://www.oracle.com/webfolder/technetwork/jsc/xml/ns/javaee/index.html#6

and for JPA

http://www.oracle.com/webfolder/technetwork/jsc/xml/ns/persistence/index.html

And another good reference site for JPA is

http://en.wikibooks.org/wiki/Java_Persistence

Getting started with GNOME 3 on Fedora 19

At work I usually work at the server side which means in most cases for Java project, working with some sort of Linux distro. One popular Linux distro for server are Red Hat Enterprise Linux, RHEL. But using RHEL is not meant for using at the client side. And the closest thing to RHEL at the client is Fedora (both supported by Red Hat).

It's been a while since I used Fedora and a lot have happened. And for you guys out there that are starting to use Fedora or any other Linux distro that are using GNOME, I can warmly recommend this easy to use site:

https://extensions.gnome.org/

On this site you can easily install and configure GNOME 3 tweak, such as my favorite Dash to Dock - https://extensions.gnome.org/extension/307/dash-to-dock/. Which is my first GNOME tweak I installed after installing Fedora 19.

Review of Instant Apache Wicket 6

In the last day I had the pleasure to read a beginners book for Apache Wicket 6 - Instant Apache Wicket 6 http://bit.ly/15w4LEI. The book is good, it takes the reader through the most imported steps to get started with Apache Wicket. Such as creating a new project, how to use the fast jetty web server to view your wicket pages and maybe the most imported thing. How to debug a wicket application with Eclipse IDE. So if you are looking for a beginners book for Apache Wicket 6 I can recommend this book.

But with all beginners book you should always be a little careful when completely copying beginners example code into your production code. Such an example in this book is the login example. Creating safe login code is actually a little tricky and requires extra care. Things that you must take into consideration when creating login code are:

  • Login pages must be completely stateless, which means ones submitted from the client, they must be totally forgotten. You do not want sensitive data, such password, be accessible when clicking browse back. Or be kept in server session cache. Apache Wicket is out-of-box almost always stateful.
  • Paying extra care of session management is always imported. Use cookie to store client session id and not URL, which are cached in web server log, proxy log, client web browser history, etc.
  • Always set session timeout.
  • Make cookie not accessible for other sites client script, which you hinder by using http only flag.
  • And of course always use SSL, even for login pages.

Above is just a handful of things that you should pay attention to when developing security code.

I'm a great Wicket fan and wicket have a lot of ready to use graphical component, such DatePicket, Paginated List, Sortable List, Multiple File Upload, etc. You can see a lot of them in action on http://www.wicket-library.com/wicket-examples/index.html.

Also if you need more Wicket component, look at the different wicketstuff project. To get an overview on them all search maven central repo at http://search.maven.org/#search|ga|1|org.wicketstuff.

August 22, 2013

Complete Configuration of MySQL 5 DataSource in JBoss EAP 6

Introduction

Here I will describe how to configure a MySQL 5 DataSource for JBoss EAP 6.

Install MySQL JDBC Driver as JBoss EAP 6 Module

Create a new directory under modules and a new module.xml file.

$ mkdir -p $JBOSS_HOME/modules/com/mysql/main/
$ touch $JBOSS_HOME/modules/com/mysql/main/module.xml

Download the MySQL JDBC driver and put it in the same catalog as module.xml. If necessary correct resource path below, with the downloaded jdbc driver file name.

<?xml version="1.0" encoding="UTF-8"?>
<module xmlns="urn:jboss:module:1.1" name="com.mysql">
  <resources>
    <resource-root path="mysql-connector-java-5.1.19.jar"/>
  </resources>
  <dependencies>
    <module name="javax.api"/>
    <module name="javax.transaction.api"/>
  </dependencies>
</module>

If this is a server installation make sure that the new directories and files get the right permission.

Configure JBoss EAP 6 DataSource

Here we will use JBoss EAP 6 in standalone mode, but if you like to use the domain mode, the configuration is the same. Open $JBOSS_HOME/standalone/configuration/standalone.xml.

        <subsystem xmlns="urn:jboss:domain:datasources:1.1">
            <datasources>

                ...                

                <datasource jndi-name="java:jboss/datasources/ExampleInfinispanDS" pool-name="ExampleInfinispanDS" enabled="true" use-java-context="true" use-ccm="true">
                    <connection-url>jdbc:mysql://localhost:3306/EXAMPLEINFINISPAN</connection-url>
                    <driver>mysql</driver>
                    <transaction-isolation>TRANSACTION_READ_COMMITTED</transaction-isolation>
                    <pool>
                        <min-pool-size>10</min-pool-size>
                        <max-pool-size>100</max-pool-size>
                        <prefill>true</prefill>
                    </pool>
                    <security>
                        <user-name>root</user-name>
                        <password>root</password>
                    </security>
                    <validation>
                        <valid-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLValidConnectionChecker"/>
                        <exception-sorter class-name="org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLExceptionSorter"/>
                    </validation>
                    <timeout>
                        <!-- using default timeout values -->
                    </timeout>
                    <statement>
                        <prepared-statement-cache-size>100</prepared-statement-cache-size>
                        <share-prepared-statements>true</share-prepared-statements>
                    </statement>
                </datasource>
                <drivers>

                    ...

                    <driver name="mysql" module="com.mysql">
                        <datasource-class>com.mysql.jdbc.jdbc2.optional.MysqlDataSource</datasource-class>
                    </driver>
                </drivers>
            </datasources>
        </subsystem>

Reference

August 21, 2013

Configure UsersRolesLoginModule for JBoss EAP 6

Introduction

In this blog I will show you how to configure a simple JAAS login module, that holds username, passwords and roles in properties file. The login module for this job is org.jboss.security.auth.spi.UsersRolesLoginModule.

Finding the correct source code and documentation for the JBoss EAP 6 login modules, can be a bit tricky and the reason for that, is that the concrete implementation for them are hosted in the sister project Picketbox. For example the exact version that is shipped with JBoss EAP 6.1.0 is 4.0.17.Final-redhat-1. And the jar is located under $JBOSS_HOME/modules/system/layers/base/org/picketbox/main/.

The UsersRolesLoginModule has more to offer than I will show you here, and that is to store the password scrambled and not in clear text. But since the UsersRolesLoginModule is merely for test purpose, I will leave that out here.

Configuration

I will use JBoss EAP 6 in standalone mode, which means that the JBoss configuration file is $JBOSS_HOME/standalone/configuration/standalone.xml. Open it and add the below JAAS security-domain.

        <subsystem xmlns="urn:jboss:domain:security:1.2">
            ...
            <security-domains>
                <security-domain name="basic-policy" cache-type="default">
                    <authentication>
                        <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
                            <module-option name="usersProperties" value="${jboss.server.config.dir}/basic-user.properties"/>
                            <module-option name="rolesProperties" value="${jboss.server.config.dir}/basic-roles.properties"/>
                        </login-module>
                    </authentication>
                </security-domain>
            </security-domains>
        </subsystem>

Create Users and Assing Roles

Creating users and theirs associated roles are easy since them are located in clear plain text files located under $JBOSS_HOME/standalone/configuration/. Here I will only create one user and one role, but you can create as many as you please.

$ echo "admin=password" > $JBOSS_HOME/standalone/configuration/basic-user.properties

$ echo "admin=ROLE_FOO" > $JBOSS_HOME/standalone/configuration/basic-roles.properties

Configuration

The easiest way to test the security, is to either take an existing war project or create a new zip file add a welcome file (index.html), web.xml and jboss-web.xml. Either way the relevant configuration for the web.xml is below.

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
    version="3.0">

    ...

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Foo Pages</web-resource-name>
            <url-pattern>/*</url-pattern>
            <!-- Do not specify http-method, since then only specified http-method 
                will be authenticated, not e.g. JUNK (attack) -->
        </web-resource-collection>

        <auth-constraint>
            <description>These are the roles who have access.</description>
            <role-name>ROLE_FOO</role-name>
        </auth-constraint>

        <user-data-constraint>
            <description>This is how the user data must be transmitted.</description>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>

    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>basic-policy</realm-name>
    </login-config>

    <security-role>
        <role-name>ROLE_FOO</role-name>
    </security-role>

    <welcome-file-list>
        <welcome-file>/index.html</welcome-file>
    </welcome-file-list>

    <session-config>
        <!-- Session timeout after X MINUTES after no user interaction. -->
        <session-timeout>15</session-timeout>
        <cookie-config>
            <!-- XSS attack: make sure that cookie cannot be accessed via client 
                side scripts -->
            <http-only>true</http-only>
            <!-- CSRF attack, session hijack attack: require cookie can only be used 
                for SSL communication. -->
            <secure>true</secure>
        </cookie-config>
        <!-- Do not use URL, since then it can be stored in numerous places: browser 
            history, proxy server log, referrer logs, web logs, etc. -->
        <tracking-mode>COOKIE</tracking-mode>
    </session-config>

    <!-- Custom error pages are handled in custom ErrorReportValve in jbossweb module -->

</web-app>

And the relevant portion in jboss-web.xml.

<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
    <context-root>/example-app</context-root>
    <security-domain>java:/jaas/basic-policy</security-domain>
</jboss-web>

August 20, 2013

Configure ActiveMQ 5.8.0 to use MySQL as Persistence Mechanism

Introduction

In this blog I will show you how to change, the default persistence mechanism in Apache ActiveMQ 5.8.0 from KahaDB to instead use a RDBMS. And here I will use MySQL 5, but ActiveMQ supports most of the major vendor of RDBMS.

Install MySQL JDBC Driver

Download driver from maven central repo:
http://search.maven.org/#artifactdetails%7Cmysql%7Cmysql-connector-java%7C5.1.19%7Cjar.

Copy to $ACTIVEMQ_HOME/lib/optional/.

Create ActiveMQ database

Log into mysql and create ActiveMQ database.

$ mysql -u root -p
Enter password: 

mysql> CREATE SCHEMA `activemq` DEFAULT CHARACTER SET utf8 COLLATE utf8_swedish_ci;

Configure MySQL as persistence storage

Open the ActiveMQ configuration, $ACTIVEMQ_HOME/conf/activemq.xml, and add mysql datasource, comment/remove the default KahaDB and finally add the RDBMS persistence adapter.

<beans ...>
    ...
    </bean>

    <!-- MySql DataSource Sample Setup -->
    <bean id="mysql-ds" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
        <property name="driverClassName" value="com.mysql.jdbc.Driver"/>
        <property name="url" value="jdbc:mysql://localhost:3306/activemq"/>
        <property name="username" value="root"/>
        <property name="password" value="root"/>
        <property name="maxActive" value="200"/>
        <property name="poolPreparedStatements" value="true"/>
    </bean>

    <broker ...>
        ...

        <!-- Comment out the default storage adapter
        <persistenceAdapter>
            <kahaDB directory="${activemq.data}/kahadb"/>
        </persistenceAdapter>
        -->

        <persistenceAdapter>
            <jdbcPersistenceAdapter dataSource="#mysql-ds" />
        </persistenceAdapter> 

        ...
    </broker>
    ...
</beans>

Test

Now we are ready to test the installation. Restart activemq and check the activemq log for errors, $ACTIVEMQ_HOME/data/activemq.log.

You can also open the activemq web console, to verify that things are working:
URL: http://localhost:8161/admin/
Username: admin
Password: admin

Now lets really test the installation from the activemq web console you can send message. From the web console click Send and choose to send a text message to a new queue.

Afterwards we can check that the message is sent to the queue, by clicking on Queue and our new queue foo.bar. And there see your text message.

You could also verify that the message is really persistent in MySQL by querying your database.

$mysql> SELECT ID, CONTAINER, MSGID_PROD, MSGID_SEQ FROM activemq.ACTIVEMQ_MSGS;

August 18, 2013

Configure Redelivery for ActiveMQ 5.8 Resource Adapter in JBoss EAP 6

In this blog I will show you how to setup ActiveMQ resource adapter in JBoss EAP 6 and then test different redelivery policies.

Before we begin, we need to download the latest Apache ActiveMQ binaries and unzip it. To start, stop and check status we use the activemq script located in the bin folder.

$ ACTIVEMQ_HOME/bin/activemq [start|stop|status]

After started the ActiveMQ, we can test the installation by open a web browser and open http://localhost:8161/admin/. The default username is admin and default password is admin.

Now we need to configure JBoss. In this blog we will use JBoss EAP 6.1.0. Download it and unzip it.

The next thing we need to do is to download the Apache ActiveMQ resource adapter. You can find it from maven central repo – http://search.maven.org/remotecontent?filepath=org/apache/activemq/activemq-rar/5.8.0/activemq-rar-5.8.0.rar.

JBoss EAP 6 can be run in two different modes – standalone and domain mode. In this blog we will be using standalone mode, but if you need to run JBoss in domain the below configuration is basically the same.

Now deploy the resource adapter to $JBOSS_HOME/standalone/deployment

Now we are ready to configure JBoss. Open $JBOSS_HOME/standalone/configuration/standalone.xml

        <subsystem xmlns="urn:jboss:domain:resource-adapters:1.1">
            <resource-adapters>
                <resource-adapter id="activemq-rar-5.8.0.rar">
                    <archive>
                        activemq-rar-5.8.0.rar
                    </archive>
                    <transaction-support>LocalTransaction</transaction-support>
                    <config-property name="InitialRedeliveryDelay">
                        1000
                    </config-property>
                    <config-property name="MaximumRedeliveries">
                        5
                    </config-property>
                    <config-property name="RedeliveryUseExponentialBackOff">
                        false
                    </config-property>
                    <config-property name="RedeliveryBackOffMultiplier">
                        5
                    </config-property>
                    <config-property name="ServerUrl">
                        failover:(tcp://127.0.0.1:61616)
                    </config-property>
                    <connection-definitions>
                        <connection-definition class-name="org.apache.activemq.ra.ActiveMQManagedConnectionFactory" jndi-name="java:jboss/activemq/ConnectionFactory" enabled="true" use-java-context="true" pool-name="ConnectionFactory">
                            <pool>
                                <min-pool-size>10</min-pool-size>
                                <max-pool-size>100</max-pool-size>
                                <prefill>true</prefill>
                            </pool>
                        </connection-definition>
                    </connection-definitions>
                    <admin-objects>
                        <admin-object class-name="org.apache.activemq.command.ActiveMQQueue" jndi-name="java:jboss/activemq/queue/FooQueue" enabled="true" use-java-context="true" pool-name="FooQueue">
                            <config-property name="PhysicalName">
                                FooQueue
                            </config-property>
                        </admin-object>
                    </admin-objects>
                </resource-adapter>
            </resource-adapters>
        </subsystem>

The last thing we also need is to configure mdb support for the standalone configuration.

        <subsystem xmlns="urn:jboss:domain:ejb3:1.4">
            ...
            </session-bean>
            <mdb>
                <resource-adapter-ref resource-adapter-name="activemq-rar-5.8.0.rar"/>
                <bean-instance-pool-ref pool-name="mdb-strict-max-pool"/>
            </mdb>
            <pools>
            ...
        </subsystem>

Now we are to test the installation. We do that by creating a simple MDB, that prints out incoming JMS messages and then rollbacks the MDB transaction.

package se.msc.example.mdb;

import javax.annotation.Resource;
import javax.ejb.ActivationConfigProperty;
import javax.ejb.MessageDriven;
import javax.ejb.MessageDrivenContext;
import javax.ejb.TransactionAttribute;
import javax.ejb.TransactionAttributeType;
import javax.jms.JMSException;
import javax.jms.Message;
import javax.jms.MessageListener;

@MessageDriven(name = "FooMDB", activationConfig = {
        @ActivationConfigProperty(propertyName = "destinationType", propertyValue = "javax.jms.Queue"),
        @ActivationConfigProperty(propertyName = "destination", propertyValue = "FooQueue"),
        @ActivationConfigProperty(propertyName = "acknowledgeMode", propertyValue = "Auto-acknowledge") })
public class FooMDB implements MessageListener {

    @Resource
    private MessageDrivenContext mdc;

    @TransactionAttribute(TransactionAttributeType.REQUIRED)
    public void onMessage(Message msg) {
        try {
            System.out.println("mdb recieved, redelivered="
                    + msg.getJMSRedelivered());
        } catch (JMSException e) {
            e.printStackTrace();
        }

        mdc.setRollbackOnly();
    }

}

As test client we can send jms message from the ActiveMQ web console

Below follows different test results for different redelivery configuration

InitialRedeliveryDelay=1000
MaximumRedeliveries=5
RedeliveryUseExponentialBackOff=false
RedeliveryBackOffMultiplier=5
                    
18:57:51,140 INFO  [stdout] (default-threads - 2) mdb recieved, redelivered=false
18:57:52,220 INFO  [stdout] (default-threads - 3) mdb recieved, redelivered=true
18:57:53,256 INFO  [stdout] (default-threads - 4) mdb recieved, redelivered=true
18:57:54,296 INFO  [stdout] (default-threads - 5) mdb recieved, redelivered=true
18:57:55,334 INFO  [stdout] (default-threads - 6) mdb recieved, redelivered=true
18:57:56,365 INFO  [stdout] (default-threads - 7) mdb recieved, redelivered=true

-----------------------------------------------------------------------------------------------

InitialRedeliveryDelay=1000
MaximumRedeliveries=5
RedeliveryUseExponentialBackOff=true
RedeliveryBackOffMultiplier=5

19:55:21,453 INFO  [stdout] (default-threads - 2) mdb recieved, redelivered=false
19:55:26,495 INFO  [stdout] (default-threads - 3) mdb recieved, redelivered=true
19:55:51,503 INFO  [stdout] (default-threads - 4) mdb recieved, redelivered=true
19:57:56,510 INFO  [stdout] (default-threads - 5) mdb recieved, redelivered=true
20:08:21,516 INFO  [stdout] (default-threads - 6) mdb recieved, redelivered=true
21:00:26,523 INFO  [stdout] (default-threads - 7) mdb recieved, redelivered=true

delta1 = 5s (calculated value 1*5)
delta2 = 25s (calculated value 5*5)
delta3 = 125s (calculated value 25*5)
delta4 = 625s (calculated value 125*5)
delta5 = 3125s (calculated value 625*5)

-----------------------------------------------------------------------------------------------

InitialRedeliveryDelay=2000
MaximumRedeliveries=5
RedeliveryUseExponentialBackOff=true
RedeliveryBackOffMultiplier=5
                    
22:28:52,542 INFO  [stdout] (default-threads - 2) mdb recieved, redelivered=false
22:29:02,598 INFO  [stdout] (default-threads - 3) mdb recieved, redelivered=true
22:29:52,604 INFO  [stdout] (default-threads - 4) mdb recieved, redelivered=true
22:34:02,609 INFO  [stdout] (default-threads - 5) mdb recieved, redelivered=true

delta1 = 10s (calculated value 2*5)
delta2 = 50s (calculated value 10*5)
delta3 = 250s (calculated value 50*5)
-----------------------------------------------------------------------------------------------    

References

July 10, 2013

Make Samsung Galaxy S3 with Android 4 work on Ubuntu

In the latest Ubuntu 13.04, the Ubuntu team has upgraded the MTP support, so you now can connect you mobile phone with Ubuntu. But if you are looking for a more stable version of Ubuntu, I recommend that you use a LTS (Long Term Support) version. Which currently is version 12.04.

But when using 12.04, it lack the Android 4 support. But that can be fixed with following the instruction found here http://www.webupd8.org/2013/01/upgrade-to-gvfs-with-mtp-support-in.html.

June 13, 2013

Configure High-Availability Clustering using TCP Unicast with JBoss EAP 6, HTTPD, mod_cluster on RHEL 6

In my previous blogs I have written about HA in JBoss EAP 6 with Apache Webserver (httpd) and that is all done with UDP multicast. In this blog I will show you how to do it with TCP unicast.

/etc/httpd/conf.d/mod_cluster.conf

# mod_proxy_balancer should be disabled when mod_cluster is used
LoadModule proxy_cluster_module modules/mod_proxy_cluster.so
LoadModule slotmem_module modules/mod_slotmem.so
LoadModule manager_module modules/mod_manager.so
LoadModule advertise_module modules/mod_advertise.so

MemManagerFile /var/cache/mod_cluster

<IfModule manager_module>
  #Listen 6666
  <VirtualHost *:80>

    KeepAliveTimeout 300
    MaxKeepAliveRequests 0
    EnableMCPMReceive on
    
    #ServerAdvertise on http://127.0.0.1:6666
    ServerAdvertise off
    AdvertiseFrequency 5
    #AdvertiseSecurityKey secret  
    #AdvertiseGroup 224.0.1.105:23364
 
    #AllowDisplay On
 
    <Location /mod_cluster_manager>
      SetHandler mod_cluster-manager
      Order deny,allow
      Deny from all
      Allow from 127.0.0.1
    </Location>
  </VirtualHost>
</IfModule> 

standalone-ha.xml

In this example we are going to run all JBoss EAP server on the same machine and we are using standalone mode for simplicity reason. But the same apply if you want to run domain mode.

First configure JGroups to use TCP unicast.

        <subsystem xmlns="urn:jboss:domain:jgroups:1.1" default-stack="tcpping">
            ...
            <stack name="tcpping">
                <transport type="TCP" socket-binding="jgroups-tcp"/>
                <protocol type="TCPPING">
                    <property name="initial_hosts">127.0.0.1[7600],127.0.0.1[7800]</property>
                    <property name="port_range">0</property>
                    <property name="timeout">3600</property>
                    <property name="num_initial_members">2</property>
                </protocol>
                <protocol type="MERGE2"/>
                <protocol type="FD_SOCK" socket-binding="jgroups-tcp-fd"/>
                <protocol type="FD"/>
                <protocol type="VERIFY_SUSPECT"/>
                <protocol type="BARRIER"/>
                <protocol type="pbcast.NAKACK"/>
                <protocol type="UNICAST2"/>
                <protocol type="pbcast.STABLE"/>
                <protocol type="pbcast.GMS"/>
                <protocol type="UFC"/>
                <protocol type="MFC"/>
                <protocol type="FRAG2"/>
                <protocol type="RSVP"/>
            </stack>
        </subsystem>

Secondly we need to configure modcluster subsystem in JBoss EAP 6 and set advertise="false" and proxy-list="127.0.0.1:80".

        <subsystem xmlns="urn:jboss:domain:modcluster:1.1">
            <mod-cluster-config advertise-socket="modcluster" proxy-list="127.0.0.1:80" advertise="false" connector="ajp">
                <dynamic-load-provider>
                    <load-metric type="busyness"/>
                </dynamic-load-provider>
            </mod-cluster-config>
        </subsystem>

Now lets restart Apache Webserver (httpd) and start two JBoss server. And last you must deploy a clusterable application.

$ service httpd restart

$ ./standalone.sh --server-config=standalone-ha.xml -Djboss.node.name=jb1

$ ./standalone.sh --server-config=standalone-ha.xml -Djboss.socket.binding.port-offset=200 -Djboss.node.name=jb2

June 12, 2013

Common JBoss EAP 6 CLI Commands for Managing Domain Clusters

Add ServerGroup

[domain@localhost:9999 /] /server-group=third-server-group:add(profile=ha, socket-binding-group=ha-sockets)

Remove ServerGroup

[domain@localhost:9999 /] /server-group=third-server-group:remove

Add Server to ServerGroup

[domain@localhost:9999 /] /host=host1/server-config=station81Host1:add(group=second-server-group, socket-binding-group=ha-sockets, socket-binding-port-offset=300)

Remove Server from ServerGroup

[domain@localhost:9999 /] /host=host1/server-config=station81Host1:remove

Manage Server on ServerGroup

[domain@localhost:9999 /] /host=host1/server-config=station81Host1:start

[domain@localhost:9999 /] /host=host1/server-config=station81Host1:stop

June 8, 2013

How to Set Hostname on RHEL 6

Hostname is usually set when installing the machine, but sometime you need to change it.

To print current hostname

$ hostname
server1.example.com

To temporarily change the hostname.

$ hostname server99.example.com

To permanently change the hostname, edit the /etc/sysconfig/network and set the HOSTNAME property.

$NETWORKING=yes
HOSTNAME=server99.example.com

After saving the configuration, you will need to reboot your machine.

How to Disable/Enable and SELinux on RHEL 6

On test laptops you are not always interesting in having all security enabled, e.g. when developing or testing a applications. And that is true for SELinux.

To see if SELinux is active

$ /usr/sbin/sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 23
Policy from config file:        targeted

To temporarily disable SELinux - 1 (enable) or 0 (disable).

$ setenforce 0

To permanently disable SELinux, edit /etc/selinux/config and set SELINUX=disabled.

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
#SELINUX=enforcing
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 

After saving you need to reboot your machine.

How to setup log4j Syslog Appender in JBoss EAP 6

This solution only works for JBoss EAP 6.0.1 and higher

JBoss ships with a own logging framework and which is used via the org.jboss.logging.Logger class. I myself tend to like to use standardized solution, which is for me - log4j.

Log4j ships with some Appenders, but one especially useful for a Linux environment is SyslogAppender. Here I will show you how to setup log4j org.apache.log4j.net.SyslogAppender with JBoss EAP 6.0.1.

Log4j already is shipped with JBoss, so binaries are required for installation. The configuration is either done in standalone.xml or domain.xml.

        <subsystem xmlns="urn:jboss:domain:logging:1.1">
            ...
            <custom-handler name="SYSLOG" class="org.apache.log4j.net.SyslogAppender" module="org.apache.log4j">
              <level name="INFO"/>
              <formatter>
                <pattern-formatter pattern="%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n"/>
              </formatter>
              <properties>
                <property name="syslogHost" value="localhost:514"/>
                <property name="facility" value="LOCAL1"/>
                <property name="facilityPrinting" value="false"/>
              </properties>
            </custom-handler>
            ...
            <root-logger>
                <level name="INFO"/>
                <handlers>
                    ...
                    <handler name="SYSLOG"/>
                </handlers>
            </root-logger>
        </subsystem>

In the above configuration I'm using a local rsyslog server listening on UDP port 514. The log4j does not have a Syslog Appender that supports TCP. To test this configuration I'm using RHEL 6 and in a default installed RHEL an UDP listener is not default configured. To activate it, open /etc/rsyslog.conf and uncomment the below.

$ Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

Now restart rsyslog with:

$ service rsyslog restart

Now start JBoss and watch logging messages in the default log rsyslog message file.

$ less /var/log/messages

After verified the Syslog Appender, you probably want to separate JBoss logging to a separate file. How to configure that is out of the scoop for this blog, but a simplistic configuration in /etc/rsyslog.conf is:

local1.*                                                /var/log/local0.log

After modification, restart rsyslog and rsyslog will automatically create the new log file.

June 7, 2013

How to Install Graphical Printer Configuration Tool on RHEL 6

When installing RHEL 6 with Desktop, you might not get all of the administration tool installed from the beginning. A common tool that is often forgotten is the Printing Configuration tool. To install do the following:

$ yum install system-config-printer

After you can open the printer configuration from System -> Administration -> Printing.

June 3, 2013

New Apache Wicket Book and Good Starting Point for Newbie

A good starting point for learning new framework is to buy a book about. The problem with books is that they get quite fast out-dated for fast developing framework and that is also true for the Apache Wicket project. But quite recently a new e-book have been published for Apache Wicket 6 and the best thing about it, it is free - http://code.google.com/p/wicket-guide/.

You can get a complete list of all Apache Wicket books here http://wicket.apache.org/learn/books/.

And if you want another book I would recommend Wicket in Action.

Another good starting point is to run the components examples (http://www.wicket-library.com/wicket-examples/index.html) on the Apache Wicket page and read the Reference Wiki pages - https://cwiki.apache.org/WICKET/reference-library.html.

The next step if you have not already done that is to start writing codes. When doing so it is good to knew that there is a very good mailing list group for Apache Wicket, which I recommend to search in, if you get stuck - http://wicket.apache.org/help/.

May 21, 2013

JBoss DatabaseServerLoginModule with Added Salt and Iteration Count

Today I came by an interesting open source project which extends default JBoss DatabaseServerLoginModule, but with the extra added functionality salted password and iteration count. Enjoy

http://www.rtner.de/software/PBKDF2.html

How to Encrypt Password in JBoss 7 and EAP 6

When using a background process to connect to a server that requires some login, you have the problem to store that password securily. And the problem is that is a background process, that do have a user interaction, which supply the login credential. So the background process needs be given the login credential beforehand. Which rises the problem of storing the password not in clear text.

So how do we achieve that with JBoss 7 and EAP 6? The shipped solution is JBoss Vault. Here follows a link of using it - https://community.jboss.org/wiki/JBossAS7SecuringPasswords. A note of the example, that you might want to consider:
  • The key length of 1024 bytes is quite weak, consider using a longer key. 
  • You probably want to increase the default validity period, with the -validity flag.
 The next question that arise is how safe is this? And Red Hat answer that on the same page.

"The default implementation of the vault utlizes a Java KeyStore. Its configuration uses Password Based Encryption, which is security by obscurity.  This is not 100% security. It only gets away from the problem of clear text passwords in configuration files.  There is always a weak link. (As mentallurg suggests in the comments, the keystore password is the weakest link)."
   
"Ideally, 3rd party ISV robust implementations of Vaults should provide the necessary security."

[https://community.jboss.org/wiki/JBossAS7SecuringPasswords#Frequently_Asked_Questions]

And maybe the most obvious question is how to make it stronger. And Red Hat answer that also on the same page. Store the keystore on an external USB device which you mount on bootup and then remove it. Or use a stronger third party solution.





How to enable Tree View in File Browse Nautilus in RHEL 6

After installing RHEL 6, the default configuration for browsing files, in the file browser (Nautilius 2.28.4, https://live.gnome.org/Nautilus), is to display catalog as icon. This display have never been my favorite, because it requires a lot of mouse clicking when browsing. A better layout is using the Tree View. To use the tree view, open Nautilius and:
  1. Open Preferences dialog, by clicking Edit -> Preference. See picture 1.
  2. In first tab select the lowest option Show only folders
  3. In the second tab select Always open in browser windows. See picture 2.
Picture 1: Nautilius Preference dialog, View tab.

Picture 2: Nautilius Preference dialog, Behavior tab.

If you want more extensions to Nautilius, check out the Nautilius extensions page - https://live.gnome.org/Nautilus/Extending.
 

May 16, 2013

How to Handle Character Encoding in JSP and Servlets

When writing simple web application you might not want to bother to use some web framework and simply use simple JSP and Servlet. This has been the case for me recently, but there is of course pitfalls with that as everything else in life. And one of those is to handle character encoding.

In you JSP be sure you use the below encoding settings:

<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Insert title here</title>
</head>
<body>

    <h1>Empty Page</h1>

</body>
</html>

These encoding settings are important if you are planning to pass get parameters in the URL and those parameters might contain character not covered in ISO-8859-1 character table. You should here be aware of how the HTTP work, that it is stateless by design, which means that the server has no way of knowing how to interpret the url-encoded GET parameters, so it assumes ISO-8859-1.

The next gotcha is when I JSP call a Servlet. Here again the server has no way of knowing how to interpret the url-encoded GET parameters, therefore you must explicitly tell the server how to url encode the passed parameters. That is done via the methods.

req.setCharacterEncoding("UTF-8");
resp.setCharacterEncoding("UTF-8");

If you are planning to send direct HTML response from the Servlet, do not forget to set the response content type.

resp.setContentType("text/html; charset=UTF-8");

May 14, 2013

Problem installing Maven 3 on Ubuntu 13.04 Raring

Today I reinstalled my machine with the latest Ubuntu version 13.10 (Raring) and after installation I installed Maven 3, but run into problem.

The following packages have unmet dependencies:
 maven : Depends: libwagon2-java (>= 2.2-2) but it is not going to be installed


I searched the official Ubuntu bug report site, https://bugs.launchpad.net/ubuntu/ and found the solution.

https://bugs.launchpad.net/ubuntu/+source/maven2/+bug/1173142


March 16, 2013

How to install IE 8 and 9 on Ubuntu 12.10

When developing web sites you will sooner or later come across different HTML, CSS, Javascript compability issues for different web browser. Firefox and Google Chrome can easily be installed on Ubuntu, but installing Internet Exeplorer requires some more installation.

To begin with whenever you are searching for information about Ubuntu always start with a recognized site and a recognized site is http://askubuntu.com.

After that said now install IE. To begin with you need to install a platform to run you IE and the successor for Wine is PlayOnLinux (PlayOnLinux website). You install it by using Ubuntu Software Center.

Before installing make sure you have a working Internet Connection.

After successfully installed PlayOnLinux start it and you can install IE by clicking on the Install button from the toolbar and then search for 'Internet Explorer'.

February 28, 2013

How to install Swedish Spelling Checking on English Ubuntu 12.10

The most popular system language for an operating system is English when working as a system developer, but when it comes to writing document you probably need a local language spelling package. And in me previous blog I have written how to install swedish spelling package for LibreOffice, but with Ubuntu 12.10 there is a better way. Install the spelling checking package as debian package.

$ sudo apt-get install hunspell-sv-se

Afer installation you need to restart LibreOffice. Then you need to make LibreOffice aware of the the new spelling package. You do that by open Tools -> Options... -> Language Settings -> Writing Aids

Now you can change spelling checking for text or the complete document via Tools -> Language

February 24, 2013

Certified Hardware on Ubuntu, for example TP-LINK Network Card

I have been getting question about installing different network cards on Ubuntu. And for some week ago I tried to install a network card with Atheros chipset with drivers from http://wireless.kernel.org, but If you are not a very advanced Linux user and do not want to spend a lot of your spare time I would recommend you to by a new network card. Network card are really cheap and maybe the most Linux friendly network card is TP-Link. A TP-Link 1 GB card is really cheap and only cost about 9 EUR or 11 USD (http://www.tp-link.us/products/details/?categoryid=235&model=TG-3269).

To get more information about certified hardware for Ubuntu, please look at the Ubuntu homepage:
Component catalog: http://www.ubuntu.com/certification/catalog/
Certified hardware: http://www.ubuntu.com/certification/

February 19, 2013

How to Get Rid of the Close Other Tabs Warning in Firefox

Starting with Firefox 16, they added a quite annoying warning dialog when you are trying to close other tabs. What is this? And even when you click on, do not warn me again, nothing happens. But there is a hack to get around it. But should it really be this hacky. Of course not. Any way this is how you fix it.

  1. Open a new tab and enter about:config.
  2. Enter in the search field browser.tabs.warnOnCloseOther.
  3. Now double click on the browser.tabs.warnOnCloseOther row to turn its value to false. 
  4. Voilà

January 30, 2013

Java SE 6 Reaches End of Life (EOL) in February 2013

Oracle has announced that the end of life (EOL) of Java SE 6 has been set to February 2013. Which means that if you have not already upgraded to Java SE 7, now is the time. You can read more about the Oracle Java SE Support Roadmap here.

And for you folks that think that Java SE 7 is a new thing, well, I'm afraid that you are poorly updated. The Java SE 7 was released in February 2011.