29 February 2012

Using OpenSSL to convert PKCS7 to CRT files

If you have a PKCS7 file, which is a plain text file that starts like this:
-----BEGIN PKCS7-----

but you want an Apache2-compatible X509v3 file (often ending in .PEM, .CRT, or .CER, which are just extensions and could really be anything), which is a different type of plane-text file and starts like this:
-----BEGIN CERTIFICATE-----

here is a command to convert that PKCS7 to CRT:

openssl pkcs7 -text -in original-pkcs7-cert.pkcs7 -print_certs -outform PEM -out outpu-converted-cert.crt

Posted 2/29/2012 0 comments

Apache2 and SSL config for DigiCert using the ChainFile directive and the TrustedRoot.crt

If you purchase an SSL from DigiCert, you're likely to get a DigiCertCA.crt file.  You may also need to use a TrustedRoot.crt file as well in your Apache2 config.  This may also be the case with other SSL providers.  This tip will work on RedHat, CentOS, Debian, Ubuntu, and probably anything that uses Apache 2.2 and Apache 2.4.


The easiest way to do this is to put these two files together, using 'cat' and the redirector >>, and then point at that with the SSLCertificateChainFile directive in the Apache2 config.

certs$  ls
  DigiCertCA.crt
  TrustedRoot.crt
  www.somedomain.com.crt
  www.somedomain.com.key


cert$  cat DigiCertCA.crt >> ChainFile.crt
cert$  cat TrustedRoot.crt >> ChainFile.crt



certs$  ls
  ChainFile.crt
  DigiCertCA.crt
  TrustedRoot.crt
  www.somedomain.com.crt
  www.somedomain.com.key


Your SSL Config section should now read:



<VirtualHost 1.2.3.4:443>
ServerName www.somedomain.com
...
...
SSLEngine On
SSLCertificateChainFile /etc/httpd/ssl/certs/ChainFile.crt
SSLCertificateFile /etc/httpd/ssl/certs/www.somedomain.com.crt
SSLCertificateKeyFile /etc/httpd/ssl/certs/www.somedomain.com.key
</VirtualHost>

If you didn't need that TrustedRoot.com part added in, you could have just used:
SSLCACertificateFile /etc/httpd/ssl/certs/DigiCertCA.crt

Posted 2/29/2012 0 comments

Raspberry Pi board is kinda on sale but no one can get 'em


UPDATE: This is now available in the USA, for sale here.

Everyone's been excited about the Raspberry Pi single-board-computer (SBC).  It is about the dimensions of a credit card, except thicker, can run on low-power such as AA batteries, and has apparently pretty good graphics.  Plus, I believe it's fully supported by FLOSS drivers and software.

The Raspberry Pi went on sale last night, Feb 28th.  Every geek in the world wanted one and the release was delayed a week or two, making everyone salivate more.  At midnight London time, the board went on sale.

Their website crashed.  Are you kidding, you weren't expecting this?

When things came back up and people could enter the site, there was no overseas options for U.S. customers or other overseas buyers.  Are you kidding?

Two major stumbling blocks for one of the most exciting hardware releases in years.  This could have been so much better handled with announcements of availability only in the U.K., for example; pre-orders rather than the old-school method of opening the doors at a certain time like it's a Thanksgiving-day sale.  Temper the expectations a bit for long term success; letting us down right out of the gate does not bode well for this project.

I wish the Raspberry Pi the best of success but they need to communicate better and not ignore the global buying market on computer hardware and internet news.

When I end up getting one, sometime in 2027 or so, I'll let you know how awesome it is ;)
Posted 2/29/2012 0 comments

23 February 2012

VirtualBox Fix: "Failed to create the VirtualBox COM object" Result Code: NS_ERROR_FAILURE (0x80004005)

Today my VirtualBox wouldn't start, with this error:


Failed to create the VirtualBox COM object.
The application will now terminate.
Start tag expected, '<' not found.
Location: '/home/lefty/.VirtualBox/VirtualBox.xml', line 1 (0), column 1.
 Result Code:  NS_ERROR_FAILURE (0x80004005)

I think this was due to my home directory filling up over the night, and may or may not have been related to having a VM running at the time.  I cleaned up my homedir to give myself some space but then I had this VirtualBox issue.

I read all kinds of info about fixing this, but in the end it was very simple.  VirtualBox had created a backup of my file a month ago or so, and I had no new VMs since then, so I was able to copy an older file into place and all worked out fine:


lefty$  ls -la  .VirtualBox/VirtualBox.xml*
-rw------- 1 lefty users    0 Feb 23 08:57 .VirtualBox/VirtualBox.xml
-rw------- 1 lefty users 2504 Apr 10  2009 .VirtualBox/VirtualBox.xml.1.3-linux.bak
-rw------- 1 lefty users  2757 Apr 21  2009 .VirtualBox/VirtualBox.xml.1.6-linux.bak
-rw------- 1 lefty users 4258 Jan 11 14:23 .VirtualBox/VirtualBox.xml-prev


lefty$  cp .VirtualBox/VirtualBox.xml-prev .VirtualBox/VirtualBox.xml

VirtualBox start up fine after that.

Posted 2/23/2012 4 comments

HowTo: Break apart a movie into stills with FFmpeg

FFmpeg, the fantastic multimedia toolkit, can do some great things such as transcode video formats, reverse video clips, record your desktop, and more, can also be used to break apart a video clip into still images.  This is handy if, for example, you want to use a timelapse video for your computer wallpaper, as I do in KDE.

To break apart that video into stills, run:
ffmpeg -i video.mpg image%d.jpg
where
   -i video.mpg is your input video file, and
   image%d.jpg is your output image files in jpeg format.

Note that this won't know ahead of time to provide leading zeros, so your files will be named in order but listed like this:

image1.jpg

image10.jpg
image11.jpg
image12.jpg
image13.jpg
image14.jpg

image2.jpg
image3.jpg
image4.jpg
image5.jpg
image6.jpg
image7.jpg
image8.jpg
image9.jpg

We'll look into fixing that name listing in the near future.
Posted 2/23/2012 0 comments

20 February 2012

Web Server Authentication Error 'sslv3 alert illegal parameter' [Solved]


If you get an error similar to this:

Some Server requests a username and a password
OPTIONS of 'https://some.subversion.server.com': SSL handshake failed: SSL error: sslv3 alert illegal parameter

you're almost certainly using an SVN client which is to old.

Posted 2/20/2012 0 comments

18 February 2012

Rename Files with KRename's Find and Replace

KRename is a powerful KDE application that can rename files and folders based on rules etc. But its most useful feature, for me, is the Find-and-Replace option. I use this option almost daily for my file management tasks.

Watch the short video below to learn how to use this feature!


Posted 2/18/2012 0 comments

17 February 2012

Resetting MySQL Root Password: Debian or Ubuntu

If you've forgotten your MySQL root password (or are involved with some nefarious activity), here is how you can reset that password on a Debian GNU/Linux system or an Ubuntu GNU/Linux system:

Find out the account that the system uses to start and stop MySQL (note that I've changed the password for this demo):
root#  cat /etc/mysql/debian.cnf



# Automatically generated for Debian scripts. DO NOT TOUCH!
[client]
host     = localhost
user     = debian-sys-maint
password = 11223344554433
socket   = /var/run/mysqld/mysqld.sock
[mysql_upgrade]
user     = debian-sys-maint
password = 11223344554433
socket   = /var/run/mysqld/mysqld.sock
basedir  = /usr


Log into MySQL with that account:
root#  mysql -u debian-sys-maint -p
Enter password:
mysql>

Change the password:
mysql>  update mysql.user set password=PASSWORD("YourNewPassW0RD") where User='root';
mysql>  flush privileges; exit;

Log into MySQL as root with your new password:
root#  mysql -u root -p
Enter password:
mysql> 


The above info is for a Debian GNU/Linux or an Ubuntu setup.  If you need to do this on a Red Hat Linux (RHEL), CentOS, or Scientific Linux system, check out this post.
Posted 2/17/2012 0 comments

Resetting MySQL Root Password: Red Hat and CentOS

If you've forgotten your MySQL root password (or are involved with some nefarious activity), here is how you can reset that password on a Red Hat (RHEL) system or a CentOS system:

Stop MySQL:
root#  service mysqld stop

Start MySQL in safe mode:
root#  mysqld_safe --skip-grant-tables &

Log into MySQL as root:
root#  mysql -u root

Reset the password:
mysql>  update mysql.user set password=PASSWORD("YourNewPassW0RD") where User='root';
mysql>  flush privileges; exit;

Log out of MySQL and stop the Safe Mode:
root#  service mysqld stop

Start MySQL in the normal mode:
root#  service mysqld start

Log into MySQL with your new password:
root#  mysql -u root -p
Enter password:
mysql>

The above info is for a Red Hat system, CentOS, or Scientific Linux setup.  If you need to do this on a Debian system, check out this post.
Posted 2/17/2012 0 comments

15 February 2012

7zip command line examples and password-protection (7z, 7za)

7zip is a nice, cross-platform compression software, similar in purpose to WinZip or GZip.  &zip can create and extract those .zip and .gz (and tar.gz) files, but it uses LZMA for its own native compression, which is a much more modern compression format.  (if you're using .rar, please stop already).

Use 7zip to create a password-protected file of a list of files and directories; note the flags -p -mhe which are REQUIRED for the password part to function!  7zip uses AES encryption with 256-bit keys, so this encryption isn't joking around.

Some basic command-line examples for using 7zip are listed below, which is run with either 7z or 7za on a GNU/Linux system, the 7za being a bit less capable but also has fewer dependencies.

To Archive the files and folders 'test/ test2/ file1 file2'
shell$ 7z a -t7z -p -mhe out-file.7z test/ test2/ file1 file2
Scanning
Updating archive out-file.7z
Enter password (will not be echoed) :
Verify password (will not be echoed) :
Everything is Ok

To List the files:
shell$ 7z l out-file.7z

And to Extract the files:
shell$ 7z e out-file.7x 

There is also a graphical (GUI) version for Windows (with the password option) and KDE's Ark can also create .7z files, but I don't see a way to do that with the password protection in KDE's Ark (yet!)

Again, note the flags -p -mhe which are REQUIRED for the password part to function.  More info about 7zip command line examples here.
Posted 2/15/2012 0 comments

08 February 2012

Creating an easy 'While, Do, Done' script

If you have a process that needs to continually run on a GNU/Linux computer, or an app that needs to reopen after an occasional crash, or the like, you can create a simple script that will run 'program' until you manually interrupt this command with the [Ctrl][C] keyboard combo.

shell#  while true; do program; done

An example of this may be to relaunch Firefox after closing it, on a public computer for example, where we want it to always be up and running for the visitors:

shell#  while true; do /usr/bin/firefox && pkill firefox; done

The && means to run the next command when the first finishes, and the pkill firefox makes sure to close off any remaining processes before reevaulating the 'while true' statement (which is always true because we've not put in any conditions) and therefor relaunching Firefox.
Posted 2/08/2012 0 comments

07 February 2012

Using Thunderbird to back up Email from GMail (or using Icedove)

UPDATE: This HowTo article still holds true, but I've recently found the FLOSS, far-easier-to-use application Gmail Backup, located here.  GPLv3 and full of easy.

================

Mozilla Thunderbird (or the unbranded Icedove) is a Free-Software mail client for the desktop, allowing you to uson the desktop in a dedicated app, rather than a browser interface (like the GMail.com web interface, for example).  At work we use Icedove to back up employee email after they depart, so that we have their emails if needed.

This works generally well for a backup of corporate email and personal email, weather with Google Apps or another provider, although it does require some adjustments.  I've also had issues with Thunderbird crashing occasionally while trying to back up over 30 mailboxes at once, so be prepared for issues there, perhaps with a 'while, do, done' script (explained here).

The resulting downloaded emails are in the mbox file format, which I personally dislike due to being a single point of failure (like Microsoft's Outlook PST files, or most MS products IMHO).  On the other hand, this mbox file is a standard that other apps can read and which can be loaded into other apps or other versions of Thunderbird, cross-platform and all.  Also, there are scripts available to convert from mbox to maildir if that is required.

Setting up a Thunderbird (or Icedove) account isn't enough, however.  First you need to enable IMAP within your GMail or Google Apps account, under the Email Settings.  Once you have this set, download and install Icedove or Thunderbird:
root#  aptitude update && aptitude install icedove

Once installed, we have a few settings to change to enable this to download all email.  Launch Thunderbird (or Icedove) and open the Edit menu > Preferences (on a Windows setup, this is Tools menu > Options for some reason), browse to the Advanced section, General tab, and click the [Config Editor...] button; a new window should open, warning about changing settings which may void your warranty.  Click the [I'll be careful, I promise!] button and let's get started!

At the top, in the Filter section, type in:
mail.server.default.autosync_offline_stores
Make sure that is set to True; double-click to change this if it is not.  If that doesn't exist, right-click in the blank area to add New > Boolean and set the preference name to 'mail.server.default.autosync_offline_stores' (no quotes).

Clear that filter (using the broom icon to the right) and add this new filter:
mail.check_all_imap_folders_for_new
Set that config option to True as well; if this doesn't exist, add it by right-clicking a blank area and add New > Boolean, preference name set as 'mail.check_all_imap_folders_for_new' (no quotes) and set that to True.  This will download mail from all folders by default, not just the Inbox.

Filter for this setting and set this to True:
mail.server.default.check_all_folders_for_new

Filter for this and ensure it is set to False:
mail.imap.use_status_for_biff

To prevent issues with an 'unresponsive script' with Script: resource:///modules/iteratorUtils.jsm:117, set this from the default 10 to a new value of 30:
dom.max_script_run_time

Finally, filter to find the setting:
mail.attachment.store.version
and right-click that > modify to have a value of 1.



Close these windows up and you're set.

Now you should be able to add email accounts (IMAP) and your Thunderbird should download the full email account, not just new emails or the folders which you manually open individually.  In reality, however, I've still found it beneficial to open each folder to force the software to download those messages.  If anyone can tell us a way to fix this I'd appreciate it.  A quick-ish way to do this, in the meantime, is to pick the top folder on the left with your mouse, and then use the keyboard to continually press [Right Arrow][Down Arrow], over and over, to expand each folder and navigate to it.

Your files are stored in your user's homedir, for example at
/home/username/.icedove/{profile-random-string.default}/
or maybe
/home/username/.mozilla/thunderbird/{profile-random-string.default}/ImapMail/imap.googlemail.com/


Did this work for you?  Any suggestions on how we could improve this information?
Posted 2/07/2012 0 comments
Subscribe to: Posts (Atom)