Re: [Ilugc] [Commercial] Low Cost FOSS Resource Server
On Sun, 2012-05-20 at 11:55 +0530, Arun Khan wrote: Re HW - a word of caution. I have had failures with Atom boards - both Intel and Digilite [1] boards (about 30%). me too -- regards Kenneth Gonsalves ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
[Ilugc] Incoming redirection, port forward, DMZ, skype et al
Okay this tutorial will cover how you can get packets into you network. Not as replies or ACK packets to outbound traffic but hosting local apps which can be accessed from the outside world. I dunno a single Indian company that is doing web hosting or any hosting of applications with success. There is a big player called Ctrl-S in Hyderabad but according to me they are not a technical outfit just like any other Indian company. Started by people who are more business focused than technically motivated the company does not seem to be making big inroads in local data centers and stuff. Even if you take God forsaken Reliance, Airtel, Tata or our own Sarkai BSNL, they all suffer from technical incompetence in equal measure. Anyway let us leave aside big boys that host websites, cloud and applications with real public IP and stuff. I have successfully run my mail server with an optic fiber static IP block and nowadays I have at least 3 machines in America which I can access publicly; so I have no trouble about running any application with full access to the Internet. In general to be able to run a website or any TCP application that works on a public IP and public port that can be accessed from anywhere you should know how to let packets into your network using your MODEM. There is no need to run a real static IP but that will surely help. You should be able to access a local machine's local port from a public machine on the Internet by changing the configuration on the MODEM. How to achieve that? This is a big complex , so I will cover this with care. I really don't understand the concept of DMZ very well but I know this much for my practical need that every MODEM out there has a DMZ setting where you can give a local IP like 192.168.1.3. And lo, all your packets showing up on the public interface of the MODEM get automatically forwarded to this local IP with the effect that you can now run any service on any port, UDP or TCP or even lower level and you can access it from the Internet. This is somewhat easy. Now if you are only interested in running a website just for the heck of it,then you can port forward 80 to a local machine running Apache. This is one idea. Another is that you can use ssh remote port forwarding. Just like you can port forward HTTP, you can port forward any TCP or UDP port, of course this will not work with FTP, but this will work with rsync, ssh and many other protocols. Okay you run broadband and don't have a static IP. Now what? Use my dynamic DNS service or create your own and use the DNS name to connect. More on this later. What has skype and bittorrent got to do with all this? Just that all these protocols allow incoming calls and connections though they run behind a NAT in a broadband connection. How is this done? There are many techniques to allow incoming connections without active intervention like what we talked above using the MODEM configuration or running ssh port forwarding. They mostly use a technique called UDP hole punching(http://linuxjournal.com/9004) or some such to notify the public port we are running on and by simulating an outgoing packet the incoming call is sent as a reply thus allowing incoming packets. All firewalls/MODEM devices allow replies to outgoing packets on the same port. They do not allow connections to machines inside the local LAN which is running on private IP addresses anyway. In a way NAT leads to a local of security eh? -Girish -- Gayatri Hitech http://gayatri-hitech.com ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] Incoming redirection, port forward, DMZ, skype et al
On Mon, 2012-05-21 at 15:17 +0530, Girish Venkatachalam wrote: I dunno a single Indian company that is doing web hosting or any hosting of applications with success. http://e2enetworks.com/ - uses purely open source and run by a genius. -- regards Kenneth Gonsalves ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] [Commercial] Low Cost FOSS Resource Server
Price: Rs.19,950/- + VAT Extra as applicable. This is a steal :) It would be worthwhile to look at AMD based boards. They would either save you on price or get you better specs. Not sure, whether AMD based boards will fit in the above budget. Because, a college said the above price seems costly for them. S. Baskar ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
[Ilugc] [ILugC] Ethical Hacking course
Hi, Just found this in the Anna University web site. I was surprised to find that there is an elective paper titled Ethical Hacking Forensics and that the recommended book is by Ankit Fadia. I think this says a lot about the quality of the course itself.. http://cs.annauniv.edu/academic/mecse2009.html Ankit Fadia related links: http://attrition.org/errata/charlatan/ankit_fadia/ http://attrition.org/errata/charlatan/ankit_fadia/fadia10.html The term Ethical Hacking is IMO not a good term : https://en.wikipedia.org/wiki/Hacker_definition_controversy Note: I'm CC-ing Dr. K. S. Easwarakumar of CSE, Anna Univ. (http://cs.annauniv.edu/easwara/) -- Y ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] career options in Open source projects- For Non Programmers
Hi, I am trying to make few of my junior friends to take part in Open Source activities. They are willing to come forward but, they are hesitating with the view that they are nil in programming and translation. Again, they wish to know if that could help them in their career point of view. Kindly help me to get know about the career options in Open Source projects- For Non Programmers. If your junior friends are interested in co-ordinating support activities related to FOSS, then they can join with us, as we are in the process of implementing 200+ open source labs for engineering, arts science colleges polytechnics in the next 6 months in Tamilnadu. They can do this from their own place with our support/assistance. Benefits: * One week of free training in GNU/Linux + FOSS lab setup in our office * Free FOSS Lab setup kit for each * Good remuneration * Possibility of getting a job as a Trainee/Sys.Admin/Lab assistant post in colleges We are looking for volunteers in the following districts. Chennai, Kanchipuram, Thiruvallur, Vellore, Villupuram, Thiruvannamalai. Madurai, Virudhunagar, Thoothukudi, Thirunelveli, Kanyakumari. If your junior friends are interested in the above, then contact me offlist at baskar at linuxpert.in Regards S. Baskar Chief Executive LinuXpert Systems ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] career options in Open source projects- For Non Programmers
Hi, If communication skills are good, they can work in sales and marketing. --- If your junior friends are interested in co-ordinating support activities related to FOSS, then they can join with us, as we are in the process of implementing 200+ open source labs for engineering colleges in the next 6 months in Tamilnadu. They can do this from their own place with our support/assistance. Benefits: * One week of free training in GNU/Linux + FOSS lab setup in our office * Free FOSS Lab setup kit for each * Good remuneration * Possibility of getting a job as a Trainee/Sys.Admin/Lab assistant post in colleges after their graduation. We are looking for volunteers in the following districts. Chennai, Kanchipuram, Thiruvallur, Vellore, Villupuram, Thiruvannamalai. Madurai, Virudhunagar, Thoothukudi, Thirunelveli, Kanyakumari. If yourself or your junior friends are interested in the above, then contact me offlist at baskar at linuxpert.in Regards S. Baskar Chief Executive LinuXpert Systems ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] more on firewall
On Fri, 2012-05-18 at 21:10 +0530, Girish Venkatachalam wrote: We saw what a firewall can do at the kernel level with port numbers, ip addresses and other filter criteria found in the packet headers. congratulations - for the first time I have seen a message from you without a *single* irrelevant comment! Keep up the good work. -- regards Kenneth Gonsalves ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
[Ilugc] How to edit a file in a web interface?
In this tutorial I am talking about file editing in the backend as that is what gets things going when you write a web interface. Even if you are developing a user interface for making your product user friendly the main backend operation is file editing. So I have done quite a bit of this since the general mime for my product is web panel for configuration and statistics and all the backend file manipulations are performed by user input in the web panel. Editing a file can be done in many languages, even C. But who will write a C CGI? I use perl and use it extensively. And you can directly edit a file using perl CGI. But I did something better. I use Tie::File which is a standard perl module for manipulating files. Basically it ties the file into a perl array using which you can remove lines, add lines or edit lines using the same perl functions you use for array elements. This does not make things really simple but I live with it. I don't think there is a better way. How do you do it? I also do one more thing. When you save a value in the web interface, the next time user clicks at that page the old value should be displayed. So editing a file also means parsing it to display correctly. I use Tie::File here also; except that I open the file in read only mode. Here is a simple sample. use Tie::File; tie @f, Tie::File, /etc/passwd, mode = O_RDONLY; for(@f) { print; } untie @f; This will print the file contents. But you want only the patterns you are interested in to show in a web interface. Inside the for() loop you have to use regex. for(@f) { if(/foo/) { ($dummy, $val) = split / /; } } Here, $val gets assigned to the value of interest. Okay now let us get to editing it. use Tie::File; tie @f, Tie::File, example.conf; for(@f) { if(/set/) { $_ = changed line; } } untie @f; Remember, only when you untie the file,the internal array representation is written back into the disk. You can use array operations like appending lines to a file, deleting lines using: push @f, another line; or @f = @f[1..3]; Lot of possibilities exist. -Girish -- Gayatri Hitech http://gayatri-hitech.com ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] Incoming redirection, port forward, DMZ, skype et al
On Mon, May 21, 2012 at 3:17 PM, Girish Venkatachalam girishvenkatacha...@gmail.com wrote: I dunno a single Indian company that is doing web hosting or any hosting of applications with success. Even if you take God forsaken Reliance, Airtel, Tata or our own Sarkai BSNL, they all suffer from technical incompetence in equal measure. You are trying to educate folks on the list. Passing value judgements on what others do is in real bad taste. Seems like self aggrandizement as you'd go on late to say how you did it... Humility has its value. I have successfully run my mail server with an optic fiber static IP block and nowadays I have at least 3 machines in America which I can access publicly; so I have no trouble about running any application with full access to the Internet. This is really no big deal. Folks have done this for ages. Not many in the public, but a good number on this list would've. You should be able to access a local machine's local port from a public machine on the Internet by changing the configuration on the MODEM. How to achieve that? This is a big complex , so I will cover this with care. I really don't understand the concept of DMZ very well but I know this much for my practical need that every MODEM out there has a DMZ setting where you can give a local IP like 192.168.1.3. DMZ (De-Militarised Zone is a standard term used in securing your perimeter. It is a wartime terminology. Essentially, it divides the area that needs to be protected into different zone with different levels of security and restrictions. Networks are treated the same way. Generally, publicly accessible services behind a firewall are placed in a DMZ. The LAN within the organisation would be treated as a core, highly secure network. Good practice to restrict traffic would be Public - DMZ Allow using port forwarding. DMZ - Public not allowed LAN - DMZ Allow using simple routing. DMZ - LAN not allowed. LAN - Public Allow via proxies to monitor and restrict as needed, Public - LAN Not allowed. Just like you can port forward HTTP, you can port forward any TCP or UDP port, of course this will not work with FTP, but this will work with rsync, ssh and many other protocols. Applications are designed to use just one port ssh, apache etc) or two ports (one for control and one for data - FTP, SIP etc). Port forwarding is straightforward for single port applications. Dual port applications need ALGs (Application level gateways) which will dynamically open up ports for forwarding as new connections are established and new data ports negotiated. Many MODEMs (misnomer as these are routers and not Modems) do have built in ALGs for some applications like FTP. In a way NAT leads to a local of security eh? Not something that is encouraged. Security by obscurity is not advisable for serious use. Home use and low security profile needs could probably do with this. I reckon if someone want to runs services for public access, security is a serious concern. -- Mohan Sundaram ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] [Commercial] Low Cost FOSS Resource Server
On Mon, May 21, 2012 at 6:16 PM, Baskar Selvaraj bas...@linuxpert.inwrote: Price: Rs.19,950/- + VAT Extra as applicable. This is a steal :) It would be worthwhile to look at AMD based boards. They would either save you on price or get you better specs. Not sure, whether AMD based boards will fit in the above budget. Because, a college said the above price seems costly for them. As a thumb rule, AMD based boards are cheaper than Intel boards. AMD has brought out processor ranges to fight the Atom range. From the feedback the college gave, it seems like you may need to downsize the h/w and lower the price. For the spec you've shown 4GB/1TB, the price is a steal. -- Mohan Sundaram ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] Incoming redirection, port forward, DMZ, skype et al
On Tue, May 22, 2012 at 6:59 AM, Mohan Sundaram mohan@gmail.com wrote: DMZ (De-Militarised Zone is a standard term used in securing your perimeter. It is a wartime terminology. Essentially, it divides the area that needs to be protected into different zone with different levels of security and restrictions. Networks are treated the same way. Generally, publicly accessible services behind a firewall are placed in a DMZ. The LAN within the organisation would be treated as a core, highly secure network. Good practice to restrict traffic would be Public - DMZ Allow using port forwarding. DMZ - Public not allowed LAN - DMZ Allow using simple routing. DMZ - LAN not allowed. LAN - Public Allow via proxies to monitor and restrict as needed, Public - LAN Not allowed. In a larger enterprise context this is extended further: 1. There are two levels of firewalls 1) between Public to DMZ network and 2) between DMZ to LAN. These are physically different devices and sometimes even from different vendors. 2. Sometimes traffic within a single DMZ is further controlled through Private VLANs. Eg 1) an enterprise DMZ network can host hundreds of servers/applications. If one application is compromised the entire DMZ is exposed through this server/application. Eg. 2) If you use a web server + DB and web server is compromised the DB is totally exposed. Private VLANs are used to split a DMZ into smaller segments. http://en.wikipedia.org/wiki/Private_VLAN In several industries like banking and financial institutions, most of this is regulated and subject to routine audits. Eg. RBI, BSE/NSE routinely audit banks and stock traders and can revoke a license if non-compliant. Other organizations would do self audits or as requested by their customers. Enterprise IT security is difficult. There's a lot of technology, cost and effort involved, plus there's always new challenges to overcome. Suppose that's what security folks like about their work :-) - Raja ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] How to edit a file in a web interface?
Greetings, On Mon, May 21, 2012 at 8:14 PM, Girish Venkatachalam girishvenkatacha...@gmail.com wrote: In this tutorial I am talking about file editing in the backend as that is what gets things going when you write a web interface. Good exposition. For advanced edits, perhaps one should consider openoffice running in headless mode; IIRC, Alfresco does that for the common doc, spreadsheet etc. formats. -- Regards, Rajagopal ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] more on firewall
On Fri, May 18, 2012 at 9:10 PM, Girish Venkatachalam girishvenkatacha...@gmail.com wrote: We can easily control that but what about packets coming to us? Nothing much we can do there. TCP window scaling can get the remote end to slow down and reduce your incoming packet rate. Queueing UDP flows individually and introducing artificial latency can control well behaved UDP applications. Read how proprietary vendors like BlueCoat PacketShaper and Allot Communications NetEnforcer devices can shape inbound traffic. They can also shape a single tcp flow asymmetrically, ie. provide 1Mbps of downstream bandwidth for POP3 and only 128kbps of upstream (POP is download only). - Raja ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] [ILugC] Ethical Hacking course
Just found this in the Anna University web site. I was surprised to find that there is an elective paper titled Ethical Hacking Forensics and that the recommended book is by Ankit Fadia. I think this says a lot about the quality of the course itself.. http://cs.annauniv.edu/academic/mecse2009.html The term Ethical Hacking is IMO not a good term : https://en.wikipedia.org/wiki/Hacker_definition_controversy I agree. This is a computer security course and the term Hacking is just purely misleading even though it might be attractive to the college students. There should have been a section on History such as the one here, http://en.wikipedia.org/wiki/Timeline_of_computer_security_hacker_history IMO, Without understanding the history, It will be hard to understand the purpose of various things in the course. To me, the course seems like an introduction to various terminologies around computer security. I doubt that at the end of the course, any student will be able to crack or secure anything. Just my 2 cents. -- 0 ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] Incoming redirection, port forward, DMZ, skype et al
I dunno a single Indian company that is doing web hosting or any hosting of applications with success. Even if you take God forsaken Reliance, Airtel, Tata or our own Sarkai BSNL, they all suffer from technical incompetence in equal measure. You are trying to educate folks on the list. Passing value judgements on what others do is in real bad taste. Seems like self aggrandizement as you'd go on late to say how you did it... Humility has its value. +1 A humble request to OP to not include personal opinions intertwined in technical content without explicitly stating it. Please use IMO (or AFAIK etc.) while making such comments. -- 0 ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] [Commercial] Low Cost FOSS Resource Server
On Tue, May 22, 2012 at 7:04 AM, Mohan Sundaram mohan@gmail.com wrote: On Mon, May 21, 2012 at 6:16 PM, Baskar Selvaraj bas...@linuxpert.in wrote: Price: Rs.19,950/- + VAT Extra as applicable. This is a steal :) It would be worthwhile to look at AMD based boards. They would either save you on price or get you better specs. Not sure, whether AMD based boards will fit in the above budget. Because, a college said the above price seems costly for them. As a thumb rule, AMD based boards are cheaper than Intel boards. AMD has brought out processor ranges to fight the Atom range. From the feedback the college gave, it seems like you may need to downsize the h/w and lower the price. For the spec you've shown 4GB/1TB, the price is a steal. -- Mohan Sundaram ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc Why not go for ARM? ARM servers started appearing. It is cheap and consumes less energy than Intel and AMD boards (I don't have any numbers to show it). If people are going to run Linux servers they have a set of processors to choose from. Intel and AMD processors are market dominant but it does not mean ARM cannot be used. This is just my opinion. ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] more on firewall
On Tue, May 22, 2012 at 9:45 AM, Raja Subramanian rajasuper...@gmail.comwrote: On Fri, May 18, 2012 at 9:10 PM, Girish Venkatachalam girishvenkatacha...@gmail.com wrote: We can easily control that but what about packets coming to us? Nothing much we can do there. TCP window scaling can get the remote end to slow down and reduce your incoming packet rate. Queueing UDP flows individually and introducing artificial latency can control well behaved UDP applications. Read how proprietary vendors like BlueCoat PacketShaper and Allot Communications NetEnforcer devices can shape inbound traffic. They can also shape a single tcp flow asymmetrically, ie. provide 1Mbps of downstream bandwidth for POP3 and only 128kbps of upstream (POP is download only). Absolutely. In addition, nowadays ECN is also being used though there are not very many devices that honour this yet. Dropping packets on the incoming interface is a sure way of slowing down specific incoming traffic. -- Mohan Sundaram ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] [Commercial] Low Cost FOSS Resource Server
On Tue, May 22, 2012 at 11:10 AM, prasannatsmkumar prasannatsmku...@gmail.com wrote: Why not go for ARM? ARM servers started appearing. It is cheap and consumes less energy than Intel and AMD boards (I don't have any numbers to show it). If people are going to run Linux servers they have a set of processors to choose from. Intel and AMD processors are market dominant but it does not mean ARM cannot be used. This is just my opinion. True. But still very early stages. ARM was traditionally positioned as power saving as opposed to performance leading it to be dominant in mobiles/ tablets etc. I reckon it will a while before these become commonplace enough to be cheap owing to high volumes. -- Mohan Sundaram ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc