http://devzum.com/2015/01/31/9-best-ides-and-code-editors-for-javascript-users

1) Spket

Spket IDE is powerful toolkit for JavaScript and XML development. The powerful editor for JavaScript, XUL/XBL and Yahoo! Widget development. The JavaScript editor provides features like code completion, syntax highlighting and content outline that helps developers productively create efficient JavaScript code.

2) Ixedit

IxEdit is a JavaScript-based interaction design tool for the web. With IxEdit, designers can practice DOM-scripting without coding to change, add, move, or transform elements dynamically on your web pages.

3) Komodo Edit

Komode is free and powerful code editor for Javascript and other programming languages.

4) EpicEditor

5) codepress

CodePress is web-based source code editor with syntax highlighting written in JavaScript that colors text in real time while it’s being typed in the browser.

6) ACe

7) scripted

8) Netbeans

This is another more impressive and useful code editors for javascript and other programming languages.

9) Webstorm

http://linux.about.com/od/commands/tp/11-Linux-Terminal-Commands-That-Will-Rock-Your-World.htm

I have been using Linux for about 10 years and what I am going to show you in this article is a list of Linux commands, tools and clever little tricks that I wish somebody had shown me from the outset instead of stumbling upon them as I went along.

1.  Useful Command Line Keyboard Shortcuts

The following keyboard shortcuts are incredibly useful and will save you loads of time:

• CTRL + U - Cuts text up until the cursor.
• CTRL + K - Cuts text from the cursor until the end of the line
• CTRL + Y - Pastes text
• CTRL + E - Move cursor to end of line
• CTRL + A - Move cursor to the beginning of the line
• ALT + F - Jump forward to next space
• ALT + B - Skip back to previous space
• ALT + Backspace - Delete previous word
• CTRL + W - Cut word behind cursor
• Shift + Insert - Pastes text into terminal

Just so that the commands above make sense look at the next line of text.

sudo apt-get intall programname

As you can see I have a spelling error and for the command to work I would need to change "intall" to "install".
Imagine the cursor is at the end of the line. There are various ways to get back to the word install to change it.
I could press ALT + B twice which would put the cursor in the following position (denoted by the ^ symbol):

sudo apt-get^intall programname

Now you could press the cursor key and insert the ''s' into install.
Another useful command is "shift + insert" especially If you need to copy text from a browser into the terminal.

2.  SUDO !!

You are going to really thank me for the next command if you don't already know it because until you know this exists you curse yourself every time you enter a command and the words "permission denied" appear.

• sudo !!

How do you use sudo !!? Simply. Imagine you have entered the following command:

apt-get install ranger

The words "Permission denied" will appear unless you are logged in with elevated privileges.
sudo !! runs the previous command as sudo. So the previous command now becomes:

sudo apt-get install ranger

If you don't know what sudo is start here.

3.  Pausing Commands And Running Commands In The Background

I have already written a guide showing how to run terminal commands in the background.

• CTRL + Z - Pauses an application
• fg - Returns you to the application

So what is this tip about?
Imagine you have opened a file in nano as follows:

sudo nano abc.txt

Halfway through typing text into the file you realise that you quickly want to type another command into the terminal but you can't because you opened nano in foreground mode.
You may think your only option is to save the file, exit nano, run the command and then re-open nano.
All you have to do is press CTRL + Z and the foreground application will pause and you will be returned to the command line. You can then run any command you like and when you have finished return to your previously paused session by entering "fg" into the terminal window and pressing return.
An interesting thing to try out is to open a file in nano, enter some text and pause the session. Now open another file in nano, enter some text and pause the session. If you now enter "fg" you return to the second file you opened in nano. If you exit nano and enter "fg" again you return to the first file you opened within nano.

4.  Use nohup To Run Commands After You Log Out Of An SSH Session

The nohup command is really useful if you use the ssh command to log onto other machines.
So what does nohup do?
Imagine you are logged on to another computer remotely using ssh and you want to run a command that takes a long time and then exit the ssh session but leave the command running even though you are no longer connected then nohup lets you do just that.
For instance I use my Raspberry PI to download distributions for review purposes.
I never have my Raspberry PI connected to a display nor do I have a keyboard and mouse connected to it.
I always connect to the Raspberry PI via ssh from a laptop. If I started downloading a large file on the Raspberry PI without using the nohup command then I would have to wait for the download to finish before logging off the ssh session and before shutting down the laptop. If I did this then I may as well have not used the Raspberry PI to download the file at all.
To use nohup all I have to type is nohup followed by the command as follows:

nohup wget http://mirror.is.co.za/mirrors/linuxmint.com/iso//stable/17.1/linuxmint-17.1-cinnamon-64bit.iso &

5.  Running A Linux Command 'AT' A Specific Time

The 'nohup' command is good if you are connected to an SSH server and you want the command to remain running after logging out of the SSH session.
Imagine you want to run that same command at a specific point in time.
The 'at' command allows you to do just that. 'at' can be used as follows.

at 10:38 PM Fri
at> cowsay 'hello'
at> CTRL + D

The above command will run the program cowsay at 10:38 PM on Friday evening.
The syntax is 'at' followed by the date and time to run.
When the at> prompt appears enter the command you want to run at the specified time.
The CTRL + D returns you to the cursor.
There are lots of different date and time formats and it is worth checking the man pages for more ways to use 'at'.

6.  Man Pages

Man pages give you an outline of what commands are supposed to do and the switches that can be used with them.
The man pages are kind of dull on their own. (I guess they weren't designed to excite us).
You can however do things to make your usage of man more appealing.

export PAGER=most

You will need to install 'most; for this to work but when you do it makes your man pages more colourful.
You can limit the width of the man page to a certain number of columns using the following command:

export MANWIDTH=80

Finally, if you have a browser available you can open any man page in the default browser by using the -H switch as follows:

man -H

Note this only works if you have a default browser set up within the $BROWSER environment variable.

7.  Use htop To View And Manage Processes

Which command do you currently use to find out which processes are running on your computer? My bet is that you are using 'ps' and that you are using various switches to get the output you desire.
Install 'htop'. It is definitely a tool you will wish that you installed earlier.
htop provides a list of all running processes in the terminal much like the file manager in Windows.
You can use a mixture of function keys to change the sort order and the columns that are displayed. You can also kill processes from within htop.
To run htop simply type the following into the terminal window:

htop

8.  Navigate The File System Using ranger

If htop is immensely useful for controlling the processes running via the command line then ranger is immensely useful for navigating the file system using the command line.
You will probably need to install ranger to be able to use it but once installed you can run it simply by typing the following into the terminal:

ranger

The command line window will be much like any other file manager but it works left to right rather than top to bottom meaning that if you use the left arrow key you work your way up the folder structure and the right arrow key works down the folder structure.
It is worth reading the man pages before using ranger so that you can get used to all keyboard switches that are available.

9.  Cancel A Shutdown

So you started the shutdown either via the command line or from the GUI and you realised that you really didn't want to do that.

• shutdown -c

Note that if the shutdown has already started then it may be too late to stop the shutdown.
Another command to try is as follows:

• pkill shutdown

10.  Killing Hung Processes The Easy Way

Imagine you are running an application and for whatever reason it hangs.
You could use 'ps -ef' to find the process and then kill the process or you could use 'htop'.
There is a quicker and easier command that you will love called xkill.
Simply type the following into a terminal and then click on the window of the application you want to kill.

xkill

What happens though if the whole system is hanging?
Hold down the 'alt' and 'sysrq' keys on your keyboard and whilst they are held down type the following slowly:

REISUB

This will restart your computer without having to hold in the power button.

11.  Download Youtube Videos

Generally speaking most of us are quite happy for Youtube to host the videos and we watch them by streaming them through our chosen media player.
If you know you are going to be offline for a while (i.e. due to a plane journey or travelling between the south of Scotland and the north of England) then you may wish to download a few videos onto a pen drive and watch them at your leisure.
All you have to do is install youtube-dl from your package manager.
You can use youtube-dl as follows:

youtube-dl url-to-video

You can get the url to any video on Youtube by clicking the share link on the video's page. Simply copy the link and paste it into the command line (using the shift + insert shortcut).

Summary

I hope that you found this list useful and that you are thinking "i didn't know you could do that" for at least 1 of the 11 items listed.

http://www.linuxtechi.com/linux-shell-scripting-interview-questions-answers

Q:1 What is Shell Script and why it is required ?

Q:2 What is the default login shell and how to change default login shell for a specific user ?

Q:3 What are the different type of variables used in a shell Script ?

Ans: In a shell script we can use two types of variables :

• System defined variables
• User defined variables

System defined variables are defined or created by Operating System(Linux) itself. These variables are generally defined in Capital Letters and can be viewed by “set” command.
User defined variables are created or defined by system users and the values of variables can be viewed by using the command “echo $”

Q:4 How to redirect both standard output and standard error to the same location ?

Q:5 What is the Syntax of “nested if statement” in shell scripting ?

Q:6 What is the use of “$?” sign in shell script ?

ls: cannot access /usr/bin/share: No such file or directory
root@localhost:~# echo $?
2

Q:7 How to compare numbers in Linux shell Scripting ?

Q:8 What is the use of break command ?

Q:9 What is the use of continue command in shell scripting ?

Q:10 Tell me the Syntax of “Case statement” in Linux shell scripting ?

Q:11 What is the basic syntax of while loop in shell scripting ?

Q:12 How to make a shell script executable ?

Q:13 What is the use of “#!/bin/bash” ?

Q:14 What is the syntax of for loop in shell script ?

Ans: Basic Syntax of for loop is given below :
for variables in list_of_items
do
command1
command2
….
last_command
done

Q:15 How to debug a shell script ?

Q:16 How compare the strings in shell script ?

Q:17 What are the Special Variables set by Bourne shell for command line arguments ?

Special Variables	Holds
$0	Name of the Script from the command line
$1	First Command-line argument
$2	Second Command-line argument
…..	…….
$9	Ninth Command line argument
$#	Number of Command line arguments
$*	All Command-line arguments, separated with spaces

Q:18 How to test files in a shell script ?

Test	Usage
-d file_name	Returns true if the file exists and is a directory
-e file_name	Returns true if the file exists
-f file_name	Returns true if the file exists and is a regular file
-r file_name	Returns true if the file exists and have read permissions
-s file_name	Returns true if the file exists and is not empty
-w file_name	Returns true if the file exists and have write permissions
-x file_name	Returns true if the file exists and have execute permissions

Q:19 How to put comments in your shell script ?

Q:20 How to get input from the terminal for shell script ?

Q:21 How to unset or de-assign variables ?

Q:22 How to perform arithmetic operation ?

Q:23 Basic Syntax of do-while statement ?

Q:24 How to define functions in shell scripting ?

Q:25 How to use bc (bash calculator) in a shell script ?

https://opensource.com/resources/open-source-jobs-and-careers

http://xmodulo.com/remote-incremental-backup-luks-encrypted-disk-partition.html

Some of us have our hard drives at home or on a VPS encrypted by Linux Unified Key Setup (LUKS) for security reasons, and these drives can quickly grow to tens or hundreds of GBs in size. So while we enjoy the security of our LUKS device, we may start to think about a possible remote backup solution. For secure off-site backup, we will need something that operates at the block level of the encrypted LUKS device, and not at the un-encrypted file system level. So in the end we find ourselves in a situation where we will need to transfer the entire LUKS device (let's say 200GB for example) each time we want to make a backup. Clearly not feasible. How can we deal with this problem?

A Solution: Bdsync

This is when a brilliant open-source tool called Bdsync (thanks to Rolf Fokkens) comes to our rescue. As the name implies, Bdsync can synchronize "block devices" over network. For fast synchronization, Bdsync generates and compares MD5 checksums of blocks in the local/remote block devices, and sync only the differences. What rsync can do at the file system level, Bdsync can do it at the block device level. Naturally, it works with encrypted LUKS devices as well. Pretty neat!
Using Bdsync, the first-time backup will copy the entire LUKS block device to a remote host, so it will take a lot of time to finish. However, after that initial backup, if we make some new files on the LUKS device, the second backup will be finished quickly because we will need to copy only that blocks which have been changed. Classic incremental backup at play!

Install Bdsync on Linux

Bdsync is not included in the standard repositories of Linux distributions. Thus you need to build it from the source. Use the following distro-specific instructions to install Bdsync and its man page on your system.

Debian, Ubuntu or Linux Mint

Fedora or CentOS/RHEL

Perform Off-site Incremental Backup of LUKS-Encrypted Device

I assume that you have already provisioned a LUKS-encrypted block device as a backup source (e.g., /dev/LOCDEV). I also assume that you have a remote host where the source device will be backed up (e.g., as /dev/REMDEV).
You need to access the root account on both systems, and set up password-less SSH access from the local host to a remote host. Finally, you need to install Bdsync on both hosts.
To initiate a remote backup process on the local host, we execute the following command as the root:
Some explanations are needed here. Bdsync client will open an SSH connection to the remote host as the root, and execute Bdsync client with --server option. As clarified, /dev/LOCDEV is our source LUKS block device on the local host, and /dev/REMDEV is the target block device on the remote host. They could be /dev/sda (for an entire disk) or /dev/sda2 (for a single partition). The output of the local Bdsync client is then piped to gzip, which creates DEV.bdsync.gz (so-called binary patch file) in the local host.
The first time you run the above command, it will take very long time, depending on your Internet/LAN speed and the size of /dev/LOCDEV. Remember that you must have two block devices (/dev/LOCDEV and /dev/REMDEV) with the same size.
The next step is to copy the generated patch file from the local host to the remote host. Using scp is one possibility:
The final step is to execute the following command on the remote host, which will apply the patch file to /dev/REMDEV:
I recommend doing some tests with small partitions (without any important data) before deploying Bdsync with real data. After you fully understand how the entire setup works, you can start backing up real data.

Conclusion

In conclusion, we showed how to use Bdsync to perform incremental backups for LUKS devices. Like rsync, only a fraction of data, not the entire LUKS device, is needed to be pushed to an off-site backup site at each backup, which saves bandwidth and backup time. Rest assured that all the data transfer is secured by SSH or SCP, on top of the fact that the device itself is encrypted by LUKS. It is also possible to improve this setup by using a dedicated user (instead of the root) who can run bdsync. We can also use bdsync for ANY block device, such as LVM volumes or RAID disks, and can easily set up Bdsync to back up local disks on to USB drives as well. As you can see, its possibility is limitless!
Feel free to share your thought.

https://www.howtoforge.com/tutorial/linux-raid-replace-failed-harddisk


This guide shows how to remove a failed hard drive from a Linux RAID1 array (software RAID), and how to add a new hard disk to the RAID1 array without losing data. I will use gdisk to copy the partition scheme, so it will work with large harddisks with GPT (GUID Partition Table) too.

1 Preliminary Note

In this example I have two hard drives, /dev/sda and /dev/sdb, with the partitions /dev/sda1 and /dev/sda2 as well as /dev/sdb1 and /dev/sdb2.
/dev/sda1 and /dev/sdb1 make up the RAID1 array /dev/md0.
/dev/sda2 and /dev/sdb2 make up the RAID1 array /dev/md1.
/dev/sdb has failed, and we want to replace it.

2 How Do I Tell If A Hard Disk Has Failed?

If a disk has failed, you will probably find a lot of error messages in the log files, e.g. /var/log/messages or /var/log/syslog.
You can also run
and instead of the string [UU] you will see [U_] if you have a degraded RAID1 array.

3 Removing The Failed Disk

To remove /dev/sdb, we will mark /dev/sdb1 and /dev/sdb2 as failed and remove them from their respective RAID arrays (/dev/md0 and /dev/md1).
First we mark /dev/sdb1 as failed:
The output of
should look like this:
Then we remove /dev/sdb1 from /dev/md0:
The output should be like this:
And
should show this:
Now we do the same steps again for /dev/sdb2 (which is part of /dev/md1):
Then power down the system:
and replace the old /dev/sdb hard drive with a new one (it must have at least the same size as the old one - if it's only a few MB smaller than the old one then rebuilding the arrays will fail).

4 Adding The New Hard Disk

After you have changed the hard disk /dev/sdb, boot the system.
The first thing we must do now is to create the exact same partitioning as on /dev/sda. We can do this with the command sgdisk from the gdisk package. If you havent installed gdisk yet, run this command to install it on Debian and Ubuntu:
For RedHat based Linux distributions like CentOS use:
and for OpenSuSE use:
The next step is optional but recomended. To ensure that you have a backup of the partition scheme, you can use sgdisk to write the partition schemes of both disks into a file. I will store the backup in the /root folder.
In case of a failure you can restore the partition tables with the --load-backup option of the sgdisk command.
Now copy the partition scheme from /dev/sda to /dev/sdb run:
afterwards you have to randomize the GUID on the new harddisk to ensure that they are unique
You can run
to check if both hard drives have the same partitioning now.
Next we add /dev/sdb1 to /dev/md0 and /dev/sdb2 to /dev/md1:
Now both arays (/dev/md0 and /dev/md1) will be synchronized. Run
to see when it's finished.
During the synchronization the output will look like this:
When the synchronization is finished, the output will look like this:
That's it, you have successfully replaced /dev/sdb!

https://www.howtoforge.com/tutorial/hpl-high-performance-linpack-benchmark-raspberry-pi

Benchmarking is the process of running some of the standard programs to evaluate the speed achieved by a system. There are a number of standard bechmarking programs and in this tutorial we benchmark the Linux system using a well known program called the HPL, also known as High Performance Linpack.

Introduction

In this tutorial we cover how to go about benchmarking a single processor system, the Raspberry Pi. First we will benchmark a single node, and then continue to benchmark multiple nodes, each node representing a Raspberry Pi. There are a few things to be noted here. Firstly, benchmarking a single node or multiple nodes has a few dependencies to be satisfied which will be covered in this tutorial. BUT, on multiple nodes there are even more dependencies like the MPI implementation (like MPICH or OpenMPI) has to be built and running for the HPL to work. So for benchmarking multiple nodes, I assume that your nodes have MPICH installed and running.

What is HPL?

HPL is a software package that solves a (random) dense linear system in double precision (64 bits) arithmetic on distributed-memory computers. The HPL package provides a testing and timing program to quantify the accuracy of the obtained solution as well as the time it took to compute it. The best performance achievable by this software on your system depends on a large variety of factors. This implementation is scalable in the sense that their parallel efficiency is maintained constant with respect to the per processor memory usage. Thus we can use this to benchmark a single processor or a series of distributed processors in parallel. So lets begin installing HPL.

1 Installing dependencies

HPL has a few software dependencies that have to be satisfied before it can be installed. They are:

• gfortran - fortran program compiler
• MPICH2 - an implementation of MPI
• mpich2-dev - development tools
• BLAS - Basic Linear Algebra Subprograms

Here we assume that you have MPICH2 installed. To install other dependencies and packages, use the following command:
Only this step has to be repeated in each of the nodes (Pis) present in the cluster.

2 Download HPL and set it up

Download the HPL package from here. The next thing to do is extract the tar file and create a makefile based on the given template. Open the terminal and change the directory to where the downloaded HPL tar file is stored. Execute the following set of commands one after another.
The last command copies the contents of Make.UNKNOWN to Make.rpi . We do this is because, the make file contains all the configuration details of the system ( The raspberry pi) and also the details various libraries such as mpich2, atlas/blas packages, home directory, etc. In the next step, we make changes to the Make.rpi file.

3 Adjust the Make.rpi file

This is an important step. Changes shown below vary according to your system. Here I show it with respect to my system. Please note that the following changes have parameters shown which are spread throughout the Make.rpi file. So I suggest you to find each parameter and replace or add the changes and only then continue to the next parameter.
Open the Make.rpi file using a text editor using the command:
Make the following changes to the file.

ARCH         = rpi
TOPdir       = $(HOME)/hpl-2.1
MPdir        = /usr/local/mpich2
MPinc        = -I $(MPdir)/include
MPlib        = $(MPdir)/lib/libmpich.a
LAdir        = /usr/lib/atlas-base/
LAlib        = $(LAdir)/libf77blas.a $(LAdir)/libatlas.a

4 Compiling the HPL

Once the Make file is ready, we can start with the compilation of the HPL. The ".xhpl" file will be present in the "bin/rpi" folder within the HPL folder. Run the following command:

5 Creating the HPL input file

The following is an example of the "HPL.dat" file. This is the input file for HPL when it is run. The values provided in this file is used to generate and compute the problem. You can use this file directly to run tests for a single node. Create a file within the "bin/rpi" folder and name it "HPL.dat". copy the contents below into that file.

HPLinpack benchmark input file
Innovative Computing Laboratory, University of Tennessee
HPL.out      output file name (if any)
6            device out (6=stdout,7=stderr,file)
1            # of problems sizes (N)
5040         Ns
1            # of NBs
128          NBs
0            PMAP process mapping (0=Row-,1=Column-major)
1            # of process grids (P x Q)
1            Ps
1            Qs
16.0         threshold
1            # of panel fact
2            PFACTs (0=left, 1=Crout, 2=Right)
1            # of recursive stopping criterium
4            NBMINs (>= 1)
1            # of panels in recursion
2            NDIVs
1            # of recursive panel fact.
1            RFACTs (0=left, 1=Crout, 2=Right)
1            # of broadcast
1            BCASTs (0=1rg,1=1rM,2=2rg,3=2rM,4=Lng,5=LnM)
1            # of lookahead depth
1            DEPTHs (>=0)
2            SWAP (0=bin-exch,1=long,2=mix)
64           swapping threshold
0            L1 in (0=transposed,1=no-transposed) form
0            U  in (0=transposed,1=no-transposed) form
1            Equilibration (0=no,1=yes)
8            memory alignment in double (> 0)

The contents of this file has to be varied by trial and error method, till one gets an output that is satisfactory. To know about each of the parameter and how to change it refer to a paper here. To skip to the main point, start reading from Page no. 6 in that document.

6 Running HPL on single node

Once the HPL.dat file is ready, we can run the HPL. The HPL.dat file above is for a single node or processor. The product of the P*Q values in the above file give the number of processors the HPL is being tested for. Thus from the above file P=1 and Q=1 , 1*1=1, so it is for a single processor. Now to run it use the commands:
The output looks something similar to what is shown below:

================================================================================
HPLinpack 2.1  --  High-Performance Linpack benchmark  --   October 26, 2012
Written by A. Petitet and R. Clint Whaley,  Innovative Computing Laboratory, UTK
Modified by Piotr Luszczek, Innovative Computing Laboratory, UTK
Modified by Julien Langou, University of Colorado Denver
================================================================================

An explanation of the input/output parameters follows:
T/V    : Wall time / encoded variant.
N      : The order of the coefficient matrix A.
NB     : The partitioning blocking factor.
P      : The number of process rows.
Q      : The number of process columns.
Time   : Time in seconds to solve the linear system.
Gflops : Rate of execution for solving the linear system.

The following parameter values will be used:

N      :   5040 
NB     :     128 
PMAP   : Row-major process mapping
P      :       1 
Q      :       1 
PFACT  :   Right 
NBMIN  :       4 
NDIV   :       2 
RFACT  :   Crout 
BCAST  :  1ringM 
DEPTH  :       1 
SWAP   : Mix (threshold = 64)
L1     : transposed form
U      : transposed form
EQUIL  : yes
ALIGN  : 8 double precision words

--------------------------------------------------------------------------------

- The matrix A is randomly generated for each test.
- The following scaled residual check will be computed:
      ||Ax-b||_oo / ( eps * ( || x ||_oo * || A ||_oo + || b ||_oo ) * N )
- The relative machine precision (eps) is taken to be               1.110223e-16
- Computational tests pass if scaled residuals are less than                16.0

Also, we have to concentrate on the final result. The final output that comes on the terminal will look similar as shown below. The last value gives the speed and the values before that show the different parameters provided. In the below content ,the speed is shown in Gflops and its value is around 1.21e-01 Gflops , which when converted gives 121 Mega FLOPS (MFLOPS).

================================================================================
T/V                N    NB     P     Q               Time                 Gflops
--------------------------------------------------------------------------------
WR11C2R4       21400   128     3    11              537.10              1.210e-01
HPL_pdgesv() start time Mon Jun 23 17:29:42 2014

HPL_pdgesv() end time   Mon Jun 23 17:55:19 2014

--------------------------------------------------------------------------------
||Ax-b||_oo/(eps*(||A||_oo*||x||_oo+||b||_oo)*N)=        0.0020152 ...... PASSED
================================================================================

Please note that depending your Raspberry Pi the speed and the time taken might be significantly different. So please do not use these results as a comparison to your node or cluster.

7 Running HPL on multiple nodes

When we want to run HPL for multiple nodes, we will have to change the HPL.dat file. Here lets assume that we have 32 nodes. So the product of P*Q should be 32. I chose P=4 , Q=8 thus 4*8=32. So apart from this change, we will have to change value of N, from trial and error, we got the maximum speed for N=17400. The final file content is shown below. make those changes accordingly in your "HPL.dat" file.

HPLinpack benchmark input file
Innovative Computing Laboratory, University of Tennessee
HPL.out      output file name (if any)
6            device out (6=stdout,7=stderr,file)
1            # of problems sizes (N)
17400         Ns
1            # of NBs
128          NBs
0            PMAP process mapping (0=Row-,1=Column-major)
1            # of process grids (P x Q)
4            Ps
8            Qs
16.0         threshold
1            # of panel fact
2            PFACTs (0=left, 1=Crout, 2=Right)
1            # of recursive stopping criterium
4            NBMINs (>= 1)
1            # of panels in recursion
2            NDIVs
1            # of recursive panel fact.
1            RFACTs (0=left, 1=Crout, 2=Right)
1            # of broadcast
1            BCASTs (0=1rg,1=1rM,2=2rg,3=2rM,4=Lng,5=LnM)
1            # of lookahead depth
1            DEPTHs (>=0)
2            SWAP (0=bin-exch,1=long,2=mix)
64           swapping threshold
0            L1 in (0=transposed,1=no-transposed) form
0            U  in (0=transposed,1=no-transposed) form
1            Equilibration (0=no,1=yes)
8            memory alignment in double (> 0)

Once this is done we will have to run the HPL again. Use the following command. Remember to change the path in the command below to represent the path of machine file in your system.
The result of this will be similar to as shown above for one node, but it will definitely have a higher speed.
This kind of changes can be done depending on the number of nodes or processors in the system and the benchmark results can be found out. And as I mentioned earlier, to know more about how to set the values in the HPL.dat file, head over to the document here and give it a read.

http://www.blackmoreops.com/2015/02/14/linux-file-system-hierarchy

What is a file in Linux? What is file system in Linux? Where are all the configuration files? Where do I keep my downloaded applications? Is there really a filesystem standard structure in Linux? Well, the above image explains Linux file system hierarchy in a very simple and non-complex way. It’s very useful when you’re looking for a configuration file or a binary file. I’ve added some explanation and examples below, but that’s TLDR.

What is a file in Linux?

A simple description of the UNIX system, also applicable to Linux, is this:

On a UNIX system, everything is a file; if something is not a file, it is a process.

This statement is true because there are special files that are more than just files (named pipes and sockets, for instance), but to keep things simple, saying that everything is a file is an acceptable generalization. A Linux system, just like UNIX, makes no difference between a file and a directory, since a directory is just a file containing names of other files. Programs, services, texts, images, and so forth, are all files. Input and output devices, and generally all devices, are considered to be files, according to the system.

In order to manage all those files in an orderly fashion, man likes to think of them in an ordered tree-like structure on the hard disk, as we know from MS-DOS (Disk Operating System) for instance. The large branches contain more branches, and the branches at the end contain the tree’s leaves or normal files. For now we will use this image of the tree, but we will find out later why this is not a fully accurate image.

Types of files in Linux

Most files are just files, called regular files; they contain normal data, for example text files, executable files or programs, input for or output from a program and so on.
While it is reasonably safe to suppose that everything you encounter on a Linux system is a file, there are some exceptions.

• Directories: files that are lists of other files.
• Special files: the mechanism used for input and output. Most special files are in /dev, we will discuss them later.
• Links: a system to make a file or directory visible in multiple parts of the system’s file tree. We will talk about links in detail.
• (Domain) sockets: a special file type, similar to TCP/IP sockets, providing inter-process networking protected by the file system’s access control.
• Named pipes: act more or less like sockets and form a way for processes to communicate with each other, without using network socket semantics.

File system in reality

For most users and for most common system administration tasks, it is enough to accept that files and directories are ordered in a tree-like structure. The computer, however, doesn’t understand a thing about trees or tree-structures.
Every partition has its own file system. By imagining all those file systems together, we can form an idea of the tree-structure of the entire system, but it is not as simple as that. In a file system, a file is represented by an inode, a kind of serial number containing information about the actual data that makes up the file: to whom this file belongs, and where is it located on the hard disk.
Every partition has its own set of inodes; throughout a system with multiple partitions, files with the same inode number can exist.
Each inode describes a data structure on the hard disk, storing the properties of a file, including the physical location of the file data. When a hard disk is initialized to accept data storage, usually during the initial system installation process or when adding extra disks to an existing system, a fixed number of inodes per partition is created. This number will be the maximum amount of files, of all types (including directories, special files, links etc.) that can exist at the same time on the partition. We typically count on having 1 inode per 2 to 8 kilobytes of storage.
At the time a new file is created, it gets a free inode. In that inode is the following information:

• Owner and group owner of the file.
• File type (regular, directory, …)
• Permissions on the file
• Date and time of creation, last read and change.
• Date and time this information has been changed in the inode.
• Number of links to this file (see later in this chapter).
• File size
• An address defining the actual location of the file data.

The only information not included in an inode, is the file name and directory. These are stored in the special directory files. By comparing file names and inode numbers, the system can make up a tree-structure that the user understands. Users can display inode numbers using the -i option to ls. The inodes have their own separate space on the disk.

http://www.linuxjournal.com/content/real-time-rogue-wireless-access-point-detection-raspberry-pi

Years ago, I worked for an automotive IT provider, and occasionally we went out to the plants to search for rogue Wireless Access Points (WAPs). A rogue WAP is one that the company hasn't approved to be there. So if someone were to go and buy a wireless router, and plug it in to the network, that would be a rogue WAP. A rogue WAP also could be someone using a cell phone or MiFi as a Wi-Fi hotspot.

The tools we used were laptops with Fluke Networks' AirMagnet, at the time a proprietary external Wi-Fi card and the software dashboard. The equipment required us to walk around the plants—and that is never safe due to the product lines, autonomous robots, parts trucks, HiLos, noise, roof access and so on. Also when IT people are walking around with laptops, employees on site will take notice. We became known, and the people with the rogue WAPs would turn them off before we could find the devices.

The payment card industry, with its data security standard (PCI-DSS), is the only one I could find that requires companies to do quarterly scans for rogue WAPs. Personally, I have three big problems with occasional scanning. One, as I said before, rogue WAPs get turned off during scans and turned back on after. Two, the scans are just snapshots in time. A snapshot doesn't show what the day-to-day environment looks like, and potential problems are missed. Third, I think there is more value for every company to do the scans, regardless of whether they're required.

Later, when I was a network engineer at a publishing company, I found it was good to know what was on my employer's network. The company wanted to know if employees followed policy. The company also was worried about data loss, especially around a couple projects. Other companies near us had set up their own wireless networks that caused interference with the ones we ran. Finally, I had to worry about penetration testers using tools like the WiFi Pineapple and the Pwn Plug. These allow network access over Wi-Fi beyond the company's physical perimeter.

One thing I always wanted was a passive real-time wireless sensor network to watch for changes in Wi-Fi. A passive system, like Kismet and Airodump-NG, collects all the packets in the radio frequency (RF) that the card can detect and displays them. This finds hidden WAPs too, by looking at the clients talking to them. In contrast, active systems, like the old Netsumbler, try to connect WAPs by broadcasting null SSID probes and displaying the WAPs that reply back. This misses hidden networks.

A couple years ago, I decided to go back to school to get a Bachelor's degree. I needed to find a single credit hour to fill for graduation. That one credit hour became an independent study on using the Raspberry Pi (RPi) to create a passive real-time wireless sensor network.

About the same time I left the automotive job, Larry Pesce of the SANS Institute wrote "Discovering Rogue Wireless Access Points Using Kismet and Disposable Hardware". This was a paper about real-time wireless sensors using the Linksys WRT54GL router and OpenWRT. But, I didn't find out about that until I had already re-invented the wheel with the RPi.

Today lots of wireless intrusion detection systems exist on the market, but as listed in the Hardware sidebar, mine cost me little more than $400.00 USD to make. Based on numbers I could get, via Google Shopping, using Cisco Network's Wireless IDS data sheet from 2014, a similar set up would have cost about $11,500 USD. I've been told by a wireless engineer I know that he was quoted about twice that for just one piece of hardware from the Cisco design.

Hardware

Below is the hardware per sensor—your prices may vary depending on where you buy and what's on sale.

Cost of parts: $69.95 per sensor; I used six Raspberry Pis in the project.

Raspberry Pi Wireless Sensor Drone:

• Raspberry Pi Model B: $35.00 (found on sale for $29.99).
• 5v 1amp power supply: $9.99.
• Plastic Raspberry Pi case: $8.99.
• TP-Link TL-WN722N: $14.99.
• Class 10 SDHC 8-gigabit Flash card: $5.99.

Network:

• Cat 5e cable between 25–50' long: already had.
• Linksys WRT54GL: already had.
• Linksys 16-port workgroup switch: already had.

Monitor and Kismet Sever:

• Laptop running Xubuntu Linux VM: already had.

When I started looking into using the RPi for this, I kept coming across people using the RPi and Kismet for war driving, war walking and war biking. David Bryan of Trustwave's Spider Labs did a blog post in 2012 called "Wardrive, Raspberry Pi Style!" where he talked about using Kismet with the RPi to track WAPs on his walk and drive around his area. He used a USB GPS device to map out where the access points were.

Because the RPis are used as stationary devices, I didn't need GPS. One thing I did need though was a rough idea of where to place the sensors. Based on readings, Wi-Fi is good for about 328 feet (100 meters) with the omnidirectional antenna being used on the TP-Link card indoors. Having the existing wireless survey (or doing one) will be useful (see Wireless Survey sidebar). It will let you know where the existing WAPs are. This information also could come from the network documentation, if it exists. It is important to keep the detectors from being overpowered by approved access points. The wireless survey or network documentation also should provide the BSSIDs for the approved devices to be filtered out.

Wireless Survey

A wireless survey is usually a map of a building or location showing the signal strengths associated with wireless access points. Surveys are usually the first step when a new wireless network is installed. Surveys give the installers how many WAPs are needed, where they should be spaced, and what channels would be best to use in those areas.

Surveys normally are done with a WAP and a Wi-Fi-enabled device. The WAP is placed in a location, and signal strength is recorded as the client is moved around the area.

A rogue WAP or a survey WAP can be built from a Raspberry Pi with a wireless card and Hostapd.

Most on-line documentation for a Hostapd WAP says to bridge the network cards on the RPi. This can be skipped if the WAP will not be used with clients that connect to the Internet.

The RPis have no shortage of operating systems to run. My choice for this project was to run Kali Linux on the RPi, with Airodump-NG and Kismet. Originally, it was going to be just Kali and Kismet, but I ran into some limitations. The reason I chose Kali for this project, was the hardware drivers for the network card I used didn't need to be recompiled. Kali also came with Airodump-NG preinstalled, and an apt-get update && apt-get install kismet took care of installing the rest of what I needed.

Kali Linux:

Kali Linux is the new version of Backtrack Linux—one of the specialized Linux distributions for penetration testing and security. It is currently based off Debian Linux, with security-focused tools preinstalled. Kali runs everything via the root login.

Kali has builds available as ISOs and VMware images in 64-bit, 32-bit and custom-built ARM images for single card boards, Chrome OS and Android OS devices.

Airodump-NG

Airodump is a raw 802.11 packet capture device. It is part of the Aircrack-NG suite. Normally, Airodump-NG will capture a file of packets to be cracked by Aircrack-NG. However, in my case, I wanted the feature where Airodump-NG can list the clients and access points it sees around it, which is about 300 feet indoors (this distance is based on documentation by the 802.11 standard).

What Is Kismet?

Kismet is an 802.11 wireless network detector, sniffer and intrusion detection system. Kismet will work with any wireless card that supports raw monitoring mode, and it can sniff 802.11b, 802.11a, 802.11g and 802.11n traffic (devices and drivers permitting).

Kismet also sports a plugin architecture allowing for additional non-802.11 protocols to be decoded.
Kismet identifies networks by passively collecting packets and detecting networks, which allows it to detect (and given time, expose the names of) hidden networks and the presence of non-beaconing networks via data traffic.

Kismet has two modes that can be run. The first is the Kismet Server, which the Kismet User Interface (Kismet UI) connects to (Figure 1). The Kismet UI shows the WAP name, if is an access point or not, encrypted or not, the channel and other information. The "seen by" column is the list of capture sources that saw the WAPs.
Figure 1. Kismet Network List

Kismet calls the remote sensors drones. They're configured through the kismet drone configuration file in /etc/kismet/kismet_drone.conf. I found the documentation for setting up this part rather sparse. Everything I found spanned multiple years and didn't go into too much detail.

When I configured my drones, I set one up first and then cloned the SD card with the dd command. I copied the cloned image to the other SD cards, again using dd. To speed up dd, set the block size to about half the computer's memory.

Making the drones this way did cause a problem with the wireless network cards. Use ifconfig to see what cards the system lists. As you can see from the screenshot shown in Figure 2, my drone02 has the wireless card listed as wlan1, and it is already in monitor mode. After the drives were all cloned, I just had to go in and make minor configuration changes—besides the wireless card change.
Figure 2. iconfig Screenshot

The Raspberry Pi uses about 750 mAh, and a 5-volt 1-amp power supply doesn't put enough power out to start the wireless card after the Raspberry Pi is booted. Many of the forums I read said that you need something that puts out 1.5–2.1 amps. I found that plugging in the card first prevents the extra draw, and I didn't have a problem.

In the steps below, if you plug in the Wi-Fi card after booting, you risk a power drop to the Raspberry Pi. The loss of power will crash the RPi, and the SD card could be corrupted.

Configuring the Raspberry Pi with Kali

First, download the Kali Raspberry Pi distro from the Kali Linux Web site.

Copy the image to the SD card with the dd command or a tool like Win32DiskImage in Windows. This creates a bit-for-bit copy of the image on the SD card. It is similar to burning an ISO to a DVD or CD.

Put the SD card into the RPi. Then, attach the Wi-Fi card you're using to a USB port.

Attach a Cat5, Cat5e or Cat6 cable to the Ethernet port. Wired is used to communicate data to the network to prevent problems with the wireless card in monitor mode.

Plug in the micro USB cable to turn on the RPi. Next, ssh to the device. You may need to do a port scan with nmap to find the RPi. Alternatively, you can use a monitor and keyboard to access the console directly. Again, have all peripherals plugged in prior to plugging in the power.

The login is "root", and the password is "toor".

Configure the Kismet Drone

Configure eth0 with a static IP address like in the static IP address screenshot (Figure 3). This is done under /etc/network/interfaces.
Figure 3. Static IP Address Screenshot

Restart the networking with service networking restartor reboot. If you connected via SSH, you'll have to reconnect.

Next, edit /etc/kismet/kismet_drone.conf. I have included a screenshot (Figure 4), but below are settings I used, and the fields that need to be changed.
Figure 4. drone.conf

Set the following either to something that makes sense to you or the right information for your network and device. I used what I have configured for the examples.

Name the drone with servername. This will show up in the bottom of the Kismet UI and logs when connecting.

Use dronelisten to set the protocol, interface's IP address and port for the drone is to listen on for servers' connection.

 List what servers can talk to this drone with allowedhosts. This can be a whole network using CIDR notation or just individual boxes on the network, and also allow the drone to talk to itself with  
droneallowedhosts.

Set the maximum number of servers that can talk to the drone with dronemaxclients.

Set the max backlog of packets for the kismet drone with droneringlen. Smaller than what I have might be better. I had problems with drone04 crashing. It also was the one that saw the most networks.

Turn off GPS with gps=false. You don't need it since these are stationary devices and you should know where they are.

Set the capture source, ncsource. This tells the system what interface to use and driver to use for that card:

servername=Kismet-Drone-pi2
dronelisten=tcp://192.168.1.12:2502
allowedhosts=192.168.1.65
droneallowedhosts==127.0.0.1
dronemaxclients=10
droneringlen=65535
gps=false
ncsource=wlan1:type=ath5k

The rest of the options I left set to default. Unless you're in a country that uses more B/G channels than the US, there is nothing that needs to be modified.

The last thing to configure on the drones is the /etc/rc.local file. This will start the kismet drone program in the background when the RPi powers on. Add these two lines before the exit 0 so yours looks like the code below:

# start kistmet
 /usr/bin/kismet_drone --daemonize

exit 0 

Configure the Kismet Server on a PC or Server for the Drone Sensors

There are two settings to change in /etc/kismet/kismet.conf. The first is in the ncsource. The second is the filter_tracking.

The line below and related screen capture (Figure 5) tell Kismet what its capture sources are. In this case, nothing local is being used, just the drones. Repeat this line for each drone, with the proper information:

ncsource=drone:host=192.168.1.12,port=2502,name=i2

The line says the source is a drone, the drone's IP address, what port to connect to on the drone, and what the drone should show as in the Kismet UI. The name is seen "network list" view and "network detail" view. I went with the two-character name of "i#" because the "Last Seen By" field in the network list has a hard-coded limit of ten characters. I wanted that field to show as many drones as it could.
Figure 5. Kismet Server Sources

Next, filter out the known network BSSIDs. Previously, I mentioned that a wireless survey or network documentation should be able to provide this information. As you can see in the network list screenshot, several devices are listed. If you have devices you don't want to see, you'll need to filter them out in the Kismet Server configuration file /etc/kismet/kismet.conf.

In the configuration file, it has an example of:

filter_tracker=ANY(!"00:00:DE:AD:BE:EF")

In my version of Kismet, that did not work. I had to remove the quotes so the line looked like this:

filter_tracker=BSSID(!00:00:DE:AD:BE:EF)

The bang (!) ignores that MAC address. This shows everything but ignored WAPs. Without the bang (!), Kismet would show only the WAP with that BSSID in the network list. The choices are ANY, BSSID, SOURCE and DEST. Although the documentation says you can use ANY with a bang (!), trying it fails. The error said to use one of the other three options. The MAC address can be stacked using a comma-separated list:

filter_tracker=BSSID(!00:00:DE:AD:BE:EF,!00:0:DE:AD:BE:EE, ↪!00:00:DE:AD:BE:ED)

With the Drone Sensor Network running, the network detail screen for an access point will show which drones see the WAP (Figure 6). But, this is a limitation of the system. This screen provides only the signal strength for the drone with the strongest signal. This was the limit of Mr Pesce's WRT54GL option.
Figure 6. Network Detail Screen

In Mr Pesce's model, once the rogue WAP was detected, someone had to go out and search. The search area was around all the drones that saw the rouge WAP. Although his design makes the search area smaller than a whole building, it doesn't triangulate very well. By using the RPis as drones, there is a second program you can use for triangulation.

Airodump-NG, as I mentioned before, is for capturing packets on over Wi-Fi. The user interface, when running Airodump-NG, provides several bits of information. The ones you want are BSSID, PWR (power measured in negative DB), Channel and ESSID (Figures 7–9: each image shows a different power level, which when used with the Roosevelt picture, shows how to use it for triangulation).
Figure 7. Drone2 airodump
Figure 8. Drone3 airodump
Figure 9. Drone4 airodump
 
ssh to each RPi drone, and run this command. Don't forget to replace the bssid with the MAC address of the WAP you are looking for and the interface for what that drone is monitoring with:
airodump-ng --bssid
Note: I did not use the channel command in the above line to lock a channel. This would interfere with data going back to the Kismet Server and lose the device if the WAP is configured for channel hopping.

Proof of Concept

I did my proof of concept at Eastern Michigan University's Roosevelt Hall, which is where my degree program's labs are. In the map of Roosevelt Hall (Figure 10), there are three drones. This was due to power and Ethernet cable limitations. There is also a rogue WAP (rogue_ap_pi), hidden by my professor. Kismet showed me all the networks in the area, because I didn't have BSSIDs to filter them out. Again, this is where having network documentation or a wireless survey would be helpful.
Figure 10. Map of Roosevelt Hall at Eastern Michigan University (Google Maps)

Drone3 and drone4 are in a hallway. Drone2 is in one of the lab rooms, with the Linksys network and my laptop running the Kismet Server and Kismet UI. When drone4 was just inside the lab's door, there was a 10DB signal loss. Again, a wireless survey would have helped, because it would show how much signal the walls blocked.

Once I had the system up and running and the drones where I wanted them, my professor hid the rogue WAP somewhere on the same floor. By looking at the power levels, I was able to figure out where to go to find the rouge WAP. I knew that drone4 was the closest and that the rogue WAP was on the other side of that drone. I walked down that hallway and found the rogue WAP in less than two minutes. It was hidden under a bench in the hall, outside a classroom and the other lab.

Limitations of the Wi-Fi Card

The last limitation I want to cover is the TP-Link TL-WN722N card. I went with this card because of the cost, the external antenna, the power draw when plugged in to the RPi and its availability at a local store. The card can talk only on the 2.4GHz range, meaning that it picks up only 802.11 B, G and N networks. It does not have the ability to detect or use the 5GHz range used by parts of N, A or the new AC networks.

Although I have a couple ALFA wireless cards, and one that should be able to detect A and AC, I do not know if I could run them on the RPi drone without a separate powered USB hub.

This setup also does not detect Zigbee/Xbee or Bluetooth. Xbee uses both 900MHz and 2.4GHz.

Bluetooth uses 2.4GHz. Although both devices use 2.4GHz, frequencies (channels) are outside the Wi-Fi card's range. Mike Kershaw (aka Dragorn, Kismet's developer) is working on a hardware and software Xbee detector called kisbee. An Ubertooth One should work with Kismet to detect Bluetooth.

Cell phones and related cellular network cards also would be missed. Phones operate outside the Wi-Fi card's range, unless the phone is a Wi-Fi hotspot. The new HackRF One card might be able to detect the cellular networks, as well as A/B/G/N/AC Wi-Fi, Xbee and Bluetooth, but I haven't gotten one to play with, and they would drive up the cost to about $300 USD per sensor.

Resources

Kismet: http://kismetwireless.net
Kali Linux: http://www.kali.org

https://www.howtoforge.com/tutorial/build-wikid-openvpn-server-with-packer

In past tutorials, we have added one-time passwords to OpenVPN and created a WiKID server using Packer. In this tutorial we create a combined OpenVPN/WiKID server using Packer. Packer allows us to create VMware, VirtualBox, EC2, GCE, Docker, etc images using code. Note that combining your two-factor authentication server and VPN server on one box may or may not be the best solution for you. We typically like separation of duties for security and flexibility. However, if you need something fast - the PCI auditors arrive Monday - or you are in a repressive state and just need a secure outbound connection for a short period of time. And you still have some flexibility. You can add more services to the WiKID server. You can disable the OpenVPN server and instead switch to a different VPN.

Build the Combined Server

First, download and install Packer.
Checkout our Packer scripts from GitHub. The scripts consist of a main JSON file that tells Packer what do it, an http directory with Anaconda build scripts, a files directory that gets uploaded to the image and provisioners that run after the image is built. Basically Packer starts with some source such as an ISO or AMI, builds the server based on Anaconda (at least for CentOS), uploads any files and then runs the provisioners. Packer is primarily geared toward creating idempotent servers. In our case, we are using it to execute the commands, allowing us to run one command instead of about 50 (just for the provisioning).
Before building, you need to edit a few files. First, edit /files/vars. This is the standard vars file for creating the OpenVPN certs. Just enter your values for the cert fields.

# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_COUNTRY="US"
export KEY_PROVINCE="GA"
export KEY_CITY="Atlanta"
export KEY_ORG="WiKID Systems Inc"
export KEY_EMAIL="me@wikidsystems.com"
export KEY_OU="WiKID Systems, Inc"

Next, you need to edit the shared secret in /files/server. This file will tell PAM which RADIUS server to use. In this case, it is talking straight to the WiKID server. The shared secret is used to encode the radius traffic. Since WiKID is running on the same server, keep the localhost as the server:

# server[:port] shared_secret      timeout (s)
127.0.0.1       secret             3

You will need this shared secret later.
Take a look in centos-6-x86-64.json. You can run it as is, but you might like to edit a few things. You should confirm the source_ami (the listed ami is in the US-East) or switch it to one of your preferred CentOS AMIs. If you are building on VMware or VirtualBox, you will want to change the iso_url to the location of the CentOS ISO on your hard drive and update the MD5Sum. You may want to edit the names and descriptions. You may also want to change the EC2 region. Most importantly, you can change the ssh_password which is the root password.
Once you are happy with the JSON file, you can verify it with Packer:
If that works, build it. You can specify the target platform on the command line:
If you build for EC2, put the required credentials in the command line:
If you watch the commands run, you will see a complete OpenVPN server being built complete with fresh certificates!

Configure the WiKID two-factor authentication server

Once it is created, you will need to launch the AMI or import the virtual machine. Start VirtBox and select File, Import Appliance. Point it to output-virtualbox-iso directory created by the build command and open the OVF file. Make any changes you may want to the virtual machine (eg memory or network) and start the server.
Login using root/wikid or whatever you may have set the root password as in the JSON file. We will be configuring the WiKID server using the quick-start configuration option. Copy the file to the current directory:
Edit wikid.conf per those instructions. Use the external IP address of your server or EC2 instance zero-padded as the domaincode. So, 54.163.165.73 becomes 054163165073. For the RADIUS host use the localhost and the shared secret you created in /files/server above:

information for setting up a RADIUS host
radiushostip=127.0.0.1
radiushostsecret=secret
; *NOTE*: YOU SHOULD REMOVE THIS SETTING AFTER CONFIGURATION FOR SECURITY

If you are on a VM, you can configure the network by running:
On EC2, you can just configure the WiKID server:
You will see configuration information scroll past. Start the WiKID server:
You will be prompted for the passphrase you set in wikid.conf. Browse to the WIKIDAdmin interface at https://yourserver.com/WiKIDAdmin/ and you should see your domain created, your radius network client configured and all the required certs completed.
Before leaving the server, you should add your username as an account on the server with 'useradd $username'. There is no need to add a password.

Register the WiKID Software token

Download a WiKID software token or install one for iOS or Android from the apps stores.
Start the token and select "Add a Domain". Enter the domain identifier code you set in wikid.conf and you should be double-prompted to set your PIN. Do so and you will get back a registration code. Go to the WiKIDAdmin web UI and click on the Users Tab, then Manually Validate a User. Click on your registration code and enter your username. This process associates the token (and the keys that were exchanged) with the user.

Setup the VPN client

Download the ca.crt to the client:
Edit the client.conf OpenVPN file. Set the remote server as your combined WiKID/OpenVPN server:

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote yourserver.com 1194

Comment out the lines for the cert and key. Leaving only the CA. Since we are using WiKID to authenticate and identify the user, they are not needed.

ca ca.crt
#cert client.crt
#key client.key

At the bottom of the file, tell the client to prompt for a password:

auth-user-pass

Now start the OpenVPN client:
You will be prompted for a username and a password. Request a passcode from your WiKID token and enter it into the password field. You should be granted accesss.
Related:

• WiKID - Two-factor authentication Server
• OpenVPN
• Packer

http://www.linuxvoice.com/crack-passwords

How secure are your passwords? Find out (and stay safer online) by cracking them with John The Ripper.

http://www.linuxjournal.com/content/postgresql-nosql-database

One of the most interesting trends in the computer world during the past few years has been the rapid growth of NoSQL databases. The term may be accurate, in that NoSQL databases don't use SQL in order to store and retrieve data, but that's about where the commonalities end. NoSQL databases range from key-value stores to columnar databases to document databases to graph databases.
On the face of it, nothing sounds more natural or reasonable than a NoSQL database. The "impedance mismatch" between programming languages and databases, as it often is described, means that we generally must work in two different languages, and in two different paradigms. In our programs, we think and work with objects, which we carefully construct. And then we deconstruct those objects, turning them into two-dimensional tables in our database. The idea that I can manipulate objects in my database in the same way as I can in my program is attractive at many levels.
In some ways, this is the holy grail of databases: we want something that is rock-solid reliable, scalable to the large proportions that modern Web applications require and also convenient to us as programmers. One popular solution is an ORM (object-relational mapper), which allows us to write our programs using objects. The ORM then translates those objects and method calls into the appropriate SQL, which it passes along to the database. ORMs certainly make it more convenient to work with a relational database, at least when it comes to simple queries. And to no small degree, they also improve the readability of our code, in that we can stick with our objects, without having to use a combination of languages and paradigms.
But ORMs have their problems as well, in no small part because they can shield us from the inner workings of our database. NoSQL advocates say that their databases have solved these problems, allowing them to stay within a single language. Actually, this isn't entirely true. MongoDB has its own SQL-like query language, and CouchDB uses JavaScript. But there are adapters that do similar ORM-like translations for many NoSQL databases, allowing developers to stay within a single language and paradigm when developing.
The ultimate question, however, is whether the benefits of NoSQL databases outweigh their issues. I have largely come to the conclusion that, with the exception of key-value stores, the answer is "no"—that a relational database often is going to be a better solution. And by "better", I mean that relational databases are more reliable, and even more scalable, than many of their NoSQL cousins. Sure, you might need to work hard in order to get the scaling to work correctly, but there is no magic solution. In the past few months alone, I've gained several new clients who decided to move from NoSQL solutions to relational databases, and needed help with the architecture, development or optimization.
The thing is, even the most die-hard relational database fan will admit there are times when NoSQL data stores are convenient. With the growth of JSON in Web APIs, it would be nice to be able to store the result sets in a storage type that understands that format and allows me to search and retrieve from it. And even though key-value stores, such as Redis, are powerful and fast, there are sometimes cases when I'd like to have the key-value pairs connected to data in other relations (tables) in my database.
If this describes your dilemma, I have good news for you. As I write this, PostgreSQL, an amazing database and open-source project, is set to release version 9.4. This new version, like all other PostgreSQL versions, contains a number of optimizations, improvements and usability features. But two of the most intriguing features to me are HStore and JSONB, features that actually turn PostgreSQL into a NoSQL database.
Fine, perhaps I'm exaggerating a bit here. PostgreSQL was and always will be relational and transactional, and adding these new data types hasn't changed that. But having a key-value store within PostgreSQL opens many new possibilities for developers. JSONB, a binary version of JSON storage that supports indexing and a large number of operators, turns PostgreSQL into a document database, albeit one with a few other features in it besides.
In this article, I introduce these NoSQL features that are included in PostgreSQL 9.4, which likely will be released before this issue of Linux Journal gets to you. Although not every application needs these features, they can be useful—and with this latest release of PostgreSQL, the performance also is significantly improved.

HStore

One of the most interesting new developments in PostgreSQL is that of HStore, which provides a key-value store within the PostgreSQL environment. Contrary to what I originally thought, this doesn't mean that PostgreSQL treats a particular table as a key-value store. Rather, HStore is a data type, akin to INTEGER, TEXT and XML. Thus, any column—or set of columns—within a table may be defined to be of type HSTORE. For example:

CREATE TABLE People (
    id   SERIAL,
    info HSTORE,
    PRIMARY KEY(id)
);

Once I have done that, I can ask PostgreSQL to show me the definition of the table:

\d people
              Table "public.people"

-----------------------------------------------------------------
| Column | Type    | Modifiers                                  |
-----------------------------------------------------------------
| id     | integer | not null default                           |
|        |         |  ↪nextval('people_id_seq'::regclass)|
-----------------------------------------------------------------
| info   | hstore  |                                            |
-----------------------------------------------------------------
 Indexes:
"people_pkey" PRIMARY KEY, btree (id)

As you can see, the type of my "info" column is hstore. What I have effectively created is a (database) table of hash tables. Each row in the "people" table will have its own hash table, with any keys and values. It's typical in such a situation for every row to have the same key names, or at least some minimum number of overlapping key names, but you can, of course, use any keys and values you like.
Both the keys and the values in an HStore column are text strings. You can assign a hash table to an HStore column with the following syntax:

INSERT INTO people(info) VALUES ('foo=>1, bar=>abc, baz=>stuff');

Notice that although this example inserts three key-value pairs into the HStore column, they are stored together, converted automatically into an HStore, splitting the pairs where there is a comma, and each pair where there is a => sign.
So far, you won't see any difference between an HStore and a TEXT column, other than (perhaps) the fact that you cannot use text functions and operators on that column. For example, you cannot use the || operator, which normally concatenates text strings, on the HStore:

UPDATE People SET info = info || 'abc';
ERROR:  XX000: Unexpected end of string
LINE 1: UPDATE People SET info = info || 'abc';
                                             ^

PostgreSQL tries to apply the || operator to the HStore on the left, but cannot find a key-value pair in the string on the right, producing an error message. However, you can add a pair, which will work:

UPDATE People SET info = info || 'abc=>def';

As with all hash tables, HStore is designed for you to use the keys to retrieve the values. That is, each key exists only once in each HStore value, although values may be repeated. The only way to retrieve a value is via the key. You do this with the following syntax:

SELECT info->'bar' FROM People;
----------------
| ?column? |   |    
----------------
| abc      |   |
----------------
(1 row)

Notice several things here. First, the name of the column remains without any quotes, just as you do when you're retrieving the full contents of the column. Second, you put the name of the key after the -> arrow, which is different from the => ("hashrocket") arrow used to delineate key-value pairs within the HStore. Finally, the returned value always will be of type TEXT. This means if you say:

SELECT info->'foo' || 'a' FROM People;
----------------
| ?column? |   |
----------------
| 1a       |   |
----------------
(1 row)

Notice that ||, which works on text values, has done its job here. However, this also means that if you try to multiply your value, you will get an error message:

SELECT info->'foo' * 5 FROM People;
info->'foo' * 5 from people;
                     ^
Time: 5.041 ms

If you want to retrieve info->'foo' as an integer, you must cast that value:

SELECT (info->'foo')::integer * 5 from people;
----------------
| ?column? |   |
----------------
|   5      |   |
----------------
(1 row)

Now, why is HStore so exciting? In particular, if you're a database person who values normalization, you might be wondering why someone even would want this sort of data store, rather than a nicely normalized table or set of tables.
The answer, of course, is that there are many different uses for a database, and some of them can be more appropriate for an HStore. I never would suggest storing serious data in such a thing, but perhaps you want to keep track of user session information, without keeping it inside of a binary object.
Now, HStore is not new to PostgreSQL. The big news in version 9.4 is that GiN and GIST indexes now support HStore columns, and that they do so with great efficiency and speed.
Where do I plan to use HStore? To be honest, I'm not sure yet. I feel like this is a data type that I likely will want to use at some point, but for now, it's simply an extra useful, efficient tool that I can put in my programming toolbox. The fact that it is now extremely efficient, and its operators can take advantage of improved indexes, means that HStore is not only convenient, but speedy, as well.

JSON and JSONB

It has long been possible to store JSON inside PostgreSQL. After all, JSON is just a textual representation of JavaScript objects ("JavaScript Object Notation"), which means that they are effectively strings. But of course, when you store data in PostgreSQL, you would like a bit more than that. You want to ensure that stored data is valid, as well as use PostgreSQL's operators to retrieve and work on that data.
PostgreSQL has had a JSON data type for several years. The data type started as a simple textual representation of JSON, which would check for valid contents, but not much more than that. The 9.3 release of PostgreSQL allowed you to use a larger number of operators on your JSON columns, making it possible to retrieve particular parts of the data with relative ease.
However, the storage and retrieval of JSON data was never that efficient, and the JSON-related operators were particularly bad on this front. So yes, you could look for a particular name or value within a JSON column, but it might take a while.
That has changed with 9.4, with the introduction of the JSONB data type, which stores JSON data in binary form, such that it is both more compact and more efficient than the textual form. Moreover, the same GIN and GIST indexes that now are able to work so well with HStore data also are able to work well, and quickly, with JSONB data. So you can search for and retrieve text from JSONB documents as easily (or more) as would have been the case with a document database, such as MongoDB.
I already have started to use JSONB in some of my work. For example, one of the projects I'm working on contacts a remote server via an API. The server returns its response in JSON, containing a large number of name-value pairs, some of them nested. (I should note that using a beta version of PostgreSQL, or any other infrastructural technology, is only a good idea if you first get the client's approval, and explain the risks and benefits.)
Now, I'm a big fan of normalized data. And I'm not a huge fan of storing JSON in the database. But rather than start to guess what data I will and won't need in the future, I decided to store everything in a JSONB column for now. If and when I know precisely what I'll need, I will normalize the data to a greater degree.
Actually, that's not entirely true. I knew from the start that I would need two different values from the response I was receiving. But because I was storing the data in JSONB, I figured it would make sense for me simply to retrieve the data from the JSONB column.
Having stored the data there, I then could retrieve data from the JSON column:

SELECT id, email,
       personal_data->>'surname' AS surname
       personal_data->>'forename' as given_name
  FROM ID_Checks
 WHERE personal_data->>'surname' ilike '%lerner%';

Using the double-arrow operator (->>), I was able to retrieve the value of a JSON object by using its key. Note that if you use a single arrow (->), you'll get an object back, which is quite possibly not what you want. I've found that the text portion is really what interests me most of the time.

Conclusion

People use NoSQL databases for several reasons. One is the impedance mismatch between objects and tables. But two other common reasons are performance and convenience. It turns out that modern versions of PostgreSQL offer excellent performance, thanks to improved data types and indexes. But they also offer a great deal of convenience, letting you set, retrieve and delete JSON and key-value data easily, efficiently and naturally.
I'm not going to dismiss the entire NoSQL movement out of hand. But I will say that the next time you're thinking of using a NoSQL database, consider using one that can already fulfill all of your needs, and which you might well be using already—PostgreSQL.

Resources

Blog postings about improvements to PostgreSQL's GiN and GIST indexes, which affect the JSON and HStore types:

• http://obartunov.livejournal.com/172503.html
• http://obartunov.livejournal.com/174887.html
• http://obartunov.livejournal.com/175235.html

PostgreSQL documentation is at http://postgresql.org/docs, and it includes several sections for each of HStore and JSONB.

https://www.howtoforge.com/linux-namespaces

Background

Starting from kernel 2.6.24, Linux supports 6 different types of namespaces. Namespaces are useful in creating processes that are more isolated from the rest of the system, without needing to use full low level virtualization technology.

• CLONE_NEWIPC: IPC Namespaces: SystemV IPC and POSIX Message Queues can be isolated.
• CLONE_NEWPID: PID Namespaces: PIDs are isolated, meaning that a virtual PID inside of the namespace can conflict with a PID outside of the namespace. PIDs inside the namespace will be mapped to other PIDs outside of the namespace. The first PID inside the namespace will be '1' which outside of the namespace is assigned to init
• CLONE_NEWNET: Network Namespaces: Networking (/proc/net, IPs, interfaces and routes) are isolated. Services can be run on the same ports within namespaces, and "duplicate" virtual interfaces can be created.
• CLONE_NEWNS: Mount Namespaces. We have the ability to isolate mount points as they appear to processes. Using mount namespaces, we can achieve similar functionality to chroot() however with improved security.
• CLONE_NEWUTS: UTS Namespaces. This namespaces primary purpose is to isolate the hostname and NIS name.
• CLONE_NEWUSER: User Namespaces. Here, user and group IDs are different inside and outside of namespaces and can be duplicated.

Let's look first at the structure of a C program, required to demonstrate process namespaces. The following has been tested on Debian 6 and 7. First, we need to allocate a page of memory on the stack, and set a pointer to the end of that memory page. We use alloca to allocate stack memory rather than malloc which would allocate memory on the heap.

void *mem = alloca(sysconf(_SC_PAGESIZE)) + sysconf(_SC_PAGESIZE);

Next, we use clone to create a child process, passing the location of our child stack 'mem', as well as the required flags to specify a new namespace. We specify 'callee' as the function to execute within the child space:

mypid = clone(callee, mem, SIGCHLD | CLONE_NEWIPC | CLONE_NEWPID | CLONE_NEWNS | CLONE_FILES, NULL);

After calling clone we then wait for the child process to finish, before terminating the parent. If not, the parent execution flow will continue and terminate immediately after, clearing up the child with it:

while (waitpid(mypid, &r, 0) < 0 && errno == EINTR)
{
	continue;
}

Lastly, we'll return to the shell with the exit code of the child:

if (WIFEXITED(r))
{
	return WEXITSTATUS(r);
}
return EXIT_FAILURE;

Now, let's look at the callee function:

static int callee()
{
	int ret;
	mount("proc", "/proc", "proc", 0, "");
	setgid(u);
	setgroups(0, NULL);
	setuid(u);
	ret = execl("/bin/bash", "/bin/bash", NULL);
	return ret;
}

Here, we mount a /proc filesystem, and then set the uid (User ID) and gid (Group ID) to the value of 'u' before spawning the /bin/bash shell. LXC is an OS level virtualization tool utilizing cgroups and namespaces for resource isolation. Let's put it all together, setting 'u' to 65534 which is user "nobody" and group "nogroup" on Debian:

#define _GNU_SOURCE
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
static int callee();
const int u = 65534;
int main(int argc, char *argv[])
{
	int r;
	pid_t mypid;
	void *mem = alloca(sysconf(_SC_PAGESIZE)) + sysconf(_SC_PAGESIZE);
	mypid = clone(callee, mem, SIGCHLD | CLONE_NEWIPC | CLONE_NEWPID | CLONE_NEWNS | CLONE_FILES, NULL);
	while (waitpid(mypid, &r, 0) < 0 && errno == EINTR)
	{
		continue;
	}
	if (WIFEXITED(r))
	{
		return WEXITSTATUS(r);
	}
	return EXIT_FAILURE;
}
static int callee()
{
	int ret;
	mount("proc", "/proc", "proc", 0, "");
	setgid(u);
	setgroups(0, NULL);
	setuid(u);
	ret = execl("/bin/bash", "/bin/bash", NULL);
	return ret;
}

To execute the code produces the following:

root@w:~/pen/tmp# gcc -O -o ns.c -Wall -Werror -ansi -c89 ns.c
root@w:~/pen/tmp# ./ns
nobody@w:~/pen/tmp$ id
uid=65534(nobody) gid=65534(nogroup)
nobody@w:~/pen/tmp$ ps auxw
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
nobody       1  0.0  0.0   4620  1816 pts/1    S    21:21   0:00 /bin/bash
nobody       5  0.0  0.0   2784  1064 pts/1    R+   21:21   0:00 ps auxw
nobody@w:~/pen/tmp$ 

Notice that the UID and GID are set to that of nobody and nogroup. Specifically notice that the full ps output shows only two running processes and that their PIDs are 1 and 5 respectively. Now, let's move on to using ip netns to work with network namespaces. First, let's confirm that no namespaces exist currently:

root@w:~# ip netns list
Object "netns" is unknown, try "ip help".

In this case, either ip needs an upgrade, or the kernel does. Assuming you have a kernel newer than 2.6.24, it's most likely ip. After upgrading, ip netns list should by default return nothing. Let's add a new namespace called 'ns1':

root@w:~# ip netns add ns1
root@w:~# ip netns list
ns1

First, let's list the current interfaces:

root@w:~# ip link list
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0:  mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT qlen 1000
    link/ether 00:0c:29:65:25:9e brd ff:ff:ff:ff:ff:ff

Now to create a new virtual interface, and add it to our new namespace. Virtual interfaces are created in pairs, and are linked to each other - imagine a virtual crossover cable:

root@w:~# ip link add veth0 type veth peer name veth1
root@w:~# ip link list
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0:  mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT qlen 1000
    link/ether 00:0c:29:65:25:9e brd ff:ff:ff:ff:ff:ff
3: veth1:  mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
    link/ether d2:e9:52:18:19:ab brd ff:ff:ff:ff:ff:ff
4: veth0:  mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
    link/ether f2:f7:5e:e2:22:ac brd ff:ff:ff:ff:ff:ff

ifconfig -a will also now show the addition of both veth0 and veth1. Great, now to assign our new interfaces to the namespace. Note that ip netns exec is used to execute commands within the namespace:

root@w:~# ip link set veth1 netns ns1
root@w:~# ip netns exec ns1 ip link list
1: lo:  mtu 65536 qdisc noop state DOWN mode DEFAULT 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
3: veth1:  mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
    link/ether d2:e9:52:18:19:ab brd ff:ff:ff:ff:ff:ff

ifconfig -a will now only show veth0, as veth1 is in the ns1 namespace. Should we want to delete veth0/veth1:

ip netns exec ns1 ip link del veth1

We can now assign IP address 192.168.5.5/24 to veth0 on our host:

ifconfig veth0 192.168.5.5/24

And assign veth1 192.168.5.10/24 within ns1:

ip netns exec ns1 ifconfig veth1 192.168.5.10/24 up

To execute ip addr list on both our host and within our namespace:

root@w:~# ip addr list
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 00:0c:29:65:25:9e brd ff:ff:ff:ff:ff:ff
    inet 192.168.3.122/24 brd 192.168.3.255 scope global eth0
    inet6 fe80::20c:29ff:fe65:259e/64 scope link 
       valid_lft forever preferred_lft forever
6: veth0:  mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 86:b2:c7:bd:c9:11 brd ff:ff:ff:ff:ff:ff
    inet 192.168.5.5/24 brd 192.168.5.255 scope global veth0
    inet6 fe80::84b2:c7ff:febd:c911/64 scope link 
       valid_lft forever preferred_lft forever
root@w:~# ip netns exec ns1 ip addr list
1: lo:  mtu 65536 qdisc noop state DOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
5: veth1:  mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 12:bd:b6:76:a6:eb brd ff:ff:ff:ff:ff:ff
    inet 192.168.5.10/24 brd 192.168.5.255 scope global veth1
    inet6 fe80::10bd:b6ff:fe76:a6eb/64 scope link 
       valid_lft forever preferred_lft forever

To view routing tables inside and outside of the namespace:

root@w:~# ip route list
default via 192.168.3.1 dev eth0  proto static 
192.168.3.0/24 dev eth0  proto kernel  scope link  src 192.168.3.122 
192.168.5.0/24 dev veth0  proto kernel  scope link  src 192.168.5.5 
root@w:~# ip netns exec ns1 ip route list
192.168.5.0/24 dev veth1  proto kernel  scope link  src 192.168.5.10 

Lastly, to connect our physical and virtual interfaces, we'll require a bridge. Let's bridge eth0 and veth0 on the host, and then use DHCP to gain an IP within the ns1 namespace:

root@w:~# brctl addbr br0
root@w:~# brctl addif br0 eth0
root@w:~# brctl addif br0 veth0
root@w:~# ifconfig eth0 0.0.0.0
root@w:~# ifconfig veth0 0.0.0.0
root@w:~# dhclient br0
root@w:~# ip addr list br0
7: br0:  mtu 1500 qdisc noqueue state UP 
    link/ether 00:0c:29:65:25:9e brd ff:ff:ff:ff:ff:ff
    inet 192.168.3.122/24 brd 192.168.3.255 scope global br0
    inet6 fe80::20c:29ff:fe65:259e/64 scope link 
       valid_lft forever preferred_lft forever

br0 has been assigned an IP of 192.168.3.122/24. Now for the namespace:

root@w:~# ip netns exec ns1 dhclient veth1
root@w:~# ip netns exec ns1 ip addr list
1: lo:  mtu 65536 qdisc noop state DOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
5: veth1:  mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 12:bd:b6:76:a6:eb brd ff:ff:ff:ff:ff:ff
    inet 192.168.3.248/24 brd 192.168.3.255 scope global veth1
    inet6 fe80::10bd:b6ff:fe76:a6eb/64 scope link 
       valid_lft forever preferred_lft forever

Excellent! veth1 has been assigned 192.168.3.248/24

Links

IO Digital Sec
Linux Consultant

http://xmodulo.com/share-files-between-computers-over-network.html

If you are the type of person who uses several devices to work online, I'm sure you must be using, or at least wishing to use, a method for syncing files and directories among those devices.
BitTorrent Sync, also known as btsync for short, is a cross-platform sync tool (freeware) which is powered by BitTorrent, the famous protocol for peer-to-peer (P2P) file sharing. Unlike classic BitTorrent clients, however, btsync encrypts traffic and grants access to shared files based on auto-generated keys across different operating system and device types.
More specifically, when you add files or folder to btsync as shareable, corresponding read/write keys (so-called secret codes) are created. These keys are then shared among different devices via HTTPS links, emails, QR codes, etc. Once two devices are paired via a key, the linked content can be synced directly between them. There is no file size limit, and transfer speeds are never throttled unless you explicitly say so. You will be able to create accounts inside btsync, under which you can create and manage keys and files to share via web interface.
BitTorrent Sync is available on multiple operating systems including Linux, MacOS X, Windows, as well as Android and iOS. In this tutorial, I will show you how to use BitTorrent Sync to sync files between a Linux box (a home server), and a Windows machine (a work laptop).

Installing Btsync on Linux

BitTorrent Sync is available for download from the project's website. I assume that the Windows version of BiTorrent Sync is installed on a Windows laptop, which can be done very easily. I will focus on installing and configuring it on the Linux server.
In the download page, choose your architecture, right click on the corresponding link, choose Copy link location (or similar, depending on your browser), and paste the link to wget in your terminal, as follows:
For 64-bit Linux:
For 32-bit Linux:

Once the download has completed, extract the contents of the tarball into a directory specially created for that purpose:

You can now either add /usr/local/bin/btsync to your PATH environment variable.

export PATH=$PATH:/usr/local/bin/btsync

or run the btsync binary right from that folder. We'll go with the first option as it requires less typing and is easier to remember.

Configuring Btsync

Btsync comes with a built-in web server which is used as the management interface for BitTorrent Sync. To be able to access the web interface, you need to create a configuration file. You can do that with the following command:
Then edit the btsync.config file (webui section) with your preferred text editor, as follows:

"listen" : "0.0.0.0:8888",
"login" : "yourusername",
"password" : "yourpassword"

You can choose any username and password.

Feel free to check the README file in /usr/local/bin/btsync directory if you want to tweak the configuration further, but this will do for now.

Running Btsync for the First Time

As system administrators we believe in logs! So before we launch btsync, we will create a log file for btsync.
Finally it's time to start btsync:

Now point your web browser to the IP address of the Linux server and the port where btsync is listening on (192.168.0.15:8888 in my case), and agree to the privacy policies, terms, and EULA:

and you will be taken to the home page of your btsync installation:

Click on Add a folder, and choose a directory in your file system that you want to share. In our example, we will use /btsync:

That's enough by now. Please install BitTorrent Sync on your Windows machine (or another Linux box, if you want) before proceeding.

Sharing Files with Btsync

The following screencast shows how to sync an existing folder in a Windows 8 machine [192.168.0.106]. After adding the desired folder, get its key, and add it in your Linux installation via the "Enter a key or link" menu (as shown in the previous image), and the sync will start:
Now repeat the process for other computers or devices; selecting a folder or files to share, and importing the corresponding key(s) in your "central"btsync installation via the web interface on your Linux server.

Auto-start Btsync as a Normal User

You will notice that the synced files in the screencast were created in the /btsync directory belonging to user and group 'root'. That is because we launched BitTorrent Sync manually as the superuser. However, under normal circumstances, you will want to have BitTorrent Sync start on boot and running as a non-privileged user (www-data or other special account created for that purpose, btsync user for example).
To do so, create a user called btsync, and add the following stanza to the /etc/rc.local file (before the exit 0 line):

sudo -u btsync /usr/local/bin/btsync/btsync --config /usr/local/bin/btsync/btsync.config --log /var/log/btsync.log

Finally, create the pid file:
and change the ownership of /usr/local/bin/btsync recursively:
Now reboot and verify that btsync is running as the intended user:

Based on your chosen distribution, you may find other ways to enable btsync to start on boot. In this tutorial I chose the rc.local approach since it's distribution-agnostic.

Final Remarks

As you can see, BitTorrent Sync is almost like server-less Dropbox for you. I said "almost" because of this: When you sync between devices on the same local network, sync happens directly between two devices. However, if you try to sync across different networks, and the devices to be paired are behind restrictive firewalls, there is a chance that the sync traffic goes through a third-party relay server operated by BitTorrent. While they claim that the traffic is AES-encrypted, you may still not want this to happen. For your privacy, be sure to turn off relay/tracker server options in every folder that you are sharing.

Hope it helps! Happy syncing!

http://www.unixmen.com/linux-basics-check-state-network-interface-card

Check Network Card State

cat /sys/class/net/eth0/carrier

0

cat /sys/class/net/eth0/operstate

down

cat /sys/class/net/eth0/carrier

1

cat /sys/class/net/eth0/operstate

up

cat /sys/class/net/wlan0/carrier

1

cat /sys/class/net/wlan0/operstate

up

http://opensource.com/life/15/2/five-specialized-linux-distributions-computer-repair

http://www.binarytides.com/linux-tar-command

Tar command on Linux

The tar (tape archive) command is a frequently used command on linux that allows you to store files into an archive.

The commonly seen file extensions are .tar.gz and .tar.bz2 which is a tar archive further compressed using gzip or bzip algorithms respectively.
In this tutorial we shall take a look at simple examples of using the tar command to do daily jobs of creating and extracting archives on linux desktops or servers.

Using the tar command

The tar command is available by default on most linux systems and you do not need to install it separately.

With tar there are 2 compression formats, gzip and bzip. The "z" option specifies gzip and "j" option specifies bzip. It is also possible to create uncompressed archives.

1. Extract a tar.gz archive

Well, the more common use is to extract tar archives. The following command shall extract the files out a tar.gz archive

$ tar -xvzf tarfile.tar.gz

Here is a quick explanation of the parameters used -

x - Extract files
v - verbose, print the file names as they are extracted one by one
z - The file is a "gzipped" file
f - Use the following tar archive for the operation

Those are some of the important options to memorise
Extract tar.bz2/bzip archives
Files with extension bz2 are compressed with the bzip algorithm and tar command can deal with them as well. Use the j option instead of the z option.

$ tar -xvjf archivefile.tar.bz2

2. Extract files to a specific directory or path

To extract out the files to a specific directory, specify the path using the "-C" option. Note that its a capital C.

$ tar -xvzf abc.tar.gz -C /opt/folder/

However first make sure that the destination directory exists, since tar is not going to create the directory for you and will fail if it does not exist.

3. Extract a single file

To extract a single file out of an archive just add the file name after the command like this

$ tar -xz -f abc.tar.gz "./new/abc.txt"

More than once file can be specified in the above command like this

$ tar -xv -f abc.tar.gz "./new/cde.txt""./new/abc.txt"

4. Extract multiple files using wildcards

Wildcards can be used to extract out a bunch of files matching the given wildcards. For example all files with ".txt" extension.

$ tar -xv -f abc.tar.gz --wildcards "*.txt"

5. List and search contents of the tar archive

If you want to just list out the contents of the tar archive and not extract them, use the "-t" option. The following command prints the contents of a gzipped tar archive,

$ tar -tz -f abc.tar.gz
./new/
./new/cde.txt
./new/subdir/
./new/subdir/in.txt
./new/abc.txt
...

Pipe the output to grep to search a file or less command to browse the list. Using the "v" verbose option shall print additional details about each file.
For tar.bz2/bzip files use the "j" option
Use the above command in combination with the grep command to search the archive. Simple!

$ tar -tvz -f abc.tar.gz | grep abc.txt
-rw-rw-r-- enlightened/enlightened 0 2015-01-13 11:40 ./new/abc.txt

6. Create a tar/tar.gz archive

Now that we have learnt how to extract existing tar archives, its time to start creating new ones. The tar command can be told to put selected files in an archive or an entire directory. Here are some examples.
The following command creates a tar archive using a directory, adding all files in it and sub directories as well.

$ tar -cvf abc.tar ./new/
./new/
./new/cde.txt
./new/abc.txt

The above example does not create a compressed archive. Just a plain archive, that puts multiple files together without any real compression.
In order to compress, use the "z" or "j" option for gzip or bzip respectively.

$ tar -cvzf abc.tar.gz ./new/

The extension of the file name does not really matter. "tar.gz" and tgz are common extensions for files compressed with gzip. ".tar.bz2" and ".tbz" are commonly used extensions for bzip compressed files.

7. Ask confirmation before adding files

A useful option is "w" which makes tar ask for confirmation for every file before adding it to the archive. This can be sometimes useful.
Only those files would be added which are given a yes answer. If you do not enter anything, the default answer would be a "No".

# Add specific files

$ tar -czw -f abc.tar.gz ./new/*
add ‘./new/abc.txt’?y
add ‘./new/cde.txt’?y
add ‘./new/newfile.txt’?n
add ‘./new/subdir’?y
add ‘./new/subdir/in.txt’?n

# Now list the files added
$ tar -t -f abc.tar.gz 
./new/abc.txt
./new/cde.txt
./new/subdir/

8. Add files to existing archives

The r option can be used to add files to existing archives, without having to create new ones. Here is a quick example

$ tar -rv -f abc.tar abc.txt

Files cannot be added to compressed archives (gz or bzip). Files can only be added to plain tar archives.

9. Add files to compressed archives (tar.gz/tar.bz2)

Its already mentioned that its not possible to add files to compressed archives. However it can still be done with a simple trick. Use the gunzip command to uncompress the archive, add file to archive and compress it again.

$ gunzip archive.tar.gz
$ tar -rf archive.tar ./path/to/file
$ gzip archive.tar

For bzip files use the bzip2 and bunzip2 commands respectively.

10. Backup with tar

A real scenario is to backup directories at regular intervals. The tar command can be scheduled to take such backups via cron. Here is an example -

$ tar -cvz -f archive-$(date +%Y%m%d).tar.gz ./new/

Run the above command via cron and it would keep creating backup files with names like -
'archive-20150218.tar.gz'.
Ofcourse make sure that the disk space is not overflown with larger and larger archives.

11. Verify archive files while creation

The "W" option can be used to verify the files after creating archives. Here is a quick example.

$ tar -cvW -f abc.tar ./new/
./new/
./new/cde.txt
./new/subdir/
./new/subdir/in.txt
./new/newfile.txt
./new/abc.txt
Verify ./new/
Verify ./new/cde.txt
Verify ./new/subdir/
Verify ./new/subdir/in.txt
Verify ./new/newfile.txt                                                                                                                              
Verify ./new/abc.txt

Note that the verification cannot be done on compressed archives. It works only with uncompressed tar archives.
Thats all for now. For more check out the man page for tar command, with "man tar".

http://www.linuxjournal.com/content/localhost-dns-cache

Is it weird to say that DNS is my favorite protocol? Because DNS is my favorite protocol. There's something about the simplicity of UDP packets combined with the power of a service that the entire Internet relies on that grabs my interest. Through the years, I've been impressed with just how few resources you need to run a modest DNS infrastructure for an internal network.

Recently, as one of my environments started to grow, I noticed that even though the DNS servers were keeping up with the load, the query logs were full of queries for the same hosts over and over within seconds of each other. You see, often a default Linux installation does not come with any sort of local DNS caching. That means that every time a hostname needs to be resolved to an IP, the external DNS server is hit no matter what TTL you set for that record.

This article explains how simple it is to set up a lightweight local DNS cache that does nothing more than forward DNS requests to your normal resolvers and honor the TTL of the records it gets back.

There are a number of different ways to implement DNS caching. In the past, I've used systems like nscd that intercept DNS queries before they would go to name servers in /etc/resolv.conf and see if they already are present in the cache. Although it works, I always found nscd more difficult to troubleshoot than DNS when something went wrong. What I really wanted was just a local DNS server that honored TTL but would forward all requests to my real name servers. That way, I would get the speed and load benefits of a local cache, while also being able to troubleshoot any errors with standard DNS tools.

The solution I found was dnsmasq. Normally I am not a big advocate for dnsmasq, because it's often touted as an easy-to-configure full DNS and DHCP server solution, and I prefer going with standalone services for that. Dnsmasq often will be configured to read /etc/resolv.conf for a list of upstream name servers to forward to and use /etc/hosts for zone configuration. I wanted something completely different. I had full-featured DNS servers already in place, and if I liked relying on /etc/hosts instead of DNS for hostname resolution, I'd hop in my DeLorean and go back to the early 1980s. Instead, the bulk of my dnsmasq configuration will be focused on disabling a lot of the default features.

The first step is to install dnsmasq. This software is widely available for most distributions, so just use your standard package manager to install the dnsmasq package. In my case, I'm installing this on Debian, so there are a few Debianisms to deal with that you might not have to consider if you use a different distribution. First is the fact that there are some rather important settings placed in /etc/default/dnsmasq. The file is fully commented, so I won't paste it here. Instead, I list two variables I made sure to set:

ENABLED=1
IGNORE_RESOLVCONF=yes

The first variable makes sure the service starts, and the second will tell dnsmasq to ignore any input from the resolvconf service (if it's installed) when determining what name servers to use. I will be specifying those manually anyway.

The next step is to configure dnsmasq itself. The default configuration file can be found at /etc/dnsmasq.conf, and you can edit it directly if you want, but in my case, Debian automatically sets up an /etc/dnsmasq.d directory and will load the configuration from any file you find in there. As a heavy user of configuration management systems, I prefer the servicename.d configuration model, as it makes it easy to push different configurations for different uses. If your distribution doesn't set up this directory for you, you can just edit /etc/dnsmasq.conf directly or look into adding an option like this to dnsmasq.conf:

conf-dir=/etc/dnsmasq.d

In my case, I created a new file called /etc/dnsmasq.d/dnscache.conf with the following settings:

no-hosts
no-resolv
listen-address=127.0.0.1
bind-interfaces
server=/dev.example.com/10.0.0.5
server=/10.in-addr.arpa/10.0.0.5
server=/dev.example.com/10.0.0.6
server=/10.in-addr.arpa/10.0.0.6
server=/dev.example.com/10.0.0.7
server=/10.in-addr.arpa/10.0.0.7

Let's go over each setting. The first, no-hosts, tells dnsmasq to ignore /etc/hosts and not use it as a source of DNS records. You want dnsmasq to use your upstream name servers only. The no-resolv setting tells dnsmasq not to use /etc/resolv.conf for the list of name servers to use. This is important, as later on, you will add dnsmasq's own IP to the top of /etc/resolv.conf, and you don't want it to end up in some loop. The next two settings, listen-address and bind-interfaces ensure that dnsmasq binds to and listens on only the localhost interface (127.0.0.1). You don't want to risk outsiders using your service as an open DNS relay.

The server configuration lines are where you add the upstream name servers you want dnsmasq to use. In my case, I added three different upstream name servers in my preferred order. The syntax for this line is server=/domain_to_use/nameserver_ip. So in the above example, it would use those name servers for dev.example.com resolution. In my case, I also wanted dnsmasq to use those name servers for IP-to-name resolution (PTR records), so since all the internal IPs are in the 10.x.x.x network, I added 10.in-addr.arpa as the domain.

Once this configuration file is in place, restart dnsmasq so the settings take effect. Then you can use dig pointed to localhost to test whether dnsmasq works:

$ dig ns1.dev.example.com @localhost

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> ns1.dev.example.com @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- 00:59:18="" 0="" 10.0.0.5="" 127.0.0.1="" 18="" 1="" 2014="" 265="" 4208="" 56="" a="" additional:="" answer:="" answer="" authority:="" code="" flags:="" id:="" in="" msec="" msg="" noerror="" ns1.dev.example.com.="" opcode:="" qr="" query:="" query="" question="" ra="" rcvd:="" rd="" section:="" sep="" server:="" size="" status:="" thu="" time:="" when:="">->

Here, I tested ns1.dev.example.com and saw that it correctly resolved to 10.0.0.5. If you inspect the dig output, you can see near the bottom of the output that SERVER: 127.0.0.1#53(127.0.0.1) confirms that I was indeed talking to 127.0.0.1 to get my answer. If you run this command again shortly afterward, you should notice that the TTL setting in the output (in the above example it was set to 265) will decrement. Dnsmasq is caching the response, and once the TTL gets to 0, dnsmasq will query a remote name server again.

After you have validated that dnsmasq functions, the final step is to edit /etc/resolv.conf and make sure that you have nameserver 127.0.0.1 listed above all other nameserver lines. Note that you can leave all of the existing name servers in place. In fact, that provides a means of safety in case dnsmasq ever were to crash. If you use DHCP to get an IP or otherwise have these values set from a different file (such as is the case when resolvconf is installed), you'll need to track down what files to modify instead; otherwise, the next time you get a DHCP lease, it will overwrite this with your new settings.

I deployed this simple change to around 100 servers in a particular environment, and it was amazing to see the dramatic drop in DNS traffic, load and log entries on my internal name servers. What's more, with this in place, the environment is even more tolerant in the case there ever were a real problem with downstream DNS servers—existing cached entries still would resolve for the host until TTL expired. So if you find your internal name servers are getting hammered with traffic, an internal DNS cache is something you definitely should consider.

http://www.linux.com/learn/tutorials/811444-creating-forms-for-easy-libreoffice-database-entry-on-linux

The LibreOffice suite of tools includes a very powerful database application ─ one that happens to be incredibly user-friendly. These databases can be managed/edited by any user and data can be entered by anyone using a LibreOffice-generated form. These forms are very simple to create and can be attached to existing databases or you can create both a database and a form in one fell swoop.

• Form Wizard
• Design View.

• Oracle JDBC
• Spreadsheet
• dBASE
• Text
• MySQL
• ODBC.

Opening the database

Add a sub-form

• Selecting the table
• Adding the fields
• Joining the fields (such as AuthorID to ID ─ Figure 4).

Arrange form controls

Select data entry mode

• Enter new data only
• Display all data.

Start entering data

1. Open LibreOffice Base.
2. Open the existing database (in the same manner you did when creating the form).
3. Double-click the form name under Forms (Figure 8).
4. Start entering data.

https://www.howtoforge.com/tutorial/ubuntu-desktop-devilspie-2

Devilspie2 is a program that detects windows as they are created, and performs scripted actions on them. The scripts are written in LUA, allowing a great deal of customization. This tutorial will show you the installation of Devilspie 2 on Ubuntu 14.04 and give you a introduction into Devilspie scripting.

What is LUA?

Lua is a powerful, fast, lightweight, embeddable scripting language. Lua combines simple procedural syntax with powerful data description constructs based on associative arrays and extensible semantics. Lua is dynamically typed, runs by interpreting bytecode for a register-based virtual machine, and has automatic memory management with incremental garbage collection, making it ideal for configuration, scripting, and rapid prototyping.

For futher infomation visit: http://www.lua.org/

Installation.

Type in the following:
(make sure it is devilspie2, because the devilspie is kinda messed up and no longer in development.)
Unfortunately the rules of the original Devils Pie are not supported in Devilspie 2 anymore.

Config and Scripting.

If you don't give devilspie2 any folder with --folder, it will read LUA scripts from the ~/.config/devilspie2/ folder, and this folder will be created if it doesn't already exist. This folder is changeable with the --folder option. If devilspie2 doesn't find any LUA files in the folder, it will stop execution.



Above are some usage options...

Sample Scripts.

the debug_print command does only print anything to stdout 
-- if devilspie2 is run using the --debug option

debug_print("Window Name: "..	get_window_name());
debug_print("Application name: "..get_application_name())

I want my Xfce4-terminal to the right on the second screen of my two-monitor 
setup,

if (get_window_name()=="Terminal") then
	-- x,y, xsize, ysize
	set_window_geometry(1600,300,900,700);
end

Make Iceweasel always start maximized.

if (get_application_name()=="Iceweasel") then
	maximize();
end

To learn more about the scripting language visit the following:

See FAQ at

www.lua.org/FAQ.html 

Documentation at

www.lua.org/docs.html 

Tutorials at 

http://lua-users.org/wiki/TutorialDirectory

Sript Commands.

get_window_name()
     returns a string containing the name of the current window.

get_application_name()
     returns the application name of the current window.

set_window_position(xpos, ypos)
     Sets the position of a window.

set_window_size(xsize, ysize)
     Sets the size of a window.

set_window_geometry(xpos, ypos, xsize ysize)
     Set the geometry of a window.

make_always_on_top()
     Set the windows always on top flag.

set_on_top()
     Sets a window on top of the others (this will however not lock the window in this position).

debug_print()
     Debug helper that prints a string to stdout. It is only printed if devilspie2 is run with the --debug option.

shade()
     "Shades" a window, showing only the title-bar.

unshade()
     Unshades a window - the opposite of "shade"

maximize()
     maximizes a window

unmaximize()
     unmaximizes a window

maximize_vertically()
     maximizes the current window vertically.

maximize_horisontally()
     maximizes the current window horisontally.

minimize()
     minimizes a window

unminimize()
     unminimizes a window, that is bringing it back to screen from the minimized position/size.

decorate_window()
     Shows all window decoration.

undecorate_window()
     Removes all window decorations.

set_window_workspace(number)
     Moves a window to another workspace. The number variable starts counting at 1.

change_workspace(number)
     Changes the current workspace to another. The number variable starts counting at 1.

pin_window()
     asks the window manager to put the window on all workspaces.

unpin_window()
     Asks the window manager to put window only in the currently active workspace.

stick_window()
     Asks the window manager to keep the window's position fixed on the screen, even when the workspace or viewport scrolls.

unstick_window()
     Asks the window manager to not have window's position fixed on the screen when the workspace or viewport scrolls.

This will be the end of the tutorial for using devilspie2.

Links

• Devilspie 2