Sonntag, 3. Mai 2009

iPhone / iPod Touch with self-signed SSL certificate for IMAP

So first of all it a little bit tricky to use self-signed SSL certificate on the iPhone / iPod Touch.

When you try to install an IMAP Account with a self-signed SSL certificate you will get the message that this self-signed SSL certificate is not valide.

To get this work simple follow this steps:

1.) Remove first the old created IMAP Account with display the Error from iPhone / iPod Touch.
Restart your iPhone / iPod Touch, when you don't save your IMAP Account on your iPhone / iPod Touch yet, you can skip this Part.

2.) Rename your "imap-ssl.cert" to "imap-ssl.crt" and uploaded it to an webpage so that you can access them over an url. (Alternative you can send it to an email address which is already working on your iPhone / iPod Touch)

When you have uploaded the Imap SSL certificate simple open Safari and enter the URL to it for e.g: http://example.org/imap-ssl.crt

The iPhone / iPod Touch will asked you if you wan't to add this certificat, please click here on yes.

The Code you need to enter after this is your "iPhone / iPod Touch" Secruity Code not your PIN from your handy card.

3.) After this, simple create the IMAP Account again and make sure that your Email Addressname and the SSL hostname match with the Common Name (CN).

For e.g:
dummy@example.org matchCommon Name (CN) example.org
dummy@example.org match NOTCommon Name (CN) mail.example.org
dummy@sub.example.org match NOT
Common Name (CN) example.org

When you go under Settings => General => Profil you should see your profile and the
Common Name (CN).

4.) Have fun with your iPhone / iPod Touch and your self-signed SSL certificate for IMAP.

Sonntag, 19. April 2009

sshfs under Windows

With sshfs you can mount any folder from an SSH Server to your local computer.
The big advantace is that the transfer is ssh secure and also the login can be realized over public keys and password.

Its also possible to install sshfs under Windows with the following steps:

1. Download and Install sshfs from Dokan

First install , when you don't have it allready installed on your pc:


Dokan is a great opensource project, you need the following files from Dokan:

Simple install first the "Dokan library" and after that the "Dokan SSHFS".

2. Configure SSHFS

Open the DokanSSHFS.exe and a new Window will open.


Here you can simple setup the needed Informations.
It is also possible to use a Keyfile with a passphrase instead of a password, what is more secure.

The Drive will be the Letter which you can access your SSH Folder from your Server.

Samstag, 18. April 2009

SSH forwarding with PuTTY and Xming under Windows

First of all, you should never install any X-Server on a Server.
Because you don't need an X-Server on a Server and it is a security risk to install an X-Server.
On the other hand you will save the memory and cpu power when you don't install an X-Server on your Server.

So normally you install the X-Server on your PC or Laptop and use SSH to allow your Server to use this X-Server.

Under Linux it is very easy, but under Windows you need some additional Tools.

1.) Install PuTTY (http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html)

For me PuTTY is the best windows ssh client with come will all tools you needed.
When you install the "putty-0.60-installer.exe" Packet, the you have include all needed tools to generate keys, copy files over ssh.

2.) Install an X-Server for Windows (http://sourceforge.net/projects/xming)

I prefer XMing, because it is a standalone X-Server for Windows, but when you use Cygwin a lot and have install it, you can also use the X-Server from Cygwin.
But please keep in mind that XMing need a little bit less resources and have a few more features.

You need the following Packets:
Because we have install "PuTTY" please select "Don't install an SSH Client" in the Setup of Xming.

After you install "Xming" please use the default selection when you install "Xming-fonts".
The Setup will asked you if you wan't to start the X-Server you can simple say "Yes" and you will see the following icon in your tray.

3.) Configure PuTTY

The next Step is to configure PuTTY, simple load your existing Configuration or create a new Configuration.

Terminal -> Keyboard -> The Backspace key -> Contronl-H



Connection -> SSH -> Enable compression
Connection -> SSH -> SSH protocol verion -> 2 only



Connection -> SSH -> X11 -> X11 forwarding -> Enable X11 forwarding



Connection -> SSH -> Tunnles -> R6000 127.0.0.1:6000




Hint:
Save your configuration so that you need to do this only once. ;)

4.) Check SSH-Server Configuration and Export for Display

The last step, you should add or changed the following options in your SSH-Server Configuration:

/etc/ssh/sshd_config
...

X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
...

When you check the config and restart your SSH-Server, please login with PuTTY and the Options from "Configure PuTTY"

After you login, simple type the following command:

Elma:~# export DISPLAY=127.0.0.1:0.0
Elma:~# xclock

Now the "xclock" should be display on your Windows Screen over ssh.
You can also set the "DISPLAY=127.0.0.1:0.0" as default value so that you don't need to insert it every time.

Tipps and Tricks:
You can use every X Tool over this way, also gparted can be used to changed or resize the partitions of the server.

Every X Tool will execute on the Server, so please keep in mind that you can open OpenOffice over this way, but the files will save on the Server and not on your PC.

Dienstag, 14. April 2009

"qc-usb" Driver on Debian with 2.6 Kernel

The "qc-usb" driver is a driver for following webcames:
  • Dexxa Webcam
  • Labtec Webcam (old model)
  • LegoCam
  • Logitech QuickCam Express (old model)
  • Logitech QuickCam Notebook (some models)
  • Logitech QuickCam Web
Generally, any USB camera with a USB vendor ID of 0x46d and a USB product ID of 0x840, 0x850, or 0x870 (so, 0x46d:0x840, for example), should work

To install this on Debian with a 2.6 Kernel is a little bit tricky.
(Ok its very easy please scroll down...)

1. Get the Modul Source
apt-get install qc-usb-source

2. Get the Kernel Source
apt-get install linux-headers-2.6.26-1-686 linux-source-2.6.26

When you don't have 2.6.26 kernel you need to change this.
You can check the Kernel Version with "uname -a".

3. Decompress the Kernel Source and remove old linux folders
cd /usr/src
rmdir /usr/src/linux
tar xfvz linux-source-2.6.26.tar.bz2
ln -s /usr/src/linux-source-2.6.26 /usr/src/linux
cd /usr/src/linux
make oldconfig && make prepare

4. Decompress the Moduls and compile the Modul
cd /usr/src
bzip2 -d qc-usb.tar.bz2
tar xfvqc-usb.tar
cd /usr/src/modules/qc-usb
make
make all

Or the simplest way use the following command:
apt-get install module-assistant
module-assistant auto-install qc-usb

Don't forget to load the kernel modul qc-usb with:
modprobe quickcam

Montag, 13. April 2009

gPXE and localboot

gPXE is a great tool, but it seems is has some problem with localboot.
So normaly you should use the following options for a localboot:

label Boot local Harddisk
MENUE label ^Boot local Harddisk
MENUE default
KERNEL chain.c32
APPEND hd0 0

But this will not worked with gPXE alone, after a lot of testing to make sure that this was no error from the Webserver or DHCP, i use simple "pxelinux" to make a localboot.

gPXE -> pxelinux -> chain.c32 -> localboot

Because pxelinux will unload from the memory before it load the chain.c32 it works without any problems and also the localboot has the full avalible memory.

Example Configurations

/etc/dhcp3/dhcpd.conf

option domain-name-servers [Servername];
option routers
[Servername];
next-server
[Servername];

if exists user-class and option user-class = "gPXE" {
filename "http://[Servername]/boot.conf";
} else {
filename "undionly.kpxe";
}

/var/sites/.../boot.conf
#!gpxe
chain http://
[Servername]/vesamenu.c32 menu.conf

/var/sites/.../menu.conf
menu background background.png
prompt 0
timeout 500
allowoptions 0
menu timeoutrow 29
menu vshift 2
menu rows 8
menu color title 1;36;44 #ff8bc2ff #00000000 std
menu color unsel 37;44 #ff1069c5 #00000000 std
menu color sel 7;37;40 #ff000000 #ffff7518 all
menu color hotkey 1;37;44 #ffffffff #00000000 std
menu color hotsel 1;7;37;40 #ff000431 #ffff7518 all

LABEL Boot local Harddisk
MENU label ^Boot local Harddisk
MENU default
KERNEL pxelinux.0

LABEL MemTest86
MENU LABEL ^MemTest86
KERNEL memtest

LABEL GParted
MENU LABEL ^GParted
KERNEL gparted/vmlinuz1
APPEND initrd=gparted/initrd1.img boot=live union=aufs noswap noprompt vga=788 fetch=http://
[Servername]/pxe/gparted/filesystem.squashfs
...


/var/sites/.../pxelinux.cfg/default
default chain.c32 hd0 0

With this the localboot runs without any problems even with gPXE and over a Webserver.
Next thing is to try to boot Windows XP over iSCSI and gPXE.

Buffalo DriveStation Duo™ (change Fan / spin-down)

Today i got a "DriveStation Duo™ 1TB" very cheap an it works well on my server.
Also it has an Raid Controller on Board, so you only need to connect it to a windows or an mac to enable the raid option.

After that you can connect the USB 2.0 external HD to every OS which support USB Devices.
The "Secure Lock" is only a Window Software so it not on Hardware basis.

1. Change Fan
The original FAN is very loud, you will hear it when the device started or when it is to hot.
So i decide to open the case and change the standard 50mm Fan with 3 PIN Fan Control with a Revoltec "Air Guard" 50mm.

This works very well and because the Fan has more power then the original Fan, it need less time to cool down the system.

2. Spin-down the Harddisk (hd-idle)
Because i don't need the Harddisk every time of the day, i decided to spin-down the Harddisk.
For Linux you can use the wonderfull Tool "hd-idle" (http://hd-idle.sourceforge.net) from Christian Mueller.

With the Kernel 2.6 you don't need any Kernel Patches to get this working.
But you need to make some changes to allow the automatic "spin-up" after a "spin-down".

I have made following changes

/etc/udev/rules.d/local.rules:
# USB external Device allow_restart fix (i/o errors)
SUBSYSTEMS=="scsi",DRIVERS=="sd",ATTRS{vendor}=="SAMSUNG*",ATTRS{model}=="HD501LJ*", RUN+="/bin/sh -c 'echo 1 > /sys/class/scsi_disk/%k/allow_restart'"

You can test if this is the right thing when you try the following:
cat /sys/class/scsi_disk/*/allow_restart

When it display "File not Found" then you need to check if the device has another path.
When it display "0" you see that automatic "spin-up" was not enabled and can try "echo 1 > /sys/class/scsi_disk/*/allow_restart" to allow it.

When this works, you can make the changes in the UDEV config file.

After you have change the Fan and use "spin-down" the external HD with RAID 1 function is very silence and works without any problems under Linux also you can format it with ext3 and it works without any problems.