Archive

For November, 2011

How to remove the passphrase on a private key

No Comments

To remove a passphrase on a private key, simple execute this command.

openssl rsa -in server.key -out server.unprotected.key

Since it is a private key, make sure that it is well protected.

Creating a certificate for a server

No Comments

Creating a server certificate involves only a few steps. To do so, execute the following commands. This post assumes that “OpenSSL initial configuration” and “Creating a ca’s self signed certificate” has been done previously.

Create a private key for the server. This can be accomplished using any user. The secret key, server.key, must be well protected.

openssl genrsa -des3 -out server.key 1024

Create the certificate request. This can be accomplished using any user. The common name (CN) should be the URL of the server. Otherwise, users will get a warning message that the server URL does not match the URL in the certificate.

openssl req -new -key server.key -out server.csr

Create and sign the certificate (change NN for the next certificate serial number available!). You must be logged in as ca to perform this operation. serverNN.crt is the server certificate.

openssl x509 -req -days 365 -in server.csr -CA certs/cacert.pem 
      -CAkey private/cakey.pem -set_serial NN -out serverNN.crt

Creating a ca’s self signed certificate

1 Comment

In order to create your own certificates, you need a CA (certificate authority) certificate. This certificate will be used to sign every certificate you will create. To do so, execute the following command. This post assumes that “OpenSSL initial configuration” has been done previously.

  • Logon with the user ca
  • Go in its home directory and issue the command
openssl req -new -x509 -keyout private/cakey.pem -out 
                            certs/cacert.pem -days 3650

It is a good practice to put the private key on a removable media and load it only when signing new certificates. Do not loose it. It is the most important piece of data related to your certificates.

Tomcat and MySQL benchmarks

No Comments

Benkmarks made using a Tomcat and a MySQL database. These figures are provided to give you an idea of the performance you should expect.

The tests were done in the following conditions:

  • Intel Q6600 processor (Core 2 Quad) running at 2.40 GHz
  • 3 GB of DDR2 memory
  • 1066 MHz system bus
  • 500 GB, 7200 rpm SATA hard drive
  • Tomcat version 6.0.16
  • MySQL 5.0.45
  • mysql-connector-java 5.0.8
  • Sun JVM 1.5.0_14-b03
  • Windows Vista

Random record access
Description

20,000 records have been randomly accessed from tables containing various number of records. The record size is 1367 bytes. The table structure is:

CREATE TABLE table01 (
  id int(11) NOT NULL,
  field1 varchar(255) NOT NULL,
  field2 varchar(255) NOT NULL,
  field3 varchar(255) NOT NULL,
  field4 varchar(255) NOT NULL,
  field5 varchar(255) NOT NULL,
  PRIMARY KEY  (id)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

Observations

This table resumes the test results.

Table size (records) Table size Total time (secs) Access rate (reqs/sec.)
100 160.0 KB 2.52 7935.3
500 800.0 KB 2.57 7791.3
1,000 1.5 MB 2.74 7303.3
5,000 7.5 MB 4.62 4332.2
10,000 13.5 MB 6.50 2858.5
50,000 65.6 MB 97.50 204.6
100,000 130.6 MB 116.50 171.0
500,000 653.0 MB 138.50 144.2
1,000,000 1.3 GB 147.00 135.8
5,000,000 6.4 GB 194.00 102.7
10,000,000 12.7 GB 264.00 75.7

Conclusions

As expected, the access rate decreases when the table size increases. When the table has 10,000 records and less, the data is in the caches which lead to a very high access rate. When the tables are larger, the rate decreases since the data must be fetched from the disk. The access rate decreases when the table size increases.

Sequential record insertion
Description

1,000,000 records have been inserted into a empty table which structure is:

CREATE TABLE table01 (
  id int(11) NOT NULL,
  field1 varchar(255) NOT NULL,
  field2 varchar(255) NOT NULL,
  field3 varchar(255) NOT NULL,
  field4 varchar(255) NOT NULL,
  field5 varchar(255) NOT NULL,
  PRIMARY KEY  (id)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

Observations

The total database size is 1304 MB. The record size is 1367 bytes. The insertion rate (insertions per second) was computed each time 100,000 records were inserted. The average insertion rate observed is 721.37 with a standard deviation of 26.07. Similar result was obtained when inserting 10,000,000 records into an empty table. A rate of 740.71 insertions per second was measured.

Conclusions

The insertion rate does not vary whether the table is empty of has a significant number of records.

OpenSSL initial configuration

2 Comments

This initial configuration procedure assumes that you are executing it on Linux

  • Create a special user named ‘ca’. Its home directory will hold the data. It must protected carefully. For example:
groupadd -g 2000 ca
useradd -g 2000 -u 2000 -m -s /bin/bash ca
chmod 700 /home/ca
  • Change the variable dir in /etc/ssl/openssl.cnf for the home directory of the ca user just created.
  • The default values used for the certifcate requests can be changed in /etc/openssl.cnf such as countryName_default, stateOrProvinceName_default and 0.organizationName_default
  • Logon with the user ca
  • mkdir private certs reqs
  • chmod 700 private certs reqs

How to change the signature of a disk

No Comments

To change the signature of a disk under Windows 7, follow these steps are:

  1. Run the command line utility diskpart as the administrator user
  2. Execute the command “list disk” to locate the disk you want to change the signature
  3. Execute “select disk n” to select the disk where n is the numeric id of the disk (0, 1, 2, …)
  4. Execute “unique id” to display the selected disk signature
  5. Execute “unique id signature=hhhhhhhh” to change the selected disk signature. hhhhhhhh in a hexadecimal dword
  6. Execute “exit” to quit diskpart
  7. It is recommended that you reboot your system

DISCLAIMER: YOU DO IT AT YOUR OWN RISK.

Installation of the AVR toolchain on Ubuntu to develop for the Arduino Platform

No Comments
  1. Install Eclipse using “Ubuntu Software Center”
  2. Install the AVR Eclipse Plugin using Help >> Install New Software. The source link is http://avr-eclipse.sourceforge.net/updatesite/
  3. Install the gcc toolchain
apt-get install avrdude binutils-avr gcc-avr avr-libc gdb-avr

SSH login without password

No Comments

It is possible to securely connect to a SSH server without a password. To do so, you must perform the following steps. It assumes that both machine are running a flavor of Unix.

On the client machine, open a shell window and execute the following command to create your private and your public key.

ssh-keygen -t rsa

Login on the server using the account you want to setup and perform these steps:

mkdir ~/.ssh
chmod 700 ~/.ssh

The file id_rsa.pub can be found on your client machine in the ~/.ssh directory

Copy the content of the file id_rsa.pub into the file ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

You can also use ssh-copy-id to copy your public key to a remote host. A typical command is

ssh-copy-id youruser@example.com

From now on, no password will be asked when you will ssh to this server.

How to create a SSH tunnel

No Comments

You can connect to a remote host [remote-host] using another machine [proxy-host]. This can be accomplished if the [proxy-host] as an SSH server running. To do so, logon to the [proxy-host] from your computer. Issue the following command at the command prompt:

ssh -p [proxy-ssh-port] -L [local-port]:[remote-host]:[remote-port]
       [user-name]@[proxy-host]

where

  • [proxy-ssh-port] is the ssh port to connect to
  • [local-port] is the local port the client software will connect to
  • [remote-host] is the name or the IP address of the end point of the tunnel
  • [remote-port] is the port of the end point of the tunnel
  • [user-name] is the user name SSH will use to logon
  • [proxy-host] is the name or the IP of the machine that will act as the proxy

To connect to the machine [remote-host], port [remote-port] from your computer, simply connect to localhost, port  [local-port].

How to replace LibreOffice by OpenOffice in Ubuntu 11

No Comments

If you prefer using OpenOffice than LibreOffice in Ubuntu 11, you can replace it using these few steps:

apt-get purge openoffice*
apt-get purge libreoffice*
  • Untar the downloaded OpenOffice tarball
  • cd into the sub-directory DEBS
  • dpkg -i *.deb
  • cd desktop-integration
  • dpkg -i *.deb

Unix History

No Comments

I can bet that you have no idea what the Unix timeline looks like. Curious? Download this PDF file from www.levenez.com.

USB Flash Drives comparison

1 Comment
Manufacturer Model Capacity Read speed
(MB/s)
Write speed
(MB/s)
Patriot Xporter XT Rage 32 GB 27 25
Corsair Voyager GTR 32 GB 34 28
Lexar Echo MX 32 GB 30 17
Kingston DTR 500 32 GB 30 20
Kingston DTIG3/32GBZ 32 GB 10 5
Kingston DT102/32GBZ 32 GB 10 5
Transcend Jet Flash 700 32 GB 70 30
Transcend Jet Flash 600/620 32 GB 32 12

Very slow connection to a SSH server

No Comments

A problem with the DNS configuration on a server can cause the login to the ssh server very slow. I can be fixed by adding the following line

UseDNS no

in the ssh server configuration file /etc/ssh/sshd_config

Exchange large files for free

No Comments

When it is time to transfer files, e-mail has its limitation. Most of the time, e-mail size is limited to 5 megabytes or so. The site FileConvoy lets you share files without virtually any size limits. There are mainly two use cases.

You can share files anonymously. You upload the files you wish to share and upon completion of the upload, links are displayed. You then copy theses links and send them to the recipients of the files. When the recipients will copy these links onto the address bar of the browser, they will start the download process of these files.

The other use case uses e-mail notifications. During the upload process of your documents, you can specify the e-mail addresses of the recipients of your documents. They will then receive an e-mail with instructions to download your documents. You will receive an e-mail confirmation when a recipient retrieves the documents.

In either case, you do not have to register yourself like many other services. What is more important, it is FREE.

Arduino Ethernet Shield example WebServer.pde no longer works after upgrading Ubuntu to version 11.10

No Comments

This patch must be applied to w5100.h located into library/Ethernet/utility.

--- w5100.h.orig	2011-10-03 13:43:10.536833701 +0200
+++ w5100.h	2011-10-03 13:47:26.764844567 +0200
@@ -258,7 +258,10 @@
   }                                                          \
   static uint16_t read##name(SOCKET _s) {                    \
     uint16_t res = readSn(_s, address);                      \
-    res = (res << 8 ) + readSn(_s, address + 1);             \
+    uint16_t res2 = readSn(_s,address + 1);                  \
+    res = res << 8;                                          \
+    res2 = res2 & 0xFF;                                      \
+    res = res | res2;                                        \
     return res;                                              \
   }
 #define __SOCKET_REGISTER_N(name, address, size)             \
Blue Taste Theme created by Jabox