All posts by sufehmi

How to run Proxmox with only a single public IP address

IPv4 address is becoming rarer by each day. In some cases, it can be pretty hard to get multiple IPv4 address for your Proxmox server.

Thankfully, Proxmox is basically a Debian Linux OS with Proxmox layer on top of that. So that gives us quite a lot of flexibility.

This tutorial will help you to create a fully functional Proxmox server running multiple containers & virtual machines, using only a single IPv4 address.

These are the main steps :

  1. Create port forwarding rules
  2. Make sure it’s executed automatically everytime the server is restarted
  3. Setup a reverse-proxy server : to forward HTTP/S requests to the correct container / virtual machine
  4. Setup HTTPS

For CT (container) / VM (virtual machine) that contains webserver, point 3 is important – because there’s only one public IP address, so there’s only one port 80 and 443 that’s facing the Internet.

By forwarding port 80 and 443 to a reverse-proxy in a CT, then we’ll be able to forward incoming visitors, by hostname / domain name, to the correct CT/VM.

1. CREATE PORT FORWARDING RULES

Modify the following to match your host’s interface name & CT/VM’s internal IP addresses, then copy-paste to terminal :

###### All HTTP/S traffic are forwarded to reverse proxy
iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 10.10.50.1:80

iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 443 -j DNAT --to 10.10.50.1:443

###### SSH ports to each existing CT/VM
iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 22101 -j DNAT --to 10.10.50.1:22

iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 22102 -j DNAT --to 10.10.50.2:22

iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 22103 -j DNAT --to 10.10.50.3:22

iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 22104 -j DNAT --to 10.10.50.4:22

Then we save it :

iptables-save > /etc/iptables.rules

2. EXECUTE IPTABLES AT SERVER RESTART

Edit /etc/network/interfaces file, find your network interface name that’s facing the Internet (in my case, vmbr0) – then add the pre-up line as follows :

auto vmbr0
pre-up iptables-restore < /etc/iptables.rules

3. SETUP REVERSE-PROXY

In a CT, install Nginx. Then for each domain, create a configuration file like this, for example: /etc/nginx/sites-available/www.my_website.com :

server {
listen 80;
server_name www.my_website.com;

location / {
    proxy_pass http://10.10.50.2:80;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
}

}

To activate it (assuming you’re using Ubuntu) link it to /etc/nginx/sites-enabled/ , then restart Nginx :

ln -s /etc/nginx/sites-available/www.my_website.com /etc/nginx/sites-enabled/www.my_website.com

/etc/init.d/nginx restart

note: as noted before, all HTTP/s traffic will have to go through this reverse-proxy. You may wish to tune this Nginx installation accordingly.

4. SETUP HTTPS

It’s very easy with Let’s Encrypt once you’ve done point 3 above. Do the following on the reverse-proxy CT :

sudo apt-get update ; sudo apt-get install -y certbot python3-certbot-nginx

sudo certbot --nginx

sudo /etc/init.d/nginx restart

Reference:

https://gist.githubusercontent.com/basoro/b522864678a70b723de970c4272547c8/raw/a985657453f72683040fbe38b1db6b1989618116/proxmox-proxy

Installing HTTrack on Ubuntu from Source

Today I needed to have the latest version of HTTrack installed to make a (static) mirror of a website that I managed

After a few attempts, this is how you compile & install HTTrack from source on Ubuntu :

wget "http://download.httrack.com/cserv.php3?File=httrack.tar.gz"

mv cserv.php3\?File\=httrack.tar.gz  httrack.tar.gz

tar xzvf httrack.tar.gz

cd httrack-3.49.2/

### the following is the key to a successful install
apt-get install zlib1g-dev libssl-dev build-essential

./configure && make && make install

Cutting a Table out of a mysqldump output file

I was restoring the backup of a MySQL 5.x server into MySQL 8.x server – and found out that it corrupt the MySQL 8.x ‘s mysql table

Which stores the usernames and passwords.

So I had to delete the mysql table from the backup, before trying to restore it again

Turn out it’s pretty easy, just will take some time since it’s a pretty big backup :

# search for beginning of 'mysql' table
cat backup.mysql | grep -n Current Database: `mysql`

# 155604:-- Current Database: `mysql`

# search for ending of 'mysql' table
tail -n +155604 backup.mysql | grep -n "Current Database"

# 1:  -- Current Database: `mysql`
# 916:-- Current Database: `phpmyadmin`

# cut that table out
head -155603 backup.mysql                > new.mysql
tail -n +$(( 155603+916 )) backup.mysql >> new.mysql

# voila !

Crontab runs on different timezone : here’s the fix

A few days ago I got reports that a server is running its cron jobs at strange times. Logged in, and indeed it was. A huge backup was running during peak hours. Saying that it disrupt people’s work is an understatement.

To my surprise, the explanation for this issue can not be found straightaway. Took some googling to find the cause. And even more time to find the correct solution.

So to cut the chase – /etc/localtime was a link to /usr/share/zoneinfo/America/NewYork

Changed it to /usr/share/zoneinfo/Asia/Jakarta – and voila, now the cronjobs are running at the correct times.

Hope it helps

XCTB – X Compression Tool Benchmarker

I deal with a lot of big files at work. While storage capacity is not infinite indeed. So it’s in my interest to keep the file sizes as low as possible.

One way to achieve that is by using compression. Especially when dealing with log files, or database archive, you can save a ton of space with the right compression tool.

But space saving is not the only consideration.

You also need to weighs in other factors. Such as :

  • File type : different tool will compress different type of file differently
  • CPU multi-core capabilities
  • Compression speed
  • Compression size
  • Decompression time

But there are so many great compression tools available in Unix / Linux. It can be really confusing to choose which one to use even for a seasoned expert.

So I created X Compression Tool Benchmarker to help with this.

Features :

  • Test any kind of file : just put the file’s name as the parameter when calling the script. Then it will be tested against all the specified compression tools.
  • Add more compression tool easily : just edit the compressor_list & ext_file variable, and that’s it
  • Fire and forget : just run the script, and forget it. It will run without needing any intervention
  • CSV output : ready to be opened with Libre Office / Excel, and made into graphs in seconds.

Here’s a sample result for a Database archive file (type MySQL dump) :

The bar chart on top of this article is based from this result.

As you can see, currently this script will benchmark the following compression tools automatically : pigz – gzip – bzip2 – pbzip2 – lrzip – rzip – zstd – pixz – plzip – xz

The result, for each different file types, may surprise you ๐Ÿ™‚

For example ; I was surprised to see rzip beat lrzip – because lrzip is supposed to be the enhancement of rzip.

Then I was even more surprised to find out that :

  • I was testing Debian Buster’s version of rzip, which turned out to be pretty old – it does not even have multi-thread/core capability
  • But when I tested the latest version of rzip, which can use all the 16 cores in my server – it turned out to be slower than the old rzip from Debian Buster !
  • No, disk speed is not an issue – I made sure that all the benchmark was run from NVME SSD

So I was grinning at how Debian Buster packaged a very old version of rzip instead of the new one – turned out the joke’s on me : the old rzip perform better than the new one. Even without the multi-core capability.

Also it was amazing to see how really REALLY fast zstd is, while still giving decent compression size. When you absolutely need compression speed, this not so well known compression tool turned out to be the clear winner.

And so on, etc

Yes, indeed I had fun ๐Ÿ™‚

I hope you will too. Enjoy !


UPDATE : My friend , Eko Juniarto, published his results here and have permitted me to publish it here as well – thanks. Very interesting, indeed.

BCA – daftar bank korespondensi di Amerika

Suatu hari saya ditanyakan hal ini (bank korespondensi BCA di Amerika) setelah selesai seminar di Hawaii, untuk mentransfer honorarium saya.

Ternyata info ini tidak ketemu dimana-mana.

Tanya via Call center BCA di 1500888, mereka juga tidak tahu.

Akhirnya ketika istri saya kebetulan ada perlu ke BCA, dia tanyakan sekalian. Dijawab bahwa musti saya sendiri yang datang menanyakan.

Istri saya marah besar ๐Ÿ˜€ hahahaha

Apa logikanya cuma menanya “informasi bank korespondensi BCA” dengan saya musti datang sendiri ke BCA ๐Ÿ˜€ ha ha ha

Kalau karena musti nasabah BCA – istri saya juga nasabah BCA, dia juga punya rekening di BCA.

Akhirnya customer service BCA menyerah, dan memberitahu informasi tsb, hahaha. Ada-ada saja.

Saya lampirkan informasi tsb disini. Maka moga yang membutuhkannya tidak perlu mengalami kekonyolan serupa & terbuang-buang waktunya juga.

NAMA BANK : Bank of New York
ABA ROUTING NUMBER : IRVTUS3N

NAMA BANK : Bank of America
ABA ROUTING NUMBER : BOFAUS6S

NAMA BANK : Wells Fargo Bank
ABA ROUTING NUMBER : PNBPUS3NNYC

NAMA BANK : JP Morgan Chase Bank
ABA ROUTING NUMBER : CHASUS33

NAMA BANK : Citibank
ABA ROUTING NUMBER : CITIUS33

NAMA BANK : Standard Chartered Bank
ABA ROUTING NUMBER : SCBLUS33

Instalasi w3af

w3af (Web Application Attack and Audit Framework) adalah software yang bisa Anda gunakan untuk memeriksa keamanan aplikasi / website Anda.

Cara instalasi & penggunaannya sangat mudah, silakan ikuti panduan ini :


sudo apt-get update ; sudo apt-get -y install python-pip git

git clone https://github.com/andresriancho/w3af.git
cd w3af/
./w3af_console
# install semua paket yang diminta, lalu

./tmp/w3af_dependency_install.sh

Maka kini w3af & semua paket software yang dibutuhkannya telah terpasang.

Lalu buat file bernama MyScript.w3af, dengan isi sbb :

(CATATAN : jangan gunakan dulu plugin “redos” – terakhir saya gunakan, plugin redos ini berjalan selama 2 hari dan menghabiskan disk space di server saya. Hati-hati)


# -----------------------------------------------------------------------------------------------------------
# W3AF AUDIT SCRIPT FOR WEB APPLICATION
# -----------------------------------------------------------------------------------------------------------
#Configure HTTP settings
http-settings
set timeout 30
back
#Configure scanner global behaviors
http-settings
set timeout 20
set max_requests_per_second 100
back
misc-settings
set max_discovery_time 20
set fuzz_cookies True
set fuzz_form_files True
set fuzz_url_parts True
set fuzz_url_filenames True
back
plugins
#Configure entry point (CRAWLING) scanner
crawl web_spider
crawl config web_spider
set only_forward False
set ignore_regex (?i)(logout|disconnect|signout|exit)+
back
#Configure vulnerability scanners
##Specify list of AUDIT plugins type to use
audit blind_sqli, buffer_overflow, cors_origin, csrf, eval, file_upload, ldapi, lfi, os_commanding, phishing_vector, response_splitting, sqli, xpath, xss, xst
##Customize behavior of each audit plugin when needed
audit config file_upload
set extensions jsp,php,php2,php3,php4,php5,asp,aspx,pl,cfm,rb,py,sh,ksh,csh,bat,ps,exe
back
##Specify list of GREP plugins type to use (grep plugin is a type of plugin that can find also vulnerabilities or informations disclosure)
grep analyze_cookies, click_jacking, code_disclosure, cross_domain_js, csp, directory_indexing, dom_xss, error_500, error_pages,
html_comments, objects, path_disclosure, private_ip, strange_headers, strange_http_codes, strange_parameters, strange_reason, url_session, xss_protection_header
##Specify list of INFRASTRUCTURE plugins type to use (infrastructure plugin is a type of plugin that can find informations disclosure)
infrastructure server_header, server_status, domain_dot, dot_net_errors
#Configure target authentication
#Configure reporting in order to generate an HTML report
output console, html_file
output config html_file
set output_file /tmp/W3afReport.html
set verbose False
back
output config console
set verbose False
back
back
#Set target informations, do a cleanup and run the scan
target
###### GANTI DENGAN SITUS YANG INGIN ANDA TES ###############
set target https://google.com
set target_os unix
set target_framework php
back
cleanup
start

Simpan file tersebut, lalu jalankan perintah sbb :


./w3af_console ยญ-s MyScript.w3af

Kini tinggal Anda tunggu sampai selesai, dan setelah itu laporannya bisa dilihat di /tmp/W3afReport.html

Enjoy !

Setup Varnish on Port 80

Sometimes you need to quickly setup Varnish, usually in an emergency (like, your website got featured on Reddit’s frontpage ๐Ÿ˜€ ), to quickly absorb most of the hits hitting your website.

But the webserver is already using port 80.
Now what ?

Pretty easy actually :

  1. Setup Varnish on other port, say, 6081
  2. Run an iptables command : to forward incoming traffic from port 80 to port 6081
  3. Make sure Varnish uses 127.0.0.1:80 as the backend

Presto – now all the traffic hits Varnish first – which will process them in lightning speed.

Alright, so here’s the gory detail, also available on Pastebin.com : https://pastebin.com/2UBD7s05

Enjoy !

========

apt-get update ; apt-get -y install varnish

# Varnish should be already configured to list on port 6081
# if in doubt, check /etc/default/varnish,
# and look for the following line :
# DAEMON_OPTS="-a :6081

# edit varnish config
vi /etc/varnish/default.vcl

# make sure the .port line is set to 80, like this :
# .port = "80";
# then save & exit

# enable Apache's expires & headers module
a2enmod expires
a2enmod headers

# setup caching for static files
# via .htaccess file
echo "Header unset ETag" >> /var/www/.htaccess
echo "FileETag None" >> /var/www/.htaccess
echo "<ifmodule mod_expires.c>" >> /var/www/.htaccess
echo "<filesmatch \"(?i)^.*\\.(ico|flv|jpg|jpeg|png|gif|js|css)$\">" >> /var/www/.htaccess
echo "ExpiresActive On" >> /var/www/.htaccess
echo "ExpiresDefault \"access plus 2 minute\"" >> /var/www/.htaccess
echo "</filesmatch>" >> /var/www/.htaccess
echo "</ifmodule>" >> /var/www/.htaccess

# enable caching in php.ini
vi /etc/php/7.0/apache2/php.ini

# make sure session.cache_limiter = public
# save & exit

# restart Apache
/etc/init.d/apache2 restart

###### now let's start forwarding traffic to Varnish ######

# enable port forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
vi /etc/sysctl.conf

# add this line at the end of the file :
# net.ipv4.ip_forward = 1

# now here's the command that will actually forward the traffic from port 80 to Varnish
# change eth0 to your computer's network interface name
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 6081

# make sure this iptables setting will become permanent
apt-get -y install iptables-persistent

WordPress Auto-Backup via SSH

This script will enable you to backup your WordPress websites automatically. Just put it in a crontab / automatic scheduling software somewhere.

Also available on Pastebin : https://pastebin.com/nZ2fiL8j

Enjoy.

=====
#!/bin/bash

### THIS SCRIPT ASSUMES THE FOLLOWING
# 1/ You can do SSH password-less login to the server
# How : https://easyengine.io/tutorials/linux/passwordless-authentication-ssh/
# 2/ You have created a correct ~/.my.cnf file
# How : https://easyengine.io/tutorials/mysql/mycnf-preference/

wordpress_server=MyUser@MyServer.com
wordpress_location=/home/MyUser/MyWebsite
backup_location=/MyDisk/MyBackup

mysql_server=mysql.MyWebsite.com
mysql_database=MyDatabase_db

# ====== START BACKUP ============

today=`date +%A`

# backup database
ssh $wordpress_server "mysqldump -h $mysql_server $mysql_database > $wordpress_location/db-$today.mysql"
ssh $wordpress_server "gzip $wordpress_location/db-$today.mysql"

# download everything
rsync -avuz --delete $wordpress_server:$wordpress_location/* $backup_location/

# delete database backup
# so no one can download it via the website
ssh $wordpress_server "rm $wordpress_location/db-$today.mysql.gz"

# done !

Chuck Norris Facts – Science Version

:: Chuck Norris counted to infinity… Twice.

Chuck Norris knows the last digit of pi.

According to Einstein's theory of relativity, Chuck Norris can actually roundhouse kick you yesterday.

Chuck Norris roundhouse kicks don't really kill people. They wipe out their entire existence from the space-time continuum.

Human cloning is outlawed because if Chuck Norris were cloned, then it would be possible for a Chuck Norris roundhouse kick to meet another chuck Norris roundhouse kick. Physicists theorize that this contact would end the universe.

It is scientifically impossible for Chuck Norris to have had a mortal father. The most popular theory is that he went back in time and fathered himself.

Chuck Norris destroyed the periodic table, because Chuck Norris only recognizes the element of surprise.

It is believed dinosaurs are extinct due to a giant meteor. That's true if you want to call Chuck Norris a giant meteor.

There is no theory of evolution. Just a list of animals Chuck Norris allows to live.

Chuck Norrisโ€™ roundhouse kick is so powerful, it can be seen from outer space by the naked eye.

Chuck Norris has already been to Mars; that's why there are no signs of life there.

Scientists have estimated that the energy given off during the Big Bang is roughly equal to 1CNRhK (Chuck Norris Roundhouse Kick)

Chuck Norris can divide by zero.

Thousands of years ago Chuck Norris came across a bear. It was so terrified that it fled north into the arctic. It was also so terrified that all of its decendents now have white hair.

The First Law of Thermodynamics states that energy can neither be created nor destroyed… unless it meets Chuck Norris.

The chemical formula for the highly toxic cyanide ion is CN-. These are also Chuck Norris' initials. This is not a coincidence.

Aliens DO indeed exist. They just know better than to visit a planet that Chuck Norris is on.

We live in an expanding universe. All of it is trying to get away from Chuck Norris.

The Manhattan Project was not intended to create nuclear weapons, it was meant to recreate the destructive power in a Chuck Norris Roundhouse Kick. They didn't even come close.

Chuck Norris' pulse is measured on the richter scale.

Chuck Norris can sneeze with his eyes open.

Earth's emergency defence plan in case of alien invasion is Chuck Norris.

Chuck Norris can split the atom. With his bare hands.

Post imported by Google+Blog for WordPress.

HTI – Hizbut Tahrir Indonesia, Mengajak Untuk Memberontak

:: Di sebuah grup Whatsapp pernah ada kawan yang menyatakan bahwa HTI adalah kelompok pemberontak. Nampaknya ybs mendapat kesimpulan tsb antara lain dari artikel terlampir ini : http://web.archive.org/web/20140722222518/http://hizbut-tahrir.or.id/2014/07/21/hti-seru-militer-ambil-kekuasaan-untuk-tegakkan-khilafah/

Diserukan kepada para jenderal yang beragama Islam, untuk melakukan kudeta (mengambil kekuasaan) – dan lalu menyerahkannya pada HTI.

Dan kemudian ditebarkan janji-janji manis, bahwa Khilafah ala HTI akan menyelesaikan semua masalah yang sudah ada selama bertahun-tahun dengan mudah saja.

Bahkan dengan #sombong menyatakan, bahwa akan mengalahkan Israel hanya dalam waktu 1 hari.

Walaupun fakta sudah membuktikan, bahwa bahkan berbagai peperangan yang dilakukan oleh Rasulullah saw sekalipun kadang butuh waktu berhari-hari. Apa mereka mengira mereka ini lebih baik daripada utusan Allah ?

====
Sifat pemberontak seperti ini bertentangan dengan sangat banyak perintah Nabi saw, untuk taat kepada pemimpin.

Ini adalah antara lain sifat kaum Khawarij, seperti yang dipaparkan oleh imam Hasan al Bashri :


Seorang lelaki dari kaum khawarij mendatangi Hasan Al Bashri rahimahullah, si khawarij ini bertanya kepada beliau,

"Apa pendapatmu mengenai khawarij?"

Hasan Al Bashri menjawab,
"Mereka adalah para pencari dunia."

Lelaki itu berkata,
"Mengapa engkau berkata demikian, tidakkah kau tahu bahwa salah seorang di antara mereka itu rela berjalan (untuk memerangi penguasa yang tidak adil) dengan tombaknya hingga patah tombak tersebut, ia bahkan pergi meninggalkan keluarga dan anaknya."

Hasan Al Bashri berkata,
"Coba jawab pertanyaanku mengenai penguasa ini, adakah dia melarangmu untuk sholat, menunaikan zakat, haji dan umrah?"

Lelaki itu menjawab,
"Tidak."

Hasan Al Bashri kemudian menjawab,
"Aku melihat bahwa ia menahan dunia darimu, sehingga kau pun memeranginya karena menginginkan dunia tersebut."

ุงู„ุจุตุงุฆุฑ ูˆ ุงู„ุฏุฎุงุฆุฑ ู„ุฃุจูŠ ุญูŠุงู†
ูกูฅูฆ/ูก

Post imported by Google+Blog for WordPress.

I/O Load Monitoring

:: A few days ago a client of mine complained about slowdown on his website. I checked his server, and later noticed that the server seemed to be burdened with heavy I/O operations.

When checked with tools such as "top", the row showing "%wa" (meaning: I/O wait) was very high. Normally < 10%, it was ranging from 50% up to 98% instead.

This is a very alarming information. Because the server is using SSD disks ๐Ÿ™‚ so its I/O (input/output) should be #really fast. Not bogged down like this.

I checked the daemons (server software) such as Apache, MySQL, Varnish, etc – and they were all idling. None were busy.

So the I/O load came from somewhere else. Probably from the hypervisor (physical server) itself. Which means it's a possible hardware problem.

Because the datacenter has concluded that it was not a "noisy neighbour" – another VM (virtual machine) in the same physical server that's hogging all the I/O resources. Pretty much all of them were idling, just like mine.

===
However I'll need some data to convince the datacenter to do hardware check on its SSD storage cluster. So I wrote this little bash script : http://pastebin.com/SxxuaVy4

The script logs server's I/O status into a CSV (Excel) format. So it can be very easily graphed later.

Using iostat tool, it probed the server's current I/O load.
Then the script is executed every minute, by running in as a cronjob.

You may notice that iostat is executed with "-d 1 3" parameter. Which means "run 3 times, with 1 second delay in between"

This is because iostat's first run always cause a spike in I/O load ๐Ÿ™‚ so the numbers would be inaccurate. I noticed the numbers tend to stabilize after the 3rd run, so I set it up that way.

===
Of course, you can very easily modify this script to monitor something totally different ๐Ÿ™‚ just change the iostat / head / tail / cut part to something else – voila.

===
Attached is a graph created from one of the log. The X axis is timestamp, in military format (24 hours)

I submitted the logs to the datacenter.

It convinced them to do checks on the storage cluster – and voila, they found some degraded disks in that cluster ๐Ÿ™‚

===
Damaged disks replaced, storage cluster rebuilt – and everyone lives happily ever after ? ๐Ÿ™‚ Fingers crossed. Happy ending !

Post imported by Google+Blog for WordPress.

Kita Bisa Lawan Hoax

:: Gambar terlampir ini memberikan harapan ๐Ÿ™‚ bukti bahwa kita #bisa melawan hoax. Lingkaran di sebelah kiri menampilkan hanya 2 titik oranye, para aktivis anti hoax – namun, sudah cukup untuk nyaris melenyapkan titik ungu; yaitu berita hoax ๐Ÿ˜€

Ini adalah hasil penelitian Professor Filippo Menczer dan koleganya. Sangat relevan dengan situasi di Indonesia, yaitu dimana mayoritas hoax menyebar melalui komunitas-komunitas tertutup di BBM atau Whatsapp.

Tanpa aktivis anti hoax, maka akan terjadi lingkaran di sebelah kanan – virus hoax bebas merajalela.

Mari bersama-sama kita BISA melawan hoax. (y)

Sumber : http://theconversation.com/misinformation-on-social-media-can-technology-save-us-69264

Post imported by Google+Blog for WordPress.

Happy Ending

:: Di tahun 2013, dibahas tentang perburuan sebuah penyakit misterius, yang membunuhi anak-anak di India sejak 1995 ๐Ÿ™ setiap bulan Mei :O :O https://mobile.nytimes.com/2013/07/14/world/africa/as-mystery-illness-stalks-its-young-india-intensifies-search-for-a-killer.html Bagaimana mereka mati-matian bekerja keras untuk mengungkap sumber penyakit yang misterius ini.

Di tahun 2017, akhirnya muncul kabar gembira : mereka sudah berhasil menemukan penyebabnya ๐Ÿ˜€ yaitu, buah leci (lychee) :O :O :O

Siapa sangka ?? ๐Ÿ™‚ ternyata buah leci bisa membunuh anak kecil ๐Ÿ™

Ternyata ada 3 kondisi yang kebetulan muncul di setiap bulan Mei :

(1) Pohon leci berbuah, dan dimakan oleh anak-anak

(2) Anak-anak banyak yang kekurangan gizi : salah satu dampaknya adalah kadar gula darah yang rendah.

(3) Buah leci mengandung racun Hypoglycin & MCPG : keduanya membuat tubuh sulit mengubah glukosa/gula menjadi gula darah.

Poin 2 ditambah poin 3, membuat sebagian anak-anak yang memakan buah leci menjadi drop kadar gula darahnya sampai ke tingkat yang fatal ๐Ÿ™

====
Masalah ini jadi kini bisa diatasi dengan mengajarkan 2 hal kepada para orang tua :

(1) Anak-anak harus mendapat asupan gizi yang cukup

(2) Batasi konsumsi buah leci oleh anak-anak

Alhamdulillah, kini jumlah kasus ini jadi drop dengan sangat signifikan ๐Ÿ˜€ <3

=====
Berkat metode investigasi yang ilmiah, bukan cuma berdasarkan perasaan, maka misteri yang sudah ada selama 20 tahun ini akhirnya jadi bisa dipecahkan dalam waktu sekitar 2 tahun.

Salut kepada para pahlawan yang telah menyelamatkan nyawa anak-anak ini ๐Ÿ™‚ semoga kita bisa tiru teladan mereka (y)

https://mobile.nytimes.com/2017/01/31/world/asia/lychee-litchi-india-outbreak.html

Dangerous Fruit: Mystery of Deadly Outbreaks in India Is Solved – NYTimes.com

Post imported by Google+Blog for WordPress.

*Install old packages with Debian Snapshot *

:: snapshot.debian.org is a wayback machine that allows access to old packages based on dates and version numbers. It consists of all past and current packages the Debian archive provides. I found out about this service when a customer needed to use an older version of PHP, and I couldn't find a way to cleanly do this. Thanks to Debian Snapshot, it's now done & running.

I began by finding out the exact version of PHP and Apache packages that needs to be installed.

===
The client asked for PHP version 5.3, so I browsed to http://snapshot.debian.org/package/php5/

Found that the most up to date version is 5.3.10-2,
so I browsed to its folder : http://snapshot.debian.org/package/php5/5.3.10-2/

It shows date & time of 2012-02-21 04:16:01
so I added the following line to /etc/apt/sources.list :

—-
# PHP 5.3.10-2 packages
deb http://snapshot.debian.org/archive/debian/20120221T041601Z/ unstable main
—-

Note the date & time format on that line.

Now we need to install Apache version 2.22.2-1 – why this particular version?
Answer: because this is the version required by PHP 5.3.10-2 package; it will complain if any other version are installed. So yeah that's pretty easy to figure out ๐Ÿ™‚

Using similar technique, I found out the line for Apache2 packages :

—-
# Apache 2.22.2-1 packages
deb http://snapshot.debian.org/archive/debian/20120202T040408Z/ unstable main
—-

Now let's do the installation process itself :

===========
# remove current PHP packages
sudo apt-get remove –purge `dpkg -l | grep php | grep -w 5.5 | awk '{print $2}' | xargs`
# remove current Apache packages
sudo apt-get remove –purge `dpkg -l | grep apache | grep -w 2 | awk '{print $2}' | xargs`

# update package database
apt-get update

# this is the setting required to be able to use Debian Snapshot
apt-get -o Acquire::Check-Valid-Until=false update

# now we can specify the exact version
apt-get install php5=5.3.10-2 libapache2-mod-php5=5.3.10-2 php5-cli=5.3.10-2 php5-common=5.3.10-2 php5-gd=5.3.10-2 php5-mcrypt=5.3.10-2 php5-mysql=5.3.10-2 php5-pgsql=5.3.10-2 apache2=2.2.22-1 apache2-mpm-prefork=2.2.22-1 apache2-suexec=2.2.22-1 apache2-utils=2.2.22-1 apache2.2-common=2.2.22-1 apache2.2-bin=2.2.22-1

/etc/init.d/apache2 restart
===========

If the commands does not work, maybe it's formatting problem – you can refer instead to my Pastebin here : http://pastebin.com/r2qBtbs4

Hope you find these useful (y)

Post imported by Google+Blog for WordPress.

Create a SSL certificate containing 100 domains

:: From time to time, I need to create SSL certificates for hundreds, or even thousands of subdomains. This is because Let's Encrypt does not support "Wildcard SSL certificate" yet ๐Ÿ™‚

Needless to say, I hit their limits pretty quickly ! ๐Ÿ˜€ ha ha
https://letsencrypt.org/docs/rate-limits/

So I looked around, and thankfully found a solution : SAN (Subject Alternative Name) certificate.

Basically you can create a single SSL certificate, which contains 100 domains in it. Cool ๐Ÿ™‚ another great feature from Let's Encrypt ! (y)

====
To make it easy for me (since I'm such a lazy sysadmin, LOL) I created a script to automate the creation of these SAN certificates :

http://pastebin.com/PBP7i8rN

Feel free to use it too. Hope you find it useful.

====
# !/bin/bash

# specify the location of Let's Encrypt tool
# and its parameters
certbot='/usr/bin/certbot –agree-tos –email my@email.com –apache –redirect –expand –renew-by-default -n '

# put the domain names in this file
vhost=( `cat "domain-list.txt" `)

# loop variables
ssl_exec="${certbot}"
n=1

#################### START ##########################

for t in "${vhost[@]}"
do

ssl_exec="${ssl_exec} -d $t "
let "n++"

# every 100th domain,
# create a SSL certificate for these 100 domains
# (SAN = Subject Alternative Name certificate)
if (( n == 100 )); then

$ssl_exec
# echo $ssl_exec

# reset the loop variables
ssl_exec="${certbot}"
n=1
fi

done

# create SSL certificate for the rest of the domains
$ssl_exec
# echo $ssl_exec

Post imported by Google+Blog for WordPress.

Lampu Anti Nyamuk : Heles

:: Selama beberapa minggu ini, saya membeli berbagai jenis lampu anti nyamuk & memasangnya di rumah saya. Merek HELES tipe yang cukup ringkas ini ternyata sukses membunuh sangat banyak nyamuk ๐Ÿ™‚ nampak di foto terlampir.

Alat pembunuh nyamuk listrik seperti ini punya kelebihan yang #signifikan : bebas racun.

Anak-anak dan keluarga kita jadi selamat dari paparan racun anti nyamuk; apakah yang berbentuk aerosol, maupun obat bakar. Alat ini bersih & ramah lingkungan.

Dari pengalaman selama ini, nampaknya berikut ini adalah cara penggunaan yang benar :

(1) Hidupkan 24 jam : alat-alat ini cukup hemat listrik, kisaran 5-10 watt. Biarkan hidup terus, karena ada nyamuk yang aktif di pagi / siang hari juga.

(2) Taruh di tempat GELAP : perhatikan foto terlampir. Menaruh di tempat yang terang bisa membuat hasilnya turun drastis, bahkan tidak sama sekali.

(3) Taruh pada ketinggian yang tepat : jangan taruh di tempat yang terlalu tinggi. Perhatikan bagaimana di rumah Anda, setinggi apa biasanya nyamuk yang beterbangan.

(4) Taruh di tempat yang sering dilewati / nampak nyamuk di sekitarnya.

Dengan melakukan langkah-langkah itu, maka mudah-mudahan rumah Anda jadi bisa segera bebas dari nyamuk.

Alat ini bisa dibeli di Ace hardware, dan juga berbagai lapak online seperti Tokopedia :

https://www.tokopedia.com/sumberbaru-toko/heles-hl3107-super-mosquito-killer-lampu-anti-nyamuk-strum-ultraviolet

PERHATIAN : karena alat ini cepat membunuh banyak nyamuk, maka musti agak sering dibersihkan.

Nyamuk yang mati akan menempel di batang besi di dalamnya. Tadi pagi saya membuka alat ini, sudah #penuh semuanya menempel mayat nyamuk, sehingga tentu saja tidak bisa membunuh lagi.

Semoga bermanfaat.

Post imported by Google+Blog for WordPress.