Tarotoast’s Stuff

很久沒有試著去用 Flock 了，沒想到現在竟然連 Linux 板都做出來了
1.0 板的 Flock 多了許多服務，但是還是沒有 Gallery 2.0 的支援
絕大部分的服務都是美國的英文語系
不知道 Flock 可不可以放出 API 讓 3rd party 自己寫其他的 social integration
想想，可能性實在太小了
不過台灣是有多少 social networking 的網站可以整合？無名好友？

現在 Flock (1.0 RC3) 支援的服務如下:

• People
• Facebook
• Flickr
• Twitter
• Youtube
• Media
• Photobucket
• Piczo
• Blogging
• Blogger
• Blogsome
• LiveJournal
• Typepad
• WordPress.com
• Xanga
• Self-Hosted Blog
• Online Favorites
• del.icio.us
• Magnolia

感覺起來最好用的還是 Flickr 的 Media Bar + Blogging 的整合
del.icio.us 的整合也是個很好用的東西
但是最近 Yahoo 的 del.icio.us Firefox Extension 已經把舊版的問題解決
現在的新版不像舊版一樣只能選擇用 del.icio.us 或者 firefox 內建的 Bookmarks

不知道以後可不可以安裝時候勾選有哪些服務想要支援再安裝那些服務的支援

Blogged with Flock

Tags: flock, social network, taiwan, extension, development

On my 1&1 VPS II server, it comes with only 256MB of dedicated memory, which is pathetic. If I run a separate mysqld, it’s going to take 1xxMB away from this super limit memory pool. It makes sense to me to make use of MySQL databases on another shared hosting account. BlueHost and HostMonster both comes with firewall enabled by default for their MySQL servers. Going about white listing server’s IP can be done via:

1. Launching remote firefox session, which takes your patient and the hassle of all those x window configs.
2. Setup VPN on the server, and use server’s IP to to whitelist itself.

But the connection between the VPS server and Shared Host’s MySQL database is insecure. It’s natural to come to this conclusion as the best option: ssh tunnel.

Assuming you have shell access to both VPS and Shared Host, and both are running OpsnSSH.

Setup Public Key Authentication

1. Login to VPS with account you want to create the tunnel

2. cd ~/.ssh

   (create it if not exist)

3. ssh-keygen -t dsa

4. Securely transfer id_dsa.pub to the Shared Hosting’s home directly, something like this:

   scp id_dsa.pub sharedhost:/home/username/.ssh/server_id_psa.pub

5. Login to Shared Host

6. cd ~/.ssh
   cat server_id_psa.pub >> authorized_keys

7. Switch back to VPS, try logging into Shared Host using public key authentication:

   ssh username@sharedhost

   If everything is setup properly, no password is prompted.

If in doubt, [this] is a good place to consult about Public Key Authentication.

Setting up a host name

When MySQL is connecting to localhost, it will try to use socket, regardless of the efforts trying to tell it the service is actually not running on localhost, but rather a tunnel to a remote host. To overcome this issue, create an entry in /etc/hosts:

127.0.0.1 localhost mysqlhost

This points the host name ‘mysqlhost’ to 127.0.0.1 which essentially is also localhost, but mysql is too dumb to understand.

Create the tunnel

1. First, stop the local mysqld. As root:

   service stop mysqld

2. Login to VPS with username previously configured with public key authentication to Shared Host
3. create tunnel:

   ssh -f username@sharedhost -N -L 3306:localhost:3306

   This creates a ssh tunnel in background and forward connection to port 3306 on localhost to port 3306 on sharedhost.

4. Make change in php to reflect the database names, users, password on Shared Host, and most importantly, instead of localhost, use mysqlhost in configuration files.

Automate the process

What if the ssh tunnel died? What if the VPS restarts? How to make sure the connection stays live? The answer is to use autossh.

1. As root:

   yum install autossh

2. Edit /etc/rc.d/rc.local, add this line at the bottom:

   su VPSusername -c 'autossh -M 5307 -f SHAREDHOSTusername@sharedhost -N -L 3306:*:3306' &

   This tells the server to execute the command in ‘ ‘ as VPSusername and put the process into background at startup. autossh will use port 5307 to monitor the ssh tunnel to sharedhost, and reconnect if it drops. Also make sure to disable the local MySQL daemon from starting automatically, or the tunnel cannot be created.

Server

1. yum install openvpn
2. cp -R /usr/share/openvpn/easy-rsa /etc/openvpn
3. cd /etc/openvpn/easy-rsa
4. vim vars:

   # easy-rsa parameter settings
   # NOTE: If you installed from an RPM,
   # don't edit this file in place in
   # /usr/share/openvpn/easy-rsa --
   # instead, you should copy the whole
   # easy-rsa directory to another location
   # (such as /etc/openvpn) so that your
   # edits will not be wiped out by a future
   # OpenVPN package upgrade.
   # This variable should point to
   # the top level of the easy-rsa
   # tree.
   
   export D=`pwd`
   
   # This variable should point to
   # the openssl.cnf file included
   # with easy-rsa.
   
   export KEY_CONFIG=$D/openssl.cnf
   
   # Edit this variable to point to
   # your soon-to-be-created key
   # directory.
   #
   # WARNING: clean-all will do
   # a rm -rf on this directory
   # so make sure you define
   # it correctly!
   
   export KEY_DIR="/etc/openvpn/keys"
   
   # Issue rm -rf warning
   
   echo NOTE: when you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
   
   # Increase this to 2048 if you
   # are paranoid.  This will slow
   # down TLS negotiation performance
   # as well as the one-time DH parms
   # generation process.
   
   export KEY_SIZE=1024
   
   # These are the default values for fields
   # which will be placed in the certificate.
   # Don't leave any of these fields blank.
   
   export KEY_COUNTRY=US
   export KEY_PROVINCE=CA
   export KEY_CITY=SANDIEGO
   export KEY_ORG="TAROTOAST.COM"
   export KEY_EMAIL="chang.peter@gmail.com"

5. chmod 700 *
6. mkdir /etc/openvpn/keys
7. make sure in Bash shell (still at /etc/openvpn/easy-rsa directory)
8. ./vars
9. ./clean-all
10. ./build-ca
    Enter ROOTCA for common name
11. ./build-key-server server
    Enter ROOT for common name
12. ./build-key [computername] <– repeat for # of computers want to allow connect
    Enter [computername] as common name
    EX: ./build-key AMD64
    EX: ./build-key X40
13. ./build-dh
14. vim /etc/openvpn/server.conf:

    port 1194
    proto tcp
    dev tun
    ca keys/ca.crt
    cert keys/server.crt
    key keys/server.key
    dh keys/dh1024.pem
    server 10.11.12.0 255.255.255.0
    client-config-dir ccd
    push "dhcp-option DNS SERVERIP"
    push "dhcp-option DNS SERVERDNS"
    ifconfig-pool-persist ipp.txt
    push "redirect-gateway"
    keepalive 10 120
    comp-lzo
    persist-key
    persist-tun
    status server-tcp.log
    verb 3

15. Create log files: touch /etc/openvpn/server-tcp.log /etc/openvpn/ipp.txt
16. vim /etc/init.d/openvpn:
    Uncomment line 114

    /sbin/modprobe tun >/dev/null 2>&1

    Insert after line 115

    iptables -t nat -A POSTROUTING -s 10.11.12.3 -j SNAT --to SERVERIP
    iptables -t nat -A POSTROUTING -s 10.11.12.4 -j SNAT --to SERVERIP
    iptables -t nat -A POSTROUTING -s 10.11.12.5 -j SNAT --to SERVERIP
    iptables -t nat -A POSTROUTING -s 10.11.12.6 -j SNAT --to SERVERIP
    iptables -t nat -A POSTROUTING -s 10.11.12.7 -j SNAT --to SERVERIP
    iptables -t nat -A POSTROUTING -s 10.11.12.8 -j SNAT --to SERVERIP
    iptables -t nat -A POSTROUTING -s 10.11.12.9 -j SNAT --to SERVERIP
    iptables -t nat -A POSTROUTING -s 10.11.12.10 -j SNAT --to SERVERIP

17. service openvpn start

Client (Windows Vista with UAC on)

1. Download and install OpenVPN Gui 1.0.3 with OpenVPN 2.0.9 [Here]
2. Scary warning will pop up telling you the driver will not work, install it anyway. OpenVPN’s developers fixed it already.
3. Make a shortcut on desktop to GUI executable “C:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe”
4. Use WinSCP to download these files onto the client computer:
   /etc/openvpn/keys/ca.crt
   /etc/openvpn/keys/AMD64.key
   /etc/openvpn/keys/AMD64.crt
5. Put above files along with this VPNServer.ovpn in C:\Program Files\OpenVPN\config
   VPNServer.ovpn

   client
   dev tun
   proto tcp
   remote SERVERIP 1194
   resolv-retry infinite
   nobind
   persist-key
   persist-tun
   ca ca.crt
   cert AMD64.crt
   key AMD64.key
   ns-cert-type server
   push "dhcp-option DNS SERVERIP"
   push "dhcp-option DNS SERVERDNSIP"
   comp-lzo
   verb 3
   route-method exe
   route-delay 2
   

6. Right click on the shortcut to openvpn-gui-1.0.3.exe, select Run As Administrator
7. On the taskbar, right click the openvpn gui icon, select connect

DONE [aha

The above mostly follows [this thread] except some minor changes in client side config.

這是跟 Summer 2006 沒關係的 Post.

Hamachi 真是個很神奇的軟體. 印象中餅幹以前好像有為了要搞個 VPN 然後搞那些繁雜的 OpenVPN 的設定還特地寫了一篇 post 來紀錄. 而 Hamachi 這東西則是將些複雜的設定通通透明化. 好用的沒話說阿 XD

簡單介紹一下它在幹麻: Hamachi Client 會在電腦上面安裝個虛擬的 Network Adapter. 第一次安裝時候它會連到 Hamachi Server (不是自己架的, 是 Hamachi 的 server) 取得一個 5 開頭的 IP. 那個 IP 是 non-routable 的 LAN 用 ip, 所以丟在網路上讓人知道也沒關係. 取得 IP 後就可以建立 Network 或者加入 Network 了.

建立/加入 Network: 要詳細解釋怎麼運作的可能很複雜, 就別想太多. 重點是不同電腦加入了同樣的 Network 後, 電腦互相就可以在 LAN 上面看到對方了!!! 電腦們到了同一個 LAN 後可以作什麼? 網路的芳鄰啦, 網路遊戲啦, 私人用 web service 啦, 想的到的都做得到.

Hamachi 是個 VPN Solution, 雖然它簡單到很不可斯異, 但是 VPN 就是 VPN. 理論上都很安全的. 目前自己發現最好用的就是家裡電腦透過 hamachi 可以讓我的小黑用遠端桌面控制了 XD

There nothing major or significant going on in my life and therefore I did not bother writing anything down, for quite a while, as you might know. Anyway, today I'm writing a little utility to help fetching images on remote server and store it into sequential names, all within PHP.

To initiate a curl request, you declare one like this:

$c = curl_init("http://server/page.html?getopt=value");

Then set options for this curl request:

curl_setopt($c, CURLOPT_RETURNTRANSFER,1); // stops the request from outputting immediately

curl_setopt($c, CURLOPT_USERAGENT, " Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"); // use a very legit fake useragent

curl_setopt($c, CURLOPT_REFERER, "http://server"); // bypassing measures preventing hotlinking/stealing/whatever u'd like to call it

A complete listing of all available curl options is here. After the options are set, execute the request and store the result like this:

$result = curl_exec($c);

$curlinfo = curl_getinfo($c);

$httperrorcode = $info['http_code'];

If the query is proper, the $httperrorcode should be 200. Assuming you've successfully (200) obtained the targeted document, these are helpful methods to use to manipulate/store the data:

• strlen( $var )
• str_replace( "replace this with", "this", $from_this )
• explode( "seperator", $turn_into_array )
• sizeof( $var )
• strstr( $does_this_contain, "this" )
• print( $var )
• echo( $var )
• mkdir( "ABSPATH", 0777)
• $fp = fopen( "ABSFILENAME", 'w' );
• fwrite( $fp, $result )
• fclose( $fp )

After the whatever-purpose php script is done, simply use the following way to execute under console:

php filename.php getopt1=val1 getopt2=val2

Of course, you access those val1 and val2 within the program with $_GET['getopt1'] and etc.