How to secure PHP with Suhosin

Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections.

Features:

Engine Protection (only with patch)
Protects the internal memory manager against bufferoverflows with Canary and SafeUnlink Protection
Protects Destructors of Zend Hashtables
Protects Destructors of Zend Linked-Lists
Protects the PHP core and extensions against format string vulnerabilities
Protects against errors in certain libc realpath() implementations

Misc Features
Protection Simulation mode
Adds the functions sha256() and sha256_file() to the PHP core
Adds support for CRYPT_BLOWFISH to crypt() on all platforms
Transparent protection of open phpinfo() pages
EXPERIMENTAL SQL database user protection

Runtime Protection
Transparent Cookie Encryption
Protects against different kinds of (Remote-)Include Vulnerabilities
disallows Remote URL inclusion (optional: black-/whitelisting)
disallows inclusiong of uploaded files
optionally stops directory traversal attacks
Allows disabling the preg_replace() /e modifier
Allows disabling eval()
Protects against infinite recursion through a configureabel maximum execution depth
Supports per Virtual Host / Directory configureable function black- and whitelists
Supports a separated function black- and whitelist for evaluated code
Protects against HTTP Response Splitting Vulnerabilities
Protects against scripts manipulating the memory_limit
Protects PHP‘s superglobals against extract() and import_request_vars()
Adds protection against newline attacks to mail()
Adds protection against \0 attack on preg_replace()

Session Protection
Transparent encryption of session data
Transparent session hijacking protection
Protection against overlong session identifiers
Protection against malicious chars in session identifiers

Filtering Features
Filters ASCIIZ characters from user input
Ignores GET, POST, COOKIE variables with the following names:
GLOBALS, _COOKIE, _ENV, _FILES, _GET, _POST, _REQUEST
_SERVER, _SESSION, HTTP_COOKIE_VARS, HTTP_ENV_VARS
HTTP_GET_VARS, HTTP_POST_VARS, HTTP_POST_FILES
HTTP_RAW_POST_DATA, HTTP_SERVER_VARS, HTTP_SESSION_VARS
Allows enforcing limits on REQUEST variables or separated by type (GET, POST, COOKIE)
Supports a number of variables per request limit
Supports a maximum length of variable names [with and without indicies]
Supports a maximum length of array indicies
Supports a maximum length of variable values
Supports a maximum depth of arrays
Allows only a configureable number of uploaded files
Supports verification of uploaded files through an external script
Supports automatic banning of uploaded ELF executables
Supports automatic banning of uploaded binary files
Supports automatic stripping of binary content in uploaded files
Configureable action on violation
just block violating variables
send HTTP response code
redirect the browser
execute another PHP script

Logging Features
Supports multiple log devices (syslog, SAPI module error log, external logging script)
Supports freely configureable syslog facility and priority
Supports log device separated selection of alert types to log
Alerts contain filename and linenumber that triggered it
Alerts contain the IP address of the user triggering it
The IP Address can also be extracted from X-Forwarded-For HTTP headers (f.e. for reverse proxy setups)

Installation and Configuration

# cd / tmp
# wget http://download.suhosin.org/suhosin-0.9.27.tgz
# tar xzf suhosin-0.9.23.tgz
# cd suhosin-0.9.23
# ./configure
# make
# make install

The next step is to enable the module in php.ini, editing /etc/php5/apache2/php.ini and adding this line:

extension = suhosin.so

Now just restart Apache and suhosin begin to do it's dirty work:)
For more detail configuration, check here

How to install and use chkrootkit

Here are steps used to manually install chkrootkit on a Linux system:

1. # wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
2. # tar zxvf chkrootkit.tar.gz
3. # cd chkrootkit-version_number
4. # make
5. Copy chkrootkit and associated executables into /usr/local/bin

# find . -type f -perm +001 -exec cp {} /usr/local/bin \;

Next, create a root crontab entry to run chkrootkit daily.

0 3 * * * (cd /usr/local/bin; ./chkrootkit 2>&1 | /bin/mail -s “`/bin/hostname` chkrootkit output for `/bin/date +\%m`-`/bin/date +\%d`-`/bin/date +\%y`” root)

For more information, check the chkrootkit homepage.

The 5 real reasons to avoid iPhone 3G:

• iPhone completely blocks free software. Developers must pay a tax to Apple, who becomes the sole authority over what can and can't be on everyone's phones.
• iPhone endorses and supports Digital Restrictions Management (DRM) technology.
• iPhone exposes your whereabouts and provides ways for others to track you without your knowledge.
• iPhone won't play patent- and DRM-free formats like Ogg Vorbis and Theora.
• iPhone is not the only option. There are better alternatives on the horizon that respect your freedom, don't spy on you, play free media formats, and let you use free software -- like the FreeRunner.
  

Ref :- http://www.gnu.org.in/news/5-reasons-to-avoid-iphone-3g

HowTo use Crontab (Basic commands)

open the crontab editor:
# crontab -e

you can use this variables:

1 = Minute after the hour
2 = the hour you want it done
3 = Day of the Month
4 = Month of the Year
5 = Day of the week
6 = 'command you want to execute'
* = ALL

Example:
30 0 * * * /usr/local/aplication
It will run the application every day at 12:30 AM.
* * * - means all day of the month, all month of the year, all day of the week

Other crontab commands:
crontab -e opens the editor
crontab -l lists the contents of the crontab
crontab -r removes the crontab

Configuring a DHCP Client

The /etc/sysconfig/network file should contain the following line:

NETWORKING=yes

The NETWORKING variable must be set to yes if you want networking to start at boot time.
The /etc/sysconfig/network-scripts/ifcfg-eth0 file should contain the following lines:

DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes

A configuration file is needed for each device to be configured to use DHCP.

Linux Commands to Monitor Memory Usage:

vmstat Monitor virtual memory
free Display amount of free and used memory in the system
pmap Display/examine memory map and libraries (so). Usage: pmap pid
top Show top processes
sar -B Show statistics on page swapping.
time -v date Show system page size, page faults, etc of a process during execution. Note you must fully qualify the command as "/usr/bin/time" to avoid using the bash shell command "time".
cat /proc/sys/vm/freepages Display virtual memory "free pages".
One may increase/decrease this limit: echo 300 400 500 > /proc/sys/vm/freepages
cat /proc/meminfo Show memory size and usage.

Advantages of IPv6 - The Next Generation Internet

The most important and most visible improvement brought by the new protocol is the enormous expansion of the available address space. An IPv6 address is made up of 128 bit values instead of the traditional 32 bits. This provides for as many as several quadrillion IP addresses.

However, IPv6 addresses are not only different from their predecessors with regard to their length. They also have a different internal structure that may contain more specific information about the systems and the networks to which they belong.

The following is a list of some other advantages of the new protocol:

Autoconfiguration
IPv6 makes the network “plug and play” capable, which means that a newly set up system integrates into the (local) network without any manual configuration. The new host uses its automatic configuration mechanism to derive its own address from the information made available by the neighboring routers, relying on a protocol called the neighbor discovery (ND) protocol. This method does not require any intervention on the administrator's part and there is no need to maintain a central server for address allocation—an additional advantage over IPv4, where automatic address allocation requires a DHCP server.

Mobility
IPv6 makes it possible to assign several addresses to one network interface at the same time. This allows users to access several networks easily, something that could be compared with the international roaming services offered by mobile phone companies: when you take your mobile phone abroad, the phone automatically logs in to a foreign service as soon as it enters the corresponding area, so you can be reached under the same number everywhere and are able to place an outgoing call just like in your home area.

Secure Communication
With IPv4, network security is an add-on function. IPv6 includes IPsec as one of its core features, allowing systems to communicate over a secure tunnel to avoid eavesdropping by outsiders on the Internet.

Backward Compatibility
Realistically, it would be impossible to switch the entire Internet from IPv4 to IPv6 at one time. Therefore, it is crucial that both protocols are able to coexist not only on the Internet, but also on one system. This is ensured by compatible addresses (IPv4 addresses can easily be translated into IPv6 addresses) and through the use of a number of tunnels. Also, systems can rely on a dual stack IP technique to support both protocols at the same time, meaning that they have two network stacks that are completely separate, such that there is no interference between the two protocol versions.

Custom Tailored Services through Multicasting
With IPv4, some services, such as SMB, need to broadcast their packets to all hosts in the local network. IPv6 allows a much more fine-grained approach by enabling servers to address hosts through multicasting—by addressing a number of hosts as parts of a group (which is different from addressing all hosts through broadcasting or each host individually through unicasting). Which hosts are addressed as a group may depend on the concrete application. There are some predefined groups to address all name servers (the all name servers multicast group), for example, or all routers (the all routers multicast group).

Using vi to Encrypt Text Files

The disadvantage of using encrypted partitions is that while the partition is mounted, at least root can access the data. To prevent this, vi can be used in encrypted mode.

Use vi -x filename to edit a new file. vi prompts you to set a password, after which it encrypts the content of the file. Whenever you access this file, vi requests the correct password.

For even more security, you can place the encrypted text file in an encrypted partition. This is recommended because the encryption used in vi is not very strong.

Protection from Viruses and Spoofed IP Addresses

There are some Trojans that scan networks for services on ports from 31337 to 31340 (called the elite ports in cracking terminology). Since there are no legitimate services that communicate via these non-standard ports, blocking it can effectively diminish the chances that potentially infected nodes on your network independently communicate with their remote master servers.

iptables -A OUTPUT -o eth0 -p tcp --dport 31337 --sport 31337 -j DROP
iptables -A FORWARD -o eth0 -p tcp --dport 31337 --sport 31337 -j DROP

You can also block outside connections that attempt to spoof private IP address ranges to infiltrate your LAN. For example, if your LAN uses the 192.168.1.0/24 range, a rule can set the Internet facing network device (for example, eth0) to drop any packets to that device with an address in your LAN IP range. Because it is recommended to reject forwarded packets as a default policy, any other spoofed IP address to the external-facing device (eth0) is rejected automatically.

iptables -A FORWARD -s 192.168.1.0/24 -i eth0 -j DROP

Enable Root logins to Telnet and FTP Services

Configure Telnet for root logins

Simply edit the file /etc/securetty and add the following to the end of the file:

pts/0
pts/1
pts/2
pts/3
pts/4
pts/5
pts/6
pts/7
pts/8
pts/9

This will allow up to 10 telnet sessions to the server as root.

Configure FTP for root logins

Edit the files /etc/vsftpd.ftpusers and /etc/vsftpd.user_list and remove the ‘root‘ line from each file.

Make sure that you NEVER configure your production servers for this type of login.

Serious Red Hat Linux Commercial Adertisement

First they ignore you, then they laugh at you, then they fight against you and then you win.
- : Mahatma Gandhi





#### Watch the Video Here ####








.

Install Packages offline on a Debian Based Distro like Ubuntu !!

Though in most North American cities one cannot find a spot without at least a weak WiFi signal, many of us Linux geeks still live in rural areas with less Internet connectivity. Also, in various non-Westernized nations, there is a growing number of Linux users who may have a computer at home, but cannot afford a decent connection. For both groups, software updates typically demand an Internet connection, which can make updating difficult if not impossible. There is now a solution though, a new program called Keryx.

Keryx was written by Southern Illinois University computer science student Chris Oliver, who wanted a way to download software and updates for Ubuntu systems that had little or no connectivity. Simply put Keryx on your pen drive, use it to create a new project file which retains a copy of your software sources and other system details, then take the pen drive to a computer with a better connection. Via it’s Synaptic like interface, users can then select all updates for download, plus select any other software they may want to install, complete with dependency resolution.

Because it is written in Python, and utilizes wxWidgets for it’s interface, Keryx can run on Linux, OSX and Windows. Pre-compiled binaries for Windows are included in the download (meaning you don’t need to install Python and wxWidgets first), and similar binaries for OSX and Linux are in the development road-map, along with Debian/Ubuntu packages.

Using Keryx

This tutorial will walk you through the simple process of using Keryx to get updates and new software. Keryx currently only works for Debian based distros, but there are plans for adding support for a number of other package management systems. The system being updated is running Ubuntu 8.10, with no network connectivity. The system that will be grabbing the updates is running Windows XP, though it could just as easily be Windows 95 through Vista, OSX, or another Linux box.

Step #1: Download Keryx

Go to the Keryx website and click the download link. Once the download is complete, put it on a USB pen drive that has a decent amount of free space, and unzip it.

Step #2: Create a project

Keryx uses wxWidgets for it’s graphical interface, and a default Ubuntu install does not have wxWidgets installed. Therefore you must create your project file in a terminal window. Fear not, as it is really quite quick and painless.

Simply open up your terminal, and then navigate into the “linux” directory inside the Keryx folder. On my computer this was “/media/disk/keryx-0.91/linux” but it will look a little different for you, depending upon what your pen drive is called. Once you are in that directory, enter in the following, making sure to replace for whatever you want to call your project.

python keryx.py -c

In a few moments the project will be made. When this happens, close out of the terminal and safely remove your pen drive, to take to another computer.

Note: For some people, Keryx may experience difficulty fetching the package list files in the next step, if their repository mirror is set to the regional default. If you experience this, consider selecting a different mirror in System/Administration/Software_Sources and then repeating step #2.

Step #3: Opening Keryx and downloading the package list

In this tutorial I am using a computer running Windows XP as the computer with a high speed connection. However, this could just as easily be done on any Linux or OSX computer, so long as they both had Python and wxWidgets installed.

On your Windows computer, plug in the pen drive and open up the Keryx folder. In this folder you will see a “win32″ folder containing prepackaged binaries for Keryx. Using these you can run Keryx without having to first install Python and wxWidgets, making Keryx a very portable application. The file you need to run is called “keryx.exe,” though Windows may hide the .exe part from you. When Keryx opens, click “Open Project” and find the project file you created a few minutes ago.

When you open Keryx, go ahead and let it download the latest package list.

Step #4: Download updates

Once the package lists have been downloaded, you’ll see the full Synaptic-like package list in Keryx. This list can be sorted by package name, status (not installed, installed, needs updating, etc.), etc. The first thing you’ll want to do is click “Get Updates” near the top of the window.

When I started the download, Keryx had 210 files to download. Your number will vary, but you are likely to have a lot of updates if you have a fresh install. Keryx will tell you when it is finished, so you might want to go get some coffee.

Step #5: Download wxWidgets

You probably want to be able to install wxWidgets on your Ubuntu system, so that you can run the Keryx graphical interface on it. Near the top of the window, start typing “wxversion” in the search field. Because the Keryx package search tool is so amazingly fast, you’ll only need to type the first few letters before you see python-wxversion. Right-click this package and then click download. It has several dependencies that Keryx will tell you about, so go ahead and let the program download those as well.

Step #6: Install your packages

With all your packages downloaded, close Keryx, safely remove your pen drive, and go back to your Ubuntu machine. When you plug the pen drive back into your Ubuntu machine, you’ll notice that the package are stored in “keryx-0.91/win32/packages,” if you downloaded the updates from a Windows machine. You’ll need to open up your terminal again, and navigate to this directory. Once there, run the following:

sudo dpkg -i –force-depends *.deb

This line will install and/or update all the packages in that directory. The “force-depends” parameter is necessary in this case, as we are installing the wxWidgets packages, which have a circular dependency. Without this parameter, dpkg will start whining at you. If you have as many packages as I had, this may take a while. Go refill your coffee, and by the time you get back, the install might be done. Thats all there is to it!

What is next for Keryx?

Despite already being a rather useful tool, there are a lot of enhancements planed for the near future with Keryx. Most of it’s features, including it’s package management support, are implemented via a very flexible plugin infrastructure. So if you are a Python hacker and would like to help implement some of the new features, or have some ideas of your own, feel free to check out the code and dive in!

If you run into any problems using Keryx, or would like to report a bug, check out the friendly forums.

Upcoming features

• Support for more distributions, such as Fedora, Red Hat, Mandriva et al.
• Package management like support for downloading and installing useful Open Source Windows software.
• Built-in installation of downloaded packages, so the user need not mess with the CLI
• Pre-compiled self contained binaries for Linux and OSX (like what already exists in the win32 folder), so that no matter what OS a user is running, they will be able to simply plug in their USB drive and run the graphical interface.
• Improved documentation

Installation and Configuration of VMWare on Ubuntu Interpid (8.10)

1 - First, obtain a license from VMware here

2 - Install the following packages
apt-get install linux-source-2.6.27 linux-libc-dev xinetd

3 - Then, download VMware
wget http://download3.vmware.com/software/vmserver/VMware-server-1.0.8-126538.tar.gz
Untar: tar -xvzf VMware-server-1.0.8-126538.tar.gz
cd vmware-server-distrib/

4 - Run the installer
./vmware-install.pl
-> Answer yes to each question until it (run the configure script), to which reply "No"

5 - Now, it is necessary to download the patch in order to build the kernel module (Tested with 2.6.27-7-generic)
wget http://www.insecure.ws/warehouse/vmware-update-2.6.27-5.5.7-2.tar.gz
tar -xvzf vmware-update-2.6.27-5.5.7-2.tar.gz
cd vmware-update-2.6.27-5.5.7-2
./runme.pl

-> Answer yes to all questions and press ENTER to use the default settings.

6 - Check whether the service is running

/etc/init.d/vmware status

Bridged networking on /dev/vmnet0 is running
Host-only networking on /dev/vmnet1 is running
Host-only networking on /dev/vmnet8 is running
NAT networking on /dev/vmnet8 is running
Module vmmon loaded
Module vmnet loaded

Make USB pen drive as a bootable device (RedHat)

If you cannot boot from the DVD/CD-ROM drive, but you can boot using a USB device, such as a USB pen drive, the following alternative boot method is available:

To boot using a USB pen drive, use the dd command to copy the diskboot.img image file from the /images/ directory on the DVD or CD-ROM. For example:

dd if=diskboot.img of=/dev/sda

Your BIOS must support booting from a USB device in order for this boot method to work.

Recovering deleted file using Foremost

Ever deleted an important file? I haven’t recently done this on Linux, but when I used Windows I had a utility for recovering deleted files.

Foremost is a command line utility for finding and recovering deleted files based on their type. It was origionally developed for the US Air Force Office of Special Investigations.

How is this type of data recovery possible? When you delete a file, the data is not really overwritten. The pointer in the filesystem to the file is simply removed so the disk area can be overwritten when necessary. The more the disk is written to after the file is deleted, the larger the chance it will be overwritten and become unrecoverable.

I decided to test out Foremost in a virtual machine. First, I created some JPEG images, deleted them, and emptied the trash. Next, I shutdown the system and booted up the Ubuntu 8.04 Beta live-CD. Live-CDs don’t write to the hard disk, so they work well for data recovery.

To install in Ubuntu is rather simple, just issue the standard “sudo apt-get install foremost” command. You will have to check if you use another distro if it’s in your repositories, if not, the source can be grabbed at the link at the top of the screen and can be compiled - check this.

You need to know your target partition’s path to recover from it. You can simply start System-Administration->Partition Editor in Ubuntu, or use fdisk, Qtparted or any partition editor to see what discs are for what purpose. I saw the the home partition is /dev/sda1 on my machine.

Let’s recover some JPEG images:

sudo foremost -t jpeg -i /dev/sda1

Now the -t switch denotes that you’re looking for a file type. The -i switch denotes you’re looking on a particular device. This command causes Foremost to create a directory called output and put every file it can recover in. This could take a while.

Foremost isn’t the greatest solution; it recovers every file it sees and doesn’t support very many file types. It is possible to add types to the /etc/foremost.conf file, but it doesn’t look an easy task. However, if you’ve lost a bunch of photos or documents, Foremost could be just what you need.

Check out the man pages for more.

[Ref: http://ubuntuadministrator.com/?p=333]

HowTo work with cpio files

To extract a cpio file:
cpio -iv <>

To list the contents of a cpio file:
cpio -itv <>

To create a .cpio file with all files in the current directory:
ls | cpio -o > cpio_file

Installation and Configuration of Gnome-DO

GNOME enthusiasts have a couple of good options when it comes to searching, launching, and otherwise manipulating and accessing files, applications, and information right from the desktop: GNOME-Do, and the GNOME Deskbar applet.GNOME-Do is a desktop search and application-launching applet similar to the now-defunct GNOME Launchbox. It's inspired by Quicksilver, an applet for Apple's Mac OS X operating system. Do was built for the GNOME desktop but also runs on KDE. Developers call Do an "intelligent launcher tool" because it uses predictive technology to guess what you want to do when you start typing the first few letters of the name of an application, file, or contact.openSUSE 11.0GNOME Do is installed by default but it's version 0.4 and new plugins aren't compatible with this version. To install the newest version just click here. FedoraGNOME do is in the repos for all stable Fedora releases and the development branch, use the graphical tools to install it or invoke the following as root:
# yum install gnome-do
Usage
Start GNOME Do by selecting the GNOME Do entry in the Applications > Accessories menu, or by executing the command:
$ gnome-do
Once the application is running, you can summon it by pressing Super + Space. On most keyboards the super key is the same as the Windows key or the Command key. If you'd like to use a different keybinding for GNOME DoYou should see a dialog with a search icon and two panes in the center of your screen. The pane on the left is the item pane, which shows the item you have selected, and the pane on the right is the action pane, which shows the action you wish to perform on the item.Type in the left pane to search for an item, anything from programs, to contacts, to albums, to text can be used as an item. Pressing Tab will switch you from the Item pane to the Action pane, allowing you to select an action to perform on that item, by typing its name. All panes of gnome-do have autocomplete (so you don't have to type the full name of an item or action), and active learning, so your most used items come up first when searched. Hitting Enter at any time will perform the action on the right to the item on the left, such as running a program, opening a bookmark, sending an e-mail, etc.

How to change the running process priority

digg_url = 'http://linuxpoison.blogspot.com/2009/01/how-to-set-limits-on-users.html';
The ulimit programs allow to limit system-wide resource use using a normal configuration file - /etc/security/limits.com. This can help a lot in system administration, e.g. when a user starts too many processes and therefore makes the system unresponsive for other users.
$ ulimit -acore file size (blocks, -c) 0data seg size (kbytes, -d) unlimitedscheduling priority (-e) 0file size (blocks, -f) unlimitedpending signals (-i) 7671max locked memory (kbytes, -l) 64max memory size (kbytes, -m) 811664open files (-n) 1024pipe size (512 bytes, -p) 8POSIX message queues (bytes, -q) 819200real-time priority (-r) 0stack size (kbytes, -s) 8192cpu time (seconds, -t) unlimitedmax user processes (-u) 7671virtual memory (kbytes, -v) 1175120file locks (-x) unlimitedAll these settings can be manipulated. A good example is this forkbomb that forks as many processes as possible and can crash systems where no user limits are set - see this example - here Warning: Do not run this program! If no limits are set your system will either become unresponsive or might even crash.Now this is not good - any user with shell access to your box could take it down. But if that user can only start 20 processes the damage will be minimal. So let's set a process limit of MAX 20 process for a particular users in the system, this can be done by inserting the simple one line in limit.conf file.Following will prevent a "fork bomb":
nikesh hard nproc 20@group1 hard nproc 50Above will prevent user "nikesh" to create more than 20 process and anyone in the group1 from having more than 50 processes.There are many more setting and limits that you can set on a particular user or to a entire group like ..using below configuration will prevent any users in the system to logins not more than 3 places at same time.* hard maxlogins 3Limit on size of core file* hard core 0

Linux Runlevels explained

Mode	Directory	Description
0	/etc/rc.d/rc0.d	Halt
1	/etc/rc.d/rc1.d	Single-user mode
2	/etc/rc.d/rc2.d	Not used (user-definable)
3	/etc/rc.d/rc3.d	Full multi-user mode (no GUI interface)
4	/etc/rc.d/rc4.d	Not used (user-definable)
5	/etc/rc.d/rc5.d	Full multiuser mode (with GUI interface)
6	/etc/rc.d/rc6.d	Reboot

Block Instant messengers (yahoo, AIM, MSN, etc ..) on your network

Jammer is an instant messenger jammer. Instant messengers are a nuisance in some LAN environments ( a.k.a College Networks ). IJammer is a network daemon that runs on One workstation of a LAN and prevents any IM traffic on that lan.

visit http://sarovar.org/projects/ijammer/

How to change the Mysql users and root password

There are two way to change the mysql user and root password

mysqladmin
If you have never set a root password for MySQL, the server does not require a password at all for connecting as root. To setup root password for first time, use mysqladmin command at shell prompt as follows:

$ mysqladmin -u root password NEWPASSWORD

However, if you want to change (or update) a root password, then you need to use following command

$ mysqladmin -u root -p oldpassword newpass

Enter password:
Change MySQL password for other user

To change a normal user password you need to type (let us assume you would like to change password for nikesh):

$ mysqladmin -u nikesh -p oldpassword newpass

Changing MySQL root user password using mysql sql command
This is another method. MySQL stores username and passwords in user table inside MySQL database. You can directly update password using the following method to update or change password for user vivek:

1) Login to mysql server, type following command at shell prompt:

$ mysql -u root -p

2) Use mysql database (type command at mysql prompt):

mysql> use mysql;

3) Change password for user nikesh:

mysql> update user set password=PASSWORD("NEWPASSWORD") where User='nikesh';

4) Reload privileges:

mysql> flush privileges;
mysql> quit

How to work with tcpwrappers - hosts.deny and hosts.allow files

1. Open terminal
2. su - if you not a root user
3. Use your favorite editor like vi.
4. Type vi /etc/hosts.deny
5. At the buttom line just type “ALL:ALL:deny” to restricted all of deamon process
6. Save it.
7. Open “/etc/hosts.allow” with vi editor
8. At the buttom line “ALL:(some ip that you allow):allow” to allow anything from my IP address
9. Save it.

How to Backup your Blogger Blog Online for Free?

Yes, you can now Backup your Blog hosted on Blogger for free.

BlogBackupr is an online application that only needs a URL to create the full backing of any blog using feeds. It does not require a lengthy registration but needs your e-mail address so that you have access to a panel where you can see your backups. You can download back the backups in three formats (xml, txt and html), and even restore your blog if you have any problems.

The restoration feature works fine for Wordpress blogs and surprisingly also for blogs on Blogger. Well, I guess the restoration for Blogger is a novelty and is also a unique feature, that I know of that lets you do it automatically.

It's a great tool for blogs that do not provide a system backup / restore themselves.

For all online backup and storage related info
http://www.BackupReview.info

HowTo Manage your iPod in Linux?

YamiPod is a freeware application to efficiently manage your iPod. It can be run directly from your iPod and needs no installation.

The cool thing is that it also has extra features such as rss news and podcast support, remove duplicates, easy notes editor (with multipage support), songs synchronization, playlists export and much more. It has also been translated in 12 languages.

So what's stopping you to be struck with iTunes(except if you always use the Online Store)

Boot Process Performance Visualization

Bootchart is a tool for performance analysis and visualization of the GNU/Linux boot process. Resource utilization and process information are collected during the boot process and are later rendered in a PNG, SVG or EPS encoded chart.

Bootchart provides a shell script to be run by the kernel in the init phase. The script will run in background and collect process information, CPU statistics and disk usage statistics from the /proc file system. The performance data are stored in memory and are written to disk once the boot process completes.

Relative vs. Absolute Pathnames

Commands can be given file name arguments in two ways. If you are in the same directory as the file (i.e., the file is in the current directory), then you can just enter the file name on its own (e.g., cp my_file new_file). Otherwise, you can enter the full path name, like cp /home/jack/my_file /home/jack/new_file.

Very often administrators use the notation ./my_file to be clear about the distinction, for instance, cp ./my_file ./new_file. The leading ./ makes it clear that both files are relative to the current directory. File names not starting with a / are called relative path names, and otherwise, absolute path names.

Process Accounting HowTo

Process Accounting is used for

1. Keeps track of user processes.
2. Originally intended as a way to keep track of resources in order to bill departments/users for their usage.
3. Packages

psacct

Turning On/Off

1. Enabling - Use accton command and specify the file for storing the accounting information.

/sbin/accton /var/log/pacct

2. Disabling - Use accton command without specifying a file.

/sbin/accton

Viewing Information

1. ac - The 'ac' command is used to print out a report of connection times.

Examples:

ac # Print total connection time.
ac -dp # Give daily (-d) connection totals by person (-p)
ac --complain # Print out any problems in wtmp file (time-warps, missing records, etc.)

2. sa - The 'sa' command is used to summarize accounting information.

Examples:

sa # Print information about all commands in the process accounting file
sa -u # Print command information by user

3. lastcomm - Displays which commands have been executed.

Examples:

lastcomm # Display all commands executed on system
lastcomm rm # Display information about all invocations of the 'rm' command

Ubuntu Tweak

Ubuntu Tweak is a tool for Ubuntu that makes it easy to configure your system and desktop settings.

It provided many useful desktop and system options that the default desktop environment isn't provided.

Features of Ubuntu Tweak:

* View of Basic System Information(Distribution, Kernel, CPU, Memory, etc.)
* GNOME Session Control
* Auto Start Program Control
* Show/Hide and Change Splash screen
* Show/Hide desktop icons or Mounted Volumes
* Show/Hide/Rename Computer, Home, Trash icon or Network icon
* Tweak Metacity Window Manager’s Style and Behavior
* Compiz Fusion settings, Screen Edge Settings, Window Effects Settings, Menu Effect Settins
* GNOME Panel Settings
* Nautilus Settings
* Advanced Power Management Settings
* System Security Settings

Download here

Important parts of the kernel in form of picture

The Linux kernel consists of several important parts: process management, memory management, hardware device driver, filesystem drivers, network management, and various other bits and pieces. Figure shows some of them.

Probably the most important parts of the kernel (nothing else works without them) are memory management and process management. Memory management takes care of assigning memory areas and swap space areas to processes, parts of the kernel, and for the buffer cache. Process management creates processes, and implements multitasking by switching the active process on the processor.

HowTo set the Hardware Clock

To set the hardware clock, first set the system clock to the correct time then issue this command:

NOTE: you must be root to set the clock. To login as root use the su
command.

/sbin/hwclock --systohc

Allow AOL Instant Messenger through Squid

To proxy AOL Instant Messenger traffic via https with Squid, change the following line in the Squid configuration file (example using Red Hat Linux):

1. vi /etc/squid/squid.conf

2. Change:
acl SSL_ports port 443 563

To:
acl SSL_ports port 443 563 5190

3. Send the Squid process a SIGHUP or use the service command.
/sbin/service squid reload

Execute command at regular intervals

If you anytime need to execute a command once and again and again, you can use watch and tell it to execute the Linux command in a give interval.

The syntax of the command is:

watch [option(s)] command

The default interval of execution of the given command is two (2) seconds, but you define a different interval using the option -n.

Here are two useful uses of watch.

watch -n 5 free -m

Which will show you the use of memory each five seconds.

watch -n 30 vnstat -h

Which will show you the bandwidth used hourly, read more about vnstat.

You can also make watch to highlight any change it detect between two screens of output.

watch -n 30 -d vnstat -h

And if you want to maintain the highlight on, add =cummulative to the -d option, like this:

watch -n 30 -d=cummulative vnstat -h

[Ref: http://www.go2linux.org/repeat-command-continously-at-regular-interval-linux]

Qt goes LGPL !!!

This came as a fantastic news for cross-platform developers when a couple of days ago, Nokia announced that Qt 4.5 will be released (in March 2009) under LGPL license. What this means is that now you can make closed-source commercial applications without purchasing a $5,000 license for developing non-GPL applications. They will however continue licensing Qt under GPL and commercial as well.
Visit Qt Software (formerly Trolltech) website for more details : <www.qtsoftware.com>
Taken from FAQs at the website:
Why did you switch to LGPL?
We have always chosen licenses that best support our goals. Following the Nokia acquisition, our goals have changed from being focused on revenue generation to supporting Nokia’s overall software strategy through the vision of “Qt Everywhere.” The LGPL license will make it easier for developers to adopt Qt. By spreading the use of Qt as widely as possible and establishing a robust ecosystem, Qt will ensure that Nokia devices and services are of higher quality and reach the market in a timely fashion.
The slashdot article: <http://tech.slashdot.org/article.pl?sid=09/01/14/1312210>

How to enable IP Forwarding

By default any modern Linux distributions will have IP Forwarding disabled. This is normally a good idea, as most peoples will not need IP Forwarding, but if we are setting up a Linux router/gateway or maybe a VPN server(pptp or ipsec) or just a plain dial-in server then we will need to enable forwarding. This can be done in several ways that I will present bellow.

Check if IP Forwarding is enabled

We have to query the sysctl kernel value net.ipv4.ip_forward to see if forwarding is enabled or not:
Using sysctl:

sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0

or just checking out the value in the /proc system:

cat /proc/sys/net/ipv4/ip_forward
0

As we can see in both the above examples this was disabled (as show by the value 0).

Enable IP Forwarding on the fly

As with any sysctl kernel parameters we can change the value of net.ipv4.ip_forward on the fly (without rebooting the system):

sysctl -w net.ipv4.ip_forward=1

or

echo 1 > /proc/sys/net/ipv4/ip_forward

the setting is changed instantly; the result will not be preserved after rebooting the system.

Permanent setting using /etc/sysctl.conf

If we want to make this configuration permanent the best way to do it is using the file /etc/sysctl.conf where we can add a line containing net.ipv4.ip_forward = 1

/etc/sysctl.conf:
net.ipv4.ip_forward = 1

if you already have an entry net.ipv4.ip_forward with the value 0 you can change that 1.

To enable the changes made in sysctl.conf you will need to run the command:

sysctl -p /etc/sysctl.conf

On Redhat based systems this is also enabled when restarting the network service:

service network restart

and on Debian/Ubuntu systems this can be also done restarting the procps service:

/etc/init.d/procps.sh restart

Using distribution specific init scripts

Although the methods presented above should work just fine and you would not need any other method of doing this, I just wanted to note that there are also other methods to enable IP Forwarding specific to some Linux distributions.
For example Debian based distributions might use the setting:

/etc/network/options:
ip_forward=no

set it to yes and restart the network service.
Also RedHat distributions might set this using:

/etc/sysconfig/network:
FORWARD_IPV4=true

and again restart the network service.

Regardless the method you have used once you have completed this you can check it out using the same method shown above:

sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1

cat /proc/sys/net/ipv4/ip_forward
1

If the result is 1 then the Linux system will start forwarding IP packets even if they are not destined to any of its own network interfaces.

Configure Amarok to use MySQL DB

Amarok 1.2 and above support a MySQL database backend in addition to the built-in SQLite database engine.

Amarok 1.4 requires MySQL
4.0 or better, and is known to work with MySQL versions up to 5.0.22 (but, at the time of writing, not 5.0.24). Since Amarok-1.4.2 MySQL-5.0.24 also works. Amarok 1.4.5 work with MySQL 5.0.27.

Older versions of Amarok may work best with MySQL versions < 5.0. One known problem as a result of this is Amarok's DB continually growing and adding multiple entries for every track on each rescan.

If your locale is UTF-8, make sure the default character set for your mqsl daemon is set up to utf8, so that all databases and tables are created with character set utf8. In Debian:

1) Edit /etc/mysql/my.cnf, adding this line to stanzas [client] and [mysqld]:

default-character-set = utf8

2) Restart the mqsql daemon to pick up the new default charset

Do this before you create the database for amarok.

Make sure the MySQL daemon is running. If necessary, add it to your linux startup scripts, via whatever method your distro uses.

Create a root password for MySQL, if you have not already done so.

$ mysql -u root
set password for root@localhost = password('xxxxxxx');
flush privileges;
quit;

Of course change xxxxxx to the password you want.

Once you have done that, you must create a MySQL database and a user for amarok for through any usual method. You can just use the "mysql" command: (it will ask for your MySQL root password)

$ mysql -p -u root
CREATE DATABASE amarok;
USE amarok;
GRANT ALL ON amarok.* TO amarok@localhost IDENTIFIED BY 'PASSWORD_CHANGE_ME';

In the above example, a database called "amarok" and a user called "amarok" were created. This user can access the database from localhost using the password "PASSWORD_CHANGE_ME". To allow access from remote hosts, use amarokuser@'%'.

It is very important that you 'GRANT ALL' privileges to user "amarok". In particular, "amarok" needs ALTER privileges on its database.

Once a database exists, open the Configure Amarok screen (found in the Settings menu), and go to the Collection tab. Change the drop-down menu from SQLite to MySQL. You will have to specify the host ("localhost" if the database is in your local box), port (3306 is the common value), and the name of the database that you have created for it ("amarok" in our example). Additionally, the username and password of a user who has write access to the given database needs to be specified (in our example, the user is "amarok", and the password is "PASSWORD_CHANGE_ME").

So if you get errors about not being able to connect to the server
or database, (_not_ password related errors) then you will have to edit my.cnf on the host machine (/etc/mysql/my.cnf, most likely), comment out the "bind_address" variable and restart MySQL. You may have to comment out "skip_networking", so that MySQL will listen on a tcp socket.

Booting Linux in 5 seconds

At the Linux Conference, Arjan van de Ven, Linux developer at Intel and author of PowerTOP, and Auke Kok, another Linux Developer at Intel's Open Source Technology Center, demonstrated a Linux system booting in five seconds. The hardware was an Asus EEE, which has solid-state storage, and the two developers beat the five second mark with two software loads: one modified Fedora and one modified Moblin. They had to hold up the EEE PC for the audience, since the time required to finish booting was less than the time needed for the projector to sync.

How did they do it? Arjan said it starts with the right attitude. "It's not about booting faster, it's about booting in 5 seconds." Instead of saving a second here and there, set a time budget for the whole system, and make each step of the boot finish in its allotted time. And no cheating. "Done booting means CPU and disk idle," Arjan said. No fair putting up the desktop still starting services behind the scenes. (An audience member pointed out that Microsoft does this.) The "done booting" time did not include bringing up the network, but did include starting NetworkManager. A system with a conventional hard disk will have to take longer to start up: Arjan said he has run the same load on a ThinkPad and achieved a 10-second boot time.

Songbird 1 (Final) Linux Installation on Fedora, Ubuntu and Others

Songbird project is a desktop Web player, a digital jukebox and Web browser mash-up. Like Winamp, it supports extensions and skins feathers.

Like Firefox, it is built from Mozilla, cross-platform and open source.

Installation:
Fedora :
Provided by Auralvance (Rutgers University)
Updated: 12/6/08 1.0.0 Rev 1
NOTES: For MP3 and other audio licensed playback you must have the full compliment of gstreamer plugins installed (good, bad, ugly, etc) - Check here

Songbird 1.0.0 - Fedora 9 - i386
Songbird 1.0.0 - Fedora 9 - x86_64

Songbird 1.0.0 - Fedora 10 - i386
Songbird 1.0.0 - Fedora 10 - x86_64

After downloading the rpm file, you just need to install the pakage using command :
# rpm -ivh songbird-1.0.0-1.fc9.i386.rpm

Ubuntu Linux (.deb)
Ubuntu Intrepid 32 bits - 1.0.0
Ubuntu Intrepid 64 bits - 1.0.0

Others
Right-click the downloaded .tar.gz file after you downloaded it from http://getsongbird.com and extract it.

Double-click the file called “songbird” in the newly created folder.

The first time you’ll have to agree to some EULA, it will ask you if you want to scan your PC for music files. It will also suggest some recommended add-ons.

you move that folder to your home directory and add a launcher for it in your “application -> sound and video” menu.

Go to “system -> preferences -> main menu”, and create a new entry in the sound and video menu. In the command box simply link to the songbird file. If you have the songbird folder in your home directory that would be /home/yourusernamehere/Songbird/songbird.

Here are some key features of "SongBird":

Play Anything:
· MP3, AAC, OGG, FLAC, WMA, and more. Can you teach Songbird to sing?

Pick Feathers:
· Choose from the two included themes: Rubberducky or Dove. You can even make one yourself.

Control the Flow:
· Play, Pause, Previous, Next, Volume, Mute, Seek, Three Repeat Modes, and Shuffle.

Multi-Task:
· Quickly switch between tasks using the buttons to the right of the dashboard display.

Organize Your Library:
· Filter your collection by Genre, Artist, Album, and Song or Search-As-You-Type.

Scan Your Computer for Music:
· Songbird will find your music and add it to your collection for you.

Super Slim Mini-Mode:
· Use the mini-mode for basic controls while keeping Songbird out of the way.

Multi-Language Support:
· Songbird comes in 39 languages. Be a localizer and see Songbird in your language!

Build Custom Mixes:
· Drag-and-drop songs from the Library or another playlist to your create your own custom mixes.

Make Smart Mixes:
· Criteria-based playlists that are always up-to-date with your current collection.

Dynamic Mixes:
· Get mixes from the Internet and stay up-to-date with the latest updates, downloads, and casts.

Play In Place:
· Songbird plays MP3s without leaving the page.

Play the Web:
· Play web pages as playlists and view any web page as a playlist.

Set Music Watch Folders:
· Tell Songbird to watch a folder for new music and it will automatically add new tracks to your collection

GStreamer:
· We now use GStreamer as our main media playback system, across all platforms - giving us higher performance, better reliability, and a platform for much more media-related functionality in the future.

Improved Album Art Support:
· The album artwork feature now supports drag and drop of images, as well as, toggling between Now Playing and Currently Selected tracks.

Configuring sudo and adding users to Wheel group

If a server needs to be administered by a number of people it is normally not a good idea for them all to use the root account. This is because it becomes difficult to determine exactly who did what, when and where if everyone logs in with the same credentials. The sudo utility was designed to overcome this difficulty.

With sudo (which stands for "superuser do"), you can delegate a limited set of administrative responsibilities to other users, who are strictly limited to the commands you allow them. sudo creates a thorough audit trail, so everything users do gets logged; if users somehow manage to do something they shouldn't have, you'll be able to detect it and apply the needed fixes. You can even configure sudo centrally, so its permissions apply to several hosts.

The privileged command you want to run must first begin with the word sudo followed by the command's regular syntax. When running the command with the sudo prefix, you will be prompted for your regular password before it is executed. You may run other privileged commands using sudo within a five-minute period without being re-prompted for a password. All commands run as sudo are logged in the log file /var/log/messages.


The sudo configuration file is /etc/sudoers. We should never edit this file manually. Instead, use the visudo command: # visudo

This protects from conflicts (when two admins edit this file at the same time) and guarantees that the right syntax is used (the permission bits are correct). The program uses Vi text editor.

All Access to Specific Users
You can grant users bob and bunny full access to all privileged commands, with this sudoers entry.
user1, user2 ALL=(ALL) ALL
This is generally not a good idea because this allows user1 and user2 to use the su command to grant themselves permanent root privileges thereby bypassing the command logging features of sudo.

Access To Specific Users To Specific Files
This entry allows user1 and all the members of the group operator to gain access to all the program files in the /sbin and /usr/sbin directories, plus the privilege of running the command /usr/apps/check.pl.
user1, %operator ALL= /sbin/, /usr/sbin, /usr/apps/check.pl

Access to Specific Files as Another User
user1 ALL=(accounts) /bin/kill, /usr/bin/kill, /usr/bin/pkill

Access Without Needing Passwords
This example allows all users in the group operator to execute all the commands in the /sbin directory without the need for entering a password.
%operator ALL= NOPASSWD: /sbin/

Adding users to the wheel group
The wheel group is a legacy from UNIX. When a server had to be maintained at a higher level than the day-to-day system administrator, root rights were often required. The 'wheel' group was used to create a pool of user accounts that were allowed to get that level of access to the server. If you weren't in the 'wheel' group, you were denied access to root.

Edit the configuration file (/etc/sudoers) with visudo and change these lines:
# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL

To this (as recommended):

# Uncomment to allow people in group wheel to run all commands
%wheel ALL=(ALL) ALL

This will allow anyone in the wheel group to execute commands using sudo (rather than having to add each person one by one).

Now finally use the following command to add any user (e.g- user1) to Wheel group
# usermod -G10 user1

Quick and Easy VNC Server setup

VNC, or Virtual Networked computing, is a way of controlling a remote computer just as though you are sitting in front of it. In the Windows world it is also known as remote desktop but it's normally referred to as VNC in the linux world. All that happens is that you connect using a VNC client to a remote computer running the VNC server, then an image of the remote desktop is transmitted to your local computer and you can see and control the desktop just as though you are there since all keyboard and mouse commands are sent from your client machine to the server.

Step:1: Installation
First check if you already have them installed on your system, open a terminal and type:
$ rpm -qa | grep vnc
vnc-server-4.1.2-9.el5
If you get an output something like this then you're all ready, if not you need to install them via yum.

Step 2 : Start the VNC server.
$ vncserver
......

New 'server:1 (user)' desktop is server:1

This will ask for password, you need to remember this password and need to provide it at the time of connecting to the server through VNC client.

Step 3 : Connecting from VNC client
From client run vncviewer (dont run remote desktop connection from winxp or win2003 .they are using different protocol.)

In server enter : server:1

enter password: **********

And you will see the screen with one terminal open because by default vnc starts twm desktop.

For getting your gnome desktop

Go to folder /user/.vnc/ (user home directory) and open file xstartup using vi editor and uncomment or add the following lines

unset SESSION_MANAGER

exec /etc/X11/xinit/xinitrc

Restart the vncserver and connect to it using vncviewer, you should now see your default desktop, something like ..

Parallel Windows Password Brute Forcing Tool

Bruter is a parallel network login brute-forcer on Win32. This tool is intended to demonstrate the importance of choosing strong passwords. The goal of Bruter is to support a variety of services that allow remote authentication.

Bruter is a tool for the Win32 platform only.

PROTOCOL SUPPORT

It currently supports the following services:

• FTP
• HTTP (Basic)
• HTTP (Form)
• IMAP
• MSSQL
• MYSQL
  
• 
  
• POP3
• SMB-NT
• SMTP
• SNMP
• SSH2
• Telnet

You can download Bruter here

How To disable SELinux security policy in Redhat and Fedora

Login as root then:
Edit SELinux config file:
# vi /etc/selinux/config

Then set SELINUX= to disabled.
SELINUX=disabled

Replace the current line which most of the time will be set to enforcing. This disabled SELinux on boot, however it is still enabled to disable it without having to reboot execute:

setenforce 0

Take a look on setsebool command, if you want to enable specific applications without disabling SELinux look at the . The most common problem is SELinux blocking mySQL. You can fix it:

# setsebool -P mysqld_disable_trans=1

How to store downloaded packages in yum cache of fedora after Installing

In Fedora based systems,, the packages downloaded by YUM wont be stored in cache.. to enable this feature.. use this tip..
edit the /etc/yum.conf ina text editor and replace the following line
#keepcache=0
with
#keepcache=1

Know your neighboring machines

The simplest way I can do is use ping, I can send a broadcast packet to everyone in a subnet, so that they can response back. Let say I am in subnet of 192.168.0.x and the broadcast IP is 192.168.0.255, I can do this:

ping -b 192.168.0.255

How I know the broadcast IP is 192.168.0.255? I can check with ifconfig.

ifconfig eth0 | grep Bcast

Some routers are configured to filter broadcast and multicast packets to prevent broadcast storm, if so, broadcast is useless.

So what are the alternatives way?

I can ping the IP one by one with a line of bash script.

for ((i=1;i<255;i++));>

The result will look like this:

--- 192.168.0.1 ping statistics ---
--- 192.168.0.2 ping statistics ---
--- 192.168.0.3 ping statistics ---
--- 192.168.0.4 ping statistics ---
64 bytes from 192.168.0.5: icmp_seq=1 ttl=249 time=11.0 ms
--- 192.168.0.5 ping statistics ---
64 bytes from 192.168.0.6: icmp_seq=1 ttl=248 time=12.3 ms
--- 192.168.0.6 ping statistics ---
--- 192.168.0.7 ping statistics ---
--- 192.168.0.8 ping statistics ---
--- 192.168.0.9 ping statistics ---
--- 192.168.0.10 ping statistics ---
--- 192.168.0.11 ping statistics ---

Let me explain the ping options I use, -c (count) indicates how many attempt of ping for a single IP, -W specified the timeout in second, ping will waits until timeout to declare the attempt is fail.

From the sample results, I discovered 192.168.0.5 and 192.168.0.6.

Due to the limitation of ping, I can’t specified the timeout less than 1 seconds, to scan a class C LAN, it may takes up 255 seconds, which is extremely slow.

Convert Gmail account into Web based file server

PhpGmailDrive (PGD) turns your Gmail account into a Web based file server. You may add more than one Gmail account, arrange attachments in multiple folders, and apply themes to the interface. It can be embedded into any HTML page.

PhpGmailDrive is a new type of file sharing utility. Unlike typical file servers (say xDrive) it uses Gmail as backend file server. You can enjoy it simply by hosting a small PHP script in your web site without any database

Gmail file space is more than 2GB, so you can imagine you already have such a big space on internet. However, you will require a Gmail account (If you don't have any Gmail address, go GmailSwap or ask your friends.).

PGD automatically connects Gmail server and fetches list of all attached files and generate downloadable links in a tree like view. If you are looking for a file server to upload your music or notes without any hassle, PGD is ideal for you. Technically speaking PGD is wrapper of Gmailer .
Thought there is no need to know hecks of PHP Gmailer. Just you have to check that your PHP hosting service provider curl extension of PHP to handle HTTP/HTTPS traffic.

Here are some key features of "Php Gmail Drive":
* Successfully connects to Gmail and only grabs list of Attachments in Gmail messages.
* List of attachments are displayed with inbuilt Javascript engine. You can customize output to any other formats.
* 100% compliant to GMAILFS. So you can upload with Windows Gmail Shell extension or Linux utilities..
* Supports Multiple Gmail accounts in the same script .
* Supports all browsers.
* Total size is less than 100 KB.

Requirements:
* GMailer should works well with PHP >= 4.
* Also it requires the curl extension.
* Because GMailer ALWAYS connects to GMail via SSL, you may need OpenSSL for curl to talk SSL.

Repair Corrupt RPM Database

Strange things sometimes happen, one of them is a corrupt rpm database. This means that the computer tells you something is installed and it really is not.
Here is how to solve this problem.

First backup and then delete by doing the following command:
$ su
# cp /var/lib/rpm/__db.001 /home/nikesh
# rm /var/lib/rpm/__db.001
# cp /var/lib/rpm/__db.002 /home/nikesh
# rm /var/lib/rpm/ __db.002
# rpm –rebuilddb

Top Video Players

VLC (http://www.videolan.org/vlc/)
VLC media player is a highly portable multimedia player for various audio and video formats (MPEG-1, MPEG-2, MPEG-4, DivX, mp3, ogg, ...) as well as DVDs, VCDs, and various streaming protocols. It can also be used as a server to stream in unicast or multicast in IPv4 or IPv6 on a high-bandwidth network.

Features include:

* Support for input media: UDP/RTP Unicast and Multicast, HTTP / FTP, MMS, File, DVD, VCD, SVCD, DVB, MPEG encoder, Video acquisition (V4L)
* Input formats: MPEG, ID3 tags, AVI, ASF / WMV / WMA, MP4 / MOV / 3GP, OGG / OGM / Annodex, Matroska, WAV (including DTS), Raw Audio: DTS, AAC, AC3/A52, Raw DV, FLAC, FLV (Flash)

Video
* Decoders: MPEG-1/2, DIVX, MPEG-4, XviD, 3ivX, H.264, Sorenson 1/3 (Quicktime), DV, Cinepak, Theora, H.263 / H.263i, MJPEG, WMV 1/2, WMV 3 WMV-9 / VC-1, Indeo Video v 3-5, Rado Video
* Subtitles: DVD, SVCD / CVD, DVB, OGM, Matroska, Text files, Vobsub
* Filters: Deinterlace, cropping, image wall, image adjust, rotate/mirror, logo overlay, magnification, image distortion, bluescreen, RSS/Aton feeds
* Outputs: Native, X11, XVideo, SDL, Framebuffer, ASCII Art

Audio
* Decoders: MPEG Layer 1/2, MP3, AC3 - A/52, DTS, LPCM, AAC, Vorbis, WMA 1/2, WMA 3, ADPCM, DV Audio, FLAC, QDM2/QDMC (Quicktime), MACE, Real Audio, Speex
* Filters: Visualization effects, equalizer
* Outputs: Native (OSS, ALSA), S/PDIF (OSS, ALSA), Multi-channel (OSS, ALSA), SDL, ESD, aRts, JACK

Streaming
* UDP Unicast / Multicast, RTP Unicast / Multicast, File, HTTP, MMSH
* Transcoding
* Send DVD subtitles
* Send SAP announces

Xine (http://xinehq.de/)
xine is a powerful multimedia program, specializing in video playback. In addition to functioning as a standalone product, it also serves as a library and engine for other software products.

It has excellent support for a large number of different file formats including physical media DVD, Video CD, and Audio CD. Xine supports a large number of formats including .mpeg, .ts, .ogg, .ogm, .avi, .asf, .wmv, .wma, .mpv, .m2v, .mp2, .mp3, .cpk, .voc, .snd, and .au. It also supports a wide variety of video and audio codecs. Streaming formats include mpeg-2 and mpeg-1 system (audio + video multiplexed), mpeg elementary (audio/video only, e.g. mp3 files), AVI file with various video formats (some of them by using win32 dlls), Vorbis OGG, and quicktime.

Features include:

* Support for OSS, ALSA, Irix Audio, Sun Audio, ARts, and ESD Audio drivers
* Streaming playback support covering the following Webcasting/Streaming protocols: NMS, PNM, RTSP, HTTP, and raw TCP socket streaming
* Supports DXR3, DVB tv cards, Video 4 linux, and WinTV-PVR 250/350 pci with TV full screen support
* Skinnable GUI
* Download and installation of new skins from the internet
* Navigation controls (seeking, pause, fast, slow, next chapter, etc)
* Linux InfraRed Control support (LIRC)
* On Screen Display features
* DVD and external subtitles
* DVD/VCD menus
* Audio and subtitle channel selection
* Closed Caption support
* Brightness, contrast, audio volume, hue, saturation adjusting
* Playlists
* Mediamarks
* Image snapshot
* Audio resampling
* Software deinterlacing algorithms
* 2-3 pulldown detection (tvtime plugin)
* Configuration dialog
* Aspect ratio changing
* Fullscreen display
* DTS passthrough

Totem (http://www.gnome.org/projects/totem/)
Totem is the official movie player of the GNOME desktop. It features a playlist, a full-screen mode, seek and volume controls, as well as keyboard navigation.

Totem is included as the default media player in many Linux distributions including Ubuntu, Mandriva, and Fedora.

Features include:

* Video thumbnailer for the file manager
* Nautilus properties tab
* Mozilla (Firefox) plugin to view movies inside your browser (in development)
* Webcam utility (in development)
* Play any xine or GStreamer supported file
* LIRC support
* Shoutcast, m3u, asx, SMIL and ra playlists support (also usable from a shipped LGPL library)
* DVD (with menus), VCD playback, disc-type automatically detected
* TV-Out configuration with optional resolution switching
* 4.0, 4.1, 5.0, 5.1, stereo and AC3 Passthrough audio output
* Full-screen mode (move your mouse and you get nice controls) with Xinerama, dual-head and Viewport support
* Remote operation mode to control a running Totem
* Seek and Volume controls
* Aspect ratio changing, Scaling based on the video's original size
* Full keyboard control
* Playlist with Repeat and Shuffle modes, with saving feature and drag'n'drop reordering
* GNOME and Nautilus integration (Totem registers the file-types, adds a menu item, uses the proxy configuration, saves sessions, and registers pnm, mms, uvox and rtsp schemes, removes playlist items from a disc that's getting ejected)
* Properties window (information about the current movie)
* Drag'n'drop and mousewheel actions
* Screenshot feature
* Brightness, Contrast, Hue and Saturation control
* Visualisation plugin when playing audio-only files
* Telestrator mode using Gromit
* Video thumbnailer
* Nautilus properties page
* Works on remote displays
* Automatic external subtitle load, or manual (only on the command-line, use like: totem file:///file.avi#subtitle:file.srt)
* DVD, VCD and OGG/OGM subtitles and languages support
* Dialog for more accurate seeking
* Authentication dialogs when location requires it

MPlayer (http://www.mplayerhq.hu/design7/news.html)
MPlayer is a very popular movie player which runs on many systems including Linux. It has builtin support for the most common video and audio formats (see list below), as well as having a powerful filter system for video and audio manipulation.

Features include:

* Supported Input Formats: (S)VCD (Super Video CD), CDRwin's .bin image file, DVD, including encrypted DVD, MPEG-1/2 (ES/PS/PES/VOB), RIFF AVI file format, ASF/WMV/WMA format, QT/MOV/MP4 format, RealAudio/RealVideo format, Ogg/OGM files, Matroska, NUT, NSV (Nullsoft Streaming Video), VIVO format, FLI format, NuppelVideo format, yuv4mpeg format, FILM (.cpk) format, RoQ format, PVA format, streaming via HTTP/FTP, RTP/RTSP, MMS/MMST, MPST, SDP, and TV grabbing

* Supported Video and Audio Codecs: MPEG-1 (VCD) and MPEG-2 (SVCD/DVD/DVB) video, MPEG-4 in all variants including DivX ;-), OpenDivX (DivX4), DivX 5 (Pro), XviD, Windows Media Video 7/8 (WMV1/2), Windows Media Video 9 (WMV3) (using x86 DLL), RealVideo 1.0, 2.0 (G2), RealVideo 3.0 (RP8), 4.0 (RP9) (using Real libraries), Sorenson v1/v3 (SVQ1/SVQ3), Cinepak, RPZA and other QuickTime codecs, DV video, 3ivx, Intel Indeo3 (3.1, 3.2), Intel Indeo 4.1 and 5.0 (using x86 DLL or XAnim codecs), VIVO 1.0, 2.0, I263 and other H.263(+) variants (using x86 DLL), MJPEG, AVID, VCR2, ASV2 and other hardware formats, FLI/FLC, HuffYUV, and various old simple RLE-like formats

* Supported audio codecs: MPEG layer 1, 2, and 3 (MP3) audio, AC3/A52 (Dolby Digital) audio (software or SP/DIF), AAC (MPEG-4 audio), WMA (DivX Audio) v1, v2, WMA 9 (WMAv3), Voxware audio, ACELP.net etc (using x86 DLLs), RealAudio: COOK, SIPRO, ATRAC3 (using Real libraries), RealAudio: DNET and older codecs, QuickTime: Qclp, Q-Design QDMC/QDM2, MACE 3/6 (using QT libraries), ALAC, Ogg Vorbis audio, VIVO audio (g723, Vivo Siren) (using x86 DLL), alaw/ulaw, (ms)gsm, pcm, *adpcm and other simple old audio formats

* Supported Video Output Devices: X11 with SHM extension, X11 using overlays with the Xvideo extension (hardware YUV & scaling), Xvideo Motion Compensation, VIDeo Interface for *niX, VIDIX in an X11 window, VIDIX on the console, X11 DGA extension (both v1.0 and v2.0), OpenGL renderer, gl2, framebuffer output, SVGAlib output (supports EGA displays), SDL >= v1.1.7 driver, GGI graphics output, text mode rendering, text mode rendering in color, display through the VESA BIOS (also needed for Radeon TV-out), and DirectFB support

* Supported Audio Output Devices: OSS (Open Sound System), SDL (Simple Directmedia Layer), ALSA (Advanced Linux Sound Architecture), NAS (Network Audio System), ESD (ESound Daemon), ARTS (KDE Sound System),and JACK (Jack Audio Connection Kit)

* Streaming: Authentication for Real RTSP stream

Kaffeine (http://kaffeine.kde.org/)
Kaffeine is a simple, easy to use, full featured media player for the K Desktop Environment (KDE).

Currently, Kaffeine can use xine-lib, MPlayer, or GStreamer as a backend. It is therefore able to play almost all audio and video files.

Features include:

* Multiple playlists
* Play Audio CDs, DVDs and VCDs
* Streaming
* Rip and encode audio tracks to be stored on your hard disk
* Supports Digital Video Broadcasting devices supported by linuxtv drivers
* Electronic Program Guide
* Can broadcast several DVB channels (being on the same multiplex) on a LAN
* DCOP Interface
* Supports Linux Infrared Remote Control (LIRC)