News

Content Scraping and Attribution

Last week I recieved a “pingback” on this post. I was curious about what may have been discussed so I navigated to the site and discovered they had simply scraped the entire post, representing it as their own. Content scraping is nothing new of course and happens all the time on large, popular sites, but this was the first time this happened to me, to something I wrote. I was a little taken aback by how blantant it was.

I reached out the offending site’s administrator to request that he/she conform to the terms of the Creative Commons Attribution 3.0 license by providing attribution, or remove the content. I had little hope that they would comply, much less respond, and had resigned myself to hoping that Google could sort out which content source would be authoritative when it came to search queries. I was pleasantly surprised then when roughly a day later I received an e-mail from the site’s administrator admitting to copying the content (“because it’s beautiful”), but more importantly agreeing to attribute the content to me. We agreed on the following notice, which was placed at the bottom of the (copied) post: “This article was originally published at https://iceflatline.com/2011/11/how-to-install-apache-mysql-php-and-phpmyadmin-on-freebsd/ and is reprinted here with the author’s permission.”

All of the content I post here at www.iceflatline.com is provided under the Creative Commons Attribution 3.0 license. What this means is that you are free to copy, distribute and transmit this content, to adapt it to something you may be working on, even make commercial use of the content. All I ask is that you attribute the original content to me in some way.

BSD

How to Use Portmaster to Update Ports

(20170315 — The steps in this post were amended to address changes in recent versions of software — iceflatline)

The Ports Collection is a set of Makefile, patches, and description files stored in /usr/ports. This set of files is used for building and installing applications on FreeBSD, and other BSD-based operating systems.

This post will describe how to use portmaster, a utility for updating installed ports. portmaster is nothing more than a shell script (albeit a quite elegant and powerful one), written in /bin/sh. It does not depend upon other ports, external databases or languages, rather it’s been written in such a way as to make use of the information about a port’s dependencies, dependents, file locations and other information contained in /var/db/pkg to determine which ports to update.

The versions of software discussed in this post are as follows:

  • FreeBSD 11.0-RELEASE
  • portmaster-3.17.10

Okay, let’s get started. All commands are issued as the root user or by simulating the root user by using the command su. Let’s make sure that the Ports Collection is updated to its most current version with the following command:

If you haven’t installed portmaster yet, let’s do that now. You’ll be prompted with several configuration options. Select any options you’d like and select “OK”:

Now that the Ports Collection has been updated and portmaster installed, let’s check the installed ports against the updated Ports Collection to see whether any installed ports need to be updated. portmaster provides a way to list ports that need updating using the -L option:

As you’ll see in the corresponding output of this command that portmaster groups all installed ports into four categories:

Root ports: port listed under this category have no dependencies, nor are they depended on by other ports.

Trunk ports: ports listed under this category have no dependencies, but other ports depend upon them.

Branch ports: ports listed under this category have dependencies and are also depended upon by other ports.

Leaf ports: Ports listed under this category have dependencies but are not depended upon by other ports.

Each installed port will be listed in one of these categories along with whether the port has a revised version available:

Following the list portmaster will present a succinct summary of the status of your ports:

Before updating a particular port or ports, it’s a good idea to check the notes contained in /usr/ports/UPDATING to see if there are any issues related to updating one or more of them. /usr/ports/UPDATING contains all the last minute notes on all of the ports in the Ports Collection and documents, where applicable, some of the problems you may encounter when updating, and/or additional features or options that may be available. Follow the instructions contained in /usr/ports/UPDATING to update the affected ports. In most every case there will be instructions for how to use portmaster to perform the task. The remaining ports can be updated using the following command:

The -d option tells portmaster to clean up the installation files (in /usr/ports/distfiles), which will help save some disk space. The -w option tells portmaster to save old shared libraries (in /usr/local/lib/compat/pkg/) before “deinstalling” the existing port, allowing those libraries to potentially be restored if there are any incompatibility issues between the new port and the installed libraries. Adding the -v option will direct portmaster to be a bit more forthcoming about what it’s doing. Finally, the name of the port should be one of the following: the full name of the port directory as specified in /var/db/pkg, for example apache22-2.2.23_3 or the full path to the port in the Ports Collection, for example /usr/ports/www/apache22.

After entering the command above portmaster will recurse through the port and its dependencies (if any) to handle any configuration options. If configuration options have changed since the last time the port was updated, portmaster will likely prompt for input. However, you can force the configuration dialogs for all ports by adding the force-config option to the command:

If none of the port’s dependencies require updating, portmaster will simply download the necessary source files and perform the update, otherwise you will be presented a list of ports that will be updated and asked to confirm before portmaster proceeds. You can skip the confirmation step by adding the no-confirm option to the command:

You can also update all of the outdated ports at once using the following command:

The -a options tells portmaster to review all installed ports and update them if necessary. Once again, if portmaster is unclear about the configuration options for a particular port, it will prompt for input, otherwise it will present a list of ports that it will update and ask to confirm before proceeding. The force-config and no-confirm options can be used here as well, if desired.

Adding the -x option will direct portmaster to avoid building or updating ports that match a pattern. For example, the following will update all installed ports except apache22:

The portmaster utility also provides some other useful functions. For example, portmaster can be used as a port installation tool by executing it as though you were updating a port. portmaster will recognize that it’s a new port and install the port’s dependencies as usual:

Sometimes it’s helpful to have portmaster figure out what needs to be updated and in what order, but not actually do it. Adding the -n option directs portmaster to run through the configuration, but not actually update or install any ports

There you have it. The portmaster utility is a simple yet powerful tool for updating your ports. It does not depend on other software or use an external database to track what you have installed, but rather uses the existing ports infrastructure, including what is located in /var/db/pkg. This post covered the basics. The portmaster man page contains a lot more information about portmaster, how it works and what choices are available to you.

Networking

How to Securely Login to Your WordPress Web Site Using SSH Port Forwarding

This post describes how to securely login to your web site using an SSH (“Secure Shell”) tunnel created using dynamic SSH port forwarding. You will need to have access to an SSH connection to your web hosting account. Most web hosts should be able to provide you with one. While this post uses a WordPress-based web site as an example, the techniques described should be able to be applied to any web site so long as the web host permits SSH connections.

Introduction

A SSH tunnel consists of an encrypted data path created through a SSH protocol connection. A SSH tunnel can be used to transfer unencrypted traffic over an IP network, such as the public Internet, through an encrypted channel. Why use an SSH tunnel to login into your WordPress web site? In brief, better security. Unless you already have SSL configured on the server and have WordPress correctly configured to force SSL logins, your login name and password are passed in the clear each time you login to administer the site. Dynamic SSH port forwarding transforms the SSH client on a local machine into a SOCKS proxy server. Any traffic sent to the proxy will be sent to the SSH server, which will forward that traffic as its own firewall and routing rules permit. We can use this capability to our advantage to forward login credentials over the SSH connection to WordPress more securely.

To set up an SSH tunnel using dynamic SSH port forwarding, a port number is chosen for use as the SOCKS server port. Whenever a connection is made to this port, all traffic is forwarded to the SSH server, and the application protocol is then used to determine where to connect to from the SSH server. In our case that protocol is HTTP and our web browser must be configured specifically to use the proxy server (and must reconfigured when you stop using the proxy server). For purposes of example, we’ll use the standards SOCKS port 1080 (technically, you can use any port number, however be aware that some programs will only work if you use 1080), and Firefox as the web browser, and we’ll assume that the web host’s SSH server is listening for incoming connections on the SSH default port 22.

Dynamic Port Forwarding On Linux/Unix

Creating a SSH tunnel using dynamic port forwarding on a Linux/Unix system is quite easy. Simply start a termnal session and enter the following command:

The -D option specifies a local “dynamic” application-level port forwarding and the port parameter is the port chosen for the proxy server to listen on. The user@hostname parameter is the remote SSH server and associated account where you will forward your connection. In our case user will typically be your web host account user name and hostname will typically be your web site’s domain name. For example:

If your web host’s SSH server is listening for connections a port other than 22 then you can specify the correct port in the command using the -p option, for example:

If this is the first time you’ve attempted to connect to your web host provider using SSH, you’ll likely receive a warning concerning the authenticity of the host you’re trying to reach along with a fingerprint of its public key and asked if you’re sure you want to continue connecting. If you’re absolutely sure that you’re indeed connecting to your host provider, accept by entering Yes. You’re then typically requested to enter your account password and the connection will proceed. The command prompt should be returned to you without error indicating that tunnel was established successfully.

Now open Firefox and navigate to Tools->Options->Advanced->Network and select “Settings” (Note: in some implementations of Firefox, particularly on Linux, network connection settings are found under Edit->Preferences->Advanced->Network). Select “Manual proxy configuration” and enter localhost in the “SOCKS Host:” field and 1080 in the associated “Port” field, then select “OK” and once again in the Options menu to close it out. (See Figure 1).

Screenshot of the Firefox network settings with manual proxy configuration

Figure 1

Now simply point your browser to your WordPress login URL – usually your-web-site-url/wp-admin or your-web-site-url/wp-login.php – where you can login securely over your newly created SSH tunnel to administer the site. Note that you must maintain the SSH connection in order to maintain your connection to the web site. When finished using the tunnel, simply exit the terminal session that is maintaining the SSH connection and return Firefox to its default “no proxy’ settings.

Dynamic Port Forwarding On Windows

Creating an SSH tunnel using dynamic port forwarding on a Windows system is also easy; however, we’ll first need to download and install an SSH application (Windows doesn’t support SSH natively). There are several out there to choose from, but the one I typically use is PuTTY, a free implementation of Telnet and SSH for Win32 and Linux/Unix platforms. Download PuTTY.exe (or the Installer version if you’d prefer) and run it. Enter your web site domain name in the “Host Name (or IP address)” field. If your web host’s SSH server is listening for connections a port other than 22 then modify the “port” field to reflect the correct port number (See Figure 2).

Screenshot of the PuTTY application

Figure 2

Next, under the “Category” column on the left side of the application, navigate to Connection->SSH->Tunnels. Enter 1080 in the “Source port” field and select the “Dynamic” radio button, then select “Add” (See Figure 3).

Screenshot of where to create a dynamic SSH tunnel in the PuTTY application

Figure 3

Now select “Open” to initiate the connection. If this is the first time you’ve attempted to connect to your web host provider using SSH, you’ll likely receive a popup from the PuTTY application with a warning concerning the authenticity of the host you’re trying to reach along with a fingerprint of its public key. If you’re absolutely sure that you are indeed connecting to your host provider, select “Yes” to add the public key to PuTTY’s cache and carry on connecting. Alternatively, if want to connect just once, without adding the key to the cache, select “No”. You’re then typically requested to enter your account password and the connection will proceed. The command prompt should be returned to you without error indicating that tunnel was established successfully.

Now open Firefox and configure the settings as described above in the Linux section. When complete, point your browser to your WordPress login URL where you can login securely over your newly created SSH tunnel to administer the site. Note that you must maintain the SSH connection (i.e., the PuTTY window must remain open) in order to maintain your connection to the web site. When finished using the tunnel, simply exit the terminal session that PuTTY created for the SSH connection and return Firefox to its default no proxy settings.

Conclusion
Well, there you have it. Would obtaining an SSL certificate be simplier? Perhaps. But until you do here’s a way to login more securely to your WordPress web site using an SSH tunnel created using dynamic SSH port forwarding.

References

Lucas, M. SSH Mastery. USA: Tilted Windmill Press, 2012. Print.

Hardware

PC Build: Intel Core i7 Ivy Bridge

Time once again to upgrade my desktop computer. My current system, an ASUS P67 Sabertooth motherboard (P67 Chipset/Socket 1155), Intel Core i7-2600K (Sandy Bridge) processor, AMD Radeon HD 6950 GPU, and 8 GB of DDR3-1600 G.Skill RAM, served me well, but I wanted to move on to Intel’s “Ivy Bridge” architecture. This post will document my upgrade, starting with the parts I selected and why; the assembly of the system and the challenges I encountered; and finally, a few thoughts on overclocking the upgraded system.

The Parts

In keeping with previous builds, my goal was to use the best quality components I could find for a reasonable price, and build a good, fast, and reliable machine for PC gaming. In other words, build a machine that’s represents a good value.

The Case – I looked for a mid-tower case that featured good air flow and plenty of room for wiring. The NZXT Tempest case I used for my Sandy Bridge build had served me well, but turned out to be a a bit constraining when it came to routing wiring and keeping the inside of the case looking neat. This time I settled on the Corsair Graphite Series 600T. The 600T is a mid-tower in height, but nearly 11 inches wide. Pre-cut holes with rubber grommets in the motherboard tray combined with plenty of room behind it allowed for clean, uncluttered cable routing; and the dual 200mm fans located at the top of the case assisted in providing very good cooling.

The Power Supply – I decided to go with the Corsair TX750 V2. Corsair’s power supplies are quality products, featuring a single dedicated, single +12V rail for maximum and efficient power distribution and they’re sensibly priced. The unit is 80 PLUS Bronze certified (> 80% efficient) and quiet.

The Processor – After doing a little research and giving it much consideration, I chose the Intel Core i7-3770k processor with a 3.5 GHz base clock frequency, 3.9 GHz maximum default “turbo” frequency, and 8 MB of L3 cache and hyper-threading. Besides the featuring the highest clock frequency among the mid-range Ivy Bridge socket 1155 desktop processors, the “K” suffix means the “turbo mode” multipliers are fully unlocked, giving this processor a lot of overclocking potential.

The Motherboard – The ASUS Sabertooth P67 board meet my needs so well for my Sandy Bridge build that I decided to turn to them once again, selecting the Sabertooth Z77 board for this build.

The Heatsink – After doing a bit a research to make sure it would clear the surrounding components on the motherboard, including the RAM, I chose the Cooler Master Hyper 212 Plus. To improve its already very good cooling capabilities, I purchased an additional Cooler Master 120 mm fan to match the fan the product shipped with and then set it up in a push/pull configuration. This configuration combined with the Corsair case provides very good overall processor cooling. Finally, to ensure that both fans would rotate at reasonably the same speed, I used a PWM splitter from Rosewill to power and control both fans from the processor fan header.

The RAM – I was looking to upgrade to 16 GB of RAM this time around, with timings as low as possible. A factor that I was again glad I considered ahead of time was whether the RAM would fit under the processor’s fan/heatsink due to the close proximity of the RAM slots to processor. I ended up eliminated a couple of products (Corsair’s “Dominator” as an example) because they were simply too tall to fit. Finally I ended up selecting G.Skill’s RipjawsX DDR3-1866 16 GB kit (4 * 4GB), which runs at 1.5v with timings specified at 9-10-9-28.

The Graphics – I with AMD again. After doing looking at some online comparisons, choosing Gigabyte’s version of AMD’s Radeon HD 7870, the GV-R787OC-2GD. At ~$360, it provided the best performance for the money. Indeed, given my 24-inch Dell monitor’s 1920 * 1200 resolution, this GPU should easily handle nearly any game I throw at it.

The Hard Drives – With this build I decided to step up the size and performance of the SSD drive and selected a 2.5-inch OCZ Vertex 4 120 GB SATA 6 Gb/s drive. This will serve as my system drive, containing the operating system and a few of my most used applications and games, while a Western Digital Caviar Black 1TB 7200 RPM 64MB cache SATA 3.0 drive will hold the bulk of my non-OS data.

The Optical Drive – Yup, still use one of these :). In this case, the venerable ASUS DRW-24B1ST.

The Operating System – Not much of a surprise here, I went with Windows 7 Pro 64-bit. The Home Premium version doesn’t support Remote Desktop connections from another computer, a feature I use daily, and this of course is my gaming rig, leaving a Linux out of the hunt (for now). Besides, I get my *nix on using my laptop, which is setup to dual boot windows and several Linux distros, as well as various other machines I administer.

The Build

Time to put those parts to some use. I typically build my systems outside of the case first, then when I’m sure everything is running well, I’ll place the components in the case and dress up the wiring (See Figure 1).

Screenshot of my Intel Core i7 Ivy Bridge build outside of the computer case

Figure 1

The SATA 3.0 and SATA 6.0 ports on the ASUS Z77 are mounted horizontally on the board, making it easier to connect/disconnect disk drives with graphics cards in place. I connected the 120 GB OCZ Vertex 4 drive to the SATA 6.0 GB port 1, and the 1TB WD Caviar Black drive on the SATA 6.0 port 2. These are the Brown SATA ports on the ASUS Sabertooth Z77 motherboard.

When mounting the Cooler Master Hyper 212 Plus, I was able to achieve the lowest processor temperatures by applying two thin lines of thermal compound, in this case, Artic’s Silver 5, to the two center mounting base partitions heat sync (See Figure 2). My idle temperatures are hovering around ~28C when measured in UEFI and approximately the same when measured from within Windows using Real Temp.

Screenshot showing where to apply thermal compound on the Cooler Master Hyper 212 plus heatsink

Figure 2

The Sabertooth motherboards are equipped with what ASUS calls “TUF Thermal Armor,” a marketing term that ASUS uses to denote what is essentially a large heatsink that encompasses nearly the entire motherboard. The idea behind this unorthodox design is to conduct the hot air generated by cards and components out of the case through special air flow channels, thus reducing the overall temperature of the motherboard, and by extension the inside the the PC case. To do this effectively, however, ASUS recommends that system builders use a processor fan that directs air downward into the motherboard. Unfortunately, like most processor fan/heatsink products made for the PC enthusiasts market, the Cooler Master Hyper 212 Plus is mounted vertically, directing air out the back of the case, not downward towards the motherboard’s components. In anticipation of the situation, ASUS provides a small 50mm fan and a spot on the motherboard to mount it in order to improve the air flow through the TUF Thermal Armor.

After successfully assembling the components, and firing up the system without issue, I proceeded to update the Z77’s UEFI firmware to the latest version. Fortunately ASUS makes this task incredibly easy, offering a number of ways to perform the update, including directly from Windows. I chose to perform the update directly from within the UEFI. First, I downloaded the latest firmware code to a USB flash drive, then inserted the drive into a USB 2.0 port. I entered the “Advanced Mode” of UEFI, navigated to the “Tool” menu, and selected “ASUS EZ Flash Utility.” I highlighted the USB drive containing the ROM file and selected “Enter” to proceed with the UEFI firmware update.

Before installing the operating system on the OCZ Vertex 4 drive, I decided to do a little research on what it would take to update its firmware from version 1.3 to 1.4, which I understood from the OCZ forums would yield better performance from the drive. I’m glad I did, for as it turned out, the version 1.4 firmware update is destructive; meaning if I had gone through process of installing the OS, the update would have simply deleted it. Therefore, performing an update required attaching the drive to another Windows-based machine.

Then I encountered another challenge. The OCZ firmware update tool would indicate that the firmware had updated successfully to version 1.4 and to reboot; however, the tool would then continue to indicate the firmware was version 1.3. The work-around for this problem was odd but it worked. First, I booted the machine. Then I unplugged the power cable from the back of the drive, waited a couple of minutes, and plugged the power back in. Then I proceeded with the update. Once updated, I rebooted and the update tool reported the firmware had indeed successfully updated to version 1.4. It appears the effort was worth it however. A quick look at the performance of the drive using the ATTO Disk Benchmark indicated sequential reads/writes of 476 MB/384MB respectively using 128 KB transfer size.

After successfully installing Windows 7 and all of the device drivers installed, Window’s Device Manager still indicated that a driver for the “PCI Simple Communications Controller” was still missing (The dreaded yellow exclamation mark). It turned out to be a simple fix, but one I always seem to forget to do – download and install Intel’s Management Engine Interface utility from ASUS.

Finally, to improve the reliability of the Z77 Sabertooth’s Ethernet interface I downloaded and installed Intel’s driver for the 82579 Ethernet network interface controller on the Z77. Then, I entered the UEFI’s Advanced mode, navigated to Advanced -> APM and enabled “Power On By PCI” to activate the board’s Wake-on-LAN feature.

With these issues out of way I continued on, updating Windows, adding applications, tweaking options and generally letting the system burn-in for a bit. Then it was time to move on to overclocking the system.

The Overclock

By default the Core i7-3770K runs at 3.5GHz but can turbo boost itself to 3.9GHz if all four cores are not being utilized, and assuming it is operating within what Intel feels are acceptable power and temperature limits. However, Like all of Intel’s “K”suffix processors, the i7-3770K is multiplier-unlocked – this time up to 63x compared to 57x on the Sandy Bridge Core i7-2770K. Therefore, assuming the BCLK bus is running at its default of 100MHz, you could theoretical achieve a maximum CPU speed of the 6.3GHz simply by adjusting the multiplier, assuming of course that you had the necessary cooling solution.

For this build I took a much more conservative route. Not unlike most of the “enthusiasts” motherboards on the market today, the Sabertooth Z77 offers a method to automatically overclock your system, dispensing with the need in most cases to independently adjust BCLK, multiplier, memory, and voltage settings. In fact, the Z67 offers two methods: one is available by navigating to the in the UEFI’s “EZ Mode” settings and selecting the “Performance” option. The other is available by navigating to Advanced Mode -> Ai Tweaker and selecting “OC Tuner.” I decided to give the EZ Mode Performance option a go and was quite happy with the results (See Figure 3).

Screenshot of the ASUS Sabertooth Z77 Ai Tweaker settings after invoking the "Performance" option in EZ Mode

Figure 3

The BCLK was increased to 103 MHz and the Turbo Mode multiplier for all four cores to 41. This resulted in an overall processor speed of ~4.2 GHz when running in Turbo Mode. My DDR3-1866 memory essentially remained unchanged. Like I said, conservative. But fast enough for the time being, with plenty of headroom to make further increases in the future if desired.

Next, I adjusted my memory timings to the 9-10-9-28 and ran Memtest86+ for a couple of passes to ensure those timings and the memory in general was sound. Then I ran the 64-bit version of Prime 95 using the “Large in-place FFT” setting for ~24 hours to ensure that the system stability and maximum processor core temperatures were kept in check. I should note that ambient room temperature during the Prime 95 testing was ~21 C. The tests resulted in no errors and the maximum processor core temperatures peaked at ~86 C but on average were ~80C. (See Figure 4).

Screenshot of my desktop showing Prime 95, CPU-Z and Real Temp running simultaneously

Figure 4

Conclusion

I couldn’t be more pleased with this build. Intel’s Core i7-3770K processor and ASUS’s Sabertooth Z777 motherboard is a solid mid-range combination. Since its completion, the system has been 100% stable.

BSD

How to Forward Root’s Mail to a Another User in FreeBSD

(20190119 — The steps in this post were amended to address changes in recent versions of software — iceflatline)

After setting up a FreeBSD system I can sometimes go long stretches without becoming the superuser again. When I finally do issue the su command I’m usually presented with the line “You have mail.” I sigh and enter the command mail, where I’m presented with a multitude of system-generated mail updating me on everything from the status of cron jobs that have run (or not) to security and daily run reports. It’s at this point that I think to myself “I really need to forward that mail to my inbox so I read them more often.” This post will describe how to setup FreeBSD so that the root user’s mail is forwarded to another user account.

The versions for the software used in this post are as follows:

  • FreeBSD 12.0-RELEASE

To forward the root user’s mail to another users’ inbox open the file /etc/aliases as root and look for the following line:

Uncomment this line and replace “me@my.domain” with the user name you’d like the mail forwarded to. For example, to forward root’s mail to the user iceflatline on the same host, the line would look like this:

Now we need to make the sendmail (sendmail is the default Mail Transfer Agent in FreeBSD) aware of the changes we’ve made to /etc/aliases before they’ll take effect: We’ll do that by using the newaliases command as root:

Now any mail the system (or anyone else) sends to root will also be forwarded to the user iceflatline’s mail inbox. To test whether mail is indeed being forwarded use the mail command to send root a message. Start by specifying a subject, then hit enter and type the message. When complete, hit enter enter again to place the cursor at the beginning of a blank line, then enter CTRL+D to send the message:

Now enter the mail command at the user prompt and you should see the message you just sent to the root user:

Conclusion

Well, that’s it. A couple of tweaks on FreeBSD and you’ll have no excuse for missing those system reports.