Once you have a busy database server, you would probably know that “mysqldump” is not the best option for backups. It is very slow and involves the database server itself for processing the backup dump, therefore slowing down the application too.

Percona has provided Xtrabackup (innobackupex) to get hot-backups, which means it doesn’t affect your mysql server at all. Instead it would copy the mysql data files and allows you to revert to your full backup by recovering the original data files inside /var/lib/mysql/. (Also take a look at holland backup manager if you’re not familiar with it)

Recently I experienced a bug in the application level which led to corrupted data in a single table and did not want to recover the whole database to yesterday’s backup. Therefor I decided to use my full backup to start another MySQL server instance, extract the required data and feed it back to the operational MySQL database. Here’s how I did it:

Assume:

  1. You have an operational MySQL instance, listening on standard port 3306, using data dir /var/lib/mysql
  2. Your backup is located at: /home/backups/holland/sib/20150705_120502/backup.tar.gz
  3. The database name is “my_db_name”
  4. The table we’re going to extract partial data from is “the_table”

 

Step 1: Extract the backup files and set ownerships

cd /home/backups/holland/sib/20150705_120502/
mkdir data
cd data
tar -xif backup.tar.gz
chown -R mysql:mysql /home/backups/holland/sib/20150705_120502/

Step 2: Create a fake mysql configuration file for the new instance (my.cnf)

contents of /home/backups/holland/sib/20150705_120502/data/my.cnf  (to start the new instance with a different working directory and port)

[mysqld]
datadir=/home/backups/holland/sib/20150705_120502/data
socket=/home/backups/holland/sib/20150705_120502/data/Xmysql.sock
user=mysql
port=3307
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
max_connections=10
tmpdir=/home/backups/holland/sib/20150705_120502/data/tmp
log-bin=/home/backups/holland/sib/20150705_120502/data/Xlogbin
innodb_buffer_pool_size=524288000
innodb_force_recovery=6
[mysqld_safe]
log-error=/home/backups/holland/sib/20150705_120502/data/Xmysqld.log
pid-file=/home/backups/holland/sib/20150705_120502/data/Xmysqld.pid

Step 3: Run the mysql server

[root@sib12 data]# mysqld_safe --defaults-file=/home/backups/holland/sib/20150705_120502/data/my.cnf 
150706 10:37:03 mysqld_safe Logging to '/home/backups/holland/sib/20150705_120502/data/Xmysqld.log'.
150706 10:37:03 mysqld_safe Starting mysqld daemon with databases from /home/backups/holland/sib/20150705_120502/data

Step 4: Connect to the second instance to check if it is running

mysql -uroot -h 127.0.0.1 --port 3307 -p my_db_name

you can examine the old/backup data to see if you’re on the track or not. If the command above leads to any error, there is probably an error in the mysql startup. so check the log file you’ve mentioned in my.cnf above.

Step 5: Extract your partial data using mysqldump

mysqldump --extended-insert=FALSE --replace -t -h 127.0.0.1 --port 3307 -uroot -p my_db_name the_table --where="id IN (1,2,3,4,7,9,12)" > partial_data.sql
  • -t parameter removes the table definition from the dump file (also removes the dangerous drop statement at the start of it)
  • –replace writes REPLACE statement instead of INSERT, so that we can update our existing corrupted data instead of trying to insert new records
  • Note the port is 3307 at which the new MySQL instance is listening

Step 6: Feed the recovered data back into production MySQL instance

mysql -uroot -h 127.0.0.1 --port 3306 -p my_db_name < partial_data.sql

Step 7: You’re done

Let’s kill the second instance by pressing “Ctrl+\” at the terminal you’ve started the mysql instance and clean the extracted backup files.

Assuming you have the svn and an empty GIT repository, first you need to check out the git repo:

git svn clone https://old.svn.server.com/svnpath

you’ll have the folder named ‘svnpath’ checked out and converted to git format.

The you need to change the author names, we’ll use a feature called ‘filter-branch’ in git to change author names and email addresses:

git_change_author_names.sh


#!/bin/bash

hput() {
  eval "$1""$2"='$3'
}

hget() {
    eval echo '${'"$1$2"'#hash}'
}

# The original SVN usernames
hput originals x1 "Nadalizadeh"
hput originals x2 "sina.bahar"
hput originals x3 "faraz.shamshirdar"
hput originals x4 "elrusho"

# The new GIT Names
hput names x1 "Ali Nadalizadeh"
hput names x2 "Sina Baharlouie"
hput names x3 "Faraz Shamshirdar"
hput names x4 "Soroush Khodaii"

# The new GIT Email Addresses
hput emails x1 "ali@emaildomain1.com"
hput emails x2 "sinabaharlouei@emaildomain1.com"
hput emails x3 "faraz@emaildomain1.com"
hput emails x4 "soroush@emaildomain1.com"

for h in ${!names*}; do
    key=${h#names*};
    export oldname=`hget originals $key`;
    export newname=`hget names $key`;
    export newemail=`hget emails $key`;

    echo "Changing $oldname to $newname <$newemail>"
git filter-branch -f --commit-filter '
        if [ "$GIT_AUTHOR_NAME" = "$oldname" ];
        then
                GIT_COMMITTER_NAME="$newname";
                GIT_AUTHOR_NAME="$newname";
                GIT_COMMITTER_EMAIL="$newemail";
                GIT_AUTHOR_EMAIL="$newemail";
                git commit-tree "$@";
        else
                git commit-tree "$@";
        fi' HEAD

done

Run the above script inside root of your git repository and ofcourse you need to change the names and emails your own values you get from “svn log” and “git log”

Finally push your new git repository to your remote address:

git remote add origin git@new.gitserver.com:git-group/my_repository.git
git push -u origin master

Faced a problem while downloading JDK from the shell?
Yes, Oracle checks for cookies and here’s a small trick to install latest JDK right from oracle’s website:

wget --no-check-certificate --no-cookies --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com" -O jdk-linux-x64.rpm "http://download.oracle.com/otn-pub/java/jdk/7u51-b13/jdk-7u51-linux-x64.rpm"

rpm -Uvh jdk-linux-x64.rpm

When you run a DNS server on your dedicated server, it will be the target DNS amplification attacks.  To prevent these attacks from succeeding and using up your bandwidth (which you will pay for), you need to configure your DNS server not to answer recursive queries.

Check if your server is vulnerable

You can send a DNS query to your server, e.g. “thatserver.dedicated.co.za” using dig or nslookup.

dig @thatserver.dedicated.co.za www.isc.org

Alternatively:

<strong>nslookup</strong>
&gt; server thatserver.dedicated.co.za
&gt; isc.org
Non-authoritative answer:
Name:    isc.org
Address: <strong>149.20.64.42</strong>

If you receive an answer that includes an answer of the IP address of www.isc.org, then your server is vulnerable, because it did the work of finding out the answer and presenting it to you.

Secure named (bind) on Linux

Add this to the “options” section of /etc/named.conf :

    recursion no;
    additional-from-auth no;
    additional-from-cache no;

Then restart named so that it will use the new secure options:

    /etc/init.d/named restart

For detailed information see http://www.cymru.com/Documents/secure-bind-template.html

Secure Microsoft DNS server

If you have installed or enabled Exchange then you have implicitly turned on DNS, which by default runs as a recursive service and can be horribly attacked.  Usually you can just firewall the DNS service.

Run this command:

    dnscmd . /Config /NoRecursion 1

Or follow this procedure:

    Start | Administrative Tools | DNS (DNS manager)
    Right click DNS server | 
        Properties | 
        Advanced | 
        Server options | 
        Disable recursion -&gt; Yes, OK

Unfortunately, it is not possible to prevent the Microsoft DNS server from replying with cached values, so your non-recursive DNS server will provide a small amount of useful traffic amplification for attackers.  Where possible, add a firewall rule that blocks incoming traffic from unauthorised clients towards port 53/UDP (and port 53/TCP for good measure).

iptables rules for Linux

If your DNS server is used only by the machine on which you are running it, you can block external queries as follows:

iptables -A  INPUT -p udp -m udp --dport 53 -i ! lo -j DROP

These iptables firewall rules will to prohibit excessive ANY queries to a non-recursive DNS:

iptables -A  INPUT -p udp -m udp --dport 53 \
   -m string --hex-string "|0000ff0001|"  --algo bm --from 48 --to 65535 \
   -m recent --set --name dnsanyquery  --rsource
iptables -A INPUT -p udp -m udp --dport 53 \
    -m string --hex-string  "|0000ff0001|" --algo bm --from 48 --to 65535 \
   -m recent --rcheck  --seconds 60 --hitcount 5 --name dnsanyquery --rsource \
   -j DROP

If you for some reason have to run an open DNS resolver, you can limit rate limit the rate at which you will accept queries:

iptables -A INPUT -p udp --dport 53 -m hashlimit \
--hashlimit-name DNS --hashlimit-above 20/second --hashlimit-mode srcip \
--hashlimit-burst 100 --hashlimit-srcmask 28 -j DROP

If you know what the above means you can install these rules in your system.

Reference information

You can read more about this here:

Source: https://support.afrihost.com/?/Knowledgebase/Article/View/344/0/securing-dns-against-ddos-amplification-attacks

 

Dan McDougall just publicly released the source code to Gate One, which is an HTML5-powered terminal emulator and SSH client. It is unique in that it doesn’t require any browser plugins (it uses WebSockets) and supports multiple simultaneous terminals/SSH sessions in a single browser tab. It can resume users’ sessions after being disconnected, and supports both client and server-side session recording/playback (view as a log or like a video). Gate One can also be embedded into other web-based applications such as administration interfaces, serial port concentrators, virtual appliances, or whatever.

Zangoole Logo (Persian Story and Song) زنگلوله داستان و شعر برای بچه هاWe were recently working on another Persian project for iOS called Zangoole. Zangoole is a Song and Story library for kids and it’s available on AppStore right now!

Here’s the AppStore Description and Screenshots :

Zangoole is a complete Persian application for kids. Using this free app you can purchase audio songs and stories from the largest collection of children’s Persian audio store.
With this app you no longer need to worry about a bed time story.
The stories and songs are interesting and morally sound while at the same time help in improving your child’s Persian skills.

Features:
★ Easy to use and simple User-Interface designed with kids in mind.
★ 2 free songs and 2 free stories, so you can get a general understanding of the quality and style of other items.
★ We plan on releasing new songs and stories onto the shop every month.

Zangoole was a collaboration between Turned on Digital and Ariaman Yar. Contact us via hello@turnedondigital.com.

Zangoole on [ iTunes Store ],  [ AppShopper ]

★★★★★★★★★★★★★★★★★★★★★★★★★★★★★

زنگوله یک نرم افزار کامل برای کودکان فارسی زبان است. این نرم افزار رایگان بوده و شما را قادر می‌سازد که به بزرگترین مجموعه‌ی ترانه‌ها و داستان های صوتی برای کودکان دسترسی داشته و آنها را خریداری نمایید. برنامه علاوه بر یک مجموعه از ترانه‌ها و داستان‌های آموزنده، دارای ظاهری شکیل و ساده برای کودکان است تا به راحتی به کار با آن بپردازند.Zangoole iPhone App Main Screenshot زنگلوله ما برآنیم که هر ماه داستان‌ها و شعرهای جدیدی را به این مجموعه اضافه کنیم. با وجود این نرم افزار، دیگر نگران داستان‌های شب برای کودکان خود نباشید. این ترانه‌ها و داستان‌ها از طرفی حاوی مطالب جالب و آموزنده بوده، و از طرفی دیگر باعث تقویت توانایی ذهنی کودکان شما در زبان فارسی می‌شود.

ویژگی‌ها :
★ ظاهری ساده و مناسب برای کودکان
★ حاوی ۲ ترانه و ۲ داستان رایگان
★ قابلیت خرید دهها ترانه و داستان جدید از فروشگاه

‫تولید زنگوله با همکاری دو شرکت Turned on Digital و آریامان یار میسر شده است. منتظر نظرات سازنده‌ی شما هستیم.

دریافت زنگوله از iTunes

Third series of AUT’s Linux Festival has been announced by Student Scientific Committee of Computer Engineering & Information Technology (CEIT) department. The festival at Amirkabir University of Technology, is attracting lots of Linux fans and geeks every year and includes separate programs for beginners, intermediate users and experts.

سومین دوره‌ی جشنواره‌ی لینوکس امیرکبیر در روزهای ۲۸ و ۲۹ اردیبهشت ماه سال ۱۳۹۰ در محل دانشگاه صنعتی امیرکبیر برگزار می‌شود. این جشنواره توسط انجمن علمی دانشکده‌ی مهندسی کامپیوتر و فناوری اطلاعات دانشگاه صنعتی امیرکبیر سازمان‌دهی شده و برای علاقه مندان و کاربران متوسط و پیشرفته برنامه‌های جداگانه‌ای در نظر دارد. برای ثبت نام و شرکت به این آدرس مراجعه نمایید. برنامه‌ی جشنواره بدین قرار خواهد بود :

ارایه‌های روز اول

چرا لینوکس ؟
کارگاه نصب
معرفی محیط گرافیکی
برنامه‌های مفید و کاربردی
نسخه‌های مختلف لینوکس
ساختار سلسله مراتبی فایل‌ها

ارایه‌های روز دوم

معرفی خط فرمان
لینوکس و شبکه
شاید برای شما هم اتفاق بیفتد !
تولید برنامه‌های وب در لینوکس

ارایه‌های موازی

شرکت پیشتاز پردازش پارس
گروه کاربران لینوکس تهران Tehran-LUG
گروه کاربران نرم‌افزار‌های آزاد

AUT's 3rd Linux Festival Poster

مطالب مرتبط :
دومین دوره‌ی جشنواره‌ی لینوکس امیرکبیر

Monkey's Paw iPad App

It’s a while we are developing an interactive book application framework for iPad and the first book in these series is now right on App Store. Monkey’s Paw is a horror short story by W.W.Jacobs which was published in 1902. You can watch a demo video here.

The app was created in a true global collaboration between minimoko, Beware of the Art and Turned On Digital. Don’t hold us responsible if you get what you wish for.

Android Logo Green Gradient

Switching iPhone 3GS to Android made a chance for me to live with the latest hardware released for this mobile operating system and get an overall impression over it. I got HTC Desire (the successor of Google Nexus that you might have heard its name). Here is a quick list of these differences I found in terms of User Experience, Application Market and Core Features, while working with these two platforms. There are certain aspects, which are different in these two platforms and I’m not covering all of them in this post. Refer to the last section.

Yes, It is Linux, But it is not !

Looking back to the definition, Linux is the kernel which is powering up the system, managing resources, etc, not the userspace tools. But referring to the conventional definition, I was looking for standard Posix tools, a package management system, OpenSSH server, etc. Although it’s famous that most Linux users are kinda Hackers, and living in a dark Garage ;), It’s really odd that there are no OpenSSH ports for this operating system. The only thing you may find is a Dropbear port, compiled and ported for this architecture, but I failed to bring it up.

On the other hand, iOS has lots of these tools available using an APT based package manager called Cydia and installing OpenSSH is the first step to getting full access to your embedded MacOSX. Sometimes I forget whether I’m working with my iOS shell or the Debian shell on my PC.

Obvious Features are not there !

VPN

VPN stands for Virtual Private Network, which is kind of network connection when you want to access a secure tunnel to your workplace or another server in the internet. Android implementation of VPN protocol (specifically PPTP) is incomplete, since it fails to detect kind of encryption in certain scenarios and the only solution to this problem is currently to switch off your VPN encryption and surf in an insecure manner.

HTTP Proxy

Default android operating system doesn’t include any option to configure HTTP proxy server settings. Although this might seem not to be a critical feature, but it makes the phone almost useless in an institute or university which shares the internet via an HTTP proxy server. Certain distributions such as Galaxy, have patched this issue and include the configuration dialog.

J2ME apps

Android’s userspace has been built on JAVA technology, hence the java runtime in android is called Dalvik and doesn’t provide any backward/cross-compatibility with J2ME environments. J2ME is being supported on many devices and has been made an standard for many institutions, to provide their services to the customers via this technology. Although J2ME is not supported by iOS, but it is possible to install a Java runtime environment, when you jailbreak the device.

Gmail Password

Android has a centralized synchronization system and it provides your account credentials to the apps, which need to synchronize with your google account data. This could be considered as a major success in terms of integration to Google, for those who live in the Google world. On the other hand, it happens to change your google account password. But wait, do you count the ability to change your current password as an obvious feature ? of course yes, and there are no direct way to change your password.

Applications start showing authentication errors, right when you change the account password, and there is no way to configure and set the new password on the phone. Android makes you to perform a Factory Reset, to enter your new data. In certain models, android may pop up a dialog box to change your password at the next reboot, but it did not happen with my HTC Desire. I tried to fetch and modify a database file called accounts.db and remove the old authentication tokens. There’s an option to change your email account’s password in a few taps in iOS platform.

App-Store versus Android Market

First point I noticed was that, Android market is restricted for certain carriers and internet addresses. I failed to access using my home network and carrier, but there are hacks to resemble you’re on the right carrier (using MarketEnabler) and on the right IP address (using a VPN connection).

The first point you face, when browsing the android market for the first time is that, there are awesome apps that are free while their equivalents in the iOS market are being provided as paid apps. But on the other hand, there is a high degree of redundancy in the apps functionality, and 3 in 4 apps you download in android, doesn’t do what you want.

User Experience

iPhone4 Default Homescreen / DashboardiOS provides an statically aligned dashboard, in which you can access to your critical apps in the bottom bar. The critical apps bar is always visible, while you can swipe your finger to change the dashboard icon set to the next page. There are no live or dead widgets. There is only an static wallpaper since iOS 4.0 plus the icons to launch apps. iOS automatically applies a nice glassy effect/overlay to the icons, which makes any amateur icon stylish.

Android provides a more flexible dashboard including icons, live wallpaper and live widgets. Widgets are one of successful ideas in the Android environment, which allow you to access the current data (weather, contacts, messages, …) right on your desktop. You’re free to align the application shortcuts (icons) and widgets anywhere beside each other.

Android 2.2 (FroYo) on HTC Desire

Comparing to the static wallpaper in iOS, there is a possibility to choose an animated (AKA live) wallpaper program. There are some cool defaults wallpapers in the default HTC distribution. It is also possible to download and install new live wallpapers. For example you might install a free Snow Flakes wallpaper for your background. The wonderful fact about android wallpapers, is that they are battery friendly and does not drain the battery so fast.

Animations are more smooth and pleasant and You’ll soon note that keyboard typing speed was a little bit more in the iOS, but they are both convenient for daily tasks.

Language and Localization Support is Poor

Android doesn’t come with any Right-to-Left scripting support, although it has complete translation for some famous western languages. There are long threads on Google support channels for adding this feature, but no idea when this feature would become available in the main branch of operating system. (There are customized brands such as latest Galaxy phone which include RTL support out of box)

Jail-breaking (AKA rooting) the phone did not last more than 24 hours, until I download latest firmware and tools available. In fact it was much more simple than, iOS equivalents. Upgrading the phone to the latest community modified Froyo (Lambros ROM), fixed rendering for Persian language and had a Persian keyboard as a bonus too 🙂 !

There are more …

There are lots of aspects which I have not discussed here. Freedom might be an issue with closed source operating systems like iOS. It could be also indicated in case Market and application approval process. On the other hand, freedom might be discussed in the application level, which you’re able to swap your core applications, or just high level apps.

Software development is also an issue, in which mobile developers might be interested and there are lots of things to compare. From development tools to the language, performance and design guide lines, …

Lets also do not forget that, these operating systems are running mostly on cellular phones and they should provide a certain amount of flexibility and usability in that area. There some functions which you might miss in one of them, such as call blocking, message blocking and the way that device alerts you.

We recently released a new version of Persian Poems, called Persian Poems Library which supports In-App-Purchase and it’s Free ! You can use it to browse the bookshop and buy and read your favorite poems right on your iPod, iPhone and iPad.

Here’s a quick look at the features :

– Currently there are more than 20 books available in the shop, and more on the way.
– Browse or Search for poems
– Save your favorites
– Change text size
– A small biography of each poet is also available in each book
– Completely in Persian (Farsi)
– Share verses via email, Twitter and Facebook
– We’re planing on adding 10 new books each month

Although it is less than a week that it has been released, we’re impressed by the high download rate. Here’s a few screen-shots of the app :

At current stage, popular books are :
1. Hafez Collection
2. Ferdowsi’s Shaahnaameh
3. Bustan (Flower Garden) of Saadi
4. Masnavi Ma’navi
5. Divan e Shams
6. Parvin’s Poem Collection

If you’re a fan of Persian Poems too, give it a try ! 😉