Tag: linux

How to paste / insert in vim from clipboard

Posted on by mario

When ever I tried to insert text from the clipboard to vim it did either not work at all or the lines were inserted like a tree, each line more indented.

To fix that, you can do the following:
Before pasting into vim, enable paste mode by entering :set paste.
Press I to enter insert mode. The status bar should say — INSERT (paste) — now.
Press Shift + Insert (The auto indentation of vim should not happen.)
Press Esc to leave insert mode, and disable paste mode using :set nopaste again.
This works from windows terminal, putty, linux terminal and WSL.

http/2.0 sslciphersuites with 256 bit alias crypto wars part eight TLSv1.3

Posted on by mario

Now with the release of Apache 2.4.37 it supports TLSv1.3 (with OpenSSL 1.1.1). Before is was possible to compile Apache against OpenSSL 1.1.1 but it had no effect compared to OpenSSL 1.1.0

There are some advantages using TLS 1.3. it comes with Zero Round Trip Time (0-RTT). Explained simply, with TLS 1.2, two round-trips had been needed to complete the TLS handshake. With TLSv1.3, it requires only one round-trip, which in turn cuts the encryption latency in half. It feels faster.

At the moment only Chrome and Firefox support TLS 1.3. But I think other browser will follow soon.

This requires Apache 2.4.37 or better and OpenSSL 1.1.1 or better. Note that there are now two different directives for SSLCipherSuite. Also new is that the names for the Ciphers for TLS 1.3 are  directly taken from the OpenSSL internal naming. This is different compared to the old way in apache. Only two ciphers that are allowed for TLSv1.3 support 256 bit encryption that is why I chose those.

Listen 443
<If "%{SERVER_PORT} == '443'">
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15553000; preload"
</IfModule>
</If>

ProtocolsHonorOrder On
Protocols h2c h2 http/1.1

TraceEnable Off

SSLUseStapling On
SSLSessionCache shmcb:/opt/apache2/logs/ssl_gcache_data(512000)
SSLStaplingCache shmcb:/opt/apache2/logs/ssl_stapling_data(512000)
SSLOptions +StrictRequire +StdEnvVars -ExportCertData
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLCompression Off
SSLHonorCipherOrder On
SSLCipherSuite SSL ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA
SSLCipherSuite TLSv1.3 TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384

SSLOpenSSLConfCmd DHParameters "/opt/apache2/conf/dh4096.pem"
SSLOpenSSLConfCmd ECDHParameters secp384r1
SSLOpenSSLConfCmd Curves sect571r1:sect571k1:secp521r1:sect409k1:sect409r1:secp384r1:sect283k1:sect283r1:secp256k1:prime256v1

H2Direct On

Sadly not OS Distributions support the last OpenSSL version or that TLv1.3 version has been backported or it has been patched, but apache shows still an older version number.

git cheat sheet

Posted on by mario

Delete all local branches but master and the current one

git branch | grep -v "master" | grep -v ^* | xargs git branch -D;

what did I do? aka git last commit

git diff @~..@

What did I do the last week?

git log --stat --since='1 Week Ago' --graph --pretty=oneline --abbrev-commit --date=relative

git log only the relevant merges

git log --all --graph --decorate --oneline --simplify-by-decoration

show all untracked files

git ls-files --others --exclude-standard

last tag

describe --tags --abbrev=0

MariaDB Case Sensitive Table names on Windows

Posted on by mario

I had an issue while migrating (My)SQL data back and forth from Linux and Windows. When ever I made come changes on my local windows dev system and tried to apply the changes to the production system the SQL statement failed. Later I noticed that the table names on Windows were no matter what I tried in lower case. The MariaDB docs told me that the table names on Windows where always lower case and case insensitive. What a bummer.

Searching I foundlower_case_table_names in the docs. With the values 0,1 and 2.

0 (Unix) = table names and aliases and database names are compared in a case-sensitive manner.
1 (Windows) = names are stored in lowercase and not compared in a case-sensitive manner.
2 (Mac OS X) = names are stored as declared, but compared in lowercase.

I tried 0 and got

[ERROR] The server option 'lower_case_table_names' is configured to use case sensitive table names but the data directory resides on a case-insensitive file system. Please use a case sensitive file system for your data directory or switch to a case-insensitive table name mode.
[ERROR] Aborting

But setting it to 2 works. No longer problems

[mysqld]
datadir=C:/Program Files/MariaDB 10.2/data
port=3306
innodb_buffer_pool_size=1003M
character-set-server=utf8
performance_schema = ON
lower_case_table_names = 2
[client]
port=3306
plugin-dir=C:/Program Files/MariaDB 10.2/lib/plugin

I wonder cause in the old days of using MySQL it never was a problem.

http/2.0 sslciphersuites with 256 bit alias crypto wars part five A+ at SSL Test

Posted on by mario

At Qualys SLL Test labs tests I never had 100% for Key Exchange. Even adding a 4096 Diffie Hellman key did not do the trick.

Now I found adding

SSLOpenSSLConfCmd ECDHParameters secp384r1

to the config from Part 4 does the trick!

Now I can have all your bars on Qualys SSL Test at 100% without having an insane config no client can connect to.

debian boots into uefi shell

Posted on by mario

Today one of my linux servers did not boot. Instead there was a grub uefi shell. Typing the help command listed a bunch of commands in dark blue on a dark grey. Not easy to read. Trying to use the gui did not solve the problem. Resetting the config did also not help. Some forum posts said to create a symlink to the efi file. My issue was that /boot/efi is a separate partion due btrfs on the my system.

What did work was using the command line to add the efi again.

bcfg boot add 0 fs0:\EFI\debian\grubx64.efi "Debian"

However writing in english mode on a german style keyboard is often “times of wonder”. Use # ( hash) for the backslash and ä for the quotes. I still wonder why I have to use a backslash on a linux system…

Compling Apache 2.4 on Ubuntu or Debian

Posted on by mario
wget http://httpd.apache.org/dev/dist/httpd-2.4.2.tar.gz
wget http://httpd.apache.org/dev/dist/httpd-2.4.2-deps.tar.gz
tar xvfz httpd-2.4.2.tar.gz
tar xvfz httpd-2.4.2-deps.tar.gz
cd httpd-2.4.2/srclib
wget http://mirror.netcologne.de/apache.org//apr/apr-iconv-1.2.1.tar.gz
tar xvfz apr-iconv-1.2.1.tar.gz
mv apr-iconv-1.2.1 apr-iconv
wget http://zlib.net/zlib-1.2.6.tar.gz
tar xvfz zlib-1.2.7.tar.gz
mv zlib-1.2.7 zlib
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.21.tar.gz
tar xvfz pcre-8.21.tar.gz
mv pcre-8.21 pcre
wget http://www.openssl.org/source/http://openssl.org/source/openssl-1.0.1.tar.gz
tar xfz openssl-1.0.1.tar.gz
cd openssl-*
./config --prefix=/usr zlib-dynamic --openssldir=/etc/ssl shared
make
make test
sudo make install
cd ../..
./buildconf
./configure --prefix=/opt/apache2 --enable-pie --enable-mods-shared=all --enable-so --disable-include --enable-deflate --enable-headers --enable-expires --enable-ssl=shared --enable-mpms-shared=all --with-mpm=event --enable-rewrite --with-z=/home/mario/apache24/httpd-2.4.2/srclib/zlib --enable-module=ssl --enable-fcgid --with-included-apr
make 
sudo make install
cd ..
wget http://www.trieuvan.com/apache//httpd/mod_fcgid/mod_fcgid-2.3.7.tar.gz
tar xvfz mod_fcgid-2.3.7.tar.gz
cd mod_fcgid-*
APXS=/opt/apache2/bin/apxs ./configure.apxs
make
sudo make install

For using PHP install php-cgi

add httpd.conf

FcgidMaxProcesses 50
FcgidFixPathinfo 1
FcgidProcessLifeTime 0
FcgidTimeScore 3
FcgidZombieScanInterval 20
FcgidMaxRequestsPerProcess 0
FcgidMaxRequestLen 33554432
FcgidIOTimeout 120

in each vhost

Options Indexes ExecCGI
AddHandler fcgid-script .php
FCGIWrapper /usr/lib/cgi-bin/php5 .php

Posts Tagged linux

Archives by Month: