iPhone 4 and iPhone3Gs

Got my iPhone4 on Wednesday (6/23/2010), so I spent the previous weekend jailbreaking and unlocking my 3Gs. Unfortunately, I used Spirit to jailbreak my 3.1.3 iPhone3Gs with the 05.21.01 baseband and it was the first time I did jailbreak the phone. So I was unable to update it to IOS4. I need it be unlocked to work on Tmobile. Nonetheless, using it was better than I thought it would be, but the signal in my home is really weak unless I am upstairs. I am keeping an eye out to figure out how I can update it to IOS4 and unlock it.

By the way, I like the new phone a lot. I had issues getting it ordered, but I only did it through Apple. And I have to say to everybody that was complaining about AT&T, Apple had their own issues too. A lot of the time was when it was verifying my AT&T account, but there were other times when it was all Apple. I was able to get my order processed at about 5pm Pacific time.

My only issues so far have been the sharp edges. I hate having to use a case, but I think I going to have to. Also, I have noticed the signal degredation, when holding the phone in my left hand, which I do all the time. The case should help with that too.

How to add more swap space in linux.

I used this procedure to add swap space to a server, where I not more available partitions, but had space on a previously formated partition.

# mkdir /var/swap

Create container files:
# dd if=/dev/zero of=/var/swap/swapfile1 bs=1024 count=65536
# dd if=/dev/zero of=/var/swap/swapfile2 bs=1024 count=65536
# dd if=/dev/zero of=/var/swap/swapfile3 bs=1024 count=65536
# dd if=/dev/zero of=/var/swap/swapfile4 bs=1024 count=65536

Format as swap:
# mkswap /var/swap/swapfile1
# mkswap /var/swap/swapfile2
# mkswap /var/swap/swapfile3
# mkswap /var/swap/swapfile4

Add them to startup:
# vi /etc/fstab

/var/swap/swapfile1 swap swap defaults 0 0
/var/swap/swapfile2 swap swap defaults 0 0
/var/swap/swapfile3 swap swap defaults 0 0
/var/swap/swapfile4 swap swap defaults 0 0

Enable them:
# swapon -a
Check them:
# swapon -sh

Improve performance of Thunderbird 3 (IMAP).

When I did a new installation of Fedora 13 and configured Thunderbird 3.0.4 for IMAP, I found that the performance was just atrocious. It was downloading all the messages from all my folders.

The release notes for Thunderbird gave me a hint:

IMAP Folder Synchronization

Thunderbird will download IMAP messages by default in the background to allow for faster message loading and better offline operation. This feature can be enabled on an individual folder basis via Folder properties, or for all folders in an account via Account Settings / ‘Synchronize & Storage’.


I turned this “feature” off for my account. It is in “Account Settings” and then “Synchronization & Storage” for my IMAP account. From here, I unchecked “Keep messages for this account on this computer.” Also, I changed the “Disk Space” setting from “Synchronize all messages locally regardless of age” to “Synchronize the most recent 1 Weeks.” These two settings made a huge improvement to my performance. Yes, I lose offline access, but that does not matter to this desktop computer.

How to verify wbinfo_group.pl via command line.

The following is a good way to verify whether your squid configuration with NTLM authentication is properly set up to utilize Windows Active Directory group memberships:

# echo “username windowsgroup” | /usr/lib/squid/wbinfo_group.pl -d
Debugging mode ON.
Got username windowsgroup from squid
User: –username
Group: –windowsgroup
SID: -S-1-5-21-915438365-207112795-1232828436-3341-
GID: -16777237-
Sending OK to squid

Howto Join An Active Directory Server using RHEL5.x/CentOS5.x and Samba 3.0.x

I used the following procedure to join a simple Windows 2003 Active Directory.

Ensure that your time is synced with the ADS machines via ntp.conf.

I used the following to sync time to my NTP server:
# cat /etc/ntp.conf
restrict default kod nomodify notrap nopeer noquery

restrict -6 ::1

fudge stratum 10

driftfile /var/lib/ntp/drift

keys /etc/ntp/keys

server ntp.domain.com
restrict ntp.domain.com mask nomodify notrap noquery

Ensure that your name resolution is configured properly. If needed, modify via /etc/sysconfig/network with the fully qualified name. Also, the /etc/resolv.conf should use the same DNS servers that handle the dynamic updates for the ADS domain.

For example:
# hostname

# cat /etc/resolv.conf
search domain.local

Configure kerberos:

For example:
# cat /etc/krb5.conf
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

default_realm = DOMAIN.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes

kdc = pdc.domain.local:88
admin_server = pdc.domain.local:749
default_domain = domain.local

.domain.local = DOMAIN.LOCAL
domain.local = DOMAIN.LOCAL

pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false

Test kerberos:
kinit -V administrator@DOMAIN.LOCAL

You should get the following kind of output:
Authenticated to Kerberos v5

Configure samba:
# cat /etc/samba/smb.conf
workgroup = DOMAIN
preferred master = no
server string = Linux Test Machine
security = ADS
encrypt passwords = yes
log level = 3
log file = /var/log/samba/%m
max log size = 50
printcap name = cups
printing = cups
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nested groups = Yes
winbind separator = +
idmap uid = 600-200000
idmap gid = 600-200000
;template primary group = “Domain Users”
template shell = /bin/bash

comment = Home Direcotries
valid users = %S
read only = No
browseable = No

comment = All Printers
path = /var/spool/cups
browseable = no
printable = yes
guest ok = yes

Use the testparm command to verify your samba configuration:
# testparm
Load smb config files from /etc/samba/smb.conf
Processing section “[homes]”
Processing section “[printers]”
Loaded services file OK.
‘winbind separator = +’ might cause problems with group membership.
Press enter to see a dump of your service definitions

Join the domain:
net ads join -U administrator

You will be prompted for the administrator password. If successful a message will be displayed stating as such.
For example:
Using short domain name – DOMAIN

Joined ‘RHEL5’ to realm ‘domain’

From here you can execute several commands to test:

# net ads testjoin DOMAIN
Join is OK

Start up the samba related services:

# service smb start
# service winbind start

The following will list both local user IDs and ADS user IDs:
# wbinfo -u

The will list ADS group names:
# wbinfo -g

The following will verify ADS authentication (In this example, “password” is the administrator account password.):
# wbinfo -a administrator%password
plaintext password authentication succeeded
challenge/response password authentication succeeded

Modify nsswitch.conf to support ADS authentication:
# cat /etc/nsswitch.conf
passwd: files winbind
shadow: files winbind
group: files winbind
hosts: files dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: nisplus
publickey: nisplus
automount: files nisplus
aliases: files nisplus

This is very important. Make sure you are logged into a couple virtual terminals as root in case there is a problem. You can end up locking yourself out.

Make a backup copy of /etc/pam.d/system-auth-ac:
# cd /etc/pam.d
# cp -rp system-auth-ac system-auth-ac.orig

Edit the system-auth-ac file:
# cat /etc/pam.d/system-auth-ac
auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth sufficient pam_winbind.so use_first_pass
auth required pam_deny.so

account required pam_unix.so
account sufficient pam_succeed_if.so uid < 100 quiet account sufficient pam_winbind.so use_first_pass account required pam_permit.so password requisite pam_cracklib.so retry=3 type= password sufficient pam_unix.so nullok use_authtok md5 shadow password sufficient pam_winbind.so use_first_pass password required pam_deny.so session required pam_limits.so session required pam_unix.so session required pam_winbind.so use_first

Nagios installation procedures used on CentOS5.

Ensure that you have the following installed:
httpd, gcc, glibc, glibc-common, gd, gd-devel

Create accounts and groups.
useradd -m nagios
passwd nagios
groupadd nagcmd
usermod -a -G nagcmd nagios
usermod -a -G nagcmd apache

Build nagios from the source.
cd /usr/local/src
Download nagios and nagios-plugins from http://www.nagios.org/download/ to /usr/local/src.
tar -zxvf nagios-3.0.5.tar.gz
cd nagios-3.0.5
./configure –with-command-group=nagcmd
make all 2>&1 | tee MAKEALL.log
make install 2>&1 | tee MAKEINSTALL.log
make install-init 2>&1 | tee MAKEINSTALLINIT.log
make install-config 2>&1 | tee MAKEINSTALLCONFIG.log
make install-commandmode 2>&1 | tee MAKEINSTALLCOMMANDMODE.log
cd /usr/local/nagios/etc/objects/
cp -rp contacts.cfg contacts.cfg.orig
vi contacts.cfg
htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
cd /usr/local/src/nagios-3.0.5
make install-webconf 2>&1 | tee MAKEINSTALLWEBCONF.log
service httpd restart
cd ..
tar -zxvf nagios-plugins-1.4.13.tar.gz
cd nagios-plugins-1.4.13
./configure –with-nagios-user=nagios –with-nagios-group=nagios
make 2>&1 | tee MAKE.log
make install 2>&1 | tee MAKEINSTALL.log
chkconfig –add nagios
chkconfig nagios on

This is a great way to debug errors in your configuration files:
/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

service nagios start

I created configuration files based the template.cfg provided in the distribution in the objects directory.
cd /usr/local/nagios/etc/objects/

You have to make changes to your nagios.cfg file based on any new configuration files you created above.
vi ../nagios.cfg

Check your configuration:
/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

You have restart nagios whenever you make a change to the configuration files.
service nagios restart

Installed NSClient on a Windows 2003 server to monitor it in nagios.
Edit nsc.ini. The file is pretty well documented.

The following is how I installed nrpe on a linux system to allow nagios to monitor it.
Install nrpe to allow nagios access to system status
cd /usr/local/src
wget http://internap.dl.sourceforge.net/sourceforge/nagios/nrpe-2.12.tar.gz
useradd nagios
passwd nagios
wget http://superb-east.dl.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.13.tar.gz
tar zxvf nagios-plugins-1.4.13.tar.gz
cd nagios-plugins-1.4.13
./configure 2>&1 | tee CONFIGURE.log
make 2>&1 | tee MAKE.log
make install 2>&1 | tee MAKEINSTALL.log
chown nagios.nagios /usr/local/nagios
chown -R nagios.nagios /usr/local/nagios/libexec/
cd ..
tar zxvf nrpe-2.12.tar.gz
cd nrpe-2.12
./configure 2>&1 | tee CONFIGURE.log
make all 2>&1 | tee MAKEALL.log
make install-plugin 2>&1 | tee MAKEPLUGIN.log
make install-daemon 2>&1 | tee MAKEDAEMON.log
make install-daemon-config 2>&1 | tee MAKEDAEMONCONFIG.log
make install-xinetd 2>&1 | tee MAKEXINETD.log
vi /etc/xinetd.d/nrpe

only_from =

vi /etc/services

nrpe 5666/tcp # NRPE

yum install xinetd
service xinetd start
netstat -at | grep nrpe

Verify nrpe is working:
/usr/local/nagios/libexec/check_nrpe -H localhost
/usr/local/nagios/libexec/check_nrpe -H localhost -c check_users
/usr/local/nagios/libexec/check_nrpe -H localhost -c check_load

Add customized commands to support the machine
vi /usr/local/nagios/etc/nrpe.cfg

# Customized for this machine
command[check_users]=/usr/local/nagios/libexec/check_users -w 5 -c 10
command[check_load]=/usr/local/nagios/libexec/check_load -w 15,10,5 -c 30,25,20
command[check_hda1]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/hda1
command[check_hda2]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/hda2
command[check_hdd1]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/hdd1
command[check_hdd2]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/hdd2
command[check_hdd5]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/hdd5
command[check_zombie_procs]=/usr/local/nagios/libexec/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/local/nagios/libexec/check_procs -w 150 -c 200
command[check_mailq_timeout]=/usr/local/nagios/libexec/check_mailq -M postfix -w 5 -c 15
command[check_mailq]=/usr/local/nagios/libexec/check_mailq -w 10 -c 20
command[check_procs_named]=/usr/local/nagios/libexec/check_procs -C named -t 3 -w 1:1

How to NAT a Linux virtual interface.

I was able to use the following iptables configuration to NAT from a linux virtual interface (eth1:1) to an email/web server on my LAN (192.168.0.x). virt_ip_addr is the IP address I assigned to eth1:1, and is the IP address of the server on my LAN. This works with both INPUT and FORWARD chains set to DROP.

This may not be the best solution, but it took quite a while to figure out how get something in place that works.

# nat PREROUTING Chain Rules

-A PREROUTING -d virt_ip_addr -p tcp –dport 25 -j DNAT –to
-A PREROUTING -d virt_ip_addr -p tcp –dport 80 -j DNAT –to

# nat POSTROUTING Chain Rules

-A POSTROUTING -o eth1 -j SNAT –to-source virt_ip_addr

# filter FORWARD Chain Rules

-A FORWARD -p tcp -i eth0 -o eth1 -s -m multiport –sports 25 -j ACCEPT
-A FORWARD -p tcp -i eth1 -o eth0 -d -m multiport –dports 25 -m state –state NEW -j ACCEPT
-A FORWARD -p tcp -i eth1 -o eth0 -d -m multiport –dports 25 -j ACCEPT

-A FORWARD -p tcp -i eth0 -o eth1 -s -m multiport –sports 80 -j ACCEPT
-A FORWARD -p tcp -i eth1 -o eth0 -d -m multiport –dports 80 -m state –state NEW -j ACCEPT
-A FORWARD -p tcp -i eth1 -o eth0 -d -m multiport –dports 80 -j ACCEPT

VMWare Fusion boot delay.

From the Virtual Machine Library, select the machine and hold down the control key. Right mouse click and select “Show in Finder.” Right mouse click the .vmwarevm file, and select “Show Package Contents.” From here, use TextEdit to add the following line to the .vmx file listed in the directory:

bios.bootDelay = “3000”

How to find a tab character in vi.

To display all the special characters or escape sequences:

: set list

To find the tab character (^I). Hold down control and hit vi.:


Now supporting mobile devices.

I installed the WordPress Mobile Edition plugin, so now the site can be easily read from a mobile device. It gets me to the information pretty quickly. It even supports search. Works fine from my phone, although I like the WordPress mobile application better to create new posts.

Return top