2017. szeptember 19., kedd

Difference between URL masking and URL redirect

Hi guys. It's been a while since I wrote something on here. While I was looking at the URL redirects on my website, I noticed that I should actually mask the URLs that should look nicer. I have got a few redirects in order to use them on external referral sites and they end up hitting my website. When the resulting link is masked, it looks nicer and reveals less information to the visitor.

So the redirects I have got set up are as follows:

www.miklos.info/munka → www.miklos.info/hu/3/it-konzultacio?lang=hu
www.miklos.info/consulting → www.miklos.info/en/3/itconsultation?lang=en

When the above referring links are getting visited, they used to be rewritten in the browser title bar so the resulting links were displayed until now. I wanted the URL to be masked and the visited link URLs are not be rewritten but keep the original links in the browser title bar displayed, the content however would be served. I am using Apache as a web server on my website, so the Redirect and Rewrite rules can be used via the Rewrite Engine feature :-) . So far I had redirects in my webpage .htaccess file in the web root directory as below. 

Redirect /munka /hu/3/it-konzultacio?lang=hu
Redirect /consulting /en/3/itconsultation?lang=en

The above redirects work fine but it results the browser's title bar containing the long, unmasked link when you used to visit the site. 

Note that here I do not need to redirect the request to another site, I just need them remain on the same site, but with different URLs. I would like the URL masked in the title bar. After having read the official documentation and pondering a little bit, I realized how can I mask the URLs. You can just simply use the RewriteRule directive! So simple. It masks the URLs and the serves the content from the resulting links without changing the URL in the display bar. Let's see how to solve the problem by using the correct rewrite rules. My configuration is as below. 

RewriteEngine On
RewriteRule ^munka$ /hu/3/it-konzultacio?lang=hu [L]
RewriteRule ^consulting$ /en/3/itconsultation?lang=en [L]

Save and quit the config file and reload the webpage in browser. After applying the new rewrite rules in Apache, I get the new content served but with the original URL! So with the word munka, the content on the line following is being served (/hu/3/it-konzultacio?lang=hu) and visiting the site with the word consulting in the URL in the end, the content is served which is on the line to the right after the word (/en/3/itconsultation?lang=en).

Voila! The web page(s) are served with the new, redirected content but the URL remains the original, masked! This is how you mask the URL in the title bar with Apache using the rewrite rule feature. 


Miklos Quartus
IT geek
19 September, 2017

2016. május 25., szerda

Docker on Debian Linux 32-bit PC architecture

Docker recently has got a large hype due to its simplicity and lightweight nature. It's especially useful for developers to try out software builds in an isolated namespace without messing with the base system libraries and dependencies. I was a bit frustrated when I wanted to look into Docker, as it did not work for me after following the Docker Quickstart docs, though it is quite straightforward. Downloading a.k.a 'pulling' the default Docker image for Debian Jessie from Docker hub results in:

[qmi@qmitoshiba:~]$ docker pull debian:jessie
jessie: Pulling from library/debian
e41045043712: Pull complete
ce58426c830c: Pull complete
Digest: sha256:3dc34c5b6d35644b1c1af8cc3e0665022611e78999d7269c460afc5a0678ac45
Status: Downloaded newer image for debian:jessie

So far so good. But when I tried running it, it failed with the known exec format error:

[qmi@qmitoshiba:~]$ docker run -i -t debian:jessie /bin/bash
exec format error
Error response from daemon: Cannot start container f14f9b8ddc08f8f5722d28c39b36ef69e15ec98f6bf5a9582237cf938398e043: [8] System error: exec format error

This error message did not look good at first. Then I recalled from my past that this must be something to do with my laptop's architecture. I am having my Debian running on a 32-bit Toshiba laptop, which otherwise works fine. I can run Debian Sid perfectly well, including the Docker daemon and the docker client tool. The following command clearly shows the ELF binary header being my OS on my laptop is a 32-bit platform:

qmi@qmitoshiba:~]$ file /usr/bin/docker
/usr/bin/docker: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=fefa6e269130abb71db94873811c37e86c14c066, not stripped

Ooops...then looking into the pulled Docker image closely, it turns out that it was built for amd64 architecture:

[qmi@qmitoshiba:~]$ docker inspect debian:jessie | grep -A1 "Architecture"
    "Architecture": "amd64",
    "Os": "linux",

Unfortunately, the Docker Quickstart docs (mentioned above) does not state it clearly that the standard images were built for 64-bit platforms and that is how they were published to the registry. This leaves the 32-bit users in a dire need reaching out for help :-/ . I knew for sure that this could be fixed, so I did my own research. I found this blog a great help, so I can just extend what I found there. Kudos to J M Keyes! Credits go to him. Let's prepare our own bootstrapped Jessie core image as follows:

$ mkdir rootfs
$ sudo debootstrap jessie rootfs/

This takes a while but we will get a basic Debian Jessie file system image. Let's compress it into a tar+gzipped image, mine becomes a mere 137Mb size tarball after it's compressed. Make sure you compress it by cd-ing into the directory first, you will need the root directory in the top-level in the tarball image. Suppose you have the bootstrapped image in the directory called roofs in the current active directory, you can use the following command to compress it quickly:

$ sudo tar -czf rootfs.tgz -C rootfs .

Then you will have the rootfs.tgz containing the compressed file system image. Now, let's build our Docker image. Prepare a file named Dockerfile in the current directory with the following content:

FROM scratch
MAINTAINER Miklos Quartus
LABEL "deployer"="qmi"
ADD rootfs.tgz /

The above will tell Docker how to build a brand new image instead of downloading it from the public Docker registry. Of course, you can replace the MAINTAINER information. The LABEL is optional, but it helps later to administer and keep track of the running container. The last line, 'ADD rootfs.tgz' will tell Docker to add the compressed tarball content to the newly built Docker image as a base file system. Now, we are ready to build our first image! It's so simple. Do the following (you don't have to be root):

[qmi@qmitoshiba:~/docker/test]$ docker build -t jessietest .
Sending build context to Docker daemon 143.2 MB
Step 0 : FROM scratch
Step 1 : MAINTAINER Miklos Quartus

 ---> Using cache
 ---> f24ad889833e
Step 2 : LABEL "deployer" "qmi"
 ---> Using cache
 ---> f3ed82889f5b
Step 3 : ADD rootfs.tgz /
 ---> Using cache
 ---> 4d9bbfdae567
Successfully built 4d9bbfdae567

Awesome! It looks like we have just built our first Docker image successfully. You can check it with the command docker images, you'd like. I assume you have the docker application container engine service up and running on your machine (you should have the 'active (running)' state if you run  systemctl status docker.service command), let us try to run our newly build image in our Docker ecosystem. You need to know that every container needs to have an underlying image. So, when we will run our container, we create it and start it in one go. Refer to more explanation for page 62 in the book titled 'Docker Up and Running' :-)

OK, so let's run our container built based on the compressed file system image. We will be requesting a simple shell.

[qmi@qmitoshiba:~/docker/test]$ docker run -i -t jessietest /bin/bash

Voila! There you go! :) We're inside our container running a Bash shell. The container ID is 4cd2f95cbe4a, as the shell prompt shows. The impossible first now became possible after investing in a little bit of effort. I am no longer hurdled by the 64-bit published images in the registry. I have built my own and it works perfectly well. BTW, you can check our container status by running a docker ps command in another terminal.

root@qmitoshiba:~# docker ps -q


Done. We have managed to build our own Docker image for 32-bit platform on Debian. If you have any questions, comments or suggestions, please comment here or send me an email at inbox@miklos.info .

2014. november 28., péntek

Vodafone szolgáltatás-lemondás veszélye - XNET

A minap történt velem, hogy a Vodafone-nál a Zsebnet 1000 szolgáltatást lemondtam. Ez egy 30 naponként megújuló szolgáltatás, ami 1Gb-ot ad 2490Ft-ért. Jó a szlogenjük a weblapjukon: "Zsebedben az Internet!". Azonban elfelejtenek egy alattomos csalásra felhívni a figyelmet: a lemondáskor a havidíj fel nem használt része nem kerül jóváírásra, az addig meglévő, tisztességes úton megvásárolt adatforgalom elveszik. November 21.-én kaptam 1Gb-ot az előfizetésemre, ami jóváírásra került. Még aznap úgy döntöttem, hogy lemondom. Ehhez egy 'XNET' szócskát kell a 1270-es számra küldeni, ahogy ez a honlapjukon szerepel. Azonban lemondás után rövidesen törlik a teljes szolgáltatást és a meglévő adatforgalom is teljesen ELVESZIK! Ezt természetesen nem verik nagy dobra, sehol nem hangoztatják. Ez véleményem szerint bőven kimeríti a tisztességtelen piaci magatartás tevékenységét. Az ügyfélszolgálattal természetesen kapcsolatba léptem, ők is csak megerősíteni tudták az alábbiakat:

"Köszönjük, hogy felkereste honlapunkat.

Levelére válaszolva tájékoztatjuk, hogy panaszára vonatkozóan az Általános Szerzödési Feltételek Díjszabás mellékletének 2.1-es pontja az alábbi információt tartalmazza.

"A GPRS WAP és GPRS Internet havidíj levonása az elöfizetö számlájáról elöre történik, és hóközi lemondás esetén a havidíj fennmaradó része nem kerül jóváírásra. Ismételt aktiválás esetén a teljes havidíj ismételten levonásra kerül. Az adatforgalom a küldött és fogadott adatmennyiség együttes összegét jelenti."

A fentiek értelmében, ha Ön lemondja a GPRS Internet szolgáltatást, úgy azt elöfizetéséröl töröljük, függetlenül attól, hogy felhasználta-e a 100 MB adatforgalmat. Ha a szolgáltatás ismételten megrendelésre kerül, úgy annak havi elöfizetési díja levonásra kerül az elöre fizetö elöfizetés egyenlegéböl, és teljes egészéhen felhasználható a havidíjban foglalt 100 MB adatforgalom. Szíves megértését köszönjük!"

Láthatóan ebből a linkből is kiderül, hogy nem velem történt meg először az ilyesmi. Tanulság minden honfitársamnak: LEGYETEK ÓVATOSAK, HOGY MIKOR MONDTOK LE SZOLGÁLTATÁST A VODAFONE-NÁL. Érdemes a legutolsó napra hagyni, amikor kihasználtátok az összes forgalmi keretet. És ha a fenti infó nem volt elegendő a kedves - netán Vodás - olvasóimnak arra, hogy kedvet csináljon más szolgáltató után nézni, akkor figyelmeztetnék mindenkit, hogy náluk a hang-alapú internethasználat (pl. VOIP telefonálás Skype-pal, Rynga-val, stb.) nem engedélyezett (!):

"A Vodafone felhívja az ügyfelek figyelmét, hogy a ZsebNet opciók esetén a mobil eszközökre letölthető alkalmazásokon (Skype, MSN, Viber, WhatsApp, stb.) keresztül használt, internet alapú hang/video-hívások indítása - és kliens szoftver függvényében a szöveges chat üzenetek küldése - nem engedélyezett. "

Lásd a lakossági ÁSZF. idevágó pontjait, 41. oldal, 2.4.1 bekezdés, ahol ők saját maguk teszik ezt nyilvánossá. Persze ez a marketingjükben nem szerepel, ügyesen elhallgatják.

Good-bye Vodafone!

2014. november 13., csütörtök

Informatikai konzultáció, tanácsadás

Elkészült magyarul is az a weboldal, ahol néhány dolgot összegyűjtöttem arról, milyen számítástechnikai munkát, informatikai tanácsadást vállalok a leendő magyarországi ügyfelek számára. Ez a lista nem teljes, hanem folyamatosan bővülni fog. Fő profilom a Linux (Debian/Ubuntu) és nyílt-forráskódú terület (FreeBSD is). Ezen belül konzultálok vagyis szakmai segítségnyújtást vállalok a következőkben:

  • Operációs rendszer üzemeltetés, támogatás, rendszergazdai támogatás
  • Felhő-alapú megjelenés (AWS, Google Cloud), virtualizáció (Xen, VMWare)
  • IT infrastruktúra tervezés, automatizálás (Puppet), fejlesztői támogatás
  • Tűzfalak (iptables, pfSense), terhelés-elosztás (Riverbed Stingray Traffic Manager)
  • Webes megjelenés (webhosting), domain regisztráció, LAMP 
  • Mentés-archiválás (rsnapshot, rsync, bacula)
  • Shell-szkriptelés, Python ill. AWS szkriptek írása
  • IT biztonság, behatolás-tesztelés, "white hat hacking", sebezhetőség-vizsgálat, hibakeresés
Fontos, hogy a magyarországi vállalatok, vállalkozások számára is rendelkezésre álljanak olyan szakemberek, akik adott esetben tudnak vállalni ilyen munkákat és juttatás ellenében bérelhetők.

2014. október 21., kedd

My personal website is up

Thanks to GoDaddy Inc., I have been able to set up my official website using their free web hosting. My website can be reached at www.miklos.info. I will continue to provide professional IT consulting services, IT infrastructure support, IT security improvements, support for open-source software using Debian GNU/Linux, FreeBSD and the like.

2014. október 17., péntek

Why I left the UK - why you should not live in UK as a foreigner

The reasons I don't like the UK / London and I am leaving it. The below are resulting from 3y of actual living experience, both in London and elsewhere in the countryside (Devon 1y, Hertfordshire 4m).

Unregulated, unsafe, bureaucratic
People do everything they want. Very low safety and security. Police have little force and people can get away with many minor crimes with little or no justice. Just one example: in 2013 autumn, 6 cyclists were in killed in 9 days in the streets of London in traffic accidents(!). Every official paper you apply for, you need to provide proof of address or proof of ID from the past 3 months (you do not necessarily get such papers from official authorities that often). You need to prove that you are who you are by providing all sorts of paper proofs, making expensive phone calls and visiting customer services on your costs and efforts. The authorities or officials do not help you in validating your past or identification. This shows the poor information technology and the lack of trust. Lot of burden and difficulty of everyday life on the people.

Carelessness, laziness, superficiality
Many areas in life people are careless, negligent. Things are done only on the surface, if you want the details they don't care unless you force your way. Instead of giving you the details you need, they give you little information and then just tell you, 'If you have any questions, just ask.' This shows the lack of thorough work, the necessary preparation and demonstrates superficiality.

Untidy, unclean
Rubbish is all around (bus stops, streets, open areas), rubbish bins are so dirty that I could vomit when I see them, I do not even go close to them when I try to throw away something (including in front of church entrance, the outside public rubbish bins on Tottenham Court Road), mice in underground, etc. Only touristy areas and rich neighbourhoods are kept clean. Recycling is only on papers and bulletin boards, in real life people could not care less then selecting recyclable waste from regular waste. When you tell them off, they become hostile. When English people see something that is clean and tidy, they call it 'luxury'.

Self-centered, self-worshiping
People are seeking what is good for themselves and placing their own interests above everything including common interests. The last thing they care is about their community. They are seeking joy and fulfillment in finding profit and money everywhere they can and spending it on entertainment, comics, films, theatres, luxury clubs, etc. People violate others' personal space, privacy if it's in their interests (quickly firing employees without necessary training or coaching, landlords firing tenants not respecting notice periods, etc.)

Salaries are low, properties are expensive
You might be saying, 'What???? In this country salaries are high.' Well, on paper, yes. If you compare it with the price of properties and the quality of life (see next point) salaries are actually low!!! If they were earning well, most people would be living on their own flats/houses and not in shared accommodation. A dirty room in an untidy house could cost from £90 per week up to £150 per week. Renting your own place in a decent (not too nice!) neighbourhood starts £1200 pcm for a 1-bedroom flat. You need to be earning at least £60K annually in order to live comfortably in the greater London area. The situation is not easier in the country. Property prices are lower but salaries are likewise. An average family are paying one half of a normal monthly salary for a property rental/mortgage which is not taken care well, dilapidated and run-down. Properties are incomparably expensive. Landlords are unregulated by the Law, they can do everything the market desires.

Expensive and low quality of life
General, everyday life which is affordable is on very low quality. Food, drinks, services etc. that are affordable are low quality for everyday people. If you want to achieve some good quality, you need to pay a very high price in every area of life. Quality and assurance checks are almost non-existing. You need to be very careful to avoid scams, bad quality services, food, drinks, etc., therefore too much burden is on the last chain of trading: the people. Two years ago people could not withdraw cash for 3 days from one of the most popular banks' ATM machines due to a computer software failure throughout the whole country. Last year, many restaurants including fast food sold horse meat as beef countrywide.

In summary, the above points are true mainly in London but more or less also elsewhere in the country in general. Note that the above blog is based on my personal experience. 

2014. március 26., szerda

New S/MIME certificate into Mozilla Thunderbird install success

I had quite a struggle to make my secure email working in Mozilla Thunderbird the other day. Firstly, I had to sign and install the certificate in the browser as suggested by CaCert's knowledgebase article. Thankfully, I possess 100 assurance points in CaCert Community which means I am certified to sign web and email certificates. So I created a client certificate to my email address and installed it into my Firefox browser. This placed it on the keystore under Tools -> Options -> Advanced -> Certificates -> View Certificates, under the 'Your Certificates' section. The next step would be to insert it into Thunderbird to be able to use it, but that required a PKCS #12 bundled file format (Personal Information Exchange), which includes the key. To obtain that format from my certificate, I had to back up the key from the keystore in FF. This resulted in a .p12 certificate file as shown on the picture. Note the little brown-yellow key on the envelope! That means it's a secure certificate file containing the key.

Then, I could import into Thunderbird using the Import menu in the certificate manager. I finally managed to figure it out. Now I am able to digitally sign my email messages using the S/MIME signature. The Certificate Authority was used to issue the certificate is CaCert a.k.a. 'Root CA' in the keystore.

This means that the emails I will send digitally signed will make sure my identity is verified and the message's content free from tampering or alteration while it reaches the recipient. The link on superuser.com contains my contribution to the community in relation to the matter. 

Happy email signing and stay secure!