Notes:

• Does not apply to voltage-signalling or dumb UPSes such as the older BackUPS models.
• In a future release of apcupsd this procedure will be replaced by a daemon operation.
• Do not run the recalibration command more than once or twice per year as discharging these kinds of batteries tends to shorten their life span.
• While recalibrating you should supply a load of about 30 to 35% but not more than 50%. You can determine the load by looking at the output of the apcaccess status command while apcupsd is running.

The trick was simple — all steps described in VirtualBox User Manual, see chapter 9.9.

I done such steps:

(pathtovboxprogramfolder)\VBoxManage internalcommands listpartitions -rawdisk \\.\PhysicalDrive0

which gives:

Number Type StartCHS EndCHS Size (MiB) Start (Sect)
1 0x07 0 /1 /1 694 /239/63 5131 63
5 0x83 695 /1 /1 1023/239/63 9856 10508463
6 0x82 1023/1 /1 1023/239/63 1026 30693663
7 0x07 1023/1 /1 1023/239/63 136611 32795343

Partitions Ubuntu VM needs access are 5 (root fs) and 6 (swap). Next command makes special .vmdk file for such partitions:

(pathtovboxprogramfolder)\VBoxManage internalcommands createrawvmdk -filename (pathtovboxdisksfolder>)\raw5and6.vmdk -rawdisk \\.\PhysicalDrive0 -partitions 5,6

And, for last, this .vmdk file could be registered with VirtualBox “Virtual Disk Manager” and used for VM.

Wifi coverage is everywhere in the building, so I could write it right now. The whole event is very well organized and very interesting, so thanks to Sun Microsystems!

SSH-1.99-OpenSSH_3.8.1p1 Gentoo-8.2.4

It is obvious that as on of security measures it is good idea to may harder for attacker to gain any information about system we protect; for example, well-known Linux Iptables Tutorial says: “The best thing to do, is to give as little material as possible for the attacker to get a proper fingerprint on.” I could imagine only one reason for such unsecure behaviour of SSH service: to allow collect statistic information. But if you are admin of this host, you know what OS is there. If you are not, it’s not your business, right?

In most OSes and distros there is no command-line or config file option to turn off such verbosity. So, at first, there are the one way to do this: get sshd source, patch it, compile it, and install it. And you should do this after each security update.

But we could apply the simple patch right on the sshd binary executable, because we know exactly what to change. SSH daemon is written in C, so all the text strings are plain text strings, starting at fixed offset fron begin of file are ended by zero-byte. We could easily modyfy such string, if it is unique in binary file an if new text will be no longer than original one. At the and we will put a zero byte, it will be interpreted as the end.

What exactly would we like our SSH to answer? Theoretcally, it should be anything starting with ‘SSH’, but in practice there are some restrictions. There are different ssh server implementations, and many clients use that banner string to recognize specific servers with specific bugs (i.e, if you have Putty (ssh client), look to “Connection”>”SSH”>”Bugs” screen in settings window). This topic on commercial SSH implementation forum states that minimal safe string would be ‘SSH-2.0-0′. My own expirience is limited, but there was no problem with such banner string.

Searching for tool, my first look was at unix utility ’sed’, but it is wrong tool for this job. As sed documentation says:

Specifically, use awk or perl if you need to: (…) handle binary data (control characters). (perl: binmode)

So, I use perl one-liner (look at ‘perlrun’ for more explanation):

PERLIO=':raw'; export PERLIO; perl -pi.bak -e 's{(OpenSSH)_([^\x00]+Debian)}{$1\x00$2}’ /usr/sbin/sshd

.

So, the source is right here:

< ?php /*
Plugin Name: MNR Mask Wordpress Version
Plugin URI: http://melnikov.net.ru/
Description: Replaces WordPress version all the output (except admin panel).
Author: Anton Melnikov
Version: 0.1
Author URI: http://melnikov.net.ru/mnr-mask-wpversion/
License: GPL */
function mnr_maskWpVersion() {
		global $wp_version;
		if(  ! ereg( '/wp-admin/', $_SERVER['SCRIPT_FILENAME'])   ){
			$wp_version = '9.1.1';
		}
}
add_action('init', 'mnr_maskWpVersion', 1);
?>

The logic: if user runs script from /wp-admin/ folder, hi is authorized Wordpress backend user (otherwise script will gives out redirect and quits); Wordpress backend depends on $wp_version value, so we leave it as is. It is needed in two functions at least:

• wp-admin/includes/update.php, function wp_update_plugins()
• wp-admin/includes/upgrade.php, function wp_check_mysql_version()

, but there are more of them.

Any script not from /wp-admin/ folder could be started by unauthorized user and it seems we could gives out any fake version number without the risk of backend problems. In case some automated processes are sensitive to format of strings with this version number (http headers used for feed requests/answers, etc), it is formatted as real version number in this plugin — three dot-separated digits, ‘9.1.1′ in my example. You could change it for what you like.

The plugin is of alfa quality, it definitly needs more testing. If you have bug or some idea, feel free to write it right here.

In RAID setup time all subject systems were configured so:

• in /etc/kernel-image.conf was line do_initrd = yes (for initrd.img creation after new kernel install or upgrade)
• in /etc/mkinitrd/modules was line raid1 (for automatic inclusion of raid1 module to new initrd.img)
• in /etc/mkinitrd/mkinitrd.img was line MODULES=dep (for automatically including all the moduless needed for system boot-up)

Tomorrow doing other maintenance tasks i I also solved this issue. It was caused by changes in ‘initramfs-tools’ package, that introduce set of tools parralel to mkinitrd. The kernel package install script uses ‘mkinitramfs-kpkg’ tool that looks for config files in /etc/initramfs-tools folder. There are ‘initramfs.conf’ file that is functionally equal to ‘mkinitrd.conf’, and also ‘modules’ file. After modyfying both in the same fasion as older mkinitrd configs.. all works great.

Also I set up new template (White as Milk), just to found that it needs some amount of work before it will shine. The template definitely needs more working on it, and after fixing it to some degree i will release it to the public. At this time support added for widgets in the sidebar and Simple Tags plugin.

Let’s see, how successful this second blogging attempt will be.

• Jeff Garzik (Linux kernel libATA developer): Serial ATA controllers support status and more..
• LinuxMafia: Serial ATA (SATA) chipsets — Linux support status
• Some notes about hardware-RAID SATA controllers.
• Some more info about hardware-RAID SATA controllers. (Resume: buy MegaRAID SATA 300-4X (or 300-8X).)