Jason Antonacci: Clever Guy

In my previous post on Google two-factor authentication , I mentioned using Google Voice as your ICE (In Case of Emergency) phone number.  Adding multiple phones in Google Voice Settings permits one call to simultaneously ring all your important numbers.  Better leverage this resource in an emergency by creating a ICE lock screen wallpaper for your mobile phone.  See the LifeHacker article... Add an Emergency Number to Your Phone's Lock Screen Wallpaper [Emergency Preparedness] . If you're ever in an accident or have a medical emergency it is important for authorities to have an easily accessed emergency contact number so your love ones can be reached. Given that many of us lock our phones, you may want to consider editing your lock screen wallpaper image to include an emergency contact number. More »

This Is Important, You Should Know About It... PROTECT IP Act Breaks The Internet from Fight for the Future on Vimeo . The Internet Blacklist Bill — known as the “ PROTECT IP Act ” or S. 968 in the Senate and the “ Stop Online Piracy Act ” or H.R. 3261 in the House — has been discussed in the past , but crunch-time is upon us as Congress officially began holding hearings today on the most harmful Internet censorship legislation of our time. An informative video on the bill’s many ills has been posted above, but, in brief, the legislation, if passed, would essentially hand the Internet over to corporations, allowing them to sue and shut down any website that so much as hosts a link to copyrighted material. Internet Service Providers could be forced to block social media sites, search engines could be required to delete results, and startups could lose their funding — all on the whim of the copyright holder. Perhaps most distressing of all, however, is the fact that t

Vote for me to be the face of @ aboutdotme on a Times Square billboard! https://about.me/jason.antonacci

Frequently,  vendors request an LDAP server's SSL certificate chain to import into a application's keystore.  This is not really needed provided they have openssl available. Use openssl to retrieve the example.com LDAP server's SSL certificate chain:   openssl s_client -showcerts -connect example.com:636   As an example, here is the output from https://www.thawte.com / $ openssl s_client -showcerts -connect www.thawte.com:443 CONNECTED(00000003) depth=3 /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com verify return:1 depth=2 /C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA verify return:1 depth=1 /C=US/O=thawte, Inc./OU=Terms of use at https://www.thawte.com/cps (c)06/CN=thawte Extended Validation SSL CA verify return:1 depth=0 /1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1

I enabled two-factor authentication for all my Google services several weeks ago.  So far, it has been relatively uneventful.  On a few occasions I have had to come downstairs to read the default SMS message and verify, but on other occasions I opted for a voice-based alternative.  I added my Google Voice number as the alternate two-factor authentication line, so all our phones ring.    More Google two-factor authentication info at http://googleblog.blogspot.com/2011/06/ensuring-your-information-is-safe.html .  Also see the getting started guide at http://www.google.com/support/accounts/bin/static.py?page=guide.cs&guide=1056283 . Also checkout Google Voice which makes an excellent ICE (In Case of Emergency) phone number.

Successfully integrated Cisco Unified Communications Manager 8.5.1 (VOIP) with our central authentication and directory service Novell eDirectory 8.8.3 (LDAP) after 2 days research and testing. All 15,000+ users were imported quickly and with no issues. While Novell eDirectory is not officially Cisco supported, supported LDAP directory Oracle SunOne is remarkably similar. The LDAP SSL certificate CN and LDAP server hostname must match correctly.  The following changes were made to integrate CUCM with our enterprise directory services on Novell eDir: LDAP attribute uid is a secondary mapping for eDir CN.  The eDir attribute uniqueID does not have a LDAP mapping. Search results are increased from 200 to 1000 entries. Search timeout is decreased from 20 to 0 (unlimited). Persistent search is disabled (default is enabled). The BindDN user object is permitted 5 concurrent connections (increased from 1). The eDir/LDAP services were restarted via the ndsmanage utility (

We are approved to roll out the Spacewalk client on all 40+ Oracle Solaris servers.  After two weeks eval and testing, and for the first time ever, UNIX systems will be centrally managed.  Spacewalk offers the complete updates, management and kickstart features from Red Hat Satellite free.  We have registered multiple CentOS, Red Hat and Solaris servers already w/o issues.  The Fedora hosted Spacewalk home URL is:  https://fedorahosted.org/spacewalk/

For Linux, mount the ISO image "/iso/file.iso" to the mount point "/media/iso" using the command: sudo mount -o loop,users -t iso9660 /iso/file.iso /media/iso Mount the ISO image "/iso/file.iso" at boot by adding a line to the "/etc/fstab": /iso/file.iso /media/iso udf,iso9660 ro,exec,users,loop 0 0 Sun Solaris always requires that extra effort to complete any task. Mounting an ISO on Solaris requires manually creating the loopback, then mounting it: # /usr/sbin/lofiadm -a /export/iso/sol-companion.iso /dev/lofi/1 # mount -F hsfs -o ro /dev/lofi/1 /mnt/iso Afterward you can verify the block device with lofiadmin and df: # /usr/sbin/lofiadm Block Device File /dev/lofi/1 /export/iso/sol-companion.iso # df -h Filesystem size used avail capacity Mounted on rpool/ROOT/s10s_u7wos_08 37G 4.3G 31G 13% / /devices 0K 0K 0K 0% /devices [...] /dev

A co-worker has the new Moto Droid phone and it is very nice.  I wanted to get the same crisp, well-proportioned fonts on my Nokia e51 (symbian s60 3rd).  There were a few guides on how to permanently replace the system fonts, but I have bricked a phone before and was wary.  It turns out you can simply load them on your microSD media and leave the originals in the phone memory intact! Download the Debian package with the Droid TTF fonts from Maemo.org . The direct link is http://repository.maemo.org/extras/pool/fremantle/free/t/ttf-droid/ttf-droid_1.01-dfsg0maemo3_all.deb . The Debian Package file (DEB) is really a Tar Gzip (TGZ).  Extract the Droid TTF files using a program that supports Tar and Gzip*. Connect the phone to your computer and select "Data Transfer" mode. Create a \Resource folder on the microSD media root and then a Resource\Fonts sub-folder. Copy the Droid TTF fonts to the microSD:\Resource\Fonts folder. Rename the Droid TTF fonts in the microSD

Ran into some SSL issues today and did not have the tools to generate an acceptable CSR/PEM/DER. Here is what I gathered for next time. For *nix: #! /usr/bin/bash PATH="/usr/local/ssl/bin:$PATH" OPENSSL=`which openssl` MOD=1024 KEY=f00bar if [ ! -e "$OPENSSL" ]; then exit; else echo "$OPENSSL exists"; fi if [ ! -d "$HOME/ssl" ]; then mkdir $HOME/ssl; else echo "$HOME/ssl exists"; fi if [ ! -d "$HOME/ssl/csr" ]; then mkdir $HOME/ssl/csr; else echo "$HOME/ssl/csr exists"; fi if [ ! -d "$HOME/ssl/cert" ]; then mkdir $HOME/ssl/cert; else echo "$HOME/ssl/cert exists"; fi if [ ! -d "$HOME/ssl/key" ]; then mkdir $HOME/ssl/key; else echo "$HOME/ssl/key exists"; fi echo -e "\t*\n***\tCreate Server certificate key\n\t*" $OPENSSL genrsa -passout pass:$KEY -des3 -out $HOME/ssl/key/server-pass.key $MOD $OPENSSL rsa -passin pass:$KEY -in $HOME/ssl/key/serve

A few multimedia containers (MPEG-1, MPEG-2 PS, DV) allow you to join video files by merely concatenating them.  Hence you may concatenate your multimedia files by first transcoding them to these privileged formats, then using the humble cat command.  As an example: #!/bin/bash # Divx5 (hq) output for DVD player compatibility videoparams1="mpeg4 -mbd rd -flags +4mv+aic -trellis 2 -cmp 2 -subcmp 2 -g 300 -sameq -b 1000k" # MP3 (stereo) for DVD player compatibility audioparams1="libmp3lame -ac 2 -ab 128k" outputfile=~/Videos/ffmpeg-`date +%Y%m%d-%H%M%S`.avi cat *.VOB | ffmpeg -i - \ -vcodec $videoparams1 \ -acodec $audioparams1 \ $outputfile  I tried the 2 pass method and consistently encountered errors w/ missing output logs.  This is apparently a known bug w/ my FFMpeg version.  Since the shipping version w/ Ubuntu excludes non-free codecs, I complied my own and have no desire to re-do that process.  Note that you can test by directing the output to NULL

Recently had an issue w/ an RPC application which would not use static ports.  The process opened a dynamic port above 1024. Using a GUI like Novell's YaST is a handy way to manage simple inbound service permissions.  However dynamic ports cannot easily be added to the permitted service ports.  A simple fix is to whitelist certain trusted hosts, permitting all traffic. We created a BASH script w/ the iptables commands creating two custom chains, adding rules and updating the INPUT/OUTPUT/FORWARDING chains.  The script is below: #!/bin/bash ## Host WhiteList (permit) / BlackList (deny) Chains ## ## iptables also allows you to create custom chains, ## which can then be specified as a target to jump to. ## For example, you could create a so-called whitelist ## for trusted IP address, and a blacklist for evil ## nodes on the Internet. ## ## To create the chains, you would give the following ## commands: #       iptables -N whitelist #       iptables -N blacklist

You may need to edit files inside an initrd. The initrd files found in /boot/ have an .img  extension, but they are not disk images.  In RHEL5, the initrd .img files are a combination of gzip and cpio. Extract the files inside an initrd w/: # gunzip -cd /boot/initrd-`uname -r`.img | cpio -idv This extracts all initrd files for the running kernel image.  You can then read/modify files.   Re-compress the files to an initrd w/: # find . | cpio -co | gzip -c9 - > /boot/initrd-`uname -r`-new.img Deleting an initrd module is simple.  Find the driver name file in ./lib and delete it.  It should have a .ko extenstion. The utility mkinitrd is only a script to standardize the initrd creation process. This was info required to cleanup a QLogic driver and utility install that had gone awry.

Have you ever been sent or downloaded a huge PDF?  Like me you thought, "This must have a ton of pages, diagrams and secrets of the universe!", but unfortunately it was not true.  Some chimp had scanned the original at 150 dpi and saved the PDF at 1200 dpi.  Now you have 32 Mb of stupid taking up space on your hard drive.  It takes forever to open, scroll and search.  Fix it!  You heard me , take control.  Here is how: gs -sDEVICE=pdfwrite -dCompatibilityLevel=1.5 -dPDFSETTINGS=/screen -dNOPAUSE -dQUIET -dBATCH -sOutputFile=output.pdf input.pdf

Gigabyte previously used RAR to create a sel extracting BIOS download for users.  Apparently they switched to 7-Zip now.  The EXE is 7-Zip (LZMA) compressed.  Since 7-Zip is open source, you should be able to extract it from a Linux OS after installing the correct package "p7zip".