Jason Antonacci: Clever Guy

Brilliant power user tutorial on using Gimp to selectively color images... http://www.gimp.org/tutorials/Selective_Color/

In my May 2011 post " SSL Management Tasks " I included some partially automated scripts for openssl on Windows and Linux/UNIX.  This is a more in depth look at certain openssl tasks and the associated commands. Private Keys - Public-key (or asymmetric) cryptography uses private keys to decrypt messages and public keys to encrypt them. Generating a private key is the first step to creating a certificate signing request or a self-signed certificate. Run the openssl command: $ openssl genrsa -out private.key 2048 Explaining the openssl command options in order: " genrsa " The standard openssl command to create a new key using the RSA algorithm. There are other algorithms available, however RSA is preferred. " 2048 " Use a custom 2048 bit modulus. If omitted, the default is an unacceptable 512 bits. The modulus is essentially the key's size: larger keys equal stronger encryption. Certificate Authorities generally do not accept values greater th

In August 2012, Microsoft published an optional update KB2661254 titled "Update For Minimum Certificate Key Length".  Rereleased in October as recommended, Windows Automatic Updates applied it to all systems with the following options set: The minimum SSL certificate key length was increased from 512 bits to 1024 bits.  The minimum key length cannot be bypassed using IE's "Continue to this website[...]" option despite the message being displayed.  Many self-signed SSL certificates created with openssl's default modulus are now effectively Internet Explorer incompatible. Available workarounds include uninstalling KB2661254 and generating new server SSL certificates.  When generating new private keys, use a 2048 bit modulus.  Today's 1024 bit acceptable minimum key, will eventually be vulnerable too.  And while 4096 bit keys are an option, many certificate authorities will not sign those requests.

 When extending a SAN LUN or adding new storage, Linux requires some convincing before recognizing disk changes occurred.  The following commands, executed as root, are helpful when managing storage: # rescan-scsi-bus.sh # echo 1 > /sys/block/sdb/device/rescan # partprobe # fdisk -l # pvscan Command "rescan-scsi-bus.sh" is included in Red Hat's sg3_utils package.  It is not part of the default install, however I highly suggest adding it during post-install. There are no options and no man pages.  Run it to rescan for SCSI LUN or Fiber Channel SAN HBA changes.  This is not required if the block device is already recognized. Command "echo 1 > /sys/block/sdb/device/rescan" is simple and straightforward.  Directly instruct the block device, in the example 'sdb', to rescan for new partitions.  Remember the hardware is path /sys/block/[...], not path /dev/[...] used when mounting filesystems.  There are no man pages or options of course. If you

Figured out (scripted) how to get my SSH sessions to log output automatically... #!/bin/bash HOST=`echo $1 | sed 's/^.*@//' | sed 's/\..*$//'` ISODATETIME=`date +%Y%m%d-%H%M%S%N` LOGFILE="ssh-$HOST-$ISODATETIME.txt" LOGDIR=$HOME/log; if [ ! -d "$LOGDIR" ]; then mkdir -p "$LOGDIR"; fi LOGDST="$LOGDIR"/"$LOGFILE" script -q -c "ssh $1" "$LOGDST" #EOF ... then added an new alias in $HOME/.bash_aliases file.  Done.

Nokia CEO Stephen Elop's 'Burning Platform' memo is a self fulfilling prophecy.  Yes, Nokia projected quarterly numbers were declining.  However unlike RIM Blackberry OS, Symbian S60 is a mature, functional platform with global presence.  Focusing narrowly on the North American market, Elop's myopic pessimism and partnering with 'frenemy' Microsoft are real challenges.  Further reading: Full text of Nokia CEO Stephen Elop’s 'Burning Platform' Memo at The Wall Street Journal Tech Europe page Article "The Final Reckoning: Burning Platforms Memo Damaged Nokia: Wiped out $13B revenues, Destroyed $4B profits in just 12 months" at  Communities Dominate blog Article " Nokia And RIM: Death By Drowning, Death By Fire" by Stephen Rosenman at Seeking Alpha

The recent Windows Phone 8 announcement is not helping Nokia Lumia 900 sales.  Originally steeply discounted at $99 with a new AT&T contract, the devices are now going for $0.01 at Amazon Wireless. Yes, one penny. http://wireless.amazon.com/Nokia-Lumia-Windows-Phone-Black/dp/B007P5NHJO Microsoft officially announced that Windows Phone 7.5 "Mango" devices cannot be upgraded to Windows Phone 8 "Apollo", thus ending months of speculation.  As a consolation, 7.5 will receive a cosmetic upgrade to 7.8 after 8 is released. My real concern is Windows Phone Marketplace developers abandoning Mango, compiling apps exclusively for Apollo. Microsoft's announcements raise more questions than they answer.

When introduced on June 3, 2009, Microsoft Bing was no competition for Google.  That was three years ago, now Bing returns search results on par with Google (or better).  Bing's policy reasonable prohibits only illegal items and can be viewed at http://advertising.microsoft.com/small-business/search-advertising/bing-shopping . Today I am switching my browser's default search to Bing. I know this is not likely to change Google's policy, but maybe we can prevent other search engines from adopting Google's misguided policy. I believe Google's policy decisions on AdWords for alcohol and tobacco products are reasonable, however firearms are a constitutionally protected category.  I am disappointed that Google has marginalized the recreational shooting and hunting community. Below is a condensed version of the new policy available at   http://support.google.com/ adwordspolicy/bin/answer.py? hl=en&answer=176077 . Google AdWords doesn't allow the pr

TL;DR Disabling IPv6 necessitates SSHd AddressFamily is "inet" for X11 Forwarding to work. Issue OpenSSH assumes both IPv6 and IPv4 protocols are enabled, and default SSHd AddressFamily value "any" is valid. Quickly skimming the OpenSSH source code, it was not obvious why SSHd does not fail gracefully, selecting only an available IP address family. Therefore, for X11 Forwarding to work correctly, in /etc/ssh/sshd_config we must choose: Defaults - IPv6 enabled and SSHd AddressFamily value " any " Custom - IPv6 disabled and SSHd AddressFamily value " inet " Background PuTTY was not creating a $HOME/.Xauthority file on ssh login and no X11 applications would run, despite setting $DISPLAY.  PuTTY was correctly configured with: X11 Forwarding enabled X display location empty Remote authentication protocol MIT-Magic-Cookie-1 X authority file for local display empty On the initial ssh login there should be a .Xauthority notic

Occasionally devices fail to respond to a ping.  This can result from devices being off-line, having a local firewall enabled or the perimeter firewall configuration.  The Cisco ASA ICMP packet-tracer options differ from the TCP or UDP command options.  An example is below: packet-tracer input outside icmp A.B.C.D 8 0 E.F.G.H The ICMP type is "8" (echo request) with code"0" (none).  There are no options on destination IPv4 address E.F.G.H. Complete ICMP documentation at URL http://www.iana.org/assignments/icmp-parameters/ Complete Cisco ASA packet-tracer documentation at URL http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/p.html#wp1878788

Since I was signing a two year contract while changing providers this weekend, I thought why not get a subsidized phone?  So I am now trying to acquaint myself with a new Nokia Lumia 900 phone.  While Windows 7.5 Mango is very pretty, I am missing the tried and true Symbian S60 on my Nokia e5 already.  Here are some things conspicuously missing from Windows 7.5 Mango: No storage device mode, syncs only limited file types through Zune or SkyDrive No application installs except through the Marketplace No file browser No Google Maps (see 2) So I am slowly finding alternatives to my preferred methods. It is frustrating, slow and the learning curve is very steep.  Also I have a nagging, as yet unfounded, doubt about adequate battery life. On the plus side: The hardware has great design,  aesthetics and build quality The Windows 7.5 UI is unique, attractive and well integrated with the apps The screen is huge and touch sensitive; both are very new to me and exceedingly cool. The

When transcoding video for the Nokia E-series phones: H.264 video maximum frame rate is 15 H.264 video maximum average bitrate is 256 H.264 Advanced disable CABAC (cabac=0) H.264 Advanced disable B-frames (bframes=0) H.264 Advanced use Motion Estimation Method Uneven Multi-Hexagon (me=umh) H.264 Advanced use Default(s) for all other settings AAC audio maximum bitrate is 128, suggested 64 AAC audio maximum sample rate is 44.1 Mhz, suggested 32 AAC audio Mixdown to Stereo, suggested Mono Many thanks to nokia-e71-phone.blogspot.com who originally posted " Video encoding with HandBrake ".   It has an excellent, detailed how-to with Handbrake screen captures.