If you get this error you probably compiled mencoder and mplayer without Xvid support.

To fix this error you need to re-compile mencoder and add Xvid codec support. Please refer to this guide Compile Mencoder and Mplayer with Xvid and H264 Support

Recently we were discussing our favorite phones and gadgets. By now we use our phones as mobile terminals so when the question of upgrading came up we looked at the requirements we have from that perspective. The first requirement is an SSH client of course. Most smart phones do have an SSH client of sorts but whether it’s a stable app or it’s an unstable afterthought is pretty important. By Googling around a bit I found that the SSH clients on the Windows Mobile platform receive less than favorable reviews so I’ll be staying away from those. Problems trying to connect and general instability seem to be the most common problems. Three manufacturers who appear to have decent SSH clients are Apple, Google and RIM. The Blackberries have been around in that arena for the longest time and have a very good track record.

Multi tasking is next on my list. I don’t want to have to close any apps (like the SSH client) to be able to do some browsing. Granted, we’re looking at phones and not laptops but when there is an emergency that requires the use of an SSH client on my phone communication with other people (chat, e-mail) is right up there in urgency. So far from our three contenders both the RIM Blackberries and the Google Android phones meet that criterium. The Apple iPhone however does not.

Battery life is third on the list. Although it is very important because these devices have pretty big screens and tons of energy absorbing features they mostly charge from USB ports which can be connected pretty much anywhere these days. I don’t know the battery life of the current generation of BlackBerries but again, they have a pretty decent reputation. The dishonorable mention here is for the Google Android phone. The battery life for this device is pretty bad from what I’ve heard.

Resolution actually determines how useful a device is as a terminal in my opinion. Although this is important it is also useless to increase the resolution to 1024x768 on devices of this size. The letters would just be unreadable. In general all three contenders seem to have a similar resolution but the way the screen space is used is very differently because of the keyboard.

With the keyboard we come to final and most personal requirement. Granted, none of us will be typing in any essays with the keyboards on these babies but the keyboard should not be an obstacle. From trying it I like a real keyboard like the Google G1 best but I’m sure that with practice the other keyboards will be pretty usable as well. Apple is known as a user interface design company so I doubt if they would release a device that is unusable in that sense. In fact the sales tell the story there.

This post will show how you can easily upgrade ASDM (Cisco Adaptive Security Device Manager for ASA) to the latest version on a Cisco ASA5500 firewall using the command line interface. In order to do this you will need the latest asdm image (you will need a proper cisco cco user and contract to download this) from http://www.cisco.com/cgi-bin/tablebuild.pl/asa ; at this time the latest version available is 6.1.5.51 (asdm-61551.bin). You will also need a method to serve this file to the firewall, and normally this is done using a local tftp server (but you can also use an ftp, or even http server).

After you have the above things prepared, from the ASA cli (in exec mode) you have to run: copy tftp flash Address or name of remote host []? <- 192.168.1.1 Source filename []? <- asdm-61551.bin Destination filename [asdm-61551.bin]? <- enter This will download the asdm firmware on the firewall flash.

Now you just have to enable the new version, from configure mode: configure terminal asdm image disk0:/asdm-61551.bin exit write mem

And finally you will have to reboot the ASA in order for the change to become active: reload

Note: replace the asdm filename with the one you are actually upgrading (might be a newer one for ex.) and also use the proper ip for your tftp server.

Our top 5 blog posts in terms of number of clicks received in 2008

1. INSTALL FFMPEG FFMPEG-PHP AND AUDIO BINARIES ON CENTOS / RHEL SYSTEM WITH CPANEL by Gerold This guide is intented for the installatiion of ffmpeg, ffmpeg-php, mplayer, mencoder, lame mp3 encoder, flvtool2, libVorbis, and libogg and tested on CentOS5 and RHEL3 systems with Cpanel.

2. How to check if your DNS server implements source port randomization by Marius Fixed source port for generating queries – in most dns implementations the source port for outgoing queries is fixed at the traditional assigned DNS server port number, 53/udp. We can easily find out if our own dns server is using a fixed source port for queries by looking into named.conf 

3. Upgrading to trac 0.11  by Marius  This article will outline the steps necessary to perform the upgrade from an older version of trac (normally 0.10 that many people are still running) to the latest stable branch 0.11 (more precisely 0.11.2 available at this time).

4. MySQL error 1449 “There is no ‘username’@’host’ registered”  by Pim The error message in the title occurs in a combination of circumstances. If you have 2 MySQL databases, one master and one slave in a replicating setup and you use triggers you may encounter this error. 

5.  Implementing AES encryption in the front-end by Pim  This post describes a way to implement data encryption in the front-end of an application and how to make it compatible between a PHP front-end and a Java front-end.

One of many uses of NGINX is http/https proxy load balancing. This guide is Debian specific so your milage with other flavors may vary. In this example we always redirect http to https.

The main nginx configation file is /etc/nginx/nginx.conf and below is a sample configuration file:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

user www-data;
worker_processes 5;

error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;

events {
worker_connections 1024;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

access_log /var/log/nginx/access.log;

sendfile on;
#tcp_nopush on;

#keepalive_timeout 0;
keepalive_timeout 65;
tcp_nodelay on;

#gzip on;

upstream lb2 {
server 10.0.0.10; #webserver10
server 10.0.0.20; #webserver20
}

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}

To add a site:

Prepare SSL

1. Create a .pem file which contains the certificate, certificate signing request and private key in the following format(certificate request section optional):

Example: mysite.com.pem

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQC5EAGorvRHq1MfWliXCpsVotv9wNTblylHKb3FjJJm/BvVtXaB
KhcfFU8vJDVVFs890oKwSiemGyu1I9E/AzDWl53mhep4J+BJRODg2ehVgB4paR4t
79klgFr8ewjHYEMOh+5L6y5nx5t5CDRXY2khkKOaVAP1IXT0mvJ6vyhvmwIDAQAB
AoGALxNKSL2QeDa1o1EZHfrdrmhKK8eEngNaxbZxhrIWf8n7zqYlaf/p98c06Fn+
kxGFUEWfZvbGFTPuL1rYHH5USqLTMEw4eevft4ouxekymTMQktR1arurjQ3F8cxC
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE REQUEST-----
MIICJTCCAY4CAQAwgbYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
MRAwDgYDVQQHEwdDYW1wYmVsMRowGAYDVQQKExFBbWVyaWNhbiBXaXJlbGVzczEl
MCMGA1UECxMcY295b3RlLnByb21ldGhvc3RjaGljYWdvLmNvbTEaMBgGA1UEAxMR
d3d3LmxlbnBob25lcy5jb20xITAfBgkqhkiG9w0BCQEWEmRuc0Bwcm9tZXRob3N0
LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuRABqK70R6tTH1pYlwqb
-----END CERTIFICATE REQUEST-----
-----BEGIN CERTIFICATE-----
MIIDPDCCAqWgAwIBAgIDCnu5MA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDkwMTE2MTMyNDU4WhcNMTEwMTE3MTMyNDU4
WjCBxjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEXd3dy5sZW5waG9uZXMuY29tMRMw
EQYDVQQLEwpHVDk5MDc4NTE5MTEwLwYDVQQLEyhTZWUgd3d3Lmdlb3RydXN0LmNv
bS9yZXNvdXJjZXMvY3BzIChjKTA5MTcwNQYDVQQLEy5Eb21haW4gQ29udHJvbCBW
YWxpZGF0ZWQgLSBRdWlja1NTTCBQcmVtaXVtKFIpMRowGAYDVQQDExF3d3cubGVu
-----END CERTIFICATE-----

1. Copy .pem file to /etc/nginx/ssl directory with 600 (-rw-------) permissions and owned by user/group root

Create site configuration file

1 . Site configuration file goes in /etc/nginx/site-available/ directory with the name of the site’s URL.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

server {
listen 192.168.1.1:80;
server_name www.mysite.com mysite.com;
access_log /var/log/nginx/access_http.log;
rewrite ^/(.*) https://www.mysite.com/$1 permanent;
}

#HTTPS
server {
listen 192.168.1.1:443;
server_name www.mysite.com mysite.com;
access_log /var/log/nginx/access.log;

ssl on;
ssl_certificate /etc/nginx/ssl/mysite.com.pem;
ssl_certificate_key /etc/nginx/ssl/mysite.com.pem;
ssl_session_timeout 5m;

location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;

proxy_pass http://lb2/;
proxy_redirect off;
}
}

1. Place a symbolic link to configuration file in /etc/nginx/sites-enabled:

1

ln -s /etc/nginx/sites-available/mysite.com /etc/nginx/sites-enabled/mysite.com

1. Reload nginx configuration

1

/etc/init.d/nginx reload

1. Check if nginx process has started and is listening on configured IP:

1
2
3
4
5

netstat -alnp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 192.168.1.1:80        0.0.0.0:*               LISTEN     9593/nginx
tcp        0      0 192.168.1.1:443       0.0.0.0:*               LISTEN     9593/nginx

Red Hat Enterprise Linux 5.3 Now Available with Leading Virtualization Performance and Next-Generation Java and Processor Support Capabilities

Main three updates include: * support for Hugepage memory and Intel Extended Page Tables (EPT), dramatically improve the performance of virtual servers, extending number of CPUs supported and maximum memory * Support for Intel Core i7 (Nehalem) processor * bundled in is the openJDK

At time of this writing release of 5.3 CentOS was not yet available.

Wall Street Journal technology section reports this morning in a story by Ben Worthen a record security breach of Heartland Payment Systems a company in Princeton New Jersey.  It looks like the company’s web site runs on Windows servers.

Card Data Breached, Firm Says

A New Jersey credit-card processor disclosed a data breach that analysts said may rank among the biggest ever reported.

Heartland Payment Systems Inc. said Tuesday that cyber criminals compromised its computer network, gaining access to customer information associated with the 100 million card transactions it handles each month.

The problem was discovered after fraudulent transactions were reported to Heartland by Visa and Master card.  It appears that the breach was discovered by a forensic investigator who said that the malicious software was “light years more sophisticated” than other malevolent programs in existence today.

Heartland processes transactions for more than 250,000 customers and its not clear how many credit card numbers it has access to.

It just goes to show that as much of a pain security is and PCI compliance is just a tip of the iceberg necessary to keep the bad guys out.

For more interesting reading, and a list of the 2008 security breaches compiled by ITRC check out the company’s site or this 2008 security breach report (pdf).

I got this error while importing large database dump from command line.

1

ERROR 1153 (08S01) at line XXX: Got a packet bigger than 'max_allowed_packet' bytes

I searched and found out that it is related to the default max_allowed_packet which is 16M, so i need to increase this setting from Mysql:

1.) Change setting on my.cnf and restart mysql:

1
2

set-variable = max_allowed_packet=32M
/etc/init.d/mysql restart

Or;

2.) Change setting temporarily. Login to MySQL and issue:

1

SET GLOBAL max_allowed_packet=1000000000;

Note: You may want to restart your Mysql to reload your previous/default settings.

Default Mplayer installation autodetects Xvid, H264 and other codecs. So if you have Xvid and H264 codecs installed your mencoder and mplayer should support it, unless you disable them during compilation.  In order to have your Mencoder and Mplayer support Xvid and H264 you need to install them first and then compile/re-compile Mencoder/Mplayer.

Install Xvid.

Xvid is a free software MPEG-4 ASP compliant video codec.

• download the latest release from Xvid.org, during this time of post the latest stable release is 1.2.1.

1

wget http://downloads.xvid.org/downloads/xvidcore-1.2.1.tar.gz

• Unpack tarball file:

1

tar xzpf xvidcore-1.2.1.tar.gz

• Go to build/generic folder:

1

cd xvidcore-1.2.1/build/generic/

• Build and install

1
2
3

./configure
make  
make install

Note:  At this point you can recompile your Mplayer/Mencoder to have Xvid support - in case you don’t want to have H264 support.

Install H264.

H264/x264 is a library for creating H.264 video. MPlayer sources are updated whenever an x264 API change occurs, so it is always suggested to use MPlayer from Subversion.  At this time of post x264 in on development release only.

Using GIT - download 1.6.1.

• Get the latest x264 source using git:

1

git clone git://git.videolan.org/x264.git

• Build and install:

1
2
3
4

cd x264  
./configure  
make  
make install

If you don’t have GIT and don’t want to install it, you can use the daily snapshot. * Download the latest snapshot(tarball) here:

1

wget ftp://ftp.videolan.org/pub/videolan/x264/snapshots/x264-snapshot-20090113-2245.tar.bz2

• Extract tarball

1
2

bzip2 -cd x264-snapshot-20090113-2245.tar.bz2 | tar xvf -  
cd x264-snapshot-20090113-2245

• Build and install

1
2
3

./configure  
make  
make install

Compile/Re-compile Mplayer:

You can use the latest release version of Mplayer for Xvid only but there are issues during build on x264, as it is not updated. It’s better to re-compile Mplayer from their SVN.

• Checkout the latest version:

1

svn checkout svn://svn.mplayerhq.hu/mplayer/trunk mplayer

• Build and install:

1
2
3
4

cd mplayer  
./configure  
make  
make install

NOTE: This install process was tested on Centos 5.2.

So you think your hardware load balanced client site is safe from downtime? Think again!  A poorly tested firmware release from your hardware load balancer vendor can cripple your clients websites and without a backup plan can cripple your  business. How many times have we’ve been told to upgrade to the latest version of software to resolve one issue only to find out that you’ve just opened a can of worms.

In the lightning paced IT world where the client usually demands and expects immediate action when their site has become down or unstable we are often left waiting for a vendor to get their act together and find a solution. Clients do not want to hear  nor care what the vendors tell us. Usually something along the lines of: “The issue will be resolved in the next release or we do not have a solution for this issue currently, but we are working on it” While we appreciate the vendor efforts for encouraging words it rarely resolves the problem we are having now.

A backup plan to a what would seem a bulletproof concept should always be formulated. No one likes to get caught with their pants down. Often a less then optimal backup stategy is much better then no backup strategy.