SSL certificates + yoga quote of the day

SSL certificates where installed Friday, all is working perfectly now.
Like to leave everyone with a wonderful quote:

What if our religion was each other
If our practice was our life
If prayer, our words
What if the temple was the Earth
If forests were our church
If holy water—the rivers, lakes, and ocean
What if meditation was our relationships
If the teacher was life
If wisdom was self-knowledge
If love was the center of our being.” ~ Ganga White


SSL certificate

Looks like another 2 years has passed and time to renew SSL certificate for SunSaturn. I expect to have expired SSL certificate replaced within 2 weeks, for now just use something like Firefox where it is easy to add exception to site to access billing and CPANEL easily.


Quantum Computers and Encryption

I should make a note on quantum mechanics and encryption to people having come from a computer science background. You really believe encrypting your data is safe? Read on…All numbers stored in a computer are 0’s and 1’s. This has traditionally meant on and off in electronics. In assembly language or binary, here is what a byte really looks like 0000 1111. It is 8 bits, so there are in essence 2 to the power of 8= 256 possible combinations in a byte, each of those bits can be 1 or 0. Encryption for today is based on an old math concept you may remember from school. A prime number has exactly two factors, 1 and itself. Any number can be written as a product of prime numbers. If you multiply two large prime numbers, you get a huge non-prime number with only two (large) prime factors. So concept of today’s encryption is it will be REALLY hard for a computer to figure out the 2 prime numbers when a large number is involved. Here is problem with this encryption: with quantum computing, there are 2 concepts called superposition and entanglement. Entanglement you can think of as 2 objects in space and time can be in same place at same time and do 2 completely different things. Einstein use to call this “spooky”. A mathematician named Peter Shor came up with a quantum algorithm that if a quantum computer exists, then all today’s encryption could be broken easily. The university of waterloo in canada already has a quantum computer prototype. All they really need to do to complete it is come up with enough “qubits”(these are particles we have that currently can do entanglement), so 2 objects can be in 2 places at same time, and all encryption is broken. Current record is 12 qubits. When quantum computers exist we will need a new algorithm that superimposes bits to make encryption sound again, but nothing you have right now cannot be broken, and when quantum hits, all your SSL, and non-symmetric encryption keys will be rendered useless, unless your already on board with an algorithm such as lattice for example. So this a quick note on where science is, fact we can make particles be in 2 places at one time now, and making sure you don’t believe your encyption is safe. As soon as scientists figure out how to make more qubits by studying decoherence, quantum computers are officially here.

Here is a reference for formula that will break all encryption when quantum computers have enough qubits: Shor’s Algorithm

And here is waterloo’s status where they are at with there current quantum computers: Waterloo University …. go CANADA!

Till Next Time,


Adding webdisk to CPANEL

At times people are asking me is it better to use filezilla, ssh etc for building their websites with CPANEL. Wouldn’t it be nicer if your working on windows to just be able to open up “My Computer” or “This PC” icon and just access your files like a drive letter like C:\. You can do this, and it will be so much easier. It won’t be a drive letter, but it will be under “Network Locations” just like a regular drive.

First of all under windows 8.1 if you do not have “My Computer(This PC)” icon on your desktop, this is how to add it. On your desktop screen right click on empty spot and select “Personalize” -> “Change desktop icons” -> now check “Computer” and anything else you want then click “Apply”.

Now let’s map the network drive.
In Windows 8.1 just right click “This PC” on your desktop and click “Map Network Drive”. In previous windows versions,
To connect a drive from My Computer, click Start, right-click My Computer, and then click Explore.
To connect a drive from Windows Explorer, right-click Start, and then click Explore.
On the Tools menu, click Map Network Drive.

In the Drive box, click a drive letter.
In the Folder box type the following:
Next click on “Connect using different credentials”, click “Finish”

Enter your username and password for CPANEL, click box to remember your credentials, and now you can access all your files from just a drive letter.
(ps. Make sure your reconnect at startup box is checked, should be default on windows 8.1)

Till Next time,


RJ45 to DB9 Cisco console cable

If you need to make your own cisco console port cable, RJ45 to DB9, here are the pinouts for your reference.

If you have 568A ethernet cable:

CAT 5                                              DB9
Pin 1: Green Stripe                          Pin 8
Pin 2: Green                                    Pin 6
Pin 3: Orange Stripe                        Pin 2
Pin 4: Blue                                       Pin 5
Pin 5: Blue Stripe                            Pin 5
Pin 6: Orange                                  Pin 3
Pin 7: Brown Stripe                         Pin 4
Pin 8: Brown                                    Pin 7

If you have 568B ethernet cable:

CAT 5                                             DB9
Pin 1: Orange Stripe                       Pin 8
Pin 2: Orange                                 Pin 6
Pin 3: Green Stripe                         Pin 2
Pin 4: Blue                                      Pin 5
Pin 5: Blue Stripe                            Pin 5
Pin 6: Green                                   Pin 3
Pin 7: Brown Stripe                         Pin 4
Pin 8: Brown                                   Pin 7

a)DB9 Pins 1 and 9 not connected.
b)The “Blue Stripe” and “Blue” must connect to pin 5 on DB9
c)If using Startech DB9 to RJ45 Adapter(GC98FF)for example, what matters is standard they wired RJ45 with, as Ethernet cable then would not matter as long as both sides were the same standard.


Till Next Time,


Linux DHCP IPV6 Host Server

I will do a very basic walkthrough of how to setup a Linux server to act as DHCP6 server for your network. Before we begin, we need to understand a few things that are different from IPV4. First thing is we cannot send a gateway with DHCP6.
Second we can only send IP address and DNS servers with DHCP6. So to accomplish both, we use radvd along with DHCP, the former sends the gateway, the latter sends the IP address and DNS servers to client. I will assume here you know how to install radvd and dhcp in linux so I won’t get into linux server administration. In order to be DHCPV6 stateful so we can assign addresses, both M and O Flags need to be set to 1 in radvd advertisement so clients know to go get the IP address from DHCP6 server. So for radvd our objective is simply to set advertisements on, and set the M and O flags bits.

My /etc/radvd.conf contains following:

interface br0
    AdvSendAdvert on;
    AdvManagedFlag on;
    AdvOtherConfigFlag on;

This is all you need. We are advertising, and setting the M and O bits here. Now radvd will send our clients our link-local gateway and tell them to go get their IPV6 information from DHCP. This is probably the most confusing part about this setup, there is NO way to send our real IPV6 gateway, clients only get the LINK-LOCAL gateway and from that must be able to get out to the internet. AGAIN I WILL REPEAT, they get your “Link-Local” gateway ie: “fe80::226:5aff:fe6b:ca8d”, not your real “2001:aaaa:bbbb::1” gateway. This is a limitation of the protocal, but it is not a big deal, we can still forward clients out a link-local gateway.

Ok now clients have our routers link-local gateway, now we can setup our dhcpd6.conf, and perhaps assign some static IPV6 addresses to some dhcp clients to since we like to know who is who. Only issue with IPV6 and static addresses is we can no longer use MAC Address, we need to use DUID of the client. This is also problematic since DUID is the same for all ethernet cards on each host. To solve that problem you can look into using DHCPv6 IAID, but since we only have 1 ethernet per client, we will only focus on DUID. Let us assume
we have a 2001:aaaa:bbbb::/48 to assign to clients.

Let us look at the bottom of my /etc/dhcp/dhcpd6.conf:


subnet6 2001:aaaa:bbbb::/48 {
  #lets range last octet from decimal 1000-65535 which in hex is : 3e8-ffff
  range6 2001:aaaa:bbbb::3e8 2001:aaaa:bbbb::ffff;
  option 2001:aaaa:bbbb::3,2001:aaaa:bbbb::4;
  option dhcp6.domain-search "";

#you get this by typing "ipconfig /all" on windows machine and look for "DHCPv6 Client DUID"
#just separate with : instead of -        
host dandesktop { #unfortunately, same client-id for each ethernet card in same host, so only 1 will get an IPV6 address here
  host-identifier option dhcp6.client-id 00:01:00:01:1B:67:B6:C3:58:5B:39:45:07:90;
  fixed-address6 2001:aaaa:bbbb::5;
host laptop { #unfortunately, same client-id for each ethernet card in same host, so only 1 will get an IPV6 address here
  host-identifier option dhcp6.client-id 00:01:00:01:1A:F5:AF:22:48:5B:39:3A:06:38;
  fixed-address6 2001:aaaa:bbbb::17; 

So what I started doing was a standard catchall block, setting DNS servers and IPV6 addresses for clients I did not assign statically giving them an IPV6 address in range 2001:aaaa:bbbb::3e8 – 2001:aaaa:bbbb::ffff.

Then I assign 2 static IPV6 addresses to my desktop and my laptop. I ran “ipconfig /all” on the two Windows 8.1 machines and collected their DUID’s. Then used a search and replace program on the DUID to change all “-” characters with “:” characters to match format in the dhcpd6.conf file.

Now after we start dhcpd, make sure it is running:

router:/etc/dhcp# ps aux|grep dhcpd6
dhcpd    19531  0.0  0.0  47252  2640 ?        Ss   May04   0:00 /usr/sbin/dhcpd -6 -user dhcpd -group dhcpd -cf /etc/dhcp/dhcpd6.conf
root     22152  0.0  0.0 105304   880 pts/1    S+   00:05   0:00 grep dhcpd6

Now if all goes well from radvd, clients will get the link-local “fe80::226:5aff:fe6b:ca8d” gateway, run off and check UDP port 546 on IPV6 to get our settings from dhcpd6.conf file for an IP address and the DNS servers, and voila we are done! If you have issues with clients, please checkout my other how to on setting up a windows dhcp client.

Until Next Time,


Windows 8.1 enable DHCP IPV6 Client

How to enable a windows 8/8.1 client for IPV6 DHCP server
Before we start, a common problem with IPV6 not working is you have all these different interfaces when you look at “ipconfig /all”. At one point I disabled all my vmware and virtualbox interfaces, then also realized windows had these teredo and isatap interfaces also interfering with client.

A good set of commands to run if your clients are getting IPV6 from your DHCP server and not someone else is following:

netsh int ipv6 isatap set state disabled
netsh int ipv6 6to4 set state disabled
netsh interface teredo set state disable

This should make sure we do not have any conflicting interfaces. Now if IPV6 client still not working, make sure following settings are enabled on client

1) We start a powershell with “elevated” administrator privileges.
2) We list all interfaces, to get the number of the interface we want to enable IPV6 on.
3) In my case for wifi on laptop it is number 4, so we take that and list the settings for the interface.
4) In my case settings are already applied but we set routerdiscovery=enable managedaddress=enable anyways.

This should make sure your client is configured to pull IPV6 address from an IPV6 DHCP server.

PS C:Windowssystem32> netsh interface ipv6 show interfaces

Idx     Met         MTU          State                Name
---  ----------  ----------  ------------  ---------------------------
  3           5        1500  disconnected  Ethernet
  1          50  4294967295  connected     Loopback Pseudo-Interface 1
  4          25        1500  connected     Wi-Fi
  6          40        1500  disconnected  Bluetooth Network Connection
  7           5        1500  disconnected  Local Area Connection* 3

PS C:Windowssystem32> netsh int ipv6 show int 4

Interface Wi-Fi Parameters
IfLuid                             : wireless_0
IfIndex                            : 4
State                              : connected
Metric                             : 25
Link MTU                           : 1500 bytes
Reachable Time                     : 25000 ms
Base Reachable Time                : 30000 ms
Retransmission Interval            : 1000 ms
DAD Transmits                      : 1
Site Prefix Length                 : 64
Site Id                            : 1
Forwarding                         : disabled
Advertising                        : disabled
Neighbor Discovery                 : enabled
Neighbor Unreachability Detection  : enabled
Router Discovery                   : enabled
Managed Address Configuration      : enabled
Other Stateful Configuration       : enabled
Weak Host Sends                    : disabled
Weak Host Receives                 : disabled
Use Automatic Metric               : enabled
Ignore Default Routes              : disabled
Advertised Router Lifetime         : 1800 seconds
Advertise Default Route            : disabled
Current Hop Limit                  : 64
Force ARPND Wake up patterns       : disabled
Directed MAC Wake up patterns      : disabled
ECN capability                     : application

PS C:Windowssystem32> netsh interface ipv6 set int 4 routerdiscovery=enable managedaddress=enable

PS C:Windowssystem32>

If you want to setup a DHCP server, see my how to on setting up a Linux DHCP server.

So to finish off your going to want to make sure you run following 2 commands to make sure windows has not cached
any lease times for DHCP.

ipconfig /release6
ipconfig /renew6

Another thing to note is things like VMware workstation will make “ipconfig /renew6” hang. It will not affect you getting your dhcp interface information, it will just hang on their vmnet1 and vmnet8 drivers. A solution there is, put all VM’s in bridge only mode, then on vmnet1 and vmnet8 you can just disable ipv6 under properties, and good to go.

Until Next Time,


New Server

Updates will be performed all week to move to new server. I expect very little downtime, this server move with SSD’s, and lots of disk space will help improve SunSaturn’s offerings. New server is now at datacenter and changeover is commencing.

Some updates are already in progress, and an IP change will be done. Please contact me to be added to facebook if you would like more up to date progress.

List of server improvements:

1) Main SunSaturn will be using FreeBSD 10 with ZFS for improved snapshot backups.
2) CPANEL will have more memory and disk space
3) Server is using INTEL enterprise SSD’s to increase performance.
4) Server is fully capable of full virtualization.
5) Uptime will be improved with server update.
6) Sites will load faster, and we have lots of bandwidth.
7) We will offer CPANEL on SSD’s completely, websites will be very fast
8) Increased memory and SSD’s will make databases 10 times faster.


Rsync Restart

How to continue rsync on disconnects?

Rsync is a great software, I have been using it for decades to transfer files from different servers. However one issue with it, is if you were to get any network disconnects, it would be nice to have a way to restart rsync automatically on any errors.

To accomplish this, we can write a shell script to catch any rsync errors in a loop, and restart it only on errors. Perfect!

To start let’s do the following:

alias pico='nano -w'

Now we have our file open let us copy and paste this following script inside the file. I have 2 examples here, first one commented out I use with no bandwidth limits, second one I use to place a bandwidth limit of 30 Megabytes so I do not overload poor gigabit connection. Replace the uncommented rsync line with your rsync line, do not forget the ending semi colon to finish.


#keep rsync going! 
#Run in screen session - "screen -S rsync"
#Ctrl-a-d to disconnect, screen -r rsync(to re-attach)

export Result=1;
while [ $Result -ne 0 ]; do
   echo "STARTING ($Result) @" `date`;
   echo "Started On `date`" >> rsync.log
   #PUT YOUR SYNC COMMAND HERE:               
   #rsync -Wal4vv --progress --partial --timeout=10 --bwlimit=0 --delete --force /data;
   rsync -Wal4vv --progress --partial --timeout=10 --bwlimit=30M --delete --force /data;
   sleep 1;

Once you pasted that in, exit with Ctrl-x and save the file.
If you are running –delete in your rsync command, do not run this program in that directory or you will erase this program and our rsync.log tracker file!

Let’s take a look at what this script is doing(for those interested in what program is actually doing). First thing it starts a bash script with our she-bang line. We then remove any rsync.log we might have had, so we know how many times rsync restarted for only this session. Next we export a starting variable “Result” and assign that to 1. Now we start a while loop that will loop infinitely with our rsync command until such time as Result is not equal to 0. So it first goes into the while loop because Result is not 0, it is 1. Next we display to screen(STDOUT) we are starting along with date, and put everytime rsync starts in a file called rsync.log so we can check how many time rsync restarted time to time. Now we execute our rsync command. After rsync command exits, bash stores exit code of a program in a special variable called “$?”, which is always an integer, normally 0 or 1, and assign that to variable Result. If rsync fails in anyway, Result would be set to “0”. In programming 0 means false, and 1 means true. If rsync completes successfully, Result will equal to 1 and break the while loop because Result will no longer not equal 0. Our next line “sleep 1”, is simply good practice to not let cpu run at 100% in an infinite loop if something ever went wrong by letting it pause for a moment while in an infinite loop. So if rsync completes successfully it will exit while loop and program in this case, otherwise it will start over with first echo lines in the while loop till it is successful.

Alright next thing we want to do is run the script:

chmod 755
screen -S rsync
ctrl-a-d (disconnect from screen session)

Great now we are off to the races! Hit “Ctrl-a-d” to disconnect screen and if you have terrabytes of data to transfer, just check in occasionally on transfer.

tail -100 rsync.log
screen -r rsync

Until next time, happy transferring.