This took me ages...: 2011

Mittwoch, 6. April 2011

Xcode 4 and iOS SDK 4.3 Access Denied Download Problem

If you are getting Access Denied error while trying to download new XCode,
it means you need to accept the license agreement.

(yes I do agree, why does not Apple just put a link to that page as "click here to see the agreement" rather than just saying Access Denied?)

Anyways, here is how you can read and sign the new agreement;
1. Go to "Member Center" on top right corner.
2. You will see a yellow line which says there is a new agreement you need to sign to access developer resources.(why does not this show up when I login? I do not know!?)
3. Read and sign new agreement.

You are done, go to Dev Centers->iOS. Click on Downloads and "Download XCode 4".
Happy coding & thank you sacoskun

Montag, 28. März 2011

Why is my Google Maps maker not centered after "setCenter" in IE ?

Ever build a google Maps API snippet in your website ?
Great ! easy !

Ever made a maker there that should be centered ?
Great ! easy ? no !

Looked great in FF and every other Browser , but IE set the center of the map, and so the marker, in the top left corner, (For Google in the north west corner).

Whats up here ?

The answer:
There are two cases that can happend here:

1) IE doesnot know how big your div is and so it goes the lazy way and centers it just NW.
For this you will not be allowed to set your code up like this:

function myMap(...){
......
mymap = new GMap2(document.getElementById("mapSmall"));
mypoint = new GLatLng(39.915538, -75.267069);
mymap.setCenter(mypoint, 13); .....
}

myMap();

This will confuse IE, as the div is not "ready" when you trigger your function. You have to put the function call in the body onload event:

The second thing, is that a style sheet can easy corrupt your map div, so if you have some "display block none" things in your stylesheet - you will also stop here. If this is the case you can fix your div with this snipped:

mydiv.style.display = 'block';
mymap = new GMap2(document.getElementById("mydiv"));
mypoint = new GLatLng(39.915538, -75.267069);
mymap.setCenter(mypoint, 13);
mydiv.style.display = 'none';

Easy if yaa know, hum ?

Dienstag, 22. Februar 2011

How does Facebook choose the thumbnail images in the "share" popup ?

Everybody who ever addes an share (teilen) button in a webpage knows the small thumbnails shown within the popup that display one or more of your images.

Of course you have the next and forward arrow here, but in 99% of the cases this pop up shows an image on the first position we just do not want there !!

Two questions took me ages to figure out.

1) how can i overrule the image
2) how does facebook choose the particular order of the images, if there are more then one

The answer:
Let us start with question 2:
After ages i found a comment made by one of the facebook devs:

For shares, we just pull all the <img> tags, and sort by size, with the biggest one being first.

By size ? I have a page with very small images, so the bigest image here is my content add... great :D

Now the first one, simply put a meta og:image tag in your <head> section:

This will overrule every other picture.
Easy if yaa know, hum ?

Fedora, CentOS, Apache (MySQL), Symlinks and nothing will work as it should ...

Everybody knows this - you have to migrate a website from one server to another...
Usually this tooks exectly 10 minutes.

$ rsync -avz -e ssh remoteuser@remotehost:/remote/dir /this/dir/

Thats it... ha... not on a Fedora or CentOS ( in my case CentOS 5.5 ).

Apache will not follow the symlinks.

Ok - they are disabled in the httpd.conf, quick check:

$ nano /etc/httpd/config/httpd.conf

and find the <Directory "/var/www/html"> block.

Options +FollowSymLinks

     AllowOverride None
     Order allow,deny
     Allow from all

</Directory>

Damn, this was not the reason... now it started to took ages.

The solution:

The remedy has to do with reassigning the security contexts used by SELinux (/usr/sbin/setenforce enforcing).

Apache will not work with the context user_home_t or root_t but needs httpd_sys_content_t instead. To find out what contexts are associated with particular folders or symlinks, issue the following command:

$ ls -Z /my/symlink/or/directory

drwxr-xr-x root root root:object_r:root_t /my/symlink/or/directory

Fortunately, we can add this flag very easily (and recursively to subdirectories and files) using the chcon(1) command.

$ chcon -Rt httpd_sys_content_t /my/symlink/or/directory

It seems that even the root of the home directory has to have an appropriate security context (/home has home_root_t so that might do the needful too). Without that, nothing will work even if all is well at the next level down. The switches for chcon command translate as follows:

In additon:

If you have to move mysql files also, they should have the security context

user_u:object_r:mysqld_db_t

or mysql will not load them on startup. You can change it also easily with chcon.

Using Rsync and SSH - Keys & Validating

This document covers using cron, ssh, and rsync to backup files over a local network or the Internet. Part of my goal is to ensure no user intervention is required when the computer is restarted (for passwords, keys, or key managers).

First of all you need the following packages installed:

rsync
openssh
cron (or vixie-cron)

Please note these instructions may be specific to Red Hat Linux versions 7.3, 9, and Fedora Core 3, but I hope they won't be too hard to adapt to almost any *NIX type OS. The man pages for 'ssh' and 'rsync' should be helpful to you if you need to change some things (use the "man ssh" and "man rsync" commands).

First, I'll define some variables. In my explanation, I will be synchronizing files (copying only new or changed files) one way, and I will be starting this process from the host I want to copy things to. In other words, I will be syncing files from /remote/dir/ on remotehost, as remoteuser, to /this/dir/ on thishost, as thisuser.

I want to make sure that 'rsync' over 'ssh' works at all before I begin to automate the process, so I test it first as thisuser:

$ rsync -avz -e ssh remoteuser@remotehost:/remote/dir /this/dir/

and type in remoteuser@remotehost's password when prompted. I do need to make sure that remoteuser has read permissions to /remote/dir/ on remotehost, and that thisuser has write permissions to /this/dir/ on thishost. Also, 'rsync' and 'ssh' should be in thisuser's path (use "which ssh" and "which rsync"), 'rsync' should be in remoteuser's path, and 'sshd' should be running on remotehost.

Configuring thishost

If that all worked out, or I eventually made it work, I am ready for the next step. I need to generate a private/public pair of keys to allow a 'ssh' connection without asking for a password. This may sound dangerous, and it is, but it is better than storing a user password (or key password) as clear text in the script. I can also put limitations on where connections made with this key can come from, and on what they can do when connected. Anyway, I generate the key I will use onthishost (as thisuser):

$ ssh-keygen -t dsa -b 1024 -f /home/thisuser/cron/thishost-rsync-key
Generating public/private dsa key pair.
Enter passphrase (empty for no passphrase): [press enter here]
Enter same passphrase again: [press enter here]
Your identification has been saved in /home/thisuser/cron/thishost-rsync-key.
Your public key has been saved in /home/thisuser/cron/thishost-rsync-key.pub.
The key fingerprint is:
3a:24:d6:a2:14:de:3b:aa:12:da:e5:7c:cd:01:aa:10 thisuser@thishost

and now we have a key with no password in the two files mentioned above. Make sure that no other unauthorized user can read the private key file (the one without the '.pub' extension).

This key serves no purpose until we put the public portion into the 'authorized_keys' file on remotehost, specifically the one for remoteuser:

/home/remoteuser/.ssh/authorized_keys

I use scp to get the file over to remotehost:

$ scp /home/thisuser/cron/thishost-rsync-key.pub remoteuser@remotehost:/home/remoteuser/

and then I can prepare things on remotehost.

Configuring remotehost

I 'ssh' over to remotehost:

$ ssh remoteuser@remotehost

remoteuser@remotehost's password: [type correct password here]
$ echo I am now $USER at $HOSTNAME
I am now remoteuser at remotehost

to do some work.

I need to make sure I have the directory and files I need to authorize connections with this key:

$ if [ ! -d .ssh ]; then mkdir .ssh ; chmod 700 .ssh ; fi
$ mv thishost-rsync-key.pub .ssh/
$ cd .ssh/
$ if [ ! -f authorized_keys ]; then touch authorized_keys ; chmod 600 authorized_keys ; fi
$ cat thishost-rsync-key.pub >> authorized_keys

Now the key can be used to make connections to this host.

Now that I have the key with no password in place and configured, I need to test it out before putting it in a cron job (which has its own small set of baggage). I exit from the ssh session to remotehost and try:

$ rsync -avz -e "ssh -i /home/thisuser/cron/thishost-rsync-key" remoteuser@remotehost:/remote/dir /this/dir/

If it asks for a password, I will check permissions on the private key file (onthishost, should be 600), on 'authorized_keys' and (on remotehost, should be 600), on the '~/.ssh/' directory (on both hosts, should be 700), and on the home directory ('~/') itself (on both hosts, should not be writeable by anyone but the user).

If things still aren't working out, some useful information may be found in log files. Log files usually found in the /var/log/ directory on most linux hosts, and in the/var/log/secure log file on Red Hat-ish linux hosts. The most useful logfiles in this instance will be found on remotehost, but localhost may provide some client side information in its logs. If you can't get to the logs, or are just impatient, you can tell the 'ssh' executable to provide some logging with the 'verbose' commands: '-v', '-vv', '-vvv'. The more v's, the more verbose the output. One is in the command above, but the one below should provide much more output:

$ rsync -avvvz -e "ssh -i /home/thisuser/cron/thishost-rsync-key" remoteuser@remotehost:/remote/dir /this/dir/

Hopefully, it will always just work flawlessly so I never have to extend the troubleshooting information listed here.

Disable ssh root direct login

For security reasons it is not a good idea to permit ssh root direct login, it is better to login as another user, and then switch to root using the 'su -' comand, to do this, you need to disable root from login directly using ssh protocol, this will decrease the possibility of a hacker breaking your linux box, as now he will have to guess your user name and your password

Ok, let's go and see to make this.

Edit the file /etc/ssh/sshd_config

nano /etc/ssh/sshd_config

I strongly recommend you to open two logins if doing this from a remote connection, and never close one of them, in case you need to roll back the configuration

locate this line with, writing this onces editing with vi or vim

:/Protocol

if it says

Protocol 2,1

change it to:

Protocol 2

This will enable only ssh2 which is more secure that ssh, do not do this if you need to log with a client that only support ssh, and not ssh2 protocol.

Next locate this line "PermitRootLogin yes" by entering this on your vi or vim editor

:/PermitRootLogin yes

and change it to this:

PermitRootLogin no

now restart the ssh service.
If Fedora or CentOS

/etc/init.d/sshd restart

If Debian or Ubuntu

/etc/init.d/ssh restart

Test that you can login and gain root access with 'su -' (without quotes), before, you left your root remote connection