GIMP is my new goto for editing pdfs, not as good as the real thing — it edits by drawing graphics over the page — rather than typing in forms on the page — but for filling out basic paper forms it can work well.
1) save pdf
2) open pdf with gimp
3) pick your resolution (100 pixels can work well for basic stuff)
4) draw on or, type on your page
5) export back to pdf — can even overwrite the orig file.
centos 6 qmail (just qmail) for local outbound email only
after you’ve already done this: http://rln.d13dns.com/2014/07/19/djbdns-dnscache/
(if you’re not interested in a djbdns dns cache do the first two parts to install daemontools and ucspi)
Install outbound only qmail smtp service to your box with the following:
cd /var/tmp/
yum install gcc gcc-c++ make patch pam-devel openssl* wget -y
yum install vim-common vim-enhanced autoconf automake -y
wget http://www.qmail.org/netqmail-1.06.tar.gz
tar zxf netqmail-1.06.tar.gz
cd netqmail-1.06
mkdir -p /var/qmail/alias
groupadd nofiles
useradd -M -g nofiles -d /var/qmail/alias alias
useradd -M -g nofiles -d /var/qmail qmaild
useradd -M -g nofiles -d /var/qmail qmaill
useradd -M -g nofiles -d /var/qmail qmailp
groupadd qmail
useradd -M -g qmail -d /var/qmail qmailq
useradd -M -g qmail -d /var/qmail qmailr
useradd -M -g qmail -d /var/qmail qmails
make setup check
./config
cat /dev/null > /var/qmail/control/rcpthosts
echo ./Mailbox >/var/qmail/control/defaultdelivery
cat > bin/qmailctl
# cut and paste contents of script from 2.8.2.1
# http://www.lifewithqmail.org/lwq.html#start-qmail
chmod 755 /var/qmail/bin/qmailctl
mkdir -p /var/qmail/supervise/qmail-smtpd/log
mkdir -p /var/qmail/supervise/qmail-send/log
echo '#!/bin/sh' >/var/qmail/supervise/qmail-send/run
echo 'exec /var/qmail/rc' >>/var/qmail/supervise/qmail-send/run
echo '#!/bin/sh' >/var/qmail/supervise/qmail-send/log/run
echo 'exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t /var/log/qmail' >>/var/qmail/supervise/qmail-send/log/run
cat > /var/qmail/supervise/qmail-smtpd/run
# cut and paste contents of script from 2.8.2.2
# http://www.lifewithqmail.org/lwq.html#start-qmail
# if you get segfaults when you try to start qmail-smtpd
# you need to increase the soft limit in this file (9000000)
# did the trick for me
# change the last line of the above script
# change the "0 smtp" to "127.0.0.1 25"
echo 5 > /var/qmail/control/concurrencyincoming
chmod 644 /var/qmail/control/concurrencyincoming
echo '#!/bin/sh' > /var/qmail/supervise/qmail-smtpd/log/run
echo 'exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t /var/log/qmail/smtpd' >> /var/qmail/supervise/qmail-smtpd/log/run
chmod 755 /var/qmail/supervise/qmail-send/run
chmod 755 /var/qmail/supervise/qmail-send/log/run
chmod 755 /var/qmail/supervise/qmail-smtpd/run
chmod 755 /var/qmail/supervise/qmail-smtpd/log/run
mkdir -p /var/log/qmail/smtpd
chown qmaill /var/log/qmail /var/log/qmail/smtpd
ln -s /var/qmail/supervise/qmail-send
/var/qmail/supervise/qmail-smtpd /service
echo '127.:allow,RELAYCLIENT=""' >>/etc/tcp.smtp
/var/qmail/bin/qmailctl cdb
echo '#!/bin/sh' > /var/qmail/rc
echo >> /var/qmail/rc
echo '# Using stdout for logging' >> /var/qmail/rc
echo '# Using control/defaultdelivery from >> /var/qmail/rc
echo '# qmail-local to deliver messages by default >> /var/qmail/rc
echo >> /var/qmail/rc
echo 'exec env - PATH="/var/qmail/bin:$PATH" ' >> /var/qmail/rc
echo 'qmail-start "`cat /var/qmail/control/defaultdelivery`"' >> /var/qmail/rc
chmod 755 /var/qmail/rc
/var/qmail/bin/qmailctl stop ;
/var/qmail/bin/qmailctl start
woe to the passive mode, woe to the active mode
#This always seems to bite me in the ass.
#dont’ forget to :
# modprobe ip_conntrack_ftp
-A INPUT -p tcp -m tcp –dport 21 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPT
# -A OUTPUT -p tcp -m tcp –dport 21 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp –dport 20 -m conntrack –ctstate ESTABLISHED,RELATED -j ACCEPT
#-A OUTPUT -p tcp -m tcp –dport 20 -m conntrack –ctstate ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp –sport 1024: –dport 1024: -m conntrack –ctstate ESTABLISHED -j ACCEPT
#-A OUTPUT -p tcp -m tcp –sport 1024: –dport 1024: -m conntrack –ctstate ESTABLISHED,RELATED -j ACCEPT
xen xcp xapi change from eth0 to eth1 (after you delete eth0 eth1 becomes eth0 orn reboot)
#get the uuid of the box you want to add the eth1 to
xe vm-list
#list the interfaces that are associated with that box
xe vif-list | grep
#get list of network-uuids to pick from (in my case there are only 2)
xe vif-list |grep network-uuid| sort -u
# make the eth1 interface
vif-create device=1 vm-uuid= network-uuid=
# plug in the eth1 interface (uuid from prior step)
xe vif-plug uuid=
# unplug the eth0 interface (uuid from step 2)
xe vif-unplug uuid=
#delete the eth0 interface (after a reboot your new eth1 will be eth0)
xe vif-destroy uuid=
xcp xe change number of cpus
xe vm-param-set VCPUs-at-startup=1 uuid=
Slow role ssh brute force
Discovered this slow roll ssh attack from looking at bandwidth graphs on a new hardly used server (6 bytes per second). The attached file is actually just ascii… bar.
funky networking bug
Able to download at 8-20 Mbps, only able to upload at 300kbps. Advertised rate is more than 10x that. It was on all uploads I tried (ssh, ftp, http).
Aside: it is nearly impossible to do anything on Charter’s website but get stuck in their endless “help pages”.
Finally called and they eventually got me to plug directly into the cable modem, and the problem is gone. So after giving their tech support person high marks, I tried to upgrade to latest free router software but no go, my wrt couldn’t get an IP from charter – downloaded next most recent version to my smart phone and then ftp’d it from my smart phone with an FTP server app over wifi. (I didn’t have the right software to download data from my new smartphone over the cable – darn MTP)
The initial problem was with a very old version of the free router software on a WRT and 1 year old motorola cable modem. The version that would install kinda worked with faster uploads but would frequently crash, so switched to a red vegetable variant with much better results.
xcp add disk
xe sr-list #gives you a list of sr’s from which to pick a sr-uuid
xe vdi-create sr-uuid= name-label= type=user virtual-size=
#the above vdi-create outputs a vdi-uuid
xe vm-list # gives you a list of vm’s from which to pick a vm-uuid
xe vbd-create vm-uuid= vdi-uuid= bootable=false mode=RW type=Disk device= #pick an unused device name (my box had “disks” up to xvdc so I used xvdd)
# the above vbd-create outputs the vbd’s uuid
xe vbd-plug uuid=
#your new devices should now be visible from your domU
new vps with centos 6 for tinydns secondary
yum update -y ;
vi /etc/sysconfig/iptables; #configuring iptables is an exercise for the reader
iptables-restore /etc/sysconfig/iptables;
/etc/init.d/httpd stop;
chkconfig --del httpd;
/etc/init.d/sendmail stop;
chkconfig --del sendmail;
/etc/init.d/xinetd stop;
chkconfig --del xinetd;
#install daemontools (djb does crazy things with symlinks - trust me when I say you want this package installed and built under /usr/local)
yum install gcc -y;
cd /usr/local/src;
wget wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz;
tar zxf daemontools-0.76.tar.gz;
pushd admin/daemontools-0.76;
vi src/conf-cc;# append gcc line with this: -include /usr/include/errno.h ;
./package/install;
popd;
#install ucspi
wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz;
tar zxf ucspi-tcp-0.88.tar.gz;
pushd ucspi-tcp-0.88;
vi conf-cc ;# append gcc line with this: -include /usr/include/errno.h ;
make setup check;
popd;
#install djbdns
wget http://cr.yp.to/djbdns/djbdns-1.05.tar.gz;
tar zxf djbdns-1.05.tar.gz;
pushd djbdns-1.05;
vi conf-cc; # append gcc line with this: -include /usr/include/errno.h ;
make setup check;
popd;
#install a local dns server for looking up addresses
useradd -d /var/dnscache -s /bin/false dnscache;
useradd -d /var/dnscache -s /bin/false dnslog;
rm -rf /var/dnscache;
dnscache-conf dnscache dnslog /var/dnscache 127.0.0.1;
touch /var/dnscache/root/ip/127.0.0.1;
ln -sf /var/dnscache /service/;
#update the root nameservers that dnscache above uses
yum install bind-utils -y;
/etc/init.d/named stop;
chkconfig --del named;
for file in `dig |grep root-servers.net|awk '{ print $5 }'`;do host $file;done|grep -v IPv6|grep -v mail|grep -v pointer|awk '{ print $4 }'|sort -n > /var/dnscache/root/servers/@ ;
#setup svscan
#this next line is for centos and variants -- ubuntu doesn't seem to have an #/etc/inittab
vi /etc/inittab # get rid of this line: SV:123456:respawn:/command/svscanboot
#the next 5 lines work on centos and kin and ubuntu and kin
echo "start on runlevel [12345]" > /etc/init/svscan.conf;
echo "respawn" >> /etc/init/svscan.conf;
echo "exec /command/svscanboot" >> /etc/init/svscan.conf;
initctl reload-configuration;
initctl start svscan;
#setup tinydns
useradd -d /var/tinydns -s /bin/false -M tinydns;
useradd -d /var/tinydns -s /bin/false -M tinylog;
tinydns-conf tinydns tinydns /var/tinydns IP;
ln -sf /var/tinydns /service/
# configure your replication
# e.g. rsync over ssh triggered from the Makefile on the primary
# exercise for the reader ...
backup to warm-swapable disk
#physically insert disk
# on this next line the hostN number may be different
echo “- – -” > /sys/class/scsi_host/host5/scan
mount /dev/sdc1 /mnt
rsync -aHxv /boot /mnt
rsync -aHxv /dev /mnt
rsync -aHxv / /mnt
#this is for a special home directory
mount –bind / /media
rsync -axv /media/home/user /mnt/home/
umount /media
umount /dev/sdc1
#stuff to spindown disk
sudo hdparm -Y /dev/sdc
#physically remove disk