Sharing too much online can be bad!

I found a great article that goes over some of the dangers of social networks and users who share too much of their personal data with the public.  Here: “Online oversharing can be downright unsafe, as an app making headlines for being creepy and undermining the privacy of women shows.  A geo-location based app called Girls Around Me shows users a radar overlaid on top of a Google Map, “out of which throbs numerous holographic women posing like pole dancers in a perpetual state of undress,” Cult of Mac reports.” 

Check out the article yourself.

Who’s Been Viewing My Facebook Page?

Facebook UnfriendI thought I would put up a quick post on this topic because I keep seeing it make the rounds on Question/Answer sites like Askeville, Yahoo and the like. It’s interesting to see the answers that some people provide, from it cannot be done to it can just do this or buy my special software tool and see everything! I am not sure why people are all that tied up about who is looking at their Facebook page, but, it seems to be important to a lot of folk. Here is what I have been able to find out.

According to Facebook technical folks, the truth is, no one can see who’s been on your Facebook page. There are no features buried in the Facebook settings with that data, and there are no apps that can unearth that information for you. Facebook says that this is one of the most common scam tactics that is used to defraud users of the site. Don’t fall for it; you cannot see who is or has been looking at your profile, and no one can see if you have been looking at theirs.

LOLCat UnfriendIn other news, there are apps and tools to see who’s un-friended you. Facebook tries to minimize these apps, but they can be found. There is one that you download to your computer called UnFriend Finder and another for Android called Friends Checker. Sign in, and they store a list of your friends.  Then, every time you check back, it tells you who’s no longer on the list.  UnFriend Finder also reminds you of friend requests you’ve made that haven’t been answered. For Twitter, Qwitter does the same thing, telling you who’s un-followed you each week. Naturally, the earlier you employ these tools, the more effective they will be.

Please note that mentioning any tools in this post is not an endorsement of those tools, no one here at Solarum has seen or used them in any way and therefore are not recommending them. They are listed for informational purposes only. Hope that helps!!

A little history for all us starnix guys (and gals) out there

<a href="http://www.solarum weight reduction pills.com/wp-content/uploads/2012/08/ken-and-den-1024.jpg” target=”_blank”>Ken Thompson (seated) and Dennis RitchieIf you spend any amount of time working with or administering UNIX and/or Linux servers, especially UNIX, you should be familiar with the text editor ‘vi’ and some commands like ‘sed’ and ‘awk’. If you have been around a while, or had the good(?) fortune of working on some old(er) systems, you might even remember the line editor ‘ed’. I’ll show my age here and recall fond memories of using ‘ed’ to write code many years back.

OK, on to the point, I was looking through Wikipedia for something entirely un-related, but ran across a tidbit of information that I thought was really cool, and that I knew I had to share with Solarum’s readers. It gives a bit of history about some of the tools that we use and love today.

From Wikipedia:

“ed is a line editor for the Unix operating system. It was one of the first end-user programs hosted on the system and has been standard in Unix-based systems ever since. ed was originally written in PDP-11/20 assembler by Ken Thompson in 1971. Ken Thompson was very familiar with an earlier editor known as qed from University of California at Berkeley, Ken Thompson’s alma mater; he reimplemented qed on the CTSS and Multics systems, so it is natural that he carried many features of qed forward into ed. Ken Thompson’s versions of qed were the first to implement regular expressions, an idea that had previously been formalized in a mathematical paper, which Ken Thompson had read. The implementation of regular expressions in ed is considerably less general than the implementation in qed.

ed went on to influence ex, which in turn spawned vi. The non-interactive Unix command grep was inspired by a common special use of qed and later ed, where the command g/re/p means globally search for the regular expression re and print the lines containing it. The Unix stream editor, sed implemented many of the scripting features of qed that were not supported by ed on Unix; sed, in turn, influenced the design of the programming language AWK, which in turn inspired aspects of Perl.”

It’s pretty cool how stuff flows and comes together. Who knew or would have thought that a couple simple commands or programs would turn into what we have today.

*Note: starnix refers to the combination of UNIX, Linux and any other ix/ux OS that we work with.

Check out this cool service – Pastebin

I just recently found this, and I know, a bunch of you probably already know about it and maybe have for a long time. But hey, I just found out about it and it is so cool I just had to tell everyone! The site is called Pastebin and it’s a cool site (the site is very well done!) and service for anytime you are working with code, log files, and/or other gobs of strangely formatted text.

We all know how tough it is to try and past the source of our scripts, or contents of config files or log files into regular forum input boxes. Heck, for that matter, let us not forget how tough it is getting that kind of stuff posted correctly in WordPress itself. This Pastebin site allows you to past your copious amounts of text there, where it has all of the magic juju to display it properly, even formatting code correctly with syntax highlighting. All you have to do, once you paste your text into the bin, is add the link to your post or article or whatever. Then anyone reading it can go check it out at Pastebin and not try and decipher the text in whatever manner it would have gotten mangled on the screen in the first place.

I think this is going to be a great headache save for lots of us as more and more communication goes online, especially in the tech crowd.  Go check out Pastebin [link]now and see for yourself.  They have a Pro option with extra goodies, but you most certainly can use the service for free too.  If you like it, tell your friends too and help ’em out!

Navicat SSH Tunnel Error – 2013 Lost connection to MySQL server

This post is for anyone out there running any Navicat database tools.  The company, PremiumSoft, that makes the line of Navicat tools is probably best known for there incredible database administration tool, Navicat.  That’s where I first found them.  They make a database admin tool that can connect to MySQL, MS SQL Server, Oracle, SQLite and everything in between.  Aside from being able to connect to just about anything that stores data, once connected you can do so many cool things with your databases in the name of database administration, that it would take me a week to create a post for it all.  Besides, this post isn’t a commercial for Navicat, but I did have to share just how good this product is.  Believe me, it is amazing, and now they have this really wicked data modelling tool that works hand in hand with the database admin tool.  You need to see it to believe it.  Check out their site [link], they have very good demos and lots of information about the products.

My apologies, I digress, the main purpose of my post was to inform any people already using Navicat or any of the other PremiumSoft products about a problem I ran into and a way to fix it.  I am using the software with MySQL databases primarily, but I believe the principle of the fix will apply to any database and server out there, especially Linux.

Now, one of the really cool things about the database admin and data modeling tools is that they can connect to your database via a SSH (Secure Shell Port 22) tunnel, instead of the normal default and usually plain text method.  For example, by default, when you connect to a MySQL server, the username and password you give to the server is sent in plain text, so anyone can read it.  Any command you type on that database console is also sent in plain text, so anyone can read it.  Think about the new user you just created for your new web hosting customer. What if their database username and password fell into the wrong hands.  It might be bad, it might not, it might be localized just to that one customer/user which would be bad enough, but suppose they found an exploit and got root on your server.  Now they have all of your data.  Even if you don’t have any data that is secret, just the hassle alone, not to mention explaining all of this to your customer(s) make this a really bad day.

This isn’t usually a big concern if you are running the database on the same server as the web server (which is common practice in many hosting scenarios), and if your database tools are on the server like the MySQL command line tools and such.  But what if you want to connect to the database from say, your PC?  Like you would do if using a database admin tool like Navicat.  You certainly don’t want all of the data that you will be sending back and forth to be in plain text, right?  Well, now you don’t have to leave it in plain text!  You can setup the connection in Navicat to connect to the Secure Shell server, which means you have an encrypted connection and not plain text.  Then, you can use the SSH tunnel that was created to connect to the database server itself.  What this means is that you use the SSH server to redirect your communications to the database server locally, so no one can see it.  Just like you were sitting at the server itself.

I’ll run through it again real quick, see if this makes sense.  The connection between your PC and the server running database is now encrypted and secure from prying eyes because instead of connecting to the database server directly, you are connecting to the Secure Shell server.  It is now the Secure Shell server that takes your communication and hands it off to the database server internally, so it’s safe from anyone watching outside.  It’s really cool, and just another reason I love the Navicat product so much.  Not to mention Linux as well!

The problem that I found was this, when I created the link to the SSH server in order to talk to the MySQL server, it wouldn’t connect.  I would get the connection to the SSH server, but when it then tried to talk to the database server, the database server kicked it out like no connection could be made.  I tried connecting locally from the Linux console think that maybe I killed some MySQL process that listens for connections, but it was working fine.  I tried it again and again but it just didn’t work.  The error I was getting from Navicat was this:

2013 – Lost connection to MySQL server at ‘reading initial communication packet’, system error: 0

I did some digging and found a basic setting to check.  This didn’t fix the problem, but I thought I would share it here since it has to be set in order for the tunnel to work:

  1. In the sshd config file (/etc/ssh/sshd.config) make sure that AllowTcpForwarding is enabled, because the default is disabled in most cases.

What I finally found to be causing the problem, was TCP_WRAPPERS.  Naturally, in my hosts.allow file I had the IP address of my PC in there, so that I could connect to the server.  So at first this seemed odd that this was my problem.  However, when you think about it, it makes sense.  The connection that is coming to the MySQL server originates not from my PC, but from the SSH server itself.  That’s right, because my connection stops at the SSH server, and then the SSH server sends the data to the database server.  This is a simplified view of things, but it should work to illustrate what’s going on.  Therefore, the simple fix was to add mysqld: localhost or 127.0.0.1 to the hosts.allow file in order to allow the traffic to go through TCP_WRAPPERS and to the MySQL server.  I read more about this once I worked it out, and I saw some “technicians” offering the solution of adding mysqld: ALL to their hosts.allow file.  Egads! I said!  Technically that would work, but damn, don’t open it up to allow everyone into your databases!!!  Just add localhost or 127.0.0.1 and you will be fine, and you will keep out the other riff raff.  I hope this helps some of you out there, enjoy!