one year
It is exacly one year after first post… one year of new challenges and experience. So… maybe some statistics.
My blog has 48195 visits (without bots)… and 33159 unique.
Thanks for all your comments (23), and to RSS readers (12).
Best regards for all,
And see you in the future :)… near I hope :]
convert security.fdb to security2.fdb in firebird
I have to migrate from firebird 1.5 to 2.0. And of course there was a databases migration. The security.fdb as it is said in /opt/firebird/upgrade/security_database.txt is not compatibile:
You can’t use pre-2.0 security database in firebird 2.0 or higher directly.
If you try to put old security.fdb into firebird’s new home directory with
new (security2.fdb) name, you will get a message - cannot attach to password
database. That’s OK and is by design. In order to be able to use old database,
you must run appropriate upgrade script - security_database.sql. To do so:
1. Put your old security database in some known to you place (not new home directory). Always have a copy of it!
2. Start firebird using it’s new, native security2.fdb.
3. Convert your old security database to ODS11 (i.e. backup and restore it using gbak from firebird 2.0). Without this step you will get failure running security_database.sql!
4. Connect to restored database as SYSDBA and run the script.
5. Stop firebird.
6. Copy upgraded database to firebird’s home directory (as security2.fdb).
7. Start firebird.
but point 3 is not explained. so… let’s rock…
To be sure - You have to change native sercurity2.fdb password to same as your sysdba in previous version of firebird has, and check if firebird is running!
# /opt/firebird/bin/changeDBAPassword.sh
Please enter current password for SYSDBA user: oldpassword
Please enter new password for SYSDBA user: masterkey
STEP 1 (make a copy of security.fdb):
# /opt/firebird/bin/gbak -user SYSDBA -password masterkey /opt/firebird/security.fdb /opt/firebird/security.fbk
if you get following error you have to chown security.fdb to firebird user!
gbak: ERROR:I/O error for file “/opt/firebird/security.fdb”
gbak: ERROR: Error while trying to open file
gbak: ERROR: Permission denied
gbak:Exiting before completion due to errors
STEP 2 (restore the database):
# /opt/firebird/bin/gbak -rep -user SYSDBA -password masterkey /opt/firebird/security.fbk /opt/firebird/security.fdb
STEP 3 (database conversion):
# /opt/firebird/bin/isql -user SYSDBA -password masterkey -i /opt/firebird/upgrade/security_database.sql /opt/firebird/security.fdb
STEP 4 (stop the firebird):
# service firebird stop:
STEP 5 (overwrite the old security fdb):
cp security.fdb security2.fdb
that’s all… simple 
don’t you think so?
WORN - Write Once Read Never - new trend in hard disk production?
Yesterday I participated Hitachi Storage training, which was about new AMS 2500 storage and its new active-active controller. A few white papers can be found below. I attach two additional links. One which has some interesting info about disk failures (from FAST’07: 5th USENIX Conference on File and Storage Technologies) and one about risk of raid5 in disks bigger than 750GB. So - remeber the WORN rule - which make SATA drives compleatly untrusted
symmetric-active-active-controller
transmission-1.40 at centos 5 libcurl problem
When I tried to update my transmission (1.34) bittorent client to newest version 1.40 at centos 5 I got a configure error:
Requested ‘libcurl >= 7.16.3′ but version of libcurl is 7.15.5
and it is true… libcurl in centos 5 is now 7.15.5 and probably will not be updated in a short time. As a solution, I tried to rebuild a fedora 8 src package.
What I need was: curl-7.16.4-8.fc8.src.rpm and rpmbuild in my centos system. You will probably need nss-devel and nspr-devel so install it before running rpmbuild. Let’s rock:
rpmbuild –rebuild –define ‘dist .el5′ curl-7.16.4-8.fc8.src.rpm
after some time you should get files:
-rw-r–r– 1 root root 675076 Nov 11 10:19 curl-7.16.4-8.el5.i386.rpm
-rw-r–r– 1 root root 206491 Nov 11 10:19 curl-devel-7.16.4-8.el5.i386.rpm
of course, you can download them from my repo (click at them). Now you can easly install both:
# rpm -Uvh /usr/src/redhat/RPMS/i386/curl-*
Preparing… ########################################### [100%]
1:curl ########################################### [ 50%]
2:curl-devel ########################################### [100%]
Duplicate name exists
After starting windows xp pro, I got:
Duplicate name exists.
Solution:
If changing name for sth random (for example 376huf2e) does not help, check if the workgroup name is not same as one of computers in your network. For me - it solved the problem.
software raid 10 at linux
Today I was looking for some performace tests at linux filesystems, and I found some pages, where raid 10 at linux has been done by merging two raid 1 into raid 0, or simmilar…
Maybe some of you does not know, that linux mdadm support raid10, as you can see below:
# mdadm –create /dev/md2 –level 10 –raid-devices=4 /dev/sda5 /dev/sdb5 /dev/sdc5 /dev/sdd5
mdadm: array /dev/md2 started.
and check:
# cat /proc/mdstat
Personalities : [raid1] [raid10]
md2 : active raid10 sdd5[3] sdc5[2] sdb5[1] sda5[0]
4481920 blocks 64K chunks 2 near-copies [4/4] [UUUU]
[======>..............] resync = 32.2% (1445184/4481920) finish=0.3min speed=160576K/sec
e-mail delivery can’t be guaranteed
One of my business partners has something like this in his disclaimer:
Messages sent to and from CompanyName may be monitored to ensure compliance with internal policies and to protect our business. Emails are not secure and cannot be guaranteed to be error free. Anyone who communicates with us by email is taken to accept these risks.
In my opinion this is perfect definition of whole mailsystem based at pop3 and smtp protocol. It is doddored like whole Internet (which “be or not to be” is based at 13 global nameservers). The main problem is that is has been invented in time - when security was not considered.
Of course - we have the tls/ssl in mail comunication, but we cannot enforce the second server to use it, because of compatibility, and risk of loosing some mails.
No provider can guarantee email delivery. ISP’s have different rules about SPAM detection based on content, subject and how many of their users are reporting emails as SPAM. The best way to make sure that your specific survey invitation is not blocked as SPAM is to pre-test it with free email addresses from hotmail, yahoo etc. But as I said WITH NO GUARANTEE
next problem is that we cannot be sure, that person who send us an e-mail is the real person, not an robot or sth. Yes - there is an SPF - but enforcing it like tls/ssl can make some serious problems to delivery. And like you can read here SPF in his simplicyty is vulnerable too… which is not a good news.
endian firewall community default root password
I do not like to read whole documentation to get the default password, it is wasting of time, so I use google to do it. But it was rather hard do find the default password for endian firewall (Yes, I’ve just installed it for testing purposes). So:
login: root
password: endian
re-add disk to mdadm array
Sometimes you can meet the situation when you lost a drive by accident from your mdadm configuration, as you can see below, two of my arrays has lost a drive:
# cat /proc/mdstat
Personalities : [raid1] [raid0]
md3 : active raid1 sdc2[0] hde2[1]
195358336 blocks [2/2] [UU]md2 : active raid0 sdc1[0] hde1[1]
97675008 blocks 64k chunks
md1 : active raid1 sda1[0]
104320 blocks [2/1] [U_]md6 : active raid1 sdb4[1] sda4[0]
958084352 blocks [2/2] [UU]md0 : active raid1 sda3[0]
14659200 blocks [2/1] [U_]
to re-add it to array just:
# mdadm /dev/md1 -a /dev/sdb1
mdadm: re-added /dev/sdb1
# mdadm /dev/md0 -a /dev/sdb3
mdadm: re-added /dev/sdb3
now - my array is alive and kicking again
# cat /proc/mdstat
Personalities : [raid1] [raid0]
md3 : active raid1 sdc2[0] hde2[1]
195358336 blocks [2/2] [UU]md2 : active raid0 sdc1[0] hde1[1]
97675008 blocks 64k chunksmd1 : active raid1 sdb1[1] sda1[0]
104320 blocks [2/2] [UU]md6 : active raid1 sdb4[1] sda4[0]
958084352 blocks [2/2] [UU]md0 : active raid1 sdb3[2] sda3[0]
14659200 blocks [2/1] [U_]
[>....................] recovery = 1.8% (272128/14659200) finish=2.6min speed=90709K/secunused devices: