Converting SSL-certificates from CRT format to PEM

MENTAL NOTE from http://moze.koze.net/?p=81
Converting SSL-certificates from CRT format to PEM

Dovecot, for example, seems to expect pem-files, while RapidSSL only issues
crt-files. The solution? Use OpenSSL to convert (via the DER-format) to pem:

openssl x509 -in input.crt -out input.der -outform DER

then

openssl x509 -in input.der -inform DER -out output.pem -outform PEM

Oracle VS IBM – “Independent” Study

Today Oracle launched a paper that focus the gains of Oracle solutions over Solaris VS IBM solutions over AIX.

You can find the paper here.

After reading the entire paper I find it quite tendentious.

I’m not a Oracle/SPARC fan nor a IBM/Aix fan, although I’ve worked with both for years, my favorite OS is Linux, and well i also Solaris a bit.
So why do I find it tendentious:

1 – The way it’s written, for every user comment they say a slightly positive thing about IBM, but the really good thing is Oracle/Solaris.

2 – I don’t doubt that the interviews were conducted I’m almost sure the people were selected. As I told before I like Linux, if i want i can manage to get 20 sys admins that will focus that Linux is better than Solaris, I just have to select the right ones. Although I know it’s not the case in many issues, it is others.
Everyone likes to defend it’s favorite technology.

3 – Who ordered the study? The study costs money and with so many interviews who payed for it?

4 – It’s not possible that an independent study interview dozens of people and they all point in the same direction, even on the price issue that flavors IBM it’s not good because there are hidden costs. I know the costs are there, but for experts they aren’t that hidden.

5 – Why does it says it’s confidential on the front page and it’s published on Facebook.com? If it was a true confidential report it wouldn’t be widely spread by Oracle.

I don’t want to look picky but as a piece of marketing this is a no go, at least in my opinion.
I like Oracle products like Unbreakable Linux, Solaris, MySQL, Oracle DB, OpenOffice and so on, I just don’t like companies that try to make you a fool with propaganda.

Cheers,
Pedro Oliveira

Cloud computing – A must, a hype or something you had with a different name?

Usually I write about technical stuff, or my rc cars, but this time I’m going to write about cloud computing, which isn’t that technical.

While reading two magazines today one had in the cover “Cloud computing you can’t afford to leave this one out” and the other “Cloud computing a must for every company”.

So, if your in IT certainly heard about cloud computing, but lets start by defining cloud computing; cloud computing is is a style of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet. Users need not have knowledge of, expertise in, or control over the technology infrastructure in the “cloud” that supports them (Wikipedia definition).

Having said this you probably are using the cloud, if you use gmail,hotmail, or something like that, apart from the mail service you may be using picasa storage, dropbox, or even HI5 or Facebook to share photos and if you use a blog is probable that’s on the cloud too.  But the cloud concept is wider. Imagine that your company as all the info on the cloud, all the applications that support your business, and that your systems are on the cloud too. You just leave your cheap PC clients, or thin clients, or whatever equipment you use to connect to the Internet and your piece of the cloud.

In theory this is a great tool, you won’t have to worry about uptime, backups, system maintenance, sys admins, power failures,air conditioning, but on the other end you’ll be dependent on your providers and your ISP. You won’t be free to change and you won’t be so versatile, your choices will be your providers choices and in the end applications and systems won’t be made to suit your needs but they’ll suit part of your needs and all your provider needs. Apart from that you’ll probably end spending more than you would if you had your own IT.

Sometime ago I was thinking in using amazon S3 for backing up my personal  data, photos, personal movies, my documents, as well as my family ones. Right now I’ve a BackupPC on a server to do it all and backing up about 3.5TB of info. With my usage profile amazon would cost me about 350€ a month, so as fast as I though in using amazon I lost the idea of using it, with 2 month of service I could buy a new server to do all the backup and with another month of service I could pay electric bill,space, and man work hour for a year.

Then a client that happily uses Sugar CRM, heard about “the cloud” and thought that easily could migrate sugar to SalesForce and all the applications on the company to Google Apps. So we asked for prices and the price of the cloud was about 960% more than the regular prices of applications and Sugar licenses, and this including all the system maintenance, space and electric costs.

So I started wondering, in the end I don’t see people pay less for the cloud usage, I see people having a smaller initial cost that in the end will be much greater than the original one.

I’m sure many of you had already made your own investigations about the cloud? Are you getting to the same conclusions?

Till now I’ve been writing  about costs, now lets get to  flexibility and limitations.

Usually when talking about the cloud everyone sells you that the cloud is flexible, that the cloud will suit your needs and that it will grow when your business grow and get smaller when your business is going through a bad time.

In the end your cloud won’t be that flexible, most of “cloud providers” will have well established limits on amount of CPU usage/time, there will be limits on bandwidth, limits on connections per second and if you need to pass those limits you’ll be paying a lot for it. Then the small letter of the contract, sometimes you can have more processor power because you needed it but then you have to keep it for the minimum period, sometimes a year or even more.

But well the cloud is cutting edge innovation so this is something worth paying for. Once again this isn’t totally true, IBM as a cloud scheme running for decades, corporate clients may pay for processor, MIPs, processor time and memory usage. Apart from IBM, other companies worked like this for ages, companies like HP, SUN, and others.

So what’s new? In my opinion the news are the way you interact with the cloud, making the browser the central part and unification point. The larger bandwidth available today also made this possible and the content is much richer.

I can see a really good usage for the home user who don’t want to worry with tech things, I see youtube, twitter, hi5, facebook and others growing and companies using those with a business mind, honestly I don’t see companies putting their secrets, their know how, their experience, and their core on the hand of a cloud, I may be wrong but right now I don’t see it moving that way (maybe I need glasses). I see a big fuss on the cloud as I’ve seen the .com bubble and IT recession, I’ve seen the thin-client revolution and the virtualization boom, now I see the cloud hype and in a few months or years something new will come up and all this will be forgotten. I’ll see companies moving towards a new hype and I investors spending they bucks on something else.

So to conclude; I don’t think the cloud is a must, I think it’s something that you already had with a different name, and  it became an hype because of a lot of marketing and publicity. If you think a little bit you’ll see who wins  with all the hypes, usually isn’t your company nor mine.

Cheers,

Pedro Oliveira

Avoiding SSH password authentication with plink

Sometimes theres a need to use ssh with the password as a command line parameter, I know keys do exist and may be used for a “passwordless” login, I know you may use expect to create a script to type the password for you. But if you just want a plain simple tool to do it you may use plink.

Usually plink isn’t available in the distro (at least with SuSE and Fedora) so you may need to download it’s source and compile it.

Get it from http://the.earth.li/~sgtatham/putty/latest/putty-0.60.tar.gz

Untar it with: tar -zxvf

Sometimes theres a need to use ssh with the password as a command line parameter, I know keys do exist and may be used for a “passwordless” login, I know you may use expect to create a script to type the password for you. But if you just want a plain simple tool to do it you may use plink.

Usually plink isn’t available in the distro (at least with SuSE and Fedora) so you may need to download it’s source and compile it.

Get it from http://the.earth.li/~sgtatham/putty/latest/putty-0.60.tar.gz and follow the commands:

tar -zxvf putty-0.60.tar.gz

cd putty-0.60/unix

./configure ; make ; sudo make install

and your done compiling.

Now lets talk about using plink, you may use plink as a regular ssh client, something like; plink pedro@192.168.1.1 and it will behave as your regular ssh client. Now try plink user@server -pw your_password and “voilá” you logged in. For safety issues type “history -c” (this will cleanup your history).

If you want, and this is the main use of plink, automate and ssh script to run in batch mode as for instance in a cron script your may use something like (lets suppose you have a text file called login_data.txt, with 2 entrances by line separated by spaces, the first entrance will be the host and the second the password) and you want to login with root and execute the command poweroff:

#!/bin/bash

cat  login_data.txt | while read LINE ; do

CLEANED=`echo $LINE | tr -s ” ” LINE ; # this will clean the extra spaces

HOST=`echo $CLEANED |  cut -d ” ” -f 1`;  this will extract the host

PASSWD=`echo $CLEANED|  cut -d ” ” -f 2`; this will extract the passwd

plink root@$HOST -pw $PASSWD shutdown ;

done

Just be very careful with permissions on files that have clear text passwords, ideally they shouldn’t exist but sometimes every sysadmin as such needs.

If you want you may check further info on plink on putty web site or by just typing plink on the command line.

The above scrip only works if you had already logged in at least one time (you still need to accept the ssh server key) if you totally want to automate it you may use expect (I’m hopping to write about it sometime soon).

Cheers and see you next time