Ssh keygen tutorial

ssh-keygen Tutorial – Generating RSA and DSA keys by Guy Rutenberg

Simple guide to generate rsa 2048

Ssh without password

SSH login without password

Sun key tool guide

It explain keytoool and jks.
keytool-Key and Certificate Management Tool

JSON Library Which Can Be Use in JDK 1.4?

JSON Library Which Can Be Use in JDK 1.4?

http://stringtree.org/stringtree-json.html

https://github.com/douglascrockford/JSON-java

http://www.rojotek.com/blog/2009/05/07/a-review-of-5-java-json-libraries/

Simple proxy server to log all the request and response to external

A Simple Multi-Threaded Java HTTP Proxy Server : John Melton's Weblog

enable apache ssl

LoadModule ssl_module modules/mod_ssl.so

#
# When we also provide SSL we have to listen to the
# the HTTPS port in addition.
#
Listen 443
Listen 1443

##
##  SSL Global Context
##
##  All SSL configuration in this context applies both to
##  the main server and all SSL-enabled virtual hosts.
##

#   Pass Phrase Dialog:
#   Configure the pass phrase gathering process.
#   The filtering dialog program (`builtin' is a internal
#   terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog  builtin

#   Inter-Process Session Cache:
#   Configure the SSL Session Cache: First the mechanism
#   to use and second the expiring timeout (in seconds).
SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300

#   Semaphore:
#   Configure the path to the mutual exclusion semaphore the
#   SSL engine uses internally for inter-process synchronization.
SSLMutex default

#   Pseudo Random Number Generator (PRNG):
#   Configure one or more sources to seed the PRNG of the
#   SSL library. The seed data should be of good random quality.
#   WARNING! On some platforms /dev/random blocks if not enough entropy
#   is available. This means you then cannot use the /dev/random device
#   because it would lead to very long connection times (as long as
#   it requires to make more entropy available). But usually those
#   platforms additionally provide a /dev/urandom device which doesn't
#   block. So, if available, use this one instead. Read the mod_ssl User
#   Manual for more details.
SSLRandomSeed startup file:/dev/urandom  256

SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random  512
#SSLRandomSeed connect file:/dev/random  512
#SSLRandomSeed connect file:/dev/urandom 512

#
# Use "SSLCryptoDevice" to enable any supported hardware
# accelerators. Use "openssl engine -v" to list supported
# engine names.  NOTE: If you enable an accelerator and the
# server does not start, consult the error logs and ensure
# your accelerator is functioning properly.
#
SSLCryptoDevice builtin
#SSLCryptoDevice ubsec

##
## SSL Virtual Host Context
##



  Include /etc/httpd/conf.d/ssl.inc
  RedirectMatch ^/[^/]*$ http://www.example.com
  SSLProxyEngine On
  # No forward proxy
  ProxyRequests Off
  ProxyVia Off
  ProxyPreserveHost On
 
    Order deny,allow
    Allow from XX.XX.XX.XX
 

  ProxyPass /abc/ http://XX.XX.XX.XX:XX/abc/
  ProxyPass /xyz/ https://XX.XX.XX.XX:XX/xyz/
  ProxyPassReverse /xyz/ https://XX.XX.XX.XX:XX/xyz/





ssl.inc
---------------

# General setup for the virtual host, inherited from global configuration
DocumentRoot "/var/www/html"

RailsBaseURI /redmine





# Use separate log files for the SSL virtual host; note that LogLevel
# is not inherited from httpd.conf.
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on

#   SSL Protocol support:
# List the enable protocol levels with which clients will be able to
# connect.  Disable SSLv2 access by default:
SSLProtocol all -SSLv2

#   SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.




#   Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate.  If
# the certificate is encrypted, then you will be prompted for a
# pass phrase.  Note that a kill -HUP will prompt again.  A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/pki/tls/certs/XXXX.crt



#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/private/xxxx.key




    SSLOptions +StdEnvVars


    SSLOptions +StdEnvVars



SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

#   Per-Server Logging:

#   The home of a custom SSL log file. Use this when you want a

#   compact non-error SSL logfile on a virtual host basis.

CustomLog logs/ssl_request_log \

          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

Include /etc/httpd/conf.d/ssl/*.conf

How to increase the Java heap memory for Maven 2 on linux

java.lang.OutOfMemoryError: PermGen space (Maven/Jetty)

If you get an error OutOfMemory error while doing mvn site,  to solve this problem one needs to increase the memory available to JVM (i.e. to Maven -- which invokes Jetty)

Increasing memory by setting env variable

export MAVEN_OPTS="-Xmx1024m -Xms1024m -XX:PermSize=256m -XX:MaxPermSize=512m" Reference: http://vikashazrati.wordpress.com/2007/07/26/quicktip-how-to-increase-the-java-heap-memory-for-maven-2-on-linux/ https://wiki.openmrs.org/display/docs/Troubleshooting+Memory+Errors

Read text from image file in Java

There's GOCR and tesseract, but I'm not sure about how their current releases stack up -- what about trying both on some typical inputs you need to deal with, and choose by this trial?

Reference: http://stackoverflow.com/questions/1442608/read-text-from-image-file-in-java

phonegap - splash screen for Android app

Answers

In order to have a splash screen in a PhoneGap Android application you need to put your splash.png file into res/drawable-ldpi, res/drawable-mdpi, res/drawable-hdpi, res/drawable-xhdpi. Where those directories represent low, medium, high and extra large dots per inch. You'll need to resize you slash.png for each directory or Android will stretch it for you.

The sizes of each image should be:

• xlarge (xhdpi): at least 960 x 720
• large (hdpi): at least 640 x 480
• medium (mdpi): at least 470 x 320
• small (ldpi): at least 426 x 320

Then in your main Java class, the one that extends DroidGap, you'll need to add one line and modify another. First add:

super.setIntegerProperty("splashscreen", R.drawable.splash);

this line should show up under super.onCreate but before super.loadUrl. Then you'll need to modify your loadUrl method to pause for 5 seconds before loading up the main page. It would look like this:

super.loadUrl("file:///android_asset/www/index.html", 5000);

That should do it for you.

I've recently made some updates to how the SplashScreen works on PhoneGap Android. The main app now loads while the splash screen is being shown. This is a big improvement over the previous blocking splash screen call. Read more about the changes on my blog.

navigator.splashscreen.hide();

but that call isn't ready yet. However, if you want to be on the bleeding edge you should be able to call:

cordova.exec(null, null, "SplashScreen", "hide", []);

but you are wait out on the edge there so don't blame me if it doesn't work. Then you'll be able to tell the splash screen to go away once you have "deviceready".

document.addEventListener("deviceready", onDeviceReady, false);

function onDeviceReady() {
    console.log("We got device ready");
    cordova.exec(null, null, "SplashScreen", "hide", []);
    // Soon to be
    // navigator.splashscreen.hide();
}

Reference:http://stackoverflow.com/questions/8156841/phonegap-splash-screen-for-android-app

Is it safe to use HTTPS without SSL certificates for my own domains?

Answers

Not verifying the identity of the server you connect to leaves the connection open to potential MITM attacks. SSL/TLS can be used without certificates (with anonymous cipher suites), but they're insecure (and disabled by default); as the TLS RFC says: "Note that this mode is vulnerable to man-in-the-middle attacks and is therefore deprecated." In addition, the HTTPS specification itself expects there to be an X.509 certificate.

Checking the identity of the remote party is a necessary element for securing your system. It's not very useful to exchange data secretly with a remote party who may not be who they claim they are (even if the secrecy is guaranteed).

This being said, you don't have to go via a commercial CA. You can either use self-signed certificates, which you would have to import individually into each client as trusted certificate, or create your own institutional CA. There are tools to do this, ranging from OpenSSL's CA.pl (see man-page), TinyCA or OpenCA amongst others. Some operating systems also provide their own small CA capabilities.

If I connect using my own domainname or IP address, I know I'm the owner. What additional value does an SSL certificate provide if I'm the owner of both ends of a connection?

The certificate assures you that you're indeed connecting to your machine and that the traffic hasn't been intercepted. That's why you need to check that it's a certificate that you recognise.

Reference: http://stackoverflow.com/questions/10029574/is-it-safe-to-use-https-without-ssl-certificates-for-my-own-domains

Self Signed SSL acceptance Android

http://stackoverflow.com/questions/1217141/self-signed-ssl-acceptance-android

SchemeRegistry schemeRegistry = new SchemeRegistry();
// http scheme
schemeRegistry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
// https scheme
schemeRegistry.register(new Scheme("https", new EasySSLSocketFactory(), 443));

HttpParams params = new BasicHttpParams();
params.setParameter(ConnManagerPNames.MAX_TOTAL_CONNECTIONS, 30);
params.setParameter(ConnManagerPNames.MAX_CONNECTIONS_PER_ROUTE, new ConnPerRouteBean(30));
params.setParameter(HttpProtocolParams.USE_EXPECT_CONTINUE, false);
HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);

ClientConnectionManager cm = new ThreadSafeClientConnManager(params, schemeRegistry);

My QR

Automatic Completion in Windows

How to use authomatic Completion in Windows. In Linux, we often type "TAB" to display possible file that match character we typed. This can be done in windows too .. http://support.microsoft.com/
kb/310530

Copy from key2start wordpress

Installing Maven On CentOS

05APR

These are the simple sequences for making maven work on a CentOS machine.

Pre-requisite : Java to be installed, check using java -version

1. Download the current maven version from the prescribed repository, http://maven.apache.org/download.html. I use to work with maven version 2.0.11 and hence downloaded using,

> wget http://www.eng.lsu.edu/mirrors/apache//maven/binaries/apache-maven-2.0.11-bin.tar.gz

Please wait while it is downloaded as a tar archive.

2. Extract the archive to the desired maven home directory, which can be a common, /usr/local/

So move the downloaded apache-maven-2.0.11-bin.tar.gz to /usr/local/ path using mv command or a short way can be use the wget command told before after going to the /usr/local/ path. Any way no issues..

> mv apache-maven-2.0.11-bin.tar.gz /usr/local

> cd /usr/local

> tar -zxvf apache-maven-2.0.11-bin.tar.gz

This will extract the apache-maven-2.0.11 directory into /usr/local/

3. Create sym link..

> ln -s apache-maven-2.0.11 maven

4. Open ~/.bashrc file with vi ~/.bashrc and add the following lines to the end of the file,

export M2_HOME=/usr/local/apache-maven-2.0.11
export PATH=${M2_HOME}/bin:${PATH}

5. AT last execute the environment changes with the command,    

> . ~/.bashrc

Check the installation with,

> mvn -version

http://key2start.wordpress.com/2011/04/05/maven-on-centos/

Simple sample source code to hash and encode the hashed value using Base4 or HEX

Simple sample source code to hash and encode the hashed value using Base4 or HEX

 import java.io.UnsupportedEncodingException;  
 import java.security.MessageDigest;  
 import java.security.NoSuchAlgorithmException;  
 import org.apache.commons.codec.binary.Base64;  
 import org.apache.commons.codec.binary.Hex;  
 public class TestMessageDigest {  
   /**  
    * @param args  
    */  
   public static void main(String[] args) {  
     TestMessageDigest test = null;  
     String rawPass = "passwordInClearTxt";  
     String encodedPass = null;  
     test = new TestMessageDigest( "SHA-256", true );  
     encodedPass = test.encodePassword( rawPass );  
     System.out.println( encodedPass );  
     test = new TestMessageDigest( "SHA-256", false );  
     encodedPass = test.encodePassword( rawPass );  
     System.out.println( encodedPass );  
     test = new TestMessageDigest( "SHA-512", true );  
     encodedPass = test.encodePassword( rawPass );  
     System.out.println( encodedPass );  
     test = new TestMessageDigest( "SHA-512", false );  
     encodedPass = test.encodePassword( rawPass );  
     System.out.println( encodedPass );  
   }  
   private TestMessageDigest(String algorithm, boolean encodeHashAsBase64) {  
     super( );  
     this.algorithm = algorithm;  
     this.encodeHashAsBase64 = encodeHashAsBase64;  
   }  
   private String algorithm;  
   private boolean encodeHashAsBase64 = false;  
   public String encodePassword(String rawPass) {  
     MessageDigest messageDigest = getMessageDigest( );  
     byte[] digest;  
     try {  
       digest = messageDigest.digest( rawPass.getBytes( "UTF-8" ) );  
     } catch ( UnsupportedEncodingException e ) {  
       throw new IllegalStateException( "UTF-8 not supported!" );  
     }  
     if ( encodeHashAsBase64 ) {  
       return new String( Base64.encodeBase64( digest ) );  
     } else {  
       return new String( Hex.encodeHex( digest ) );  
     }  
   }  
   protected final MessageDigest getMessageDigest()  
       throws IllegalArgumentException {  
     try {  
       return MessageDigest.getInstance( algorithm );  
     } catch ( NoSuchAlgorithmException e ) {  
       throw new IllegalArgumentException( "No such algorithm ["  
           + algorithm + "]" );  
     }  
   }  
 }  

Install M2E in RAD

Install - M2Eclipse 0.10 cannot install 

https://www.ibm.com/developerworks/forums/thread.jspa?threadID=330206&tstart=1&messageID=14558573

Well, don't know the reason... reading the log, it seems it tries to use org.eclipse.zest.core plug-in and it is not found.

Doing some digging, it seems org.eclipse.zest.core is part of Eclipse GEF project: http://wiki.eclipse.org/GEF_Zest_Visualization which doesn't seem to be installed by default as part of Eclipse 3.6 (my installation) nor RAD 8.0 Beta 1.

I checked the Update Site you mentioned, and I didn't see the plug-in too.

I would suggest as workaround, try to connect to Helios Update site (Helios - http://download.eclipse.org/releases/helios)and install Graphical Editing Framework Zest Visualization Toolkit SDK. And then, try to install M2Eclipse plug-ins again...

About, why Equinox p2 within Eclipse 3.6 knows how to manage this dependency and Equinox p2 within RAD 8.0 Beta 1 doesn't... I don't know the answer.

Hope this helps.

URLs and SEO: Various Strategies for URL File Names

http://www.searchenginejournal.com/urls-and-seo/16417/

Quite a long time ago we discussed best practices for URL structure – that old post needs both an update and more details to discuss. So I decided to start a new post summarizing and discussingvarious strategies for URL file naming.

1. Why do we care?

URL is undoubtedly one of the most important aspects that affect both SEO and usability.

It affects:

• Rankings (placing keywords in the file path is one of the most effective ways to make the keywords more prominent);
• Click-through: a “clear”, “readable” URL can be another reinforcement signal for the user to click it;
• Usability: a good “obvious” URL helps the user understand what the page is about even before entering the page.

2. Keywords in the file name

There is no doubt that keywords in the URL matter (so far they even matter a lot). However this doesn’t mean that you need to stuff your URLs with only keywords. The best practices would be:

• Keywords in the file path occur naturally;
• Keywords in the file path help make the URL easier comprehensible and memorable;
• URLs do not consist of only keywords: here’s a good point expressed by Onreact in his post ontop 10 fatal URL design mistakes:
  
  

  Recently bloggers tend to shorten their URLs in as much as their posting becomes totally boring. I won’t click /2008/06/27/google if I see only the URLs (like, say, in an email) but I will click google-files-for-bankrupcy

3. Word separators

While Google has become much smarter when it comes to identifying separate words in the file path, a dash is still considered the best choice:

Word separator	Disadvantages	Example
Space	URL encoded as %20 (makes the URL not easy to read). This may also prevent from sharing the URL in some social bookmarking services.	/word1%20word2
&	URL encoded as %26 (makes the URL not easy to read). This may also prevent from sharing the URL in some social bookmarking services.	/word1%26word2
Comma (,) or period (.)	Abused by spammers	/word1.word2 OR /word1,word2
Underscore	Traditionally it isn’t seen by search engines as a word separator (this is slowly changing now)	/word1_word2
Hyphen	NONE	/word1-word2

4. URL length

While it is still considered the best practice to stick to shorter URLs, the factor is becoming less and less important:

• Usability: Very few people manually type a URL in the address bar. They either use bookmarks or search history (e.g. FireFox / Chrome smart address bar that shows URLs while you start typing the title of the page) or just use Google to find the page again;
• SEO: Google can handle very long URLs (though it is still rumored that it prefers short URLs, I personally don’t see any big difference);
• Click-through: Google now breaks long URL in SERPs smartly: it only shows the parts which use the search term or even substitutes the URL with breadcrumbs.

5. Case sensitivity

We have discussed this before: URLs are case sensitive. That being said, if you have two versions of the URL live and linked to (which is only possible if your site is on Windows server), this means that both lower- and higher-case URL versions return 200 OK status when queried. This will cause some duplicate content issues but Google will most likely be able to figure that out (by choosing one of them). What’s more important is that you are wasting plenty of link juice spreading it between the two versions.

It is recommended to always choose lowercase pattern (just because there will always be people who will link to a more traditional, plain-text version) and to use 301 status code to redirect all other (capitalized, upper-case, etc) versions to the lowercase one.

6. URL Extensions

We’ve discussed URL extensions previously and come to the conclusion that it doesn’t matter too much if an URL have one or not. There are some pros and cons (listed below) but these are rather minor arguments:

Argument for using an extension: intuitive browsing: seeing an .htlm people may understand that is a page with content, seeing / people may assume that’s a folder. Although there is no direct impact on rankings, an URL extension makes it clear both to a user and a search bot whether this is a page or subdirectory.

Arguments against using an extension:

• Reduce the overall URL length, which is just better overall. Not that the 4/5 characters that are in the .html or .php really add a lot, but sometimes small things can make a difference.
• No problems with any technology changes (moving to anew CMS, etc): no need to redirect the old URLs to the new ones.