How to secure yourself with GPG

Generate your key


  1. Run following command in your shell,
  2. Now program will ask you to choose couple of options, use following preferences
  3.  Please select what kind of key you want: 1    RSA and RSA (default)
  4.  What keysize do you want? (2048) 4096
  5.  Key is valid for? (0) 0
  6. Is this correct? (y/N) y
  7. Now enter name, email and comment message.
  8. Change (N)ame, (C)omment, (E)-mail or (O)kay/(Q)uit? o
  9. Finally, enter a passphrase to protect your secret key.

Edit your key


We can later edit key to use other options.
e.g Lets set our key to use stronger hashes.

  1. Edit key using following command,
  2. Now set hash preferences as follows,
  3.  Really update the preferences? (y/N) y
  4. Enter your passphrase
  5. Save new preferences by command,

Make available your key


There are 2 ways to make available your key to other users.

  1. Give them manually. Use following command,

    You will get your public key. Copy and paste it and send to other user.
  2. Upload to key server. You can do this again using 2 ways. One is using, forms available on server. While for second way, first grab your id using following command’s output & then upload to keyservers like http://pgp.mit.edu/

 

Importing other keys


  1. Import other user’s keys. We can import keys of other users with multiple ways. From text file – If someone sends you text file containing his public key, import it as,

    From key server – There are some popular key serves which host public keys.
    One of such server is http://pgp.mit.edu. Here you can search particular user’s key as follows,
  2. Validate key. The easy way to validate person’s identification is match fingerprint of key.
  3. Sign imported key as,
  4. Optionally you can send back signed key

Using gpg key


  • To encrypt message using your key use following command,
  • To decrypt file,

    Creating revocation certificate

There is always possibility that your master key-pair may get lost. (and may be stolen if you are unfortunate). If this happen, you must tell other people to not use your public key. This can be done using revocation certificate. Generate revocation certificate using following command,

Store it safe somewhere separately from master key-pair

Some useful commands


  • List available keys,
  • Update key information,

     

 

 

Coloring shell output

Using coloring, we can enhance output of shell script. Run following script in your terminal and see magic.

 

10 MySQL best practices

When we design database schema it’s recommended to follow the beast practices to use memory in optimal way and to gain performance. Following are 10 MySQL best practices

Always try to avoid redundancy

We can say database schema designed is the best one if it is having no redundancy. If you want to avoid redundancy in your schema, normalize it after you design.

Normalize tables

Database normalization is the process of  organizing columns and tables in relational database to avoid redundancy. Find more about normalization here

Use (unique) indexes on foreign key columns

We use foreign keys for data integrity and to represent relation. Some times these are result of process called normalization. When tables are mutually related obviously we can’t query  the data without using joins

Avoid using varchar for fixed width column instead use char

Choose the right one CHAR vs VARCHAR. CHAR(15) will just allocate the space for 15 characters but VARCHAR(15) will allocate the space only required by number of characters you store.

Always use explain  to investigate your queries and learn about how mysql is using indexes

EXPLAIN  statement is very handy in mysql. I’m sure it will spin your head. This statement will give you analyzed report. Where you can use it to improve your queries and schema. It works on both select and update. If you try it on update queries it will that query as select and will give you the report.

Use right data type

Choosing right data type for you column will help you to get rid of many bottle necks. MySQL query optimizer will choose the indexes based on data type you used in query and column datatype. There are many MySQL datatype.

Use ENUM if required  

ENUM is one datatype that mysql supports. By using this you can save lot of memory if you have predefined and predictable values in your database column.

Don’t use too many indexes, it will slow down the inserts and updates. Only use the indexes on selected column

As you know indexes will help you query data much faster than expected. It’s very tempting to you indexes on unintended columns. Choosing index on every column or unnecessary columns will get you slow inserts and updates. You need to think of indexes as seperate table. Where MySQL needs to create a index for every insert in seperate table/file. It’s extra overhead.

Tune  mysql default parameters

MySQL comes with default parameters. These parameters are not suitable if you want use mysql on dedicated machine or production. You have to tune these parameters. Formally we call them as system variables.

 Always create an account with associated hosts instead of wildcard %

MySQL manages the user with associated hosts. i.e, the user  root@localhost can’t login to mysql from everywhere except localhost. but root@% can login from every where. Using only associated hosts will mitigate many attacks those are in your blind spot.

 

How to implement Websocket server using Twisted.

HTTP is a request-response type one way protocol. For the web application where continuous data is to be send, websocket was introduced. Unlike HTTP, websocket provides full duplex communication. Websocket, which can be said as an upgraded version of HTTP, is standardized to be used over TCP like HTTP. In this article I will share my experience in implementing websocket with twisted, a framework of python for internet. If you are familiar with websocket, then you can skip to twisted.web or else below is a little introduction to websocket.

WebSocket

To initiate communication using websocket, a Handshake need to be done between client and server. This procedure is backward compatible to HTTP’s request – response structure. First the client sends a handshake request to the server which looks like:

Sending Upgrade header in request with value websocket will acknowledge server about websocket communication. Now if server supports websocket with specified sub-protocols (Sec-WebSocket-Protocol) and version (Sec-WebSocket-Version), it will send adequate response . Possible response could be:

In response, server will send 101 Switching Protocols code and Sec-WebSocket-Accept whose value is calculated using Sec-WebSocket-Key. you can find more information here. After a successful handshake, any of the peer can send data to each other which must be encoded in binary format described in websocket RFC. A high-level overview of the framing is given in the following figure.

Twisted.web

websocket using twisted wire diagramAs in normal twisted.web server , at TCP level, we have HTTPChannel class (a child class of T.I.protocol.Protocol) and server.Site class (which is the child class of T.I.protocol.ServerFactory). Also a Resource instance needs to be passed to server.site class, so that it can serve GET request.

Whenever a data is received, DataReceived method of HTTPChannel is invoked. Now if data starts with ‘GET’, allow the HTTPChannel handle it, which will invoke the render function of the root resource provided to Site class. Render will set 101 response code and will compute the websocket response key. During handshake do not send any raw data, because if handshake is successful this will be considered as framed binary data. Even if you want to send, frame it and send.

If data doesn’t start with ‘GET’, that means we can assume it is a binary encoded message. Now this message can be decoded using Frame.py, which is a very simple data framing module following WebSocket specification. Data send to the client by server should be unmasked as per the websocket specification.

Below is code example of an echo websocket server.

 


How to install Asterisk on CentOS

In this installment of our How To, we are going to go over on the topic of how to install Asterisk on CentOS. For this we are going to use Asterisk 13 and CentOS 7 minimal version. But, instructions will mostly be similar to other versions of Asterisk and CentOS.

As a first step you need to download latest asterisk on to your machine. For this you need wget tool. As we are using minimal flavor of CentOS even wget tool is not available on fresh install. Run the following command to install wget.

Once, wget is installed successfully, run the following command to download asterisk.

Extract downloaded asterisk tar ball

Install the following dependencies

Once, all the above dependencies are installed. You can now run the following command to enable or disable modules of your choice.

After you are done with the menuselect screen, run the following command to compile and install asterisk

That’s it now you have asterisk installed successfully on your you machine. Run, the following command to start asterisk

Now, you should see asterisk console saying “Asterisk Ready”. Instead, if you encounter the following error

Don’t worry, just run the following command and start asterisk again after that.

 

How to install Asterisk 13 on Debian 8

In this post we are going to go over on how to install Asterisk 13 on Debian 8 from source. It’s pretty straight forward. Most of the commands shown below needs to be executed with root privileges. So, it’s better to login on console with root user account

First download latest Asterisk 13 version from Asterisk’s web site.

Extract downloaded tar ball

gcc comes installed on Debian 8. You need to install remaining dependencies using following commands

Once all the dependencies are installed. Run the following command

This is exit successfully without any errors. If there are any error like missing packages, you need to install them via apt-get. Before you compile Asterisk you have opportunity to enable or disable modules that you like by running following command

That command will bring up a console application as shown below, where you can navigate around using arrow keys of your keyboard and choose to enable or disable modules of your choice.

make-menuselect

Some of the modules in there depend on external packages. You need to install those dependencies in order enable those particular modules.

Now it’s time for compiling asterisk. Run the following command on console.

Once the above command runs with out error, you need to run the following command to install asterisk in system directories.

That’s it now you have asterisk installed on your machine. The following command should bring up asterisk console as shown below

asterisk-ready

Like it says Asterisk is now ready!