Here are a few Linux applications that I like that you won’t find in your distribution’s repository:
First you will need a server certificate. There are a couple of ways to get one. The certificate format is x509. Thats all good, however the choice you need to make is what type of keystore (container) you wish to store the certificate AND key. You basically have two choices: JKS or PKCS12
If you choose a JKS keystore, then the easiest thing to do is to create your own key using the keytool. So, to create a JKS keystore from scratch, issue these two commands:
keytool -genkey -keyalg RSA -alias tomcat -keystore my_keystore
This will create the “my_keystore” container, and store within it a self generated key with the alias “tomcat” and you will be good to go after you edit server.xml and web.xml (see below).
FYI if you ever need to delete the certificate, you can do it with this command:
keytool -delete -alias tomcat -keystore my_keystore
Now, lets say you don’t want to use the keytool generated certificate, but you would rather use one from a certificate authority such as CAcert. After deleting the keytool generated certificate, you will want to import your key that we created from cacert.org:
keytool -import -v -trustcacerts -alias cacert -file server.crt -keystore my_keystore
When it comes time to update the cacert certificate, delete first delete the old one from the keystore:
keytool -delete -alias cacert -keystore my_keystore
…and then import the new one as before, Finally, to list the keys in the keystore, issue the following command:
keytool -list -keystore my_keystore
THERE IS JUST ONE PROBLEM. The keytool utility has no facility for simply importing a key! Amazing.
So now what do you do? Well, the easiest solution is to just use a PCKS12 keystore, but you’ll have to tell Tomcat its PCKS12 as Tomcat defaults to JKS. So here is the command:
openssl pkcs12 -export -in server.crt -inkey server.key -out my_cert.p12 -name tomcat -CAfile cacert/root.crt -caname root -chain
1 2 3 4
In server.xml find the section with the comment “Define a SSL HTTP/1.1 Connector on port 8443” and define the following (around line 90):
1 2 3 4 5
Next if you want to enable UTF-8 responses, make sure the URIEncoding is properly set (around line 75):
1 2 3 4
Next, to force re-direction of all HTTP traffic to HTTP/S, you will need to add a security-restraint element at the bottom of the web.xml file. This will be just below the welcome-file-list element and right above the web-app element. The very bottom of your web.xml file should look like this:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Need a new certificate for your Apache or Nginx web server? These are the steps you’re looking for.
First you’ll need a certificate signing request (CSR). To get that you’ll first need a key.
During creation of the CSR you will be asked a few questions. You can ignore “Organizational Unit Name”. One you definitely cannot ignore is Common Name. That is your domain, so when asked for common name enter your domain (eg: mydomain.com). You will be asked for “A Challenge Password”. Leave this one blank unless you will be there to type in the password when your web server starts up. In most cases, you won’t be so leave it blank.
Now go to your certificate authority such as CACerts.org. When you generate a new certificate, it will ask you for the CSR. Just cut & paste it into the text area when asked. With that you will be given a new certificate. Place your new certificate and key into the appropriate web server directory. Be sure to give the key 600 permissions, and the key’s group and owner should be the same as the web server. The certificate should have 644 permissions.
To upgrade your Linux Mint distribution from the commandline, perform the following steps. In this case, we’ll be upgrading 17.1 (Rebecca) to 17.2 (Rafaela):
1 2 3 4
This is a simple reference posting about all things Windows 10.
You can freely download Windows 10 here:
If you wish to upgrade using a USB or DVD drive:
There are privacy concerns about Windows 10:
Free antispy tools for Windows 10:
This is a list of Microsoft update KB numbers to uninstall based on the articles listed above:
|OS Versions||KB Number||Description||To Uninstall|
|7||2670838||unknown purpose – can break AERO functionality||wusa /uninstall /kb:2670838|
|7||2977759||System scanner||wusa /uninstall /kb:2977759|
|7||3035583||Get Windows 10 nagware program GWX||wusa /uninstall /kb:3035583|
|7||3083710||Update client, unknown purpose||wusa /uninstall /kb:3083710|
|8||2976978||unknown purpose||wusa /uninstall /kb:2976978|
|7, 8.1||2505438||unknown purpose||wusa /uninstall /kb:2505438|
|7, 8.1||2952664||Microsoft snooping patch – triggers telemetry runs||wusa /uninstall /kb:2952664|
|7, 8.1||3021917||unknown purpose||wusa /uninstall /kb:3021917|
|7, 8.1||3022345||Diagnostics and Telemetry tracking service||wusa /uninstall /kb:3022345|
|7, 8.1||3035583||unknown purpose||wusa /uninstall /kb:3035583|
|7, 8.1||3068708||Diagnostics and Telemetry tracking service||wusa /uninstall /kb:3068708|
|7, 8.1||3075249||Diagnostics and Telemetry tracking service||wusa /uninstall /kb:3075249|
|7, 8.1||3080149||Diagnostics and Telemetry tracking service||wusa /uninstall /kb:3080149|
|8.1||2976978||System scanner||wusa /uninstall /kb:2976978|
|8.1||3083711||Update client, unknown purpose||wusa /uninstall /kb:3083711|
A blast from the past:
The next financial crisis worn’t be known for its bank bail-outs, but will be known for its bail-ins. You may be asking, um wut’s a bail-in? A bail-in is when the bank can (and will) take your money from you. Its all legal stealing. Read on..
Here are a few of links about Bail-Ins.
So who holds the derivatives now?
What are the troubled banks?
The Texas ratio gives you an idea of the health of a financial institution.
Beats me why anyone thinks the government can regulate the internet any better than anything else. What we need is to keep the internet free and open. Private industry should be in control of it.
I like what Milton Friedman had to say about government regulation: “If you put the federal government in charge of the Sahara Desert, in 5 years there’d be a shortage of sand.”
I am an eMusic subscriber, but I also run Linux Mint 17.1 as my primary desktop operating system. You may be surprised to learn that eMusic actually does have a Linux version of their download manager available, but they have made it darn near impossible to find it and have no instructions how to use it. If you’re looking for this information, then here it is:
First you’ll need the eMusic download manager. You only need one of these:
- 32 bit: http://www.emusic.com/apps/dlm/emusic-dlm-linux32-6.0.3.tar.bz2
- 64 bit: http://www.emusic.com/apps/dlm/emusic-dlm-linux64-6.0.3.tar.bz2
Open the file with something like Archive Manager. This will extract the emusic-dlm executable. There is no installer or package. Simply extract it and put it into a folder of your choosing. Mine is in $HOME/emusic
Next, you’ll need to download and set a cookie so your browser will know how to interact with emx files. The emx file is what you’ll download when you download a track or an entire album.
Visit http://www.emusic.com/dlm/install/ to set the cookie
Next, buy a track or album. When the “Your Music Is Now Downloading” screen appears, the browser will prompt a download for “0.emx”. When you open it, the OS should prompt you to choose an application to handle it… choose the emusic-dlm executable you extracted earlier. It should start downloading immediately.
Alternate instructions in case you didn’t find the preceding paragraph useful: After downloading the emx file with your browser, right click on it and choose “Open With…” and then choose “Open with another application”. A new window will pop up. At the bottom you’ll see “use a custom command”. Choose that then click the “Browse”. Find the emusic-dlm app and choose that. Your music should begin downloading right away.
It is possible that a good person can be a problem client. As a freelancer it is important that you know how to spot these characters or they can end up costing you money.
I found this video on YouTube. It is a good reference on how identify these clients and how to (and when not to) deal with them. I am of the opinion that in most cases you’re better off without them.