I’ve been recently searching on a way to convert a RIFF86 AVI file into a decent DivX / Xvid format on my MacBook, and I though it would be cool to share my technic for all of you who wants an easy and free way to convert your movie into DivX or Xvid format.

1) Get MacPorts

1st of all, you will need to get working MacPorts / Darwin Ports on your mac.
Feel free to have a look about what it MacPorts is on this page.

2) Install MPlayer

What is MPlayer?

MPlayer is a free open-source multimedia player who is able to read a large number of format on a large number of operating system.

How to install on a Mac ?

In a terminal on your mac, run this command:

me@BidouBook:~# sudo port install mplayer +x264 +xvid

Once it is installed, you can start to convert your files using “mencoder” command.

Check your available video codec by running:

me@BidouBook:~# mencoder -ovc help

Check your available audio codec by running:

me@BidouBook:~# mencoder -oac help

The syntax works like this:

me@BidouBook:~# mencoder <filename.avi> -ovc xvid -oac mp3lame -xvidencopts bitrate=768 -o <output.avi>

Simply replace “<filename.avi>” by your input AVI file, and <output.avi> with an output filename and you are done!

Happy converting!

I faced recently lots of trouble while setting up a Debian box with exim.

Obviously, the documentation was outdated or incomplete on some aspect, and I lost so many time searching “WTF my exim4 is not making AUTH PLAIN, AUTH LOGIN and/or AUTH CRAM-MD5″ that I though it would be good to share the solution with you guys.

I know some of you would say “Damn dude, this is insecure to do it!” and you are right (except perhaps for CRAM-MD5 which add little more complexity than LOGIN), but anyway, here is a 1st shot on “how to make it work simple” before you finally set SSL on it.

Also, some people might use port with authentication, because their lossy client / provider don’t support SSL. (This is probably the case with some mobile phone… I believe)

Ok let’s begin:

1) Installing the correct package

apt-get install exim4 exim4-config

This command should install exim4 on your setup.

During installation, you should be asked a few questions about the mail server you wanna set.

I choose “Internet site; mail is sent and received directly using SMTP” and I choose “NO” when asking “Split configuration into small files?”

NOTE: if you are not sure about your current exim install, you can reconfigure it by running “dpkg-reconfigure exim4″

2) Edit exim4.conf.template

Yes, that’s right, you need to change a few thing within this file to make it work.

Find the line where it is written “plain_server” and uncomment the block

plain_server:
  driver = plaintext
  public_name = PLAIN
  server_condition = “${if crypteq{$auth3}{${extract{1}{:}{${lookup{$auth2}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}”
  server_set_id = $auth2
  server_prompts = :
  .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
  server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
  .endif

Repeat that operation for “login_server” and “cram_md5_server” to enable both “AUTH LOGIN” and “AUTH CRAM-MD5″

2) Create a login and password list

The most easy way to do it is probably to run the script: /usr/share/doc/exim4/examples/exim-adduser
This script will create the file /etc/exim4/passwd, storing both “PLAIN” and “MD5″ password.

Make sure you set the correct permission on that file:

chown root:Debian-exim /etc/exim4/passwd
chmod 600 /etc/exim4/passwd

3) Run update-exim4.conf

Run update-exim4.conf and restart exim agent.

4) Test to see if it works

A simple telnet on port 25 can help you check if the AUTH mode is working.
root@localhost:~# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 localhost ESMTP Exim 4.69 Tue, 23 Nov 2010 02:22:22 +0100
ehlo smtp
250-localhost Hello localhost [127.0.0.1]
250-AUTH=LOGIN CRAM-MD5 PLAIN
250-AUTH LOGIN CRAM-MD5 PLAIN
250-STARTTLS
250-PIPELINING
250 8BITMIME

If you see that 250-AUTH LOGIN CRAM-MD5 PLAIN
Then yes, it it working!

5) What if something goes wrong ?

You can always check in the logs to see if something went wrong, see the file /var/log/exim4/mainlog

Enjoy

It’s also true that linux offer a high level of security, because most of the source codes are open (means everyone have access to it) but also because most linux distro check and provide solution for all kind of security flaws in their product.

But anyway, if you are paranoid and you want to make sure your system have not been hacked, there is a little tool you should install and use frequently to make sure no one else than you uses your linux.

Your server doesn’t need to be hacked to protect and use this software.

That tools call “rkhunter” for “Rootkit Hunter”.

1) What is a rootkit ?

A rootkit is a software that enables continued privileged access to a computer, while actively hiding its presence from administrators by subverting standard operating system functionality or other applications.

2) What is a rkhunter ?

rkhunter (Rootkit Hunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits.

In another word, rootkit hunter helps you find rootkit on your system.

3) Howto setup rkhunter ?

I think the most easy way to install rkhunter is to use your package manager to have it (apt-get install rkhunter or yum install rkhunter). But you can also download the source from http://rkhunter.sourceforge.net/

Once rkhunter is installed, there are a few things to do to make it works better:

• rkhunter --update (Runs virus db update)

• rkhunter --check (Check for existing rootkit on the system)

• rkhunter --propupd (To create db of various file on your system)

That’s all !!

One last thing you need to know, if for some reason, rkhunter show you “red value” or “not ok sign”, then yes, you have a problem!

PS: for some reason, rkhunter doesn’t work pretty well with MacOS X. Too bad

Today, I’ll talk a bit about HTML5, and what are the main tags that have changed.

Ready for the next ?

After reading the fantastic book “HTML5, up and running” published by O’Reilly, I wanted to share a few infos that I found in it to introduce people in the world of HTML5.

Semantic Tags

I believe the main difference between HTML5 and older versions are optimizations based on semantic, and not on about data presentation. If you don’t know what’s semantic, I suggest you have a look at wikipedia’s article about the subject here.

Let’s see that in a simple example, using the old and the new HTML tags for displaying a web page holding a list of articles.

Imagine a classic page:

+ Main Page Title
+
+-- Sub Title
+---- Article's content
+
+-- Sub Title
+---- Article's content

Etc…

In an old HTML way, you would have done something like this

<H1> Main Page Title </H1>

<DIV class="article">
 <H2> Sub Title </H2>
 <DIV class="content"> Article's content </DIV>
</DIV>
<DIV class="article">
 <H2> Sub Title </H2>
 <DIV class="content"> Article's content </DIV>
</DIV>

The problem is, class=”article” and class=”content” have no sense to search engine (and people), and is only used here to display information (Eg, with a big font, or colored character, etc…)

For the search engine, they are just part of text.

But, would it be better if search engine understand what type of text it is? (title / content / etc…?)
HTML5 introduce new tags such as <article>, <header> and <time>.

Those 3 tags will really help search engine understand the text found on the page and how they are structured.

This is what you would to display the entry, using HTML5:

<article>
 <header>
  <h1> Sub Title Goes here </h1>
  <time datetime="2010-11-06" pubdate> October 6, 2010 </time>
 </header>
 <p> Article's content </p>
</article>

As you can see, I used <H1> tag to place the title, and yes, it’s no more a problem to have more than one <H1> on your page to display a structured heading tree.

Also the <time> here is a new tag that pretty help search engine knowing when the article has been published. There are also other format that you can use, including some with GMT, which could help people and search engine knowing exactly when the article was published.

They are all packed into a <header> tag (which by the way, have nothing to do with HTML <head> tag). This help search engine understand those info are not part of the article’s content, and should be treated differently.

Video and Audio

Another thing that comes with HTML5 are the new tags <video> and <audio>, who should replace <embed> and <object> wars/troubles when having to display such contents…

Form and Inputs

A lot of new input’s type have been created to help browser/developer validatating their forms. Such as type email, number, range, search, etc…

This article is really short, compare to all the things that have changed with HTML5. If you want more info on the subject, I really suggest you buy yourself Mark Pilgrim‘s book which gives more details and informations on the subjects and much much more.

Hope you enjoyed this post, and see you soon

Today, I’ll discuss quickly about “how to install open-source software on a mac”.

It’s pretty well known that Apple strategy consist in “controlling and choosing all the software you can install on Apple computer”. And this, because it improve OS stability and reduce amount of crash/virus you can have on a computer.

As many of us, I like to use and install free open-source software, such as “unrar utility” or VLC on my computer, for my own personal use.

I know you would “hey wait a minute, there already plenty of software I can install on my Mac, such as iTunes for watching movies…” and you are right, but anyway, I’ll still show you how you can have more than that by installation mac ports on your mac.

MacPorts project (also know as Darwin Ports Project) offers more than 7000 of open source software, almost out of the box, for all kinds of usage.

Ports system is similar to BSD ports system (for those who already use BSD). It allows your mac to download, compile and install opensource software in a single command line.

It also help upgrading them and keep dependency “up to date” with the latest stable release of all ports.

Ok but enough talking, how can I install it on my mac?

The probably most easy way to do it is to download the DMG package for your OS. (Right now, I’m using MacOS X snow leopard and I think it’s the latest one)

Here is a shortcut to the download page: http://distfiles.macports.org/MacPorts/MacPorts-1.9.1-10.6-SnowLeopard.dmg

NOTE: make sure you have the latest version, by the time you read this post, release 1.9.1 could be “outated”.

Once you download that, the package install pretty much as any other mac dmg package.

Then, everything you want to install have to be installed from the command line (also called “Terminal” on Mac)

Here is a short list of command you might find usefull to begin with:

1. port selfupdate

2. port upgrade outdated

3. port search XXX

4. port install XXX

Selfupdate is used to update ports tree (all open source versions that could be installed on your system)

Upgrade outdated upgrade all “outdated” software, computing dependency, so you always have the latest version of everything you’ve installed on your computer.

Search XXX help searching for a specific program “eg: port search unrar”

Install XXX install the software you’ve chosen

That’s it for today, enjoy

I’ll post today another  benchmark result which compare CakePHP versus CodeIgniter, 2 popular php framework that help coder building their site quickly.

I’m not an expert with PHP framework, since there are so many and they evolute everyday, so I’m not posting here to present another vague comparison on “which framework is the best” and “why to choose one instead of another”…

On this post, I only want to display server’s performance comparison between cake and CI.

The test will create a variable “hello world” in the controller, and then display it in the view (pretty simple), no cache (except APC opcode), blank page with variable to be displayed.

Versions I’ve been using for this test are:

- CakePHP 1.3.3

- CodeIgniter 1.7.2

Server Configuration:

- Macbook (Intel Core2 2,4Ghz / 2Gb RAM)

- PHP 5.3.3 (with APC)

- Apache 2.2.15

Code for this test can be downloaded here:

- cakephp sources

- codeigniter sources

I will use “ab”, Apache Benchmark Tool, using 10 concurent user during 60 seconds. (NOTE: yes, i use ab since Neotys doesn’t want to provide me a NeoLoad licence for free…)

Complete requests:

- CakePHP: 3450 hits

- CI: 32544 hits

Requests per second:

- CakePHP: 57.50 [#/sec]

- CI: 542.37 [#/sec]

longest request

- CakePHP: 897 ms

- CI: 1997 ms

Enjoy

Today, I’ll show you an easy rule to redirect domain.com to www.domain.com to help you prevent your site from duplicate content. I know it has been said thousand of time on other site about it, but I still meet persons/companies that doesn’t properly configure their address…

First of all, this rule only work for apache webserver having the “AllowOverride” set to something else than “none” and having the “mod_rewrite” module enabled.

You may ask to yourself, do I need such a rule for my site? This is how to find out if you do.

1) Call your site using http://domain.com/, see your home (or see 404)

2) Call your site using http://www.domain.com/, see your home

If the page load without any redirect (eg, to change domain.com to www.domain.com), then YES, you need this rule.

If you see, your home on both address, then you might be in duplicate content.

If you see a 404 on one of the 2 pages, then visitors might hate you for forcing them to add “www” to access your site (instead of simply calling domain.com)

Here is the rule to write in the .htaccess file, which should be place at the root folder of your site directory:

 Options +FollowSymlinks
 RewriteEngine On
 RewriteCond %{http_host} ^domain.com [NC]
 RewriteRule ^(.*)$ http://www.domain.com/$1 [R=301,L]

Make sure you replace “domain.com” on the 2 lines above with your own site domain.

Enjoy

Today I’ll talk a bit about page web redirection, also called redirect and how to use them properly to optimize your SEO (Search Engine Optimization)

It exists a lot of manner to redirect someone from a page to another.

Today, we’ll focus on what we call “HTTP Redirect”, based on HTTP header that are sent by the server to browser or search engine.

They are also plenty of way for doing HTTP redirect, but the 2 majors are usually called by their respective code:

• 301 redirect (permanent)
• 302 redirect (temporary)

When to use the 302 redirect and how about the 301 ?

The 302 redirects are in most cases, the default redirects you can find on any website.

Let’s say for example, I want to access on the admin page on this blog. This specific page require my browser to be logged as admin. So I go to the login page, hit my login and password and then, my browser receive a 302 redirect to the admin page and the page display properly because I have all the requirement to see it.

What happen if I call the “admin page” without being log, then in most cases, my browser also get a redirect but this time, to the login page to force me to login and get all the requirements before watching/editing the admin page.

Here is the great use of 302 redirect.

But how about 301 redirect, and why are they use?

It may happen, for various reasons, that you have to change the complete URL of your site.

The problem is: How to deal with search engine like Google that store in their index the old addresses ?

If you change straight away all the URLs on your site, this will generate probably generate lots of 404 error because of the old addresses in search engine index (who does not exists anymore) and you may loose all your site’s reference on Google.

That is exactly the moment to use 301 (alias permanent redirect). Instead of showing a (bad) nice 404 error, why dont you send a 301 redirect to the new address that holds the page?

Benefit for that is that you site’s pages wont loose their page rank on search engine, as well as teaching the search engine “hey dude, the page URL have change now and here is the new address”

I know it has been said a thousand of time in SEO tutorial, but I still see website who make 302 instead of 301. So I hope this article will help people improving their knowledge on the Internet referencing.

See you soon

I found recently in my apache log thousands of “w00tw00t.at.ISC.SANS.DFind” requests coming from all parts of the world.

I’ve been searching for solutions to remove their hits because they consume resources on my servers and they doesn’t help when computing my visitors stats…

1) Apache mod_security

There are many different way to remove those hits, 1st manner that I found was to use “mod_security” with apache and create specific rules on it.

The only problem, it force apache to filter every request and it doesn’t look like (to me) a fast processing for my web server…

(If you have additional benchmark info on it, I’m interested)

2) Fail2Ban

Fail2Ban is a tool that watch your log periodically and create iptables rules to deny evil users connecting to your site.

The only problem with it, it bans the ip AFTER the woot.woot request was make.

3) Iptables

Iptables is a linux netfilter module that helps administrator creating software firewall.

It’s probably the most advanced firewall module of all times!

I found recently a parameter that allow filtering requests by checking / reading the packet’s content.

In our “w00tw00t.at.ISC.SANS.DFind” case, we want to make sure those request never succeed on our apache webserver.

Here is the command that I use to disallow them:

root@server:~# iptables -I INPUT -p tcp --dport 80 -m string --to 70 --algo bm --string 'GET /w00tw00t.at.ISC.SANS.' -j DROP

Basically, it will get 70 bytes of the packet and check that it doesn’t contain the HTTP request “GET /w00tw00t.at.ISC.SANS.”

The following command will display statistic on our iptables rules, so you can check that they are working properly.

root@server:~# iptables -L INPUT -nvx
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts      bytes target     prot opt in     out     source               destination
 82     8249 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 STRING match "GET /w00tw00t.at.ISC.SANS." ALGO name bm TO 70

Enjoy !

Today I’ll talk about Firefox and various plug in you can install to customize or debug your website

It became popular now-day to  have a website (eg, my personal blog).

But what happen when something doesn’t work or doesn’t look like you would want? You have to determine what is wrong and how to solve it.

I’m using Firefox web browser to make those tasks because it has thousands of free plug in which help developer creating and debugging their site.

1. Firebug
2. Web developer

1) Firebug

The 1st plug in you need to install is called firebug. Firebug is a free debugging tools that allows you to change your CSS / HTML on the fly (without having to modify your page). You can also inspect specific elements (such as div, and their current CSS properties) and debug Javascript.

2) Web developer

The 2nd plug in you could install is Web developer. Web developer allows you  to disable specific aspect of your current navigation, like cookies or javascript, as well as seeing cookie values. When dealing with SEO and security, it’s quite important having control on those aspect and being sure everything works as it should be. Web developer also show CSS / Javascript errors and make W3C validation on your page.

Hope you enjoyed this post !