Thursday, August 30, 2012

The Digital Signature and the X.509/OpenPGP Authentication Models

This article explains what is a Digital Signature, why it is an important part of the Digital Identity, and how it works. Then it describes the authenticity and social problems related to the usage of the Digital Signature. It explains as well the two authentication models, X.509 and OpenPGP, that can be used to solve these authenticity problems. Finally it makes a comparison between these two authentication models and their features and tries to explain why the OpenPGP model is better.

Virtual Machines on a CentOS Host


A powerful rack server can be used as a host for installing lots of virtual machines, and it can be used as a data storage as well. This article will describe how to use such a server, installed with CentOS, as a host for virtual machines.

Tuesday, August 28, 2012

B-Translator as a Software Engineering Project


The project B-Translator will be presented, trying to illustrate through it some software development/engineering concepts and practices (how they are actually applied in this project).

Thursday, August 23, 2012

How to Secure a Ubuntu Server

Recently I purchased a virtual ubuntu server on rackspace. However I have to manage it myself, and this includes first of all taking care for its security. Securing it is very important and is the first thing to be done, since all the rackspace servers have public IP-s and so are open to all the possible attacks from the Internet. Here I will describe some of the steps that can be done to secure the server.

Wednesday, August 22, 2012

Improving the Performance of a VM by Using a Real Disk Partition

I have used zentyal as a gateway server, and it is actually running on a virtual machine. An important component of it is squid, which is supposed to improve the efficiency of the network connection by saving in cache the web pages that have been already visited, and fetching them from the cache when they are re-visited.
This is an operation that makes intesive usage of the disk, and virtual disks (used on virtual machines) are not particularly efficient for it. However, a virtual machine can also use a real partition, so the efficience of squid can be improved by attaching a real partition to the virtual machine and using it for the cache.

Monday, August 20, 2012

Virtual Machine Management on Ubuntu

Installing virtual machines on a ubuntu server, managing them from a ubuntu desktop, and some other tips.

Sunday, August 19, 2012

Thursday, August 9, 2012

How to Create a Local Ubuntu Repository


We have about 40 computers installed with Edubuntu, and more than a dozen of servers (most of them running on virtual machines). They all need to be updated time after time with the latest version of packages. Also, time after time, new packages need to be installed. These packages come from some central Ubuntu Repository servers.
All this activity for keeping computers up-to-date (up to the latest version) consumes lots of bandwidth and takes a lot of time. And there are new package updates almost every day! For one computer this can be acceptable, however for lots of computers it may become unbearable.
One solution for this problem is to create a local mirror of the ubuntu repository.

Computer LAB Management

We have two labs with 16 computers each. In each computer we have installed the latest version of Edubuntu (Linux) with almost the same configuration (partitions, installed packages, etc.). It is a bit of hard work to manage all of them one by one, so we have tried to find workarounds to manage all of them at once. There are different ways and solutions to accomplish this in Linux, but we have adopted a simple and practical one, suitable for our case.

Multiple Webservers Behind NAT

The problem is that we have got from the ISP a single public IP, and we need to host our own public webservers (more than one) in our LAN. How to do this?
The first thing to be done is to use port forwarding (also called Destination NAT or DNAT) to forward the tcp ports 80 and 443 from the gateway (MikroTik in out case) to an internal webserver on our LAN. Then we could use the name-based virtual hosting of apache2 to host several domains/subdomains on the same webserver and everything would be fine.
However the issue is a little bit more complicated than this, because sometimes it is not possible (or suitable, or convenient) to host two different websites on the same server. For example our website is built on Joomla, and it has some modules that do not work well with the latest version of PHP (5.3), and it depends on PHP-5.2. Also, sometimes it can be suitable/convenient to use appliancies from TurnKey Linux (http://www.turnkeylinux.org/), for easy installation and maintenance, but they need to have their own server. What to do in this case?
In this case, the Reverse Proxy module of apache2 comes to rescue. The idea is that the main webserver forwards the http requests to the other webservers, behaving like a kind of http gateway or hub.