Posted on Jun 5th, 2009 At 1:39 am by baldo
Many people have been wondering how to make a "Scrolling Menu" or animated menu (like in the categories section on my web log). Here are a couple of JQuery code samples to achieve that fancy behaviour.
1 $(document).ready( 2 function(){ 3 $(window).scroll(function(){ 4 $('.sidebar').stop(); 5 var scroll = $(window).scrollTop(); 6 var menuPosition = 0; 7 if (scroll > 370) 8 menuPosition = scroll - 210; 9 else 10 menuPosition = 0; 11 $('.sidebar').animate({top: menuPosition},'fast'); 12 }); 13 } 14 );
Since the above code snippet consumes a lot of CPU resources, in the following optimization the menu animates on the window's "mouseup" event instead of every time you scroll the window.
1 $(document).ready( 2 function(){ 3 var scroll = $(window).scrollTop(); 4 var menuPosition; 5 /* 6 if the user clicks a link to other page 7 and then go back, the menu must be setted to 8 its current position. 9 */ 10 if (scroll > 370){ 11 menuPosition = scroll - 210; 12 $('.sidebar').animate({top: menuPosition},'slow'); 13 } 14 15 $(window).scroll(function(){ 16 $('.sidebar').stop(); 17 scroll = $(window).scrollTop(); 18 if (scroll > 370) 19 menuPosition = scroll - 210; 20 else 21 menuPosition = 0; 22 }); 23 24 $('body').mouseenter(function(){ 25 $('.sidebar').animate({top: menuPosition},'slow'); 26 }).click(function(){ 27 $('.sidebar').animate({top: menuPosition},'slow'); 28 }); 29 $(window).mouseup(function(){ 30 $('.sidebar').animate({top: menuPosition},'slow'); 31 }); 32 } 33 );
Another events must be fired to achieve the same behavior on IE or devices like a mouse with scrolling button, touchpad, etc.. For example, on IE when the user hold the scroll bar and moves up/down, the menu must be animated when the "mouseenter" event of the page's body is fired. On a mouse with scrolling button the same behavior can be reached on the "click" event of the page's body.
Category: JQuery
Posted on May 23rd, 2009 At 4:19 am by baldo
The goal to accomplish is to share files stored in a Virtual Private Server(VPS) among clients connected to a Virtual Private Network(VPN), all this in a secure fashion over a public internet.
This configuration is called "Road-Warrior" or Host to Net, for best understanding of what is this all about, take a look at the following picture.
There are commercial and Open Source tools to set up Virtual Private Networks, the popular ones are IPSec and OpenVPN. For this post I use OpenVPN 2.0.
One of the highlights of OpenVPN is that it runs on user space, this means that if OpenVPN's security is compromised it won't affect the whole system or low level processes. Another highlight is that it is relatively easy to configure, actually you can have a basic VPN up and running in just a few minutes.
On the other hand is IPSec, honestly I have not work with it yet, but according to my search it is very difficult to configure and it has a very insecure design because it runs on kernel level, to be more specific at ring 0.
Take a look at what its creators said about it:
We are of two minds about IPSec. On the one hand, IPSec is far better than any IP security protocol that has come before: Microsoft PPTP, L2TP, etc. On the other hand, we do not believe that it will ever result in a secure operational system. It is far too complex, and the complexity has lead to a large number of ambiguities, contradictions, inefficiencies, and weaknesses. We strongly discourage the use of IPSec in its current form for protection of any kind of valuable information, and hope that future iterations of the design will be improved. However, we even more strongly discourage any current alternatives, and recommend IPSec when the alternative is an insecure network. Such are the realities of the world.
— Ferguson and B. Schneier.
Well, let's get our hands dirty!
Basically the tools you need are:
* VPS with a GNU/Linux system (I'm using a XEN VPS with a GNU/Linux Debian OS) * A set of tools to set up VPNs(OpenVPN 2.0) * SAMBA server to share files * Obvious stuff like client machines, internet, electricity, etc.
Note: I assume you already have OpenVPN and dependencies installed on both server and client machines, please refer to the documentation of your favorite GNU/Linux distribution to install these packages.
Dependencies:
* openssl * lzo * pam
Setting up Public Key Infrastructure (PKI)
Step 1:
Create Master Certificate Authority (CA) and key
Copy the preconfigured examples to the /etc/openvpn directory
# cp -r /usr/share/doc/openvpn/examples/easy-rsa/ /etc/openvpn
Edit the vars file by setting your own parameters(KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, KEY_EMAIL).
# cd /etc/openvpn/easy-rsa/2.0/ # vi vars . .
Then initialize the PKI.
# . ./vars # ./clean-all # ./build-ca
Enter your Common Name parameter(in my case "OpenVPN-mg-tech").
Note: you can leave most parameters as default.
Step 2:
Create Certificate and Key for Server
# ./build-key-server server
Enter "server" as Common Name parameter and answer "yes" to the last two queries.
Step 3:
Create Certificate and Key for client1
Note: Repeat these steps for each client you want to add to the VPN.
# ./build-key client1
Enter "client1" as Common Name parameter.
Step 4:
Diffie Hellman parameters
# ./build-dh
For more information on Diffie-Hellman refer to the RSA Laboratories.
Up to now you must have all keys and certificates in the "keys" subdirectory. In order to configure your clients you need to copy the generated files to the client machines, in my case these are:
* ca.crt * client1.crt * client1.key
Note: Ensure to copy these files over a secure channel like ssh.
Server and Client configuration.
For the configuration I want to accomplish I need a routed VPN. I use tun0 virtual interface to handle traffic among clients and server over UDP protocol.
Server configuration (/etc/openvpn/server.conf)
port 1194 proto udp dev tun persist-tun ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt cert /etc/openvpn/easy-rsa/2.0/keys/server.crt key /etc/openvpn/easy-rsa/2.0/keys/server.key dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem server 10.8.0.0 255.255.255.0 # server ip will be 10.8.0.1 ifconfig-pool-persist ipp.txt client-to-client # i want clients can reach each other. keepalive 10 120 comp-lzo user nobody group nogroup persist-key persist-tun status openvpn-status.log verb 4
Client configuration (/etc/openvpn/client.conf)
This configuration is for a GNU/Linux client and it is placed on the client machine.
client proto udp dev tun persist-tun ca ca.crt cert client1.crt key client1.key remote 67.23.12.223 1194 # IP of the VPS server and OpenVPN port resolv-retry infinite nobind comp-lzo user nobody group nogroup persist-key verb 4
Test configuration
Once restart OpenVPN on both server and client test the configuration with a simple ping from client to server and server to client.
Ping from client(10.8.0.6) to server(10.8.0.1)
# ping 10.8.0.1 PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data. 64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=105 ms 64 bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=102 ms 64 bytes from 10.8.0.1: icmp_seq=3 ttl=64 time=99.5 ms . .
Ping from server(10.8.0.1) to client(10.8.0.6)
# ping 10.8.0.6 PING 10.8.0.6 (10.8.0.6) 56(84) bytes of data. 64 bytes from 10.8.0.6: icmp_seq=1 ttl=64 time=112 ms 64 bytes from 10.8.0.6: icmp_seq=2 ttl=64 time=100 ms 64 bytes from 10.8.0.6: icmp_seq=3 ttl=64 time=100 ms . .
Configuring SAMBA server to share files among clients.
Note: I assume you have a SAMBA server already installed.
Configure by editing the smb.conf file.
# vi /etc/samba/smb.conf
When you add your windows clients to the VPN ensure to set the same "workgroup" for them.
workgroup = WORKGROUP
I want to access my whole home directory so I have to change the following options.
[homes] comment = Home Directories browseable = yes read only = no
Finally set the SMB password to an existing system user, in my case I already have a user added to the system called client1.
# smbpasswd -a client1 New SMB password: Retype new SMB password: Added user client1.
Firewall rules
In your firewall set of rules, ensure the OpenVPN and SAMBA ports are open.
-A INPUT -p udp -m udp --dport 1194 -j ACCEPT -A INPUT -p tcp -m tcp --dport 445 -j ACCEPT
Note: To load the firewall rules at startup add the following line to the "/etc/network/interfaces" file.
pre-up iptables-restore < /etc/iptables.up.rules
Here some screen shots
Login
Remote home
If it worked for you, Поздравляю!
, if not try again and again until get it work. Here some links that could be helpful:
http://openvpn.org/papers/BLUG-talk
http://openvpn.org/index.php/documentation/howto.html
Category: Linux
Posted on May 15th, 2009 At 2:58 am by baldo
Prerequisites
Hopfield Neural Network able to recall patterns
The g++ version I have used to code this Network is:
$ g++ --version
g++ (Debian 4.3.2-1.1) 4.3.2
Copyright (C) 2008 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiling the Network
$ g++ main.cpp -o hopfield
Running the Network
$ ./hopfield
*******************************
Hopfield Neural Network
able to recall binary patterns
*******************************
Presenting pattern A
component = 1 output = 1 component matched
component = 0 output = 0 component matched
component = 1 output = 1 component matched
component = 0 output = 0 component matched
* Pattern A recalled correctly
Presenting pattern B
component = 0 output = 0 component matched
component = 1 output = 1 component matched
component = 0 output = 0 component matched
component = 1 output = 1 component matched
* Pattern B recalled correctly
Try to modify the input patterns, for example by presenting a pattern like B = {0, 1, 0, 0}, the output would be like this:
.
.
Presenting pattern B
component = 0 output = 0 component matched
component = 1 output = 1 component matched
component = 0 output = 0 component matched
component = 0 output = 1 component not matched
* Unable to recall pattern B
meaning that the network was not trained to recall this pattern.
Source code
hopfield.h
1 class Neuron{ 2 private: 3 int *weightsVec; 4 public: 5 Neuron(int *, int); 6 friend class Hopfield; 7 }; 8 9 class Hopfield{ 10 private: 11 Neuron **neurons; 12 int *output; 13 int n; 14 int threshold(int); 15 int dotProduct(int *, int *, int); 16 public: 17 Hopfield(int **, int); 18 void run(int *); 19 int getOutput(int); 20 }; 21 22 #include "hopfield.cpp"
hopfield.cpp
1 Neuron::Neuron(int *w, int n){ 2 weightsVec = new int[n]; 3 for(int i = 0; i < n; i++) 4 weightsVec[i] = w[i]; 5 } 6 7 //n = wLen 8 //every neuron has its weight contribution to other neurons 9 Hopfield::Hopfield(int **w, int n){ 10 this -> n = n; 11 output = new int[n]; 12 neurons = new Neuron*[n]; 13 14 for(int i=0;i<n;i++) 15 neurons[i] = new Neuron(w[i],n); 16 } 17 18 //dot product pattern.weights (ej. A.w1) 19 int Hopfield::dotProduct(int *pattern, int *weights, int wLen){ 20 int k = 0; 21 for(int i = 0; i < wLen; i++) 22 k += pattern[i] * weights[i]; 23 return k; 24 } 25 26 /* 27 f(t) = {1, if t >= theta; 0, if t < theta} 28 where theta = 0 29 */ 30 int Hopfield::threshold(int act){ 31 if(act >= 0) return 1; else return 0; 32 } 33 34 void Hopfield::run(int *pattern){ 35 int act; 36 for(int i = 0; i < n; i++){ 37 act = dotProduct(pattern, neurons[i]->weightsVec, n); 38 output[i] = threshold(act); 39 } 40 } 41 42 //return output of neuron j 43 int Hopfield::getOutput(int j){ 44 return output[j]; 45 }
main.cpp
1 #include <stdio.h> 2 #include <iostream> 3 #include <math.h> 4 5 #include "hopfield.h" 6 7 using namespace std; 8 9 int main(){ 10 // n is the number of neurons in the network 11 const int N = 4; 12 int recalled = 1; 13 14 //patterns to recall 15 int A[] = {1, 0, 1, 0}, B[] = {0, 1, 0, 1}; 16 17 //weight matrix 18 int wm[N][N] = { 19 { 0, -3, 3, -3}, 20 {-3, 0, -3, 3}, 21 { 3, -3, 0, -3}, 22 {-3, 3, -3, 0} 23 }; 24 25 int **w; 26 w = new int*[N]; 27 for(int i = 0;i < N;i++) w[i] = wm[i]; 28 29 cout<<"*******************************"<<endl; 30 cout<<"Hopfield Neural Network"<<endl; 31 cout<<"able to recall binary patterns"<<endl; 32 cout<<"*******************************"<<endl; 33 34 Hopfield net(w, N); 35 36 //run the network by presenting pattern A. 37 cout<<"Presenting pattern A"<<endl; 38 net.run(A); 39 40 for(int i = 0; i < N; i++){ 41 if(net.getOutput(i) == A[i]){ 42 cout<<" component = "<<A[i]; 43 cout<<" output = "<<net.getOutput(i); 44 cout<<" component matched"<<endl; 45 } 46 else{ 47 cout<<" component = "<<A[i]; 48 cout<<" output = "<<net.getOutput(i); 49 cout<<" component not matched"<<endl; 50 recalled = 0; 51 } 52 } 53 54 if(!recalled) 55 cout<<"* Unable to recall pattern A "<<endl; 56 else 57 cout<<"* Pattern A recalled correctly"<<endl; 58 59 recalled = 1; 60 //run the network by presenting pattern B. 61 cout<<"Presenting pattern B"<<endl; 62 net.run(B); 63 64 for(int i = 0; i < N; i++){ 65 if(net.getOutput(i) == B[i]){ 66 cout<<" component = "<<B[i]; 67 cout<<" output = "<<net.getOutput(i); 68 cout<<" component matched"<<endl; 69 } 70 else{ 71 cout<<" component = "<<B[i]; 72 cout<<" output = "<<net.getOutput(i); 73 cout<<" component not matched"<<endl; 74 recalled = 0; 75 } 76 77 } 78 79 if(!recalled) 80 cout<<"* Unable to recall pattern B"<<endl; 81 else 82 cout<<"* Pattern B recalled correctly"<<endl; 83 84 return 1; 85 }
Download this code
hopfield.tgz
Posted on April 30th, 2009 At 10:59 pm by baldo
Recently a friend found a script to mitigate a DDoS attack and asked to set up on our Server. Basically this script identifies IPs with large amount of connections and block them for a certain period of time.
Installation is quite easy, just type:
$ wget http://www.inetbase.com/scripts/ddos/install.sh
# chmod 0700 install.sh
# ./install.sh
It creates a subdirectory under "/usr/local" called ddos, download source files and create a cron task to run every minute.
If you want customize its configuration edit the file "/usr/local/ddos/ddos.conf".
Now, we just have to wait for someone to test it.
Note: This is not an overall solution to prevent this kind of attacks, it just deflate them.
For more information on this project, please visit http://deflate.medialayer.com/.
Category: Security
Posted on April 25th, 2009 At 1:38 am by baldo
I just upgrade my kernel and when I try to start VirtualBox OSE, I get this message:
$ VBoxManage startvm "Open Solaris"
WARNING: The character device /dev/vboxdrv does not exist.
Please install the virtualbox-ose-modules package for your kernel and
load the module named vboxdrv into your system.
You will not be able to start VMs until this problem is fixed.
VirtualBox Command Line Management Interface Version 1.6.6_OSE
(C) 2005-2008 Sun Microsystems, Inc.
All rights reserved.
.
.
Well, the WARNING is self explanatory, I need to rebuild the module “vboxdrv” for my new kernel version.
# aptitude install virtualbox-ose-modules-$(uname -r) linux-headers-$(uname -r)
# m-a prepare
# m-a a-i virtualbox-ose
# modprobe vboxdrv
To avoid modprobe every time you reboot or shut down the system, is good idea to load the module at startup. Just type:
# echo "vboxdrv" >> /etc/modules
Now, the problem is gone.
$ VBoxManage startvm "Open Solaris"
VirtualBox Command Line Management Interface Version 1.6.6_OSE
(C) 2005-2008 Sun Microsystems, Inc.
All rights reserved.
Waiting for the remote session to open...
Remote session has been successfully opened.
Category: Linux
Older Posts
