Mac OSX Mavericks Update Made Things Slow and the Fans Run Nonstop

I just updated from Mac OSX 10.8 (ML) to 10.9 Mavericks and my CPU fans started to run non-stop. I did a bit of research and came across a post on apple’s forum ( which stated that people need to reset their SMC (fan control).

This fix is for the following (Early 2009) and later, all models of MacBook Air, and MacBook (Late 2009).

  • Shut down the computer.
  • Plug in the MagSafe power adapter to a power source, connecting it to the Mac if its not already connected.
  • On the built-in keyboard, press the (left side) Shift-Control-Option keys and the power button at the same time.
  • Release all the keys and the power button at the same time.
  • Press the power button to turn on the computer.

Note: The LED on the MagSafe power adapter may change states or temporarily turn off when you reset the SMC.

This fixed it for me, hope this finds it useful for others.

Must Have Mac Apps

Here are some mac apps I think are worthy of sharing:

  1. Hyperswitch - Free I’ve used Witch (paid) thus far but I always got annoyed with the fact that it has really bad tracking of last used app. So if I have 10 windows open and then I jump from Mail to Chrome, and then I hit cmd-tab back, it would not switch me back to Mail. I’ve lived with this limitation and today I decided I am fed up with it, so did a bit of googling and found a new App Switcher called Hyperswitch. I was reluctant at first, due to price being free, and I was so accustomed to Witch, but I figured it was worth a shot. After installing and running, little to my amazement, this is much better than Witch. It could use some work in that, if you have 3+ Chrome windows open, it still grouped as one, but I’ve come to live with it. This is definitely a big new app that I’ll be using for long time.

Hyperswitch vs Witch = Hyperswitch wins, less clunky and saves your last used app so it’s great for hitting cmd-tab repetitively.

  1. SizeUp - Free (or $13) To resize, move, maximize windows, I been using an app called Moon. It suited my needs but when it resizes or move window, it performs an animation that’d be slow. Also it is two key combination, one to activate, and another to move/resize/maximize. Luckily, I found another little gem, which more than fits my needs. Now to resize/maximize/move, I just now hit ctrl-option-up, ctrl-option-down, ctrl-option-left/right.

These guys also have another app called “Cinch”, which is also pretty cool in that, you can maximize window just by dragging the window to the top most section of the monitor, and restore it back by dragging it down. It’d been awesome if you dragged it down, it resizes to smaller window centered on the screen. Oh well.

Moon vs SizeUp = SizeUp wins, it’s easier and faster.

Nifty Netstat Commands

Try the following commands to determine if you have a lot of connections coming from one address or if you are under a distributed attack.

netstat -nt | cut -c 40- | cut -d: -f1 | sort | uniq -c | sort -n
netstat -nt | cut -d: -f2 | sort | uniq -c | sort -n

If you have high numbers from a few IP addresses it will be easier to limit the connections. You can then add deny rules or rate-limit rules to iptables to limit access from these addresses.

If you are under attack you may want to get your ISP involved as they can limit connections before they reach you.

Percona Sql-mode Causing ‘Incorrect Integer Value for Column’ Errors

When I switched one of my client’s db server to another newer environment, it caused theier site to fail. It was a strange problem because everything was the same environment from the other server, from versions/configs of apache, php, mysql (Percona), etc and they all checked out fine.

The underlying problem was narrowed down to the fact there were some sql queries in the scripts that passed in empty strings on an integer column. This is due to the fact sql-mode had STRICT_TRANS_TABLES enabled. I’ve never seen a case where this was enabled by default and this was the first time it ever occurred to me.

So to resolve it, I tried editing the my.cnf and explicitly setting to:

sql-mode = ''

But this didn’t seem to take any effect whatsoever. When I set it manually within the mysql console using, it worked:

SET @@global.sql_mode= '';

This made me realize that /etc/my.cnf is not being read! To my surprise, Percona actually installs /usr/my.cnf (a big major WTF moment!) in their recent 5.6 release which had this:

# For advice on how to change settings please see


# Remove leading # and set to the amount of RAM for the most important data
# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%.
# innodb_buffer_pool_size = 128M

# Remove leading # to turn on a very important data integrity option: logging
# changes to the binary log between backups.
# log_bin

# These are commonly set, remove the # and set as required.
# basedir = .....
# datadir = .....
# port = .....
# server_id = .....
# socket = .....

# Remove leading # to set options mainly useful for reporting servers.
# The server defaults are faster for transactions and fast SELECTs.
# Adjust sizes as needed, experiment to find the optimal values.
# join_buffer_size = 128M
# sort_buffer_size = 2M
# read_rnd_buffer_size = 2M


So solution was to just remove that file /usr/my.cnf and let /etc/my.cnf take over.

It’s all good now but seriously, /usr/my.cnf? Is /usr/local/my.cnf next in line in the future? (shaking my head)

My MacOSX Keybindings

My keybindings to make things easier:

  1. cmd-shift-m Maximize/Zoom window: it was done by going to Sys Pref->Keyboard->Application Shortcuts, hit the plus sign and add title as Zoom and bind to cmd-shift-m

  2. cmd-shift-_ Maximize/Zoom window w/ Moom: launch Moom and then hit space to maximize

  3. cmd-shift-+ Fantastical: adds new task

  4. ctrl-` Show and hides iTerm2. Set from setting it on iTerm’s general preference menu)

  5. cmd-opt-space Launches finder

  6. cmd-shift-p and cmd-shift-n Switch buffers in emacs with a shortcut key to go to previous or next buffer


I installed cmd-key-happy to make my cmd to act as meta while I’m in terminal/iterm2. You can get it from here:

Here is my .cmd-key-happy.lua file:

global_excludes = Set{ "shift-cmd-tab", "cmd-tab", "cmd-space", "shift-cmd-space", "shift-cmd-=", "shift-cmd-m"}
apps = {
   Terminal = { exclude = Set{ "shift-cmd-[",
                         } },
   iTerm = { exclude = Set{ "shift-cmd-[",
                         } },

With this I can now easily hit my meta key (e.g; cmd+f or cmd+b to go between words) instead of hitting that awkwardly placed option key

Emacs Power Ups


  1. Emacs out of the box have text navigation down quite well. But there is still one thing I missed from VIM was C-d and C-u to do a half page scroll down / up. To add something similar, add this to your ~/.emacs file:
;; Faster point movement
(global-set-key "\M-\C-p"
  '(lambda () (interactive) (previous-line 5)))

(global-set-key "\M-\C-n"
  '(lambda () (interactive) (next-line 5)))


  1. Also to comment a block of code, just select it by marking (C-space) and to the end of the target, then press:

To un-comment just re-run it from the same selection of code that’s been commented out.


  1. For the longest time to search/replace, I invoked it with M-x replace-string. It is a being long winded and I never managed to use:

Only caveat is this puts you in interactive replace, but type ! immediately afterward to replace all without the nagging prompts.

  1. Code auto-formatting to make it look pretty is extremely easy with your defined tab-spacing, etc is easy. Just do:
C-x h
C-M \

How I Bought a Bitcoin

How do I buy a bitcoin is perhaps one of the most common questions I get. So here is a quick guide of how I did it.

I thought buying a was difficult at first but with a bit of research, it turned out pretty simple.

Here are several different approaches that I took to buy bitcoins.

Option 1: Coinbase (Can do it all online, just provide your bank info) I registered at because they looked so legit. I gave them info and within an hour, I was to buy a bitcoin. They did have a $1k bitcoin transaction limit and I wanted to put in more so I had to look for an alternative. Depositing the money was painless and buying was also painless. However, from the moment I purchased, it took me 5 full days for my bitcoin to get into my account. Which is an incredibly long time in a bitcoin world.

Option 2: Bitfloor (Need to hit the bank or Moneygrams, but I prefer this) After much research, I chose I signed up and they told me all I needed to do now was perform a deposit (LocalTill) or send a wire transfer to the info they provided. This process seemed daunting at first but it was as easy as depositing my own money. I used the LocalTill option which charges about 3% of the transaction fee and within minutes, I got a notification that my money have been added and ready to use. Then I went to their Trade, and put in how much I wanted to buy and within minutes, I had my bitcoins!

Option 3: Dwolla + (I haven’t tried it yet, I’m still in the waiting queue, I’ll update this post once I try it out)

Re-mapping Meta Key for Mac OSX (Terminal / Emacs)

[Disclaimer: This is not an April Fools day joke]

Using Mac’s meta as option is NOT an option!

After getting accustomed to the Mac, I fell in love with it but one thing have constantly been nagging me. It is the unbelivably horrific placement of the “meta/option” key. What this means is that, to go forward/back word, you have to reach your thumb all the way halfway across your hand to where your pinky is. Do that enough, I am pretty sure you’ll have early retirement of your hands.

Anyhow I decided to finally do something about this once and for all. I can’t tell you how many sleepless nights I have thinking about how to combat this option. I have even ventured into re-mapping my emacs by changing all the commands using meta with control-something. For instance, page up would be re-mapped to C-u. But this is unreasonable as years of my muscle memory still have a hard time getting adjusted and I didn’t want to make up my own mapping settings for the long haul anyway.

The first time I used the Mac, I did a google marathon of how to accomplish this but everything had it’s negative drawbacks. At the time, I didn’t know enough of all the Mac’s keyboard shortcuts so I hesitated swapping my meta with Command completely.

The fix!

Just follow these and you should be good!

mkdir ~/tmp && cd /tmp
git clone .
sudo make install
make install-rcfile
make install-plist

What this does is it sets up and installs this to your launchctl so that it runs on boot. Now all your meta bindings should be using “cmd” key, except Mac’s global ones, such as “cmd-space”, “cmd-tab”, etc …

You can customize them to which you want excluded globall and what not by:

  1. editing this file: ~/.cmd-key-happy.lua
  2. and issuing make install-plist to reload

Now that is all there is to it, I hope this especially helps out greatly for those switching from PCs to Macs.

Note) When on terminal, you’ll notice that paste does not work. That is because I excluded M-v into terminal section, so I can use it for page up. But paste can still be triggerd using option-v and it shouldn’t cause much issue as “on terminal” you don’t necessarily need to paste all that much.

Running Pow and MAMP Simultaneously

In the pursuit of achieving the perfect web development environment on Mac, I’d need two things.

  1. LAMP environment
  2. Ruby/Rails environment

For LAMP, I’ve settled on MAMP Pro. Although it costs a bit of money, this is by far the best way to manage your sites locally. For one, it’s got a great GUI to manage your vhosts. Editing by hand can get tedious and this takes care of it. It even adds /etc/hosts entries for you to handle local name resolutions.

For Ruby, Pow has been an unbelievably efficient way of running and managing multiple ruby apps for me. All you have to do is just drop a folder in your ~/.pow and you are set as it also handles local name resolutions for you on the fly.

But getting both of them to work at the same time posed a problem but a quick SO search revealed a very cool trick:

Setting up Pow and MAMP to work simultaneiously

A Month After Switching to Macs

The story

For most of my life, I had a deep resentment toward Macs. I always never liked their concept of trying to do something different. Back in the days, my feelings all started with their philosophy of one-button mouse. I appreciate they want to keep it simple but as a computer, it just didn’t make sense to me. I grew up with things that had a lot of buttons, my favorite video games all had atleast 6 buttons to press. Heck, if they had 3 buttons when PCs had 2, I’d have given them a second look. But no, Macs were consistently pushing one-button, even to this date.

Anyhow, I’ve grown accustomed to PCs very much. I know almost all the keyboard shortcuts Windows has to offer, allowing me to do virtually anything instantly and seamlessly at ease. Simply put, I was quite happy and comfortable with it so switching to anything else would throw me off guard and would not be my ideal situation.

Tried Macs (several times)

But because I also enjoy trying out new and shiny things, time and time I’d buy a Mac, try it out, and find myself totally weirded out by it. Sometimes, I tried so hard to like it, but I just was not quite as productive on a Mac than on a PC. If it wasn’t a gift from my wife, I would’ve returned it for a full refund. Anyway, it was just collecting dust. I just had too much work to do and I absolutely require productivity.

My PC broke hardcore

Then one day, my awesome PC just died. It was a Lenovo Thinkpad and it was just the perfect fit for me, small, compact, and dock-station ready. I’d take it wherever I go, work, home, friends, it was one thing I’d never leave my house without. Had some great memories with it and some bad. I was just overly distraught, like losing a kitten or something.

Powering on the dusty old Mac

Since I had no other choice, I powered up my Macbook Air for me to continue working. The utter feeling of being slow and un-productive was catching up to me really fast. At this point, I already knew a most of the common keyboard shortcut commands, such as spotlight, alt-tab, cmd+shift+[ and ], and so on. But it just wasn’t the same. It sucked.

As I was on a strict deadline at work, I decided I’ll just have to use Mac for now and deal with PC later. I knew I had to get up to speed fast as I absolutely must be productive. Now at this time, I decided to try to understand what made me less productive on a Mac compared to PC.

So here are what I just didn’t like about Macs:

  1. No easy way to maximize window and full screen mode weirded me out. On Windows, I’d just double click on the window title. But on Macs, I had to carefully hit the green plus button.
  2. Sometimes, my window would get minimized and when I cmd+tab back into it, I don’t see anything. I read article that I had to also hold options and release before I get to it, which was probably the dumbest thing I have ever heard.
  3. There was no Start+e equivalent to open explorer/finder. On Windows, I’d just start+e and just start typing to get to any folders/files on my PC. On Mac, closest I’ve come across was to just locate finder from cmd+tab, or launch finder via an app called Alfred.
  4. No Zend Studio 5.5. This was almost a deal breaker right on the spot.
  5. Mac keyboards aren’t too friendly for emacs user. Hitting that option button for meta is quite an excercise in itself.

Since I just could not live without these, I looked hard online to see if there was anything remotely even close to how it was on PCs. And I can now safely say, I did, and boy am I glad I took that extra time to do so, as it has paid off in dividends.

  1. To perform maximize window, I had to go to System Preferences -> Keyboard -> Keyboard Shortcuts -> Add, and put in “Zoom”, and shortcut as “cmd+shift+m”. Now this will trigger the green maximize button an any active window I’m on which is incredibly useful for me as I hate any apps/windows that floats around in a “limbo” state.

  2. Now I knew there was no other way, I looked hard and there just was no supported option for having cmd+tab to work the way it did on PCs. Then fortunately I stumbled across a forum which discussed exactly same problem I was having and one person mentioned that I should install an app called: Witch. It wasn’t free, I had just installed their trial and I was reasonably satisfied with it, as now when I switch back to any app, it’d even restore it from minimized state. Only issue I have is that it’s not as responsive as native cmd+tab, there is a slight delay.

  3. I searched hard and found another gold mine, cmd+option+space. It opened finder just as I used to open Explorer. One caveat, sometimes it would open it without any side panels (main folders on the left), but quickly found out that you can hit cmd+option+t to toggle the sidepanel.

  4. Now this was tough, I been using ZS 5.5 for roughly close to 8+ years. It was my bread and butter when it comes to development. I had a lot of shortcut/macros to do whatever I needed and all of that was now taken away from me. But since I had no choice, I went on an IDE download spree, testing just about all the IDE’s out there available for mac, including: Coda, Textmate, Sublime, Eclipse, etc … And after a good couple hair pulling days, I managed to find something I liked, and that happened to be Aptana Studios. In fact, I found this to surpass even Zend Studio in many ways. The auto code formatting via cmd+shift+f to be awesome. And on top of it all, it was the only IDE that provided the closest to emacs as one can possibly get. My only gripe is, ctrl+s works for search but ctrl+r (reverse search) doesn’t. Quite baffling to me and I hope I can find out how to get around to doing it.

  5. In the beginning, I was mostly upset about how it is now too difficult for me to hit the meta key. It’s almost as if I have to stretch my left thumb all the way out to where my pinky is. If you are an emacs user, you probably understand just how important it is to hit that meta key repeatedly :) But miraculously, I learned to get accustomed to it. I guess human mind really allow you to get accustomed to anything if no other given choices exists.

I love Macs now

After taking some several weeks of changing my habits and learning some new tricks, I am now quite fond of Macs. I never really thought I will be saying this but Macs are indeed superior to PCs in just about every way. For those that wants to know why:

  1. Mac’s apps are just so much better and nicer. For one, Textual was a huge improvement over mIRC, mainly in the aesthetics department. Querious (db gui) is simple and elegant and suits my needs just fine. And even Mac’s native apps, such as: iCal, iPhotos, and Mail just trumps anything PCs have to offer. It’s almost no contest who wins here.

  2. Bash being integrated to the OS is a life changer. As I’m big on linux, this itself was a huge improvement over PCs. I can now finally sleep happy and not worry about the days of putty’ing.

  3. TimeMachine is too good. Backups couldn’t get any simpler, point-in-time restore of any files back in time is just lovely.

  4. I now fully appreciate the entire Mac keyboard shortcut eco-system. Easy to customize and not buggy like on Windows.

  5. Not having to rely on Virtualbox/Vmware to launch local servers. I find brew surprisingly refreshing to use and setting up a LAMP, or RoR, or even django is extremely easy to setup on Mac.

One big caveat about Macbook Air

If you are like me, you enjoy taking your laptop everywhere you go. And when you get to an office, you’d like to hook it up to dual-screen monitors. Surely I thought this would be a walk in the park, as with any other PC’s. But no, it turned out to be quite an ordeal. Basically the problem is, in order to extend your monitor, you need to hook them from your mini displayport to the monitor. But Macbook airs only have a single mini-displayport and from my research, there aren’t any mini-dp hubs as you’d have with usbs (i know some exists but they sell for $300+).

It turns out, there is an alternative, which is what they call a DisplayLink USB to DVI adapter.

You need to buy a few things:

  • Mini-dp to DVI (or vga)
  • USB to DVI (or vga)

I bought them from Amazon:

I was quite shocked at the price of that USB adapter but then again, it’s worth buying for that extra monitor. I’d have to warn though that there is a slight lag on the monitor this hooks up with as USB is not as fast as mini-displayport. But for just normal activity including browsing/email/coding, I haven’t been too bothered by it.

App recommendations

Here are few that I have and can’t live without:

If you know of any other apps that I should try, feel free to let me know at @jaequery. I’m all ears.

Pagination in Ruby on Rails

I haven’t tried it out yet but it looks like Rails uses a gem called “kaminari” for dealing with pagination. Here is a nice video tutorial on usage at Railscast

Basically it involves doing:

  • Bash

bundle rails g kaminari:views default

  • update Gemfile to include the kaminari gem

gem 'kaminari'

  • update controller (products_controller.rb)

@products = Product.order("name").page(params[:page]).per(5)

  • update locales (config/locales/en.yml)
  hello: "Hello world"
      previous: "< Previous"
      next: "Next >"
      truncate: "..."
  • print pagination from view (products/index.html.erb)

<%= paginate @products %>

A Strong Iptables Ruleset for Running Websites

Here is a simple quick rule to get you secure for most running websites. But it is extremely strict as it only allows HTTP (port 80) from the internet.

Save this into a file (e.g; ~/iptables.hardened)

-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state INVALID -j DROP
-A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -s x.x.x.x/32 --dport 22 -j ACCEPT
-A INPUT -p tcp -s x.x.x.x/32 --dport 3306 -j ACCEPT
-A INPUT -p tcp --dport 0:1024 -m state --state NEW -m limit --limit 5/s -j LOG

Then test it by:

 iptables-restore < ~/iptables.hardened

Note) If you are paranoid and don’t want to risk yourself from locking out of the machine, just make sure to add a cronjob to stop iptables every minute. Something like: */5 * * * * /etc/init.d/iptables stop

Once you are satisfied, save it to your /etc/sysconfig/iptables to make it permanent.

Ultimate Emacs Elisp for Web Development

Emacs out of the box doesn’t have a great php/html/js editor. So here are what you need to get it good.

  • First, let’s create the elisp folder that stores all your elisps:

mkdir ~/elisp && cd ~/elsip

  • Now download “php-mode”


  • Now download “multi-web-mode” for html/js/css


  • Now add/update this line to your ~/.emacs file
(add-to-list ‘load-path “~/elisp”)
(require ‘php-mode)
(require ‘multi-web-mode)
(setq mweb-default-major-mode ‘html-mode)
(setq mweb-tags ‘((php-mode “<\?php\|<\? \|<\?=” “\?>”)
(js-mode “”)
(css-mode “”)))
(setq mweb-filename-extensions ‘(“php” “htm” “html” “ctp” “phtml” “php4” “php5”))
(multi-web-global-mode 1)

Ruby Is Strange and Odd

Day 2 of Ruby

It’s strange and I am confused by all these weird syntaxes.

Coming from PHP, I assumed at first glance:

   @name (ruby) is $name (php)

But no, because in ruby, you have several different ways of assigning a variable.

There are:

  • @name (instance var)
  • @@name (class var)
  • name (method var)

Not to mention, “symbols” which really threw me off guard.

Anyhow, here is what I found out.

  1. @name (instance var) Instance vars are similar to $this->name in php. So @name = $this->name.

  2. @@name (class var) Now this one is a bit tricky. Class vars probably won’t ring a bell to PHP developer as in PHP, class vars are like instance vars. However in Ruby, @@name is similar to static vars. The reason why it’s that is because if you have 3-4+ instances of a class, @@name is shared by all of them. Somewhat of a singleton variable.

  3. name (method var) This is pretty straight forward. It’s a var that only lives inside a method. Good for throwaway/temporary variables, such as res, total, etc …

  4. :name (symbols) Before learning ruby, I thought this was ruby’s way of PHP’s $ sign. Every ruby code I see online had some :symbols and I thought ruby would be a walk in the park as long as I think to myself that is PHP’s equivalent of assigning variables. But no, it’s probably what threw me off the most.

You see, :symbols aren’t something you can assign to. It’s not a variable, it’s a reference. Or, atleast that’s what other ruby devs told me on freenode. I still didn’t undersetand, so is this like a pointer reference I asked? And they said no. After about an hour of chatting back and forth, I came to conclusion from bits and pieces of evidence that :symbols are only used inside hashes as keys.

So in php land:

$users = array(
    "name" => "john",
    "name" => "mark",

foreach($users AS $user){
    echo $user['name'];

But in ruby land, it’s:

users = {
    :name => "john",
    :name => "mark",

users.each do |user|

Switching From PHP to RoR

In one unlikely evening, I was bored and just felt like doing something new, I did something I probably never thought I’d do. Jump into RoR. I say unlikely because those that knows me, knows how much of a PHP advocate I am. Afterall, I didn’t spend 10+ years on it for nothing. I’m also not the type to stop on something until I’ve mastered it. I suddenly now have quite a challenge on my hands.

Emacs Good Movement Guide

Emacs navigation key commands are one of those things every developer should take time to learn. Because once you get to know them, you’ll be using them throughout your dev lifecycle, including in terminals, editing, and pretty much everywhere if you are using a linux/*nix like macs.

For vi/vim users, it may even be a new opportunity for you to take a moment to step outside and experience all the powers and wonders emacs can provide for you. :) Just try.

Xenserver 6 Auto Start VM’s

Citrix decided to disable auto-start VM’s for their free edition startin v6, as I found this out the hard way.

i guess it’s their strategy of getting you to buy their paid license, which gives you the auto-start from the GUI.

but for the rest of us, here is a quick simple way to do this, you need to manually start the VM’s upon bootup of the host.

here’s how:

from the host, edit /etc/rc.local, and at the end of the line, add these two:

sleep 20
/opt/xensource/bin/xe vm-start uuid=fbd0fdec-9f69-e47f-072a-02ff854fd890

where uuid is that of your VM. you can find the uuid from xencenter on VM’s general tab.

do this for each VMs you want auto started

Strong Iptables Firewall Script for Cpanel (or Any Servers)


# 1) Clear old Rules
iptables -F                                                 # Delete all existing rules

# 2) Default Drop
iptables -P INPUT DROP                                            # Set default chain policies to DROP
iptables -P FORWARD DROP                                        # Set default chain policies to DROP
iptables -P OUTPUT DROP                                            # Set default chain policies to DROP

# 3) Loopback                                                     
iptables -A INPUT -i lo -j ACCEPT                                    # Allow loopback access from INPUT
iptables -A OUTPUT -o lo -j ACCEPT                                    # Allow loopback access from Output

# iptables -A INPUT -s "BLOCK_THIS_IP" -j DROP                                # Block a specific ip-address
# iptables -A INPUT -s "BLOCK_THIS_IP" -j DROP                                # Block a specific ip-address
# iptables -A INPUT -s "BLOCK_THIS_IP" -j DROP                                # Block a specific ip-address
# iptables -A INPUT -s "BLOCK_THIS_IP" -j DROP                                # Block a specific ip-address

iptables -A INPUT -s -j ACCEPT                                # Allow Anything from localhost     
iptables -A INPUT -s "ALLOW_THIS_IP"/32 -j ACCEPT                                # Allow Anything from KeyServer

iptables -A OUTPUT -o eth0 -p tcp --sport 25 -m state --state ESTABLISHED -j ACCEPT            # PORT 25   SMTP   - Allow connections to outbound
iptables -A OUTPUT -p udp -o eth0 --dport 53 -j ACCEPT                            # PORT 54   DNS    - Allow connections to outbound 
iptables -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT            # PORT 80   httpd  - Allow connections from anywhere
iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT        # PORT 80   httpd  - Rate Limit from outside
iptables -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT            # PORT 443  SSL    - Allow connections from anywhere
iptables -A INPUT -p tcp -m tcp --dport 2082 -m state --state NEW,ESTABLISHED -j ACCEPT            # PORT 2082 cPanel - Allow connections to outbound 
iptables -A INPUT -p tcp -m tcp --dport 2083 -m state --state NEW,ESTABLISHED -j ACCEPT            # PORT 2083 cPanel - Allow connections to outbound 
iptables -A INPUT -p tcp -m tcp --dport 2086 -m state --state NEW,ESTABLISHED -j ACCEPT            # PORT 2086 WHM    - Allow connections to outbound 
iptables -A INPUT -p tcp -m tcp --dport 2087 -m state --state NEW,ESTABLISHED -j ACCEPT            # PORT 2087 WHM    - Allow connections to outbound 

# 7) PING
iptables -A INPUT -p icmp -m icmp --icmp-type address-mask-request -j DROP                # Drop Ping from address-mask-request
iptables -A INPUT -p icmp -m icmp --icmp-type timestamp-request -j DROP                    # Drop Ping from timestamp-request
iptables -A INPUT -p icmp -m icmp -m limit --limit 1/second -j ACCEPT                     # Rate Limit Ping from outside 

# 8) Validate packets
iptables -A INPUT   -m state --state INVALID -j DROP                            # Drop invalid packets 
iptables -A FORWARD -m state --state INVALID -j DROP                            # Drop invalid packets 
iptables -A OUTPUT  -m state --state INVALID -j DROP                            # Drop invalid packets 
iptables -A INPUT -p tcp -m tcp --tcp-flags SYN,FIN SYN,FIN -j DROP                    # Drop TCP - SYN,FIN packets 
iptables -A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP                    # Drop TCP - SYN,RST packets 

# 9) Reject Invalid networks (Spoof)
iptables -A INPUT -s       -j DROP                                # (Spoofed network)
iptables -a INPUT -s     -j DROP                                # (Spoofed network)
iptables -A INPUT -s   -j DROP                                # (Spoofed network)
iptables -A INPUT -s    -j DROP                                # (Spoofed network)
iptables -A INPUT -s      -j DROP                                # (Spoofed network)
iptables -A INPUT -d      -j DROP                                # (Spoofed network)
iptables -A INPUT -s      -j DROP                                # (Spoofed network)
iptables -A INPUT -d      -j DROP                                # (Spoofed network)
iptables -A INPUT -s        -j DROP                                # (Spoofed network)
iptables -A INPUT -d        -j DROP                                # (Spoofed network)
iptables -A INPUT -d -j DROP                                # (Spoofed network)
iptables -A INPUT -d  -j DROP                                # (Spoofed network)

# 10) CHAINS

iptables -A INPUT -p tcp -m multiport --dports 20,21 -m state --state NEW -m recent --set --name FTP_BRUTE
iptables -A INPUT -p tcp -m multiport --dports 20,21 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name FTP_BRUTE -j DROP

iptables -A INPUT -m state --state NEW -p tcp -m tcp --syn -m recent --name SYNFLOOD--set                        
iptables -A INPUT -m state --state NEW -p tcp -m tcp --syn -m recent --name SYNFLOOD --update --seconds 1 --hitcount 60 -j DROP

# Logging CHAIN
iptables -N LOGGING                                                # Create `LOGGING` chain for logging denied packets
iptables -A INPUT -j LOGGING                                            # Create `LOGGING` chain for logging denied packets     
iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables Packet Dropped: " --log-level 6    # Log denied packets to /var/log/messages
iptables -A LOGGING -j DROP                                            # Drop everything

Emacs Iswitch-mode Makes Switching Between Buffers Easier

i somehow came across this []( and i’m thinking to myself how i didn’t know about it this whole time.

basically on your ~/.emacs, just put this line of code:
(iswitchb-mode 1)

and now create multiple buffers, either through multi-window (ctrl+x+2) or (ctrl+f … and type file name)

now just hit ctrl+b, it’s like mac finder, awesome. 

Disable Apache GET Requests Logging

If you are working for PCI compliance, you may have run into situations as to where you need to disable all GET request logging.

This is due to the fact that some merchants might accidentally submit their card processing over GET, in which, the server will be logging all card numbers and other valuable information in clear text.

So to do that:

SetEnvIf Request_Method “GET” dontlog
CustomLog “/var/log/httpd/” combined env=!dontlog 

See Whats Using Up Your Server

see which connections are connected to you sorted by:

netstat -pant | grep :80 | awk '{ print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

see which process are eating up your server:

ps -eo pmem,pcpu,pid,user,rss,vsize,args | { head -1 ; sort -k 1 -r -n ; } | head -10

Configuring sysctl.conf for High Traffic Sites (150k+/min)

edit /etc/sysctl.conf

 #net.ipv4.netfilter.ip_conntrack_max = 300000 # for centos 5
 net.netfilter.nf_conntrack_max = 300000 # for centos 6
 net.ipv4.tcp_max_syn_backlog = 10240
 net.core.netdev_max_backlog = 4000
 kernel.panic = 10
 net.ipv4.tcp_tw_reuse = 1
 net.ipv4.ip_local_port_range = 1024 65023
 net.ipv4.tcp_max_syn_backlog = 10240
 net.ipv4.tcp_max_tw_buckets = 400000
 net.ipv4.tcp_max_orphans = 60000
 net.ipv4.tcp_synack_retries = 3
 net.core.somaxconn = 10000
also look into considering increasing ulimit

ulimit -n 30000 ulimit -u 50000 now save then type sysctl -p to reload changes

quick update i found this to be effective

net.ipv4.tcp_fin_timeout = 3
net.core.netdev_max_backlog = 30000
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_max_syn_backlog = 8192
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
net.core.somaxconn = 1024
vm.min_free_kbytes = 65536

Copyright © 2014 - jaequery