Good bye Facebook. You suck.

-----BEGIN PGP PUBLIC KEY BLOCK-----
 Version: GnuPG v1.4.9 (MingW32)

mQENBE84HWABCADHzo8Dd8h6CM52YorP97wXH56xBHA370EKgpAADs6kX4754opC
 6tdNyrFQw72hedXhlXjwhv+0TztyLj20HM5UNsY260ZWNgKVHbvP3OFuV1MU3HG5
 kTnKb0F/oLHuSlRgPS7H5IWsIZqXw7F6+RACZWgXkVLV8Bs8k7Ixf1VOIAsZEUG+
 IPEVB0lH198niy2s5+NeEmslJxeUeY/nmSyJmxnE/Sad7KoiT2OgdDNj5jeAFbwq
 gvvUUr3OH5I6eEuB5Fbk9c/zwGjPXFVq5bOQRgqp0OcceFrIsr3xrRqHdUJYLpyk
 0RToU99dEoC+hpWGuNTFHm+6YnieHV8+raR9ABEBAAG0Jk5hdGhhbiBQaWVyY2Ug
 PGhlbGl1c2Rlc2lnbkBnbWFpbC5jb20+iQE8BBMBAgAmBQJPOB1gAhsjBQkJZgGA
 BgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQnSSSHpQ5yDC5XQf/WqC/7aWHCg6l
 IxzcuIDSrGeAXysAB8JK1n7XLg3BgHY8F2l14sCBq/2CGuoCDQpBOcZ+NtJhQcDj
 B3m1J3MvtDNgtfwTsoyntB0kHtppN4WWyHQYD2zvZbiXiCYHpI+ySH5x2x7nw+8n
 nyGJig1ZUyXgrgEKe59dsyUE1jQpvH/REjORFLjem3Xr91H5jOcOrZSeJkNQrIcY
 3Z0KprKF97jfjM5FOmYpuI1O/YU/8ELlTMxrlONZreFdMWoiROFzqUk+iDGgycuT
 LVSPrl3b0NpmdqsbMFutaHCFqnRQMHxwwX+s3qBa/LULI19iTxdyQ/xzMRzSqgNt
 DfbDy5079rkBDQRPOB1gAQgAkR/il/Q8doTzhb448vxX4v5GrHuP+jN4fGMZI3vx
 Sae1WSE9g1mbfkeX3RjKEDYPWjZt5HIUcqquXnfErTrFLMjdBxjmmT3YxEBrspwK
 rNakg68eFgwXXnWd0LH9lTv7Akx4Y11Tm+k4/DylHK+TSZWh+C1iqHw2d5AIVsLJ
 a8fJ1AZtXyFB9cDK3UPSYtAWbALrVmLrQf96ZXeMToQwqcS6v9+YquWWeYAOmIc+
 /Jd8x+/YTY3wMxY9QWnQ+PhU6SviVNkMYuOBPGZruTAl13XZr2fds/4QQXGfR8VC
 q6M+RcqedQGJJGlTvpTSgF3nVDPAxCG8sDJq0CSGu8UY8QARAQABiQElBBgBAgAP
 BQJPOB1gAhsMBQkJZgGAAAoJEJ0kkh6UOcgwsxQIAJjbQvmcEKJT52d1mbMGMPnB
 zMDZrN+rN2SW+AKYspTkk24ChqXkorgmYbz++seZ6LzXWcgqwNVM4KdisAOla3S0
 NRrVRbqnXoFq6rkoKTHBTzFg4j+5N5xgc1wM9GVPTa8KYHUnrOg8sSByU8JT3wDy
 mVpLrUJTYbP5Fo1iMJdZHSQ4/7BJxuBuc4Pnc1J6xKgBuAtMqocodXYjm5+e18Au
 niNgjUrRwjTTCnlHU+1/5S1PZGyvx0EWEMhcsN8EI2C9XTnmHkZkDFX21qi8UJYb
 Tho2yuULHMsMybQ7C646A03ikvoAA2J9dd6IVIntlB+eAlJgwQ70YjZbAz+P638=
 =wSdE
 -----END PGP PUBLIC KEY BLOCK-----

This dude is my coworker. This dude posts random stuff which is hilarious. http://thedudesays.com/

Hehehe, I had to save this somewhere.

1. Secunia PSI – http://secunia.com/vulnerability_scanning/personal/
This sweet baby checks and even auto updates some stuff when software becomes out of date. For example, the company I work for had thousands of customers become hacked and it was through FTP. We called it Gumblar. This was a vulnerability with Out of Date Flash Player and FTP programs. Secunia noticed FTP and Flash player were out of date and updated for me. Boom – Secure.

2. AVG – http://free.avg.com/us-en/homepage
Everyone needs a good anti-virus. Preferably one which doesn’t HOG RESOURCES *cough* Mcafee *cough* Norton *cough*. AVG is free, lightweight, and just works. Never had a complaint with it.

3. MalwareBytes Anti-Malware (well gee, I never would have guessed by the name) – http://www.malwarebytes.org/
It works just fine with the free version. It will find trojans and even malware (ha).

4. Hitman Pro – http://www.surfright.nl/en/hitmanpro
This was the only thing which was able to un-rootkit a client’s computer. Thing was crazy dug in, but it did the job. Always good to keep on hand.

That’s really it. You don’t need anything crazy. Just make sure you’re up to date with windows update too and you’ll be golden.

Or you could just use Linux.

Download Silverchair – Emotion Sickness guitar pro tab

Make sure to delete any yum’d version of SVN:

1. yum remove subversion
2. cd /usr/src
3. wget http://www.webdav.org/neon/neon-0.2X.0.tar.gz
4. tar -xzvf neon-0.2X.0.tar.gz
5. make && make install

Then, I did a normal install but specified neon’s install path:

1. cd /usr/src
2. wget http://apache.xmundo.com.ar/subversion/subversion-1.7.2.tar.gz
3. tar -xzvf subversion-1.7.2.tar.gz
4. cd subversion-1.7.2
5. ./configure --with-apxs=/usr/local/apache/bin/apxs --with-apr=/usr/local/apache --with-apr-util=/usr/local/apache --with-ssl --with-neon=/usr/local/
6. make && make install

You may now need to install the SVN Apache modules. These will be in /usr/src/subversion-/subversion, and should already be installed into Apache. If not, go back into the subversion source dir and re-run the configure line adding –enable-dso and then make but to NOT make install.

Add the following lines to httpd.conf:

1. LoadModule dav_svn_module modules/mod_dav_svn.so
2. LoadModule authz_svn_module modules/mod_authz_svn.so

Zen Roon:

1. /usr/local/cpanel/bin/apache_conf_distiller --update

If apache throws an error like the one below (it’s not the entire error) -

“subversion/libsvn_subr/.libs/libsvn_subr-1.so.0: undefined symbol: sqlite3_clear_bindings”

- you need to upgrade sqlite manually (not from yum, since the readme for subversion says you need 3.4.0 or higher and 3.3.6 is what my yum is forcing me to install)

I did the following to update sqlite:

1. wget http://www6.atomicorp.com/channels/atomic/centos/5/x86_64/RPMS/sqlite-3.7.0.1-1.el5.art.x86_64.rpm
2. rpm -Uvh sqlite-3.7.0.1-1.el5.art.x86_64.rpm (or rpm -i)

You may have to create a symbolic link to the /usr/bin/ folder for svn: ln -s /usr/local/bin/svn /usr/bin/svn

Otherwise, both svn –version and whereis svn show correct info.

GUIDE IS FOR VPS AND HIGHER PLANS (with root – I haven’t tried without but it may be possible). Shared class does not come with the ability to do this.

Also, a lot of my help came from http://wiki.jvideodirect.com/w/Converter_Setup, which I was installing on a VPS. You can review their installation instructions, but they don’t exactly fit our Centos 5 VPS servers. This guide is my logs from installing it on a 1024M VPS.

Necessary before installation

1. yum install libXv-devel-1.0.1-4.1.i386
2. yum install libXv-devel-1.0.1-4.1.x86_64

 
You can use the below command to install RPMForge in one command.

1. cd /usr/src/ && wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el`cat /etc/redhat-release | cut -d' ' -f3|cut -d. -f1`.rf.`uname -i`.rpm && rpm -Uhv rpmforge-release-0.5.2-2.el`cat /etc/redhat-release | cut -d' ' -f3|cut -d. -f1`.rf.`uname -i`.rpm

http://adityo.blog.binusian.org/?tag=add-rpmforge-and-dag-repository-on-centos

Quick Installation Guide -

1. yum update
2. yum install ffmpeg ffmpeg-devel ffmpeg-php mplayer mencoder libogg libvorbis

Manual Installation Guide -

Make sure you cd /opt – We will be wget’ng everything into the /opt folder.

== Step 0.5 SVN

Easy Method

1. yum update
2. yum install subversion

Advanced Method

1. cd /usr/src
2. wget http://subversion.tigris.org/downloads/subversion-1.6.13.tar.gz
3. wget http://subversion.tigris.org/downloads/subversion-deps-1.6.13.tar.gz
4. tar xvzf subversion-1.6.13.tar.gz
5. tar xvzf subversion-deps-1.6.13.tar.gz
6. cd subversion-1.6.13
7. ./configure --with-apxs=/usr/local/apache/bin/apxs --with-apr=/usr/local/apache --with-apr-util=/usr/local/apache --with-ssl
8. make && make install

for apache module support, add this to httpd.conf or appropriate template

1. LoadModule dav_svn_module modules/mod_dav_svn.so
2. LoadModule authz_svn_module modules/mod_authz_svn.so

== Step One – FAAD2

Grab the newest (tar.gz) version from http://sourceforge.net/projects/faac/files/faad2-src/

1. wget http://PATH TO FAAD2 VERSION.com/file.tar.gz
2. tar zxf faad2-2.6.1.tar.gz
3. cd faad2
4. autoreconf -vif
5. ./configure --disable-drm --disable-mpeg4ip --with-mp4v2 --prefix=/usr
6. make && make install
7. cd ..

== Step Two – FAAC

Grab the newest (tar.gz) version from http://sourceforge.net/projects/faac/files/faac-src/

1. wget http://PATH TO FAAC VERSION.com/file.tar.gz
2. tar zxfv faac-1.26.tar.gz
3. cd faac
4. ./bootstrap
5. ./configure --prefix=/usr
6. make && make install
7. cd ..

== Step Three – Lame

Grab the newest (tar.gz) version from http://sourceforge.net/projects/lame/files/lame/

1. wget http://PATH TO LAME VERSION.com/file.tar.gz
2. tar zxfv lame-3.98b8.tar.gz
3. cd lame-3.98b8
4. tar xzvf lame-398-2.tar.gz
5. cd lame-398-2
6. ./configure --prefix=/usr
7. make clean
8. make && make install
9. cd ..

== Step Four – Yasm

1. wget http://www.tortall.net/projects/yasm/releases/yasm-1.1.0.tar.gz
2. tar zfvx yasm-1.1.0.tar.gz
3. cd yasm-1.1.0
4. ./configure --prefix=/usr
5. make && make install
6. cd ..

== Step Five – MP4Box/GPAC

1. wget http://sourceforge.net/projects/gpac/files/GPAC/GPAC%200.4.5/gpac-0.4.5.tar.gz
2. wget http://sourceforge.net/projects/gpac/files/GPAC%20extra%20libs/GPAC%20extra%20libs%200.4.5 /gpac_extra_libs-0.4.5.tar.gz
3. tar -xzf gpac-0.4.5.tar.gz
4. tar -xzf gpac_extra_libs-0.4.5.tar.gz
5. cd gpac_extra_libs
6. cp -rf * ../gpac/extra_lib/
7. cd ../gpac
8. chmod +x configure
9. ./configure
10. make lib
11. make apps
12. make install lib
13. make install
14. cp bin/gcc/libgpac.so /usr/lib/

== Step Six – x264 (LIBX264)

Again, grab the newest release: http://download.videolan.org/pub/videolan/x264/snapshots/

1. wget http://download.videolan.org/pub/videolan/x264/snapshots/x264-snapshot-20110213-2245.tar.bz2
2. bzip2 -cd x264-snapshot-20110213-2245.tar.bz2 | tar xvf -
3. cd x264-snapshot-20110213-2245
4. ./configure --enable-mp4-output --enable-shared --enable-pthread --prefix=/usr
5. make && make install
6. cd ..

== Step Seven – xvid

Grab the newest (tar.gz) version from http://www.xvid.org/Downloads.43.0.html

1. wget http://downloads.xvid.org/downloads/xvidcore-1.2.2.tar.gz
2. tar zxfv xvidcore-1.2.2.tar.gz
3. cd xvidcore/build/generic
4. ./configure --prefix=/usr
5. make && make install
6. cd ../../..

== Step Eight – FFMPEG

1. svn checkout svn://svn.mplayerhq.hu/ffmpeg/trunk ffmpeg
2. cd ffmpeg
3. ./configure --enable-gpl --enable-postproc --enable-nonfree --enable-postproc --enable-swscale --enable-
avfilter --enable-pthreads --enable-libxvid --enable-libmp3lame --enable-libfaac --disable-ffserver
--disable-ffplay --enable-libx264 --prefix=/usr --enable-shared --enable-mmx
4. make (check for errors)
5. make install

*Original with disabled x264 and 1394

1. ./configure --enable-gpl --enable-postproc --enable-nonfree --enable-postproc --enable-libfaad
--enable-swscale --enable-avfilter --enable-pthreads --enable-libxvid --enable-libx264 --enable-
libmp3lame --enable-libdc1394 --enable-liba52 --enable-libfaac --disable-ffserver --disable-ffplay
--prefix=/usr

This may or may not be necessary -

1. ln -s /usr/local/lib/libavformat.so.50 /usr/lib64/libavformat.so.50
2. ln -s /usr/local/lib/libavcodec.so.51 /usr/lib64/libavcodec.so.51
3. ln -s /usr/local/lib/libavutil.so.49 /usr/lib64/libavutil.so.49
4. ln -s /usr/local/lib/libmp3lame.so.0 /usr/lib64/libmp3lame.so.0
5. ln -s /usr/local/lib/libavformat.so.51 /usr/lib64/libavformat.so.51

== Step NiNE – FFMPEG-PHP

1. wget http://sourceforge.net/projects/ffmpeg-php/files/ffmpeg-php/0.6.0/ffmpeg-php-0.6.0.tbz2/download
2. tar jxvf ffmpeg-php-0.6.0.tbz2
3. cd ffmpeg-php-0.6.0
4. phpize
5. ./configure

*****IMPORTANT IF YOU GET ERRORS ON CONFIGURE*****
1. Open the file “/root/ffmpeg-php-0.5.0/ffmpeg_frame.c” using vi editor (or nano).
2. Go to the line you are getting this error. [In this example, line #495].
3. Execute the following command.
Press ESC and :%s/PIX_FMT_RGBA32/PIX_FMT_RGB32
4. Save the file and recompile it once again.

1. make
2. make install
3. copy /usr/src/ffmpeg/libavutil/libavutil.so.50 to /usr/lib64

== Step Ten – flvtool2

flvtool2 install info http://www.mysql-apache-php.com/ffmpeg-install.htm

Optional — == Install MENCODER + MPLAYER

MENCODER is a free command line video decoding, encoding and filtering tool released under the GNU General Public License. It is a close sibling to MPlayer and can convert all the formats that MPlayer understands into a variety of compressed and uncompressed formats using different codecs. The Installation Process [[ Note: I used /opt and not usr/local/src, but I would suggest following the instructions if you're not familiar with this stuff.]]

1. mkdir /usr/local/src
2. cd /usr/local/src
3. wget http://www3.mplayerhq.hu/MPlayer/releases/codecs/essential-20061022.tar.bz2
4. tar jxvf essential-20061022.tar.bz2
5. mkdir /usr/local/lib/codecs/
6. mv /usr/local/src/essential-20061022/* /usr/local/lib/codecs/
7. chmod -R 755 /usr/local/lib/codecs/
8. mkdir /usr/local/src/tmp
9. chmod 777 /usr/local/src/tmp
10. export TMPDIR=/usr/local/src/tmp
11. svn checkout svn://svn.mplayerhq.hu/mplayer/trunk mplayer
12. cd /usr/local/src/mplayer
13. svn update
14. make distclean
15. ./configure
16. make clean
17. make
18. make install

This guide is for my VPS 1024M with InMotionHosting.
Credit for this goes to David Dunn

1. root ~]#: cat /etc/redhat-release
   CentOS release 5.7 (Final)

Varnish Cache is a web application accelerator also known as a caching HTTP reverse proxy. You install it in front of any server that speaks HTTP and configure it to cache the contents. Varnish Cache is really, really fast. It typically speeds up delivery with a factor of 300 – 1000x, depending on your architecture.

Like many other caching systems, the increase in speed (and decrease in CPU) does come at the expense of memory. For practicality purposes, it can be installed on any VPS, but is best suited to a high-end VPS (512M or higher) or Dedicated server.

Installation

Much like installing a third-party webserver or apache module, cPanel won’t be able to directly control or manage Varnish. This doesn’t mean that it can’t be installed in such a way as to preserve all the existing cPanel functionality.

Changing the non-ssl port on apache

While you can use the “default” varnish settings, this won’t respond to port 80, so you won’t see any benefit unless you wish to simply perform benchmarking. First, things first, you’ll want to change the default apache port from 80 to something else (so Varnish can listen on port 80). This doesn’t have to be the first step in the process, but please make certain that its done before you attempt to run Varnish.

1. # Open WHM as root on the target server and go to Server Configuration -> Tweak Settings
2. # Scroll down to the System section(or use the "find" option on the right to search for port) and change the default Apache non-SSL IP/port from 0.0.0.0:80 to the IP/Port of your choosing
3. # If you only want apache to listen on a specific IP (not recommended) change 0.0.0.0 to that IP, it won't matter what you change the port to (but give it a number that won't conflict with any other service and keep a record of what you choose)

For this example I’m setting the apache port to 1985, so the option would read 0.0.0.0:1985.

Installing Varnish

You’ll need to add the appropriate repository to install Varnish with yum. Since varnish can proxy _any_ server (not just apache) apache is not a prerequisite and you should be able to install it without needing to uncomment any restricted packages in /etc/yum.conf

Add the repository with:

1. rpm --nosignature -i http://repo.varnish-cache.org/redhat/varnish-3.0/el5/noarch/varnish-release-3.0-1.noarch.rpm

then install varnish with

1. yum install varnish

Since its registered with yum, this means that varnish should update like any other system service during updates.

Configuring Varnish

Once Varnish is installed you’ll want to edit the configuration file located at /etc/sysconfig/varnish

If you’d like to make the most minimal edits (and use the simplest configuration settings) you can add the following to the bottom of this file (based off the simple “Alternative 1″ configuration settings)

1. DAEMON_OPTS="-a :80 \
2. -T localhost:6082 \
3. -b localhost:1985 \
4. -u varnish -g varnish \
5. -s file,/var/lib/varnish/varnish_storage.bin,1G"

boiled down, this effectively is telling Varnish to:

1. listen on all IP addresses on port 80

2. set the administrative interface on port 6082 (the default)

3. forward requests to localhost on port 1985 (our apache server)

4. set the user/group for child processes to varnish:varnish

5. use the file storage mechanism at /var/lib/varnish/varnish_storage,bin and use only 1GB for the file.

restart varnish and apache with

1. service varnish restart
2. service httpd restart

and confirm that this is working. Please note that in subsequent changes you’ll only need to restart Varnish (not apache).

modifying the DAEMON_OPTS

If you notice that the Varnish Cache isn’t responding properly (or is giving you the generic cPanel page) you may need to specify your rules via a vcl file. There’s an example one provided. Simply modify your DAEMON_OPTS section like so:

1. DAEMON_OPTS="-a :80 \
2. -T localhost:6082 \
3. -f /etc/varnish/oursettings.vcl \
4. -u varnish -g varnish \
5. -s file,/var/lib/varnish/varnish_storage.bin,2G"

Note that we’re no longer defining the port apache is stored on. We’ll get to that in the VCL rules section below.

Setting the VCL rules

Navigate to the /etc/varnish/ directory and copy the default.vcl file to oursettings.vcl.

Open oursettings.vcl in your editor of choice to this file:

1. backend b127_0_0_1{
2. .host = "127.0.0.1";
3. .port = "1985";
4. }
5. acl a127_0_0_1{
6. "127.0.0.1";
7. }
8. sub vcl_recv{
9. set req.http.X-Forwarded-For = client.ip;
10. if(server.ip ~ a127_0_0_1){
11. set req.backend = b127_0_0_1;
12. }
13. }

The above example rules are based off a single IP configuration for the address “127.0.0.1″ you’ll need to adjust appropriately (adding different backends for different IPS and adding them in the sub vcl_recv section

Correcting Apache Logs

Apache will log all IP addresses with the server’s own (since the request will be coming from Varnish and not the client). To adjust this, you will need to edit /usr/local/apache/conf/httpd.conf and distill the following changes.

First, update the logging format. Most sites should default to “combined” so make change that line in the <IfModule log_config_module> section from:

1. LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

to:

1. LogFormat "%{X-Forwarded-for}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

You’ll need to distill this and restart httpd

1. /usr/local/cpanel/bin/apache_conf_distiller --update
2. service httpd restart

If everything goes well you should be able to confirm that access logs are reflecting the correct IP by tailing them.

If you have sites that are using https (SSL) this could potentially break secure logs. If you need to avoid this, simply change the logging back and add a new LogFormat entry (called cached) and set the userdata entry to use this. Please note that this may not properly persist between updates.

WHAT WON’T WORK -

Since clients are no longer making requests directly to varnish certain IP-dependent features may not work (or may not work as expected)

1. Hotlink Protection: will no longer work since Apache isn't directly receiving the request. (see this page for an alternate solution)
2. PHP logging IP addresses: mailerscripts/forums/comment functions will record the IP of the varnish server and not the visitor (there is a solution for this by replacing references for "REMOTE_ADDR" with "X_FORWARED_FOR". See this page for more information, alternatively you can place these forms behind a secure address where apache will process the request directly).
3. Exim logging IP addresses: similar to the above issue, mailer scripts triggered via PHP scripts will show the varnish address instead of the originating request. No fix at this time, though you can recommend applying a similar fix
4. Blocking IP via .htaccess: similar to the last two issues, since apache is not directly recieving the request it cannot block IPs. While varnish will certainly help with load related to large amounts of hits, this won't address abuse in the form of spammers or robots that you simply don't want to access your site. IPs can be blocked directly via apf, or by adding a "forbidden" acl in the varnish configuration see this page for more information. Please keep in mind that unlike a normal .htaccess block, this will completely block traffic for http connections to all sites (but not https since apache still handles those).

ALTERNATE FIX FOR CMS/CARTS AND MAILER SCRIPTS

You can manually override the PHP variables by adding the following line to the top of the affected PHP script (or the configuration file for the CMS/Cart/Blog)

1. if($_SERVER['HTTPS'] !="on"){$_SERVER["REMOTE_ADDR"]=$_SERVER["HTTP_X_FORWARDED_FOR"];}