Archive for December, 2010


Power up Drupal…Supercharge your website with this versatile CMS.

December 31, 2010

Drupal is a free and open source content management system (CMS) written in PHP and distributed under the GNU General Public License. It is used as a back-endsystem for over 1% of all websites worldwide ranging from personal blogs to corporate, political, and government sites including and It is also used for knowledge management and business collaboration.

To create a Drupal site, you need a Linux server with Apache, MySQL, and PHP.This would, of course, be the classic LAMP server. Drupal itself is available from the Drupal website [1]. Get the latest bundle and extract it into your server document hierarchy and rename the resulting directory to something that makes sense in your environment:

tar -xzvf drupal-6.17.tar.gz
mv drupal-6.17 mysite

Of course, you will also need to set up an appropriate Apache configuration for that host so that you can point to it (e.g., mysite.mydomain.dom). When you point your browser to that address, installation can begin. Even if you have never done a Drupal installation, it’s all pretty simple stuff. The first screen is basically a welcome screen and, unless you have downloaded a special Drupal bundle with a custom installation profile, you can just click the Install link and move on.

The second screen merely asks for your language of choice. The default is English, but you have many choices here. The third screen (Verify Requirements) reminds you that if you haven’t already done so, you should copy the default.settings.php file, to be found under sites/default in the install directory, to settings.php. Also, be sure the file is writable by the web server user (usually www-data or apache, depending on your server). Once the configuration is complete, the installer will rename these files and change their permissions to read-only for security reasons. Step four involves creating and configuring your database.

In the form, you are asked to enter a database name, a database user, and a password for that
user, all of which must already exist. To create these things, you’ll have to use a web tool like
phpMyAdmin or Webmin. Alternatively, you could just use the command line and work with the MySQL interpreter manually. The steps are as follows:

Create the database and assign a privileged username and password to access and update the database. Type help or \h for help, and \c clears the current input statement. The dialog
looks similar to the following:

$ mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 684004
Server version: 5.0.90-community MySQL Community Edition (GPL)

mysql> create database drupal;
mysql> grant all privileges on atrium.* to U
‘someuser’@’localhost’ identified by ‘somepassword’;
mysql> flush privileges;
mysql> \q

The rest of the web-based installation involves the final steps in configuring the site before launching your new site. The Configure step asks for your site name, your email address, and
what will become the administrator account and password. Choose your default time zone (it might well be selected by default) and whether you want to run clean URLs (server-side
configuration). Checked by default is a box labeled Check for updates automatically. This is very handy, and I highly recommend that you leave it as is. The final screen is a congratulatory
one, telling you how clever you’ve been and providing you a link to the first page.

Well done!

Above picture is the Drupal Installation and the main page of Drupal.

Extending Drupal with Modules
After you’ve installed a fresh copy of Drupal, some modules are enabled by default; I’ll show you where this is defined shortly. To enable additional modules, log in with the administrator
account, click Administer | Site building | Modules. A list of all the current modules and their states (enabled or not) are displayed . Only a handful of modules are enabled by

With Drupal, as with any software, you need to keep everything up to date and running smoothly, especially when it comes to security updates. To make sure you stay on top of security-related updates, sign up for an account on the Drupal website [2]. By clicking Administer | Reports | Available updates, you can check the status of your site. A list of all your
current modules and themes and their update status will be displayed . Although you should be backing up your system and your databases regularly, it’s particularly important to back them up before you run an update – major or otherwise. Upgrading Drupal involves backing up, putting your site in maintenance mode, removing (or moving to a new name) the old install directory, extracting the latest Drupal, and copying or restoring modified .htaccess and settings.php files, custom modules and scripts, images, and so on. The final step is to run yoursite.dom/ update.php to migrate whatever database changes are required.

Drush, The Drupal Shell
Drush gives me a rush. Seriously. Any long-time systems administrator will tell you that there is a time and a place for the GUI, but for sheer speed and efficiency (and the ability to automate
tasks), nothing beats the command line. So it is with Drupal, and that’s why Drush makes me happy. With a single Drush command, you can download one or more modules, enable
or disable modules, upgrade your Drupal installation, perform a database backup, check out the availability and status of a module (installed or not), run cron hooks for the site, perform
an update, and a whole lot more.
Granted, Drush does require that you have shell access to your site, so that’s a priority, but if you are the systems administrator, that’s probably a given. It’s frightfully easy to install
Drush [3]. Just download it and extract the package somewhere outside of your web server’s root (I put mine in /usr/local). In the drush folder (created when you extract the bundle),
you’ll find an executable shell script called drush. To make your life easy, create a symbolic link in /usr/local/bin to this executable.

Example: Website design using Drupal (picture below):-

Well, that’s all for today post guys…I hope you enjoyed my tutorial about how to install and setup Drupal , and explain to you some of it features. Drupal is an awesome Content Management System (CMS)  in order to build websites. There are thousands of websites nowadays that use Drupal or use the Drupal Theme…If you want to test drive it , here is the download link:-

For your info , Drupal is designed to be install in IIS , Apache , PHP and MySQL server. You need to have a webserver that provide these services…

That’s all folks…Have a Happy New Year 2011….See you next year…bye…


Fedora 14 Linux review……

December 26, 2010

Hi there again…I’m back with my latest review of Fedora 14 from Red Hat. Fedora 14 is one of the best linux distro distribution out there in the market. Fedora 14 is built based on the Red Hat Enterprise Linux.  I just download the Fedora 14 iso image from fedora web site. It’s actually a Live CD distro , and if you want to install it in hard drive , you can install it later. The iso image size is 690MB. You can download it here:-

As for me, I prefer use virtualization and run it in my VM (VMware). I used VMware Player and add the iso in the create a new virtualize machine. From there , I name my VM as Fedora Linux and run it in VMware Player. The boot process is awesome , and it boots directly as it a Live CD. No need for installation. Then you will be greet with a GNOME desktop interface. I must say that after browsing through the menu , Fedora 14 menu is likely the same as Ubuntu 10.04 menu. The documentation for Fedora 14 is included in the menu. The network manager is’s automatically detect my wireless network via a wired connection. I quickly launch Firefox and try to browse the web , and here there goes …a live internet connection!..No need for manually setting my network.

With the release of Ubuntu 10.10 recently, it’s been Ubuntu overload recently in Linux land. Thankfully, another heavy weight distro has weighed in with an update: Fedora 14.

Fedora 14 has wisely decided to stick with GNOME, unlike the next version of Ubuntu (which promises to use the Unity interface on the desktop). Fedora 14 is also available in KDE, LXDE and XFCE versions. For this review, I used the GNOME version.

What’s New In This Release
Here’s a sample of the new feature in this release:

Spice – Spice aims to provide a complete open source solution for interaction with virtualized desktops and provides high-quality remote access to QEMU virtual machines.

Mobility options – This release includes software from the MeeGo™ project which is designed to support platforms such as netbooks, nettops, and various embedded devices.

Amazon EC2 – For the first time since Fedora 8, Fedora will release on the EC2 cloud.

D Compiler – Support for D, a systems programming language. Its focus is on combining the power and high performance of C and C++ with the programmer productivity of modern languages like Ruby and Python.

Some other features include:
Updating Perl to version 5.12, Python to version 2.7, Boost to version 1.44, Netbeans to version 6.9, KDE to version 4.5, Eclipse to the Helios Release, and Sugar to version 0.90.

As you can tell, there’s not much of significance here for desktop users. Most of these new features probably appeal to administrators or developers more than your average desktop user.

Picture below: Fedora 14 Login screen:-


Fedora 14 is a good, solid distro but it lags behind some other distros when it comes to the desktop. It comes across as something a bit more suited to programmers or other advanced users. That’s not to say that it couldn’t be used for a desktop OS by most users, but there’s less desktop polish and ease here than in some other distros. The software stuff I mentioned above is a good example of that.

I’d really like to see the Fedora developers concentrate on tweaking the install program and the software management in a future release. Fedora 14 gives me the feeling that it’s almost…but not quite…ready for general desktop users. The developers just need to press onward and make some additions and changes that will move this distro into the top heap of desktop distros. It’s almost there but a bit more remains to be done.

Despite that, I am a fan of Fedora 14. It’s certainly worth a download if you are curious about it.

I recommend Fedora 14 for intermediate and advanced Linux users. Beginners can certainly install it, but it’s just a tad bit less desktop-friendly for them than Linux Mint, generic Ubuntu and some of the other desktop distros out there. Above all , Fedora 14 rocks !…


Adobe Flex 3 and Flex Builder….

December 19, 2010

Adobe Flex is a software development kit (SDK) released by Adobe Systems for the development and deployment of cross-platform rich internet applications based on the Adobe Flash platform. Flex applications can be written using Adobe Flash Builder or by using the freely available Flex compiler from Adobe.

Flex is like a presentation server. It sits over any application servers and take place of XHTML/JavaScript in presenting your data. It can be presented using the dynamic abilities of Flash (SWF) file. Flex is generally associated with Action Script 3.0 , the Flex Builder and Eclipse. Action Script usually associated with Flash , and its relationship is now only incidental.

Eclipse is a free programming development environtment IDE used extensively by many programmers , especially Java developers . Flex can be integrated with ColdFusion.

Flex Builder consist of three separate components:-

1. The Flex Software Development Kit : This is the collection of ActionScript classes necessary to build , run , and deploy Flex applications.

2. The Eclipse plug-in integrated development environment: This plug-in assist in building the applications.

3. Flash Player 9: Flex applications will only run with Flash Player 9 or later.

Notes: If you are an existing Eclipse user, you can install the plug-in versions. As you are installing , you will be prompted to enter the location of Eclipse , and the installer will know what to do from there.

If you are not an existing Eclipse user , you can install the stand-alone version. This is Flex Builder and Eclipse packaged together.

The main focus of Flex is using MXML. This allows you to write complex Action Script code using simple and easy understood tags. However , as powerful as MXML is ,there are going to be times when you will want to write Action Script code.

Flex 3 Component Explorer:-

The ColdFusion Server.

Depending on the technology you are working with , you will need to install an application server to serve as the connection between Flex and database technology. For instance , if you were working with PHP , you would need to install Apache server , MySQL as the database server , and the PHP application server. (eg: XAMPP Apache firends).

Interestingly , ColdFusion’s scripting language, CFML , is the philosophical basis for Flex’s MXML language. The whole idea behind ColdFusion was to do Java programming while using HTML-like tags. This greatly simplifies the programming process.

The latest server technology released by Adobe is LifeCycle Data Services, or LCDS.  LCDS server comes as part of the Cold Fusion server. This server , which employs J2EE technology , works with Flex on three levels:-

1. It handles Flex Messaging. This means that if Flex application is running on two or more client machines , data can be shared between them.

2. LCDS’s Remote Objects bypasses the need for XML by being able to read ColdFusion or Java objects directly.

3. LCDS helps overcome many restrictions by serving as a proxy server between Flash Player and the data services used.

Here’s a video tutorial on how to build a website using Flex 3. Hope you guys gonna enjoy it….


BEA Weblogic Server 11g from Oracle….

December 12, 2010

Owned by Oracle Corporation, Oracle WebLogic consists of a Java EE platform product-family that includes:

  • a Java EE application server, WebLogic Application Server
  • an enterprise portal, WebLogic Portal
  • an Enterprise Application Integration platform
  • a transaction server and infrastructure, WebLogic Tuxedo
  • a telecommunication platform, WebLogic Communication Platform
  • an HTTP web server.

The Oracle WebLogic application server family includes three offerings; Oracle WebLogic Server Standard Edition, Oracle WebLogic Server Enterprise Edition and Oracle WebLogic Suite. Oracle WebLogic Server Standard Edition is a comprehensive application server that provides developers with the tools and technologies to write enterprise applications and services quickly. For applications that require high availability and superior diagnostics, Oracle WebLogic Server Enterprise Edition offers all the features and benefits of Oracle WebLogic Server Standard Edition plus proven clustering technology, multi-domain management, and diagnostic tooling. In support of dynamic scale-out applications Oracle WebLogic Suite provides in-memory data grid technology, predictable performance and comprehensive management capabilities for efficient operation.

Enable Enterprise Agility
Oracle WebLogic Suite is the cornerstone Java EE platform in support of application grid computing – an architecture that enables enterprises to outperform their competitors while minimizing operational costs. Other Oracle Fusion Middleware products certify and run on Oracle WebLogic Suite making it the best foundation for Oracle environments.

Product Overview
When your business cannot afford to have applications fail or have services become unexpectedly inaccessible, Oracle WebLogic Server Enterprise Edition is the clear choice, with high availability and superior monitoring and management capabilities. Adding highly tuned server clustering to Oracle WebLogic Server Standard Edition, the Enterprise Edition helps enable IT infrastructure that keeps running even as load on the system fluctuates. To ensure superior application performance, unmatched deep diagnostics capabilities can be used on production systems without affecting runtime performance. These and other features of Oracle WebLogic Server Enterprise Edition are engineered to support modern data centers with maximum uptime at minimum cost.

High Availability
Easy configuration changes, incremental update (FastSwap), and rolling upgrades are just a few of the capabilities that help keep systems available even while making changes. Sophisticated yet easily managed is another hallmark of Oracle WebLogic Server Enterprise Edition. Clustering instances of Oracle WebLogic Server together enables many capabilities that kick in when a server abruptly goes offline. Features such as whole-server migration, automatic service migration, and the transaction recovery service are invoked when server health degenerates. Built-in software load balancing, server self-monitoring, and overload protection help avoid failure altogether. If necessary, Oracle WebLogic Server Enterprise Edition can failover across metropolitan area networks (MANs) and wide area networks (WANs) in support of disaster recovery procedures. And supporting active-active application deployments, Oracle GridLink for Oracle Real Application Clusters (RAC) adds advanced new capabilities to integrate Oracle RAC with Oracle WebLogic Server Enterprise Edition. Active-active deployments offer the highest levels of application availability.

System Requirements
Operating systems
(32-bit and 64-bit supported)
 Linux
 Solaris
 Windows
 Oracle (and Oracle Real Application Clusters)
 Microsoft SQL Server
 Sybase
 Java Platform, Standard Edition 6 (clients only)
 Java Platform, Enterprise Edition 5
Internet Protocol
 v4, v6

Below is the oracle web server installation details:-



Well , WebLogic seems functioning as a server that provides web services , java application , databases , and domain creation. You can do clustering in WebLogic. I personally didn’t have the chance to try it , but I can assure you it is a great product when concerning about server product in the market. The installation step is pretty easy , and it has a web based GUI using a web browser to administer and configure it. If you wanna try it , here is the download page:- (p/s: you have to have an Oracle account and log in first before you begin downloading)




Jasager- Karma on the fon – used to sniff a network…etc…

December 4, 2010

Jasager is an implementation of Karma designed to run on OpenWrt on the Fon. It will probably run on most APs with Atheros wifi cards but it was designed with the Fon in mind as it is a nice small AP which gives it a lot of scope for use in penetration tests and other related fun.

A quick highlight of features:

  • Web interface showing currently connected clients with their MAC address, IP address (if assigned) and the SSID they associated with
  • The web interface allows control of all Karma features and can either run fully featured through AJAX enabled browsers or just as well through lynx
  • Auto-run scripts on both association and IP assignment
  • Full logging for later review
  • Pluggable module system for easy extensibility
  • Basic command line interface so you don’t have to remember the different iwpriv commands


As with any tools, this tool can be used for good or bad. Here are some of the good uses:

  • In your office – Set it up to capture laptops before the bad guys do. Use a website to remind them of the rules.
  • On penetration tests – Lure in target clients to find a back door into networks
  • At home – Have fun with neighbours who try to steal your wifi bandwidth

Firmware Users

Jasager is now available as a complete firmware, just flash and go. The firmware includes all dependencies and opkg recognises that the Jasager package is installed.

Usage – Web

The web interface.

The web interface can be found on port 1471, simply browse to it and log in with your root username and password.

The interface first checks whether ath0 is up, if not it will give you the option to create it.

Once it has an interface to work with, the main screen is broken into 4 sections, top left shows the current status and allows control of Karma features, top right shows information, help and messages, bottom left shows a list of currently connected clients and bottom right is a dump of the log file. Both the client list and the log file will automatically update at 20 second intervals if AJAX is available, if not just refresh the page to update.

For yor guys info , here is the hardware that is pre-installed with Jasager. It’s called a wifi pineapple. Users can connect it through a wifi access point ,  and you can see the network traffic going through it , sniff the network , or do whatever you want with the traffic. The user assume to connect through a legitimate or known network , but then it actually connect through your wifi pineapple network.

The WiFi Pineapple is a hot-spot honey-pot

You see most laptops have network software that automatically connects to access points they remember. This convenient feature is what gets you online without effort when you turn on your computer at home, the office, coffee shops or airports you frequent.

Simply put, when your computer turns on the wireless radio send out out beacons. These beacons say “Is such-and-such wireless network around?” Jasager, German for “The Yes Man”, replies to these beacons and says “Sure, I’m such-and-such wireless access point – let’s get you online!”

Of course all of the Internet traffic flowing through the pineapple such as e-mail, instant messages and browser sessions are easily viewed or even modified by the pineapple holder.

The WiFi Pineapple Version 2 is a specially crafted, battery powered wireless hacking device based on an Accton wireless access point running Robin Wood‘s Jasager suite.

Well , that’s all for this week post. I hope you guys gonna enjoy it. If you wanna buy the wifi pineapple , just visit

the wifi pineapple is come pre-installed with the Jasager. Great for penetration testing and network sniffing. If you do buy it , please sent me some feedbacks and comments about it.

Till then..have a nice weekend….