<?xml version="1.0" encoding="utf-8"?>
<feed xmlns="http://www.w3.org/2005/Atom"><title>UnixTech</title><link href="http://unixtech.github.io/" rel="alternate"></link><link href="http://unixtech.github.io/feeds/all.atom.xml" rel="self"></link><id>http://unixtech.github.io/</id><updated>2015-12-07T19:30:00+05:30</updated><entry><title>Relational Algebra - SQL</title><link href="http://unixtech.github.io/blog/12-2015/understanding-sql-1.html" rel="alternate"></link><published>2015-12-07T19:30:00+05:30</published><author><name>Unixer</name></author><id>tag:unixtech.github.io,2015-12-06:blog/12-2015/understanding-sql-1.html</id><summary type="html">&lt;p&gt;In the age of ORMs so many developers today doesn't know about very fundamental and basic algorithms that runs SQL. Despite being one of easiest and much useful language many people run away from using SQL directly and take shelter in using some 'wrapper' tool which is not always as good as &lt;code&gt;raw&lt;/code&gt; SQL.&lt;/p&gt;
&lt;p&gt;Let's start by defining very basic relation in SQL.&lt;/p&gt;
&lt;ol&gt;
&lt;li&gt;Database as Collection of relations ( Tables or Schemas )&lt;/li&gt;
&lt;li&gt;Being first class predicate - State of database is final state of all relations&lt;/li&gt;
&lt;li&gt;By &lt;em&gt;joining&lt;/em&gt;, &lt;em&gt;aggregating&lt;/em&gt; data from different relations one can filter out data as desired.&lt;/li&gt;
&lt;/ol&gt;
&lt;h4&gt;Relation&lt;/h4&gt;
&lt;p&gt;Relation in SQL language is defined by several terms.&lt;/p&gt;
&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;&lt;/th&gt;
&lt;th&gt;&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Tuple&lt;/td&gt;
&lt;td&gt;One Row in SQL Relation&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Attribute&lt;/td&gt;
&lt;td&gt;Column in Relation&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Unknown&lt;/td&gt;
&lt;td&gt;&lt;code&gt;Null&lt;/code&gt; in Domain&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;
&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Note:-&lt;/strong&gt; Tuple is represented by (a, b), Attribute(Column) here will have unique domain(name - Relation name) within relation.   &lt;/p&gt;
&lt;/blockquote&gt;
&lt;h3&gt;Relational Algebra&lt;/h3&gt;
&lt;p&gt;Relational algebra is superset of &lt;em&gt;set&lt;/em&gt; algebra which defines formal language of relations in Database domain.&lt;br /&gt;
Each operation done here on relations will return new valid Relation.&lt;/p&gt;
&lt;p&gt;This algebra has mainly two groups of operations, One it shares with &lt;em&gt;set&lt;/em&gt; theory and other one is specific to &lt;em&gt;Relational&lt;/em&gt; model.&lt;/p&gt;
&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;&lt;/th&gt;
&lt;th&gt;SET operations&lt;/th&gt;
&lt;th&gt;Relation specific operations&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;1&lt;/td&gt;
&lt;td&gt;UNION&lt;/td&gt;
&lt;td&gt;SELECT&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;2&lt;/td&gt;
&lt;td&gt;INTERSECTION&lt;/td&gt;
&lt;td&gt;PROJECT&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;3&lt;/td&gt;
&lt;td&gt;SET DIFFERENCE&lt;/td&gt;
&lt;td&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;4&lt;/td&gt;
&lt;td&gt;CARTESIAN PRODUCT \ CROSS PRODUCT&lt;/td&gt;
&lt;td&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;
&lt;p&gt;Any operations in Relational algebra can be classified mathematically as binary and unary, this fundamental operators have all the power needed to construct complex queries as needed.&lt;br /&gt;
The main operators are:  &lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;SELECT ( &lt;span class="math"&gt;\(\sigma\)&lt;/span&gt; ) &lt;span class="fa fa-arrow-right"&gt; &lt;/span&gt; Can be described as below
    &lt;div class="math"&gt;$$ \sigma_\psi RO $$&lt;/div&gt;
&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;Where:&lt;/p&gt;
&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;&lt;/th&gt;
&lt;th&gt;&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;R&lt;/td&gt;
&lt;td&gt;Tupels sets in SQL&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;span class="math"&gt;\(\psi\)&lt;/span&gt;&lt;/td&gt;
&lt;td&gt;Predicate in selection retries from Tuples in R&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;
&lt;ul&gt;
&lt;li&gt;PROJECT ( &lt;span class="math"&gt;\(\pi\)&lt;/span&gt; ) &lt;span class="fa fa-arrow-right"&gt; &lt;/span&gt; Operation which returns columnar structure in vertical dimention, If you remember this is slicing by attributes can be described as&lt;/li&gt;
&lt;/ul&gt;
&lt;div class="math"&gt;$$ \pi _{a1,a2...an} RO  $$&lt;/div&gt;
&lt;blockquote&gt;
&lt;p&gt;&lt;span class="math"&gt;\(_{a1,a2..an}\)&lt;/span&gt; are set of attributes names.  &lt;/p&gt;
&lt;/blockquote&gt;
&lt;ul&gt;
&lt;li&gt;CARTESIAN\CROSS PRODUCT ( &lt;span class="math"&gt;\(\times\)&lt;/span&gt; ) &lt;span class="fa fa-arrow-right"&gt; &lt;/span&gt; This is binary operation as oppose to unary like previous two, Can be used to generate complex relations by joining each tuple operands together. &lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;&lt;span class="math"&gt;\(R \times S = {r1, r2...rn,s1,s2...sn}\)&lt;/span&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;UNION (&lt;span class="math"&gt;\(\cup\)&lt;/span&gt;) &lt;span class="fa fa-arrow-right"&gt; &lt;/span&gt; Appends two relations together.&lt;/li&gt;
&lt;/ul&gt;
&lt;blockquote&gt;
&lt;p&gt;To be successful in this binary operations both relation needs to have same set of attributes.  &lt;/p&gt;
&lt;/blockquote&gt;
&lt;div class="math"&gt;$$ R \cup S = (_{r1, r2...rn}) \cup (_{s1, s2...sn}) $$&lt;/div&gt;
&lt;blockquote&gt;
&lt;p&gt;Assuming, &lt;span class="math"&gt;\(S \, \Sigma \, (_{s1,s2...sn}) \quad and \quad R \, \Sigma \, (_{r1,r2...rn})\)&lt;/span&gt;  &lt;/p&gt;
&lt;/blockquote&gt;
&lt;ul&gt;
&lt;li&gt;DIFFERENCE ( &lt;span class="math"&gt;\(\setminus or \, -\)&lt;/span&gt; ) &lt;span class="fa fa-arrow-right"&gt; &lt;/span&gt;  A binary operation, as you may have guessed - &lt;span class="math"&gt;\(\cup\)&lt;/span&gt; only but in reverse.&lt;br /&gt;
Set difference can be described as &lt;/li&gt;
&lt;/ul&gt;
&lt;div class="math"&gt;$$ R\setminus S = (_{r1,r2...rn}) \quad where \quad (_{r1,r2...rn}) \, \Sigma\, R \quad but \quad  (_{r1,r2...rn}) \, \notin \, S $$&lt;/div&gt;
&lt;ul&gt;
&lt;li&gt;REMAME(&lt;span class="math"&gt;\(\rho\)&lt;/span&gt;) &lt;span class="fa fa-arrow-right"&gt; &lt;/span&gt; A unary operation that works on attributes and returns new value of attribute, This is mainly used for JOIN operations to differantiate the attributes, can be expressed as&lt;/li&gt;
&lt;/ul&gt;
&lt;div class="math"&gt;$$ \rho_{a\setminus b}R$$&lt;/div&gt;
&lt;p&gt;With this essential building blocks in place we can now move forward and take a look at more complex queries such as mixing many of these premitives to perform &lt;em&gt;left joins&lt;/em&gt;, &lt;em&gt;right-joins&lt;/em&gt; etc. In addition to these we can also add few more such as &lt;em&gt;sum&lt;/em&gt;, &lt;em&gt;multiplication&lt;/em&gt; to these operations on set of tuples or attributes.&lt;br /&gt;
These algebric math provides fundamental building block of any SQL algorithm which guarantess ACID standards are followed hence understanding them all the more important.&lt;/p&gt;
&lt;script type="text/javascript"&gt;if (!document.getElementById('mathjaxscript_pelican_#%@#$@#')) {
    var align = "center",
        indent = "0em",
        linebreak = "false";

    if (false) {
        align = (screen.width &lt; 768) ? "left" : align;
        indent = (screen.width &lt; 768) ? "0em" : indent;
        linebreak = (screen.width &lt; 768) ? 'true' : linebreak;
    }

    var mathjaxscript = document.createElement('script');
    var location_protocol = (false) ? 'https' : document.location.protocol;
    if (location_protocol !== 'http' &amp;&amp; location_protocol !== 'https') location_protocol = 'https:';
    mathjaxscript.id = 'mathjaxscript_pelican_#%@#$@#';
    mathjaxscript.type = 'text/javascript';
    mathjaxscript.src = location_protocol + '//cdn.mathjax.org/mathjax/latest/MathJax.js?config=TeX-AMS-MML_HTMLorMML';
    mathjaxscript[(window.opera ? "innerHTML" : "text")] =
        "MathJax.Hub.Config({" +
        "    config: ['MMLorHTML.js']," +
        "    TeX: { extensions: ['AMSmath.js','AMSsymbols.js','noErrors.js','noUndefined.js'], equationNumbers: { autoNumber: 'AMS' } }," +
        "    jax: ['input/TeX','input/MathML','output/HTML-CSS']," +
        "    extensions: ['tex2jax.js','mml2jax.js','MathMenu.js','MathZoom.js']," +
        "    displayAlign: '"+ align +"'," +
        "    displayIndent: '"+ indent +"'," +
        "    showMathMenu: true," +
        "    messageStyle: 'normal'," +
        "    tex2jax: { " +
        "        inlineMath: [ ['\\\\(','\\\\)'] ], " +
        "        displayMath: [ ['$$','$$'] ]," +
        "        processEscapes: true," +
        "        preview: 'TeX'," +
        "    }, " +
        "    'HTML-CSS': { " +
        "        styles: { '.MathJax_Display, .MathJax .mo, .MathJax .mi, .MathJax .mn': {color: '#333 ! important'} }," +
        "        linebreaks: { automatic: "+ linebreak +", width: '90% container' }," +
        "    }, " +
        "}); " +
        "if ('SansSerif' !== 'default') {" +
            "MathJax.Hub.Register.StartupHook('HTML-CSS Jax Ready',function () {" +
                "var VARIANT = MathJax.OutputJax['HTML-CSS'].FONTDATA.VARIANT;" +
                "VARIANT['normal'].fonts.unshift('MathJax_SansSerif');" +
                "VARIANT['bold'].fonts.unshift('MathJax_SansSerif-bold');" +
                "VARIANT['italic'].fonts.unshift('MathJax_SansSerif-italic');" +
                "VARIANT['-tex-mathit'].fonts.unshift('MathJax_SansSerif-italic');" +
            "});" +
            "MathJax.Hub.Register.StartupHook('SVG Jax Ready',function () {" +
                "var VARIANT = MathJax.OutputJax.SVG.FONTDATA.VARIANT;" +
                "VARIANT['normal'].fonts.unshift('MathJax_SansSerif');" +
                "VARIANT['bold'].fonts.unshift('MathJax_SansSerif-bold');" +
                "VARIANT['italic'].fonts.unshift('MathJax_SansSerif-italic');" +
                "VARIANT['-tex-mathit'].fonts.unshift('MathJax_SansSerif-italic');" +
            "});" +
        "}";
    (document.body || document.getElementsByTagName('head')[0]).appendChild(mathjaxscript);
}
&lt;/script&gt;</summary><category term="Essentials"></category></entry><entry><title>Interviewer's Gaffe-1</title><link href="http://unixtech.github.io/blog/06-2015/avoid-doing-interviews-1.html" rel="alternate"></link><published>2015-06-15T16:02:00+05:30</published><author><name>Unixer</name></author><id>tag:unixtech.github.io,2015-06-15:blog/06-2015/avoid-doing-interviews-1.html</id><summary type="html">&lt;p&gt;&lt;img width="800" class="center" src="/images/bring_star1.png"&gt;&lt;/p&gt;
&lt;p&gt;&lt;img width="800" class="center" src="/images/bring_star2.png"&gt;
&lt;img width="800" class="center" src="/images/bring_star4.png"&gt;&lt;/p&gt;
&lt;blockquote&gt;
&lt;p&gt;Plight of every Interviewer&lt;/p&gt;
&lt;/blockquote&gt;</summary><category term="Polity"></category></entry><entry><title>Firewall PF</title><link href="http://unixtech.github.io/blog/12-2014/pf-firewall-1.html" rel="alternate"></link><published>2014-12-06T13:30:00+05:30</published><author><name>Unixer</name></author><id>tag:unixtech.github.io,2014-12-04:blog/12-2014/pf-firewall-1.html</id><summary type="html">&lt;h2&gt;FreeBSD and OpenBSD&lt;/h2&gt;
&lt;p&gt;PF (Packet filter) is default firewall for OpenBSD and included in other OS's like &lt;a href="http://www.freebsd.org"&gt;FreeBSD&lt;/a&gt; and &lt;a href="http://www.apple.com" title="Apple"&gt;Apple&lt;/a&gt; IOS operating systems. Many other "Commercial firewall" appliances are inspired by PF.&lt;/p&gt;
&lt;h2&gt;History of PF&lt;/h2&gt;
&lt;p&gt;PF was originally designed as replacement for Darren Reed's IPFilter, from which it derives much of its rule syntax. IPFilter was removed from OpenBSD's CVS tree due to OpenBSD developers' problems with its license. Specifically, Reed distributed some versions of his software with the license clause, "Derivative or modified works are not permitted without the author's prior consent." Due to this, the OpenBSD team decided to replace the software. This decision became the subject of wrangling among the parties involved, degenerating into a discussion that failed to reach mutual understanding. On the subject, OpenBSD project leader Theo de Raadt wrote, "Software which OpenBSD uses and redistributes must be free to all... for any purpose including... modification."&lt;/p&gt;
&lt;p&gt;PF has since evolved quickly and now has several advantages over other available firewalls. Network Address Translation (NAT) and Quality of Service (QoS) have been integrated into PF, QoS by importing the ALTQ queuing software and linking it with PF's configuration. Features such as pfsync and CARP for failover and redundancy, authpf for session authentication, and ftp-proxy to ease firewalling the difficult FTP protocol, have also extended PF.&lt;/p&gt;
&lt;p&gt;One of the many innovative feature is PF's logging. Logging is configurable per rule within the pf.conf and logs are provided from PF by a pseudo-network interface called pflog. Logs may be monitored using standard utilities such as tcpdump, which in OpenBSD has been extended especially for the purpose, or saved to disk in a modified tcpdump/pcap binary format using the pflogd daemon.&lt;/p&gt;
&lt;blockquote&gt;
&lt;p&gt;For more info, &lt;strong&gt;Read  - &lt;a href="http://en.wikipedia.org/wiki/PF_%28firewall%29"&gt;History of pf&lt;/a&gt;&lt;/strong&gt;&lt;/p&gt;
&lt;/blockquote&gt;
&lt;h2&gt;PF setup&lt;/h2&gt;
&lt;p&gt;Usually &lt;code&gt;PF&lt;/code&gt; is deployed  in conjuction with other tools provided by OpenBSD ecosystem.
These includes:
&lt;em&gt; HFSC Queuing system for QoS
&lt;/em&gt; FTP-Proxy
&lt;em&gt; Application proxies such as Relayd ( Mainly used as HTTPs termination point )
&lt;/em&gt; OS detection using fingerprint - &lt;code&gt;pf.os&lt;/code&gt;
* CARP firewall failover for HA environments ( UCARP for FreeBSD users )&lt;/p&gt;
&lt;h3&gt;How to deploy PF firewall in your environment&lt;/h3&gt;
&lt;blockquote&gt;
&lt;p&gt;Note: Both OpenBSD and FreeBSD OS uses different syntax for maintaining &lt;code&gt;PF&lt;/code&gt; firewall.
We will mainly focus on OpenBSD OS but there are benefits of using &lt;code&gt;PF&lt;/code&gt; with FreeBSD OS since it provides multi-processing capable version of &lt;code&gt;PF&lt;/code&gt;.&lt;/p&gt;
&lt;/blockquote&gt;
&lt;!--{% include_code pf.conf [lang:sh] [pf.conf] %}--&gt;

&lt;p&gt;File - &lt;code&gt;/etc/rc.conf.local&lt;/code&gt;&lt;/p&gt;
&lt;pre&gt;&lt;code class="language-bash"&gt;    pf=YES
    pf_rules=/etc/pf.conf
    pflogd_flags=&amp;quot;-s 1500&amp;quot; # Ex. Snaplen, Log filename 
&lt;/code&gt;&lt;/pre&gt;

&lt;p&gt;File - &lt;code&gt;/etc/pf.conf&lt;/code&gt;&lt;/p&gt;
&lt;pre&gt;&lt;code class="language-bash"&gt;    ### My master pf.conf

    ### Interfaces
    EXTIF =&amp;quot;em0&amp;quot;
    INTIF =&amp;quot;em1&amp;quot;
    DMZ = &amp;quot;em2&amp;quot;
    EXTRAIF =&amp;quot;em3&amp;quot;

    ### Hosts
    ADMIN =&amp;quot;10.0.11.1&amp;quot;
    ADMIN1 =&amp;quot;10.0.11.31&amp;quot;
    BOTHADMIN =&amp;quot;{&amp;quot; $ADMIN $ADMIN1 &amp;quot;}&amp;quot;
    EXTDNSSERVER =&amp;quot;4.2.2.2&amp;quot;
    INTDNSSERVER =&amp;quot;$INTIF:0&amp;quot;
    #DNSSERVERS =&amp;quot;{' $INTDNSSERVER $EXTDNSSERVER '}&amp;quot;
    DNSSERVER =&amp;quot;{$INTDNSSERVER}&amp;quot;
    LOGSERVER = &amp;quot;{ 10.0.11.22, 10.0.11.31  }&amp;quot;
&lt;/code&gt;&lt;/pre&gt;

&lt;ul&gt;
&lt;li&gt;All these variable defined are called MACROS inside &lt;code&gt;pf.conf&lt;/code&gt; file.&lt;/li&gt;
&lt;li&gt;These are used for convinience and ease of use&lt;/li&gt;
&lt;li&gt;Defining nested macros are possible as well.&lt;/li&gt;
&lt;li&gt;Take a look at &lt;code&gt;INTIF&lt;/code&gt; macro, If you want to include that whole internal network in your rules then &lt;code&gt;INTIF:network&lt;/code&gt; in your rule.&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;Now, We will have a look at some of the rules itself.&lt;/p&gt;
&lt;pre&gt;&lt;code class="language-bash"&gt;    #External Interface
    #Block all on External interface
    block log on $EXTIF

    ## Network address translation with outgoing source 
    #match out log on $EXTIF from $INTIF to any received-on $INTIF tag EGRESS nat-to ($EXTIF:0) 
    match out log on $EXTIF from $INTIF:network to any received-on $INTIF tag EGRESS nat-to ($EXTIF:0)
    #If you have difficulties with any box with static port forwarding then you should use
    #match out log on $EXTIF from $INTIF to any received-on $INTIF tag EGRESS nat-to ($EXTIF:0) static-port

    #Traffic generated from firewall it self will be tagged as EGRESS
    match out log on $EXTIF from $EXTIF to any tag EGRESS
    #More on these later on.

    #EXTIF inbound
    pass in log (to pflog1) on $EXTIF inet proto tcp from any to any port 22 
    pass in on $EXTIF inet proto tcp from any to $EXTIF port &amp;gt;10000

    #External interface outbound
    pass out log on $EXTIF inet  from ($EXTIF) to any $TCPSTATE $EXTIFSTO queue (bulk, ack) tagged EGRESS
    #pass out log on $EXTIF inet proto udp from ($EXTIF) to any $UDPSTATE $EXTIFSTO queue (bulk, ack) tagged EGRESS
    pass out log on $EXTIF inet proto tcp from ($EXTIF) to any port $TCPPORTS $TCPSTATE $EXTIFSTO queue (web, ack) tagged EGRESS
    pass out log on $EXTIF inet proto udp from ($EXTIF) to any port 53 $UDPSTATE $EXTIFSTO queue (dns, ack) tagged EGRESS
&lt;/code&gt;&lt;/pre&gt;

&lt;ul&gt;
&lt;li&gt;These are some of the rules that I have defined in my DMZ firewall to prevent other users from coming in from outside.&lt;/li&gt;
&lt;li&gt;After deploying this ruleset only SSH is allowed from outside interface of firewall. &lt;/li&gt;
&lt;li&gt;From inside essential end-user services such as Internet browsing, DNS are enabled. &lt;/li&gt;
&lt;li&gt;Take a look at &lt;code&gt;match out&lt;/code&gt; rules on &lt;code&gt;EXTIF&lt;/code&gt; to have a look at how nat rules are working. &lt;/li&gt;
&lt;/ul&gt;
&lt;h3&gt;Turning on routing&lt;/h3&gt;
&lt;p&gt;To turn on routing functionality of the box, You need to make sure you have enabled ip forwarding in &lt;code&gt;sysctl&lt;/code&gt;&lt;/p&gt;
&lt;pre&gt;&lt;code class="language-bash"&gt;    # To check the ip forwarding status
    sysctl net.inet.ip.forwarding
    # If it's 0 then turn it on
    sysctl net.inet.ip.forwarding=1

    #To make it permanent 
    ### /etc/sysctl.conf
    net.inet.ip.forwarding = 1
&lt;/code&gt;&lt;/pre&gt;

&lt;h3&gt;PFCTL utility&lt;/h3&gt;
&lt;p&gt;After making changes inside &lt;code&gt;pf.conf&lt;/code&gt; file, rules are not automatically loaded. To load the rules We need to use &lt;code&gt;pfctl&lt;/code&gt;&lt;/p&gt;
&lt;p&gt;To load rules - Assuming rule file is &lt;code&gt;/etc/pf.conf&lt;/code&gt;&lt;/p&gt;
&lt;pre&gt;&lt;code class="language-bash"&gt;    pfctl -vf /etc/pf.conf
&lt;/code&gt;&lt;/pre&gt;

&lt;p&gt;To see which rules are currently loaded, It will also show related counters.    &lt;/p&gt;
&lt;pre&gt;&lt;code class="language-bash"&gt;    pfctl -vsr 
&lt;/code&gt;&lt;/pre&gt;

&lt;p&gt;&lt;img width="600" class="center" src="/images/pf_rules.png"&gt;&lt;/p&gt;
&lt;h2&gt;Conclusions&lt;/h2&gt;
&lt;p&gt;PF is one of the most popular and powerful firewall for managing your network traffic. We have barely even scratched surface of what PF can provide. It's functionality is much more then many of the commercial offerings offers.&lt;br /&gt;
We will also cover some extended functionality such as usage of Anchors, Preventing torrent traffic, Blacklisting and preventing brute-forcing attack etc.
Being open-source it places no restrictions on usage. Users can use it any which way they would prefer.  &lt;/p&gt;
&lt;p&gt;Having  used PF and OpenBSD for nearly 10 years in all of my setups I can say PF is most secure firewall there is and With combination of OpenBSD and PF you can be pretty sure you are one step ahead then rest  in process of being NSA proof.&lt;/p&gt;</summary><category term="Unix"></category><category term="Firewall"></category></entry><entry><title>Improve PostgreSQL CLI</title><link href="http://unixtech.github.io/blog/12-2013/configuring-postgres-cli.html" rel="alternate"></link><published>2013-12-07T14:30:00+05:30</published><author><name>Unixer</name></author><id>tag:unixtech.github.io,2013-12-06:blog/12-2013/configuring-postgres-cli.html</id><summary type="html">&lt;p&gt;When you work in Terminal/Browser workflow for almost 10 hours a day - 5 days a
week, It becomes important kind of colors and configs you choose. For me
Database has been important part of my workflow when configuring various
business logic for applications.   &lt;/p&gt;
&lt;p&gt;I mainly use PostgreSQL for storing almost everything that has to resambles data, and mostly it will be automated through &lt;code&gt;psycopg2&lt;/code&gt; in &lt;code&gt;python&lt;/code&gt; scripts but time to time I do dwell in CMD option that PostgreSQL provides through &lt;code&gt;psql&lt;/code&gt;.   &lt;br /&gt;
Given the configurability of &lt;code&gt;psqlrc&lt;/code&gt; and flexibility that is allowed by
PostgreSQL server, it's almost surprising that how little people take advantage
of these available features. Aliases and setting up proper History files can be
useful features that comes in handy.&lt;/p&gt;
&lt;p&gt;PostgreSQL stores &lt;code&gt;psqrc&lt;/code&gt; at various levels in system.&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;System wide &lt;code&gt;psqlrc&lt;/code&gt;  &lt;ul&gt;
&lt;li&gt;Will Affect all users&lt;/li&gt;
&lt;li&gt;Can be located using following&lt;/li&gt;
&lt;/ul&gt;
&lt;/li&gt;
&lt;/ul&gt;
&lt;pre&gt;&lt;code class="language-bash"&gt;  pg_config --sysconfdir
  /usr/local/etc/postgresql
&lt;/code&gt;&lt;/pre&gt;

&lt;blockquote&gt;
&lt;p&gt;Note: This is for FreeBSD operating system, location will vary as per your own OS.&lt;/p&gt;
&lt;/blockquote&gt;
&lt;ul&gt;
&lt;li&gt;Per User &lt;code&gt;psqlrc&lt;/code&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;pre&gt;&lt;code class="language-bash"&gt; touch ~/.psqlrc

&lt;/code&gt;&lt;/pre&gt;

&lt;p&gt;You can also have multiple &lt;code&gt;psqlrc&lt;/code&gt; one per major version of PostgreSQL on your
system.  &lt;/p&gt;
&lt;blockquote&gt;
&lt;p&gt;if you have more then one version of PostgreSQL installed on your system,
then name it accordingly. Ex. For version 9.4 - &lt;code&gt;psqlrc-9.4&lt;/code&gt; or &lt;code&gt;psqlrc-9.4.3&lt;/code&gt;. This way It will enable you to have multiple configuration files for each user and per version as well.  &lt;/p&gt;
&lt;/blockquote&gt;
&lt;p&gt;Now, Decide on which specific configuration file you want to configure - System
wide or User specific and start customizing your &lt;code&gt;psqlrc&lt;/code&gt;.&lt;/p&gt;
&lt;h3&gt;Actual configuration file&lt;/h3&gt;
&lt;!--{% include_code psqlrc Title1- %}--&gt;

&lt;pre&gt;&lt;code class="language-sql"&gt;
-- This is comment.
\set PROMPT1 '%n@%/%R%x%# '
\set PROMPT2 '[more] %R &amp;gt; '
\pset null '[null]'
\set COMP_KEYWORD_CASE upper
\timing
\set PAGER less
\set HISTSIZE 2000
\encoding unicode
\x auto
\pset border 2
\set VERBOSITY verbose
\set version 'SELECT version();'

-- MACRO can be defined like this.
\set extensions 'select * from pg_available_extensions;'
\echo 'Welcome to Dev1 PostgreSQL \n'

&lt;/code&gt;&lt;/pre&gt;

&lt;h4&gt;Final output&lt;/h4&gt;
&lt;p&gt;&lt;img width="600" class="center" src="/images/Selection_2016_07_01_02.png"&gt;&lt;/p&gt;
&lt;h3&gt;Wrapping up&lt;/h3&gt;
&lt;p&gt;These are about the main settings that you would want to configure here, Apart
from these settings only Aliases as per your convinience should be configured
inside your PostgreSQL configuration file so repetation can be avoided. Putting
it in version controlled &lt;code&gt;dotfiles&lt;/code&gt; git repository and you will be able to sync
same setting across all your DB server regardless So, Give custom configs a
try!&lt;/p&gt;</summary><category term="Essentials"></category></entry><entry><title>Find - Looking for things</title><link href="http://unixtech.github.io/blog/01-2010/practical-find.html" rel="alternate"></link><published>2010-01-03T18:02:00+05:30</published><author><name>Unixer</name></author><id>tag:unixtech.github.io,2010-01-03:blog/01-2010/practical-find.html</id><summary type="html">&lt;p&gt;The &lt;code&gt;Find&lt;/code&gt; utility in Linux is very useful in the sense that it quickly locates and searches through list of files and directories.
It can do so based on condition that you pass through arguments. 
&lt;code&gt;Find&lt;/code&gt; can find files using different conditions like:  &lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Permissions&lt;/li&gt;
&lt;li&gt;Users&lt;/li&gt;
&lt;li&gt;Groups&lt;/li&gt;
&lt;li&gt;File type&lt;/li&gt;
&lt;li&gt;Date&lt;/li&gt;
&lt;li&gt;Size and more.&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;Basic Usage&lt;/h2&gt;
&lt;ul&gt;
&lt;li&gt;Find file in current directory&lt;/li&gt;
&lt;/ul&gt;
&lt;pre&gt;&lt;code class="language-bash"&gt; # Find by filename in Current dir
 find . -name unixtech.txt

 #Output
 ./unixtech.txt
&lt;/code&gt;&lt;/pre&gt;

&lt;ul&gt;
&lt;li&gt;Find file in current directory &lt;span class="fa fa-arrow-right"&gt;&lt;/span&gt; Case insensitive&lt;/li&gt;
&lt;/ul&gt;
&lt;pre&gt;&lt;code class="language-bash"&gt; # Find by filename in Current dir
 find . -iname unixtech.txt

 #Output
 ./unixtech.txt
&lt;/code&gt;&lt;/pre&gt;

&lt;ul&gt;
&lt;li&gt;Recursively searching file in all in whole system&lt;/li&gt;
&lt;/ul&gt;
&lt;pre&gt;&lt;code class="language-bash"&gt;# Recurse through whole file system
find / -name $FILENAME
&lt;/code&gt;&lt;/pre&gt;

&lt;h2&gt;Find files based on permissions&lt;/h2&gt;
&lt;ul&gt;
&lt;li&gt;Find files certain permissions&lt;/li&gt;
&lt;/ul&gt;
&lt;pre&gt;&lt;code class="language-bash"&gt;# Find only files with full 777 permissions
find / -perm 0777 -print
# Find files with SGID bit set 
find / -perm 2644
# Or
find / -perm /g+s
&lt;/code&gt;&lt;/pre&gt;

&lt;ul&gt;
&lt;li&gt;Find all files based on user permissions&lt;/li&gt;
&lt;/ul&gt;
&lt;pre&gt;&lt;code class="language-bash"&gt;#Find all files with READ permission
find / -perm /u=r -print

# Find all files with executable bit set
find / -perm /a=x -print
&lt;/code&gt;&lt;/pre&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Note:&lt;/strong&gt; Find can also execute command on found files based on given criterion.
In addition to just printing list of files, You can modify, change permission and also delete files using &lt;code&gt;-exec&lt;/code&gt; flag in find command.&lt;/p&gt;
&lt;/blockquote&gt;
&lt;p&gt;So, If you want to change all the files that have permission set to &lt;code&gt;777&lt;/code&gt; to something that only you can modify in your home directory, You may execute following variation of &lt;code&gt;find&lt;/code&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Find all files with &lt;code&gt;777&lt;/code&gt; permission and change it to &lt;code&gt;644&lt;/code&gt; inside your home directory&lt;/li&gt;
&lt;/ul&gt;
&lt;pre&gt;&lt;code class="language-bash"&gt;#Find and exec 
find ~USERNAME -perm 777 -print -exec chmod 644 {} \;
&lt;/code&gt;&lt;/pre&gt;

&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;&lt;/th&gt;
&lt;th&gt;&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;{}&lt;/td&gt;
&lt;td&gt;Shell expander which will put current file name from list in &lt;code&gt;-exec&lt;/code&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;\;&lt;/td&gt;
&lt;td&gt;'\' is Shell escape and ';' is Unix chaining symbol&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;
&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Note:&lt;/strong&gt; Here thing to remember is You have to put {} symbol where you want INPUT filename to be, and chain it with \; symbol.&lt;/p&gt;
&lt;/blockquote&gt;
&lt;ul&gt;
&lt;li&gt;Same thing if you want to remove or list files&lt;/li&gt;
&lt;/ul&gt;
&lt;pre&gt;&lt;code class="language-bash"&gt;#List files that matches certain crieteria
find / -perm 777 -print -exec ls -la {} \;

#Removing files that matches certain crieteria
find / -perm 777 -print -exec rm -rf {} \;
&lt;/code&gt;&lt;/pre&gt;

&lt;h2&gt;Finding files based on user/group ownership&lt;/h2&gt;
&lt;pre&gt;&lt;code class="language-bash"&gt;#Find files owned by particular user
find / -user unixtech -print

#Find files owned by group
find / -group unixgroup -print

&lt;/code&gt;&lt;/pre&gt;

&lt;h2&gt;Finding files based on modification/changed/accessed date time&lt;/h2&gt;
&lt;ul&gt;
&lt;li&gt;Find files modified 3 days back&lt;/li&gt;
&lt;/ul&gt;
&lt;pre&gt;&lt;code class="language-bash"&gt;
find / -mtime 3

&lt;/code&gt;&lt;/pre&gt;

&lt;ul&gt;
&lt;li&gt;find all the files those are changed last hour&lt;/li&gt;
&lt;/ul&gt;
&lt;pre&gt;&lt;code class="language-bash"&gt;#Will return all the files changed in last 60 mins
find / -cmin -60
&lt;/code&gt;&lt;/pre&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Note:&lt;/strong&gt; '-' sign in front of 60 includes all the files that changed within that timeframe, Ex. It will include files that are changed 3, 5, 10 mins back and so on.
Notice different criterion for finding files such as &lt;code&gt;-mmin&lt;/code&gt;, &lt;code&gt;cmin&lt;/code&gt;, &lt;code&gt;amin&lt;/code&gt;&lt;/p&gt;
&lt;/blockquote&gt;
&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;&lt;/th&gt;
&lt;th align="center"&gt;&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Access time&lt;/td&gt;
&lt;td align="center"&gt;If you list/delete/open this file then &lt;code&gt;atime&lt;/code&gt; will be modified&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Changed time&lt;/td&gt;
&lt;td align="center"&gt;Modifying data of the file changes &lt;code&gt;ctime&lt;/code&gt; parameter of file&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Modification time&lt;/td&gt;
&lt;td align="center"&gt;Same as Changed time but will also be changed upon changes in meta data of the file.&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;
&lt;h2&gt;Use &lt;code&gt;find&lt;/code&gt; to search files based on size&lt;/h2&gt;
&lt;p&gt;This one is quite useful in case you want to find largest files in your home directory, files that are eating away space on hard drive. &lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Find all the  files between 10 MB - 100 MB&lt;/li&gt;
&lt;/ul&gt;
&lt;pre&gt;&lt;code class="language-bash"&gt;find /home -size +10M -size -100M
&lt;/code&gt;&lt;/pre&gt;

&lt;ul&gt;
&lt;li&gt;Find all the files larger then 1GB and delete em&lt;/li&gt;
&lt;/ul&gt;
&lt;pre&gt;&lt;code class="language-bash"&gt;#Find larger files and list them first
find /home -size +1G -exec ls -la {} \;

# If you see desired files then remove them
find /home -size +1G -exec rm -rf {} \;

&lt;/code&gt;&lt;/pre&gt;

&lt;ul&gt;
&lt;li&gt;Find all the movie files larger then 100MB and delete &lt;/li&gt;
&lt;/ul&gt;
&lt;pre&gt;&lt;code class="language-bash"&gt;# Find and list files first
find /home -size +100M -print -iname &amp;quot;*mp4|wmv|mov&amp;quot;;

# After listing them just press `UP` arrow, change the CMD and  delete 
find /home -size +100M -iname &amp;quot;*mp4|wmv|mov&amp;quot; -exec rm -rf {} \;
#Be careful while executing that command.
&lt;/code&gt;&lt;/pre&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Note:&lt;/strong&gt; Find supports extended regular expressions too. &lt;br /&gt;
Regular expressions are swiss army knife for solving many kind of problem but they also come with added difficulty of maintaining and generating them. If none&amp;gt; of the above meets your requirement then as last resort only you should use Re&amp;gt;gExes in &lt;code&gt;find&lt;/code&gt; utility.&lt;/p&gt;
&lt;/blockquote&gt;</summary><category term="Unix"></category><category term="Essentials"></category></entry></feed>