With 4K / Ultra HD breaking into the mainstream both in computer monitors and televisions, you might be wondering what the capabilities of the four most popular connection types are, and which you should use, and where we can find these kind of monitors, luckily there are sites like https://factschronicle.com/ that have a lot of information about this. Welcome to our guide on the merits and pitfalls of HDMI, DVI, DisplayPort and good ole’ VGA. Learn here what’s new, what’s old and what’s just straight-up outdated. HDMI These days, virtually all TVs and computer monitors support an HDMI connection. HDMI, which stands for High-Definition Multimedia Interface, shoots both digital audio and video down the same cable. Chances are, if you are trying to connect something to your television – and that includes computers – you’re going to want to use HDMI. HDMI is used in a very broad array of consumer electronics products, including laptop and desktop computers, mobile devices, the Chromecast dongle, Roku’s streaming stick, Blu-ray players, HD cable boxes, and much, much more – so it’s a familiar and appealing format for most folks, and easily the most popular among general consumers. Until very recently, HDMI v1.4 was the standard by which consumer electronics companies operated. There’s a good chance that all of the gear in your home is HDMI 1.4, but you should know that there’s a new version out, called HDMI 2.0, which takes HDMI’s capabilities to the next level. After the introduction of 4K/Ultra HD televisions came HDMI 2.0. HDMI 2.0 can pass video signals…

Nick, from RamNode, is back with some offers for LowEndBox including a special credit coupon! This time we again feature some of their new plans, but many more can be found on their improved website! RamNode LLC have been featured numerous times before. RamNode owns their IP space (AS3842) and all their hardware and network equipment at all of their locations. Their network blend, depending on the location, contains (amongst others): GTT, NTT, TeliaSonera, and Cogent. Some of their recent changes include a new pricing system (no more coupons), increased disk space, and a new line of SSD servers. DDoS protection is being offered in all four location at additional cost. Reviews are mostly positive and their position in the Top Provide Poll attest to that. As always, feel free to share your experiences with us in the comments. 128MB CVZ 128MB RAM 64MB vSwap 1 CPU core 80GB HDD space SSD-cached 500GB traffic 1Gbps uplink 1x IPv4 16x IPv6 $15/year Order in NYC Order in Atlanta Order in Seattle Order in Amsterdam 1024MB SVZS 1024MB RAM 256MB vSwap 2 CPU cores 60GB SSD space 2000GB traffic 1Gbps uplink 1x IPv4 16x IPv6 $7/month Order in NYC Order in Atlanta Order in Seattle 512MB SKVMS 512MB RAM 1 CPU core 10GB SSD space 1000GB traffic 1Gbps uplink 1x IPv4 16x IPv6 $5/month Order in NYC Order in Atlanta Order in Seattle 512MB CKVM 512MB RAM 2 CPU cores 60GB HDD space SSD-cached 2000GB traffic 1Gbps uplink 1x IPv4 16x IPv6 $7/month Order in NYC Order in Atlanta Order in Seattle…

Radoslav, from FtpIt, is back with new offers. This time they celebrate the launch of their new Buffalo KVM and Los Angeles OpenVZ SSD product lines! KVM 1024 1GB RAM 3 CPU cores 50GB HDD space 3TB traffic 1Gbps uplink 1x IPv4 KVM/SolusVM Buffalo, NY, USA $5.50/month Order here 2GB SSD 2GB RAM 4 CPU cores 30GB SSD space 2TB traffic 1Gbps uplink 1x IPv4 OpenVZ/SolusVM Los Angeles, CA, USA $6/month $48/year Order here More offers inside! FtpIt celebrated their one-year anniversary in January of this year. The guys at FtpIt have been slowly building a stable business over the past year and it’s a good sign they are still here. Each of their OpenVZ servers are powered by the Intel Xeon E3-1240v2 CPU, 32GB RAM and 4 x 1TB SATA Hard Drives with LSI Hardware RAID10. They’re using 120 GB Intel 520 Series SSDs for their SSD offers and for caching. IPv6 will be available in Dallas soon. Let us know how everything goes should you try one of these out! KVM 768 768MB RAM 2 CPU cores 35GB HDD space 2TB traffic 1Gbps uplink 1x IPv4 KVM/SolusVM Buffalo, NY, USA $5/month $48/year Order here 1GB SSD 1GB RAM 4 CPU cores 15GB SSD space 1TB traffic 1Gbps uplink 1x IPv4 OpenVZ/SolusVM Los Angeles, CA, USA $4/month $30/year Order here FtpIt currently accepts payments via PayPal, Credit and Debit Cards (via PayPal), Bitcoins (via Bitpay), and Payza. As for refunds, according to their ToS “All Payments to FtpIt are Non-Refundable”. They do however offer a 99.9% uptime SLA. Accounts…

Symptoms The server reports a hard drive warning in POST (Power On Self Test) Virtual machines cannot power on due to VMFS corruption on local hard drives Very poor performance on local hard drives Purpose This article provides steps to: Help diagnose a local hard drive fault. Read the S.M.A.R.T. status of a hard drive (Self-Monitoring, Analysis, and Reporting Technology) Resolution In ESXi 5.1, VMware added S.M.A.R.T. functionality to monitor hard drive health. The S.M.A.R.T. feature records various operation parameters from physical hard drives attached to a local controller. The feature is part of the firmware on the circuit board of a physical hard disk (HDD and SSD). When looking for high quality standing plastic surgery center offers you privacy, comfort, and convenience throughout your cosmetic surgery experience, check out Galumbeck Plastic Surgery for more information. To read the current data from a disk: Open a console or SSH session to the ESXi host. For more information, see Using ESXi Shell in ESXi 5.x (2004746). Determine the device parameter to use by running the command:# esxcli storage core device list Read the data from the device:# esxcli storage core device smart get -d device Where device is a value found in step 1. The expected output is a list with all SCSI devices seen by the ESXi host. For example:t10.ATA_____WDC_WD2502ABYS2D18B7A0________________________WD2DWCAT1H751520 Note: External FC/iSCSI LUNs or virtual disks from a RAID controller might not report a S.M.A.R.T. status. This table breaks down some example output: Parameter Value Threshold Worst Health Status OK N/A N/A Media Wearout Indicator 0 0 0 Write Error Count…

We are happy to announce our participation in GitHub's Student Developer Program. This will give students free access to top-notch development tools from the biggest names in our industry. The beauty of the program is that it gives students a centralized place where they can access all of these great services, free of charge, so they get a hands-on, professional experience that allows them to learn by doing. For every student that signs up for the program, DigitalOcean will provide $100 in hosting credit. The pack itself also includes special student accounts for GitHub, Atom, NameCheap, Sendgrid, and other awesome companies looking to give back in some way. Here at DigitalOcean, our mission is to make developers' lives better and we believe strongly in creating a sense of community. As developers often get their start while in school, where cost can be a limitation, it's a privilege to have the opportunity to provide support for their education. You are entitled to participate in the program if you are 13+ and enrolled in a degree or diploma granting course of study. For more information about the pack, and how to apply, check the GitHub website: https://education.github.com/pack. Love, The DO Team P.S. If you've already applied a credit to your account, just open a support ticket with the promo code and we'll get you set up.

Just to let you know that WeLoveServers will be ending their 6GB Power VPS offer in just 4 days time, so now could be your last chance to order at this very low price. Power VPS 6GB 80 GB Disk Space Storage 10 TB Bandwidth 6GB Guaranteed RAM + 6GB vSwap 1 IPv4 Address SolusVM Access Full Root Access Choice of Linux OS's Self Managed Just $19 P/M or $189 Annually Pay annually get 2 months free! CLICK HERE TO ORDER

We wanted to let you know that today, a critical vulnerability in bash(Bourne-Again-SHell) was disclosed by Stephane Chazelas. This vulnerability is so critical that even if you have Two-Factor Authentication an attacker would be able to by-pass the two-factor verification and execute commands remotely on your server. We recommend you update now. Here's a few things to help you: To test if you are vulnerable you can use the following command: env t='() { :;}; echo You are vulnerable.' bash -c "true" If it prints "You are vulnerable" you need to upgrade as soon as possible. Patches for the major Linux distributions have been already released. If you are using a Ubuntu or Debian type the following commands to apply the security patch:  apt-get update  apt-get upgrade If you are using RedHat, CentOS or Fedora type the following commands to apply the security patch:  yum clean all  yum update bash If you want to know more about this vulnerability please read the following thread on the oss-sec mailing list: http://seclists.org/oss-sec/2014/q3/650

Here is a comprehensive list of default username and passwords for most of the VMware products. If you're like me, you tend to get alot of these confused. If I left any off, please let me know in the comments.   Horizon Application Manager http://IPorDNS/SAAS/login/0 http://IPorDNS   Horizon Connector https://IPorDNS:8443/   vCenter Appliance Configuration https://IPorDNS_of_Server:5480 username: root password: vmware   vCenter Application Discovery Manager http://IPorDNS username: root password: 123456 default ADM management console password is 123456 and the CLI password is ChangeMe   vCenter Chargeback http://IPorDNS:8080/cbmui/ username: root password: vmware   vCenter Infrastructure Navigator: https://IPorDNS_of_Server:5480 username: root password: Supplied during OVA deployment   vCenter Log Insight https:// log_insight-host/ username: admin password: password specified during initial configuration   vCenter MOB https://vcenterIP/mob   vCenter Web Client Configuration https://IPorDNS_of_Server:9443/admin-app username: root password: vmware   vCenter vSphere Web Client Access https://IPorDNS_of_Server:9443/vsphere-client/ username: root password: vmware For vSphere 5.1  = Windows default username: [email protected] For vSphere 5.1 = Linux (Virtual Appliance) default username: [email protected] For vSphere 5.5 = default username: [email protected]   vCenter Single Sign On (SSO) https://IPorDNS_of_Server:7444/lookupservice/sdk For vSphere 5.1 = Windows default username: [email protected] For vSphere 5.1 = Linux (Virtual Appliance) default username: [email protected] password: specified during installation Adding AD authentication to VMware SSO 5.1 For vSphere 5.5 = default username: [email protected]   vCenter Orchestrator Appliance http://orchestrator_appliance_ip Appliance Configuration: change the root password of the appliance Linux user. Otherwise, the first time when you try to log in to the appliance Web console, you will be prompted to change the password. Orchestrator Configuration: username: vmware password:vmware Orchestrator Client: username: vcoadmin password: vcoadmin Web…

BFD (Brute Force Detection) is a script that runs on your linux server and checks log files for authentication errors. When it sees recurring authentication failures from a certain IP address it will instruct APF (Advanced Policy Firewall) to block the IP address. It’s simple to configure, just make sure you have APF running before you continue. Let’s download it: [[email protected] ~]# wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz   Now extract it: [[email protected] ~]# tar -xzvf bfd-current.tar.gz   Open the folder: [[email protected] ~]# cd bfd-1.5/   Now we can install it: [[email protected] bfd-1.5]# ./install.sh   After installation we can edit the BFD configuration file: [[email protected] bfd-1.5]# vim /usr/local/bfd/conf.bfd   Make sure you enable e-mail notifications: EMAIL_ALERTS="1"   And configure your e-mail address: EMAIL_ADDRESS="[email protected]"   It’s also a good idea to configure BFD to ignore your own IP address so you don’t lock yourself out. Just add your IP address to the following file: [[email protected] bfd]# vim /usr/local/bfd/ignore.hosts   If you want to run BFD you can do this using the following command: [[email protected] bfd]# bfd -s   It will also run automatically thanks to a cronjob: [[email protected] bfd]# vim /etc/cron.d/bfd */3 * * * * root /usr/local/sbin/bfd -q   By default each 3 minutes it will run the script and check your log files. When BFD finds anything it will instruct APF to block the IP address and you’ll receive an e-mail that looks like this: The following is a summary event for exceeded login failures on VPS1.RMCSHOSTING.NL: SOURCE ADDRESS: 20.20.20.2 TARGET SERVICE: proftpd FAILED LOGINS: 15 EXECUTED COMMAND: /etc/apf/apf -d 20.20.20.2 {bfd.proftpd} SOURCE…

In our last "iptables Tips and Tricks" installment, we talked about Advanced Policy Firewall (APF) configuration, so it should come as no surprise that in this installment, we're turning our attention toConfigServer Security & Firewall (CSF). Before we get started, you should probably run through the list of warnings I include at the top of the APF blog post and make sure you have your Band-Aid ready in case you need it. To get the ball rolling, we need to download CSF and install it on our server. In this post, we're working with a CentOS 6.0 32-bit server, so our (root) terminal commands would look like this to download and install CSF: $ wget http://www.configserver.com/free/csf.tgz #Download CSF using wget. $ tar zxvf csf.tgz #Unpack it. $ yum install perl-libwww-perl #Make sure perl modules are installed ... $ yum install perl-Time-HiRes #Otherwise it will generate an error. $ cd csf $ ./install.sh #Install CSF.   #MAKE SURE YOU HAVE YOUR BAND-AID READY   $ /etc/init.d/csf start #Start CSF. (Note: You can also use '$ service csf start') Once you start CSF, you can see a list of the default rules that load at startup. CSF defaults to a DROP policy: $ iptables -nL | grep policy Chain INPUT (policy DROP) Chain FORWARD (policy DROP) Chain OUTPUT (policy DROP) Don't ever run "iptables -F" unless you want to lock yourself out. In fact, you might want to add "This server is running CSF - do not run 'iptables -F'" to your /etc/motd, just as a reminder/warning to others. CSF loads on…

The iptables tool is one of the simplest, most powerful tools you can use to protect your server. We've covered port redirection, rule processing and troubleshooting in previous installments to this "Tips and Tricks" series, but what happens when iptables turns against you and locks you out of your own system? Getting locked out of a production server can cost both time and money, so it's worth your time to avoid this, since investing the money to generate more money is a better option and there are tools that help doing this in sites as The Ascent online. If you follow the correct procedures, you can safeguard yourself from being firewalled off of your server. Here are seven helpful tips to help you keep your sanity and prevent you from locking yourself out. Tip 1: Keep a safe ruleset handy. If you are starting with a working ruleset, or even if you are trying to troubleshoot an existing ruleset, take a backup of your iptables configuration before you ever start working on it. iptables-save > /root/iptables-safe   Then if you do something that prevents your website from working, you can quickly restore it. iptables-restore   Tip 2: Create a cron script that will reload to your safe ruleset every minute during testing. This was pointed out to my by a friend who swears by this method. Just write a quick bash script and set a cron entry that will reload it back to the safe set every minute. You'll have to test quickly, but it will keep you from getting…

The iptables tool is one of the simplest, most powerful tools you can use to protect your server. We've covered port redirection, rule processing and troubleshooting in previous installments to this "Tips and Tricks" series, but what happens when iptables turns against you and locks you out of your own system? Getting locked out of a production server can cost both time and money, so it's worth your time to avoid this. If you follow the correct procedures, you can safeguard yourself from being firewalled off of your server. Here are seven helpful tips to help you keep your sanity and prevent you from locking yourself out. Tip 1: Keep a safe ruleset handy. If you are starting with a working ruleset, or even if you are trying to troubleshoot an existing ruleset, take a backup of your iptables configuration before you ever start working on it. iptables-save > /root/iptables-safe Then if you do something that prevents your website from working, you can quickly restore it. iptables-restore Tip 2: Create a cron script that will reload to your safe ruleset every minute during testing. This was pointed out to my by a friend who swears by this method. Just write a quick bash script and set a cron entry that will reload it back to the safe set every minute. You'll have to test quickly, but it will keep you from getting locked out. Tip 3: Have the IPMI KVM ready. SoftLayer-pod servers* are equipped with some sort of remote access device. Most of them have a KVM console. You…

If you encounter this warning message under Linux: 4096 worker_connections are more than open file resource limit: 1024 A solution is to use the command ulimit in nginx start script, just before lunching nginx: ulimit -n 65536        

To find files on a linux system you can use following command: # find / -name xxxx But I prefer to use the locate command. This command is extremely easy to use and it’s faster than the find-command. # locate filename To install the locate package, use yum. # yum install mlocate To update it’s ‘internal database’, run following command. # updatedb To find a file, use following command # locate httpd.conf /etc/httpd/conf/httpd.conf

While working with APF on servers, you might normally get to see the following error, #apf -r apf(2042): {glob} flushing & zeroing chain policies apf(2042): {glob} firewall offline apf(3179): {glob} activating firewall apf(3284): {glob} unable to load iptables module (ip_tables), aborting. apf(3179): {glob} firewall initalized apf(3179): {glob} fast load snapshot saved Your kernel is compiled with iptables statically instead of as a module, to resolve this you will need to change a small configuration in /etc/apf/conf.apf SET_MONOKERN=”0″ Set it to “1″ Once this is done, restart apf to see the error vanishing. SET_MONOKERN # This allows the firewall to work around modular kernel issues by assuming # that the system has all required firewall modules compiled directly into # kernel. This mode of operation is not generally recommended but can be used # scale APF to unique situations.  

Let's talk about APF. APF — Advanced Policy Firewall — is a policy-based iptables firewall system that provides simple, powerful control over your day-to-day server security. It might seem intimidating to be faced with all of the features and configuration tools in APF, but this blog should put your fears to rest. APF is an iptables wrapper that works alongside iptables and extends its functionality. I personally don't use iptables wrappers, but I have a lot of experience with them, and I've seen that they do offer some additional features that streamline policy management. For example, by employing APF, you'll get several simple on/off toggles (set via configuration files) that make some complex iptables configurations available without extensive coding requirements. The flip-side of a wrapper's simplicity is that you aren't directly in control of the iptables commands, so if something breaks it might take longer to diagnose and repair. Before you add a wrapper like APF, be sure that you know what you are getting into. Here are a few points to consider: Make sure that what you're looking to use adds a feature you need but cannot easily incorporate with iptables on its own. You need to know how to effectively enable and disable the iptables wrapper (the correct way ... read the manual!), and you should always have a trusted failsafe iptables ruleset handy in the unfortunate event that something goes horribly wrong and you need to disable the wrapper. Learn about the basic configurations and rule changes you can apply via the command line. You'll need to…

Introduction Config Server Firewall (or CSF) is a free and advanced firewall for most Linux distributions and Linux based VPS. In addition to the basic functionality of a firewall – filtering packets – CSF includes other security features, such as login/intrusion/flood detections. CSF includes UI integration for cPanel, DirectAdmin and Webmin, but this tutorial only covers the command line usage. CSF is able to recognize many attacks, such as port scans, SYN floods, and login brute force attacks on many services. It is configured to temporarily block clients who are detected to be attacking the cloud server. The full list of supported operating systems and features can be found on ConfigServer's website. This tutorial is written for Debian based VPS, such as Debian and Ubuntu. The commands should be executed with root permissions, by logging in as root, or initiating a root shell with the following command if sudo is installed: sudo su Note: This tutorial covers IPv4 security. In Linux, IPv6 security is maintained separately from IPv4. For example, "iptables" only maintains firewall rules for IPv4 addresses but it has an IPv6 counterpart called "ip6tables", which can be used to maintain firewall rules for IPv6 network addresses. If your VPS is configured for IPv6, please remember to secure both your IPv4 and IPv6 network interfaces with the appropriate tools. For more information about IPv6 tools, refer to this guide: How To Configure Tools to Use IPv6 on a Linux VPS Features Config Server Firewall offers a wide range of protections for your VPS. Login authentication failure daemon: CSF checks…

Generally, a properly tuned Nginx server on Linux can handle 500,000 - 600,000 requests per second. My Nginx servers consistently handle 904k req/sec, and have sustained high loads like these for the ~12 hours that I tested them. It's important to know that everything listed here was used in a testing environment, and that you might actually want very different settings for your production servers. Install the Nginx package from the EPEL repository or use existing web panels with nginx stack. Back up the original nginx.conf config file, and start hacking away at a config of your own.   # This number should be, at maximum, the number of CPU cores on your system. # (since nginx doesn't benefit from more than one worker per CPU.) worker_processes 4; # Number of file descriptors used for Nginx. This is set in the OS with 'ulimit -n 200000' # or using /etc/security/limits.conf worker_rlimit_nofile 10280; # only log critical errors error_log /var/log/nginx/error.log crit [events] # Determines how many clients will be served by each worker process. # (Max clients = worker_connections * worker_processes) # "Max clients" is also limited by the number of socket connections available on the system (~64k) worker_connections 4000; [events] # essential for linux, optmized to serve many clients with each thread use epoll; [events] # Accept as many connections as possible, after nginx gets notification about a new connection. # May flood worker_connections, if that option is set too low. multi_accept on; [http] # Caches information about open FDs, freqently accessed files. # Changing this setting, in my environment,…