A colleague asked me to install MySQL UDF (MySQL user defined functions) on a server.

So here are my notes on the subject, for a CentOS 6.7 linux box:

First you need to have mysql-devel on your system which install the mysql development headers on /usr/include/mysql/ directory:

# yum -y install mysql-devel

Then download the latest source code of mysqludf_udf:

# wget -c

and compile it

# gcc -m64 -fPIC -Wall
        -I/usr/include/mysql -I.
        -shared lib_mysqludf_udf.c
        -o /usr/lib64/mysql/plugin/


# ls -l /usr/lib64/mysql/plugin/

Restart your MySQL and test it !

Tag(s): mysql
ODROID-C1 specs



# cat /proc/cpuinfo
Processor   : ARMv7 Processor rev 1 (v7l)
processor   : 0
BogoMIPS    : 3.27

processor   : 1
BogoMIPS    : 3.27

processor   : 2
BogoMIPS    : 3.27

processor   : 3
BogoMIPS    : 3.27

Features    : swp half thumb fastmult vfp edsp neon vfpv3 tls vfpv4
CPU implementer : 0x41
CPU architecture: 7
CPU variant : 0x0
CPU part    : 0xc05
CPU revision    : 1

Hardware    : ODROIDC
Revision    : 000a
Serial      : 1b00000000000000


# cat /proc/meminfo
MemTotal:         995480 kB
MemFree:          696624 kB
Buffers:           31200 kB
Cached:           119288 kB
SwapCached:            0 kB
Active:            73836 kB
Inactive:          87144 kB
Active(anon):      10596 kB
Inactive(anon):     1572 kB
Active(file):      63240 kB
Inactive(file):    85572 kB
Unevictable:           0 kB
Mlocked:               0 kB
HighTotal:        268288 kB
HighFree:         166504 kB
LowTotal:         727192 kB
LowFree:          530120 kB
SwapTotal:       1049084 kB
SwapFree:        1049084 kB
Dirty:                16 kB
Writeback:             0 kB
AnonPages:         10448 kB
Mapped:            17384 kB
Shmem:              1676 kB
Slab:              58992 kB
SReclaimable:      37252 kB
SUnreclaim:        21740 kB
KernelStack:        1080 kB
PageTables:          516 kB
NFS_Unstable:          0 kB
Bounce:                0 kB
WritebackTmp:          0 kB
CommitLimit:     1546824 kB
Committed_AS:      30284 kB
VmallocTotal:     245760 kB
VmallocUsed:       19892 kB
VmallocChunk:     214012 kB

Tag(s): ODROID-C1
Build your own Access Point

UPDATED: 14 February 2016
Blog Post: 16 December 2015

I have started (for some time now, to be honest) to transfer my router’s function to my ODROID-c1


that runs Archlinux arm so I have my favorite distribution on this beautiful development board.

# uname -a
Linux myodroid 3.10.80-13-ARCH #1 SMP PREEMPT Tue Sep 15 15:43:38 MDT 2015 armv7l GNU/Linux

for specs you can click here

The board has an Gigabit Ethernet port but no Wireless Card.

I had a spare USB Wireless Network card, so I’ve used it on one of the four USB slots of the board.

Bus 001 Device 003: ID 148f:3370 Ralink Technology, Corp. RT3370 Wireless Adapter

You need to verify that your wireless card, can support Access Point functionality.
To verify your card, type:

# iw list | grep AP

if you see something like that: #{ AP } then you probably are ok.

The most important thing is to find out what your card can do, mine:

        valid interface combinations:
                 * #{ AP } <= 8,
                   total <= 8, #channels <= 1

That means that I can configure up to 8 AP (Access Points), 8 different ssid but only on one channel !


Reading through the internet (mostly on archlinux wiki) I had, first, to create a Bridge with my Ethernet card and then hostapd will add my Wireless Card to the same bridge.

Although I use systemd for a while sometime, I wasnt able to create the bridge interface via systemd. I’ve tested my confs/files to a secondary linux machine and I know for a fact that my notes are correct. Somehow it seems that there is a problem with systemd on ODROID-c1 regarding this or perhaps I havent found the problem with my setup!

So I’ve created a shell script that runs after boot:


ip link add br0 type bridge
ip link set br0 up

ip link set eth0 up
ip link set eth0 master br0

ip addr add dev br0
ip route add default via dev br0

# Wireless Vlan (Guest Network)
ip address add dev br0:0

# Enable Forwarding
sysctl -w net.ipv4.ip_forward=1

# Masquerade traffic
iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE

# Accept forwarding

# Start (or restart) hostapd
systemctl restart hostapd.service

# Isolate Vlan (Guest Network) from (Home Network)
iptables -I FORWARD -s -d -j DROP

a basic setup of hostapd is below. I’ve used TEST as the ssid and TESTTESTTEST as the password:



On this ODROID-C1 board, I run my own DNS Cache/DHCP server with dnsmasq.


# custom host file to reduce ads

Tag(s): ODROID-C1
one step closer to 32c3

As we getting closer to the amazing 32nd Chaos Communication Congress (32C3) we must consider some privacy steps to our electronic devices.

Perhaps it’s idiotic to take a smartphone to this conference, as we all know that in such events hacking is fair play to everyone.

The below quote, from Person of Interest, reminds us exactly that:

If they don’t want you to get inside, they ought to build it better.

You should treat every network as a hostile, already compromised network.
It’s probably true, anyway !

For us mere people that we dont have many security knowledge, we need to take some extra security measures if we want to bring our smartphone together. It’s just for browsing, taking some picture from the event (and not the people, respect that please), check some emails or tweet something interesting.

Btw, if you believe that it is ok to use your smartphone/laptop on your hotel room, think again!
Where do you think all the hackers from the event are going to sleep ?
Yeap, on the same hotel. So be extra careful in places you feel more safe!

This isnt a guide you must or should follow, or even a bulletproof solution. As the subject of this blog post suggest is just a step closer. You should also remind your self in idle times (as watching a presentation) to keep your phone in airplane mode and always use TOR for browsing.

So, on a spare -just formatted- android mobile phone install AFWall+, create a new profile and BLOCK everything. Whitelist only OpenVPN.


Check your browser to see that you dont have access on the internet:


Connect to your OpenVPN server and check again:


Tag(s): openvpn
HestiaPi is more than just a thermostat

[UPDATE 2015 12 13]

How about if you could control your entire home temperature and hot water/central heating etc etc, through your smartphone over the internet ?

You are going to think that this is a dangerous IoT (Internet of Thing) that exposes your privacy to unknown attackers and your smart home is going to be under the control of an evil company.

What if I could tell you, that you can build your own smart controller with open-design/open hardware & free software that costs about €100 ?

Crazy, right ?

Actually there is a project that does exactly all the above and much more and it’s based on a Raspberry Pi.

Let me introduce you to HestiaPi .


The name comes from the greek word: εστία and everything you need to start with, have already been published by the core developer on their site.

The team behind this awesome project will host/run an open/free entrance two day Hackathon at Athens, Hackerspace on 2016.


If you are curious on the project, visit and be part of this amazing project.

RHEL 7/CentOS 7 networking bonding without NetworkManager

First remove NetworkManager:

# systemctl stop NetworkManager

# systemctl disable NetworkManager
rm '/etc/systemd/system/'
rm '/etc/systemd/system/dbus-org.freedesktop.NetworkManager.service'
rm '/etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service'

# yum -y remove NetworkManager*

# /usr/bin/rm -rf /etc/NetworkManager

If you want to be more productive you should clean your system from FirewallD, install iptables-services and if you are going to install a redhat product/software disable SELinux as it’s manual going to suggest !

Now we can proceed.

# systemctl status network.service

will show us /etc/rc.d/init.d/network as the network orchestrator on the system.
Reading this file will get you a basic understanding of networking.

if [ ! -f /etc/sysconfig/network ]; then
    exit 6

that tells us that file: /etc/sysconfig/network must exist on our system.

If you want to disable the network on this linux machine you can do it by adding the below declaration:


So here are my notes for bonding:

eth0 + eth1 = bond0 with Adaptive transmit load balancing:

# cat /etc/sysconfig/network-scripts/ifcfg-em1

# cat /etc/sysconfig/network-scripts/ifcfg-em2

and bond0:


BONDING_OPTS="miimon=1 updelay=0 downdelay=0 mode=balance-tlb"


and as yoda would tell:

“else everything do not need you”

Reproducible Builds

I had the opportunity to participate on an Athen’s Hackerspace event with a dozen debian developers about the issue with reproducible distribution’s package builds.

I had never thought of this thing before and the presentation blown me away !

So here is the deal, if you download the latest openssl package from an archlinux mirror (want archlinux users will going to do):

# pacman -Sw openssl

What if we tried to build openssl by our selfs from the PKGBUILD file ?

# cd /var/abs/core/openssl

$ makepkg -cf
==> Making package: openssl 1.0.2.e-1 (Sun Dec  6 13:07:08 EET 2015)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources...
  -> Found openssl-1.0.2e.tar.gz
  -> Found openssl-1.0.2e.tar.gz.asc
  -> Found no-rpath.patch
  -> Found ca-dir.patch
==> Validating source files with md5sums...
    openssl-1.0.2e.tar.gz ... Passed
    openssl-1.0.2e.tar.gz.asc ... Skipped
    no-rpath.patch ... Passed
    ca-dir.patch ... Passed
==> Verifying source file signatures with gpg...
    openssl-1.0.2e.tar.gz ... Passed
==> Extracting sources...
  -> Extracting openssl-1.0.2e.tar.gz with bsdtar
==> Starting prepare()...


==> Leaving fakeroot environment.
==> Finished making: openssl 1.0.2.e-1 (Sun Dec  6 13:11:06 EET 2015)
==> Cleaning up...

Let’s check the md5sum:

# md5sum /var/cache/pacman/pkg/openssl-1.0.2.e-1-x86_64.pkg.tar.xz

b555ac4294a2f39ef0caa19e21a28355  /var/cache/pacman/pkg/openssl-1.0.2.e-1-x86_64.pkg.tar.xz
08755bad654f74b8a1c4c5386934aeea  /var/abs/core/openssl/openssl-1.0.2.e-1-x86_64.pkg.tar.xz

wat ???

why isnt both files similar exactly the same ?

Let’s find out what are the differences between these two files by using diffoscope

diffoscope --html /tmp/openssl.html

fire up an html browser and open /tmp/openssl.html

Read carefully the output, most of them are timestamps.
So what this fuzz is all about ?

There is a huge problem actually, we trust our distributions for privacy and security.

But what if governments have already compromised ftp mirrors or by MITM we have already installed a backdoor software?

That’s what core developers from major distributions are fighting as we speak, they are trying to engage more core developers and find a way to redistribute reproducible builds so that you can actually verify a package build on your PC.

Need to know more?

Click here: reproducible-builds

Can you help ?
take a look on diffoscope

Tag(s): diffoscope
adaptation IPv6 the wrong way!

There are some companies that have just started to dual stack (IPv4 & IPv6) their infrastructure, like twimg (the twitter hosting images site).

Reminder that IPv6 is preferable on the Internet (by design)

query[AAAA] from to
reply is 

reply is 2606:1f80:a000:102::2
reply is 2606:1f80:a000:106::2
reply is 2606:1f80:a000:105::2
reply is 2606:1f80:a000:107::2
reply is 2606:1f80:a000:104::2
reply is 2606:1f80:a000:100::2
reply is 2606:1f80:a000:101::2
reply is 2606:1f80:a000:103::2

query[A] from
cached is 
forwarded to
reply is 

reply is
reply is
reply is
reply is
reply is
reply is
reply is
reply is

but twitter itself, doesnt support IPv6 !

query[AAAA] from
forwarded to
reply is NODATA-IPv6

query[A] from
forwarded to
reply is
reply is
reply is
reply is

So below is the result on IPv4 twitter that calls IPv6 twimg:


Tag(s): twitter, IPv6