Easyrec – Integrate Recommender Engine in your website – open source

Easyrec is an open source recommender engine which can be trained and customized to provide personalized recommendations using REStful Web Service.

Easyrec exposes its functionality through REST API which provides several interaction types:


  1. view
  2. buy
  3. sendaction


  1. other users also viewed
  2. other users also bought
  3. items rated good by other users
  4. recommendations for user
  5. related items
  6. action history for user

Community Rankings

  1. most viewed items
  2. most bought items
  3. most rated items
  4. best rated items
  5. worst rated items

The list of recommendations is returned in XML and JSON notation to be further processed by your web application.

Easyrec API can be accessed from its main website http://easyrec.org/ or could be installed alongside with the web application on your own server. Easyrec require at least Java 1.5 and MySQL server for its functionality.

Download easyrect from: http://easyrec.org/recommendation-engine

A Bash script for sending telegram messages in Linux

Would it be nice to be able to receive notification from your Linux system in Telegram?


I’ve come up with a rudimentary bash script which lets you integrate the telegram-cli into your own script which is useful for sending messages or notification within automated process to your Telegram account.

The bash script is very useful when you want to send notification to your Telegram account. Example usage: notifying you instantly whenever a backup has been completed or whenever somebody logged into your system or if there’s a brute-force attempt to log into your SSH. Basically anything that you can imagine!

First Step: Install telegram-cli

The first step is to install the telegram-cli client on your Linux system. You may choose to:

  1. Build it on your own – using source code, or
  2. Install telegram-cli from *.deb (Ubuntu LTS only)

IMPORTANT: Please read on how to initialize and sign-in the telegram-cli and key in the required telegram “CODE” in your phone.

Second Step: Copy send-telegram.sh script to /usr/local/bin

You may copy this telegram bash script and chmod it to be executed from command line (up to you).

Download the script at: https://blog.mypapit.net/upload/files/send-telegram.sh.txt

# telegram-cli bash script r0.1
# change 'to' to your own  Telegram account name
# by =  Mohammad Hafiz bin Ismail  [mypapit@gmail.com]
# url=  https://blog.mypapit.net/

## Replace 'to' with your account name



function show_usage {

        echo "Usage $0 [message]"

if [ $# -lt 1 ]

(echo "contact_list";sleep 20;echo "msg $to $1"; echo "safe_quit") | telegram-cli

IMPORTANT: Do not forget to “chmod a+x” the “send-telegram.sh” script.
IMPORTANT: Change the “to” variable in the script to match your own Telegram username.

Third Step: Using the send-telegram.sh script

Using the send-telegram.sh is easy!

Once you’ve logged in and initialized your telegram-cli application. You only need to execute the “send-telegram.sh” to send instant messages to your Telegram account!

Just do this

wget -c https://blog.mypapit.net/upload/files/send-telegram.sh.txt
cp send-telegram.sh.txt /usr/local/bin/send-telegram.sh

Then chmod it, to make it executable,

sudo chmod a+x  /usr/local/bin/send-telegram.sh

IMPORTANT: Change the “to” variable in the send-telegram.sh script to match your own Telegram username.

sudo nano /usr/local/bin/send-telegram.sh

To test your telegram script, just make sure you’ve logged into Telegram and telegram-cli, and have entered the correct activation “CODE”. Read Step 1, if you are unsure.

Then you may try out the send-telegram.sh script

send-telegram.sh "this is my message"

To send telegram message with timestamp type:

send-telegram.sh "`date -I` : this is a message with timestamp"

What should I do next?

Use your imagination! You can integrate this script in crontab, or put it inside another another bash script or conditional operation, or even launch it from a web application, the potential is limitless.

Happy trying!

LILO Linux Bootloader project is ending

LILO – the venerable Linux Bootloader is ending its development. The news has been announced at its project’s page.


I’ve used LILO since the very first time I’m acquainted with GNU/Linux operating system, back in 2002. LILO simplicity makes it easy to install and reinstall the bootloader using standard computer BIOS at the time.

However, guess time has changed, with multitude of the server environment which linux computer may have been deployed, LILO probably has caught up with its limitation.

Still, I could still see LILO can be useful within embedded computing environment.

Download Wordlist for dictionary attack

Crackstation wordlist is one of the most (if not the most) comprehensive wordlist which can be used for the purpose of dictionary -attack on passwords.

The wordlist comes in two flavors:

  1. Full wordlist (GZIP-compressed (level 9). 4.2 GiB compressed. 15 GiB uncompressed)
  2. Human-password only wordlist (GZIP-compressed. 247 MiB compressed. 684 MiB uncompressed)

Personally, I’ve already downloaded the full wordlist via torrent, and tested it against few PDF files (using pdfcrack) and UNIX password cracking (using John), all my test cases were successful. In my opinion, the wordlist is comprehensive for my need.

Since it looked like it took a significant effort to compile this wordlist, I rather advocate those who are interested to donate/buy the wordlist from: https://crackstation.net/buy-crackstation-wordlist-password-cracking-dictionary.htm

Cracking PDF file with PDFCrack in Linux

I’ve come across an PDF which was sent to my email from an automated banking system. Unfortunately, the PDF file is encrypted and I’ve no way of knowing the password (or actually I’ve forgotten the password).

Fortunately, my Ubuntu box comes with application which allows me to crack the PDF file within a reasonable time.

Using ‘pdfcrack’ to crack PDF file

You need to install pdfcrack to crack pdf file. In Ubuntu/Debian system, you simply need to run

sudo apt-get -y install pdfcrack

Then for actual cracking, you can run

pdfcrack -n5 -m10 encrypted.pdf

Where -n [minimum length] to brute-force, and -m [maximum length] to brute-force.

pdfcrack can also accept a file input containing list of words (dictionary attack). For dictionary-attack just run

pdfcrack --wordlist=dictionary.txt encrypted.pdf

Securing SSH port and limiting IP address connection with Firewall in Ubuntu

UFW: Securing SSH
UFW or Uncomplicated Firewall is a firewall package in Ubuntu. UFW can be used to secure SSH ports in Ubuntu server.

In order to secure OpenSSH, we must first disable UFW and allow all SSH rule.

sudo ufw disable
sudo ufw delete allow ssh

Then we add IP Address to be allowed to connect to SSH port. In this case I assume that “” would be allowed to be connected to the server. You can replace IP Address, with any IP Address that you prefer.

sudo ufw allow from to any port ssh

You can also add other IP Address that can be connected to SSH port. In this case, I chose em>”″.

sudo ufw allow from to any port ssh

Alternatively, you could also specify port number and protocol

sudo ufw allow from to any port 22 proto tcp

Only allow SSH connections from certain subnets

sudo ufw allow from to any port 22 proto tcp

Note: Adding firewall rules to only allow SSH connection from certain subnets would increase the server security, further reducing brute-force attack.

Further Reading: Ubuntu Server Administrator Reference

Solving “Connection is encrypted using obsolete cipher suite” warning from Chrome

Here is a how to on how to solve the dreaded warning “Your connection is encrypted using obsolete cipher suit” from Google Chrome.

Firstly the warning had nothing to do with using cheap or self-signed TLS/SSL security certificate, but it has to do with cipher suite used on the server part.


So if you are a system administrator, you can edit the site config to include a more modern cipher.

NGINX Server

Using nginx, add the line containing “ssl_cipers” to the site config.

# /etc/nginx/sites-enable/example.conf 
server {
 listen 443 ssl;
 root /var/www/example.com/;
 server_name example.com;

        ssl_protocols TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;


sudo service nginx restart

Apache HTTP Server

For those who are using Apache HTTP server, you can edit the VirtualHost file from “/etc/apache2/sites-enable/” directory.

<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile      /path/to/signed_certificate
    SSLCertificateChainFile /path/to/intermediate_certificate
    SSLCertificateKeyFile   /path/to/private/key
    SSLCACertificateFile    /path/to/all_ca_certs

    # Intermediate configuration, tweak to your needs
    SSLProtocol             all -SSLv2 -SSLv3
    SSLHonorCipherOrder     on
    SSLCompression          off

    # OCSP Stapling, only in httpd 2.3.3 and later
    SSLUseStapling          on
    SSLStaplingResponderTimeout 5
    SSLStaplingReturnResponderErrors off
    # On Apache 2.4+, SSLStaplingCache must be set *outside* of the VirtualHost
    SSLStaplingCache        shmcb:/var/run/ocsp(128000)
    # Enable this if your want HSTS (recommended)
    # Header add Strict-Transport-Security "max-age=15768000"

You can restart Apache HTTP server by running

sudo service apache2 restart