Archive for the ‘System admin’ Category
Since this machine is only a development server, I more recently decided to turn the same machine into a VMware VM, running locally (in VMware Fusion 4 on my MacBook Pro). Here, I document the steps necessary for that transformation.
But the PostGIS package provided by Ubuntu 12.04 is still only at version 1.5, and the GEOS and GDAL packages are also too old to support the new version.
So — this is how I compiled PostGIS
2.0.1 2.0.3 2.1.0rc2 2.1.0 and its dependencies on my GIS server.
Updated May 2012 for Lion
The secret to getting the MySQL gem to install and function with Ruby 1.9.x on Snow Leopard or Lion is:
- Install MySQL using the 64-bit .DMG package installer from dev.mysql.com
- Install Ruby using RVM or (preferably) rbenv
- Add these to lines to
export PATH="/usr/local/mysql/bin:$PATH" export DYLD_LIBRARY_PATH="/usr/local/mysql/lib:$DYLD_LIBRARY_PATH"
- In a new shell (Terminal window), type
gem install mysqlas normal.
I’m posting this mainly as a record for myself, having wasted a lot of time in the past trying strange incantations from comments on various other blogs posts.
The recent Gawker passwords leak once again highlights the widespread use of passwords that offer essentially no security.
Some years ago, when working on a secure web app for a large organisation — let’s call them Secret Testing Ltd — I was keen that people shouldn’t choose hopelessly weak passwords. I was particularly concerned by my sysadmin colleague’s fondness for passwords of the form ‘p/\55w0rd’ or ‘S3cr3t-T35t|ng’.
Still, just one more copy of your data, in just one more continent, surely can’t do any harm, right? One that won’t burn down with your house, but also isn’t just wafting vaguely in the Cloud at someone else’s whim. One that elevates your backup system from sensibly paranoid to borderline OCD. One, in this case, brought to you by rsync, find and Growl.
I’ve been unhappy for a while having the SSH daemon on my web server VPSs with password authentication enabled. Of course, it’s on a non-standard port, blocks root logins, and takes a strong-ish password… but the risk of a successful dictionary attack has still felt too non-zero for comfort.
Equally, though, I’ve not wanted to give up the ability to log in to the servers from anywhere to fix things in an emergency, so I didn’t want to turn password authentication off and rely on public keys alone.
Until now, that is. I realised yesterday that, since I have iSSH on the iPhone, which does public key authentication, I can log into my servers from anywhere, even with password authentication turned off. Granted, doing anything serious on a tiny screen and slow connection is difficult. But all I actually need to be able to do from there is temporarily turn password authentication back on.
And to make this easy, I’ve put two ultra-simple scripts in ~/bin:
#!/bin/bash sudo sed -r -e 's/^PasswordAuthentication no$/PasswordAuthentication yes/' \ -i.previous /etc/ssh/sshd_config sudo /etc/init.d/ssh restart
#!/bin/bash sudo sed -r -e 's/^PasswordAuthentication yes$/PasswordAuthentication no/' \ -i.previous /etc/ssh/sshd_config sudo /etc/init.d/ssh restart
(These paths are suitable for Ubuntu 8.04).