George MacKerron: code blog

I recently posted a HOWTO based on my experience moving a Xen domU from Linode to my own Xen Dom0 setup at Hetzner.

Since this machine is only a development server, I more recently decided to turn the same machine into a VMware VM, running locally (in VMware Fusion 4 on my MacBook Pro). Here, I document the steps necessary for that transformation.

Read the rest of this entry »

PostGIS 2 has some exciting new goodies — including raster support — that I’m keen to use in the analysis of Mappiness data.

But the PostGIS package provided by Ubuntu 12.04 is still only at version 1.5, and the GEOS and GDAL packages are also too old to support the new version.

So — this is how I compiled PostGIS 2.0.1 2.0.3 2.1.0rc2 2.1.0 and its dependencies on my GIS server.

Read the rest of this entry »

Updated May 2012 for Lion

The secret to getting the MySQL gem to install and function with Ruby 1.9.x on Snow Leopard or Lion is:

• Install MySQL using the 64-bit .DMG package installer from dev.mysql.com
• Install Ruby using RVM or (preferably) rbenv
• Add these to lines to ~/.bash_login or ~/.bashrc or ~/.profile as appropriate:

export PATH="/usr/local/mysql/bin:$PATH"
export DYLD_LIBRARY_PATH="/usr/local/mysql/lib:$DYLD_LIBRARY_PATH"

• In a new shell (Terminal window), type gem install mysql as normal.

I’m posting this mainly as a record for myself, having wasted a lot of time in the past trying strange incantations from comments on various other blogs posts.

The recent Gawker passwords leak once again highlights the widespread use of passwords that offer essentially no security.

Some years ago, when working on a secure web app for a large organisation — let’s call them Secret Testing Ltd — I was keen that people shouldn’t choose hopelessly weak passwords. I was particularly concerned by my sysadmin colleague’s fondness for passwords of the form ‘p/\55w0rd’ or ‘S3cr3t-T35t|ng’.

Read the rest of this entry »

Between Time Machine and services like Dropbox, paranoid levels of backup are surprisingly painless to achieve on the Mac these days.

Still, just one more copy of your data, in just one more continent, surely can’t do any harm, right? One that won’t burn down with your house, but also isn’t just wafting vaguely in the Cloud at someone else’s whim. One that elevates your backup system from sensibly paranoid to borderline OCD. One, in this case, brought to you by rsync, find and Growl.

Read the rest of this entry »

I’ve been unhappy for a while having the SSH daemon on my web server VPSs with password authentication enabled. Of course, it’s on a non-standard port, blocks root logins, and takes a strong-ish password… but the risk of a successful dictionary attack has still felt too non-zero for comfort.

Equally, though, I’ve not wanted to give up the ability to log in to the servers from anywhere to fix things in an emergency, so I didn’t want to turn password authentication off and rely on public keys alone.

Until now, that is. I realised yesterday that, since I have iSSH on the iPhone, which does public key authentication, I can log into my servers from anywhere, even with password authentication turned off. Granted, doing anything serious on a tiny screen and slow connection is difficult. But all I actually need to be able to do from there is temporarily turn password authentication back on.

And to make this easy, I’ve put two ultra-simple scripts in ~/bin:

pwd_login_on.sh

#!/bin/bash
sudo sed -r -e 's/^PasswordAuthentication no$/PasswordAuthentication yes/' \
  -i.previous /etc/ssh/sshd_config
sudo /etc/init.d/ssh restart

pwd_login_off.sh

#!/bin/bash
sudo sed -r -e 's/^PasswordAuthentication yes$/PasswordAuthentication no/' \
  -i.previous /etc/ssh/sshd_config
sudo /etc/init.d/ssh restart

(These paths are suitable for Ubuntu 8.04).

Lovely.