George MacKerron: code blog

GIS, software development, and other snippets

Archive for the ‘System admin’ Category

Turning a Xen domU into a VMware VM (or: How to bring your Linode home)

without comments

I recently posted a HOWTO based on my experience moving a Xen domU from Linode to my own Xen Dom0 setup at Hetzner.

Since this machine is only a development server, I more recently decided to turn the same machine into a VMware VM, running locally (in VMware Fusion 4 on my MacBook Pro). Here, I document the steps necessary for that transformation.

Read the rest of this entry »

Written by George

July 29th, 2013 at 10:26 am

Posted in System admin

How to compile PostGIS 2.1 on Ubuntu Server 12.04+

with 7 comments

PostGIS 2 has some exciting new goodies — including raster support — that I’m keen to use in the analysis of Mappiness data.

But the PostGIS package provided by Ubuntu 12.04 is still only at version 1.5, and the GEOS and GDAL packages are also too old to support the new version.

So — this is how I compiled PostGIS 2.0.1 2.0.3 2.1.0rc2 2.1.0 and its dependencies on my GIS server.

Read the rest of this entry »

Written by George

June 1st, 2012 at 6:30 pm

MySQL gem for Ruby 1.9.x on Snow Leopard or Lion (Mac OS X 10.6 or 10.7)

with one comment

Updated May 2012 for Lion

The secret to getting the MySQL gem to install and function with Ruby 1.9.x on Snow Leopard or Lion is:

  • Install MySQL using the 64-bit .DMG package installer from dev.mysql.com
  • Install Ruby using RVM or (preferably) rbenv
  • Add these to lines to ~/.bash_login or ~/.bashrc or ~/.profile as appropriate:
export PATH="/usr/local/mysql/bin:$PATH"
export DYLD_LIBRARY_PATH="/usr/local/mysql/lib:$DYLD_LIBRARY_PATH"
  • In a new shell (Terminal window), type gem install mysql as normal.

I’m posting this mainly as a record for myself, having wasted a lot of time in the past trying strange incantations from comments on various other blogs posts.

Written by George

August 4th, 2011 at 3:47 pm

Posted in Mac,Ruby,SQL,System admin

Blocking the weakest passwords

without comments

The recent Gawker passwords leak once again highlights the widespread use of passwords that offer essentially no security.

Some years ago, when working on a secure web app for a large organisation — let’s call them Secret Testing Ltd — I was keen that people shouldn’t choose hopelessly weak passwords. I was particularly concerned by my sysadmin colleague’s fondness for passwords of the form ‘p/\55w0rd’ or ‘S3cr3t-T35t|ng’.

Read the rest of this entry »

Written by George

December 14th, 2010 at 1:24 pm

Growling Mac backups with rsync

with one comment

Between Time Machine and services like Dropbox, paranoid levels of backup are surprisingly painless to achieve on the Mac these days.

Still, just one more copy of your data, in just one more continent, surely can’t do any harm, right? One that won’t burn down with your house, but also isn’t just wafting vaguely in the Cloud at someone else’s whim. One that elevates your backup system from sensibly paranoid to borderline OCD. One, in this case, brought to you by rsync, find and Growl.

Read the rest of this entry »

Written by George

August 1st, 2009 at 12:40 pm

Posted in Mac,System admin

iPhone + public key SSH authentication: lovely

with one comment

I’ve been unhappy for a while having the SSH daemon on my web server VPSs with password authentication enabled. Of course, it’s on a non-standard port, blocks root logins, and takes a strong-ish password… but the risk of a successful dictionary attack has still felt too non-zero for comfort.

Equally, though, I’ve not wanted to give up the ability to log in to the servers from anywhere to fix things in an emergency, so I didn’t want to turn password authentication off and rely on public keys alone.

Until now, that is. I realised yesterday that, since I have iSSH on the iPhone, which does public key authentication, I can log into my servers from anywhere, even with password authentication turned off. Granted, doing anything serious on a tiny screen and slow connection is difficult. But all I actually need to be able to do from there is temporarily turn password authentication back on.

And to make this easy, I’ve put two ultra-simple scripts in ~/bin:

pwd_login_on.sh

#!/bin/bash
sudo sed -r -e 's/^PasswordAuthentication no$/PasswordAuthentication yes/' \
  -i.previous /etc/ssh/sshd_config
sudo /etc/init.d/ssh restart

pwd_login_off.sh

#!/bin/bash
sudo sed -r -e 's/^PasswordAuthentication yes$/PasswordAuthentication no/' \
  -i.previous /etc/ssh/sshd_config
sudo /etc/init.d/ssh restart

(These paths are suitable for Ubuntu 8.04).

Lovely.

Written by George

May 28th, 2009 at 2:03 pm

Posted in System admin