This is my attempt at building a base Python distro that sits in /opt/python-2.7.2. My goal is to minimize depending on the installed system developement libraries; As in Enterprise-y environments, ‘polluting’ the standard OS image will result in a visit from the XKCD GOTO Raptor.

tldr; This is the script I created to install Python.

To start, I installed Centos 5.2 with only the groups @core, @base and @development tools. A few Text-Based Internet utilities were also installed for convinience’s sake.

I then downloaded Python 2.7.2 and ran the standard configure-make-make install routine, and got this:

INFO: Can't locate Tcl/Tk libs and/or headers

…Snipped...
Python build finished, but the necessary bits to build these modules were not found:
_bsddb             _curses            _curses_panel   
_sqlite3           _ssl               _tkinter        
bsddb185           bz2                dbm             
dl                 gdbm               imageop         
readline           sunaudiodev        zlib            
To find the necessary bits, look in setup.py in detect_modules() for the module's name.
….Snip…

FML, I knew this was the beginning of a journey into a rabbit hole.

This is the install sequence

sqlite
bzip2
zlib
openssl
ncurses
readline
gdbm
bsddb
python

Some decisions I took:
Not installing the TCL/TK toolkit, as building tk requires X11 libraries which I didn’t install.

The end result was this:

Building dbm using bdb
INFO: Can't locate Tcl/Tk libs and/or headers

Python build finished, but the necessary bits to build these modules were not found:
_tkinter           bsddb185           dl              
imageop            sunaudiodev                        
To find the necessary bits, look in setup.py in detect_modules() for the module's name.

sunaudiodev is is for Sun platforms,dl for 32bit platforms, imageop is deprecated and bsddb185 is undocumented.

What the script does:
* created a directory called src and build.
* Downloads the required libraries and compiles them in build * installs them all in /opt/python-2.7.2 * Removing this should be as easy as rm -rf /opt/python-2.7.2

If you wish to modify the install path, edit the PREFIX option in the script.

References: * andrew.io * Equatorian

Similar Projects that Address this issue (more elegantly) * pythonbrew * pybuild

In your WebFaction Control Panel:

• Click on Domains/websites
• Add your domain name (which has already been configured to point to your Webfaction server
• In Applications Create a new application
• App Category -> Static
• App type -> Static only (no .htaccess)
• Finally, in Websites
• New -> Choose your subdomain, App, and fill in the URL, which most probably would be /.

Enjoy the extremely fast load times provided by WebFaction’s nginx servers :).

Disclaimer: Webfaction link contains my affiliate ID

Finally, the Samsung Galaxy Nexus reaches Amazon.

From what I see, there are a lot of dealers trying to cash in on this. The 3 legit links I see are from:

• The OEM Shop
• Worldwide Distributors
• Addicted to Phones

As for me, I’m still wondering if I should wait for my telco deals before I buy one, or get the unlocked version here.

You have this feeling that yeah, you can program, but you may be doing things the wrong way. Scouring through the Web for Python Tips & Tricks might do, but after haphazardly learning the language, you’re finally ready for a more structured approach.

That’s how I am currently feeling, which is when I found this book: Pro Python

It starts off at Advanced Basics in Chapter 2 and progresses on. I just got this book, and am slowly progressing through Chapter 2.

LAN sync is a Dropbox feature that speeds syncing dramatically when the file exists on your Local Area Network (LAN).
…
With LAN syncing, Dropbox will look for the new file on your Local Area Network first, bypassing the need to download the file from Dropbox servers, thus speeding up the syncing process considerably.

Determine what port the DropBox service is listening on:

# netstat -ntupl | grep dropbox

You should get something like this:

[root@i7 ~]# netstat -ntupl | grep dropbox
tcp        0      0 0.0.0.0:17500               0.0.0.0:*                   LISTEN      2201/dropbox
udp        0      0 0.0.0.0:17500               0.0.0.0:*                               2201/dropbox

Dropbox LAN Sync listens on tcp/udp port 17500. We’ll need to open this port in iptables.

# iptables -I INPUT 3 --proto udp --dport 17500 -j ACCEPT
# iptables -I INPUT 3 --proto tcp --dport 17500 -j ACCEPT

This opens port 17500 for both the udp & tcp protocols. Based on /etc/services, these two stand for:

db-lsp          17500/tcp               # Dropbox LanSync Protocol
db-lsp-disc     17500/udp               # Dropbox LanSync Discovery

And at the end, don’t forget to save your rules by typing:

# iptables-save > /etc/sysconfig/iptables

To disable these droppings, you’ll need to configure your user account to not create them on network drives.

Open your terminal

1

defaults write com.apple.desktopservices DSDontWriteNetworkStores true

Restart your Mac.

That should do the trick.
Source: Mini System Administrator’s FAQ

Open Finder and press <command>-k to bring up the Connect to Server window.

Enter the URL https://box.net/dav and click on the Connect button.

After a few seconds, you will be prompted to enter you username & password. Use you existing Box userid and password.

When successfully connected, you should see box.net entry in you Shared section of Finder, if depending on your settings, a little remote drive icon called dav.

If you right click on it and choose Get Info, you should see something like the following image, with the format being WebDAV (Secure)

This is where the ssh config file comes in handy.

For this example, I’ll assume you want to connect to a host called db01 as the user admin. What you’ll need to do is:

Copy over the user@host’s private and public keys into your local ~/.ssh directory.

$ cd ~/.ssh
$ scp admin@db01:/home/admin/.ssh/id_rsa id_rsa_db01
$ scp admin@db01:/home/admin/.ssh/id_rsa.pub id_rsa_db01.pub

Note: I copied the keys over as different filenames, id_rsa_db01 and id_rsa_db01.pub. This is so you don’t overwrite your existing keys.

Create the ssh config file in your .ssh directory

$ touch ~/.ssh/config

Specify the user and ssh private key file to use when connecting to the host db01 in the ~/.ssh/config file. Your config file should have the following contents:

host db01
    user admin
    IdentityFile id_rsa_db01

Change the permissions of the ssh keys to read-only, and the ssh config file to be read-write only by you.

$ chmod 400 ~/.ssh/id_rsa_db01*
$ chmod 600 !/.ssh/config

The ssh config file has some pretty powerful options, and more can be read by typing man ssh_config.

Fortunately, the passwd command comes with a handy option that allows this relatively insecure method.

Let’s assume you want to change the password for a system account called webapp450 on 5 servers, named web001, web002, web003, database001 and database002. The passwd command contains a switch that allows root to receive the password via stdin.

# passwd --stdin

What you could do is use the echo command to pipe the new password in. E.g.

# echo 'newpassword' | passwd --stdin webapp450

Now, we can add this into a script:

#!/bin/bash
# chgpasswd.sh
export HISTIGNORE="*passwd*"
echo 'newpassword' | passwd --stdin webapp450

I created a bash script called chgpasswd.sh and changed its permissions to 700, so only root could read & execute it. For a little added security, I even added the bash HISTIGNORE command, that ignores any line containing the word passwd, so it doesn’t get added to the bash history file.

I then dumped it in a directory that was shared among those 5 hosts (/shared) and ran it via ssh.

As a final bit of automation, I ran in using the following bash for loop:

$ for machine in web001 web002 web003 database001 database002; do ssh root@$machine '/shared/chgpasswd.sh'; done

Note: This method is highly insecure, and should be only used if you know what you’re doing.

By default, you get the horribly user friendly Mac hostname in the terminal. To change that, do the following as root:

scutil --set HostName hostname_you_like

Of course, replace hostname_you_like with something you want. Source: Larry Gordon.

Check out the difference in load times, based on Google Analytics’ site speed. I migrated to Octopress on the 19th of December, shaving load times from a peak of 16 seconds!! to 2 seconds. Moving to Webfaction made it 0.9 seconds :)

To fix this, first stop the libvirtd service.

# systemctld stop libvirtd.service

Then in a terminal, run

# ps -ef | grep libvirtd

You will see a few libvirtd processes running. Kill all the processes in one go using this:

# kill `pidof libvirtd`

Restart libvirt

# systemctl start libvirtd.service

Close and reopen your Virt Manager. You should be able to connect now.

Unfortunately rsync doesn’t support mirroring over ftp, but thats where lftp comes in handy.

To recursively copy (mirror) a remote directory named data to a directory named /ftp_mirror in the current machine:

lftp user@example.com:/pub> mirror -v data /ftp_mirror

Where:
* mirror: the mirror command
* -v: the verbose flag, so you can see which file is being copied

To mirror a directory on your machine called /data/remote_copy to the remote ftp server:

lftp user@example.com:/pub> mirror -Rv /data/remote_copy .

Where:
* -R: this is a reverse mirror, e.g Copy from local machine to remote machine
This will create a directory called /pub/remote_copy with the contents of the /data/remote_copy.

I’m lucky in the sense I didn’t actively blog that much, (or a poor excuse for a blogger, depending on your POV) so I had like < 100 posts to migrate over. You could read more real life migration pains at Pixel-in-Gene.

For post conversion, I used Thomas Frössman’s exitwp plugin, which is written in Python. I then removed all the cruft personal posts that served no purpose, leaving only the technical bits in.

The none active comments are removed, but I’ll be adding a disqus section soon.

For now I’ll be working on optimizing my workflow for blog publishing, possibly through rsync, or maybe git.

You would get the following error message:

Fatal error: Certificate verification: Not trusted

If you are sure its really the intended site (No Man in the Middle Attacks!), you can temporaryly disable certificate verification by the following command at the lftp prompt:

lftp > set ssl:verify-certificate no

To permanently set this for lftp, you could add this to your /etc/lftp.conf or in your home directory ~/.lfptrc file.

Download the latest Java JDK from here.

http://www.oracle.com/technetwork/java/javase/overview/index.html

I used the tar.gz version. I choose to install it in /opt

tar -zxf /path/to/your/jdk/download/jdk-7u2-linux-x64.tar.gz -C /opt

This extracts the Java JDK to /opt/jdk1.7.0_02

Use the alternatives command to then set this as the default java.

# /usr/sbin/alternatives --install /usr/bin/java java /opt/jdk1.7.0_02/bin/java 200

Where:

• –install - Command to add an ‘alternative’
• /usr/bin/java - where the java program should be linked to
• java - The type of ‘alternative’ we are installing
• /opt/jdk1.7.0_02/bin/java - The full path to the java binary
• 200 - The priority of this version, the higher the number, the higher the chance of it being used first

Test this in the command line by typing

$ java -version
java version "1.7.0_02"
Java(TM) SE Runtime Environment (build 1.7.0_02-b13)
Java HotSpot(TM) 64-Bit Server VM (build 22.0-b10, mixed mode)

You will now see that it uses the Oracle Java.

First install lighttpd:

yum install lighttpd

Enable directory listing in /etc/lighttpd/conf.d/dirlisting.conf

dir-listing.activate      = "enable"

For example. lets open the default DNS port to allow incoming queries for addresses.

1. List your exising firewall rules

iptables -L --line-numbers -n

This will list the current rules you have in your firewall configuration Sample output:-

[root@i7 ~]# iptables -L --line-numbers -n 
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22
3    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
4    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited  
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

1. DNS Queries require a UDP packet to port 53 (by default). Since iptables rules are done on a first match basis, we’ll insert it to line 3 in the INPUT chain.
2. The command to insert the rule:-

iptables -I INPUT 3 --proto udp --dport 53 -j ACCEPT

1. Where:
   • -I INPUT 3: Insert rule into the INPUT chain at line number 3
   • –proto udp: Incoming Packets that are of the UDP Protocol
   • –dport 53: Packets destined for port 53
   • -j ACCEPT: Jump to the ACCEPT chain (let the packet through)
2. When you list the iptables rules again, It should show the new rule in line number 3 of the input chain.

[root@i7 ~]# iptables -L --line-numbers -n 
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22
3    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:53
4    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
5    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
6    REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited  
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

1. Remember to then save your rules, else the next time the service is rebooted, your changes will be lost.

1. Determine the name of your device

[root@i7 ~]# ifconfig 
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:424 errors:0 dropped:0 overruns:0 frame:0
          TX packets:424 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:31696 (30.9 KiB)  TX bytes:31696 (30.9 KiB)  
p34p1     Link encap:Ethernet  HWaddr 20:CF:30:0F:37:4A  
          inet addr:192.168.0.10  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::22cf:30ff:fe0f:374a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:297754 errors:0 dropped:0 overruns:0 frame:0
          TX packets:190679 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:426415608 (406.6 MiB)  TX bytes:15724959 (14.9 MiB)
          Interrupt:69 Base address:0x6000 

In my case, the device is called p34p1.

1. Create a file in /etc/sysconfig/network-scripts called ifcfg-p34p1
2. Contents of file:

DEVICE=p34p1
IPADDR=192.168.0.10
NETMASK=255.255.255.0
GATEWAY=192.168.0.1
HWADDR=20:CF:30:0F:37:4A
DNS1=192.168.0.1
ONBOOT=yes
NAME=Wired_Connection
BOOTPROTO=none
NM_CONTROLLED=no

1. Important points to note:
   • NM_CONTROLLED=no: Tell NetworkManager not to control this device
   • DNS1=192.168.0.1: The DNS Server to use
   • HWADDR: The MAC address of the NIC

Solution: [root@fedora ~]# iptables-save > /etc/sysconfig/iptables
Well, Fedora 16 has migrated more of its services to Systemd, so trying to do a save redirects it to systemctl save iptables.service. :|

Looking at the Fedora 16 Security Guide, either they didn’t spot the error, or I’m doing something completely wrong.

Anyway, it showed me another command: /sbin/iptables-save which did what I wanted.

So what I did was pipe it back to /etc/sysconfig/iptables and then we all lived happily ever after. :)