High-performance SSH: Install HPN-SSH on OSX with keychain integration

I use SSH for pretty much anything from VPN, server administration, database connections or iPython work on remote machines. When working from weird places and with weird internet connections SSH become painfully slow. I already use Mosh, but that also relies on ordinary SSH to initiate the connection.

Pittsburgh University has this OpenSSH-patch to remove some bottlenecks and make it 1000% faster (they claim). Continue reading

Lazy admin’s guide to automated updates (Part 2: Python pip)

Last week we discussed Linux Debian’s apt-get update mechanism and how to fully automate essential updates. This week I’d like to demonstrate how to do the same thing for Python. I admit that keeping Python packages up-to-date is probably not half as essential as keeping internet-facing server infrastructure updated. Nonetheless I like to work with the latest versions of packages, as they might fix problems or add features. Continue reading

Introducing: (A)SPEL web stack

I’d like to officially name my current dev stack:

A.. for AngularJS. Drives the user frontend.
S.. for Supervisord. Takes care of processes.
P.. for Python. Quick way to implement almost any business logic.
E.. for Nginx. Fast web server for static files and to add SSL.
L.. for Linux.

Buggy Mac OSX 10.9 Mavericks update

A word of warning: Updating from Mountain lion to Mavericks is by far the most buggy process I have ever seen from Apple. At times the installer quit in the middle, My time machine volume was not recognized, network settings are lost, …

Make sure you have multiple backups and plan some downtime. On the plus-side Homebrew and my Python-packages all survived. Just make sure you use pip with a virtualenv or the –user option.

Good luck.

China GPS offset problem

Today I stumpled over a rather fascinating post on Sinosplice. It basically says that all maps in China are based on a different coordinate system than Western maps. As a result, ‘Western’ GPS-coordinates projected onto them will be off between 300 to 500m.

Real and projected GPS-position in China. Offset varies between 300 and 500m

I noticed this issue while playing Ingress in Shanghai. While walking along the Bund, I always ended up in the Pu-river. It seems that Google Maps has a correction-algorithm built in, while Ingress hasn’t. This still doesn’t help you while tagging photos or sharing your position with friends. Continue reading

Setting Postfix to encrypt all traffic when talking to other mailservers

Update Aug 9, 2013: The biggest German email providers are currently running a big marketing campaign and promise secure email. They are using the same technique described on this page. After checking my logs, I can confirm that GMX-emails were delivered unencrypted on Aug 5, but arrived encrypted on Aug 6.

Thanks to Mr. Snowden, we know two important facts about the world of security and email:

First, most governments in the world will eavesdrop and store your communication, if they get the chance. They don’t have a specific reason and the benefits are highly disputed.

Second, your users can’t/won’t use PGP or S/MIME to encrypt their email.

The job is left to admins. We need to maximize usability and compatibility, while ensuring that user data stays confidential. If you are running Postfix, I’d like to draw your attention to some useful settings that will protect your user’s email in transit. If emails stay on the same server or the other server is secured as well, there is little chance to intercept messages on a big scale. If your users are sending emails to Gmail or Hotmail, then interception is still possible at the receiving end.

Make Postfix encrypt messages at all stages of delivery.
Figure 1: Vulnerability of email-messages in transit.

Continue reading

M/Monit preparing new monitoring tool

Since my webserver broke down, while I was caught on a ship to Japan, I have relied on the excellent monit to have an eye on all my important services.

Currently their inventors, who give the client-version away for free are working on a remarkable evolution of their M/Monit-tool, a solution to keep track of multiple monit-instances. It only used to give you alarms and show events. Now it will record your system load and memory usage.

If you already have monit installed, this is a great complement. Find out about the beta-version here.

Scan image via SSH

We have an ancient Brother scan+print combination in our apartment. Cheap and reliable. Printing works well over CUPS, also from iPads with Airprint. My only issue was scanning. It works well with SANE, which also works via your network. Only problem is that the packages provided by Mattias Ellert on his website are a bit outdated and don’t always work with the latest Mac OSX. So here is a quick trick to scan on a remote machine without the trouble of moving the file later:

[cc lang=”bash” width=”100%” noborder=”1″ theme=”dawn”] ssh cyrus@gaia.local “sudo scanimage –resolution 400 –format=tiff” | convert tiff:- -quality 90 -quiet date "+%Y-%m-%d_%H-%M-%S".jpg  [/cc]

Basically this command pipes the image over SSH and hands it over to the local convert for compression. Neat and elegant. 🙂

XBian – Raspberry Pi-based distro for running XBMC

Here just some upaid advertising for a nice armhf-based XBMC distro, I discovered some time ago. If you just want to use your RPI for watching movies and TV-shows, this is definitely for you. It auto-starts XBMC, mounts USB-drives and lets you connect to NFS and SMB as well. They only thing you might want to do is keep your XMBC-user folder on a different drive, so you can easily switch versions and always have a backup.

Link: http://xbian.org/