High-performance SSH: Install HPN-SSH on OSX with keychain integration

by manu on 04/19/2014

I use SSH for pretty much anything from VPN, server administration, database connections or iPython work on remote machines. When working from weird places and with weird internet connections SSH become painfully slow. I already use Mosh, but that also relies on ordinary SSH to initiate the connection.

Pittsburgh University has this OpenSSH-patch to remove some bottlenecks and make it 1000% faster (they claim). Continue Reading »

1 Comment

Lazy admin’s guide to automated updates (Part 2: Python pip)

by manu on 04/14/2014

Last week we discussed Linux Debian’s apt-get update mechanism and how to fully automate essential updates. This week I’d like to demonstrate how to do the same thing for Python. I admit that keeping Python packages up-to-date is probably not half as essential as keeping internet-facing server infrastructure updated. Nonetheless I like to work with the latest versions of packages, as they might fix problems or add features. Continue Reading »

No Comments

Lazy admin’s guide to automated updates (Part 1: Debian Linux)

by manu on 04/10/2014

This week’s massive SSL-security vulnerability showed how important regular security updates for all of our software is. Because – let’s face it – today’s world is largely powered by software. Software that is written by humans, who make mistakes when writing it. The rule should be: retire it or update it. Continue Reading »

No Comments

Shanghai PM2.5 update

by manu on 03/31/2014

I’m back in Shanghai and faced with the pollution problem once again. Here a quick update on the last months. You can clearly see a reduction in pollution around Chinese New Year, when factories are shutting down. With warmer weather the readings also seem to be lower. I don’t know the reason, but anecdotal evidence gives the same effect for Beijing. An expert from Vienna University of Economics is currently analyzing the data and correlating it with weather observations. I’ll give an update, when some results emerge.

Continue Reading »

No Comments

Pleasant places to live in China, Germany and Austria

by manu on 02/5/2014

This morning I came across this post by Kelly Norton. He calculated the number of ‘pleasant’ days for each US zip-code area. California seems to win the race with more than 180 ‘pleasant’ days each year. A pleasant day is defined by the min- and max temperature not exceeding certain limits.
Continue Reading »

No Comments

Introducing: (A)SPEL web stack

by manu on 01/12/2014

I’d like to officially name my current dev stack:

A.. for AngularJS. Drives the user frontend.
S.. for Supervisord. Takes care of processes.
P.. for Python. Quick way to implement almost any business logic.
E.. for Nginx. Fast web server for static files and to add SSL.
L.. for Linux.

No Comments

Case study: Howard Johnson Hotel – how NOT to sell your Wifi

by admin on 11/24/2013

nessus-1Few things are more annoying than hotels, who think they need to earn some extra cash by charging people for wireless internet. Given the low to nonexistent cost of providing the service, they should also charge for warm water or fresh air, when following the same logic.

In the case of a local Howard-Johnson (HoJo) hotel, the wifi’s paywall was so badly implemented, it actually posed a threat to the rest of the hotel. Below, I will describe 4 options, anyone can use to get free internet at this particular hotel. Continue Reading »

No Comments

Buggy Mac OSX 10.9 Mavericks update

by admin on 11/17/2013

A word of warning: Updating from Mountain lion to Mavericks is by far the most buggy process I have ever seen from Apple. At times the installer quit in the middle, My time machine volume was not recognized, network settings are lost, …

Make sure you have multiple backups and plan some downtime. On the plus-side Homebrew and my Python-packages all survived. Just make sure you use pip with a virtualenv or the –user option.

Good luck.

No Comments

XKeyscore capabilities (5 years ago)

by admin on 08/1/2013

This is pretty crazy. Every conspiracy theorist was correct. The government is really watching everything. All internet data on the internet is compromised.

Check out the presentation and read it nice and slow: http://www.theguardian.com/world/interactive/2013/jul/31/nsa-xkeyscore-program-full-presentation

No Comments

Attack from below – Oracle vs the rest

by admin on 07/27/2013

Threats rarely come from above, but most of the time from below. Small and flexible companies start with niches and keep improving their performance, until they become a threat to the established player. In this case we see the S-curve model playing out against Oracle.

These migrations indicate that after years of development, many open source or low-cost databases have now attained performance that is either roughly equivalent to parts of Oracle, such as Postgres, or have developed capabilities that while irrelevant to much of the database market, are far in advance of any technology operated by the Red Borg, such as MongoDB or Riak or Cassandra.

via Hungry termites nibbling at Oracle’s foundation

Personally I’m a fan of MongoDB and Redis. I also tried CouchDB, but didn’t find it very active.

No Comments

China GPS offset problem

by manu on 07/17/2013

Today I stumpled over a rather fascinating post on Sinosplice. It basically says that all maps in China are based on a different coordinate system than Western maps. As a result, ‘Western’ GPS-coordinates projected onto them will be off between 300 to 500m.

Real and projected GPS-position in China. Offset varies between 300 and 500m

I noticed this issue while playing Ingress in Shanghai. While walking along the Bund, I always ended up in the Pu-river. It seems that Google Maps has a correction-algorithm built in, while Ingress hasn’t. This still doesn’t help you while tagging photos or sharing your position with friends. Continue Reading »

No Comments

Setting Postfix to encrypt all traffic when talking to other mailservers

by manu on 07/7/2013

Update Aug 9, 2013: The biggest German email providers are currently running a big marketing campaign and promise secure email. They are using the same technique described on this page. After checking my logs, I can confirm that GMX-emails were delivered unencrypted on Aug 5, but arrived encrypted on Aug 6.

Thanks to Mr. Snowden, we know two important facts about the world of security and email:

First, most governments in the world will eavesdrop and store your communication, if they get the chance. They don’t have a specific reason and the benefits are highly disputed.

Second, your users can’t/won’t use PGP or S/MIME to encrypt their email.

The job is left to admins. We need to maximize usability and compatibility, while ensuring that user data stays confidential. If you are running Postfix, I’d like to draw your attention to some useful settings that will protect your user’s email in transit. If emails stay on the same server or the other server is secured as well, there is little chance to intercept messages on a big scale. If your users are sending emails to Gmail or Hotmail, then interception is still possible at the receiving end.

Make Postfix encrypt messages at all stages of delivery.

Figure 1: Vulnerability of email-messages in transit.

Continue Reading »

No Comments

Scheduled server maintenance

by manu on 07/2/2013

Please note that email service will be unavailable next Saturday between 18h and 23h CET.

Sorry for any inconvenience caused.

No Comments

M/Monit preparing new monitoring tool

by manu on 06/21/2013

Since my webserver broke down, while I was caught on a ship to Japan, I have relied on the excellent monit to have an eye on all my important services.

Currently their inventors, who give the client-version away for free are working on a remarkable evolution of their M/Monit-tool, a solution to keep track of multiple monit-instances. It only used to give you alarms and show events. Now it will record your system load and memory usage.

If you already have monit installed, this is a great complement. Find out about the beta-version here.

1 Comment

Download from Uploaded.to (and others) via command line on Linux or Mac OSX

by manu on 05/19/2013

Screen Shot 2013-05-19 at 19.15.55
Many people are using cyberlockers, like Mediafire, Uploaded, Filepost, … to share files. There are many different providers and all of them keep nagging your with captachs to sell their premium accounts. There are some interesting tools to get around this, like JDownloader or PyLoad.

Continue Reading »

No Comments