Subversion Is An Old Man's Tool.
As Joel Spolsky put it: “Distributed Version Control is here to stay, baby”. If you’ve read Joel’s stuff, you know he has a way of making sense — a quality of writing which can be tough to find on the Internet. As a Git user, I can’t say Joel converted me, but he did get me thinking about why I too hung on to familiar ol’ Subversion long after it’s obsolescence. Rather than boring you with that, herein lies a minimalist guide to getting started with distributed version control. Continue reading »
Linux Security: Denyhosts
If you’ve read my OpenSSH series, perhaps even if you haven’t, you are probably aware of the power SSH offers to those who know how to use it. There are many ways to protect the service from unauthorized usage, focusing on self-contained or single host solutions, one finds two common flavors: those which make use of the Linux kernel’s packet filtering tools (netfilter and iptables), and those which rely on Wietse Venema’s TCP Wrappers. Netfilter certainly offers power and flexibility, but this may be at the cost of simplicity and management ease. While no security measure ought to be implemented blindly, there is an undeniable benefit to simple measures which can be configured quickly and with little fuss — in this arena, TCP Wrappers stands tall.
Continue reading »
Cloud Life: Kernel Upgrades
One thing not mentioned in EC2StartersGuide is how to apply kernel patches. Technically, this isn’t currently possible in the Amazon cloud, which is to say that the boot loader (e.g. grub) within an EC2 instance cannot load an arbitrary kernel; nonetheless, official kernel updates are available via package updates, though cloud servers won’t automatically load the latest installed kernel when booted. Continue reading »
Managing MySQL
Database management is one of those tasks where GUI tools can often be handy and occasionally critical. The history of Linux point-and-click tools for MySQL is a bit checkered, and prominently features MySQL Query Browser and MySQL Administrator, official tools formerly supported by MySQL. Early releases were buggy and crash-prone, but had progressed to merely flaky by late 2009, when MySQL announced they would pull the trigger on them in favor of MySQL Workbench. MySQL support for the GUI Tools Bundle officially ended in June 2010, but the tools are still available in Debian and Ubuntu repositories, while MySQL Workbench is conspicuously absent. While this may deter many users from test driving Workbench, they are missing out on a powerful tool for database management. Fortunately, MySQL publishes MySQL Workbench binaries. Continue reading »
Transatlantic Text Editing
Philip has posted a brief follow up to Managing Line Endings over at Armadillo. He’s also got some articles which may be useful for anyone forced to use SSH on Windows.
3 Easy Steps to SSL Client Authentication
There are many resources on the Internet for correctly securing apache web sites with X.509 client certificate authentication. This isn’t one of them. What follows is a three step guide to the fastest, easiest method for setting up self-signed server and client certificates. You are advised not to run any of the commands below in a production environment, they are presented only as an aid for those who learn kinesthetically.
“A good solution applied with vigor now is better than a perfect solution applied ten minutes later.”
- General George Smith Patton III (source)
Continue reading »
A Practical View of Comcast vs FCC
One thing to note about the United States Court of Appeals for the District of Columbia Circuit decision in Comcast vs. F.C.C.– it doesn’t restrict the F.C.C.‘s ability to regulate Internet services; rather, the court ruled that the broad regulatory powers enjoyed by the F.C.C. were overstepped when they told Comcast to stop discriminating against BitTorrent traffic . Many individuals dismiss this as a “bad decision” of the court, but to do so ignores important issues relevant to this ruling.
I generally favor ‘net neutrality, and I certainly don’t take a kindly view of the arbitrary packet discrimination employed by unscrupulous companies; left unchecked, such practices easily (perhaps inevitably) lead to “the pseudo service scenario of bribery … extortion“, but the same slippery slope analogy could slide the other way. Had the appellate court ruled in favor of the F.C.C. it would have set a precedent for allowing a regulatory authority to essentially invent new powers not specifically delegated to it by any act of Congress. If you would prefer that Congress pass such a law, you may wish to ask your representatives to support H.R. 3458.
Automount USB drives on Ubuntu servers.
In most cases, Ubuntu desktop systems will automatically detect and mount removable media, and this is largely done with software that is part of the X Windows system; for server systems without X Windows however, this sort of thing requires a bit of work.
Now some may ask, “Why automount removable media at all?” It is unwise to remove an active device, such as unplugging a USB drive without first unmounting it, and automounting may encourage this sort of recklessness. I don’t contend this, but if one runs a server using an external USB drive, there are two words which should spark an immediate interest in automatic mounts: power failure.
Continue reading »
Diagnosing Sound Problems in Ubuntu Linux
Sound problems fall in to three basic categories, and the first thing you want to do is determine which one you’re dealing with. The easiest thing you can do is test your speakers with something else, using the same cable. If your speakers and cable are confirmed to be in good working order, then the problem must be either: Continue reading »
SSH Coolness ... even on Windows.
prerequisite concepts: prelude, basic config., port fwd, proxy conn.
I don’t often have the opportunity to experiment on computers running Windows, but every once in a long while it simply cannot be avoided. I recently found myself wanting to look up a password in Revelation, a password manager for the Gnome Desktop on Linux; I have previously written about using OpenSSH’s ProxyCommand directive to tunnel through a firewall and forward X11 (GUI) applications remotely from a an isolated workstation on a private LAN, the difference here was that I needed to forward that application to a Windows workstation.
Continue reading »