UK Linux User Groups

I've a collection of about 500 bookmarks which I've barely touched for a few years. I started organizing them late the other night, because I'd been off work sick for two days and that was about the most I felt up for doing with a computer.

The intention was to "tidy" them, and then setup some way of syncing them across browsers/computers. In the end I didn't like any of the syncing plugins I could find - xmarks, etc - so I decided to take a step backwards.

I'd exported my bookmarks to HTML page, via firefox, before I started, and then later in a fit of pique I deleted the whole damn lot of them.

So now a few years worth of bookmarks are stored in a single HTML file. But wait, we can use revision control can't we? We can host that file on github/similar. We can rely upon merges to deal with conflicts - simple if we just add lines to the end, or delete lines.

Maybe that's the best way to store bookmarks? I updated the bookmark file to read:

<ul> <li tags="debian, personal"><a href="http://www.debian-administration.org/">Debian Admin</a></li> .. </ul>

Adding "tags" to the LI-container and then some simple jQuery code gave me the ability to search/filter the bookmarks and auto-populate tags.

A small example placed online here:

• http://www.steve.org.uk/Software/bookmarks/

The obvious comment is that this makes adding new bookmarks a bit harder, but we'll see.. The javascript works in the browsers I tested, and for those that have none the bookmarks will just be a simple unordered list which should be universal.

I expect the javascript could be improved by a real developer.

My webserver of choice is nginx, it's resource friendly, fast, reliable and versitile.

I have a resource constrained Debian 6.0 "server" at home and wanted to deploy nginx on it for testing. Sadly, the nginx package in the squeeze repositories is very old. Fortunately, the Debian Backports has a fairly current version, 1.2.1 as the time of writing.

To enable the backports repository add the following line to /etc/apt/sources.list.d/backports.list.

deb http://backports.debian.org/debian-backports squeeze-backports main

Update the repositories.

sudo apt-get update

Install nginx. All backports are deactivated by default, so the apt-get use is somewhat different.

sudo apt-get -t squeeze-backports install nginx-full

nginx is now installed and can be configured in the usual way.

References

• http://backports-master.debian.org/
• http://packages.debian.org/squeeze-backports/nginx

Last week I had another birthday, which was nice. I'm now all mature, and everything. Honest.

I received a few surprise gifts from friends and strangers alike, which was pretty good. Other than that I didn't do too much.

This weekend I'm going to be using "airbnb" to spend the weekend in Dundee with my partner who is regularly commuting between Edinburgh and Perth/Dundee, to work in various hospitals. With all the commuting time she's not had too much time to explore the actual city, and I've only been there once before so I'm sure it will be a fun weekend.

The templer static site generator got a little bit of pimping on LWN.net the other day, thanks to Martin Michlmayr, although embarassingly I seem to have read the article and repeated the content in the conclusion, and duplicated that in my own comment. Ooops.

Beyond that I've done little coding recently, although I suspect now that nodejs has had a stable release I might do something interesting soon. I don't want to dwell on the failure of Sim City - because I don't run windows and couldn't have tried it even if I wanted to - but I'm pondering the idea of a persistant grid-space where different items can be placed.

I've not tried anything browser-based before, but the popularity of things like minecraft make me wonder if you had an "infinite grid" where folk could store "stuff", and scroll around in a browser you might be able to do interesting things.

Starting small, with a 100x100 grid, and some kind of updated play-by-mail turfwars/drug-war like experience should be simple. But then again enthusiasm is easy to generate until you start working out how you'd interface with the server and what kind of client you'd need.

Now to enjoy some 21 year old whisky and call it a night..

A couple of weeks ago I saw Katy Manning in a tour of Agatha Christie’s “A Murder is Announced.” It’s a very traditional production: A single set and a cast of eleven, with scene changes covered by blackouts and music. Unusual in this day and age, but pleasant for it. Katy portrayed the central character of the piece and delivered a strong, confident performance. Some of the other cast members appeared to be playing well out of their age range: One character supposedly in her dotage was clearly played by a much younger actress (though Katy corrected me later on that point), and Dean Gaffney playing a student was stretching credulity somewhat! Overall the production was enjoyable and it was great to see Katy in action.

This weekend was the third of the BFI’s monthly Doctor Who screenings. “The Mind of Evil” was shown in colour for the first time in forty-two years in the UK, following a painstaking colour recovery process. I am even more convinced now that Doctor Who is at its best when watched with five hundred other fans in a cinema! The humour (intentional and otherwise) is emphasised, the action enhanced and the performances sparkle.

The panel afterwards comprised Timothy Combe (director), Terrance Dicks (script editor), Richard Franklin (Mike Yates), John Levene (Sgt. Benton) and, that’s right, Katy Manning (Jo Grant). The panel had a great energy, with several very vocal contributors.

Once again, James from The Doctor Who Podcast recorded our thoughts after the screening, which will be available from their Facebook page soon. (You can still download February’s “Tomb of the Cybermen” special episode.)

Finally, a massive thank you to everyone who responded to last week’s blog post. It’s been touching seeing some familiar names on the Sam Shaw Appeal page. The appeal has nearly reached 3% of the target. It’s a big target and that 3% represents an amazing contribution from a lot of people in a short time. Please give something if you can.

Pin It

I've been a fan of nullmailer for some years now, so much so that I took ownership of the nullmailer package for Arch Linux.

> nullmailer is a sendmail/qmail/etc replacement MTA for hosts which > relay to a fixed set of smart relays. It is designed to be simple to > configure, secure, and easily extendable.

The other advantage nullmailer has compared to similar tools is that is queues email until it is able to deliver it upstream.

Install nullmailer as follows.

packer -S --noedit --noconfirm nullmailer

Configuring nullmailer to relay via Gmail can be achieved using SMTPS or MSA. nullmailer has had these capabilies since 1.10. The following provides some useful clues /usr/lib/nullmailer/smtp --help.

While these examples are specific to relaying via Gmail, you can sse it is trivial to adapt them to any other mail host.

Relay via Gmail using MSA

Add to following to /etc/nullmailer/remotes. I prefer this technique.

smtp.gmail.com smtp --port=587 --auth-login --user=you@gmail.com --pass=Yourpassword --starttls Relay via Gmail using SMTPS

Add to following to /etc/nullmailer/remotes.

smtp.gmail.com smtp --port=465 --auth-login --user=you@gmail.com --pass=Yourpassword --ssl

Once you've got /etc/nullmailer/remotes configured start the nullmailer service.

sudo systemctl start nullmailer

To test nullmailer can relay email correctly do the following.

echo "Test 1" | mailx -s "Test One" me@example.org

You can see what nullmailer is up to by checking the systemd journal or syslog (if you've syslog enabled systemd). This is how to get the logs from the systemd journal.

journalctl _SYSTEMD_UNIT=nullmailer.service

Or via syslog.

sudo grep nullmailer /var/log/daemon.log

When you're happy nullmailer is working enable the systemd unit.

sudo systemctl enable nullmailer

Email will now flow as required.

While migrating one of my VPS servers to Arch Linux I deployed Uncomplicated Firewall (UFW) to handle basic firewalling duties. I like ufw as it provides simple host-based firewall management and, in my opinion, one of the better projects to come out of the Ubuntu camp.

Install ufw as follows.

sudo pacman -Syy -noconfirm --needed ufw

Configuring ufw is simple but make sure you have console access to the host you are configuring just in case you lock yourself out.

NOTE! When enabling ufw the chains are flushed and connections may be dropped. You can add rules to the firewall before enabling it however, so if you are testing ufw on a remote machine it is recommended you perform...

ufw allow ssh/tcp

...before running sudo ufw enable. Once the firewall is enabled, adding and removing rules will not flush the firewall, although modifying an existing rule will.

Set the default behaviour to deny all incoming connections.

sudo ufw default deny

Open up TCP port 22 but with rate limiting enabled which will deny connections from an IP address that has attempted to initiate 6 or more connections in the last 30 seconds. Ideal for protecting sshd but you should conisder other SSH brute force defense techniques as well.

sudo ufw limit tcp/22

I'm hosting a few websites on my VPS so I open http and https.

sudo ufw allow 80/tcp sudo ufw allow 443/tcp

I have a static IP address at home so I allow unfiltered access to the VPS from that IP. I've used a bogus IP address in the example below.

sudo ufw allow from 10.0.0.0/32

Enable the ufw systemd unit.

sudo systemctl enable ufw sudo systemctl start ufw

However, ufw is not enabled at this point. To enable the firewall you also have to do the following.

sudo ufw enable

You can see the status of the firewall using sudo ufw status.

On low-end servers it might be beneficial to disable logging.

sudo ufw logging off

At this point you should have a basic firewall configured and ufw help or the references below will assist you.

References

• https://wiki.archlinux.org/index.php/Uncomplicated_Firewall
• https://wiki.ubuntu.com/UncomplicatedFirewall
• https://launchpad.net/ufw

I've decide to migrate one of my servers to Arch Linux. I'm not sure that a rolling release distro really suits servers but I've enjoyed using Arch Linux over the last year on my workstations and the only way to assess it's suitability on a server is to try it. So, I've decide to migrate my blog to an Arch Linux server.

This blog post describes how to install Nikola on Arch Linux. Nikola is a static site and blog generator written in Python that I've been using for a few months.

First you'll need Python and virtualenvwrapper so read my Python and virtualenv on Arch Linux and Ubuntu blog post and get yourself equiped.

Install the Nikola 5.4.2 dependencies.

sudo pacman -S --noconfirm --needed freetype2 libxslt libxml2 sudo packer -S --noconfirm --noedit libjpeg6

Create a virtualenv for Nikola.

mkvirtualenv -p python2.7 --use-distribute nikola-542

You will notice your shell prompt has changed to indicate that the nikola-542 virtualenv is now active. Install Nikola and the optional libraries I use.

pip install http://nikola-generator.googlecode.com/files/nikola-5.4.2.zip pip install bbcode markdown requests webassets peewee feedparser

Nikola is now installed. nikola help and the Nikola Handbook will assist you from here on.

This is Sam when I met him at just 4 days old:

Me and Sam at 4 days old

This is Sam with his Dad, Carl, at New Year 2013, just before Sam was diagnosed with Stage 4 neuroblastoma cancer:

Sam with his Dad, Carl

Yesterday was Sam’s 4th birthday but because he has to have chemotherapy every 10 days at the moment, he’s having to spend it in hospital, sharing his massive chocolate cake with the rest of the ward. When he gets home at the weekend, he’ll get a proper birthday with balloons and more cake!

He has to have chemotherapy for the next 5-6 weeks (80 days in all). The neuroblastoma had woven itself around his internal organs and through his bones but his tests at the six-week half-way point showed that he’s responding really well to this stage of his treatment. All being well, he’ll have a series of other types of treatments for the rest of the year. So the year he turned four won’t be the most fun in his life but it could be one of the most important.

Because relapse rates are high for neuroblastoma, his oncologist at Manchester Children’s Hospital has recommended that Sam receives immunotherapy treatment. This will help Sam’s body fight off any future return of the cancer. The specific type of treatment he needs is currently only available in the US. It will cost £250,000 and can’t be funded by the NHS. So his family have set up the Sam Shaw Appeal on JustGiving with the support of The Neuroblastoma Alliance for anyone who would like to help them by making donations, large or small.

Sam as Bob the Builder

I met Sam’s Mum, Christine, at ballet classes when we were just slightly older than Sam is now. We went to primary and secondary school together and have stayed friends ever since. My little ballet friend is now a grown-up having to deal with this unimaginably shocking and stressful news. She (and her husband and family) are experiencing a year of spending days in hospital for treatment, then days at home while Sam recovers, then more days in hospital for more treatment, interspersed with unscheduled trips to hospital when he gets ill, and accompanied by constant stress, worry, sleeplessness, and pain. “Putting their lives on hold” seems quite a glib expression but they really really are.

On top of all that, they need to raise more money than a house would cost. The treatment this money could buy should help ensure that they don’t have to repeat this experience in future years.

If you can donate anything, that would be brilliant. You can donate online or you can text SAMS67 followed by your amount: £1, £2 £3 £4 £5 or £10, to 70070. If you’re a UK taxpayer, you can Gift Aid donations using either method. Carl has started a Twitter campaign to ask 250,000 people to donate £1 each – some people have more followers than 250,000 followers on Twitter, so if you can retweet his message to your own followers, that would be great too.

Tony blogged about Sam on Monday and we’ve been so touched to see our friends, who don’t know Sam or his family, donating money and sending messages of support. That’s amazing; you’re all amazing!

Sam, Christine, Carl

When I migrated my site to Nikola I wanted to ensure I could manage my blog from the shell, the web, Android smartphone, Android tablet. I took some inspiration from Joe Hewitt's article Dropbox is my publish button and created a free Dropbox account which links to a shared folder on my Dropbox Pro account. I created a simple shell script (invoked via cron every minute) that looks for a trigger file, if the trigger file exists Nikola publishes and deploys the site.

I am able to edit content from anywhere, on any device, and trigger publishing. Very happy.

What follows is how I install Dropbox on headless servers running Arch Linux and Debian/Ubuntu.

Installing Dropbox daemon - all distros

Download the latest Dropbox stable release for 32-bit or 64-bit.

wget -O dropbox.tar.gz "http://www.dropbox.com/download/?plat=lnx.x86" wget -O dropbox.tar.gz "http://www.dropbox.com/download/?plat=lnx.x86_64"

Extract the archive and install Dropbox in /opt.

cd tar -xvzf dropbox.tar.gz sudo mv ~/.dropbox-dist /opt/dropbox sudo find /opt/dropbox/ -type f -exec chmod 644 {} \; sudo chmod 755 /opt/dropbox/dropboxd sudo chmod 755 /opt/dropbox/dropbox sudo ln -s /opt/dropbox/dropboxd /usr/local/bin/dropboxd

Run dropboxd.

/usr/local/bin/dropboxd

You should see output like this:

This client is not linked to any account... Please visit https://www.dropbox.com/cli_link?host_id=7d44a557aa58f285f2da0x67334d02c1 to link this machine.

Visit the URL, login with your Dropbox account and link the account. You should see the following.

Client successfully linked, Welcome Web!

dropboxd will now create a ~/Dropbox folder and start synchronizing. Stop dropboxd with CTRL+C.

Arch Linux - systemd

Run Dropbox as daemon with systemd. Create /usr/lib/systemd/system/dropbox@.service with the following content.

[Unit] Description=Dropbox After=local-fs.target network.target [Service] Type=simple ExecStart=/usr/local/bin/dropboxd ExecReload=/bin/kill -HUP $MAINPID KillMode=process Restart=always User=%I [Install] WantedBy=multi-user.target

Enable the daemon for your user, run the following replace<user> with your username. This will ensure Dropbox is started when the system boots.

sudo systemctl enable dropbox@<user> sudo systemctl start dropbox@<user> Debian/Ubuntu - init.d

Run Dropbox as daemon with init.d. Create /etc/init.d/dropbox with the following content, replacing <user> with your username.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66#!/bin/sh ### BEGIN INIT INFO # Provides: dropbox # Required-Start: $local_fs $remote_fs $network $syslog $named # Required-Stop: $local_fs $remote_fs $network $syslog $named # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # X-Interactive: false # Short-Description: dropbox service ### END INIT INFO DROPBOX_USERS="<user>" DAEMON=/opt/dropbox/dropbox start() { echo "Starting dropbox..." for dbuser in $DROPBOX_USERS; do HOMEDIR=`getent passwd $dbuser | cut -d: -f6` if [ -x $HOMEDIR/$DAEMON ]; then HOME="$HOMEDIR" start-stop-daemon -b -o -c $dbuser -S -u $dbuser -x $HOMEDIR/$DAEMON fi done } stop() { echo "Stopping dropbox..." for dbuser in $DROPBOX_USERS; do HOMEDIR=`getent passwd $dbuser | cut -d: -f6` if [ -x $HOMEDIR/$DAEMON ]; then start-stop-daemon -o -c $dbuser -K -u $dbuser -x $HOMEDIR/$DAEMON fi done } status() { for dbuser in $DROPBOX_USERS; do dbpid=`pgrep -u $dbuser dropbox` if [ -z $dbpid ] ; then echo "dropboxd for USER $dbuser: not running." else echo "dropboxd for USER $dbuser: running (pid $dbpid)" fi done } case "$1" in start) start ;; stop) stop ;; restart|reload|force-reload) stop start ;; status) status ;; *) echo "Usage: /etc/init.d/dropbox {start|stop|reload|force-reload|restart|status}" exit 1 esac exit 0

Enable the init.d script.

sudo chmod +x /etc/init.d/dropbox sudo update-rc.d dropbox defaults Install Dropbox client - all distros

It is recommended to download the official Dropbox client to configure Dropbox and get its status.

wget "http://www.dropbox.com/download?dl=packages/dropbox.py" -O dropbox-cli chmod 755 dropbox-cli sed -i s'/#!\/usr\/bin\/python/#!\/usr\/bin\/env python2/' dropbox-cli sudo mv dropbox-cli /usr/local/bin/

For usage instructions run dropbox-cli help.

Disable LAN Sync

Stop Dropbox from sending LAN Sync broadcasts every 30 seconds over port 17500.

dropbox-cli lansync n

I'm planning to make more use of Dropbox for content management and content delivery, blog posts to follow.

References

• http://www.dropboxwiki.com/Text_Based_Linux_Install
• https://aur.archlinux.org/packages/dropbox/
• https://wiki.archlinux.org/index.php/Dropbox