UK Linux User Groups

Last week I had another birthday, which was nice. I'm now all mature, and everything. Honest.

I received a few surprise gifts from friends and strangers alike, which was pretty good. Other than that I didn't do too much.

This weekend I'm going to be using "airbnb" to spend the weekend in Dundee with my partner who is regularly commuting between Edinburgh and Perth/Dundee, to work in various hospitals. With all the commuting time she's not had too much time to explore the actual city, and I've only been there once before so I'm sure it will be a fun weekend.

The templer static site generator got a little bit of pimping on LWN.net the other day, thanks to Martin Michlmayr, although embarassingly I seem to have read the article and repeated the content in the conclusion, and duplicated that in my own comment. Ooops.

Beyond that I've done little coding recently, although I suspect now that nodejs has had a stable release I might do something interesting soon. I don't want to dwell on the failure of Sim City - because I don't run windows and couldn't have tried it even if I wanted to - but I'm pondering the idea of a persistant grid-space where different items can be placed.

I've not tried anything browser-based before, but the popularity of things like minecraft make me wonder if you had an "infinite grid" where folk could store "stuff", and scroll around in a browser you might be able to do interesting things.

Starting small, with a 100x100 grid, and some kind of updated play-by-mail turfwars/drug-war like experience should be simple. But then again enthusiasm is easy to generate until you start working out how you'd interface with the server and what kind of client you'd need.

Now to enjoy some 21 year old whisky and call it a night..

A couple of weeks ago I saw Katy Manning in a tour of Agatha Christie’s “A Murder is Announced.” It’s a very traditional production: A single set and a cast of eleven, with scene changes covered by blackouts and music. Unusual in this day and age, but pleasant for it. Katy portrayed the central character of the piece and delivered a strong, confident performance. Some of the other cast members appeared to be playing well out of their age range: One character supposedly in her dotage was clearly played by a much younger actress (though Katy corrected me later on that point), and Dean Gaffney playing a student was stretching credulity somewhat! Overall the production was enjoyable and it was great to see Katy in action.

This weekend was the third of the BFI’s monthly Doctor Who screenings. “The Mind of Evil” was shown in colour for the first time in forty-two years in the UK, following a painstaking colour recovery process. I am even more convinced now that Doctor Who is at its best when watched with five hundred other fans in a cinema! The humour (intentional and otherwise) is emphasised, the action enhanced and the performances sparkle.

The panel afterwards comprised Timothy Combe (director), Terrance Dicks (script editor), Richard Franklin (Mike Yates), John Levene (Sgt. Benton) and, that’s right, Katy Manning (Jo Grant). The panel had a great energy, with several very vocal contributors.

Once again, James from The Doctor Who Podcast recorded our thoughts after the screening, which will be available from their Facebook page soon. (You can still download February’s “Tomb of the Cybermen” special episode.)

Finally, a massive thank you to everyone who responded to last week’s blog post. It’s been touching seeing some familiar names on the Sam Shaw Appeal page. The appeal has nearly reached 3% of the target. It’s a big target and that 3% represents an amazing contribution from a lot of people in a short time. Please give something if you can.

Pin It

I've been a fan of nullmailer for some years now, so much so that I took ownership of the nullmailer package for Arch Linux.

> nullmailer is a sendmail/qmail/etc replacement MTA for hosts which > relay to a fixed set of smart relays. It is designed to be simple to > configure, secure, and easily extendable.

The other advantage nullmailer has compared to similar tools is that is queues email until it is able to deliver it upstream.

Install nullmailer as follows.

packer -S --noedit --noconfirm nullmailer

Configuring nullmailer to relay via Gmail can be achieved using SMTPS or MSA. nullmailer has had these capabilies since 1.10. The following provides some useful clues /usr/lib/nullmailer/smtp --help.

While these examples are specific to relaying via Gmail, you can sse it is trivial to adapt them to any other mail host.

Relay via Gmail using MSA

Add to following to /etc/nullmailer/remotes. I prefer this technique.

smtp.gmail.com smtp --port=587 --auth-login --user=you@gmail.com --pass=Yourpassword --starttls Relay via Gmail using SMTPS

Add to following to /etc/nullmailer/remotes.

smtp.gmail.com smtp --port=465 --auth-login --user=you@gmail.com --pass=Yourpassword --ssl

Once you've got /etc/nullmailer/remotes configured start the nullmailer service.

sudo systemctl start nullmailer

To test nullmailer can relay email correctly do the following.

echo "Test 1" | mailx -s "Test One" me@example.org

You can see what nullmailer is up to by checking the systemd journal or syslog (if you've syslog enabled systemd). This is how to get the logs from the systemd journal.

journalctl _SYSTEMD_UNIT=nullmailer.service

Or via syslog.

sudo grep nullmailer /var/log/daemon.log

When you're happy nullmailer is working enable the systemd unit.

sudo systemctl enable nullmailer

Email will now flow as required.

While migrating one of my VPS servers to Arch Linux I deployed Uncomplicated Firewall (UFW) to handle basic firewalling duties. I like ufw as it provides simple host-based firewall management and, in my opinion, one of the better projects to come out of the Ubuntu camp.

Install ufw as follows.

sudo pacman -Syy -noconfirm --needed ufw

Configuring ufw is simple but make sure you have console access to the host you are configuring just in case you lock yourself out.

NOTE! When enabling ufw the chains are flushed and connections may be dropped. You can add rules to the firewall before enabling it however, so if you are testing ufw on a remote machine it is recommended you perform...

ufw allow ssh/tcp

...before running sudo ufw enable. Once the firewall is enabled, adding and removing rules will not flush the firewall, although modifying an existing rule will.

Set the default behaviour to deny all incoming connections.

sudo ufw default deny

Open up TCP port 22 but with rate limiting enabled which will deny connections from an IP address that has attempted to initiate 6 or more connections in the last 30 seconds. Ideal for protecting sshd but you should conisder other SSH brute force defense techniques as well.

sudo ufw limit tcp/22

I'm hosting a few websites on my VPS so I open http and https.

sudo ufw allow 80/tcp sudo ufw allow 443/tcp

I have a static IP address at home so I allow unfiltered access to the VPS from that IP. I've used a bogus IP address in the example below.

sudo ufw allow from 10.0.0.0/32

Enable the ufw systemd unit.

sudo systemctl enable ufw sudo systemctl start ufw

However, ufw is not enabled at this point. To enable the firewall you also have to do the following.

sudo ufw enable

You can see the status of the firewall using sudo ufw status.

On low-end servers it might be beneficial to disable logging.

sudo ufw logging off

At this point you should have a basic firewall configured and ufw help or the references below will assist you.

References

• https://wiki.archlinux.org/index.php/Uncomplicated_Firewall
• https://wiki.ubuntu.com/UncomplicatedFirewall
• https://launchpad.net/ufw

I've decide to migrate one of my servers to Arch Linux. I'm not sure that a rolling release distro really suits servers but I've enjoyed using Arch Linux over the last year on my workstations and the only way to assess it's suitability on a server is to try it. So, I've decide to migrate my blog to an Arch Linux server.

This blog post describes how to install Nikola on Arch Linux. Nikola is a static site and blog generator written in Python that I've been using for a few months.

First you'll need Python and virtualenvwrapper so read my Python and virtualenv on Arch Linux and Ubuntu blog post and get yourself equiped.

Install the Nikola 5.4.2 dependencies.

sudo pacman -S --noconfirm --needed freetype2 libxslt libxml2 sudo packer -S --noconfirm --noedit libjpeg6

Create a virtualenv for Nikola.

mkvirtualenv -p python2.7 --use-distribute nikola-542

You will notice your shell prompt has changed to indicate that the nikola-542 virtualenv is now active. Install Nikola and the optional libraries I use.

pip install http://nikola-generator.googlecode.com/files/nikola-5.4.2.zip pip install bbcode markdown requests webassets peewee feedparser

Nikola is now installed. nikola help and the Nikola Handbook will assist you from here on.

This is Sam when I met him at just 4 days old:

Me and Sam at 4 days old

This is Sam with his Dad, Carl, at New Year 2013, just before Sam was diagnosed with Stage 4 neuroblastoma cancer:

Sam with his Dad, Carl

Yesterday was Sam’s 4th birthday but because he has to have chemotherapy every 10 days at the moment, he’s having to spend it in hospital, sharing his massive chocolate cake with the rest of the ward. When he gets home at the weekend, he’ll get a proper birthday with balloons and more cake!

He has to have chemotherapy for the next 5-6 weeks (80 days in all). The neuroblastoma had woven itself around his internal organs and through his bones but his tests at the six-week half-way point showed that he’s responding really well to this stage of his treatment. All being well, he’ll have a series of other types of treatments for the rest of the year. So the year he turned four won’t be the most fun in his life but it could be one of the most important.

Because relapse rates are high for neuroblastoma, his oncologist at Manchester Children’s Hospital has recommended that Sam receives immunotherapy treatment. This will help Sam’s body fight off any future return of the cancer. The specific type of treatment he needs is currently only available in the US. It will cost £250,000 and can’t be funded by the NHS. So his family have set up the Sam Shaw Appeal on JustGiving with the support of The Neuroblastoma Alliance for anyone who would like to help them by making donations, large or small.

Sam as Bob the Builder

I met Sam’s Mum, Christine, at ballet classes when we were just slightly older than Sam is now. We went to primary and secondary school together and have stayed friends ever since. My little ballet friend is now a grown-up having to deal with this unimaginably shocking and stressful news. She (and her husband and family) are experiencing a year of spending days in hospital for treatment, then days at home while Sam recovers, then more days in hospital for more treatment, interspersed with unscheduled trips to hospital when he gets ill, and accompanied by constant stress, worry, sleeplessness, and pain. “Putting their lives on hold” seems quite a glib expression but they really really are.

On top of all that, they need to raise more money than a house would cost. The treatment this money could buy should help ensure that they don’t have to repeat this experience in future years.

If you can donate anything, that would be brilliant. You can donate online or you can text SAMS67 followed by your amount: £1, £2 £3 £4 £5 or £10, to 70070. If you’re a UK taxpayer, you can Gift Aid donations using either method. Carl has started a Twitter campaign to ask 250,000 people to donate £1 each – some people have more followers than 250,000 followers on Twitter, so if you can retweet his message to your own followers, that would be great too.

Tony blogged about Sam on Monday and we’ve been so touched to see our friends, who don’t know Sam or his family, donating money and sending messages of support. That’s amazing; you’re all amazing!

Sam, Christine, Carl

When I migrated my site to Nikola I wanted to ensure I could manage my blog from the shell, the web, Android smartphone, Android tablet. I took some inspiration from Joe Hewitt's article Dropbox is my publish button and created a free Dropbox account which links to a shared folder on my Dropbox Pro account. I created a simple shell script (invoked via cron every minute) that looks for a trigger file, if the trigger file exists Nikola publishes and deploys the site.

I am able to edit content from anywhere, on any device, and trigger publishing. Very happy.

What follows is how I install Dropbox on headless servers running Arch Linux and Debian/Ubuntu.

Installing Dropbox daemon - all distros

Download the latest Dropbox stable release for 32-bit or 64-bit.

wget -O dropbox.tar.gz "http://www.dropbox.com/download/?plat=lnx.x86" wget -O dropbox.tar.gz "http://www.dropbox.com/download/?plat=lnx.x86_64"

Extract the archive and install Dropbox in /opt.

cd tar -xvzf dropbox.tar.gz sudo mv ~/.dropbox-dist /opt/dropbox sudo find /opt/dropbox/ -type f -exec chmod 644 {} \; sudo chmod 755 /opt/dropbox/dropboxd sudo chmod 755 /opt/dropbox/dropbox sudo ln -s /opt/dropbox/dropboxd /usr/local/bin/dropboxd

Run dropboxd.

/usr/local/bin/dropboxd

You should see output like this:

This client is not linked to any account... Please visit https://www.dropbox.com/cli_link?host_id=7d44a557aa58f285f2da0x67334d02c1 to link this machine.

Visit the URL, login with your Dropbox account and link the account. You should see the following.

Client successfully linked, Welcome Web!

dropboxd will now create a ~/Dropbox folder and start synchronizing. Stop dropboxd with CTRL+C.

Arch Linux - systemd

Run Dropbox as daemon with systemd. Create /usr/lib/systemd/system/dropbox@.service with the following content.

[Unit] Description=Dropbox After=local-fs.target network.target [Service] Type=simple ExecStart=/usr/local/bin/dropboxd ExecReload=/bin/kill -HUP $MAINPID KillMode=process Restart=always User=%I [Install] WantedBy=multi-user.target

Enable the daemon for your user, run the following replace<user> with your username. This will ensure Dropbox is started when the system boots.

sudo systemctl enable dropbox@<user> sudo systemctl start dropbox@<user> Debian/Ubuntu - init.d

Run Dropbox as daemon with init.d. Create /etc/init.d/dropbox with the following content, replacing <user> with your username.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66#!/bin/sh ### BEGIN INIT INFO # Provides: dropbox # Required-Start: $local_fs $remote_fs $network $syslog $named # Required-Stop: $local_fs $remote_fs $network $syslog $named # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # X-Interactive: false # Short-Description: dropbox service ### END INIT INFO DROPBOX_USERS="<user>" DAEMON=/opt/dropbox/dropbox start() { echo "Starting dropbox..." for dbuser in $DROPBOX_USERS; do HOMEDIR=`getent passwd $dbuser | cut -d: -f6` if [ -x $HOMEDIR/$DAEMON ]; then HOME="$HOMEDIR" start-stop-daemon -b -o -c $dbuser -S -u $dbuser -x $HOMEDIR/$DAEMON fi done } stop() { echo "Stopping dropbox..." for dbuser in $DROPBOX_USERS; do HOMEDIR=`getent passwd $dbuser | cut -d: -f6` if [ -x $HOMEDIR/$DAEMON ]; then start-stop-daemon -o -c $dbuser -K -u $dbuser -x $HOMEDIR/$DAEMON fi done } status() { for dbuser in $DROPBOX_USERS; do dbpid=`pgrep -u $dbuser dropbox` if [ -z $dbpid ] ; then echo "dropboxd for USER $dbuser: not running." else echo "dropboxd for USER $dbuser: running (pid $dbpid)" fi done } case "$1" in start) start ;; stop) stop ;; restart|reload|force-reload) stop start ;; status) status ;; *) echo "Usage: /etc/init.d/dropbox {start|stop|reload|force-reload|restart|status}" exit 1 esac exit 0

Enable the init.d script.

sudo chmod +x /etc/init.d/dropbox sudo update-rc.d dropbox defaults Install Dropbox client - all distros

It is recommended to download the official Dropbox client to configure Dropbox and get its status.

wget "http://www.dropbox.com/download?dl=packages/dropbox.py" -O dropbox-cli chmod 755 dropbox-cli sed -i s'/#!\/usr\/bin\/python/#!\/usr\/bin\/env python2/' dropbox-cli sudo mv dropbox-cli /usr/local/bin/

For usage instructions run dropbox-cli help.

Disable LAN Sync

Stop Dropbox from sending LAN Sync broadcasts every 30 seconds over port 17500.

dropbox-cli lansync n

I'm planning to make more use of Dropbox for content management and content delivery, blog posts to follow.

References

• http://www.dropboxwiki.com/Text_Based_Linux_Install
• https://aur.archlinux.org/packages/dropbox/
• https://wiki.archlinux.org/index.php/Dropbox

This week’s blog post is a bit different. It’s about Laura’s childhood friend Christine, her husband Carl and their three year old son, Sam.

In January, Sam was diagnosed with high risk neuroblastoma, a particularly aggressive cancer. It has spread from the main tumor into his bones and bone marrow. That makes it a class 4 cancer, the most advanced on the scale. The long term survival rate for high risk neuroblastoma is 40%.

The good news is that Sam is responding well to chemotherapy. But Sam’s oncologist at Manchester Children’s Hospital has recommended that Sam receives immunotherapy treatment so that his own body can recognise and attack the neuroblastoma if it returns.

The most successful treatment is not available in the UK because some of the drugs are still being trialled. It costs over £250,000 in the US. Which is why Sam desperately needs your help. Carl and Christine are trying to raise the money to send Sam for treatment in the US.

If you would like to donate to help Sam, that would be brilliant. In the UK you can just text SAMS67 and the amount you’d like to donate (£1, £2 £3 £4 £5 or £10) to 70070. Alternatively you can donate on-line at the Sam Shaw Just Giving page. It’s Sam’s fourth birthday this week, so it would be a great birthday present to give him.

If you would like to keep up-to-date with news about Sam and the appeal, please join join the Facebook group.

Thanks for reading.

Pin It

Dear National Car Parks,

As it seems the existence of your call centre is to goad people into a state of rage and you insist that everything has to be put in writing, I shall put my complaint to you in writing via my blog, before sending it to you in writing.

I am a season ticket holder for the station car park at Harold Wood.  My car is parked there on a daily basis.  On return to my vehicle on February 28th, I was surprised to find I had been ticketed.  Here’s the ticket:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Note the contravention: “Parked on double yellow lines”.  This was a surprise to me because there were and are no double yellow lines present.  For the non-drivers reading this, and confused NCP parking attendants, double yellow lines tend to look like this:

 

 

 

 

 

 

 

 

 

This is quite clear, right?  Two parallel yellow lines at specific distances from the side of the road with a crossing bar at each end.  Now, here’s a picture of where I was parked:

 

See the bay to the left of the red car? That’s where my car was, wholly within the confines of the white border.  You might want to check out the full size version of the photo but, looking at the example double yellow lines above, can you see where the double yellow lines I was ticketed for parking on are? I’ll sit here quietly while you check.

Done? Good.  You didn’t spot the double yellow lines, did you? Correct, that’s because there aren’t any to spot. I can read your mind.  “Ahhh, Martin, you silly boy.  You’ve parked on a restricted area, there are yellow hatchings. Tsk.”

That’s almost true, there are indeed yellow hatchings but that’s irrelevant.  Why so?  Just this:  When NCP took over the car park many years ago, they repainted all of the bays with fresh white markings.  Here’s a closeup of part of that bay:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Note that the white line is painted over the yellow one.  Had NCP not intended for people to use this as a parking bay, why on earth would they specifically paint bay markings there?  The answer is, they wouldn’t.  Those markings used to denoted an area where you weren’t supposed to park because it’s where a fast food place used to have its bins.  Rather than scraping the old lines up, they just painted new ones over the top.

Add to this the fact that I have been parked in that exact same spot dozens of times over the past couple of years, and this is the first time my car has been ticketed, I think what we’re dealing with here is an overzealous or brainless parking attendant.I currently can’t even talk to you about this over the phone because even after 4 days, the ticket hasn’t appeared on your system. I now have to waste some of my life sorting this out.

No love whatsoever, merely tired rage,

Martin A. Brooks