Matthew Daly's Blog

I'm a web developer in Norfolk. This is my blog...

24th October 2011 10:18 pm

Linux in the Workplace

At the start of September I left my customer services role and started a new position as a web developer. I won’t give the name of either my old or new employer, but I will say that the new role is with a much smaller company, and the part I work for now is an e-commerce store that enjoys a significant degree of independence from the parent company. There are only two developers including myself, and we are solely responsible for the company’s IT infrastructure, and we don’t have the hassle of dealing with legacy applications or infrastructure. We therefore have considerable freedom in terms of what we choose to use to get our work done.

When I first started, I used Windows XP Professional since that was what my work laptop came with, but it soon became obvious that there wasn’t actually anything I specifically needed to be using Windows for. I mostly work on the company’s intranet, which doesn’t really need to be tested in Internet Explorer as we use Firefox internally. For email and calendar, we use Google Apps, which works fine with virtually any email client that supports IMAP, so I was using Thunderbird with the Lightning plugin. When coding I used Netbeans with the jVi plugin for most of my work, with occasional usage of Vim for writing shorter scripts. I used AppServ to provide local versions of Apache, MySQL and PHP, and I used PHPMyAdmin to interact with the database. For version control, I used Subversion. From time to time I need to remote into another machine using VNC, SSH or RDP, for which I used mRemote, but I was confident I could find an equivalent application. Also, we use Ubuntu on most of our servers, so it made a lot of sense from a compatibility point of view to also use it on my own desktop. From time to time, I also found myself writing bash or Perl scripts for systems administration purposes, and since it wasn’t really very practical to do that in Windows when it was going to be running in Ubuntu, I’d used an Ubuntu Server install in Virtualbox to write it, but it was obvious that running Ubuntu as my desktop OS would make more sense.

As Ubuntu 11.10 was due a little over a month after I first started, I decided to hold off making the switch until then so I could start with the most recent version and not have the hassle of upgrading an existing install. I had already downloaded the 64-bit version of Ubuntu 11.10 for my home machines and burned them to a CD, so I brought the CD into work and set up a dual boot so I could revert back to XP if anything went wrong, and also so I could easily copy across any files I needed from the Windows partition.

It took a fair while to get everything I wanted installed, but a lot less time than it would have taken if I’d set up Windows XP from scratch. The hardware all worked fine out of the box, and most of the software I needed was in the repositories. The only thing that I really needed that wasn’t there was Netbeans (which has apparently now been removed from the repositories), but the version in the Ubuntu repositories has never been very up-to-date anyway. Instead I installed the version of Netbeans available on the website, and that has worked fine for me. While there wasn’t a version of mRemote available, I did discover Remmina, which has proven to be an excellent client for SSH, RDP and VNC, to the point that I’ve now stopped using the terminal to connect via SSH in favour of using Remmina instead. Thunderbird does just as good a job with my email and calendar as it does on Windows, and I also have Mutt available. Naturally, it couldn’t be simpler to install a full LAMP stack and PHPMyAdmin either. In fact, the only application that I use much that I couldn’t get a decent version of was MySQL Workbench, and that was only because Oracle haven’t yet released a version for Ubuntu 11.10 (tried the version for 11.04, but it doesn’t seem to work), but I can live without that.

What’s interesting is that despite all the scaremongering I’ve heard over the years about how Linux isn’t ready for the workplace, I’ve as yet had no problems whatsoever. For everything I used in Windows, it was either available on Ubuntu, or there was a viable equivalent, or I could get by fine without it. Granted, the nature of my work means I have little need for the small amount of functionality that Microsoft Office has and LibreOffice doesn’t, and I don’t need to use the kind of ghastly legacy apps written in Visual Basic that most large enterprises commonly use, but I haven’t noticed any significant barriers to my productivity.

In fact, if anything I’m considerably more productive. I know people like to rag on Unity, and I wasn’t happy with it in the netbook edition of Ubuntu 10.10 myself, but in 11.10 it’s really starting to show its promise, and I haven’t had any problems with it. The fact that I know Ubuntu a lot more thoroughly than I do Windows, purely from my own experience at home, means that I can get things done a lot quicker, but also the whole package management system means I’m largely free from the annoyances of opening an application in the morning to be confronted with an update dialogue, quite apart from the fact that very few updates require a restart. I’d go so far as to say that I’ve been more productive using Ubuntu at work than I would have been with either Windows 7 or OS X (and over the last few years I’ve used Windows Vista, Windows 7 and OS X fairly extensively).

I really don’t want this to turn into Yet Another Year of the Linux Desktop blog post, because that’s rather a tired old cliche, but I have absolutely no problems whatsoever getting my work done on Ubuntu. I’ll concede that as a developer I have significant freedom that isn’t often afforded to other people, and running some flavour of Unix makes a lot of sense if you’re a developer working with one of the open-source server-side languages such as PHP or Python (if I were a .NET developer, it would make rather less sense). I’m also lucky to be in a position where I don’t have to worry about legacy apps or IE compatibility too much. Nonetheless, it’s still remarkable how smoothly my migration across to Ubuntu on my work desktop has gone, and the extent to which I find it’s improved my workflow.

29th May 2011 2:53 pm

Hacked!

Had a rather unfortunate incident last month - someone hacked into my Pogoplug mail server, and managed to get their mitts on my .fetchmailrc, which had all the login details for several email accounts. They promptly began sending spam out using my Gmail account.

Naturally this meant I spent ages running round like a headless chicken trying to lock them out - when I first noticed that they’d been sending emails directly from my mail server, I logged into it via SSH and shut it down, then changed the passwords on all my email accounts.

Thinking logically, there were four services that I had forwarded ports to the server for - SSH, Apache, Postfix and Dovecot. Now, I was running SSH on a non-standard port, had disabled root access, and didn’t allow password authentication (SSH keys only). Also, I had enabled DenyHosts, so I’m fairly confident SSH was not the point of entry.

So that leaves either Apache, Postfix or Dovecot. I had noticed in the error logs a lot of characters prefixed with backslashes, and wondered if someone was trying some kind of shellcode injection, and to be safe I had added new iptables rules to blacklist the IP addresses responsible. I had done what I could to secure Apache, but I can’t rule it out as the application that was compromised. I went through the server logs, but without finding anything - I’m guessing whoever was responsible deleted the appropriate entries in the log files. I couldn’t be sure that the server could still be trusted, so I did a fresh install, and have disabled port forwarding on my router.

This has certainly made me much more cautious and suspicious about security, which I guess can’t be a bad thing. Even beforehand, I found it pretty scary to see the sheer number of script kiddies who will try to hack into any server on the Internet.

30th March 2011 8:34 pm

New Phone

On Friday of last week I unexpectedly got a text from Vodafone saying I was able to upgrade my phone early. I was pretty pleased about this as having been something of an Android early adopter, I was still using an early Android phone, namely my HTC Magic. While a fine phone when it was released, it was only the second Android phone to become available in the UK and was therefore a bit dated compared to newer devices. It has been upgraded to Froyo (albeit a cut-down custom build) but that did slow the phone down somewhat.

So as soon as I had the opportunity I had a good look around for a new one to replace it. Right from the start I had my eye on the HTC Desire Z. Much as I love touchscreen phones, it’s very often extremely handy to have a physical keyboard, and as I’ve found myself using ConnectBot to connect to my home server via SSH a lot, the keyboard-toting Desire Z immediately had an advantage over the touchscreen-only models. Ideally I didn’t want to change my plan, so I checked out the deals for HTC phones on the same plan, and the Desire Z happened to be the only one on the same plan, so it was a no-brainer.

I got the phone on Monday, and it is amazing. The keyboard is easy to use and works well, the phone is lightning fast, and the UI is spot-on - it has everything I love about Android on the Magic (like the great notification system) and more. In particular I love the RSS reader- it syncs with Google Reader, so if I have to wait for a train, I can at least read some feeds while I’m waiting.

One thing I’m hoping to get more use out of is SL4A. I had this on my Magic, but coding on a touchscreen phone is not easy! I’m hoping that with the Desire Z’s keyboard, this will be a lot more useful.

21st February 2011 10:26 pm

More on My Mini Server

While I was very pleased to get a proper Linux distro working on my Pogoplug, the Arch-based Plugbox Linux was never really my cup of tea. While it’s a fine distro, I always felt that Debian would have been a much better fit. Partly this is because Debian has established a strong history of being a solid, stable distro that would carry on working no matter what, whereas Arch is more bleeding-edge. Also, Debian has a colossal repository that included a lot of software I wanted that wasn’t in the Arch repositories and I couldn’t get to install or compile from source, such as procmail and Squirrelmail. Debian also has strong support for many different processor architectures, including armel. Finally, being an Ubuntu user on the desktop, Debian is a distro that feels much more familiar to me.

So I eventually gave up on running Plugbox Linux and took the opportunity of the release of Debian Squeeze to install it on my Pogoplug, thanks to this tutorial. With that done, I set about adding my favourite applications. Byobu is a really handy tool that makes GNU screen significantly more intuitive and useful, so that’s always one of the first things to go on, and one that I’d really missed in Plugbox. I’ve now gotten my mail server working again, with the addition of procmail as my mail filter and Squirrelmail to give me a web interface. I’ve also set up Leafnode on there as I’d really like to learn more about Usenet, and I’m beginning to get the hang of using slrn to read it.

It’s amazing how much running my own server has taught me about security. I was staggered to see the sheer number of attempts by script kiddies to connect via SSH to my Pogoplug, and it really made me start thinking about security in a way I’d never bothered beforehand. I’ve installed denyhosts to block atttempts to brute-force the password, and made sure I chose a good password. I’ve also set OpenSSH to listen on a different port, which should hopefully decrease the number of login attempts substantially (I presume most of these were just script kiddies scanning large blocks of IP addresses looking for hosts with port 22 open), and have disabled root login (as at right now my login is the only one that is allowed via SSH, so if anyone does bother to do a more thorough scan and try to connect to the port I’m running SSH on, they’ll need to guess my username AND password, and do so before denyhosts kicks them off - a pretty tall order).

The whole concept of “plug servers” is one I really like, and my experience with the Pogoplug has been extremely good - it’s an inexpensive and extremely hackable device that has been an absolute pleasure to use.

24th January 2011 12:30 am

My New Mini Server

For a while now I’ve wanted a home server of some description, the idea being that it was something I could use to run a web server for development purposes, and a mail server so I could have an offline backup for my Gmail account (considering how much I rely on it, it’s only prudent to plan for what might happen if Gmail went down), and whatever else I need. Also, I only have laptops at present so I liked the idea of having something I could leave on all the time and connect to remotely via SSH.

Around Christmas, I read a forum post by someone who’d bought a PogoPlug cheap from PC World and had hacked it into a web server using Plugbox Linux, an Arch-based Linux distro. Shortly afterwards, I went into a branch of Currys in Norwich, and they had one on sale (£20 off the RRP of £70), so I shelled out for it. I already had a load of USB flash drives lying around, and an 8GB one is big enough for what I had in mind. After all, I wasn’t going to be serving anything that demanding over it, so something small and low-powered should be fine.

This weekend I finally got round to getting it set up. The PogoPlug service is actually pretty good - if you’re unfamiliar with it, it’s basically a self-hosted version of Dropbox, where you buy the device, connect it to your router, attach up to 4 flash drives or hard drives via USB, then share the files stored on them easily across your home network or over the Internet. However, this wasn’t really what I wanted.

Installing Plugbox Linux wasn’t hard - I merely had to activate SSH from the PogoPlug’s control panel, connect and kill the hbwd process, then install a new bootloader to enable it to boot the new OS. Once that was done, it was a case of attaching a flash drive, ensuring it was correctly mounted and the filesystem was set up properly, then downloading the Plugbox Linux tarball and unpacking it on the flash drive, before rebooting into the new OS.

Once it was installed, it wasn’t too hard to get the hang of pacman. I’d prefer it to have been Debian-based as that’s what I’m most familiar with, but that’s just personal preference. After a little tinkering I now have Postfix and Dovecot working on there, as well as Apache (although it might make sense to switch to something lighter, such as lighttpd or Cherokee). I’ve given it a fully qualified domain name via a free subdomain at dyndns.org, and I can now access emails on there via IMAP. Outgoing email works fine too, so I can always set up a Perl script or two to notify me if anything goes wrong by sending an email to my Gmail account. I’ve set up fetchmail to pull emails from my Gmail account via POP3, so all my email is in the process of being backed up on there, and I can use my phone to access it via IMAP, or SSH in and read it with Mutt. Going forwards, I may install Squirrelmail as well to give me more options.

One thing I’m not too sure about - I couldn’t get incoming mails to work, and I’m unsure whether this is because it’s using a subdomain (the email address is basically matthew@mydomainname.dyndns.org) or Postfix is merely misconfigured. Is it possible to receive emails to a subdomain in this fashion?

Anyway, this is a really great little machine and it’s been lots of fun getting it set up. I have to say, though, I’m really disappointed with the range of home server and NAS products currently on the market. Most of the NAS systems offer very little in the way of functionality or customisability, and most of the home servers are a bit too big, powerful and expensive, and usually run Windows Home Server, which isn’t really my cup of tea.

What I’d like to see is a small home server with a couple of hard drive bays at most, and a Debian or Ubuntu-based OS with access to apt-get and tasksel, so it’s easy to install whatever you want from the repositories. Also, give it a web interface that’s simpler than Webmin and makes it quick and easy to set up common software, but offer an advanced option for those that want it. That would be a fantastic device for end users - if it made it easy to set up a UPnP server, a Firefly server, or a BitTorrent client, that would be really useful.

Recent Posts

Mutation Testing With Infection

Switching from Vim to Neovim

Better Strings in PHP

Forcing SSL in Codeigniter

Logging to the ELK Stack With Laravel

About me

I'm a web and mobile app developer based in Norfolk. My skillset includes Python, PHP and Javascript, and I have extensive experience working with CodeIgniter, Laravel, Django, Phonegap and Angular.js.