Cedar's Stuff

I’m a brainwashed commando

Administrator — Mon, 24 Oct 2005 21:41:49 +0000

In my dream I was reading a history book about marines fighting in Iraq during Desert Storm. It was about these young people flying f-15 fighter jets into combat and getting shot down, then having to fight in the desert. Then I noticed that one of the marines was named “Cedar McKay”. WTF? So I started to look at other names and noticed that all of them were Westtown (my quaker high-school) graduates and my former class-mates. I started investigating and discovered that rather than a peaceful little boarding school run by pacifist quakers, Westtown was secretly a training camp for creating brain-washed commandos who forget their true identities after completing a mission. Yes ….. I am crazy.

Change webserver port in OS X

Administrator — Wed, 14 Sep 2005 18:14:44 +0000

A while ago with the Code Red virus making an ass of Microsoft and its users, many cable internet providers (including mine) started blocking port 80, the default port that web pages are served on. Now I’m using DSL and serving on port 80 again, but to work around ISP blocking of port 80 I had to change which port Apache used to serve the site. Once you do this you also need to change the address you type into your browser to get to your site. For instance if you were serving at an address such as (in my case) aliandcedar.com now you need to type in aliandcedar.com:400, where “400″ is the new port number I chose to serve from. Keep in mind that you don’t need your own domain name. You could just use your IP address rather than a domain name.

Figure out how to open text files as root.
navigate to or find /private/etc/httpd/
From that directory make a backup copy of “httpd.conf” put it somewhere safe
Open “httpd.conf” as root.
Look around! This is an interesting file that controls how your apache works. You can learn a lot just by looking.
find this line of text: Port 80
Now change this to read:
Port newnumber where “newnumber” is the new port number you have chosen. You need to choose a number that is will not be used by another application or process. I chose 400, though I had no good reason for doing so. Folks with more knowledge than me may understand the rational for choosing certain port numbers.
Save your changes
Stop and Start “Personal Web Sharing” from the Preferences Panel
Good luck!

Passwords with .htaccess

Administrator — Wed, 14 Sep 2005 18:12:51 +0000

I wanted a page of my site to be password protected. Using something called .htaccess with apache you can control who has access to your site. Remember this is not a high security solution, but something to keep regular folks out of certain sections of your site. I learned most of this from Justin Miller’s website, but his is not OS X specific. However, it is more detailed than mine. I suggest you check it out. Overview: you are enabling a feature of apache that lets you put configuration files (called .htaccess files) throughout your web site. If you put a .htaccess file in a folder the configuration options (including access limits) you set within will affect everything in that folder and above. Keep in mind that .htaccess overrides your global httpd.conf file, but only where allowed by that same httpd.conf file. Also keep in mind that I am no expert at this. The setup I am about to describe may give too much power to each of your users. I set it up this way because I trust all of the users of my machine, but if you are configuring for less trustworthy users I suggest you do a little more research. OK, here we go.

Figure out how to open text files as root.
navigate to or find /private/etc/httpd/
From that directory make a backup copy of “httpd.conf” put it somewhere safe
Open “httpd.conf” as root.
Look around! This is an interesting file that controls how your apache installation works. You can learn a lot just by looking.
Search for this line: Directory "/Library/Web server/Documents"
Now look a few of lines down. Change Options Indexes FollowSymLinks MultiViews to Options All MultiViews
Below that change AllowOverride None to AllowOverride All
Save the config file. Now do this cd /private/etc/httpd/users/. Now type ls You should see files called “user.conf” with your name substituted for “user”. Open the appropriate .conf file as you learned before.
Change Options Indexes FollowSymLinks MultiViews to Options All MultiViews
Below that change AllowOverride None to AllowOverride All. Now save the file.
Restart apache by using the sharing control panel, in System Preferences.
OK! Apache is configured. Now you need to make an encrypted password file.

Navigate in the terminal to the directory you want your password file to reside. Important!: You must put this file outside the web page directory tree, that is, somewhere other than your Sites directory. Otherwise bad people can just look at this file!
in the terminal type htpasswd -c .htpasswd yourname which will prompt you for the password. This will create a file called .htpasswd in the directory that you are currently in. If you want to update the file, perhaps adding new usernames, just do the same thing omitting the -c (create) flag

Now you need to create a .htaccess file:

make a new text file called .htaccess.
put in this text replacing the appropriate parts. “yourpath/.htpasswd” will of course just be the path to the file you created in the last step.
AuthUserFile /yourpath/.htpasswd AuthName 'your sitename (or whatever)' AuthType Basic require user yourname yourname2 yourname3
Save in the directory that you wish these restrictions to apply to.

You can create additional .htaccess files in any part of your web directory tree. Each will apply to all files and directories under it unless another .htaccess file is there.
Done! Go crazy.

Enable PHP in OS X

Administrator — Wed, 14 Sep 2005 18:09:57 +0000

This works if you are running OS X 10.2.3 or (hopefully this will work with future updates too) later.
Apple ships apache with OS X. It also ships with php, but is disabled by default. With a single click of the mouse at the sharing control panel you can start serving a web page using apache! But if you want to do a couple of more advanced things, like use php suddenly you are neck deep in .config files and using the command line. Scary. Here are the simple(ish) steps to get php working. This is meant to get php working for you fast, not to explain what you are doing or why.

Figure out how to open text files as root.
navigate to or find /private/etc/httpd/
From that directory make a backup copy of “httpd.conf” put it somewhere safe
Look around! This is an interesting file that controls how your apache works. You can learn a lot just by looking.
find these two lines of text:

LoadModule php4_module
AddModule mod_php4.c

Remove the “#” sign from in front of each line. This “uncomments” it, making it readable by apache. Save your changes.
Find the following text:
# AddType allows you to tweak mime.types without actually editing it, or to

# make certain files to be certain types.

and replace it with:

# AddType allows you to tweak mime.types without actually editing it, or to # make certain files to be certain types. For PHP 4.x, use: AddType application/x-httpd-php .php
Restart apache by using the sharing control panel, or typing sudo apachectl restart (thats an “L” at the end of “apachectl” not a numeral “1″
Create a web page called test.php or whatever, and put in this in the body of your page: .
view this page in a browser. Make sure you are not looking at the local file, but at the page using your internet address, as if you were an outside visitor. This will show you all sorts of cool stuff about your configuration, and confirm that php is working.
Good Luck!

Edit a file as root in OS X

Administrator — Wed, 14 Sep 2005 18:04:34 +0000

To edit some config files that control how certain aspects of your OS X machine operate, (for example, your webserver) you need to be able to edit certain files as “root”. If you don’t know what “root” is, you shouldn’t be doing it, or you need to do a bit more research.

There are a number of ways to edit files as root.

login as root at the OS X login screen (if enabled), then open as usual. This method is not recommended
in the terminal open as root in pico by typing sudo pico path/filename
in the terminal open as root in Textedit by typing sudo open -a /Applications/TextEdit.app/ path/filename
open using a program like bbedit (powerful!) or textwrangler (free!) that simply ask for a password should you need root privilages to save a file. This is probably the easiest way.

SSH without a password

Administrator — Sun, 26 Jun 2005 21:21:07 +0000

So you don’t want to have to type a password everytime you login via ssh to a remote machine? Or you have a script that needs to connect via ssh to a remote machine and you don’t want to have to be there to type in the password? Well, you might want to use a public/private key to authenticate rather than a password.

Lets get the terminology straight. For the purposes of this discussion, we will call the machine you want to login to the “server”. The machine you are logging in from (without a password) is the “client”.

In order for this to work you must have an account on both machines. Be sure to work on the accounts that you will be loging in to and from respectively.

On the client: ssh-keygen -t dsa
hit “enter” to accept the default file location
hit “enter” twice to proceed without a password
Take note of where your public key was saved, then go there
Copy the contents of id_dsa.pub
On the server cd ~/.ssh/
Open the file called “authorized_keys” (create it if necessary)
Paste the contents of id_dsa.pub into this file, then save the file
Done! You should be able to login via ssh from the client to the server without a password

Gotchas and discussion:

dsa seems to be a solid choice for encryption type, over for instance, rsa. However, I’m not an expert, so you should satisfy yourself as to the right choice
The whole point of this is to avoid having to enter a password, so I don’t enter a password to protect my keys. Only do this if you feel confident that your private key will be safely under your control.
I used “copy” and “paste” in my instructions to try to cater to the less experienced users. If you would rather do things like cat id_dsa.pub >> ~/.ssh/authorized_keys then go for it.
Make sure you don’t introduce return characters (line breaks) into authorized_keys by mistake. The whole key is supposed to be two lines, like this:
ssh-dss AAAAB3NzaC1kc3MA ..............(lots more)

Exhausting Finals

cedar — Tue, 29 Mar 2005 18:38:49 +0000

I was back at Westtown and it was finals. But there was a strange rule that you had to run four miles before you took your test. I was very sad because I had three exams on the same day, so I had to run, take a test, run, take a test, run, then finally take the last test. By the middle of the last run I was very tired.

Scary Monsters

cedar — Wed, 23 Mar 2005 18:26:59 +0000

Monsters were taking over the earth. Regular people and animals were morphing into scary blank faced things. Even birds were turning into little flopping balls a jelly-plasticky-yuck. I and my anonymous sidekick retreated to a cave where I thought we would be safe. We mostly were until one of the plasticky globule bird things flew down into the cave with us. I cut it in half with a sword as it flew at us, just like Uma Thurman in “Kill Bill” did to the baseball. My sidekick knelt down to look at the half of the thing that looked like a fluffy pile of saran wrap, when suddenly it went for her (sidekick had now resolved into a “she”) face alien style. It stretched a thin sheet of plastic-like wrap across her mouth and nose so she couldn’t breath. I ran to pull it off, but it was amazingly strong. I tried to puncture it with my fingers but I couldn’t. So with her mouth wide open, as she continued to try to breath I used a pocket knife puncture the plastic, which was still very tough, then slowly pulled a hole open with my fingers. But another layer had formed in the front of her mouth, and I could see another forming at the back of her mouth. So trying to work quickly without cutting her, I managed to puncture and open a breathing hole in the next two layers. Once she was able to breath, I was able to pull the plastic stuff away. So the lesson is, be careful with that plastic wrap.

Tornado

cedar — Sun, 20 Mar 2005 03:52:46 +0000

I was trying to swim from southern California to Seattle in one go. I knew it would be a new record, but I was doing the backstroke, which is easy, so I knew I would make it. But I got tired around Oregon, and had to take a rest in a farmhouse. A tornado blew by. Luckly I had my camera, fiddled with the flash for a while, then took some nice pictures of the tornado scooping up screaming townsfolk.

Install awstats on gentoo

cedar — Tue, 15 Mar 2005 18:33:11 +0000

Awstats is the best web log analyzer that I know of, at least for low traffic servers. I don’t have experience with in high traffic situations. I used to have awstats installed manually, but now gentoo has an ebuild for it. I tried
# emerge awstats
which is sufficient for most apps in gentoo, including webapps. Squirrelmail and gallery both installed fine this way. However, the awstats ebuild tells us that we have to use webapp-config to complete the install of awstats. They do not give a suggested command line. Long story short, this is how I managed to install awstats to my host (localhost in this case)

# emerge awstats
Create a directory called “awstats” in your root web directory.
#webapp-config -I -h localhost -d /awstats/ awstats 6.3-r2 Change version number as necessary.
Take the output of the above command and paste into the /etc/apache2/conf/commonapache2.conf file
# /etc/init.d/apache2 restart
# cd /etc/awstats/
If there isn’t already a config file, copy awstats.model.conf to awstats.yourdomain.conf
Edit awstats.yourdomain.conf. It is pretty easy just reading the comments.

OK it is installed. Now update the stats:
#/usr/share/webapps/awstats/6.3-r2/hostroot/cgi-bin/awstats.pl -config=yourdomain.com -update

I put this in my cronfile so that it updates every night:
30 02 * * * /usr/share/webapps/awstats/6.3-r2/hostroot/cgi-bin/awstats.pl -config=aliandcedar.com -update >> /var/log/awstats/awstats.log 2>&1
That worked for me.