For my own reference, after few hours messing around with shit called mail system.
Mail again, Debian 6
Reply
Category Archives: tipsntrick
PostgreSQL authentication quick start
Connecting to PostgreSQL from command line can be a bit confusing.
For starter, just like MySQL, psql command defaults to connecting to socket instead of tcp. To make matter confusing, most PostgreSQL installation defaults to ident (also called peer)authentication for socket connection: it basically matches current user’s username (ssh login, etc) with PostgreSQL equivalent.
So, instead of using this to login from root to PostgreSQL superuser (usually named postgres or pgsql):
# psql -U postgres
you do this (assuming sudo installed):
# sudo -u postgres psql
The configuration for this is located in pg_hba.conf of PostgreSQL data (or config in Debian) directory (/etc/postgresql/$version/main in Debian, /usr/local/pgsql/data in FreeBSD, /opt/PostgreSQL/$version/data in EnterpriseDB PostgreSQL).
To switch to password based authentication for all methods just replace ident (or peer) with md5 in respective lines and reload/restart the service. Don’t forget to set password for postgres user first before changing this otherwise you won’t be able to connect. You can then connect using psql to any user using password.
Completely Disable UAC in Windows 8
Windows 8, just like Windows 7, has Control Panel interface to disable UAC. There’s difference though: disabling UAC via Control Panel in Windows 8 doesn’t fully disable UAC. You can check it by launching Command Prompt: in Windows 7, you’ll get administrator command prompt (the signs are “Administrator: Command Prompt” window title and default directory at %WINDIR%\System32) while in Windows 8, you’ll get normal command prompt.
Also reported here (complete with “fix”).
Fix by editing registry:
- Key/Path:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System - Name:
EnableLUA - Value:
0
Note that there isn’t really much reason anymore to completely disable UAC. Well, in my case, this ancient (but useful) tool isn’t quite compatible with UAC.
Rails: read_multi and dalli
Be careful when using read_multi with dalli: it may return nil-valued key instead of the correct key.
The issue is tracked here and thanks to this I dropped the read_multi usage in moebooru and used the much simpler (and most likely slower) single fetch (per entry) instead. There’s alternative way to use it – do a read_multi and refetch whatever missing/nil-keyed but apparently I’m too lazy to do it.
Configuring SHA rounds for password in RHEL5/6
Due to NIH syndrome and Drepper being Drepper, the only remotely secure password hashing algorithm in RHEL5/6 is multi-rounds SHA512. The default is just salted SHA512 which sucks.
Also applies to CentOS, ScientificLinux, and other RHEL clones.
Anyway, to update the default setting, these files need updating:
/etc/login.defs: add new lineSHA_CRYPT_MIN_ROUNDS 5000/etc/pam.d/system-auth-ac: find line with `password sufficient pam_unix.so sha512` and appendrounds=5000.
Note that the change to last file may or may not be persistent. I have no idea how to properly set it up.
Finally, run this command: authconfig --updateall.
If you’re using RHEL5, run authconfig --passalgo=sha512 --update first.
Rails 3.2 in Subdirectory
Steps to be into Rails in subdirectory:
Update config.ru to understand the subdirectory mapping:
run Moebooru::Application
change to
map (ENV['RAILS_RELATIVE_URL_ROOT'] || '/') do run Moebooru::Application end
And then start Rails with correct environment variable (example if you use Unicorn):
RAILS_RELATIVE_URL_ROOT='/img' bin/unicorn
And that’s it. No need to mess with routes.rb as I previously thought after searching and experimenting for few hours. Links etc are properly generated with correct prefix. Or at least based on my quick testing.
May or may not work with earlier version(s) as I haven’t bothered to test it anywhere else.
Basic Dovecot/Postfix in Ubuntu
Configuring mail system is annoying. There are quite a bit different components which must be configured to work together.
My main choice for mail system is dovecot/postfix. As I don’t really understand how all this thing goes, I may have missed or misunderstood some parts. Or most of them. Feel free to correct this post.
For starter, most of basic configurations for Postfix and Dovecot has already been done by Ubuntu (or Debian) default configuration which includes enabling IMAP and TLS.
LDA
LDA (or MDA) delivers received mails to correct user and location. I let dovecot handle this thing because it’s easier this way. In /etc/postfix/main.cf:
mailbox_command = /usr/lib/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT"
[ Source ]
And that’s about it.
Maildir
The Mailbox format. The alternatives are mbox (ancient, shouldn’t be used anymore, I believe), or dbox (Dovecot only), or some other formats (which I don’t really care about). So basically I go with Maildir.
/etc/dovecot/conf.d/10-mail.conf:
mail_location = maildir:~/Maildir
[ Source ]
SASL
The last one, Postfix authentication. I use Dovecot SASL because it’s easier.
/etc/postfix/main.cf:
smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
/etc/dovecot/conf.d/10-master.conf:
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
[ Source ]
For Dovecot config, it’s usually already in there, one just uncomment it to enable.
Restart Dovecot and Postfix, and that’s it. As I mentioned before, Ubuntu has preconfigured many things which leaves me only few additional tasks to be done to enable simple mail system (with TLS, IMAP, and whatnot).
Protip: use Google Apps or Live Domain instead of managing your own mail server.
Tags again (now with Rails code)
I’ll put it here for my own reference:
def self.slow_has_all_tags(tags)
p = Post.scoped
pt = PostsTag.arel_table
pt_arels = []
tags.each do |t|
t_id = Tag.where(:name => t).first[:id]
pt_arels << pt.where(pt[:tag_id].eq(t_id)).project(pt[:post_id])
end
pt_arels.each do |q|
p = p.where(:id => q)
end
p
end
And in fact, relatively fast.
Disabling Upstart Service in Ubuntu (11.04+)
Took me few weeks to find out that this one-liner does wonder:
echo manual >> /etc/init/mysql.override
(the line above is to disable mysql, obviously. And must be done as root)
The answer is on first hit (as of this post’s writing) of googling “ubuntu disable service” but you need to scroll down a bit and ignore shitload of crappy, outdated explanations to find that small gem.
Unfortunately doesn’t apply to previous LTS. Or does it?
Tags again, denormalized
There’s a problem with nested query I previously mentioned: query time is unstable. The worst case is at least as slow as multiple self-join method – when the first few search key result is too big.