Thursday, January 10, 2013

Disable Mysql History

Sometimes it's a good idea to prevent mysql from writing a history file. The mysql history file contains all the commands you type across all sessions.

Your default mysql history file is  ~/.mysql_history.

As this is an obvious security risk, it is sometimes a good idea to disable this file.

To disable mysql history do the following:

1. Delete your existing ~/.mysql_history file.

2. Edit your ~/.profile file and add the following:

This directs your mysql history to /dev/null

3. Apply your changes with:

4. Login into mysql and run some commands.

5. Logout.

6. Verify that the ~/.mysql_history file has not been created :)

Sunday, December 9, 2012

Console Out of Sync on Changing Video Card

I have a Ubuntu 12.04 server box running with an nVidia 8800GT video card. I decided to replace it with a nVidia 520GT which uses a fraction of the power.

On booting after the video card swap I was greeted with a console that was out of sync (hazy) and unreadable. After trying numerous resolution changes and playing around with the grub bootup options I was not any closer to getting my console sorted out.

The answer was to add a nomodeset option to the linux boot options, which fixed the hazy console :)

Here are the steps I followed:

1. Reboot your server
2. Press esc repeatedly to enter the grub menu. (This combination may vary if you have a different bios)
3. Select your primary boot image from the grub menu (usually the first option)
4. Press the 'e' key to edit the configuration
5. Add nomodeset to the end of the line begining with: linux /boot/vmlinuz....
6. Press Ctrl+X to save and exit
7. Boot from the primary image

If the above fixes your resolution issues, you then need to make the changes permanent. You can do that as follows:

1. Edit your /etc/default/grub
2. Add the nomodeset option to the following:


3. Save and exit
4. Update grub with: sudo update-grub
5. Reboot

If all went well you should have a working console again!

The nomodeset option prevents the kernel from loading graphic drivers. Apparently there are incompatibilities with some older video cards that do not support this fully. Read more about it here.

Update: Unfortunately adding nomodeset breaks the ability to resume the server from suspend! Read more about it here. For now I've gone back to the hazy console login screen which does not really affect me because I ssh into this server. I hope this bug is fixed soon.

Tuesday, October 30, 2012

Basic Mysql Installation and Configuration

Here are some basic installation and configuration options for mysql on Ubuntu.

Install the latest mysql with

Note: Ensure you remember the root password specified while installing mysql.

Once the installation completes ensure you can log into your mysql installation.

Some basic defaults to configure would be to use UTF-8 as your character encoding and expose
the mysql server so it can be accessed externally. Before you modify any configuration settings,
stop your mysql server with:

Edit your mysql config file /etc/mysql/my.cnf and add the following under the [mysqld] section:

Note: skip-character-set-client-handshake implies to use the server default character set
irrespective of what the client specifies. Match your_server_ip to the ip address of the
machine you are running mysql on. The default-storage-engine has been set to InnoDB to enable transactional behaviour. If you need to swap in another database simply change the value to the one you require.

Restart mysql with:

Verify your default database engine with:

The default database engine will have a value of DEFAULT under the Support column.

Now let's create your first database. Log into your installation as root with the password specified during installation

Create a database with:

Note: Replace database with the name of the database you want to create.

Ensure the database has been created with:

Ensure the characterset of the database is UTF-8:

Create a local user switch to the mysql db:

and then execute:

Note: Substitute your_useryour_server_ipyour_local_password and your_database with values appropriate values.

A local user allows you to log into the mysql server only from the server. If you want to log into the mysql server remotely you also need to create a remote user:

Note: Substitute your_useryour_server_ipyour_remote_password and your_database with values appropriate values. The main difference between local and remote users is that the remote user connects from % not the your_server_ip address.

To verify privileges for the above accounts use:

To drop a user do:

If you keep getting the following error message when you try to login:

and you are sure your password is correct, you could have 1 of 2 problems:

1. Verify that the server the error message specifies is the same as that as the user you created it for.

Eg. If you created 'your_user'@'' and the error message says 'your_user'@'domainname' then you need
to create the user for the specified server name or use the following connection string:
2. Your password could have special characters that seem to befuddle mysql sometimes. Try changing the password to a plain alpanumeric one and see if you can login then.

The above configuration should give you enough information to get started on your own projects.

Tuesday, November 22, 2011

Firewall configuration with iptables

Recently I had the seemingly "daunting" task of adding firewall rules through the iptables command. Here are some of my findings.

Basic Commands

To list your current firewall configuration use:

If you have no rules in your iptables you should see something like this:

To add a rule to a chain use:

To delete a rule on a chain use:

Make sure your firewall INPUT chain policy is set to ACCEPT not DROP.

Add some basic rules to the INPUT chain:

The above rules allow SSH, DNS, HTTP and HTTPS traffic. It also logs any requests that have not been satisfied by any of the rules to your syslog. We have also blocked all other traffic and ports.

List your iptable rules with:

Your iptables should look similar to this:

For some reason if I leave out the first rule, none of the others work. I presume this has to do with connections coming in on known ports but negotiating on to other ports once a connection is established.

The DROP policy for the INPUT chain drops all traffic to ports other than those specified in your rules. If there's no rule, it's not getting through.

Also of note is that rules are evaluated top-down with the first matching rule executed. Thus if you have a rule that drops traffic for a certain port followed by one that allows traffic for the same port, all traffic will be dropped.

Given the above, if you need to insert a rule at a particular line do so with the following:

Make sure you verify that all the programs you need are allowed through the firewall. If needed you can change the policy of the INPUT chain back to an ACCEPT policy like so:

One thing to note is that if you are some way locked out of your system due to the above rules, a simple reboot will remove all entries.

Save and Restoring Rules

As iptable rules are not saved and restored by default you need to it manually.

1. Save your current changes:

2. Create the file /etc/network/if-pre-up.d/iptablesload This will be run just before your network interfaces are brought up. Add the following:

make it executable with:

3. Create the file /etc/network/if-post-down.d/iptablessave. This will be run just after your network interfaces are brought down. Add the following:

make it executable with:

Now when you restart your machine your iptables will be saved and restored. You can have a look at the rules that are persisted by looking at the /etc/iptables.rules file:

Your /etc/iptable.rules file should look something like this:

Comments/suggestions are welcome. :)

Links: 1 2

Wednesday, April 6, 2011

Ensime with Emacs

I've been toying with the idea of looking for an alternative to Intellij for Scala development for a while now. I tried to use Ensime with Emacs a few months ago and never got it going for one reason or another. More recently, I've got Ensime and Emacs working together and thought I'd blog about it for anyone else who had trouble getting everything to work together.

Here are the minimum requrements as stated on the Ensime user manual:

1.Unix(y) or Windows OS
2.JVM Version 6
3.Scala 2.8.1 compatible source and libraries
4.Emacs 22 or later (23 is recommended)

Configuring Emacs for Scala

1. Ensure you have a working installation of scala 2.8.1final.

2. Install emacs. On Ubuntu you can do this with

sudo apt-get install emacs

and on the Mac you can:

brew install emacs

Ensure you have at least version 22 or later.

3. Go to your scala_installation_dir/misc/scala-tool-support/emacs/ directory. Copy all .el, .elc files and the Makefile into a location where you want to store these files.

Eg. ~/scalaemacs

4. Copy the contrib/dot-ctags file to your ~/.ctags file

5. Using a command shell, cd to the above directory and run "make" to convert the .el files to .elc files.

6. Add the following to your ~/.emacs file:


You may need to create this file if it does not exist.

7. Open a .scala file in emacs to verify syntax highlighting works and other basic scala functionality works.

Installing Ensime

1. Ensime can be downloaded from here. Download the latest version. The current version is -> ensime_2.8.1-0.5.0.tar.gz

2. Extract the archive downloaded to a know location. This will be your ENSIME_ROOT.

Eg. ~/opt/ensime

3. Verify that the ENSIME_ROOT/bin/ file has execute permissions.

4. Add the following to your ~/.emacs file substituting ENSIME_ROOT for where you extracted the archive:

Your complete .emacs files should look something like:

Creating a Project with SBT

You need to create an Ensime project for each project you want to use with Ensime. The project details are written to a .ensime file in your project root. Ensime currently has support for SBT, Maven and Ivy. If you don't have a build system you can also generate a .ensime file through the wizard or by hand.

The following is how to create a project for an existing SBT project:

1. Launch emacs
2. Type M-x to open the mini-buffer and then type: ensime-generate-ensime-config-gen.
A note on the Meta key (or M-) combinations: On linux M-x is Alt+x, while on the Mac it's Esc+x. Play around until you find which meta key is used on your flavour of OS.
3. Specify the root of your project.
4. If your project is an SBT project, it automatically detects most settings and you should see a message like:
"Your project seems to be of type 'sbt', continue with this assumption? (yes or no)". Choose yes.
5. Enter all the other information requested.
6. At the end you will see something like "Your project config has been written to /xyz/.ensime. Use 'M-x ensime' to launch ENSIME." Your ensime file has been written and you are ready to use ensime.
7. Type M-x and in the mini-buffer type: ensime to launch the Ensime server for your project. Reconfirm the location of your project.
8. That's it! :)

Neat Features

1. Type inspection - will dive into details of the type at the cursor
2. Automatic member completion (eg. typing "blah". followed by the Tab key will give you a list of the methods on String.
3. Navigation between sources
4. Refactoring (Renaming, Optimizing imports etc)
5. Source formatting
6. SBT support
7. Dropping files into the Scala REPL
8. Debugging (I haven't had much luck getting this to work)

For a full list have a look at the online Ensime user manual.