Sometimes you want to secure local traffic in a private subnet for compliance reasons, e.g. HIPAA requires data in-transit to be encrypted. This can be done at the application level if the application supports SSL, but it can also be done independent of the application using IPsec transport layer encryption.
In this example we have an AWS VPC with three Ubuntu 14.04 database instances in a private subnet running a mongodb replicaset with three members. We want to encrypt all mongodb traffic between replicaset members and between other client instances in the VPC and the mongodb instances - and we won't use mongodb SSL support.
The mad-hacking site has a good discussion of IPsec, racoon and setkey.
First install ipsec-tools and racoon on each instance: sudo apt-get install ipsec-tools racoon.
Create a pre-shared key file for use with ISAKMP. We are using the wildcard * to match all hosts, so all instances are using the same key. Generate this file once and install the same file on all instances:
Generate the file with a random key:
Read More
This is an Swift class to allow KVO observing using Swift closures, useable from a Swift class that does not subclass NSObject.
From Swift, create a KeyValueObserver instance with the object being observed, the key path to observe and a closure to be called. As long as this instance remains alive, observations will be reported to the closure. To remove the observer, release the KeyValueObserver instance (so assign it to an optional so you can assign that to nil to release it).
let button = UIButton() var kvo: KeyValueObserver? = KeyValueObserver(source: button, keyPath: "selected", options: .New) { (kvo, change) in NSLog("observing %@ %@", kvo.keyPath, change) } button.selected = true button.selected = false kvo = nil button.selected = true
You can save the observer in an optional member and release it in the observation closure...
Read More
Mavericks doesn't have Java installed by default. If you try to use the /usr/bin/java executable from Terminal, it will pop up a dialog prompting you to visit Oracle's site and download a JDK.
If you want to install Apple's Java instead, then run java from a subshell. This will pop up a dialog prompting you to directly install Apple's JDK.
The Java installer stub /System/Library/Java/Support/CoreDeploy.bundle/Contents/Download\ Java\ Components.app appears to check if it was invoked from an interactive TTY or not, and changes behavior accordingly.
Read More
There are two bugs that prevent the python M2Crypto 0.21.1 package from being pip installed from pypi in a virtualenv on Ubuntu 13.10.
First bug #696327. libssl-dev is now multiarch and M2Crypto can't find the opensslconf.h header:
SWIG/_evp.i:12: Error: Unable to find 'openssl/opensslconf.h'
SWIG/_ec.i:7: Error: Unable to find 'openssl/opensslconf.h'
error: command 'swig' failed with exit status 1
Second bug #637750. If you do get M2Crypto to build by adding /usr/include/x86_64-linux-gnu/ to include_dirs in ~/.pydistutils.cfg, SSLv2 has been disabled in openssl and M2Crypto fails to import:
>>> import M2Crypto
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/home/ubuntu/ENV/local/lib/python2.7/site-packages/M2Crypto/__init__.py", line 22, in <module>
import __m2crypto
ImportError: /home/ubuntu/ENV/local/lib/python2.7/site-packages/M2Crypto/__m2crypto.so: undefined symbol: SSLv2_method
The Ubuntu python-m2crypto package has patches for both these, in m2crypto_0.21.1-3ubuntu3.debian.tar.gz available here.
These have been merged into the debian git repository, so the easiest route is to use pip's git support and install directly from there. The patches require you to specify your architecture using an environment variable so the full command for 64 bit would be:
DEB_HOST_MULTIARCH=x86_64-linux-gnu pip install "git+git:[email protected]/0.21.1-3#egg=M2Crypto"
Read More
I recently bought some Monoprice 27" IPS LED monitors at work for use with 2013 Retina MacBook Pros. We also bought Monoprice mini-DisplayPort to DisplayPort cables.
It turns out there is a problem in MacOS 10.8.3 using this monitor with the DisplayPort connection - the monitor outputs YPbPr mode instead of RGB and the colors all look washed out and wrong. Looking in the System Information app you can see that the display is being detected as a TV (shows "Television: Yes").
I then tried connecting using the provided dual link DVI cable, but using Apple's "Mini DisplayPort to DVI Adaptor" - the colors look correct and "Television: Yes" is not there so this corrects the issue - but of course resolution is limited to 1920x1080 because the adapter is not dual-link. I expect an mDP-dual-link DVI adapter would work fine but those are expensive.
This problem of using YPbPr and detecting the display as a TV when using DisplayPort seems somewhat common and happens with other displays too, I found some threads discussing the issue with other monitors - Dell U2410f and Dell U2713HM.
The fix is to override the EDID returned by the...
Read More
