So its that time again – another awesome Apple update to the best operating system in the world; for most, its a joyous time, one of new beginnings and wonderment…. for some, alas this is just an ideal as all there proprietary software comes crumbling down under a new kernel.

Friday was one of these momentous days, and yes, my world came crumbling down. For those who don’t read my blog often I work remotely 85% of my working weeks as the company I work for are in another country so having a secure and speedy VPN is critical to actually getting paid and doing some work. After upgrading OSX 10.5 to Snow Leopard my Checkpoint SecureClient completely stopped working – this appears to be the plight of many users out in the interweb so I thought id write up this guide how to use IPSecuritas (as it rocks) which is infinitely better than the default checkpoint client (which sucks major ass!).

Why should I care about IPSecuritas?

This is simple – basically (as above) it rocks and has the following great features:

• Its speedy.
• Automatic connection recovery
• Password persistance
• Can talk to a bunch of different Firewall types… no more vendor tie-ins
• Great OSX integration
• Automatic connection upon login (instantly connected to VPN!)
• Oh, did I mention its fast?

Removing Checkpoint SecureClient

OK, so now we’ve established that SecureClient is evil, lets remove it. Helpfully, checkpoint took the time to provde a shell script in the install directory to do just this. Open a Terminal window (Applications > Utilities > Terminal) and type the following:

# i'm not 100% sure on the names, as im writing this from memory, 
# but just have a poke around and you'll find what I mean.
timperrett$ cd /opt/C (press tab for auto-complete then return key)
timperrett$ open Uninstall.command

Type “yes” when prompted – the script will then go about removing all the various components. If your thinking of skipping this step, your free to, but remember than this installation is completely broken and wont ever run under Snow Leopard as it appears to be tied to the 9.x Kernel present in 10.5… so you might as well clean up and keep tidy.

Setting up IPSecuritas

If you havent already, download IPSecuritas from here – open the DMG and drag the application to your Applications directory. Once there, double click the application to load it for the first time – you’ll need to enter your Administrator password then the application will install a daemon onto your system and configure itself. Once completed, take my advice and reboot your system – upon reboot you should see a new menu item that looks like a broken wire (below, dont worry about “XMPie”, thats just what I decided to call my profile)...

Choose the “Open IPSecuritas” menu item – and up should spring the main GUI. You now need to configure a connection – this is what you will use to connect to your VPN endpoint (clue’s in the name!). Making this connection is however a rather technical process for most users so im going to post screen shots of my configuration at every stage so that you can make something similar (yours may not be identical – it really depends on the setup implemented on the firewall; however, what I detail uses common place defaults).

So the two boxes in red are the important ones. For Remote IPSec Device you need to fill in the domain name or IP address of your firewall / vpn endpoint; this is organisation specific so i’ve removed mine. Secondly, Network address – this is the base IP range to which you want to connect to; again, organisation specific and yours will likely be different – if you don’t know, check with an IT administrator.

These are standard security options needed to work with the checkpoint vpn – because I work long hours connected to the VPN, i’ve set it to timeout after 10 hours (essentially it never cuts me off and im in charge… sweet).

Again, this is standard checkpoint stuff so just copy the configurations as is – you don’t need to know whats what.

So this is an interested panel – the two boxes ive marked in red need to be filled with your username for the VPN connection; you should have this already with that which you were using with the Checkpoint SecureClient system. In this example (and the checkpoint default) its using Hybrid RSA, but a lot of organisations use XAuth RSA etc that involve certificates etc… if you need this, just use the certificate manager and configure accordingly. I’ve also set it to remember my password so that I dont have to keep entering it – depending on your outlook, this is a good/bad thing. Personally, I think its a great timesaver!

Depending on your setup, you may want to configure specilized DNS servers – you might want this if you have servers that you wish you access with a UNC style such as:

\\somefileshare

Without specifying those DNS, your VPN will try to use external DNS and you just wont get what you want (or expect). I’ve removed mine for security reasons, but it should be fairly simple to figure out what you need to enter.

So this is the killer panel that confuses most people – you have some fairly finite control over the connection parameters – if your using Checkpoint VPN-1, just do as I have (unless your using another authorisation mechanism) and you should succeed!

Once you have all that, your good to go – just close the window, and click “Start” on the main IPSeceritas window then provided all went well you should get a green light next to the connection name – in my instance, i called the connection “office”. If you are having issues, seek help from your IT administrator as it might be a configuration issue – with VPN’s your client much EXACTLY match what the endpoint is configured to… any miss-match at all will result in failure; however if you wish to debug the issue yourself, bring up the connection log from the top bar menu and you’ll be able to see exactly what is going on under the hood (if you need a boat load of wire information, set the logging level in preferences to DEBUG and then restart/reboot IPSecuritas)

Enjoy, and good luck.

Im currently exploring Rabbit MQ and had a few issues getting up and running reliably on Mac OSX. The problem wasted so much of my own free time that I thought it would be a good idea to post about it and perhaps it might help others in the future.

The Problem

The broken boots normally as the rabbitmq user defined in the system – however, when trying to connect to it using rabbitmqctl you get the following error (repeatedly):

macbookpro:~ timperrett$ sudo rabbitmqctl status
Status of node rabbit@macbookpro ...
{badrpc,nodedown}
...done.

The Solution

After many hours dabbling, and checking, checking again, rechecking my user and permissions setup, I found that it was actually to do with the way in which ERlang networks. Essentially, I was running the broker on:

rabbit@macbookpro

However, whilst I could ping the host “macbookpro” from terminal, it appears that Rabbit MQ needed it defined in the /etc/hosts file in order to work correctly.

Both strange and annoying, perhaps this will save someone some time!

Its taking some kicking around, but here is the fruit of my labour… using core foundation over the RC bridge.

require 'osx/cocoa'

loginItems = OSX::CFPreferencesCopyValue(
      "AutoLaunchedApplicationDictionary", 
      "loginwindow", 
      OSX::KCFPreferencesCurrentUser, 
      OSX::KCFPreferencesAnyHost)

application_path = File.expand_path("~/path/to/your.app")
application_hidden = false

loginItems << OSX::NSDictionary.dictionaryWithObjects_forKeys(
    [ application_path, application_hidden ], 
    [ :Path, :Hide ])

# puts loginItems

OSX::CFPreferencesSetValue(
    "AutoLaunchedApplicationDictionary", 
    loginItems, 
    "loginwindow", 
    OSX::KCFPreferencesCurrentUser, 
    OSX::KCFPreferencesAnyHost)

OSX::CFPreferencesSynchronize("loginwindow", 
        OSX::KCFPreferencesCurrentUser, 
        OSX::KCFPreferencesAnyHost)

With any luck this might help someone :-)

I know, I know, I know - I just couldnt help myself but I needed to post about Lepoard!

It was a smooth upgrade on the whole, bar some funny issue with the DNS that couldnt resolve some external items; switching to openDNS worked like a charm.

Anyway, I wont bang on about time machine et al as thats been done to death!

Recently spatial calculations have fascinated me. Hardly what most people would consider fascinating, but hey!

Most of the modern enterprise (I use that term loosely as someone is bound to comment complaining that some of this list are not ‘enterprise’ enough) RDBMS have spatial GIS extensions. This allows them to conduct exteamly complex calculations about size, posistion and location in a three dimensional way – pretty freaking cool! Common databases that have GIS extensions are:

PostGRE – PostGIS

Oracle – Oracle spatial

DB2 – IBM Spatial

MySQL – MySQL spatial entensions

there are lots more… just google for your specific backend.

Anyway… for this article we’ll focus on PostGRE PostGIS, and running it on OSX.

Step 1

You will need to (download a whole bunch of frameworks from here)[http://www.kyngchaos.com/software/unixport/frameworks] and run the installer. That will give you some of the base libs and frameworks that PostGIS requires; such as GEOS, GDAL etc etc

Step 2

Add a new user on your system and make sure its short name is postgres – this is the user you will run the database server as. See below from my box:

Step 3

Download the latest PostGRE installer from here. This will load up PostGRE in /usr/local/pgsql; while your there i’d install the startup item so you dont have to load the server manually evertime you restart your mac.

Once installed you need to do some editing of the conf files. For me, I just needed a local development server, so I loaded up /usr/local/pgsql/data/postgresql.conf and changed the line

#listen_addresses = ‘‘

to

listen_addresses = ‘‘

This will ensure that our server binds to all the interfaces the box has. If you want to be more specific, just enter the IP of your machine.

Next, you need to edit the pg_hba.conf file to add a generic host like so:

host all all 0.0.0.0/0 md5

This lets anyone from any IP/subnet connect as any user. I must stress that this was for development purposes so you might want to be a bit more explicit for a production enviroment.

Step 4

Now you have PostGRE installed and configured, run the PostGIS installer – this will PostGIS to your install. We now need to create a new database and add the spatial extensions to it so that our querys will work… but before we can do that we’ll need to enable PL/SQL like so:

CREATE LANGUAGE 'plpgsql' HANDLER plpgsql_call_handler LANCOMPILER 'PL/pgSQL'

Then, from PgAdmin3, open the query tool, and browse to /usr/local/pgsql/share/lwpostgis.sql – run that query, and dont worry about the output (unless its an error!) and refresh the view in PgAdmin3, you should then see the functions list gone from 0 for 600+ – thats all your spatial extensions loaded up ready for use.

That should be it – check out Boston GIS for more on GIS querys and so on – its exteamly complex and out of scope for this article. Happy geocoding people….

Following on from setting up Django on your local system for dev purposes, I thought id just do an article about how to set up apache to use mod_python for when you want to roll your Django app out to the big bad world.

Before you start, you will NEED to have completed the other post about installing Django, as you need to have the mac python installer in and configured properly for this to work.

Step 1

First of all we’ve got to get Apache 2.2 working, as Apple only ship 1.3 with OSX (I wonder if this will change in Lepord? Lets hope so!). You can download the source here.

Extract the archive and cd into the new directory. We need to configure it with some options so that we have proxying (which you might want for rails etc) and just some other candy you might find usefull at a later date.

Set the CFLAGS:

export CFLAGS=”-arch i386″

Run this configure command:

./configure \
  --prefix=/Library/Apache-2.2.6 \
  -–enable-so \
  --enable-mods-shared=all \
  --with-mpm=prefork \
  --enable-dav \
  --enable-cache \
  --enable-proxy \
  --enable-shared \
  --disable-static \
  --disable-unique-id \
  --disableipv6 \
  --enable-logio \
  --enable-deflate \
  --with-ldap \
  --with-ldap-include=/usr/include \
  --with-ldap-lib=/usr/lib 
  --with-included-apr 
  --enable-ldap \
  --enable-auth-ldap \
  --enable-cgi 
  --enable-cgid \
  --enable-suexec

Let it do its business then run the usual:

make

then

make install (NB: we dont use sudo here as that way apache is compiled with permisions that let you edit the conf files and so on without needing to be an admin which is just ‘nicer’ for local dev)

Step 2

Configure your httpd.conf file as you see fit. I only really felt the need to change the following:

Change user and group to your user name (or any other one you want) Change ServerAdmin email to an appropriate one Uncomment “Include conf/extra/httpd-mpm.conf” Uncomment “Include conf/extra/httpd-default.conf” Add “NameVirtualHost *” for virtual hosting

My personal preference is then to have an “applications” folder in the apache conf dir, for which I then add a directive to httpd.conf to load in per-application virtual hosting configurations. It just keeps it nice and clean that way.

mkdir /Library/Apache-2.2.6/conf/applications

Include conf/applications in httpd.conf (in your httpd.conf)

Step 3

If you havent already, grab mod_python from here. Extract, it and cd into the directory.

You’ll then need to configure it with the following command:

./configure -–with-apxs=/Library/Apache-2.2.6/bin/apxs \
  -–with-python=/Library/Frameworks/Python.framework/Versions/Current/bin/python

Then do make and sudo make install

Provided you got no errors upon compilation, all should be well. You just need to add another line to your httpd conf:

LoadModule python_module modules/mod_python.so

Step 4

Poor yourself a nice cuppa!