Installing Subversion Client and Server on OS X

Installing Subversion on OS X is actually really easy, but for those of you who have not done it before it can seem like quite a task. There are many Revision Control systems out there but in my opinion SVN is well suited for the needs of just about any person or project, for those of you not too familiar with SVN or how it works, you should check out the Wikipedia link above.

All of my tutorials if you haven't noticed make use of MacPorts, if you don't have it installed already now would be a good time to install it.

First thing you want to do whenever you're installing something from MacPorts is make sure you're current. We'll do a selfupdate to upgrade existing packages and update package info.

• dStruct:~ Matt$ sudo port selfupdate

Next up you want to install SVN via the MacPorts system.

• dStruct:~ Matt$ sudo port install svn

We need to make sure svn is in your default path by running svn from a Terminal session.

• dStruct:~ Matt$ svn
• -bash: svn: command not found

So it looks like we need to update .profile with the correct path, by default MacPorts installs to /opt/local/bin and /opt/local/sbin which is not normally in the default path.

• dStruct:~ Matt$ nano .profile
• export PATH=/opt/local/bin:/opt/local/sbin:$PATH

You should now see the following when you run svn.

• dStruct:~ Matt$ svn
• Type 'svn help' for usage.
  

The SVN client is now ready for use, for those interested in running your own SVN Repositories to keep track of your own project or source code lets setup the SVN Server a.k.a. svnserve.

First thing to do is decide where you want your Repository located on your drive (I use ~/SVN) and then we want to create the Repository directory and it's file structure.

• dStruct:~ Matt$ svnadmin create ~/SVN
  

Which should create the actual directory and setup the SVN framework inside it, including the default SVN Server configuration files in ~/SVN/conf/. It should be noted you rarely ever directly edit the files in the SVN Repository, only advanced users who know how to manipulate SVN should ever touch the files inside. However if you plan on allowing anyone remote access to your SVN Repository it would be wise to setup permissions on who can access what.

Let's do a test run and make sure the SVN Server fires up with the default settings and no authentication, and that we can check out the Repository.

• dStruct:~ Matt$ svnserve -d -r ~/SVN/
• dStruct:~ Matt$ svn checkout svn://dStruct/ ~/test
• Checked out revision 0.
  

Ok so now we have our Repository built and we know the server works, lets setup the SVN Server to launch automatically at startup under the inetd service. We need to create a new Property List or plist and place it in /Library/LaunchDaemon so launchd knows where to find it on startup.

• dStruct:~ Matt$ killall svnserve
  
• dStruct:~ Matt$ cd /Library/LaunchDaemon
• dStruct:LaunchDaemon Matt$ sudo nano org.tigris.subversion.svnserve.plist

And paste in the following XML, editing the 2 lines required.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">

<dict>
<key>Disabled</key>
<false/>
<key>Label</key>
<string>org.tigris.subversion.svnserve</string>

<key>ProgramArguments</key>
<array>
   <string>/usr/local/bin/svnserve (EDIT THIS LINE)</string>
   <string>--inetd</string>

   <string>--root=/Users/YourUsername/SVN (EDIT THIS LINE)</string>
</array>
<key>ServiceDescription</key>
<string>Subversion Standalone Server</string>

<key>Sockets</key>
<dict>
 <key>Listeners</key>
 <array>
   <dict>

     <key>SockFamily</key>
     <string>IPv4</string>
     <key>SockServiceName</key>
     <string>svn</string>

     <key>SockType</key>
     <string>stream</string>
   </dict>
   <dict>
     <key>SockFamily</key>

     <string>IPv6</string>
     <key>SockServiceName</key>
     <string>svn</string>
     <key>SockType</key>

     <string>stream</string>
   </dict>
 </array>
</dict>
<key>inetdCompatibility</key>

<dict>
 <key>Wait</key>
 <false/>
</dict>
</dict>
</plist>

With that file saved now we need to add it to the Launch Daemon and we'll go ahead and fire it up right now manually as if we just booted up.

• dStruct:~ Matt$ sudo launchctl load /Library/LaunchDaemon/org.tigris.subversion.svnserve.plist
• dStruct:~ Matt$ sudo launchctl start org.tigris.subversion.svnserve

Now for the final test, lets try to check out the local Repository.

• dStruct:~ Matt$ svn checkout svn://dStruct/ ~/test
• Checked out revision 0.

There you go, if you ran into any issues check the reference links below, and Google is your best resource for answers, enjoy.

Version Control with Subversion
Subversion server (svnserve) on Mac OS X

Technorati launches new Twittorati website today

Blog search engine and advertising power house Technorati has joined forces with Sawhorse Media the makers of Muckrack.com, to bring the world Twittorati.com "Where the blogosphere meets the Twittersphere".

According to the new service "Twittorati tracks the tweets from the highest authority bloggers, starting with the entire Technorati Top 100 and soon including many more of the web's most influential voices."

To be honest I don't know what to think, it seems like Technorati is reaching a bit far on this one.. Maybe it's just me being biased, I mean I don't dislike Twitter, I wouldn't say things like it's insecure, full of bugs, or loaded with scams, or anything like that would I?

Well head over there check it out and leave a comment or two on what you think.

If you find this article helpful, Digg it..

~Matt

Making money online, fact or fiction?

There are a lot of people out there who have it hard coded in their brains that you have to get up at the crack of dawn, get ready for work, drive to work, actually try to do work in a busy place full of other people, noise, cell phones going off, and computer networks being brought down by the one idiot in the corner cubicle who thought he'd send that 10mb video attachment to all his co-workers..

I've been there, done that, and yes I got the T-shirt. If you can't tell by my tone I'm not a huge fan of this crap, personally I think people waste a massive amount of time each year commuting to and from work each day, and in most cases not being able to do anything productive in the process.

Well there is a better way, there is a light at the end of the tunnel, and you can free yourself from this addiction to the office. Now I know what the non-believers are thinking right now, I can feel it, but there is an entire world full of web-based businesses just waiting to pay you for basically existing. Some of which include Affiliate Marketing, where you would for example write a small free blog like this one and sign up with Link Share or Click Bank and simply post one of their Ads on your blog for say ABC Sunglasses, and when one of your visitors happens to click on that link because they like what they see, you can either get a small amount of revenue per ad click, or a referral fee if that person actually buys something.

That's just one example of how you can make real money online, and it's a very tried, true, and tested method, there are people out there making good money with moderate traffic websites and blogs doing just that.

Another example would be Google's AdSense program, in my opinion Google really went the extra mile on this one, they have their own Affiliate type system in place for advertising, I'm sure you've seen all the links all over other websites including this one "Ads by Google" well each time someone clicks on an Ad you get a percentage of whatever Advertiser is paying for that Ad, which can range from pennies to dollars, it's a completely free program available to just about anyone with a computer, why are you not taking advantage of this free program? If I were you I know I would be.

I found a wealth of information on a fellow Blogger site Financing Strategies which has all sorts of useful information relating to making money online, and how you can manage that money and tips on improving credit, things like that. Check out these posts specifically Optimizing Google AdSense and the Big Secret to Making Money Online which outlines what to do, and what not to do when making money online.

I invite you to Google things like Online Revenue, and Making Money Online, and Affiliate Marketing, go poke around and see what you can find, there's tons of stuff out there. Hopefully you can carve your own little niche in the web, and make a little money in the process.

If you find this article useful, please spread the word by posting to any Social Networking site like you like, it really helps get useful information to people who can use it.

~Matt

Britney Spears is dead! Oh wait Twitter just got hacked.. again..

The much touted microblogging social network Twitter just can't seem to stay out of the news lately, according to Britney Spears Twitter profile apparently "Britney has passed today. It is a sad day for everyone. More news to come.." and I have to say it was well timed having so many famous celebrities pass away so recently, I'm sure fans who saw this were shocked and saddened by the posting but the fact is she's not dead however her Twitter profile was compromised yet again through the TwitPic service which allows you to upload images with captions directly to your Twitter account, this just after they said "We've implemented a fix for the email posting vulnerability, a full blog post explaining the issue will be released soon"

These flaws are nothing new to Twitter back in January, 2009 around New Years followers of the singer were informed that her vagina was four feet wide "with razor sharp teeth". According to Mashable there were other celebrity attacks during this time including Bill O'Riley being called gay.

Well the guys over at TwitPwn are doing something about it, they're calling July, 2009 the Month of Twitter bugs and rightfully so, in an attempt to raise awareness of the massive amounts of code exploits, cross-site scripting errors, API "issues" and just plain bad coding. My hats off to you guys, hopefully something becomes of it.

So on that note I'm dubbing Twitter - The Black Sheep of Social Networking(©™ and stuff).

I really hope Twitter irons out the kinks, as for me don't be surprised if you can't tweet about this blog posting directly off my blog or you can't follow me on Twitter.

~Matt

SSH Public Key Authentication and OS X

In most cases people just use SSH the good old fashioned way, they login using a password and usually to the root account. Now there's nothing wrong with this method, it's hands down more secure then using something like Telnet to access remote boxes, however I want to point out a few things you may want to consider even if you've never had a box compromised.

By using just password authentication even with a huge AlphaNum3r1c#p4ssw0rd you're allowing anyone from anywhere the ability to potentially Brute Force your password, gain access to your system(s), and do whatever the hell they want. Even more so if you allow logging in to the root account, because knowing a good username makes Brute Forcing a password just that much easier.

When you setup a Public/Private Key combo with the server(s) you access you're providing 2-part (or two-factor) authentication by providing something you know with something you have. This method is much more secure since you physically have to have the matching side of your key to authenticate.

To setup Public Key Authentication you'll need to generate a key pair (Public/Private) and then share the Public half with any servers you connect to.

• Open Terminal and "cd ~/.ssh", then "ssh-keygen -t dsa -b 1024"

• The default location of /Users/(your username)/.ssh/id_dsa is correct, hit enter

• Now provide a passphrase for the key, this will be used as the part you know. Make sure it's a good one as you can store it in your Keychain so you don't have to type it everytime.

• id_dsa is your Private key, id_dsa.pub is your Public key for sharing.
  

• Next copy your shiny new 1024-bit DSA Public key to the server, "scp id_dsa.pub user@myremotehost:~/id_dsa.pub"

• Now login to the remote server and insert the key data into SSH, either in ~/.ssh/authorized_keys or /etc/sshd_config directly "cat id_dsa.pub >> ~/.ssh/authorized_keys"

• Now that you have your Public key in the authorized_keys file you can safely delete your remote copy of it, if you want to make keep it there make sure permissions of the id_dsa.pub are secure and set to owner only "chmod 700 id_dsa.pub" the same goes for authorized_keys, check it with "ls -l".
  

• Now you want to logout of your remote server and log back in and verify everything works as it should. You should get a prompt for your passphrase this time and not the regular password.

• If you can successfully login using your key then you're ready to disable password based authentication by opening your sshd_config and setting the option "PasswordAuthentication no" and restarting sshd.

The default Public Key location on most servers is: ~.ssh/authorized_keys

The default Private Key location on OS X is: ~.ssh/id_dsa

The next steps are optional but some like to disable Password Authentication, so the server only uses Public Key, personally I like to keep Password Auth there as a backup in case I lose my Private key, combined with my previous guide on Securing SSH with IPtables I can sleep at night. And there is no reason why you shouldn't have a secure encrypted USB flash drive like an IronKey on your keys that you carry with you wherever you go, so put your Private Key on there that way wherever you go you have your "keys" with you..

References:
http://matthewayo.blogspot.com/2008/06/securing-ssh-with-iptables-on-openwrt.html
http://sial.org/howto/openssh/publickey-auth/

I hope you find this guide helpful.

~Matt ajx7qcrndm