NFS and CIFS mounts with systemd

I have an NFS server at home and at work we have Windows (not Samba) servers. When I first switched to systemd I noticed that boot and shutdown were seriously delayed while NFS and CIFS were mounted/unmounted. systemd was designed to eliminate those kinds of delays, so I did some research to find out how to correctly mount NFS and CIFS using systemd.

systemd friendly fstab

Below are some example /etc/fstab entries for NFS and CIFS mounts that are systemd friendly, the pertinent mount options are:

  • noauto,x-systemd.automount,_netdev

I found that noauto,x-systemd.automount improved the boot performance and _netdev improved the shutdown performance.


This is typically what I have use for mounting my home NAS.

nfs-server:/SomeData /media/SomeData nfs defaults,noauto,x-systemd.automount,_netdev,noatime 0 0


This is what I use at work to work correctly with Windows Server.

//cifs-server/MoreData /media/MoreData cifs defaults,noauto,x-systemd.automount,_netdev,rw,noperm,credentials=/home/username/.smb-credentials 0 0

The contents of the credentials file looks something like this.



Python Distributions

At work I maintain the Jenkins test and build servers. I’m just about to update our Windows build servers and thought I’d better check the available “Python Distributions” to see if our current choice (the brilliant Python(x,y) is still the most suitable for our needs.

Our Flight Data Analyzer makes extensive use of Numpy, Scipy, h5py and other analysis tools. So, pre-built Python distributions on Windows save me a lot of pain time. On Linux we roll our own of course.

What follows is a list of Python Distributions that include Python and the essential modules we require.


Completely free enterprise-ready Python distribution for large-scale data processing, predictive analytics, and scientific computing.

Heard about this for the first time a couple of days ago. It looks very promising with 32-bit and 64-bit flavours and MKL optimised modules are available from the reasonably priced Anaconda Accelerate. While I roll my own Python Distribution for our Linux build servers, I am rather taken with the idea of using Anaconda on Linux and Windows to provide a consistent platform everywhere. I’m looking forward to testing Anaconda this week.

Continuum appear to be taking on Enthought at their own game, and good luck to them as they have some really interesting projects on the go.

Enthought Canopy

Enthought Canopy is a comprehensive Python analysis environment with easy installation & updates of the proven Enthought Python distribution - all part of a robust platform you can explore, develop and visualize on.

We used to use Entought EPD and Canopy builds on EPD. However, we decided to switch from EPD and consolidate analyst workstation and build server deployments around Python(x,y).

There were several factors to this decision, but the main issue was that updates to the EPD package repositories were slow for some essential modules we use. Canopy seems to have inherited package latency from EPD as Numpy is still at 1.6.1 while we now require Numpy 1.7.

Paid versions of Canopy have MKL optimizations and 64-bit platform support.


Scientific-oriented Python Distribution based on Qt and Spyder.

This is what we currently use for Windows build servers and analyst workstations. The only reason I’m conisdering switching is that is it 32-bit only. Other than that, I love it and highly recommend it. Python(x,y) doesn’t offer MKL optimisations.


WinPython is a portable scientific Python 2/3 32/64bit distribution for Windows

From the same stable as Python(x,y) but has 32-bit and 64-bit flavours, yummy. WinPython includes everything I need so will definately get fully tested this week.

Portable Python

Portable Python is a Python programming language pre-configured to run directly from any USB storage device, enabling you to have, at any time, a portable programming environment.

Not looked at this in any real detail. Appears to be 32-bit only but does include a number of essential packages.

Unofficial Windows Binaries for Python Extension Packages

Provides 32- and 64-bit Windows binaries of many scientific open-source extension packages for the official CPython distribution of the Python programming language.

OK, so this is not a Python distribution but it is compelling. 32-bit and 64-bit platforms are catered for and MKL optimizations are available at no cost. Each package needs to be installed individually, which can be seen as both good and bad. Good because you only install what you actually require and bad because the initial installation is protracted. That said, it is on my evaluation list for this week.


Those are the Python Distributions I’m aware of. Are there any others I should consider?

Spring cleaning Arch Linux

About a year ago I migrated all my workstations, laptops and netbooks to Arch Linux. Since then, I’ve setup Arch Linux on a Raspberry Pi and this server was also recently migrated to Arch Linux.

I’ve had no major issues issues during the last year and have upgraded through five major Linux kernels, transistioned to systemd and upgraded from Gnome 3.2 to 3.8.

Although I have been disciplined about merging .pacnew files frequently, during the upgrades and my many experimentations I have packages installed that I no longer require and obsolete files kicking about.

After the upgrade to Gnome 3.8 I decided to clean up a little. I rarely dip into the AUR, but when I do I always use packer to clearly seperate what is official from what is not.

Finding what is installed

The following commands are useful for identifying installed packages based on where they were installed from. The package lists generated from the commands below can be quite big but often highlight packages that I know I’m no longer using nor require.

Listing installed packages

List packages installed from the official repositories.

pacman -Qq | grep -Fv -f <(pacman -Qqm)

List packages installed from the AUR.

pacman -Qqm

Listing installed packages by size

Use pacsysclean to list installed packages sorted by size, it helps identify large packages that are no longer required which can the be manually uninstalled.

Listing orphaned packages

List ophaned packages install from the official repositories.

pacman -Qqtd | grep -Fv -f <(pacman -Qqtdm)

List ophaned packages from the AUR.

pacman -Qqmtd

Getting package information

Get package information for a package in the official repositories.

pacman -Si <package>

Get package information for a package in the AUR.

packer -Si <package>

Removing orphaned packages

Removing ophaned packages manaully can be very time consuming, but is by far the safer option. However, I decided to take a brave pill a uninstall all orphaned packages automatically.

Remove all ophaned packages installed from the official respositories.

sudo pacman -Rs `pacman -Qqtd | grep -Fv -f <(pacman -Qqtdm)`

Remove all ophanced packages install from the AUR.

sudo pacman -Rs $(pacman -Qqtdm)

Re-installing what you do need

When you do something scary like removing all the obsolete packages automatically, then you should really make sure you do have everything install that you require.

Re-install 64-bit base

sudo pacman -S --needed `pacman -Sqg base multilib-devel | grep -v gcc-libs | tr '\n' ' '`

Re-install 32-bit base

sudo pacman -S --needed `pacman -Sqg base base-devel | tr '\n' ' '`

Reinstall the groups required for a Gnome 3 desktop.

sudo pacman -S --needed `pacman -Sqg gnome gnome-extra telepathy | tr '\n' ' '`

Install all missing dependencies for packages in the official repositories.

sudo pacman -S --needed `pacman -Si [email protected] 2>/dev/null | awk -F ": " -v filter="^Depends" \ '$0 ~ filter {gsub(/[>=<][^ ]*/,"",$2) ; gsub(/ +/,"\n",$2) ; print $2}' | grep -v smtp- | sort -u`

Install all missing dependencies for packages in the AUR. This will re-install even if the package is already installed. I can’t be arsed to filter it out for a one liner.

sudo packer -S --noedit --noconfirm `packer -Si $(pacman -Qqm) 2>/dev/null | awk -F ": " -v filter="^Depends" \ '$0 ~ filter {gsub(/[>=<][^ ]*/,"",$2) ; gsub(/ +/,"\n",$2) ; print $2}' | grep -v java- | sort -u`

Find files not associated with a package

When packages are removed they may leave some files behind. The following will find all files not associated with a package. These files can not be automatically deleted, each entry requires assessment.

pacman -Qlq | sort -u > /tmp/db
sudo find /bin /etc /sbin /usr ! -name lost+found \( -type d -printf '%p/\n' -o -print \) | sort > /tmp/fs
comm -23 /tmp/fs /tmp/db

As with all sping cleaning chores, I got bored by this stage as my workstation was looking pretty tidy. Much of what is presented in this blog post is a rehash of what others have already contributed to the Arch Linux Wiki. I’ve just organised what “Works For Me ™” so I know what to do next year.


get-iplayer on Debian 6.0

I use get-iplayer to download TV programs so I can watch them on the devices that suit me, when it suits me. What follows is how I install get-iplayer on a headless Debian 6.0 server I have a home. The server is question is really low powered so building from source was not an option.

In order to install the latest version of get-iplayer (currently 2.82) on Debian Squeeze a couple of additional package respositories need enabling.

Enable the Debain Backports repository by adding the following line to /etc/apt/sources.list.d/backports.list.

deb squeeze-backports main

Enable the Debain Multimedia repository by adding the following lines to /etc/apt/sources.list.d/multimedia.list.

deb squeeze main non-free
deb squeeze-backports main

Update the repositories.

sudo apt-get update

Install the deb-multimedia-keyring package.

sudo apt-get --allow-unauthenticated install deb-multimedia-keyring

Install get-iplayer (currently v2.78) from the official Debian repositories, this will also install the dependencies.

sudo apt-get install get-iplayer

Install the get-iplayer suggested packages.

sudo apt-get install ffmpeg rtmpdump libdata-dump-perl libid3-tools libcrypt-ssleay-perl libio-socket-ssl-perl

I have seen it suggested that mplayer should also be installed. I’ve not determined if that is an absolute requirement. But this is how to install it on a headless Debian computer.

sudo apt-get --no-install-recommends install mplayer

Finally, upgrade get-iplayer to v2.82.

sudo apt-get install libmp3-tag-perl libxml-simple-perl
sudo dpkg -i get-iplayer_2.82-2_all.deb

At this point get-iplayer should be good to go and the get-iplayer website and man get-iplayer will assist you.


Ployer Momo8 IPS Custom Firmware

I bought a budget Android tablet a little while back that turned out to be really rather good. However, there were issues with the initial firmware.

  • Connecting to, or maintaining connection with, some wireless networks was unreliable.
  • When the internal NAND was under moderate load the tablet would become unresponsive.

Ployer released a firmware update in November 2012 and again in April 2013 which addressed these issues. Here’s the translated change log.

  1. Increase the volume buttons on the vertical screen.
  2. System, audio and video decoding, browser, Flash player, 3G module, boot animation module BUG repair.
  3. Update NandFlash, Mali, Wifi module drivers, while addressing some CTS tests BUG and the stability of the system as a whole has been further enhanced.
  4. Optimize Flash stability, improve the efficiency of the implementation of the DDR.
  5. Default input method Sogou input method.
  6. Update Google Pinyin input method.

However, the official Ployer firmwares come pre-loaded with a selection of Chinese applications and defaults to a Chinese language.


I decided to have a go a making my own custom firmware for the Ployer Momo8 IPS with the following goals.

  • Pre-rooted.
  • Removal of pre-installed Chinese apps.
  • Removal of bloatware.
  • Extend `/data’ partition.
  • Make it a “Google Experience” device.
  • ClockWorkMod Recovery (available to donors)

I think I’ve been fairly successful. My firmware includes Android 4.1.2 features and even some Android 4.2 features. Until someone successfully ports cyanogenmod to the Ployer Momo8 IPS or Ployer release a 4.2.x update then my firmware is the most complete “Google Experience” you’ll find for the device.


Below are the changes I made to the official Ployer Momo8 IPS firmware.


This release is mainly a fix for Google+. The builds are running now and will be available for download later today.

  • Integrated SuperSU 1.32
  • Tweaked WiFi 2.4Ghz Transmit Power. maxp2ga0 is now 76 in:
    • This appears to be the default for other devices with the same chipset, feedback welcomed.
  • Reverted PlusOne.apk to the version in 13.137
    • This should fix the force closes.


The purpose of this release is to refresh some system apps, address some compatibility isues and to offer versions of my custom firmware based on both 20130325 and 20121120.

  • Based on the Official Ployer MOMO8(IPS)-4.1.1-Firmware-20130325 and the Official Ployer MOMO8(IPS)-4.1.1-Firmware-20121120.
    • Feedback suggests that WiFi works better for some when using firmware based on the 20121120 version.
    • Only donors will have access to the 20121120 versions.
  • Integrated SuperSU 1.30
  • Removed the framework.jar patch as it introduces incompatibilties of its own.
  • Removed the PicoTTS voice data files from the /system partition.
    • PicoTTS voices can be selectively installed via Settings -> Language and Input.
    • This is a space saving measure and essential for the 20121120 version.
  • Updated the following, as of May 25th 2013:
    • Magazines.apk (Google Play Magazines)
    • Music2.apk (Google Play Music)
    • PlusOne.apk (Google+)
    • Talk.apk (Hangouts)


This release is focused on stability, adding the new Google Play features announced at Google I/O 2013 and also includes everything from the previous releases.

  • Integrated Android 4.2 sounds, fonts and boot animation
    • Boot animation is now the correct size, higher quality and doesn’t flicker at the end of a boot.
    • All Android 4.2 sounds and fonts are now included.
      • Fixed default notification sound.
      • Lock screen font looks much nicer.
  • Integrated Android 4.2.2 keyboard
  • Integrated Nova Launcher 2.1
  • Integrated Feedly 15.0.1
  • Integrated Power Toggles 4.6.6
  • Tweaked WiFi 2.4Ghz Transmit Power. maxp2ga0 is now 100 in:
    • /etc/firmware/nvram_RK901.txt was previously 74.
    • /etc/firmware/ was previously 76.
    • /etc/firmware/nvram_RK903.txt was previosuly 72.
    • /etc/firmware/ was previously 60.
  • Tweaked WiFi 5.0Ghz Transmit Power. maxp5ga0, maxp5gla0 and maxp5gha0 are now 100 in:
    • /etc/firmware/ were all previously 80.
    • /etc/firmware/ were all previously 80.
  • Added camera icon to the application drawer.
  • Fixed boot up time
    • Boot up time is significantly faster, with the exception of the first boot after a firmware flash.
  • Fixed apps disappearing from the Settings and the Play Store.
  • Replaced Google Talk with Hangouts
  • Removed Google Drive and Google Earth
    • When pre-installed they would Force Close.
  • Updated the following, as of May 16th 2013:
    • Books.apk (Google Play Books)
    • GestureSearch.apk
    • Currents.apk
    • GoogleEars.apk (Sound Search)
    • GmsCore.apk (Google Play Services)
    • Magazines.apk (Google Play Magazines)
    • Maps.apk
    • Music2.apk (Google Play Music)
    • Phonesky.apk (Play Store)
    • Talk.apk (Hangouts)
    • TalkBack.apk (Accessibility)
    • Videos.apk (Google Play Movies)


This version includes everything from the previous release plus the changes below.

  • Based on the Official Ployer MOMO8(IPS)-4.1.1-Firmware-20130325
  • Boot loader upgraded to 1.22
    • Switching to Upgrade mode in Rockchip Batch Tool is much quicker.
  • Extended /system partition from 375M to 428M
  • Removed more Chinese applications and bloatware
    • Removed UCBrowser shared objects from /system/lib
    • Removed QQMiniHD shared objects from /system/lib
    • Removed more Adobe Reader shared objects from /system/lib and fonts from /system/fonts/adobefonts
  • Integrated Clockworkmod Recovery to 6.0.31 (donors only)
  • Integrated Adobe Flash
  • Integrated File Wrangler 1.5
  • Integrated AdAway 2.3 (Google now blocks all advert blockers from the Play Store)
  • Replaced Launcher2 4.1.5 with Nova Launcher 2.0.2
  • Replaced the default wallpaper with the default wallpaper from the Nexus 10.
  • Removed User Management - it was not reliable.
  • Removed Chrome.apk but updated /system/lib/ from Chrome 26.0.1410.58
    • This is a space saving measure but ensures the ROM is Chrome compatible.
  • Updated the following, as of May 10th 2013:
    • Authenticator.apk
    • CalendarGoogle.apk
    • Currents.apk
    • Drive.apk
    • Earth.apk
    • Gmail.apk
    • GooglePlayBooks.apk
    • GooglePlayMagazines.apk
    • GooglePlayMovies.apk
    • GooglePlayMusic.apk
    • GooglePlayServices.apk
    • Keep.apk
    • Maps.apk
    • Phonesky.apk (Play Store)
    • PlusOne.apk (Google+)
    • Street.apk
    • YouTube.apk


What didn’t change

  • I haven’t modified build.prop to make the Ployer Momo8 IPS masquerade as another brand or model of Android device. I will not be making this change, please don’t request it.
  • Although my firmware includes many features from Android 4.1.2 and some from Android 4.2 I haven’t bumped the Android version or Build number. That would be dishonest and misleading.

Known Issues

  • Adobe Flash is enabled the first time the Browser app (not Chrome) is executed.
  • Hangouts app does not work on the first boot following a firmware flash. It does works correctly on subsequent boots.
  • Although busybox is included in the ROM, no sym-links are created.
  • Some Gameloft titles may not work, Asphalt 7 for example. Do other Gameloft titles work properly? This problem is present in the official Ployer firmware too, there are framework patches to fix this problem but they seem to introduce other incompatibilities.


Please consider donating to this project. It is nice to have the effort I’ve put into this custom firmware recognised. I don’t ask for much, it is at your discretion, but just think how happy I’ll look when I am sipping the beer you bought me :-D


You’ll need Rockchip Batch Tool which include the RockChip USB drivers and the firmware flashing utility. I’ve modified Rockchip Batch Tool to default to English language and removed old logs and transient data to reduce the size of the download. You’ll also need the firmware itself.

Download Rockchip Batch Tool and the STOCK RECOVERY version of the ROM. Unzip both archives once they are downloaded.

How to Flash

Warning Always (I can’t stress this enough) flash the STOCK RECOVERY version of my custom ROM. Never flash the CWM RECOVERY version without first having flashed the STOCK RECOVERY version. If you are upgrading from another ROM (even one of mine) always flash the STOCK RECOVERY version first.

Flashing this ROM will will effectively factory reset your tablet, wipe your installed apps, app data and preferences. If you have rooted your tablet you might want to consider making a backup with Titanium Backup * root. If you have not rooted your tablet then you could use Helium - App Sync and Backup.

  • Install the Rockchip USB drivers included with Rockchip Batch Tool.
    • This was simple of Windows XP but I couldn’t get Windows 7 to accept the Rockchip drivers. However, installing MoboRobo on Windows 7 provided the correct driver.
  • Turn the Ployer Momo8 IPS on.
  • On the tablet go to Settings -> Developer options and untick USB debugging.
  • Start RKBatchTool.exe.
  • In RKBatchTool choose firmware file, click the Switch button. The device icon should change to green to indicate a successful connection.
Note The very first time your `Switch` to upgrade mode, Windows may prompt you to install additional Rockchip USB drivers.
  • Only if the device icon changed to Green, click Upgrade.
  • The firmware will be flashed and the tablet will automatically reboot into Recovery.
  • You will see a green Android and then the paritions (/data, /cache and /mnt/sdcard) will be formatted.
    • /mnt/sdcard is the internal memory, not the microSDHC card inserted in the card reader.
  • When the formatting is complete the tablet will reboot.

The first boot may take a little longer than usual. You will be presented with the Welcome wizard where you can configure language and locale, etc. You can optionally enter your Google Apps or Gmail account credentials and doing so will prompt for which Wifi network to associate with.

Rockchip Batch Tool Video

I’ve also made a video showing how to flash the firmware. Frankly, the hardest part is getting the Rockchip drivers installed.

How to Flash the CWM version

Warning Like I said, never flash the CWM RECOVERY version of my ROM without first having flashed the STOCK RECOVERY version. The CWM version is made available to donors.
  • Flash the STOCK RECOVERY version of the ROM as detailed above.
  • Follow the same procedure, but this time flash the CWM RECOVERY version.
  • When the CWM RECOVERY flash is complete the tablet will boot into CWM recovery. Do the following:
    • wipe cache partition
    • advanced -> wipe dalvik cache
    • ++++++Go Back++++++
    • reboot system now
  • The tablet will reboot, it will be a slower boot than usual but subsequent boots will be quicker.

ClockWorkMod Recovery

Booting to recovery can be achieved using the pre-install Quick Boot app.

The Ployer Momo8 IPS only has one hardware button (power) so CWM is controlled with gestures.

  • Swipe up/down: up/down
  • Swipe left: select
  • Swipe right: back

The Power button also acts as select, which I find to be the most reliable way to select an action.


Does this custom firmware fix WiFi connectivity?

Short answer, possibly.

Of all the WiFi networks I have access to, only one causes the Ployer Momo8 IPS to encounter weak signal and intermittent connections. When using the Official Ployer firmware on that WiFi network, connecting more than 5 meters from the access point is unreliable and maintaining a connection is almost impossible.

Using my firmware I can connect and maintain a connection up to about 10 meters from the access point. My testing, and the feedback from others suggests the my firmware improves the WiFi signal by 8 to 10dBm.

From my testing the Momo8 IPS appears to have issues with some wireless access points, possibly related to the chipset in the access point or the Momo8 IPS, but I’ve not been able to pin it down. That said, I’ve got access to 2 Draytek Vigor routers and the Momo8 IPS does not work well with either of them. Every other wireless network I’ve connected to works well.

For example, at home I stream 720p movies via DLNA over WiFi and watch them on the Momo8 IPS using MX Player. It works perfectly and never buffers or lags. However, your mileage may vary.

Why should I always flash the STOCK RECOVERY version first?

Short answer, it’s the safest option.

There are 6 different ROMs (official or otherwise) that I am aware of for the Ployer Momo8 IPS. They all have slightly different partition layouts. If you flash one of my CWM RECOVERY ROMs over a ROM using a slightly different partition layout, it will almost certainly soft brick the tablet. The STOCK RECOVERY will always correctly format the partitions directly after a flash, thereby mitigating the risk of soft bricking the tablet.

Ooops, I’ve soft bricked my tablet. What do I do?

Read the comments here, there are several useful tips. You can also use the comments here to see if anyone can offer assistance. Alternatively, go the Ployer Momo8 forum on Slatedroid, read what others have done and ask for help.

How do the 20130325 and 20121120 versions differ.

The differences Ployer made between 20130325 and 20121120 is not well documented. I did some additional analysis of what changed between the November 2012 and April 2013 releases from Ployer, you can find my notes here:

In addition to whatever Ployer changed, this is how my 20121120 differs from 20130325.

  • The /system partition on the 20121120 version is 375MB, therefore the following system apps are not included:
    • AdAway.apk
    • Authenticator.apk
    • Books.apk
    • Currents.apk
    • Feedly.apk
    • GestureSearch.apk
    • Keep.apk
    • Magazines.apk
    • Videos.apk
    • YouTube.apk
    • All of the above can be installed from the Play Store, which the exception of AdAway which can be side-loaded.
  • Boot loader is version 1.20 rather than the newer 1.22.
  • All other tweaks and modifications are the same.

Some people have reported that WiFi is more reliable when using a firmware based on 20121120. Due to the size of the custom firmwares and the bandwidth they consume, custom versions of my firmware based on 20121120 are only available to donors.


Your feedback is welcome, please use the comments are below.

Headless Debian 6.0 Torrent Server

I recently switched ISPs at home and now have unlimited high speed broadband.

Finally I can participate in torrenting Linux .ISO images. I always download the latest distros using BitTorrent and can now contribute to the community by seeding the distros I’ve downloaded.

I have a small (in size and resources) Debian 6.0 headless server at home that I wanted to turn into a torrent box. I’m a big fan of Transmission since it can be managed from the shell, web and Android phone/tablet. Sadly, the Transmission packages in the official Debain squeeze repositories are quite old, 2.03 at the time of writing, and there are no Transmission packages in Debian Backports.

However after flexing my google-fu I found a 3rd party Debian Squeeze repository that includes fairly current (2.73 at the time of writing) Transmission packages specifically for headless use. Yah!

Install Transmission Daemon

First become root.

sudo -s -H

Add the repository key.

apt-key adv --keyserver --recv-key 92B84A1E

Add the repository.

echo "deb squeeze main" > /etc/apt/sources.list.d/balocco.list

Update the package list.

apt-get update

Install Transmission.

apt-get install transmission-cli transmission-daemon transmission-webinterface

Basic Configuration

The Transmission settings can be found in /etc/transmission-daemon/settings.json.

Information If `transmission-daemon` is running when you make changes to `settings.json` the changes you make will be discarded the next time `transmission-daemon` is started.

Therefore either stop transmission-daemon before you make any changes or you can make the daemon reload settings.json by sending it the SIGHUP signal.

Connect from anywhere

If you want to be able to connect to Transmission from anywhere on the Internet stop transmission-daemon, make the following changes to settings.json and then start transmission-daemon.

"rpc-password": "YourPlainTextPassword",
"rpc-username": "YourUsername",
"rpc-whitelist-enabled": false,

The rpc-username field will need adding but you can edit the existing entry for rpc-password. Enter the rpc-password as a plain text string, Transmission will automatically convert the password to a hash the next time it is started.

Connect via a browser

You should now be able to access the Transmission web interface via If you didn’t change the username and password (you really should) the defaults are:

  • Username : transmission
  • Password : transmission

Connect via Android

I have an Android phone and an Android tablet. I use Remote Transmission on my Android devices to manage my torrent box.

Connect via the shell

If, like me, you spend the majority of you time at the shell. Then transmission-remote-cli is probably for you. All my workstation run Arch Linux so I install transmission-remote-cli as follows.

sudo pacman -S transmission-remote-cli

See the GitHub project page for tramission-remote-cli for instructions on how to connect to a remote Transmission daemon.

Block List

Regardless of how you intend to use Transmission you should enable a block list, this can be done via settings.json and the web interface. The following block lists are a good start.

That covers the basics for getting Transmission running on headless Debian 6.0 and how to connect to it from just about anywhere and on any device. I recommend reading the Trasmission Wiki as Transmission is capable of so much more than I have covered in this blog post.

Happy torrenting.


Install nginx on Debian

My webserver of choice is nginx, it’s resource friendly, fast, reliable and versitile.

I have a resource constrained Debian 6.0 “server” and wanted to deploy nginx on it for testing. Sadly, the nginx package in the Squeeze repositories is very old but fortunately, the nginx team maintain a Debian package repository.

Add the nginx repository.

sudo nano /etc/apt/sources.list.d/nginx.list


deb squeeze nginx
deb-src squeeze nginx


deb wheezy nginx
deb-src wheezy nginx

Download the nginx package signing key.


Add the nginx package signing key to the keyring.

sudo apt-key add nginx_signing.key

Update the repositories.

sudo apt-get update

Install nginx.

sudo apt-get install nginx

I run ufw on my VPS so use the following to allow external access to my website.

sudo ufw allow 80/tcp

nginx is installed and can be configured in the usual way.


nullmailer on Arch Linux

I’ve been a fan of nullmailer for some years now, so much so that I took ownership of the nullmailer package for Arch Linux.

> nullmailer is a sendmail/qmail/etc replacement MTA for hosts which
> relay to a fixed set of smart relays.  It is designed to be simple to
> configure, secure, and easily extendable.

The other advantage nullmailer has compared to similar tools is that is queues email until it is able to deliver it upstream.

Install nullmailer as follows.

packer -S --noedit --noconfirm nullmailer

Configuring nullmailer to relay via Gmail can be achieved using SMTPS or MSA. nullmailer has had these capabilies since 1.10. The following provides some useful clues /usr/lib/nullmailer/smtp --help.

While these examples are specific to relaying via Gmail, you can sse it is trivial to adapt them to any other mail host.

Relay via Gmail using MSA

Add to following to /etc/nullmailer/remotes. I prefer this technique. smtp --port=587 --auth-login [email protected] --pass=Yourpassword --starttls

Relay via Gmail using SMTPS

Add to following to /etc/nullmailer/remotes. smtp --port=465 --auth-login [email protected] --pass=Yourpassword --ssl

Once you’ve got /etc/nullmailer/remotes configured start the nullmailer service.

sudo systemctl start nullmailer

To test nullmailer can relay email correctly do the following.

echo "Test 1" | mailx -s "Test One" [email protected]

You can see what nullmailer is up to by checking the systemd journal or syslog (if you’ve syslog enabled systemd). This is how to get the logs from the systemd journal.

journalctl _SYSTEMD_UNIT=nullmailer.service

Or via syslog.

sudo grep nullmailer /var/log/daemon.log

When you’re happy nullmailer is working enable the systemd unit.

sudo systemctl enable nullmailer

Email will now flow as required.

Uncomplicated Firewall (UFW) on Arch Linux

While migrating one of my VPS servers to Arch Linux I deployed Uncomplicated Firewall (UFW) to handle basic firewalling duties. I like ufw as it provides simple host-based firewall management and, in my opinion, one of the better projects to come out of the Ubuntu camp.

Install ufw as follows.

sudo pacman -Syy -noconfirm --needed ufw

Configuring ufw is simple but make sure you have console access to the host you are configuring just in case you lock yourself out.

NOTE! When enabling ufw the chains are flushed and connections may be dropped. You can add rules to the firewall before enabling it however, so if you are testing ufw on a remote machine it is recommended you perform…

ufw allow ssh/tcp

…before running sudo ufw enable. Once the firewall is enabled, adding and removing rules will not flush the firewall, although modifying an existing rule will.

Set the default behaviour to deny all incoming connections.

sudo ufw default deny

Open up TCP port 22 but with rate limiting enabled which will deny connections from an IP address that has attempted to initiate 6 or more connections in the last 30 seconds. Ideal for protecting sshd but you should conisder other SSH brute force defense techniques as well.

sudo ufw limit tcp/22

I’m hosting a few websites on my VPS so I open http and https.

sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

Enable the ufw systemd unit.

sudo systemctl enable ufw
sudo systemctl start ufw

However, ufw is not enabled at this point. To enable the firewall you also have to do the following.

sudo ufw enable

You can see the status of the firewall using sudo ufw status.

On low-end servers it might be beneficial to disable logging.

sudo ufw logging off

At this point you should have a basic firewall configured and ufw help or the references below will assist you.


Installing Nikola on Arch Linux

I’ve decided to migrate one of my servers to Arch Linux. I’m not sure that a rolling release distro really suits servers but I’ve enjoyed using Arch Linux over the last year on my workstations and the only way to assess it’s suitability on a server is to try it. So, I’ve decide to migrate my blog to an Arch Linux server.

This blog post describes how to install Nikola on Arch Linux. Nikola is a static site and blog generator written in Python that I’ve been using for a few months.

First you’ll need Python and virtualenvwrapper so read my Python and virtualenv on Arch Linux and Ubuntu blog post and get yourself equiped.

Install the Nikola dependencies.

sudo pacman -S --noconfirm --needed freetype2 libxslt libxml2
sudo packer -S --noconfirm --noedit libjpeg6

Create a virtualenv for Nikola.

mkvirtualenv -p /usr/bin/python2.7 nikola-640

You will notice your shell prompt has changed to indicate that the nikola-640 virtualenv is now active. Install Nikola and the optional libraries I use.

pip install

If you intend to use the Nikola planetoid (Planet generator) plugin you’ll also need to following.

pip install peewee feedparser

Nikola is now installed. nikola help and the Nikola Handbook will assist you from here on.

Flattr this