Directory structure for a Flask project

Flask does not impose a strict directory structure, in fact, Flask does not impose anything at all – your whole project can be just a single .py file! This was slightly worrying me when I was just starting out with Flask. What goes where? Will I shoot myself in the leg if I do XYZ? These and many more questions were occupying my mind. Continue reading “Directory structure for a Flask project”

Directory structure for a Flask project

How to split tar file and then reassemble it on Windows

Today I was presented with an interesting task – copy a large ISO file onto a USB stick that is formatted with FAT file system, meaning that only <4GB files can be copied onto it. I immediately thought of tar (can archive files without actually compressing them) and split, but how do I reassemble it on Windows?

Turns out it’s easy! Continue reading “How to split tar file and then reassemble it on Windows”

How to split tar file and then reassemble it on Windows

How to install StarCraft on OSX

Last week me and my friend decided to play StarCraft, I didn’t had it installed so I went on Blizzard’s website to get it, but unfortunately OSX support is only up to 10.6.X (I run 10.11.X) so that was out of the question. I still bought it though, because I’ve heard of Wine – a way to run some of the Windows games on Mac. Continue reading “How to install StarCraft on OSX”

How to install StarCraft on OSX

Basic iptables firewall

iptables is a firewall installed by default  in Debian. This is the template I usually use:

*filter

#  Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 -j REJECT

#  Accept all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#  Allow all outbound traffic - you can modify this to only allow certain traffic
-A OUTPUT -j ACCEPT

#  Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL).
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT

#  Allow SSH connections
#  The -dport number should be the same port number you set in sshd_config
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT

#  Allow ping
-A INPUT -p icmp -j ACCEPT

#  Allow VPN
# -A INPUT -p udp -m state --state NEW -m udp --dport 1194 -j ACCEPT
# -A FORWARD -s 192.168.88.0/24 -j ACCEPT
# -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

# Allow DNS requests
# -A INPUT -p udp --dport 53 -j ACCEPT
# -A INPUT -p tcp --dport 53 -j ACCEPT

# Allow SMTP
# -A INPUT -p tcp --dport 25 -j ACCEPT

#  Log iptables denied calls
# -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

#  Drop all other inbound - default deny unless explicitly allowed policy
-A INPUT -j DROP
-A FORWARD -j DROP

COMMIT

*nat

# VPN related
# -A POSTROUTING -s 192.168.88.0/24 -o eth0 -j MASQUERADE
# in openvz/vservers you may need the following instead
# -A POSTROUTING -s 192.168.88.0/24 -j SNAT --to-source 178.62.115.60

COMMIT

Continue reading “Basic iptables firewall”

Basic iptables firewall

Django, OSX and firewall exceptions

I don’t even think I can count how many times have I got the popup window that says, Do you want the application ‘python’ to accept incoming network connections? I have always clicked Allow only to find out later that it has been added to firewall exceptions and is set to Allow incoming connections, yet I still get this popup. Every. God. Damn. Time. So how do we cure this? Fortunately, very easy!

Now, that popup is there for a reason, but since I use python for development, I trust it. In real life you should always be careful when allowing incoming connections!

Signing python binary

Fortunately, I have an iPhone developer code signing identity, so for me it was as easy as activating virtual environment and running:

codesign -s "iPhone Developer" -f $(which python)

A dialog will appear, click Allow. Done!

Now, those of you who don’t have a code signing identity should head here and scroll down to To use the Certificate Assistant to create a self-signed signing identity section and follow the steps there. Once you have obtained a code signing identity run the aforementioned command .

Django, OSX and firewall exceptions

Using Let’s Encrypt with NGINX

Let’s Encrypt is a free, automated, and open certificate authority (CA),  that provides an easy way to obtain and install free TLS/SSL certificates!

In this tutorial I will show you how to use Let’s Encrypt to obtain a free SSL certificate and use it with NGINX running on Debian 8.5 aka Jessie.

Goal of this tutorial is to have a HTTP server that will serve Let’s Encrypt domain validation files through HTTP and redirect everything else to HTTPS.

Continue reading “Using Let’s Encrypt with NGINX”

Using Let’s Encrypt with NGINX