Python MatPlotLib on MacOS

To accompany NumPy and PyLab we need a way of producing graphical output and the prefered route is MatPlotLib. The problem is that the ‘out of the box‘ pip installation on MacOS creates a slightly unfriendly configuration which means graphs don’t display without a ‘.show()’ command and then they’re in blocking mode so you cannot close them without a winge or two.

Assuming you are using the version of Python that comes pre-installed with MacOS. Unless already installed, install pip using:

sudo easy_install pip

There may be a complaint about the cache being owned by someone else, this is because the case is owned by you and you’re running the installer as root. I found that installing using sudo meant a smoother installation of Python libraries.

You can keep it up to date using:

sudo pip –update

Install the statistics libraries

sudo pip install numpy

sudo pip install pylab

sudo pip install matplotlib

To overcome the problem with displaying graphs, if it doesn’t already exist create a folder:

mkdir ~/.matplotlib

and create a file:

~/.matplotlib/matplotlibrc

that contains a single line

backend: TkAgg

the reason for this is the default backend for matplotlib is MacOSXwhich doesn’t seem to work.

Please note that this solution was eventually found on StackOverFlow and kindly provided by j4ck (14th Feb 2014).

Posted in Apple, Hints and Tips | Comments Off on Python MatPlotLib on MacOS

Punk Museum in Reykjavik

This gallery contains 1 photo.

Quite a find, the punk museum. Originally opened by Jonny Rotten of the Sex Pistols, for more information please visit their site: https://visitreykjavik.is/icelandic-punk-museum

More galleries | Comments Off on Punk Museum in Reykjavik

Little Viking Defending Iceland

This gallery contains 1 photo.

A little viking standing outside Icelands shops.

More galleries | Comments Off on Little Viking Defending Iceland

Natural Language Processing with Python

This is an excellent introduction into Natural Language Processing (NLP) and caters for those with Beginner and Intermediate experience. It is a compliment to the Natural Language Toolkit, a Python library that comes with sufficient resources to really get a head round this exciting area of computer science. 

For my part I purchased the book, as it looked like I would be using Python to write the tools to collect and analyse the data for my PhD. I have worked through the examples, and so far I’ve not been let down.

There is a companion website for the toolkit (http://www.nltk.org) which has also a companion to the book (http://www.nltk.org/book_1ed/).

There is an unpublished second edition of the book, which presents NLTK version 3, and Python 3 support. This book is published under a Creative Commons License and is hosted at http://www.nltk.org/book/

Note that there is a GitHub repository for the NL Toolkit, the address being: https://github.com/nltk.


Posted in Diary, PhD | Comments Off on Natural Language Processing with Python

OpenVPN 2.2.x and iOS 9.3.x – No routing over the VPN

Whilst going through the process of renewing certificates, and the recent updates for OpenVPN and iOS, I discovered that traffic was no longer being routed over the tunnel. There are a number of postings blaming changes that Apple have made in relation to IPv6. I’m unsure, but the fix was to alter the client.ovpn file to use an IP address in the remote directive instead of a DNS name.

e.g.

client 
dev tun 
proto udp 
remote 1.2.3.4 1194 
resolv-retry infinite 
nobind 
persist-key 
persist-tun 
mute-replay-warnings 
cipher AES-256-CBC # AES 
comp-lzo 
verb 3 
;mute 20 
<ca> 
—–BEGIN CERTIFICATE—– 
—–END CERTIFICATE—– 
</ca> 
<cert> 
—–BEGIN CERTIFICATE—– 
—–END CERTIFICATE—– 
</cert> 
<key> 
—–BEGIN RSA PRIVATE KEY—– 
—–END RSA PRIVATE KEY—– 
</key> 
<dh> 
—–BEGIN DH PARAMETERS—– 
—–END DH PARAMETERS—– 
</dh>

I hope this helps someone.

Posted in Apple, Hints and Tips, Security | Comments Off on OpenVPN 2.2.x and iOS 9.3.x – No routing over the VPN

Lego Lovelace got 10k Votes

Just had to post to say that “LEGO Ideas – Lovelace & Babbage” received the required 10,000 votes, so that it will be considered by Lego for manufacture.

This is awesome news …

The link to the Lego IDEAS page is:  https://ideas.lego.com/projects/102740

What is really cool about this kit is that there is space inside the Analytical Engine to house a micro board like the RaspberryPi. Fingers crossed it gets the go ahead for manufacture.

Update: On 28th Feb 2017, LEGO review board decided not to produce the project.

Posted in Diary | Comments Off on Lego Lovelace got 10k Votes

Ubuntu Changing the Device ID udev/rules.d

I do quite a bit of work with Virtual machines based on an ESX platform. One of the advantages of such a platform is the ability to create a template server, then duplicate copies as and when you need one. With most operating systems it’s just a question of changing the IP and hostname and you are in business.

In the case of Ubuntu Linux a udev rule is created for each network interface and which is bound to the MAC address of the card. Which makes loads of sense in the “Real World” but when you create a new VM an additional MAC address is generated. This can be a little frustrating as the first machine would have an eth0 the second an eth1 the third and eth2 and so on.

The database which stores these values is located in a file :

/etc/udev/rules.d/70-persistent-net.rules

An example of one of mine – on a third install.

# This file was automatically generated by the /lib/udev/write_net_rules
# program, run by the persistent-net-generator.rules rules file. 
#
# You can modify it, as long as you keep each rule on a single 
# line, and change only the value of the NAME= key. 
#
# PCI device 0x8086:0x100f (e1000)
SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”00:0c:29:c9:f4:13″, ATTR{type}==”1”, KERNEL==”eth*”, NAME=“eth1”
#
# PCI device 0x8086:0x100f (e1000)
SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”00:0c:29:c9:f3:19″, ATTR{type}==”1″, KERNEL==”eth*”, NAME=“eth0”
#
# PCI device 0x8086:0x100f (e1000)
SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”00:0c:29:38:fd:fa”, ATTR{type}==”1″, KERNEL==”eth*”, NAME=”eth2″

In this case whilst I would prefer the device to be known as eth0 it is in fact known as eth2.

# This file was automatically generated by the /lib/udev/write_net_rules 
# program, run by the persistent-net-generator.rules rules file.
#
# You can modify it, as long as you keep each rule on a single
# line, and change only the value of the NAME= key.
#
# PCI device 0x8086:0x100f (e1000)
SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”00:0c:29:38:fd:fa”, ATTR{type}==”1″, KERNEL==”eth*”, NAME=”eth0″

If the file is amended to the following and a reboot done all is sorted.
Don’t forget to amend the network configuration to reflect the change of device ID. In the case of UBUNTU this would be /etc/network/interfaces.

Posted in Linux | Comments Off on Ubuntu Changing the Device ID udev/rules.d

Alan Turing: The Enigma

This book is an excellent read, and whilst the film The Imitation Game as based on it, the book explains much more about his life and achievements.

Posted in Diary | Comments Off on Alan Turing: The Enigma

Multiple VPN’s on SRX using Loopbacks

For anyone who has tried to configure a Juniper SRX and source VPN’s using a loopback (as you do with Cisco) will have run into a problem. Only one loopback is permitted per VRF (or Routing-Instance). You can assign multiple IP addresses to the lo0.nnn interface but can only source a VPN from an interface.

The following example shows a snipped from the security section of the configuration and the undocumented command ‘local-address’ is presented in RED.

** Updated 05/02/15 **
Note that using more recent versions of JunOS (12.xx.x) it transpires that RSA certificate authentication only works using the primary IP address on an interface! When Pre-Shared keys are used it multiple IP addresses still work.

security {
pki {
ca-profile MY-ROOTCA {
ca-identity ca-root;
revocation-check {
crl {
url http://x.x.x.x/myroot.crl;
refresh-interval 1;
}
}
}
ca-profile MY-SUBCA {
ca-identity ca-sub;
enrollment {
url http://x.x.x.x:80/certsrv/mscep/mscep.dll;
retry 40;
retry-interval 2;
}
revocation-check {
crl {
url http://x.x.x.x/mysubca1.crl;
refresh-interval 1;
}
}
}
auto-re-enrollment {
certificate-id MY-CERT
ca-profile-name MY-SUBCA;
challenge-password "MYPASSWORD"
re-enroll-trigger-time-percentage 15;
re-generate-keypair;
}
}
}
ike {
proposal MY-IKE-PROPOSAL {
authentication-method rsa-signatures;
dh-group group5;
authentication-algorithm sha1;
encryption-algorithm aes-128-cbc;
lifetime-seconds 420;
}
policy MY-IKE-POLICY {
mode main;
description "CESG Interim PRIME-Compliant IKE Policy";
proposals MY-IKE-PROPOSAL;
certificate {
local-certificate MYCERT;
peer-certificate-type x509-signature;
}
}
gateway REMOTE-GW1 {
ike-policy MY-IKE-POLICY;
address x.x.x.1;
local-address x.x.x.100;
external-interface lo0.1;
}
gateway REMOTE-GW2 {
ike-policy MY-IKE-POLICY;
address x.x.x.2;
local-address x.x.x.101;
external-interface lo0.1;
}
}
ipsec {
proposal MY-IPSEC-PROPOSAL {
protocol esp;
authentication-algorithm hmac-sha1-96;
encryption-algorithm aes-128-cbc;
lifetime-seconds 420;
}
policy MY-IPSEC-POLICY {
perfect-forward-secrecy {
keys group5;
}
proposals MY-IPSEC-PROPOSAL;
}
vpn REMOTE-VPN1 {
bind-interface st0.1;
ike {
gateway REMOTE-GW1;
ipsec-policy MY-IPSEC-POLICY;
}
establish-tunnels immediately;
}
vpn REMOTE-VPN2 {
bind-interface st0.2;
ike {
gateway REMOTE-GW2;
ipsec-policy MY-IPSEC-POLICY;
}
establish-tunnels immediately;
}
}
Posted in Juniper, Security | Comments Off on Multiple VPN’s on SRX using Loopbacks

Studies Over – for now

It’s been over four years since I last posted and :

  • Gus is coming up to the age of four
  • I have renewed my CCIE R&S twice
  • I have (hopefully) completed an MSc in Advanced Networks
  • I have moved house
    and
  • I have changed jobs

(Sounds like a lot but it has been four years)

So with my New Scientist subscription in place, a RasberryPI on order and the usual unhealthy interest in science and technology, I’m back posting.

Mick

Posted in Diary | Comments Off on Studies Over – for now