ANNOUNCE: pymine-alpha revision 326, for Ubuntu (and Debian?) on Apache/WSGI

[Alec Muffett]

Hi All,

I'm happy to announce the pymine alpha-test installation kit for
Linux, developed and tested on Ubuntu 9.10 but hopefully viable on
Debian, too. OSX users, please see below.


You get it by the following:

# PLEASE SEE THE SECURITY NOTE, BELOW, BEFORE DOING THIS

wget http://pymine.googlecode.com/files/pymine_326-20091119001121-all.deb

sudo gdebi pymine_326-20091119001121-all.deb

# PLEASE SEE THE SECURITY NOTE, BELOW, BEFORE DOING THIS

...and then open:

http://localhost:9862/

...in your browser; this should connect you to your mine.

The default username is "pickaxe" and the password is whatever you
have elected to set it during installation; these are also the Django
superuser name and password, a role which will be split from the
"normal" user in a future version of the software.


Caveats:


1) DO NOT USE THIS SOFTWARE IN PRODUCTION -- YET.

To do so would be a bad thing because the minekeys currently
all have the SAME HARDCODED CRYPTO KEY because I am still refining
that code, so for providing access control it's currently
about as insecure as a kitten up a tree.

Give me a week or two and that will change dramatically.


2) The user interface is missing large chunks (still being written)
and is set up for developers, plus the CSS is still being poked by our
resident CSS expert. Watch this space.

Hint: If you get/use the Subversion development trunk instead, you
will get updates as they happen, though it may require extra
brainpower...


Upsides:


If you want some data to look at, do:

cd /var/mine/pymine

sudo sh populate-mine.sh

...and then go browse the stuff in your mine; I'll just say that I
think you'll find it interesting.


OSX Users:

You're not left out in the cold; pymine is actually *developed* on OSX
and then ported to Ubuntu (as it happens, on VirtualBox) - however the
OSX environment is heavily customised and I am looking into a way to
distribute a devkit for that; putting WSGI atop that is a *further*
hurdle to be crossed.

Anyone who wants to do Mine development on OSX, drop me a line.


Comments, suggestions, to:

themine...@googlegroups.com

- alec


==================================================================
:SECURITY NOTE:

POINT 1:

THE ALPHA-TEST INSTALLATION KIT PURPOSELY INSTALLS THE SOFTWARE
LISTENING TO A WILDCARD SOCKET: IN OTHER WORDS YOUR PYMINE
INSTALLATION WILL BE VISIBLE TO ANY MACHINE ON YOUR NETWORK, AND
POSSIBLY TO THE INTERNET AT LARGE.

IF YOU DO NOT WANT THIS, YOU MAY:

a) after installation, disable the WSGI service by doing as root:

cd /etc/apache2/sites-enabled
rm pymine.conf # it's a symlink
apache2ctl graceful

b) ...or amend the Listen and VirtualHost directives by doing

vi /etc/apache2/sites-enabled/pymine.conf

c) ...or firewall your machine

d) ...or instead install the full development kit as-described at:

http://themineproject.org/download/

...which does not automatically enable Apache/WSGI; instead you can
hand-hack the Apache config, or simply use the (slow) Django
built-in webserver via "make server"


POINT 2:

*Because* the Apache/WSGI pymine installation is connected to the
network, when it asks you to pick a password, choose a good one, and
don't make it the same as your login password.

==================================================================
==================================================================
==================================================================


--
alec.m...@gmail.com
http://www.crypticide.com/dropsafe/