Use npm install -g in ~/.local non-root

| by jpic | nodejs npm linux

This articles presents the most convenient way to deal with global node packages as non-root user.

By default, npm install -g tries to write a root-writable directory and greets you with:

$ npm install -g cypress
WARN checkPermissions Missing write access to /usr/lib/node_modules
npm ERR! code EACCES
npm ERR! syscall access
npm ERR! path /usr/lib/node_modules
npm ERR! errno -13
npm ERR! Error: EACCES: permission denied, access '/usr/lib/node_modules'
npm ERR!  [Error: EACCES: permission denied, access '/usr/lib/node_modules'] {
npm ERR!   stack: "Error: EACCES: permission denied, access '/usr/lib/node_modules'",
npm ERR!   errno: -13,
npm ERR!   code: 'EACCES',
npm ERR!   syscall: 'access',
npm ERR!   path: '/usr/lib/node_modules'
npm ERR! }
npm ERR!
npm ERR! The operation was rejected by your operating system.
npm ERR! It is likely you do not have the permissions to access this file as the current user
npm ERR!
npm ERR! If you believe this might be a permissions issue, please double-check the
npm ERR! permissions of the file and its containing directories, or try running
npm ERR! the command again as root/Administrator.
Read More


| by jpic | linux devops best-practice


| by jpic | docker linux containers best-practice

playlabs: 30 seconds overview

| by jpic | playlabs linux python ansible best-practice
Quick version of the previous article on playlabs $ playlabs Playlabs: the obscene ansible distribution. Init your ssh user with your key and secure sshd and passwordless sudo: playlabs init root@ # all options are ansible options are proxied playlabs init @somehost --ask-become-pass Now your user can install roles: playlabs install docker,firewall,nginx @somehost And deploy a project, examples: playlabs @somehost deploy image=betagouv/mrs:master playlabs @somehost deploy image=betagouv/mrs:master plugins=postgres,django,uwsgi backup_password=foo prefix=ybs instance=hack env. Read More

PlayLabs: the Obscene Ansible Distribution, long version

| by jpic | python linux ansible best-practice playlabs
From baremetal to deploying docker images on a PaaS in one command ? PlayLabs is the result of a refactor of playbooks we've had in production for a while to acheive hackable docker-based PaaS. The refactor was designed to be Open Source, almost there to beta. PlayLabs combines simple ansible patterns with packaged roles to create a docker orchestrated paas to prototype products for development to production. PlayLabs does not deal with HA, for HA you will need to do the ansible plugins yourself, or use kubernetes … but until then, PlayLabs do everything else, even configure your own sentry or kubernetes servers ! Read More


| by jpic | linux containers docker Build docker images without docker.


| by jpic | linux containers docker kubernetes


| by jpic | linux docker linuxcontainers
Building Better Containers: A Survey of Container Build Tools [I] - Michael Ducy, Chef CNCF [Cloud Native Computing Foundation] Published on Dec 15, 2017 If you stick to the “industry standard” method of building containers (Dockerfiles), it’s easy to build containers that contain libraries, tools, binaries, and more that you don’t need. One survey showed that over 75% of containers contain a full Operating Systems. So how can you build containers that only contain the bits you require to run a particular application, and nothing more. Read More


| by jpic | linux bash A new promising Bash framework !

Unattended LXD setup

| by jpic | linux linuxcontainers ubuntu
LXD requires an interactive tty by default. For non-interactive setup, something like this should be executed: Then, apt-get install lxd and you'll have a configured lxd just as if you had interactively configured it !

Scripted Cache AnyThing - HTTPS included - in Python with mitmproxy

| by jpic | linux python security ci
The last article demonstrated how we could simply make any https flow going out a virtual bridge network interface through mitmproxy to cache anything. In this article, we'll focus on the logic to “cache anything” from within our mitmproxy script. Design We'd like each fetched file to be stored in a directory as is to make it easy to tweak the cached content: remove a file from the cache directory to force the proxy to re-fetch it, fill the cache directory with your own files, have the cache directory mountable in a memory (ie. Read More

Scripted MITM AnyThing in Python with mitmproxy

| by jpic | linux python security ci
This article describes how to get a working transparent HTTP/HTTPS proxy which you can script in Python. I intend to use it to have custom caching and be able to abstract away all HTTP/HTTPS connections made in my LXC containers which are spawned by CI to be able to test deployment scripts even when internet is down. A nice journey ;) First, install mitmproxy with pip: pip install mitmproxy mitmproxy documentation describes the iptables commands to intercept Assuming you have LXC with Nat. Read More

YourLabs Arch Linux Package Repository

| by jpic | arch linux postgresql
Today is the grand openning of our Arch Linux package repository, with the release of postgresql-bdr. It's a patched PostgreSQL server with BiDirectionnal Replication which seems too good to be true. I ran split brain tests and it reacted amazingly well, although it needs all nodes to be up for schema updates which is ok to me because I won't be running upgrades while I have a broken node: I'll be working on fixing it. Read More

Speed up your travis-ci builds with container based infrastructure

| by jpic | travis-ci python django linux
Travis-ci just released container based infrastructure for open source repository (free users). We tried it with our apps, and you can see we had some performance increase, even on database-intensive jobs: django-autocomplete-light normal build takes around 1 hour and 35 minutes while it takes rather 1 hour and 22 minutes with container based build]( so that's around a 10% build speed increase, pretty cool right ? read on ;) django-cities-light normal build takes around 5 hours and 45 minutes, on travis-container it takes around 3 hours and 30 minutes ! Read More

Install Arch Linux on a dedicated server via Ubuntu Live

| by jpic | linux dedibox ansible
In the process of making YourLabs new cloud, I ordered a first dedicated server at They don't provide an installer for Arch Linux, but they do provide a “rescue mode” which is at this time Ubuntu 13.04 Live. Boot that and get an Arch Linux install on BtrFS with just one command: Format /dev/sda to BtrFS Partionning and install arch linux in subvolumes with just one command: ansible-playbook -i "yourhostname," -e "hostname=your_host_name" --ask-sudo-pass rescue_reinstall_arch_linux. Read More

SSH Kung Fu

| by jpic | linux
A great article summarizing many of the possibilities of SSH, a must-read !

Fun with debugging symbols

| by jpic | linux gdb security
This article follows up with Basics of GDB debugging, focus on symbols. List symbols with nm Use the nm command to list symbols in a binary: $ nm main 0000000000600920 B __bss_start 0000000000600920 b completed.6330 0000000000600910 D __data_start 0000000000600910 W data_start 0000000000400440 t deregister_tm_clones 00000000004004b0 t __do_global_dtors_aux 00000000006006f8 t __do_global_dtors_aux_fini_array_entry 0000000000600918 D __dso_handle 0000000000600708 d _DYNAMIC 0000000000600920 D _edata 0000000000600928 B _end 00000000004005a4 T _fini 00000000004004d0 t frame_dummy 00000000006006f0 t __frame_dummy_init_array_entry 00000000004006e8 r __FRAME_END__ 00000000006008e0 d _GLOBAL_OFFSET_TABLE_ w __gmon_start__ 00000000004003a8 T _init 00000000006006f8 t __init_array_end 00000000006006f0 t __init_array_start 00000000004005b0 R _IO_stdin_used w _ITM_deregisterTMCloneTable w _ITM_registerTMCloneTable 0000000000600700 d __JCR_END__ 0000000000600700 d __JCR_LIST__ w _Jv_RegisterClasses 00000000004005a0 T __libc_csu_fini 0000000000400530 T __libc_csu_init U __libc_start_main@@GLIBC_2. Read More

GDB debugging basics

| by jpic | linux gdb security
Introduction GDB is a debugger for executables “objects” on Linux. It will use source code and “debug symbols” if available: source code to display the code ie. corresponding to a specific frame at runtime, debug symbols to display variables and functions names like in the code. What's the relation between security and GDB ? Well it will help finding security bugs which may be vulnerabilities to buffer overflow. Read More

Strace basics

| by jpic | linux security strace
This is the first of a series of articles on security and exploiting. For starters we'll cover basic debugging tools before we get into actual exploiting because the first step to exploiting is reverse-engineering most of the time. The series targets experienced developers and tries to go straight to the point for them. Every article in this series is tagged “security”. Introduction strace is a tool that prints system calls like open, connect, etc … and signals like INT, KILL, etc … of a process. Read More

Better manual reader with most: the slang-pager

| by jpic | linux
The default pager in most linux distributions is more. But it's not very colorful. This article presents a more fun alternative: most. Your manual probably looks like this: Not very awesome, wouldn't it be nicer to have it with colors ? like this: Then go ahead and install most, ie.: sudo apt-get install most Try it out: MANPAGER=most man man If you like it, set something like that in your . Read More

Bash interactive scripting basics

| by jpic | linux bash
A variable looks like this: export FOO=bar To get a variable in your interactive shell, source the script that contains it as such: source script_that_contains_FOO echo $FOO A function looks like this: function foo() { echo foo } To run a function in your interactive shell, source the script and call the function like this: source script_that_contains_foo foo To debug something that's wrapped in a bash function or script, set the -x option. Read More

Better git log

| by jpic | linux
Better git log

Drupal 7 with nginx and uwsgi-php example configuration

| by jpic | linux php uwsgi nginx
Drupal is a CMS written in PHP which supports PostgreSQL. It is made for mod_php and Apache, thought it works with uWGSI and Nginx. When you have tried uWGSI you know why you want this. Example nginx configuration: server { server_name; root /srv/drupal/www/; error_log /tmp/nginx_drupal.log; index index.php index.html; location / { try_files $uri @rewrite; } location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; } location ~* files/styles { access_log off; expires 30d; try_files $uri @rewrite; } location ~ . Read More

First 5 Minutes Troubleshooting A Server

| by jpic | linux
A very nice article about troubleshooting a server

PostgreSQL for beginners: Initial configuration

| by jpic | postgresql linux
Those are notes taken from the talk “PostgreSQL when it is not your job” by Christophe Pettus from PostgreSQL Experts Inc. at DjangoCon Europe 2012. This article describes how to make a basic PostgreSQL configuration: logging, memory, checkpoints, planner. Note: this article is mostly a transcript from the talk by Christophe Pettus: so send all the cookies to him. Thanks ! That's around 12 configuration options and you're done. Read More

Intel's 6-year-late copy of PaX's UDEREF (Sep 7 2012)

| by jpic | linux
TL;DR: Intel implements UDEREF equivalent 6 years after PaX, PaX will make use of it on amd64 for improved performance. Read article ….

Linux 3.8 was released on Mon, 18 Feb 2013.

| by jpic | linux
Linux 3.8 was released !

OpenVim interactive online guide to Vim

| by jpic | linux
Vim is a great text and code editor for command line interface. OpenVim presents an interactive tutorial which seems nice for new beginners.

Alarm script that wakes up your laptop from hibernation: proof of concept

| by jpic | linux
This (quite ugly) script will play some music at a certain time. It will also wake up the computer if it is hibernating. I intend to make a proper app from this, but for now feel free to try out the “proof of concept”.

Microsoft looking to release Office for Linux in 2014

| by jpic | linux
I find this news quite funny !

Manage your bash aliases in the cloud in the cloud

| by jpic | linux

Desura: awesome open source multiplatform Steam alternative for indie games

| by jpic | linux games
Whether you are just a linux user or an indie game developer, you've got to try out desura which is open source. Just click “Linux” -> “Download” -> run the small file -> it will auto update and greet you ! As simple as 1, 2, 3 !

Distro-agnostic craftman’s guide to python environment management

| by jpic | linux python
This article demystifies deployment of Python applications on any unix flavor. It’s distro agnostic approach is possible by a pragmatic use of each layer of a standard python application. This article targets system administrators and why not python developers as well? Crafting python Compiling Python is blazingly easy and fast, particularly for veteran php system administrators ! First things first, to see the compile flags of an existing python installation, the “sysconfig” module can be used: Read More

Disk space WTF

| by jpic | linux
What do you think is the problem when vim starts complaining that it can't write swap files, postgresql starts complaining that there is no disk space left, when df output is: >>> df Filesystem 1K-blocks Used Available Use% Mounted on udev 10240 4 10236 1% /dev run 10240 156 10084 2% /run /dev/md1 10403064 1298596 8580184 14% / shm 8188088 0 8188088 0% /dev/shm tmpfs 8188088 124 8187964 1% /tmp /dev/md2 105366664 62467912 37588548 63% /home This post also credits the awesomeness of Open Source and particularly community driven support Read More
Previous Page 2 of 4 Next Page