What’s up with the FSF?

By arfore | Published: July 26, 2008

So there is a nice report on cnet about an human denial of service attack on the Apple Retail Store Genius Bars.

According to this story, and the FSF site DefectiveByDesign, the goal is to book as many 10-minute time slots as possible over a two-day period at the Apple Store in a lame attempt to bring more attention to what the FSF sees as the defective nature of the iPhone 3G.

Richard Stallman, the founder of the FSF, has stated:

The motive for DRM schemes is to increase profits for those who impose them, but their profit is a side issue when millions of people’s freedom is at stake; desire for profit, though not wrong in itself, cannot justify denying the public control over its technology. Defending freedom means thwarting DRM.

He also describes DRM as Digital Restrictions Management:

However, since its purpose is to restrict you the user, it is more accurate to describe DRM as Digital Restrictions Management.

If Stallman’s purpose is to be obstructionist and unhelpful then he and his campaign has succeeded.

While it is laudable for Stallman and his FSF pals to despise DRM, it is definitely not laudable for him to block well meaning customers from receiving customer support by the vendor of a product they have purchased or use.

As for his whole campaign against DRM, I think that he is barking up the wrong tree.  If he really wants to eliminate the completely legal restrictions against the usage of DRM files on his favorite platform, then maybe he needs to work on changing the law.

It’s fine and good for him to characterize the anti-piracy claims as being propaganda by the media companies, but if people weren’t stealing the movies and music, then there wouldn’t be a need for the DRM.  I know plenty of people that download illegal copies of music, movies and television shows.  That means that no money is going to the artists, actors, and producers for those copies that are stolen.  And while I don’t agree on the statistics that the media companies are touting when it comes to the stolen media, I do agree that these thefts are making it more expensive to abide by the law.

As for not having a legal player on the free software platforms, maybe if the GNU and Linux crowd weren’t quite so rabidly against paying for software then there might be some incentive for a developer to license the codecs from Microsoft and Apple.  If these companies are as greedy as Stallman claims then it is doubtful that they would pass up the chance to have yet another market for their products.  I know that I would personally pay for the ability to legally play all of my iTunes Music Store purchases on a Linux-based media center computer.

Related posts

This entry was posted in general and tagged computers. Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

Tablet PC Restoration – Part 1

By arfore | Published: June 8, 2008

This is part one of a short series of articles detailing the process I went through to restore a friend’s table pc after her hard drive dies due to a head crash.

Background

My friend has a Gateway CX210X Convertible Notebook. This model uses a SATA internal drive. Her drive died sometime last Friday afternoon while working in Windows. You got the standard click of the drive arm against the platter that wouldn’t stop.

I tried some basic restoration techniques to see if I could at least see the drive:

Nothing worked. So I went out and bought a new hard drive for her from one of the local computer places in Valdosta, Belson’s pcXchange.

Installation Problems

At this point I thought I was going to be homefree, boy was I wrong. The first hurdle was getting the Windows install cd to even see the hard drive. Apparently the bios for the CX210X does not have a legacy option to allow the SATA controller to be seen as a standard IDE controller. No problem, I can just use a USB floppy drive to load the drivers before the install, right? Wrong.

According to Microsoft there are only three USB floppy drives that are supported in the Windows XP installation process. While the one I had was a Sony drive, it was not the right model. When using the F6 installer option the drive was read, but later in the installation process when it needed it the second time the drive was not seen. At work we had run into this problem when installing Windows Server 2003 on a Sun x86-based server. The way around it for us was to used the ILOM port and install the OS remotely. This was not an option in the restoration of this machine.

Slipstream to the rescue

After reading a lot on Google, it turns out the best solution for this was to get the driver from Gateway’s support site and adding it to the installation cd.

While I have done this with a service pack before, I had never added in drivers, but I doubted that it would be that difficult.

I found a site or two that discussed adding the drivers into the cd by hand using Microsoft’s sysprep process, but there was a better solution. The guys over at nLite have put together a great piece of software that made the whole process like butter. It makes adding patches, drivers and hotfixes a breeze, and you can even use it to create an ISO to burn and boot.

Installation Time

Time to let her rip! So the installation process worked out just great. The installer recognized the drive and after installation I had network right off the bat.

What’s next?

The next step will be to get all the updates and see about the Tablet hardware.

Related posts

This entry was posted in geeky and tagged computers, operating systems, windows. Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

Adding an Active Directory group to local admin on Mac OS X 10.5

By arfore | Published: October 21, 2009

One of the standard methods of configuring Mac OS X in the enterprise has become known as the magic triangle or golden triangle. This is generally described as a setup involving Active Directory (AD) for authentication of the clients and services and Open Directory (OD) for managing the client preferences.  The triangle comes from the fact that you have the Mac clients talking to AD, the clients also talking to OD, and the Mac server talking to AD. (Apple officially calls this the magic triangle setup in the Snow Leopard Server Open Directory Administration documentation.)

One of the issues I ran into was granting a non-admin in AD the ability to perform administrative functions on the clients bound to AD.  The way this is handled with the Windows clients is for the particular AD user to be a member of a group that grants local administrator privileges.

Unfortunately there is no simple equivalent on the OD side of the equation to allow this for the technicians working on the Mac OS X clients.  If you add an AD user to the system level group Open Directory Administrators using Workgroup Manager (WGM) this has no effect on whether a user is granted local administrator privileges to a connected client machine.

The solution to this involves:

  1. creating a group in OD to hold the members of AD that should have local administrative privileges,
  2. adding this OD group to the requisite local workstation groups to mimic the standard administrative privileges, and
  3. adding the OD group to the sudoers file

Step 1: Creating the OD group

Anyone who uses WGM to manager OD users and groups will have no trouble with this step at all.  It is a simple matter of creating the new group in WGM and assigning the appropriate membership.  Make sure that you are editing the correct directory in WGM, it should be something similar to

/LDAPv3/127.0.0.1

The only real decision to make during this step is whether to include individual AD users or to nest an AD group inside the OD group.  Nested groups can sometimes be tricky to handle correctly, but with some care this shouldn’t be an issue.  I chose to use a nested AD group, since I am not the AD Group Policy manager, and I didn’t want to be constantly updating the OD group memberships.

Step 2: Adding the OD group to local admins

This is where the fun part begins.  It might seem fairly straightforward to handle this step, however without some investigation you may find your work incomplete and your technicians (as well as yourself) frustrated.  If your think about this logically you would come to the conclusion that you just need to add the OD group as a member of the local admin group.  While this is correct, it is only partially correct.

The first thing you should do is to use the id command to determine the default memberships of a local admin on the client.  When I ran this command on my workstation I got the following result:

it04984:~ arfore$ id support
uid=501(support) gid=20(staff) groups=20(staff),98(_lpadmin) 81(_appserveradm),79(_appserverusr),80(admin)

As you can see from the text above, I was logged in as the user arfore but I was investigating the membership of the local administrative account named support.  What is interesting about the result is that a standard administrative level account is a member of four groups that perform administrative functions.

The basic administrative functions, such as installing applications and changing most of the systems level preferences can be performed by any member of the group admin.  There are other functions that require membership in the other three groups, however, such as:

  1. adding or removing a printer
  2. pausing or deleting a print job
  3. configuring WebObjects directories and apps for deployment

If you don’t use WebObjects or develop WebObjects applications using XCode, then you are safe to ignore the following two group memberships:

  • appserveradm
  • appserverusr

In order to add your OD group to the admin and lpadmin groups, you need to execute the following two commands:

dseditgroup -u LOCAL_ADMIN_SHORT -p -o edit -a OD_GROUP_SHORT -t group -n /Local/Default admin

dseditgroup -u LOCAL_ADMIN_SHORT -p -o edit -a OD_GROUP_SHORT -t group -n /Local/Default lpadmin

When using these command replace LOCAL_ADMIN_SHORT with the shortname of the local administrator account and OD_GROUP_SHORT with the shortname of the OD group.  You will be prompted for the password of the local administrator account when running the commands.

What these commands are doing is to edit the group membership of the admin or lpadmin groups in the local directory node to add the membership of the OD group.  If you only want to add a single OD user to the local administrator groups, say for instance an augmented user, then do the following commands:

dseditgroup -u LOCAL_ADMIN_SHORT -p -o edit -a OD_USER_SHORT -t user -n /Local/Default admin

dseditgroup -u LOCAL_ADMIN_SHORT -p -o edit -a OD_USER_SHORT -t user -n /Local/Default lpadmin

The only changes made were to substitute the shortname of the OD user and to change the type of record being added to be a user instead of a group.

One of the side effects of this process is that the local groups will be converted to GUID format.

Step 3: Adding the OD group to the sudoers file

If you work with the command line on a regular basis, or even a semi-frequent basis, you will have no doubt run into an occasion to use the sudo or su commands.  The sudo command lets you execute operations as the super-user, or root.  In Mac OS X the root user account is not enabled for login by default, however there are many times that it is useful to have super-user privileges, such as when you need to create an nsmb.conf file to get around the problem with smb connections to a Windows-DFS share.  The su command allows to become another user, or to substitute their identity for yours.  This can be useful when working as the root user for any extended period of time.

While adding your OD group to the local administrator groups will suffice for almost anything that is executed through the Finder or the other various GUI applications, the command line utilities of sudo and su don’t understand nested groups.

This is easily fixable by using an existing local administrator account and editing the file

/etc/sudoers

There are two methods for editing this file:

  1. using the visudo command, which is expressly design for this purporse
  2. using a standard text editor and the sudo command

Regardless of which method you use, the necessary change is as follows

  1. open the file in the editor
  2. find the section labeled
    # Uncomment to allow people in group wheel to run all commands
  3. add a line similar to the following underneath it
    %stafflocaladmins ALL=(ALL) ALL
  4. save the file

What this does is to allow any user of the client that is a member of the group “stafflocaladmins” to perform operations requiring the sudo or su commands.

Afterword

The end result of these operations will be a setup that allows for the technicians to perform the necessary administrative functions when on-site without opening up the local users permissions beyond an acceptable point.

These techniques can also be combined with changes to the /etc/authorization file to allow a user to change the timezone or the screensaver, even add a printer or change the region code on the DVD drive.  For more on the authorization file check out the article at AFP548.com for more on this file and how to use it.

Related posts

Bug in 2.6.19 Kernel

By arfore | Published: April 15, 2007

In the process of rebuilding my MythTV box with Gentoo, I found a bug in the 2.6.19 kernel when it comes to using wireless and ndiswrapper for my Linksys WMP54G v.4 PCI card.

When you configure the kernel you normally have to only select CONFIG_NET_RADIO=y and CONFIG_NET_WIRELESS=y.

But with the 2.6.19 kernel I discovered via post on a board that you also need to select one of the wireless chipsets as a module, even if you don’t plan on using it. If you don’t do this then CONFIG_NET_RADIO will still be marked as “n” when the kernel is built even though that isn’t what you selected at config time.

To check the required values you can use the following command:

zgrep CONFIG_NET_RADIO /proc/config.gz
zgrep CONFIG_NET_WIRELESS /proc/config.gz

Related posts

This entry was posted in geeky and tagged linux. Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

Office 2007 document types and webservers

Well, over the weekend some of the other sysadmins of the world provided the solution to the Office 2007 file download problems.

It’s all about the mime types. For those of you not in the know, a MIME type is an Internet Standard that is used to help webservers and e-mail servers know what kind of files are being served up and sent out. Check out the Wikipedia article for more.

So on an Apache webserver you need to add the following to your mime types file:

application/vnd.openxmlformats docx pptx xlsx

Thanks goes out to Vlad Mazek and his post on this one.

Now if only it was so easy for a Windows webserver running IIS. For the process on updating IIS, surf on over to the entry on David Oberton’s blog at a href=”http://uksbsguy.com/”>UK SBS Guy.

Related posts

This entry was posted in work and tagged apache, linux, windows. Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

Life without cable – Part 1

By arfore | Published: January 20, 2010

A little over a year ago I joined a growing group of people that are eschewing the cable monopoly for their viewing entertainment. After many years of being a faithful, if sometimes unwilling, cable subscriber, I realized that there was no financial sense to subscribe to a channel lineup consisting of roughly 80 stations simply to enable my self to obtain the content from 8-10 of those stations.

Over the years I had slowly upgraded one piece at a time so that I had gone from a simple cable box to a home-built MythTV setup to a Tivo HD.  Yet after all of these upgrades, I still felt that it was silly to be paying so much money to my local cable provider for so many stations that I never watched.

It was, then, with no small amount of interest that I watched the procession of the Family and Consumer Choice Act of 2007, which was supposed to allow families to choose and pay only for the stations that they wanted.  While this grew out of the fervor over the 2004 Super Bowl halftime show where Janet Jackson’s experienced a “wardrobe malfunction”, I was still happy to see that I might finally get a la carte cable.  Unfortunately, this bill never made it out of committee, and as of 2008 had not yet made it to the floor for a vote.

It seems that with all of this that my best option for both saving money overall and controlling what my money went too, was to drop the big cable provider and start using DVD rentals, NetFlix and the internet to obtain the programming I wanted to see.

My first step was to procure an easy-to-use method of playing video on the TV screen.  While I already had a relatively decent DVD player, I had begun to transfer a large portion of my DVD collection to a hard drive connected to my Mac laptop so that I could switch movies more easily.  Thus, in November of 2008 I purchased an AppleTV at the Apple Store in Lenox Square Mall while on holiday to visit my friends in Atlanta.

After setting up the AppleTV and connecting it to my iTunes library, I embarked on a long journey towards completely digitizing my music and movie collection.  This combined with the ability to buy or rent movies and television shows from Apple, went a long way towards my goal of being able to get the majority of the content I wanted without a monthly fee to Mediacom Cable.

Still there was a large chunk missing: live television broadcasts of both dramatic content and live events.  My next post in this series will detail the steps I took to alleviate those holes using the AppleTV as a basis for some ingenious hacking.

Related posts

This entry was posted in personal and tagged apple tv, cablefree, netflix, personal, plex. Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.