Month: January 2014

Recently I had to build a custom form for VSU’s implementation of R25 by CollegeNet.  The form was designed to allow individuals to schedule an event at VSU using our facilities and equipment.  The form is a multi-part form that branches off at the third page based on prior answers.

One of the hurdles in the form creation was the necessity of validating the form input on a page before proceeding to the next part of the form.  While this fairly routine process can be accomplished by using a self-referencing form and validating the contents of the $_POST superglobal, the number of form elements made it somewhat cumbersome.

Enter the PHP Form Validation Script.  While searching for some ways to make the validation more painless to code, I ran across a nifty PHP script at the HTML Form Guide website.  It is a object-oriented PHP script that make it much easier to do the validation on html form elements.  There are quite a few pre-defined validation descriptors, plus a method that allows for overriding the DoValidate function to create your own custom descriptor.

There is one thing that I would like the script to handle natively:

1. use of a “pretty” or “friendly” name in the validation error messages, currently it displays the element name

There is also an undocumented validation descriptor in the script.  The pre-defined selone is used for a select/option element.  According to the code the default error message is “Please select an option for %s” and it check to ensure that the value for the element is set and that the value is less than or equal to zero.  If either of those check fail then the error message is displayed.

So one of the things that you probably ought not do is to link directly to a script on github or another development service, especially not directly to someone’s webiste.

In our internal corporate employee site, the devs have used a jQuery Easing plugin by George Smith Graphic Design in the UK.  Apparently they missed the notice on his plugin website about using a real CDN instead of hotlinking to the script on his site.

And even though they ignored that, you would think they would have seen the banner that comes up on the internal site itself.

So you have a RedHat/CentOS host that has just been handed off to you.  The host has been configured by the previous admin to mount some storage from a SAN. How do you find out what is mapped where?

Normally to determine what is mapped where and the relevant usage you could use:

This would give you something like the following output:

Filesystem Size Used Avail Use% Mounted on
/dev/sda3 233G 98G 124G 45% /
/dev/sda1 251M 46M 193M 20% /boot
tmpfs 48G 0 48G 0% /dev/shm
/dev/mapper/datasan_vg-datasan_lv 1.0T 218G 807G 22% /datasan
/dev/mapper/pglog_vg-pglog_lv 300G 193G 108G 65% /pglog
10.30.197.250:/vol/onesc_pglog/pg_dumps 238G 223G 15G 94% /backups/pg_dumps
10.30.197.250:/vol/onesc_pglog/pitr_backup 238G 223G 15G 94% /backups/pitr_backup

That’s all well and good. It shows you that you have two logical volumes datasan and pglog that are mounted on the root, but what if you needed to know more about those volumes?

To get more info on the volume groups, use the vgdisplay command:

— Volume group — VG Name pglog_vg System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 11 VG Access read/write VG Status resizable Clustered yes Shared no MAX LV 0 Cur LV 1 Open LV 1 Max PV 0 Cur PV 1 Act PV 1 VG Size 299.99 GB PE Size 4.00 MB Total PE 76798 Alloc PE / Size 76797 / 299.99 GB Free PE / Size 1 / 4.00 MB

VG UUID SrVfEk-e5fx-0x0i-WhXb-uqsM-Uh5S-FDcNeP

— Logical volume — LV Name /dev/pglog_vg/pglog_lv VG Name pglog_vg LV UUID wZBCcO-jGWW-LdkQ-Mbhl-Et8a-1sqC-5Ednj5 LV Write Access read/write LV Status available # open 1 LV Size 299.99 GB Current LE 76797 Segments 1 Allocation inherit Read ahead sectors auto – currently set to 256

— Segments — Logical extent 0 to 76796: Type linear Physical volume /dev/mpath/pglogp1

Physical extents 0 to 76796

Now that you know the physical volume(s) in the logical volume you can find out some details on the physical volume itself:

— Physical volume — PV Name /dev/mpath/pglogp1 VG Name pglog_vg PV Size 300.00 GB / not usable 4.03 MB Allocatable yes PE Size (KByte) 4096 Total PE 76798 Free PE 1 Allocated PE 76797

PV UUID CwxWYc-SjKX-KvPj-vJoq-i4dZ-2jzm-rHGNd1

Today while working on the AASU Blackboard VISTA custom login page, I ran into an issue loading Java applets.

Apparently, Google Chrome checks your browser plug-ins to determine if they are out of date when you attempt to load content requiring them.  Here’s a snippet from the Google Support Site about the bug feature:

To make sure you’re protected, whenever Google Chrome detects that a common plug-in on a page is out of date with a security vulnerability, a message will appear beneath the address bar notifying you that the plug-in has been blocked.

While this is a great feature, since it is an attempt to protect your computer from nefarious code, there are times that it just doesn’t work properly.

The situation I ran into is described on a chromium issue report.  Basically, the Linux version of Oracle Java 7 is being seen as out-of-date, even though it is the most recent version available.  When going into the Google Chrome plug-in preferences you may see the Java plug-in marked as disabled and showing the version number in red as well as a link to java.com to download a security update.

While Chrome does give you ability to run the plug-in each time it is used, this can rapidly become a pain in the rear.  The checkbox labeled Always Allow also doesn’t seem to work.

So what to do?  Well, you can either painstakingly click the Run this time button or you can run Google Chrome with a command line switch that turns off the plugin checking mechanism.

Being an intrepid sort that likes to live on the edge and dance where angels fear to tread, I chose to run with the checking mechanism turned off.  To update the Ubuntu application launcher to make this easier, I edited the following file:

/usr/share/applications/google-chrome.desktop

sudo vi /usr/share/applications/google-chrome.desktop

Look for the first instance of a line starting with Exec and alter it to read as follows:

Exec=/opt/google/chrome/google-chrome --allow-outdated-plugins %U

After saving the file and restarting Google Chrome you will no longer be bothered by the annoying Java plug-in error warning.  To verify this is working, you can enter the following on the command line:

ps ux | grep -v grep | grep allow-outdated-plugins

You should get back at least one result.

As a bonus, you can ensure that you are running the most recent version of Java (1.7.0_05 as of this writing) by doing the following on a command line:

java -version
javac -version

You should see something like the following:

foreandy@foreandy-iMac:~$ java -version
java version "1.7.0_05"
Java(TM) SE Runtime Environment (build 1.7.0_05-b05)
Java HotSpot(TM) 64-Bit Server VM (build 23.1-b03, mixed mode)
foreandy@foreandy-iMac:~$ javac -version
javac 1.7.0_05

So here at work we are running SGHE’s Banner Student Information System.  Part of the integration with the eFollett online bookstore isn’t working quite the way we want due to a bug that will not be fixed until Banner release 8.5 which we won’t have until sometime after classes start.

Due to the desire to find the books based on a class now, we had to create a system that would allow us to build the correct URLs for the eFollett system in a programmatic fashion.

The way we did it was to include an anchor tag as custom text within the Banner module.  The href attribute of the anchor tag contains an inline Javascript function that is used to pull the querystring parameters from the current Banner URL and pass that off to a separate system that will handle the redirection to the appropriate eFollett URL.

Too bad you have to be logged into the Banner account for it to work, since the query string is only available to an authenticated user.

The inspiration for this was the blog post Read URL GET variables with JavaScript by Ashley Ford.

Recently I ran into an issue with several websites and their functionality, or lack thereof, on Mobile Safari in iOS 4.3.3 on the iPad.

Mobile Safari doesn’t give you much in the way of native debug tools.  There is a debug console, which will display, at least in theory, any CSS, HTML or Javascript errors.

The only problem is that it won’t actually display all HTML errors.  For instance the problem I ran into was an HTML tag mismatch between an opening H2 and a closing H3.  Mobile Safari on iOS 5.1 displayed the page as designed, however on iOS 4.3.3 the bad closing tag was omitted which meant that all the children of that H2 had the CSS style “hidden” applied to them due to a class assignment.

You would think that this might trigger an error code in the debug console, however no such error occurred, and using the Safari iOS 4.3.3 – iPad user agent in desktop Safari on Mac OS X did not exhibit the error.

In searching for a tool to assist with debugging this problem natively on the iPad I ran across a great bookmarklet by Mark Perkins, called Snoopy.

This bookmarklet gives you all kinds of nifty information about the page you are looking at, including a view of the generated source.  Thanks to this tool I was able to find out exactly what was breaking the display on the iPad.

My last two posts, Starting NRPE via launchd and Nagios NRPE on OS X Server 10.5, concerned getting NRPE to run on OS X Server 10.5 and having it startup at system boot.

However, this is only part of the battle.  Once you have Nagios monitoring setup on your server you also need to have some nice options for checking the availability of your running services.

Tim Wilson from the Savvy Technologist, wrote an NRPE plugin that helps out with this.  The plugin check_osx_services does an excellent job of checking on the status for many services running on 10.5 Server.

The documentation on the plugin at the NagiosExchange site is pretty thorough.  One thing that is not mentioned is that you will need to run the check_osx_services script as superuser since it calls the system level command serveradmin which must be run as root.

Last week I posted on how to setup NRPE on Mac OS X Server.  Here is what you need to do to make it start up at system boot.

On a Linux or Solaris machine you can just include the call to the daemon in an init script like rc.local and it will be started when the OS boots.  Unfortunately, Apple has made this a little more difficult on Mac OS X with Tiger and Leopard.  The standard startup processes (cron, inetd, xinetd, etc.) have been rolled into a single process known as launchd.

Continue reading

Recently I was tasked to install the Nagios add-on NRPE on two OS X 10.5 servers.

I read a little on the ‘net about it, but no one actually had much in the way of a walkthrough, so I thought I would fill the void.

The basic steps involve compiling the NRPE source, but doing so involves altering some of the code.

Continue reading

My last two posts, Starting NRPE via launchd and Nagios NRPE on OS X Server 10.5, concerned getting NRPE to run on OS X Server 10.5 and having it startup at system boot.

However, this is only part of the battle.  Once you have Nagios monitoring setup on your server you also need to have some nice options for checking the availability of your running services.

Tim Wilson from the Savvy Technologist, wrote an NRPE plugin that helps out with this.  The plugin check_osx_services does an excellent job of checking on the status for many services running on 10.5 Server.

The documentation on the plugin at the NagiosExchange site is pretty thorough.  One thing that is not mentioned is that you will need to run the check_osx_services script as superuser since it calls the system level command serveradmin which must be run as root.

Last week I posted on how to setup NRPE on Mac OS X Server.  Here is what you need to do to make it start up at system boot.

On a Linux or Solaris machine you can just include the call to the daemon in an init script like rc.local and it will be started when the OS boots.  Unfortunately, Apple has made this a little more difficult on Mac OS X with Tiger and Leopard.  The standard startup processes (cron, inetd, xinetd, etc.) have been rolled into a single process known as launchd.

Continue reading

Recently I was tasked to install the Nagios add-on NRPE on two OS X 10.5 servers.

I read a little on the ‘net about it, but no one actually had much in the way of a walkthrough, so I thought I would fill the void.

The basic steps involve compiling the NRPE source, but doing so involves altering some of the code.

Continue reading

My last two posts, Starting NRPE via launchd and Nagios NRPE on OS X Server 10.5, concerned getting NRPE to run on OS X Server 10.5 and having it startup at system boot.

However, this is only part of the battle.  Once you have Nagios monitoring setup on your server you also need to have some nice options for checking the availability of your running services.

Tim Wilson from the Savvy Technologist, wrote an NRPE plugin that helps out with this.  The plugin check_osx_services does an excellent job of checking on the status for many services running on 10.5 Server.

The documentation on the plugin at the NagiosExchange site is pretty thorough.  One thing that is not mentioned is that you will need to run the check_osx_services script as superuser since it calls the system level command serveradmin which must be run as root.

Last week I posted on how to setup NRPE on Mac OS X Server.  Here is what you need to do to make it start up at system boot.

On a Linux or Solaris machine you can just include the call to the daemon in an init script like rc.local and it will be started when the OS boots.  Unfortunately, Apple has made this a little more difficult on Mac OS X with Tiger and Leopard.  The standard startup processes (cron, inetd, xinetd, etc.) have been rolled into a single process known as launchd.

Continue reading

Recently I was tasked to install the Nagios add-on NRPE on two OS X 10.5 servers.

I read a little on the ‘net about it, but no one actually had much in the way of a walkthrough, so I thought I would fill the void.

The basic steps involve compiling the NRPE source, but doing so involves altering some of the code.

Continue reading

My last two posts, Starting NRPE via launchd and Nagios NRPE on OS X Server 10.5, concerned getting NRPE to run on OS X Server 10.5 and having it startup at system boot.

However, this is only part of the battle.  Once you have Nagios monitoring setup on your server you also need to have some nice options for checking the availability of your running services.

Tim Wilson from the Savvy Technologist, wrote an NRPE plugin that helps out with this.  The plugin check_osx_services does an excellent job of checking on the status for many services running on 10.5 Server.

The documentation on the plugin at the NagiosExchange site is pretty thorough.  One thing that is not mentioned is that you will need to run the check_osx_services script as superuser since it calls the system level command serveradmin which must be run as root.

Last week I posted on how to setup NRPE on Mac OS X Server.  Here is what you need to do to make it start up at system boot.

On a Linux or Solaris machine you can just include the call to the daemon in an init script like rc.local and it will be started when the OS boots.  Unfortunately, Apple has made this a little more difficult on Mac OS X with Tiger and Leopard.  The standard startup processes (cron, inetd, xinetd, etc.) have been rolled into a single process known as launchd.

Continue reading

Recently I was tasked to install the Nagios add-on NRPE on two OS X 10.5 servers.

I read a little on the ‘net about it, but no one actually had much in the way of a walkthrough, so I thought I would fill the void.

The basic steps involve compiling the NRPE source, but doing so involves altering some of the code.

Continue reading

I you have read my previous post, GPG Best Practices, you will know that I am a fan of setting expiration dates on my GPG keys.

This has not always been the case. As with many computer users I tend towards the lazy, and if I can keep from having to re-learn a password by never changing it, then I have been guilty of doing so.

Recently, however, I have decided that this is not the best thing to do when it comes to computer security. So while restoring my computer this weekend after a rebuild of the OS to get rid of some cruft that had built up, I decided I needed to add expiration dates to all of my GPG keys.

Now I had already established one for my work e-mail at the time I created the key, but now I needed to go back and add ones to my personal keys. After reading the man page on GPG, it looked pretty easy. Just go into edit mode for the key I wanted to change, the add an expiration date. Simple enough, right? Wrong.

Turns out the what I wanted to do was feasible, just not readily apparent. I didn’t just want to set a date relative to the current date in day, months, weeks, or years. What I wanted to do was use a specific date.

Well, after some diligent searching on Google, I found the following in a post on the gnupg-users list:

>>Is it possible to set an explicit date (e.g. 31 Dec) rather than a >>duration? I suppose I could compute the number of days, but that’s

>>annoying.

Problem solved, mission accomplished.

Like many people who have some concerns over security on the Internet, I have started to use digital signatures for all of my mail sent from my regular e-mail client on my Mac.

While there are several avenues for this, I chose to use GPG. While I know that this means jumping through a couple of extra hoops in configuring my mail client, I decided that it was worth it, because unlike the Thawte Freemail certs, using GPG on my computer also means that I can encrypt files in addition to my mail messages, should I choose to do so.

I am wondering what the thoughts are on best practices when it comes to using GPG.

Here are a couple that I have come up with (learned through hard experience):

1. Backup your keys.

I cannot stress this strongly enough. If for some reason you have a catostrophic computer failure, you will need those backups in order to decrypt your e-mail once you restore your data backup. (You do back your data up, right?)

And when you make those backups, do not rely on just a digital backup. Backup both your public and secret keys in an ASCII-armor file and print the darned thing out. Digital backups are subject to data rot and any number of other technological snafu’s, but I have printed material that is perfectly readable after more than 20 years.

2. Make a revocation certificate.

The GPG mini-howto gives a couple of excellent reasons for doing this:

For instance: the secret key has been stolen or became available to the wrong people, the UID has been changed, the key is not large enough anymore, etc.

Just remember that revoking a key is not reversible.

3. Set an expiration date for your keys.

Just like changing passwords, you should regularly change your GPG keys. Don’t worry about losing track of the data that was encrypted with a key that has expired. You’ll still be able to open that data, it just means that someone won’t be able to encrypt with the old key unless they ignore the warnings about it being expired.

What this also means is that you should hang on to the expired keys, since you might need them to access some older encrypted files. (See best practice number 1)

4. Add commentary to your keys.

If you are like most heavy computer users, you have more than one e-mail address. And if you create a GPG key for each one of those, it would help to keep things orderly if you commented on the individual keys.

For example, the key I use for my work e-mail has a comment of:

Work Address

So, do you have anymore best practices?

Sad news came to me today by way of another member of the Yahoo! Group I am a member of. For those of you who may not know this, I lost my wife, Patricia Grace Fore, on August 16, 2004.

After Pattie died I joined a Yahoo! support group for young widows. They are a great group of people, whose numbers unfortunately grow way too fast.

One of the members of the group, Dusty, was a great guy who excelled in being tremendously optimistic about his life, even in the face of his own loss and his own health problems. He never failed to make us feel better about the situation we were in, even though his own was ofttimes worse than our own.

Dusty passed away last Sunday from his ongoing health problems.

There just aren’t words enough to express how sad this is and how much he will be missed. You are gone but not forgotten my friend, and you gave help and comfort to many of us along the way with your friendship and understanding.

Another member of the group wrote the following poem for Dusty some time back:

Grief is Like a River

“My grief is like a river I have to let it flow But I determine where the banks will go Some days the current takes me into waves of Guilt and Pain But there are quiet pools Where I can rest again I crash on the rocks of anger My faith seems faint indeed But there are other swimmers in here Who know what I need Loving arms around me. When the waters are to swift And I just seem to drift Someone kind like Dusty Listens to my broken Heart beat. Grief’s River is a process of Relinquishing the past By swimming into the Channel of Hope I’ll reach the shore

At last.”

— SF1

As many of us have said, you were our special angel, Dusty. Wind to thy wings, my brother and friend.

When trying to sort my cthub XML file recently I found out that my code from the post on sorting the role listing had stopped working.

Turns out that there was an error introduced into the format of this file when upgrading from Contribute 3.11.

As you are no doubt aware, when at least one admin upgrades to Contribute 4 or Contribute CS3 (aka 4.1) all the admins have to since there are upgrades made to the XML files that control the site. Well it appears that this upgrade makes the cthub file non-valid XML.

Take a look at this file and look for the tag font_use_css inside the group_list_item child node of the group_list node. In a copy of the cthub file that was upgraded you will find that this standalone tag is missing the appropriate closing slash. If you compare this against a copy of the cthub file from before the upgrade, assuming you made a backup, you will find that the tag is properly closed.

Since this file is the master file with all of the role information for the site, I wonder if this XML error is causing unknown instability in the system somewhere.

While this is an easy fix, I will be posting some code that you can run to fix this, since editing a file like this by hand can be a real pain.

While changing some things on my computer setup today I decided to change the name of my harddrive and computer to match my local DNS entry.

Having done this many times before I knew that there would be certain applications that would be looking for an absolute path that would have issues, such as Dreamweaver sites and the root folder locations for them.

Adobe Contribute (formerly Macromedia Contribute) has the same problem with the stored sites that you have setup prior to the name change.

Here is how to fix Contribute after changing the harddrive name:

1. Open up the Contribute preferences file located in /Users/USERNAME/Library/Preferences/

   (in my case the filename was Contribute 4.1 Preferences, this will be different for other versions) in your favorite text editor.

2. Start searching at the top of the file for each instance of the old harddrive name.
3. Replace each instance with the new harddrive name.
4. Save and close the file.

Now the next time you start Contribute, you won’t get the any error messages related to having missing site files.

Oh, and don’t forget to backup the file first. You do back up your data right?

Today we have a trio of performances by one of my favorite artists, Nina Simone.  I was first introduced into her work on the soundtrack for the film Point of No Return (a remake of one of my favorites, the 1990 French film La Femme Nikita).  Her rendition of the American spiritual song Sinnerman was also featured in the 1999 remake of The Thomas Crown Affair.  Two of today’s videos are from the Montreux Jazz Festival which is held each year in Montreux, Switzerland.  The third one is of her performance in 1968 at the Bitter End Cafe in Greenwich Village.

Feelings

from the Montreux Jazz Festival (1976)

My Baby Just Cares For Me

House of the Rising Sun and Go To Hell

Today we have trio of videos from one of my favorite groups from the UK, Massive Attack.

Massive Attack was founded in Bristol in 1988.   While you may not have heard of the group themselves, their music has been featured in a number of television shows and movies, including House, Prison Break, The Matrix, and Sliver.

The songs featured here are Teardrop, Angel, and Protection.  Teardrop, featured on the album Mezzanine and used in the television show House, features vocals by Elizabeth Fraser, the lead singer for the Scottish pop band the Cocteau Twins.  Angel, also from the album Mezzanine, features the vocals of roots reggae artist and songwriter Horace Andy.  You might find this song familiar as it was featured in a wide variety of television episodes and movies, including The Matrix, Firewall, The West Wing, and Third Watch.  Protection from the album Protection showcases the vocals of Tracey Thorn, best known as part of the duo Everything But the Girl.

Teardrop

Angel

Protection

A friend of mine took this photo of the Apple Store Tokyo, during a recent trip.

At work I am in charge of running our Macromedia Adobe Contribute Publishing Server.

Since I like to duplicate my work environment on my laptop for local development, I needed to install JBoss 4.0.5.GA.  I won’t go into why we are running such an old version, that’s all Adobe’s fault.

Installing JBoss

1. Download the JEMS installer for 4.0.5.GA from the JEMS Installer Downloads page at jboss.org.
2. Execute the installer:
   java -jar jems-installer-1.2.0.GA.jar
3. If you get asked to allow java to talk through the firewall, choose Allow.
4. The default installation location is: /Applications/jboss-4.0.5.GA

   It will create the directory if it doesn’t exist already.

5. During the install process choose the Advanced install method.  This allows you to pick your database environment, as well as making the process of securing the JMX Console and JBoss Web Console much easier.

Starting JBoss

1. Open a terminal
2. Goto the install location binary directory (I used the default)
   /Applications/jboss-4.0.5.GA/bin/
3. execute run.sh
   ./run.sh -b 127.0.0.1 &
4. You will see the output of the startup process show up in the terminal window.

Stopping JBoss

1. Open a terminal
2. Goto the install location binary directory
   cd /Applications/jboss-4.0.5.GA/bin
3. Run the shutdown script (don’t forget to authenticate!)
   ./shutdown.sh –server=localhost:1099 –shutdown -u admin -p password

Notes

• The default port for the HTTP connector is 8080
• The SSL connector is disabled by default

Today’s video is a collage of various scenes from a whole slew of anime shows. If you watch it closely you will see some scenes from Akira, Wolf’s Rain and Witch Hunter Robin, to name just a few.

The music used is Best of You by the Foo Fighters. This song appeared on the album Skin and Bones, which was released on Rosewell/RCA label on 2006-11-07.

A few weekends ago I had the privilege of being assigned to evaluate an iPad for use as a support tool by my boss. (thanks Ike!)

The first order of business was to figure out some basic tasks that we would need to accomplish as sysadmins that we could realistically use the iPad for.

Remote control via ssh for a unix server

For ssh I already had the iSSH application by Zinger-Soft [iTunes]. Fortunately they updated the application to be a universal application for both the iPhone and the iPad. I had used it with a fair amount of success on my iPhone in the past to reboot several servers over both WiFi and 3G data, most notably when I needed to reboot a MySQL server will on the way to Atlanta on I-75.

I was pleased with the changes that they made for the expanded screen real estate of the iPad. The split screen function when in portrait mode is quite useful when you need to juggle two connections at the same time, even if it can be a bit confusing at first.

The ability to handle X11 forwarding is also a nice touch, because there are some administration activities that require the GUI even on a unix system (think that favorite Oracle installer that we all know and love).

Remote access via RDP to Windows servers and desktops

Generally this is actually an easier task to sort out, due to the number of RDP clients that exist of the iPad. There are more clients out to handle this than you can shake a stick at, however they don’t all have the same features. The fly in the ointment with RDP support is the ability to work with the widest variety of server and desktop os installations, with encryption, etc. The large majority of them did state that they supported Server 2003, 2008 as well as Windows XP, Vista and 7.

What took some doing to was to find a client that would work in our security environment. Currently we require that all off-site RDP connections be tunneled through SSH. It turns out that none of the RDP clients out there support this yet. One of the most promising from this standpoint looks like iTap RDP by Honeder Lacher Wallner Softwareentwicklung OEG [iTunes]. This client supports FIPS and NLA. They have a nice compression algorithm that makes the connection work well even on a 3G network. While they don’t currently support RDP over SSH tunnels this is a planned feature in a future release.

Another possibility, depending on where we go with our VDI initiative is Wyse PocketCloud by Wyse Technology [iTunes]. PocketCloud for iPad supports both VMWare View connections and standard RDP connections.  This is the application I ended up testing, and I must say, I was pretty happy with it.  The manner in which it handles the mouse functionality is superb.  The support for the application seems a little subpar, but there is a fairly active forum.

Currently the only solution that I was able to find was to use iSSH for a tunneled VNC connection, since iSSH supports this. Of course, this means that you will need to install a VNC server on your desktop or server, but in my testing it did seem to work fairly well if a little sluggishly. One advantage to this is the fact that Mac OS X includes a VNC server by default, making connections to Mac servers and clients a fairly easy thing to accomplish. With WIndows 2008, it was a little more challenging due to the changes in security that were added by the UAC system from MS. I was unsuccessful in getting RealVNC Enterprise trial to work properly, however the beta of TightVNC worked nicely.  The latest version of iSSH does support ssh tunnels.  When you combine this with multitasking support on iOS 4 you then have ability to access a remote machine through a perimeter firewall without the need for VNC server. Unfortunately, this support is useless on the iPad until we get iOS 4, but it is nice to know that it is there.

Access to various web-based support services

This is not really much of a challenge, however it is worth mentioning that there are a number of web-based systems that don’t cooperate easily with Mobile Safari for various reasons. Some of them are Flash-based, which obviously won’t work, others are just not designed to work properly on a touchscreen device. Your mileage may vary.

Password storage

As is the case with most system admins, I have way too many passwords to keep up with than I can easily remember. When you combine that with the necessity of locking accounts after a certain number of failed attempts, it becomes rapidly necessary that I have a secure method of carrying passwords with me.

On my iPhone I have been using Lockbox Pro by GEE! Technologies [iTunes] for a while now, however in investigating an app for the iPad I spent a fair amount of time playing around with SplashID by SplashData [iTunes]. (Also, it looks like GEE! Technologies is having issues, since the company website link for their app in the AppStore doesn’t work and the support website looks fairly similar to the myriad of web-squatter websites that are out there.) Now if you use password managers, you most likely have run into SplashID before. One of the major points in it’s favor is the use of both 256-bit Blowfish encryption. New for the iPad version is the ability to use a swipe pattern to unlock the application, similar to the process that you can use to unlock some Android-based devices. It also supports numeric and alpha passwords for unlocking the database.

One of my favorite features of Lockbox Pro is the ability to have a large number of additional fields for an entry, not just a username and password. SplashID also has this feature. Also, another great advantage to SplashID is the ability to have a desktop application (both Mac and Windows) that you can sync your mobile device to. Not only does SplashID support the iPhone, iPad and iPod Touch, they also have clients for Android, WebOS, PalmOS, Blackberry and Series 60. The simple fact that I can sync my password data between multiple devices as well as my desktop makes this an ideal application. SplashID also supports auto-fill for websites, if that is your thing.  Of course, if you want it all on your the iPhone, iPad and the desktop your are going to have to fork out a lot of money, since each application is a separate charge.

Access to notes, procedures and documentation

As an admin, one of the most useful applications is one that allows me to have notes, procedures and documentation available when I need it. It can be difficult the juggle a keyboard, serial cable and a big fat, dead tree manual when in a datacenter, so having the essential docs on hand in a mobile environment is a must.

I think there are actually more possibilities in this particular category than any other I researched for this post. I have been a big fan of Evernote by Evernote Corp [iTunes] since it was released. It syncs to both the iPhone and iPad, as well as to the client on my desktop. Combine those abilities with web-clipping functionality in both Safari and Firefox on the desktop and you have a great tool for support.

Of course, sometimes you will need to store large documents, and unless you feel like paying for storage with Evernote, it might not work to upload the entire Solaris 10 reference, or the latest edition of the PHP function reference. To begin with I started searching for the perfect sysadmin application in the App Store, then I realized that I already had it, iBooks [iTunes]. With iBooks 1.1, Apple made PDF storage easy. Just drag the PDF into your Books section in iTunes and sync. Voila! Of course to make the docs more useful, they need to be converted into eBook format so that you can use the highlighting and search features, but in a pinch a raw PDF is quite handy.

I wish I could do that

There are still somethings that I wish I could do with the iPad, however I doubt I will get them.  One item on my wishlist would be a mechanism to allow me to use the iPad as a serial terminal.  Frequently I have to use a laptop with a serial port (or USB-to-serial adapter) to connect to a server in order to access the console.  It would be really nice to be able to do this from the iPad.  Another feature that would be nice would be something along the lines of the certificate management that you have in the Keychain Access application on the Mac.  I can see where it could come in handy to be able to import and export SSL certs from the device.

For some of you that have just upgraded to the shiny new WordPress 2.9 release, you may have noticed a nasty little message that states that Simple Tags won’t work with the version of WordPress that you now have installed.

The issue at hand here is that the code for the plug-in contains a hard-coded check for the version number to ensure compatibility. It doesn’t appear on the surface that there will be any issues with this plug-in and the new WP code. Continue reading

In the old days of the Internet search engine business you had a vast multitude of places to visit. There was Excite, Yahoo!, WebCrawler, Lycos, and many others. You had the search engine aggregators, such as Dogpile and HotBot.

What you didn’t have was a single source to use to search the whole of the web. When Google came along they created a way to analyze the relationships between pages to produce more useful results. The search results were no longer just a mishmash based on how many times a word existed in a page, now the results had a certain relevancy.

Then Google added advertising into the mix, providing users with a way to find products or vendors that had some correlation with the keywords entered. This was a great tool for the layperson and researcher alike. Along the way Google has added shopping results, images, news, videos, and maps. However they seem to have forgotten their core product: a clean, easy-to-use, clutter-free search engine.
Continue reading