Recently I had a need to test network communication between two different services over a specific port for a clustered application. Since I didn’t want to have to initiate an application failover just to test the network communication, I decided to use a simple Perl script to listen for inbound communication on the cluster node being tested from the development environment.
What the code does is to open a specific port for listening. I used the basic telnet client to send traffic from the source machine (client) to the destination machine (server).
Here are the code listings for the script for both Solaris 10 and AIX 6.1.
Solaris 10
#!/usr/bin/perl -w use strict; use warnings; use IO::Socket; # Local host bind address (hostname/ipaddr) my $LOCALADDR = 10.0.0.1 # Local host bind port my $PORT = 10240; my $sock = new IO::Socket::INET ( LocalHost => $LOCALADDR, LocalPort => $PORT, Proto => 'tcp', Listen => 1, Reuse => 1, ); die "Could not create socket: $!\n" unless $sock; my $new_sock = $sock->accept(); while() { print $_; } close($sock);
AIX 6.1
#!/usr/bin/perl -w use strict; use warnings; use IO::Socket; use Net::hostent; # for OO version of gethostbyaddr # Local host bind address (hostname/ipaddr) my $LOCALADDR = 10.0.0.1 # Local host bind port my $PORT = 10240; my $server = IO::Socket::INET->new( Proto => 'tcp', LocalHost => $LOCALADDR, LocalPort => $PORT, Listen => 1, Reuse => 1 ) or die "can't setup server"; print "SERVER Waiting for client connection on port $PORT\n"; my $new_sock = $server->accept(); while() { print $_; } close($server);
One of the things that many system administrators encounter in the quest for maintaining up-to-date servers is the need to apply regular maintenance releases. With some operating systems, Mac OS X for instance, the patches are released in two forms:
a delta update, which contains only the changes necessary to bring the system up-to-date from the current running release level
a combo (cumulative, full, etc.) update, which contains all changes for the current release branch
If you are lucky enough to be using an OS that gives you delta updates then you may not ever run into an issue where you don’t have enough internal drive space to update the OS. However, if you are running an OS, like Solaris, that uses cumulative clusters then this becomes more interesting.
One situation I recently encountered was a need to patch a Solaris 10 Sparc system that did not have sufficient internal drive space to store the unzipped patch cluster for patching the system in single-user mode. (You are patching in single-user mode right?)
The most obvious question would be: why not add another drive? Another obvious question might be: why not patch from cd/dvd? Well, adding a new drive to this system was not a viable solution since there were no available drives to install. Installing from DVD would have been a possible solution, if the patches had been unzipped and burned to disc prior to the maintenance window.
The next available option was to install the patches over the network. When patching a machine in single-user mode this becomes a little more problematic, since network resources and services are not generally available unless the server has been brought up in a multi-user mode.
After bringing the server up in single-user mode the next step was to start SSH and NFS so that the patch cluster could be installed over the NFS share. Generally with Solaris 10 all you would need to do is execute the following command for both SSH and NFS client:
svcadm enable
Unfortunately with single-user mode this will fail to work, since the dependent services are not auto-started. To accomplish this in single-user mode you need to add the -r flag which instructs svcadm to start the service and recursively start the dependent services. If you want a little more checking, also add the -s flag which tells svcadm to wait for each service to enter an online or degraded state before returning. Below are the commands for starting SSH and NFS along with the output of a service check to show the state after the command was executed.
After this was done all that was left was to mount the exported file system and run the patch cluster installation script. Since the cluster was not local to the system it took a little longer to install the cluster, but other than that everything went smoothly.
For those of you who know me outside of my blog (or those that have been following me on Facebook) it will not be a huge surprise that I am engaged.
On June 10, 2011, I asked my girlfriend, Lisa Nicole Vickers neé Shaw, to marry me. We are now officially engaged!
As a recent switcher from the Apple iPhone to an HTC Thunderbolt, there have been a few things that I have been sorting out with the usage of my new phone. I will be detailing some more of my adventures later, however one of the important things to me was how to retain the custom ringtones that I had created using GarageBand.
On the Mac custom ringtones are stored by default in the Ringtones directory within your iTunes Music directory.
The m4r files are really just AAC files with a custom extension that tells iTunes and iOS that it is a ringtone. They are not DRM formatted files or special Apple files, just ordinary AAC files. All you need to do to make them playable on Android is to change the file extension to either m4a or aac.
This is a real bonus since Android 2.2.1 will play AAC files with no problem (see http://developer.android.com/guide/appendix/media-formats.html)
Once I found this piece of information out, the only hurdle was to get the ringtones into a location that was used on my phone. Ideally I would be able to save them to the SD Card to save on the internal storage space and to eliminate the chance of a new software update (or a custom ROM installation) to wipe them out.
It turns out that in Android there is a whole host of pre-defined locations for various data types. As defined on the Android Developer Network:
Music/ – Media scanner classifies all media found here as user music.
Podcasts/ – Media scanner classifies all media found here as a podcast.
Ringtones/ – Media scanner classifies all media found here as a ringtone.
Alarms/ – Media scanner classifies all media found here as an alarm sound.
Notifications/ – Media scanner classifies all media found here as a notification sound.
Pictures/ – All photos (excluding those taken with the camera).
Movies/ – All movies (excluding those taken with the camcorder).
Download/ – Miscellaneous downloads.
With regards to the storage internal to the system, then, this would make the location for the ringtones be as follows:
/system/media/audio/ringtones/
The external storage location for ringtones would be:
/mnt/sdcard/media/audio/ringtones/
Once I had the filetype and location it was simple enough to mount the SD Card of my Thunderbolt and create the appropriate directory structure then copy the re-named file over.
Then open the ringtones settings pane on the Thunderbolt and voila the new ringtones are available.
In Outlook Live browser cookie issues, I discussed the issues surrounding cookie usage and the Outlook Live service. As you may remember, one of the problems surrounding turning off the blind support of third-party cookies is the check that is performed at logout. If the check doesn’t pass then you will get a warning message.
The fix for this from the MS perspective is to enable third-party cookies. One of the main reasons to not follow this is for better privacy while browsing the Internet. As with most computer security, web browser security is often a trade-off between usability and security. You have to know what to set things to to achieve a balance between good security and acceptable annoyance. Many users install ad-blockers, flash blockers, disable Javascript, etc. These are good tactics, but they also introduce browsing annoyances since the very technologies these plug-ins disable are what makes the web experience interesting and fun. For more on browser security check out Securing Your Web Browser at CERT.
Fortunately, in this particular case the solution is relatively easy. Since Mozilla gives us the ability to configure the browser directly, we can change how Firefox handles cookies.
First you will need to open Firefox and go to the site about:config to edit the settings. This is not really a website, but a method provided to directly configure some browser settings. You will be presented with a warning box, just click the button.
Next, in the filter box type network.cookie, this will narrow the list displayed down to only the ones dealing with cookies. One of the settings to be changed already exists, the other will have to be added.
The setting that you want to change is:
network.cookie.cookieBehavior
Change network.cookie.cookieBehavior to have a setting of 3, enabling the change, by double clicking on the number in the Value column and entering the new value in the dialog box.
To add the new preference, right click in the window and select Integer from the New submenu.
Enter network.cookie.p3plevel in the dialog box that appears. Set the value to be 3 in the second dialog box. There is no save function, the changes take effect immediately, just close you browser tab/window.
After making these changes you will now be able to successfully navigate the Outlook Live site and logout without getting the warning message. You will also be better protected from nefarious third-party cookies.
If you want to change the preferences back to the defaults, simply open the preferences for Firefox and click the checkbox next to Accept third-party cookies.
Apparently this functionality was part of Firefox 2 but was subsequently removed after someone complained about the size of the code required to implement it (a total of 60k in what is now a 56.9MB, at least that’s the size of the application on Mac OS X). In reading through the comments in the Bugzilla post, I fail to see where anyone makes a decent argument for reducing end-user security. For more on all of this, check out the references section of this post.
These changes were implemented on Mac OS X 10.6.4 using Firefox 3.6.11, but it should be pertinent to Windows and Linux as well.
References
Frequently I write posts that others may find useful. In fact I have even been cited in software manuals and on other sites across the web as a reference or a resource for information on a particular topic. Earlier today a visitor to my site alerted me to the fact that two of my posts on the Nagios system and using it with Mac OS X had been copied outright on a blog located in Belgium.
While imitation may be the sincerest form of flattery, wholesale plagiarism is not very flattering at all.
The website in question is the WordPress blog published by CP IT Solutions, Inc. Both posts are obvious copy/paste entries from my own blog. Here are the details:
The person in question is apparently a Microsoft Certified Professional, and also hosts a Joomla site on the same domain.
WordPress blog – http://cpsolutions.be/wordpress/
Main site – http://www.cpsolutions.be/JOOMLA/
I wonder what his clients would think if they knew that he was just copying other people’s work and putting it up as original thought? I have sent e-mails to both the owner of CP IT Solutions as well as the ISP for his site. Interestingly enough, for someone that provides IT consulting services they use a hosting provider rather than run their own site, as seen by the WHOIS entry below, hopefully they are going to be called on for hosting consultancy services.
WHOIS entry for cpsoltuions.be
% WHOIS cpsolutions
Domain: cpsolutions
Status: REGISTERED
Registered: Wed Sep 27 2006
Licensee:
Not shown, please visit www.dns.be for webbased whois.
Agent Technical Contacts:
Last Name: Kristof De Vlieger
Company Name: DVK Systems & Consultancy BVBA
Language: nl
Street: Luikersteenweg 547
Location: 3800 Sint-Truiden
Country: BE
Phone: +32.11768005
Fax: +32.11768002
Email: [email protected]
Agent:
Name: DVK Systems & Consultancy Bvba
Website: www.dvkhosting.be
Nameservers:
ns3.dvkhosting.com
ns2.dvkhosting.com
Sure many of us use snippets and other items from our fellow IT professionals, but at the very least give credit where it is due.
In June of 2010, Valdosta State University transitioned to using Microsoft’s Live@EDU service for our e-mail. This is Microsoft’s competing product line with Google’s Apps for Education service. There were many reasons why we chose the Microsoft service which I won’t get into here, suffice it to say, that was the decision that was made.
While I don’t use the web interface all that much, when I do use it on Safari 5 for the Mac, I have noticed an oddity. After you login to the system and do whatever you plan to do that session, to logout you should click the “Sign Out” link. Seems standard enough, right? Well, not exactly. On Safari on the Mac I have noticed that I get an error when the signout process is attempted. When testing Firefox 3.6.11, I found I wasn’t receiving the error screen and the signout process completed successfully.
After delving more into this it turns out that the problem is third-party cookies. The default settings in Safari are very restrictive. They are also all or none. There is no exception list to the privacy settings for browser cookies in Safari, unlike Firefox. Also, it turns out that if you change the settings in Firefox to match the restrictive settings in Safari you get the same error screen.
In order to find out what site was causing the problem I cleared all the cookies for Safari, then enable the setting to always allow cookies. After comparing the list of cookies that were set, I found one listed for the domain passport.com that did not show up in the cookie list when Safari is set to accept cookies only from sites that I visited.
Further investigation using the Live HTTP Headers add-on in Firefox revealed the following for that domain:
http://loginnet.passport.com/ThirdPartyCookieCheck.srf?ct=1287943985
GET /ThirdPartyCookieCheck.srf?ct=1287943985 HTTP/1.1
Host: loginnet.passport.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://login.live.com/logout.srf?lc=1033&nossl=1&lc=1033&ru=https://login.microsoftonline.com/login.srf%3Flc%3D1033%26ct%3D1287943985%26rver%3D6.1.6206.0%26id%3D260563%26wa%3Dwsignoutcleanup1.0%26nossl%3D1%26wreply%3Dhttps:%252F%252Foutlook.com%252Fowa%252F%253Frealm%253Dvaldosta.edu&id=12&wa=wsignout1.0
HTTP/1.1 302 Found
Connection: close
Date: Sun, 24 Oct 2010 18:13:05 GMT
Server: Microsoft-IIS/6.0
PPServer: PPV: 30 H: BAYIDSLGN1F57 V: 0
Content-Type: text/html; charset=utf-8
Expires: Sun, 24 Oct 2010 18:12:05 GMT
Cache-Control: no-cache
Pragma: no-cache
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Set-Cookie: MSPP3RD=2832116359; domain=.passport.com;path=/;HTTPOnly= ;version=1
Content-Length: 0
Location: http://loginnet.passport.com/ThirdPartyCookieCheck.srf?tpc=2832116359&lc=1033
----------------------------------------------------------
http://loginnet.passport.com/ThirdPartyCookieCheck.srf?tpc=2832116359&lc=1033
GET /ThirdPartyCookieCheck.srf?tpc=2832116359&lc=1033 HTTP/1.1
Host: loginnet.passport.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://login.live.com/logout.srf?lc=1033&nossl=1&lc=1033&ru=https://login.microsoftonline.com/login.srf%3Flc%3D1033%26ct%3D1287943985%26rver%3D6.1.6206.0%26id%3D260563%26wa%3Dwsignoutcleanup1.0%26nossl%3D1%26wreply%3Dhttps:%252F%252Foutlook.com%252Fowa%252F%253Frealm%253Dvaldosta.edu&id=12&wa=wsignout1.0
Cookie: MSPP3RD=2832116359
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Sun, 24 Oct 2010 18:13:06 GMT
Pragma: no-cache
Content-Type: image/gif
Expires: Sun, 24 Oct 2010 18:12:06 GMT
Server: Microsoft-IIS/6.0
PPServer: PPV: 30 H: BAYIDSLGN1F50 V: 0
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Content-Encoding: gzip
Vary: Accept-Encoding
Transfer-Encoding: chunked
Continuing the investigation, I decided to force Firefox to ask me about each cookie that was going to be set. This makes a dialog show up for each cookie attempt giving me the option to deny it, allow it only for the current session, or always allow. After walking through the tortorous process of a complete login/logout session, it turns out that two cookies are being set for the domain passport.com with each of them set to expire at the end of the session. More detail on the cookie can be seen in the screen shot of the cookie detail (provided by the plugin Add N Edit Cookies) shown below:
So, the next step was to fire up my VM and see how all this worked on the Windows side of things. I figured that since we had not been deluged with user requests concerning this that the browsers on the Windows side of the equation were handling it all differently. Firefox on Windows is configured out of the box just like Firefox on Mac OS X. So, as I expected the operation was the same as well. If you allow for third-party cookies, then it works fine, if you don’t then you get the error screen.
The interesting development is the settings for Internet Explorer. Bear in mind that I am using Windows 7 and Internet Explorer 8, but the settings should be fairly similar on Windows XP and between versions 7 and 8. The default setting in IE8 is to all third-party cookies, but (and this is the key) only if they have a compact privacy policy (P3P). This is the setting that makes the big difference.
It turns out that neither Firefox nor Safari support P3P headers by default. In fact there doesn’t appear to be any support for them in Safari at all. Configuring Firefox to support them requires some advanced editing of the main configuration file.
I haven’t found any adverse effects to the workings of Outlook Live when using Safari, but it is rather annoying that this occurs.
References
After my recent iPad acquisition, I realized that now I need a new bag to carry it in. Normally I use a large Healthy Back Bag, produced and sold by AmeriBag. Unfortunately, the iPad’s shape doesn’t lend itself to being carried in the teardrop-shaped bag. I have narrowed down my choices, and there are oh so many of them, but now I need some help from you, gentle reader. Each of the images below are linked to the product information page on the bag.
Ristretto for iPad by Tom Bihn
The Imago – A Laptop Messenger by Tom Bihn
The Australian Vertical Messenger by Bellino
Scout Extra Small by STM Bags
Distressed Leather Unisex Bag by David King and Co.
Recently we acquired a new firewall to place in between our datacenter and the rest of our network. This is a fairly standard security procedure used to isolate the servers from the rest of a network that can be loaded with all kinds of nasty spyware, malware and viruses, not to mention really nifty people that want to violate the security of the data.
Security is a two-edged sword for many systems folk. Firewalls are really great security tools, yet they can also get in the way of nice tools that provide access into the servers for remote administration.
Prior to the placement of the new firewall, I often used XDMCP sessions to access my unix servers from the comfort of my office, rather than traipsing to the data center to use the console. While these servers do have iLOM ports, there are some interface issues that make their use less elegant that I would wish.
After the new firewall entered the equation, I found that my normal XDMCP setup using Xephyr on my iMac no longer worked for some reason. It appeared that some of the rulesets were blocking either the particular TCP or UDP traffic necessary for the communication to work. Rather than worry our firewall administrator with troubleshooting the issue, I decided to find another way in via ssh.
It turns out that I could easily tunnel an X11 login session through an ssh session. Given that I have sshd configured to allow for TCP forwarding I was able to use an Xnest session that was initiated after logging in via ssh. Here’s the process I used:
First you need to initiate the ssh session while enabling X11 TCP forwarding. Depending on your particulars this can be done by one of the following commands:
bash-3.2$ ssh -X server.example.com
bash-3.2$ ssh -Y server.example.com
The next command is executed on the server, but the X11 session is actually running under the X11 installation on the local workstation:
So this morning I fired up my iMac at work to continue on with editing this PHP form I have been working on. Now I usually use TextMate for my daily editor, since it is very lightweight.
Since I hadn’t actually created a TextMate project file, I just selected all the files and opened them using “Open With” in the context menu. Now normally I ignore the fact that I see the Opera browser listed in the menu, but now I saw it twice. I decided to find out where they live.
Turns out that the most updated versions of Adobe Device Central CS4 and Adobe Bridge CS4 contain Opera in the application package bundles. Opera version 9.27 is inside the Adobe Bridge CS4 application bundle while Opera version 9.20 is inside the Device Central CS4 application bundle.
I can understand why Adobe might need to ship Opera inside their application bundles to make their apps work, but I really wish that the Mac OS wouldn’t see them as usable outside the Adobe usage.
For those of you who are in the iPhone developer community or just are just geeky enough to pay for the developer program in order to get a sneak peek on your friends, I thought I would let you in on some information I received from Pandora concerning problems with the Pandora Radio application and the 3.1 beta.
I noticed that after updating to 3.1 Beta I was no longer able to access my Pandora Radio application. The application would run, but eventually I would get an error screen that told me it couldn’t connect.
After trying various troubleshooting techniques on my own I e-mail Pandora support. Mike at Pandora gave me an extended set of instructions to follow:
In particularly stubborn cases, in addition to deleting Pandora from your iPhone, you may also have to:
delete Pandora from the iTunes list of Applications on your computer (it’s an option in iTunes from the list on the left, below Music)
sign out of the iTunes Store (click your iTunes Store sign-in information, usually an email address, in the upper right of the screen and select ‘sign out’)
re-sync your iPhone within iTunes
then sign back in to the iTunes Store (again, in the upper right)
re-sync your iPhone one last time
Then re-install Pandora, either via the App Store on your iPhone, or via iTunes on your computer.
After trying all of that, the application would still not talk to Pandora’s system. I then tried the drastic step of doing a factory restore on the iPhone using the 3.1 Beta download as the firmware. This still didn’t help much.
After reporting all of this back to Mike at Pandora, I received the following reply via e-mail:
Hi Andy,
Sorry about that. We’re aware of this issue with the app not working with the 3.1 OS and we’re hoping this is solved in our next release. Thanks so much for your patience in the meantime!
Best,
Mike @ Pandora
While this was not unexpected, given that I am running a non-production release of the OS, I was quite gratified to find out that they were aware of the issue and working on it. There have been other times where support personnel have told users “Sorry, we can’t help you because you are running our software in a non-standard environment.” Kudos to Pandora for not reacting that way and for giving a meaningful response.
Update (2009-07-14 11:52PM EDT):
After updating to Beta 2 of OS 3.1 tonight Pandora Radio is now working again.
In WordPress the editing section of both Posts and Pages uses TinyMCE. TinyMCE is a Javascript-based WYSIWYG editor that is used in a myriad of web applications and platforms. It works by converting HTML Textareas or other elements into an editor for the user. TinyMCE is very extensible by using plugins to extend the functionality from the default setup. There are quite a few commercial and free plugins available.
At my current job I am working on a project with a fellow WordPress fan, Joe Searcy, to convert from Adobe Contribute as our web-publishing platform to WordPress MU. There are a number of education folks out there using both single-player WordPress and WordPress MU to manage the website for their institutions.
One of the challenges as an institutional webmaster is having to reign in the users so that they will not create content that is tremendously ugly and makes your eyes bleed, yet you also have to give them a certain amount of editorial and visual control so that they don’t feel like their freedoms are being stepped on.
The Adobe Contribute engine with the use of the Contribute Publishing Server made this fairly easy with the role-based administration. As the webmaster, I could limit what things the users could do in regards to the styles that they can apply to the webpage content as they create and edit it.
While WordPress MU roles don’t give you the ability to turn off certain functions, such as changing the forecolor of text in a post or page, this is easily controlled by editing the configuration files that implement the TinyMCE editor.
The file is the same in a standard install of both single-player WordPress and WordPress MU. Here’s the directory tree showing the location of the file we need to edit:
In this file you need to look for a function entitled
function wp_tiny_mce
The section of code that handles the arrangement and appearance of the buttons will be around line 1221. Here’s the code from a unmodified WordPress MU that handles the TinyMCE buttons when “Showing the Kitchen Sink”. This code allows a user to change the forecolor (aka textcolor):
This is the code for the second row of buttons. There are also variable for a third or fourth row of buttons, but they are not currently used.
If you wish to remove the ability to change the forecolor (aka textcolor) when creating or editing a post or page then make the code look like this by removing the text shown above in red:
If you notice, all the was removed was the array entry for forecolor. The same methodology can be applied the the other buttons that are shown in the TinyMCE bars.
Be careful what you remove in this file, since it controls the posting mechanism for both pages and posts. Also, the changes are not role-based, so the apply evenly to everyone, including administrators.
For those of you who are into browser plugins, you may have run across a plugin called Inquisitor. According to the website, Inquisitor:
speeds up your searches like no other
While this may be true after several searches I determined that I wanted to go back to using the default Safari search plugin features instead. Unlike the XMarks plugin, the Inquisitor plugin doesn’t come with an uninstallation script. The Inquisitor FAQ lists the following instructions on removing the plugin for Safari on Mac OS X:
Navigate to your hard drive device
Select the “Library” folder
Select “InputManager” folder
Delete the “Inquisitor” folder
Restart Safari
My experience with this was not quite as nice as the FAQ would lead you to believe. The main issue was that I had to actually logout of my user session before the bundle was released and could be emptied from the trash.
The second issue I had with the instructions was that they are incomplete.
Like many software developers on the Mac, David Watanabe, did not provide a complete uninstaller for the plugin, he just told you to go delete a few files. I find this a very poor practice when writing software. If you installer writes files and preferences to particular locations, then you should provide an uninstallation routine that removes those files.
After some searching, here is a list of the files that you need to remove in order to completely expunge Inquisitor from your system:
However, since this is a plugin for Safari that gives you options to configure, you should also take the time to remove the entries added to the Safari plist file. The plist is named com.apple.Safari.plist and is stored in the /Users/username/Library/Preferences/ directory.
Here are the entries to remove from the plist file:
kInquisitorAutocomplete
kInquisitorBeaconEnabled
kInquisitorNumberOfResults
kInquisitorNumberOfSuggestions
kInquisitorOrdering
kInquisitorRepairDefaultShortcuts
kInquisitorSearchHistory
kInquisitorSearchSitesA
kInquisitorSearchSource
kInquisitorShowSearchViewA
kInquisitorVersionCheck
Due to expenses and performance issues, not to mention the massive outage and data loss that occurred in May of 2009, I have decided to move on to a new hosting solution for arfore.com and the other sites I host.
After doing some research into what others are using as well as the cost involved, I decided to migrate to AN Hosting.
AN Hosting got started as a two-person operation in 2001. In 2005 they were bought up by Chicago, Illinois-based midPhase Hosting. Their hosting plan was pretty reasonable. It compares nicely with the cost of my MediaTemple (gs) account. One of the great things about it was the cost. Since AN Hosting plans are paid for in advance (either 12 or 24 month plans) you get the same services for less than half the cost of the MediaTemple account.
The control panel that AN Hosting uses doesn’t have quite the same visual polish that the MediaTemple Control Center has. They both use CPanel, but the interface with MediaTemple is much slicker in comparison. The only real gripe I have so far with the AN Hosting Cpanel is that I can no longer directly control all aspects of the DNS Zone files the way I could before. You still have the ability to create MX records, but the other aspects of DNS are handled by the sysadmins. This is a fairly small issue.
As I get further into the hosting I will write a fuller comparison of the systems and any potential shortcomings that I see.
UPDATE (2009-04-26 7:06PM EDT): Apparently I was mistaken. When poking through the preferences of ClamXav in order to restructure my watch folders, I noticed a checkbox that I had overlooked. Apparently you can add the login item from within the main application. However, it still doesn’t start the Sentry app when adding the item. You have to manually click the “Save settings & Launch Sentry” button.
Recently I have bowed to the necessity of installing antivirus software on my Mac, both at work and at home.
In investigating the possibilities I decided to try out the open source antivirus solution ClamAV. While I tend to gravitate towards commercially supported security products when possible, I currently don’t have the extra money to spend on the Intego VirusBarrier product, and the budget at work is quite strained, as are budgets for most people.
I like the ClamXav frontend for the ClamAV engine. I know that I can do all the scanning functions from the command line, but I am fan of gui frontends do to the fact that they are often more user-friendly.
The ClamXav is a nice frontend. The only problem I have with it is that there is inherent mechanism to launch the sentry program at user login. The ClamXav Sentry application is contained in the Resources section of the Contents of the ClamXav application bundle. Below are the steps to add the application as a login item.
Adding ClamXav Sentry as Login Item
1. Open System Preferences from the Apple Menu
Open System Preferences
2. Open Accounts Preference Pane
System Prefences
3. Select Login Items
Login Items
4. Click the Plus sign button at the button of the Login Items list.
5. When the dialog window comes up, hit the Command + Shift + G keyboard combo.
6. In the window type the following:
/Applications/ClamXav.app/Contents/Resources/”
then click the Go button.
Enter the file path to the Resources of the ClamXav bundle
7. Select ClamXavSentry.app from the list and click the Add button.
Select the Sentry app
8. Congratulations, you have successfully added the ClamXav Sentry as a login item.
Login Item Added
I also wrote an Applescript application that will add the login item for you. The benefit of using my utility is that it launches ClamXav Sentry after adding the login item. You download a zipfile containing both the application and script file.
I just got finished reading Stealing MySpace by Julia Angwin. In it there was this great conversation about the firing of Ross Levinshohn by Peter Chernin, the soon-to-be former COO of News Corps. Here it is:
“You’re not happy, are you?” Chernin said. “No, I’m not,” Levinsohn agreed. “This isn’t working out, is it?” Chernin said. “No, it’s not,” Levinsohn replied. “We should probably part ways,” Chernin said.
“Yes,” Levinsohn replied.
That’s just awesome. I wish I could make it work like that the next time I have to fire someone.
Ref: Stealing MySpace, p. 234.
Today I picked up one of the new dual-band AirPort Extreme base stations at Best Buy. The reason behind the purchase was so that I could use 802.11n for my iMac and Apple TV while using 802.11g for my iPhone, since this should give me the best wireless throughput for my shared files to the Apple TV.
After getting the DHCP, PPPoE, WiFi and network security configured to mimic the settings of the Linksys router that I replaced, I thought I was through, but then I realized that I still needed to configure an ACL to implement MAC filtering. For those who don’t know, a MAC filter on a typical router lets the admin control which devices will be allowed to talk to the router.
While there are some people who say that having both WPA2 encyrption as well as MAC filtering is unnecessary, I decided that I wanted to do both, since I am allowing the SSID to be broadcast for the convenience of visitors.
On my last two Linksys routers (a WRT54G and a WRT160N) this was simply a matter of checking a box and entering the allowed MAC addresses into a table. On the AEBS it require a little more work.
Necessary items
an Apple AirPort Extreme base station that is properly configured for your network
AirPort Utility
a list of the MAC addresses for the allowed devices
Step 1
Open AirPort Utility. On the main screen, double-click on the connected AEBS listed in the column on the left side of the window.
Main screen for AirPort Utility
Step 2
In the configuration screen that comes up, click on the Access options.
Change the default setting for MAC Address Access Control from the default to say Timed Access.
Airport utility access configuration set to Timed Access
Step 4
In the configuration pane click on the default entry, then click the Edit button. This will bring up the Timed Access Control Setup Assistant window.
In the Timed Access Control Setup Assistant window click in the drop down menu that currently reads Everday and select No Access from the list. This will make sure that any computer or device with a MAC address that is not in the list will be denied access to your network. Then click the Done button to save your changes.
Timed Access Control Setup Assistant for default rule
Step 5
Back in the access configuration screen, click on the plus sign in the left below the list of devices. This will bring up the Timed Access Control Setup Assistant window that allows you to add new devices.
In the MAC Address field you will need to enter the MAC address (aka ethernet address, hardware address, ethernet id, etc.) for your device. (Hint: If you are doing this for the computer you are currently using just click the This Computer button.) If you want, you can add a description for each device as well. I use the devices hostname when appropriate.
Then change the time frame that the device is allowed to connect if you need to restrict it to something other than the default of Everday/all day.
When you are finished just click the Done button to save your changes. Repeat this step for each device.
Timed Access Control Setup Assistant add device dialog
Step 6
After adding all your devices you should have a screen that looks similar to the below. (Note: I have obscured my MAC addresses to protect the innocent.)
Airport access configuration screen completed
Step 7
If you have added all your devices and you are sure you are finished, just click the Update button. This will save your configuration changes and restart the AEBS.
Final Notes
Understand that like the Linksys MAC filter, this only affects devices that are connecting over the wireless network. This is useful since it gives you an avenue for fixing any problems that you have run into. Also, if you run into a problem so extreme (pardon the pun) that you need to perform a hardware reset of the AEBS, follow the instructions in the Apple knowledgebase article Resetting the AirPort Extreme Base Station (Article No. HT1406).
Recently I was tasked to install the Nagios add-on NRPE on two OS X 10.5 servers.
I read a little on the ‘net about it, but no one actually had much in the way of a walkthrough, so I thought I would fill the void.
The basic steps involve compiling the NRPE source, but doing so involves altering some of the code.
Continue reading
Fringe, a new series on the Fox network that is using a new format Fox dubs Remote-Free TV.
The episodes are longer than your average sitcom. The Wikipedia entry on the show states that this series will have less commercials and promos.
While this is true, one of the interesting bits is that before each commercial they tell you how many seconds should pass before the next segment starts.
Another interesting aspect of the series is how they identify each location during the episode. Often shows just print plain text on the screen, however in Fringe they use 3D text on the screen and it is oriented differently depending on the scene.
The concert was at Chastain park Amphitheatre in Atlanta, GA, Saturday, September 13, 2008.
The venue was pretty packed. It was interesting that a large contingent of the handicapped spaces were parallel parking.
I should have taken a real camera with me since the iPhone’s camera was unequipped to handle the lighting situation. Missy Higgins was the opening act. It was great to hear some of the old songs, as well as three new tracks from the new album which is set to be released in February 2009. They gave us the actual names of two of the new songs, but not the third one, which they said had only been played six times previously.
Emily made a comment that it was really great to play on stage at Chastain, where she had attended quite a few concerts herself. They also sang Happy Birthday for Marie, one of the friends of Amy’s nephew, who was attending her first concert at Chastain.
Kameron Daio Beepath was born at 6:18p.m. on Wednesday, January 16, 2008. He had a birth weight of 3 lbs. 13.8 oz. Mother and baby are doing fine, but now the fun really begins for the dad.
Here’s what the proud papa had to say last night in an e-mail
He comes to us a full month ahead of term because he was tired of being cooped up and just wanted to use the bathroom. First he peed on the delivering doctor, and again on the tech when she placed him in the scale.
Over the past several years I have begun to wonder if the trend towards all things new, online and electronic is really better than the non-electronic analog.
There are many areas where the electronic version has eclipsed the original analog format, and others where the electronic version is making serious attempts to usurp the existing analog.
I decided that I would write a series of articles discussing this trend and my personal take on various changes that have occurred. I call these articles the New Tech Series, since they will generally be pitting a new technology version against the traditional analog.
Many newspapers around the country have embraced what many people have referred to as the Information Age. The current era has also been referred to as the Connected Age:
The Information Age is the age of the knowledge worker. The Connected Age is the age of the web worker. Knowledge workers create and manage information, massaging it into intangible knowledge goods. Web workers create and manage relationships across knowledge goods, hardware, and people.
– From the Information Age to the Connected Age, GigOm
In the beginning this was done merely by having a website where you could view additional content that was unavailable in the print editions due to editorial constraints, be they size, content, or otherwise. The newspaper website was also seen as a source for additional advertising revenue, which has been the profit mechanism for most newspapers.
Then as the Internet become more common place, newspapers and magazines started to produce content solely for the online editions.
As the trend towards regular access to the Internet continued, it became clear that a certain segment of the market had ceased to read the print editions, indeed, many young people never started reading the newspaper in print at all. It was also clear that for the newspapers to keep up with the social and economic trend that they would have to shift their attitudes to the distribution of the news to match the reader.
This is particularly noteable with the Atlanta-Journal Constitution (AJC). In February of 2007, the AJC decided to cut a large number of jobs, offer buyouts to many other employees, and drastically reduce the distribution area for the print editions. This was done to ostensibly adjust to the new ways that news is being viewed today:
The changes come as the Atlanta paper, like other newspapers, adjusts to major shifts in news consumption and advertising spending on the Internet.
– Ga.’s Largest Newspaper Offers Buyouts, cbsnews.com
While I agree that shifting attitudes towards the distribution of news and the way it is being consumed does require some changes, I wonder if the online format is really better.
I like being connected to the news, even more I like being connected in general. I carry a smartphone that checks my corporate e-mail every 15 minutes, I carry a pager and I use text messaging for alerts and to keep in touch with my friends. I have an account on most of the major instant message services and I even have a blog. In fact I would say that I am one of the more connected and online people in my social group.
Despite all of this, I worry that there are some points of value that are being overlooked as we make the headlong rush to placing everything online. From a journalistic standpoint the content may be the same, and yes, online newspapers often give new opportunities for engaging advertisements that just can’t be put into a print edition. What I find missing is the other value that comes from a print newspaper.
When I go to the barbershop on Saturdays, I often have to sit and wait. What do I do with this free time? Do I pick up my smartphone and surf the Internet? Do I check my e-mail? No, I sit there patiently in my chair and read that morning’s paper. Occassionally I will engage in conversation with the other people in the shop, especially when there has been something interesting going on, such as UGA beating the University of Florida. Can you easily sit in you chair in the barbershop and read the online edition of the AJC? Maybe in your barbershop, but definitely not in mine.
But beyond the value of the feel of the newsprint in your hand, there are what could be referred to as value-added services that we derive from a print edition:
the older papers can serve as packing material for shipping gifts
they can be used as kindling to light a fire
they can be used to put down on a table or other surface to protect it from paint
they can be folded into hats and boats to entertain your friends children (or your own)
None of the above can easily be done with the online edition of a newspaper, unless of course you are willing to print it out first.
Is an online newspaper really better? Post a comment and let us know your opinion.
When reading an article from ScienceDaily that was referenced on Slashdot, I noticed that at the end of the article there was an option to copy a citation reference for either the MLA or APA style. At first I thought that this might be unique to that particular article, but then after more investigatio, it turns out that this is a standard feature.
This quite nice for people using this site as a source for their research. I wish that this was a trend that more online news outlets were taking. For instance, it would be great if the Atlanta-Journal Constitution would do this, since you can no longer purchase the AJC in it’s traditional format in Valdosta due to having drastically cut its delivery area recently.
On December 18, 2007, the latest release of the Blade Runner movie will be out. The Ultimate Collection is going to come in a scaled down imitation of the briefcase that Deckard uses in the film.
It is going to have not only the new edition, Blade Runner: The Final Cut, but also includes the original theatrical release, the international version, and the director’s cut.
When reading the review of the screening of the newest version on SFFMedia, I was somewhat disappointed to see that one of the things they did was to extend the violent sections. Having seen the international release that had more of that content, I can honestly say that I don’t see where it enhances the film any.
It is nice to see that they are going to fix some of the problems that were in the director’s cut. There was a really bad audio sync issue in one scene, and a scene that was completely missing Deckard’s voice over.
References:
While watching Shark tonight I saw a commercial for the new Dyson root 6 handheld vacuum cleaner. The commercial was pretty cool. It showed the vacuum cleaner being built, in a Lego-like fashion.
Aside from the coolness of the commercial itself, it occurs to me that the design of the root 6 is quite similar to some of the designs I have seen for leaf blowers. Maybe Dyson needs to look into building a line of outdoor products next.
Everyone wanted DRM-free music and EMI partnered with Apple to make it happen.
Now apparently it’s not being done right. Of course, we all knew that the account holder name and associated e-mail address was being stored in the DRM encrypted tracks. But somehow everyone seems to think that Apple was going to just cease to embed that because the song was DRM-free.
Ars Technica has a story up on this.
I wouldn’t be surprised if some data was being analyzed in aggregate, although Apple’s current privacy policy does not appear to allow for this. As with the dust-up over the mini-store, Apple should clarify what this embedded data is used for.
Give me a break. Sure, if the privacy policy states that Apple isn’t going to use the data for purchase analyization, then fine. But I would be willing to bet that the author of the story has at least one of those grocery store cards, or a gas station card, or even a driver’s license, that contains some sort of barcode or mag stripe on it. What exactly do you think the stores do with all that data on your purchasing habits? They analyze it for trends of course.
Chicken Little, the sky is not falling.
Another day, another off the wall saying.
So my father used to use the phrase “You Can’t Roller Skate In A Buffalo Herd” all the time when I was growing up. Until recently I never really cared what the origin was, I used the phrase and went on.
Recently, however, the subject of my unusual phrases came up at a luncheon for one of my student assistants that had just gotten a new job as a full time staff member in another department.
So, here’s the origin. The phrase comes from a song by Roger Miller entitled, strangely enough, You Can’t Roller Skate In A Buffalo Herd. For the complete lyris visit .
Many of us have played online games. Even more of us play them with the intent of socializing during the game with our fellow players.
However, there is another group of online gamers, the mute ones.
Ars Technica’s Opposable Thumbs journal has an interesting post concerning the online gamer segment that just wants to play against a human. They don’t have any interest in interacting outside of the regular game play itself.
I wonder how many gamers there are out the like this. Is there a market for a service that caters to those who only use the online games and online components to garner non-AI opponents?
From the Ars Technica story:
A Michigan man is being prosecuted for using a cafe’s free WiFi… from his car.
The Michigan law apparently bars you from accessing someone else’s network without their explicit authorization.
Seems to me that this is really getting out of hand. Where’s the law that says that the owner of the network has to secure it to prevent unauthorized access? Given the ease with which you can secure a network and still allow your customers access when they wish, I would think that this is a no-brainer.
Also, is there a law that says I can’t stand on the street corner, on the public sidewalk mind you (because I would hate to get arrested for loitering), and use the street lamp that the store is paying for to read a newspaper or book? Isn’t that unauthorized use of their electricity?
So apparently I am just way behind the times.
According to a news story at WashingtonPost.com, one girl ran her family Verizon Wireless bill to the tune of $1,100.
When I last upgraded my phone, about a month or so ago, the Cingular rep asked me if I wanted to add text messages to it. He seemed real surprised when I told him that I sent and received a total of 10 or 12 messages per month.
When you setup a website to be managed by Contribute, the name that shows up in the client for the connection description is generated from the text of the title tag of the index page of the website.
For setups where you are only managing a single site, this may not matter, but if you have a system where you use a development server and a production server, you may want the connection string to depict which server the user is editing and publishing to.
In order to change the text of the description you have to alter some text in a few files on the CPS management server.
In the installation directory of CPS, there is a database directory. This is the location of the files that are specific to the individual websites that are being managed.
The files in each site being managed are in a directory that is “numbered”, the number relates to the numerical order in which they were set up. If you remove a particular site, the numbers are not reused.
In each of the site directories there is a file named:
This file, in XML format, contains a
tag. The attribute
is the text that shows up in the Contribute client on the start page.
Once this is updated and a user logs into the Contribute server, the client connections are updated.
While this may be enough on it’s own to effect the change desired, the original name is still referenced in the cthub file for each individual site. I changed the name in both locations for completeness.
AWStats is a great open-source stats analyzation program.
In the process of setting up a replacement webserver at VSU I was investigating the replacement of analog, another nice open-source stats program.
The problem with analog is that the people requesting stats were confused by the technical output. These people aren’t computer folks, they just want to know who or what or when the pages they maintain are being visited.
The default setup of AWStats is fairly easy to accomplish, but if you want to generate separated stats on individual directories off the web root, then it takes a little know how.
In the configuration file for AWStats, there is a section that allows you to limit the processing to a given set of files. Interestingly enough the variable controlling this is called OnlyFiles. The relevant section of the default configuration file is:
# Include in stats, only accesses to URLs that match one of following entries. # For example, if you want AWStats to filter access to keep only stats that # match a particular string, like a particular directory, you can add this # directory name in this parameter. # The opposite parameter of “OnlyFiles” is “SkipFiles”. # Note: Use space between each value. This parameter is or not case sensitive # depending on URLNotCaseSensitive parameter. # Note: You can use regular expression values writing value with REGEX[value]. # Change : Effective for new updates only # Example: “REGEX[marketing_directory] REGEX[office\/.*\.(csv|sxw)$]” # Default: “” #
OnlyFiles=””
What you have to do is to change the value to the regular expression that represents you desired subset. For instance if you wanted to limit the stats generation to the directory foobarbaz then the particular string would be:
OnlyFiles=”REGEX[^\/foobarbaz]”
In order to make this work without keeping you from obtaining stats for the entire site as well you will need to duplicate the master configuration file for awstats and alter the entry as stated above. Make sure the provide a unique name for the config file, such as:
awstats.foobarbaz.conf
At VSU, we are implementing the Adobe (formerly Macromedia) Contribute Publishing Server and CMS.
This is a two-piece system that involves a client-side component (Contribute) and a server-side component (CPS).
We are running this on a Linux server, so we needed an easy way to start the service up should a system reboot occur.
Now Macromedia included a very simple shell script that made a call the included OEM Jrun binary to start the server. The only problem is that it had no facility to plugin to the chkconfig tool that can be used to manage services in the various runlevels.
So I wrote a very simple one:
#!/bin/bash # # CPS Startup script for the Macromedia Contribute Publishing Server # # chkconfig: 2345 80 20 # description: The CPS is the backend to manage the Macromedia Contribute CMS. # processname: jrun -nohup -start contribute-wps
# pidfile: none noticed
# Source function library.
. /etc/rc.d/init.d/functions jrun=${JRUN-/usr/Macromedia_CPS/jrun4/bin/jrun} prog=CPS lockfile=${LOCKFILE-/var/lock/subsys/macromedia_cps}
# See how we were called. case “$1″ in start) start ;; stop) stop ;; status) $jrun status ;; restart) stop start ;; *) echo $”Usage: $prog {start|stop|restart|status|}” exit 1
esac
Note that the lockfile referenced was an invention on my part, since the standard startup of jrun included with CPS doesn’t appear to create either a standard lockfile or pidfile.
After creating the file in /etc/init.d directory, you will need to run the following command:
This will add your new script to the service list maintained for use with chkconfig. At this point all the standard chkconfig commands can be used to manage this.
For more on chkconfig check out the chkconfig online man page at LinuxCommand .
In the process of troubleshooting the LDAP user problems I was experiencing I found that by default the logging of info and debug messages is turned off by default for the OEM jrun install that is part of Contribute Publishing Server 3.11.
In order to enable these logging levels you have to edit the sevrer configuration xml file. This file should be located in the configuration directory of your jrun4 server’s WEB-INF folder.
The name of the file is:
Open this file in your favorite editor and look for the following section:
By default the logger is only set to show error messages. This section also shows the location of the error logs and the output logs.
Note, that enabling this you will get larger log files, since this will log all connections to the LDAP server by the Contribute client(s) that you have installed. You may find it necessary to open the admin console and set a max log file size to control this.
One of the annoyances I have found with the Contribute Client is that in the Administration interface section, when adding a user, the menu of roles is not sorted for you. The list that appears when you reassign a user or when you create a new role, is sorted for you.
Each time that a new role is added, the client updates the hub file, adding the new role to the end of the list.
In investigating this I found that the hub file is just an XML file. This file is stored in the root _mm folder of the website that you are managing. Note that this file is connection specific, so if you are managing multiple websites, the location of this control file will vary. And if you are managing a large deployment by having multiple sites with a single directory structure, you will have a different _mm folder and hub file for each site, even though they are physically on the same server they are treated differently by the logic of the software.
In June of 2010, Valdosta State University transitioned to using Microsoft’s Live@EDU service for our e-mail. This is Microsoft’s competing product line with Google’s Apps for Education service. There were many reasons why we chose the Microsoft service which I won’t get into here, suffice it to say, that was the decision that was made.
So this morning I fired up my iMac at work to continue on with editing this PHP form I have been working on. Now I usually use TextMate for my daily editor, since it is very lightweight.
Due to expenses and performance issues, not to mention the massive outage and data loss that occurred in May of 2009, I have decided to move on to a new hosting solution for arfore.com and the other sites I host.
