O2 iPhone 3GS - WTF

**** DISCLAIMER ****
This post contains profanity (lots of), reminiscing, dream sequences and full frontal male nudity.
One of the previous items was a lie. You decide if you want to take that chance.



Well O2,
it looks like you've done it again. You've gone back to being an incompetent lumbering giant in a marketplace that rewards agility.

I can't actually believe that you don't want to take my money for a longer period of time, I'd gladly sign up to a rolling 24 month contract if every time the new release of the iPhone is made available. You really don't get apple fans do you? You saw how good the hardware/software was, how EVERYONE and their dog has or wants one and you decided to royally screw them.

Never mind the fact that it wasn't just going to be my iPhone contract that you would be getting extended, it was my wife's, several of my colleagues and I was -> <- close to recommending that we use the iPhone and the O2 network in the company I work for, for all the sales, pre-sales and marketing staff.

Needless to say that this won't be happening with your current policies of screwing the customer.

If that wasn't bad enough you want to charge an extortionate amount for tethering ability. Yes I do class a doubling of my monthly bill extortion, if I have my laptop with me I'm not likely to be using the data connection on my phone. Now you can pretty much bet that I'll be streaming youTube videos all the live long day, hell, I might not even WATCH them.

Somewhere in my mind I think the conversation between O2 and we went something along these lines

~~~~~~~~~~Wavy Lines for Reminiscing~~~~~~~~~~

2 YEARS AGO:

O2: Hello Customers Me: Hello O2, two shiny iPhones please.

O2: That will be £600 and £80 per month for 18 months

Me: Okay, that's great, thanks.
Me: Yay, iPhone baby, shame it's only 2G but fuck it, I've got an iPhone

LAST YEAR:

O2: Hello Loyal Customer
Me: Hello O2, another two shiny iPhones please.
O2: Thanks for trusting us with an important purchase, here, have this iPhone "free" and have this one substantially discounted. I'll just extend your contract out starting today
Me: That's great, I don't mind that at all as the cost to me directly is largely invisible and I don't mind giving you money each month
~~~~~~~~~~End Reminiscing~~~~~~~~~~

~~~~~~~~~~Future Dream Sequence~~~~~~~~~~

SOMETIME IN THE NOT TOO DISTANT FUTURE
O2: Hello You Gullible Shithead Fucktard
Me: Wait, Something's not right here, this doesn't normally start like this?
O2: That's right, I've decided to stop taking your crap
Me: But I give you CASH MONEY EVERY MONTH for you to take my crap and let me use your service, I think that's how capitalism works, right?
O2: Yeah, that's largely how it goes, but we've decided to really fuck you over this time, we know you paid for your first iPhone, then we got you hooked on 3G and going faster
Me: Yes, and I want to continue this trend, and the trend of giving you money for this service
O2: We know that, but we also know that you *really* want this new one with the compass and the camera and the "ooooh shiny"
Me: Okay, let's just gloss over this, say I want to use my laptop with me as well.
O2: That's another £30 a month for, realistically, a limited service.
Me: Wait, what? I PAY you for data already, and it's not a small amount either!
O2: Yeah, well, too bad. Fuck You.
Me: You know something, I actually wouldn't have minded but saying as you don't want to play ball with me, you obviously don't want my money and you don't want my recommendations to all my friends that O2 are actually pretty good to deal with.
You see, I'm not a silent complainer, I'm not a silent complimenter either. If I like your product, and your company I WILL tell people. People that make decisions about where to spend money. But on the otherhand, if you or your products piss me off I've got a fairly loud voice and I like to shout.

Me: @O2 Your silence is deafening. You were very noisy on WWDC day but strange, I can't hear anything now...

~~~~~~~~~~End Future Dream Sequence~~~~~~~~~~

O2 really haven't thought this through at all, they must realise by now that the iPhone has a 12 month lifecycle but they decided they want an 18month contract. This doesn't work unless you play ball with your customers and let them roll it over, which the majority of them will gladly do.

I Hope someone from O2 reads this and passes it to the appropriate people, you've really gone and fucked yourselves. I hope you are ready for the backlash. http://search.twitter.com/search?q=o2fail kinda puts it in perspective at a quick glance to see how badly you've screwed up. I don't think it's going to get much better either as today goes on.

so O2, to sum up:

Fuck You.
Fuck You Very Much.

Directory Services could not start Error 0xc000006a

This error can also present if your system state backup of your domain controller exceeds the tombstone lifetime of your domain, this defaults to 180 Days.
The exact error message you will see is

Directory Services could not start because of the following error:
The specified network password is not correct. Error Status:
0xc000006a. Please click OK to shutdown this system and reboot
into Directory Services Restore Mode, check the event log for more 
detailed information.

Moral of this story is to ALWAYS CHECK YOUR FREAKING BACKUPS and make sure they are done regularly and inspected regularly.

This mistake cost me 2 days of working on this. I should have checked the date modified on my system state restore.

LDAP Authentication in Debian

Steps for getting LDAP authentication working on Debian

This post brought to you courtesy of SzlWzl

Sources:
http://www.adminspotting.net/articles/windows/linux-and-active-directory.html
http://moduli.net/sysadmin/sarge-ldap-auth-howto.html

Aim:
To get all linux users authenticating from our Active Directory implementation which is running on Windows 2003R2.

On the Active Directory Server:
From Add/remove programs->Add/Remove Windows Componenets->Active Directory Services. Install Identity Management for UNIX and reboot

Create an user which we're going to use to bind. I have called mine adlookup which sits in our Service Accounts OU.

CN=AD Lookup,OU=Service Accounts,DC=DOMAIN,DC=com

It is very important that the password doesn't have any special characters in, I had to change the domain policy to set it as apparently there can only be one password policy per domain.
In Active Directory Users/Computers either create a new group or choose an existing group for your users, right click and choose properties.
Add your users
Choose Unix Attributes and select the correct NIS domain.

Now select a user, right click on them and select properties
Choose Unix Attributes
Select the NIS domain, Home Directory, shell and primary group name

Linux Client:

apt-get install ldap-utils openssl libpam-ldap libnss-ldap nscd

edit the /etc/ldap/ldap.conf to look like this
run

ldapsearch -x -W -D "cn=AD Lookup,OU=Service Accounts,dc=DOMAIN,dc=com" -LLL "(sAMAccountName=adlookup)"

then enter your password and it should return the correct details, if it does then you're brilliant :)

mv /etc/libnss-ldap.conf /etc/libnss-ldap.old
nano -w /etc/libnss-ldap.conf

and make it look like this:

host IPOFADSERVER #Important - it must be the IP and not the dns entry
ldap_version 3
binddn CN=AD Lookup,OU=Service Accounts,DC=DOMAIN,DC=com
bindpw PASSWD #nospecialcharacters
scope sub
timelimit 30
nss_map_objectclass posixAccount User
nss_map_objectclass shadowAccount User
nss_map_attribute uid msSFU30Name
nss_map_attribute uniqueMember msSFU30PosixMember
nss_map_attribute userPassword msSFU30Password
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_objectclass posixGroup Group
pam_login_attribute msSFU30Name
pam_filter objectclass=User
pam_password ad
base OU=YOUROU,dc=DOMAIN,dc=com # make sure you limit this to only what is required as I had strange errors
rootbinddn CN=ADMINUSER,CN=Users,DC=DOMAIN,DC=com #What user should root join as to enable passwd change etc
pam_groupdn CN=WHATGROUPAREUSERSIN,CN=Users,DC=DOMAIN,DC=com #what group must users be in to enable login

The contents of libnss-ldap.conf and pam_ldap.conf are identical in my setup so just link them together to save any additional work:

mv /etc/pam_ldap.conf /etc/pam_ldap.old && ln -s /etc/libnss-ldap.conf /etc/pam_ldap.conf
nano -w /etc/libnss-ldap.secret # enter in your admin password
ln -s /etc/libnss-ldap.secret /etc/pam_ldap.secret #same passwords
chmod 600 /etc/libnss-ldap.secret # make sure this is readable by only that user

Edit your /etc/nscd.conf file and change the following parameters:
I have chosen an arbitrary size of 500MB but I found that there were some crazy assertion errors coming in if I left the defaults such as this openldap-2.4.11/libraries/liblber/sockbuf.c. I think it must be to do with the size of the cache in nscd but am not sure. I also got an error about "invalid persistent database" when this was set too large.

 max-db-size             passwd          524288000
       max-db-size             group           524288000
       max-db-size             services        524288000

Now you have to tell pam how to get it's users so make your /etc/nssswitch.conf look like the below, it is very important to get the order right, compat must come first and then ldap. I found that my machine wouldn't boot if it was trying to do the ldap first.

#passwd:         compat
#group:          compat
#shadow:         compat
passwd:         compat ldap
group:          compat ldap
shadow:         compat

You must now make nsswitch readable by all so:

chmod 644 /etc/nsswitch.conf

Now you can test this is working by doing:

getent passwd USER.NAME # this must be a username you have enabled up there ^

/etc/pam.d Common Files

Debian has a series of files in /etc/pam.d appended by common- at the beginning of their names, which are included by the other files in that directory for specific services. We can tell PAM to use LDAP for all of these services by modifying these common files.

In /etc/pam.d/common-password, comment out and replace:

password required pam_unix.so nullok obscure min=4 max=8 md5

or:

password required pam_cracklib.so retry=3 minlen=6 difok=3
password required pam_unix.so use_authtok nullok md5

with:

# try password files first, then ldap. enforce use of very strong passwords.
password required pam_passwdqc.so min=disabled,16,12,8,6 max=256
password sufficient pam_unix.so use_authtok md5
password sufficient pam_ldap.so use_first_pass use_authtok md5
password required pam_deny.so

Read the pam_passwdqc man page for more about parameters you can give to it. In /etc/pam.d/common-auth comment:

auth required pam_unix.so nullok_secure

replace with:

# try password file first, then ldap
auth sufficient pam_unix.so
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so

In /etc/pam.d/common-account comment:

account required pam_unix.so

replace with:

# try password file first, then ldap
account sufficient pam_unix.so
account sufficient pam_ldap.so
account required pam_deny.so

And this line to /etc/pam.d/common-session:

session required pam_mkhomedir.so skel=/etc/skel/ umask=0022

This should now be it, I haven't quite got automatic sudo working yet or auto mount of the home dir from an nfs source but that is the next step :)

Troubleshooting:
Password you bind with must not have special characters
In nscd.conf you must have a decent sized cache file
Your unix attributes must be correct
check that your getent passwd is working and that your ldapsearch is working

Database Mirroring for Non Domain MS SQL Servers

Configuration of Database Mirroring for Non-Domain based SQL Servers

Assumptions
2 SQL Servers running SQL 2005 SP1 (or greater)
Network connectivity between them
System privileges to create user accounts and change service log on credentials
Databases to be mirrored set to FULL recovery model

Initial decision is which server is going to be your primary

Once this is decided, create a new account with a strong password, that you will run SQL Server and the SQL Server Agent with
Add this account to the group SQLServer2005MSSQLUser$SERVER-NAME$SQLINSTANCE

Set the services "SQL Server ($SERVERINSTANCE)" and "SQL Server Agent ($SERVERINSTANCE)" to run under this account

This should be done on BOTH SQL Server Machines

On BOTH machines, run the following T-SQL queries to build the Mirroring Endpoints

CREATE ENDPOINT mirror
STATE = STARTED
AS TCP
(LISTENER_PORT = 5022)
FOR DATABASE_MIRRORING
(AUTHENTICATION = WINDOWS, ENCRYPTION = SUPPORTED,ROLE = ALL)

Now, on the PRIMARY, select the database to be mirrored and back it up (Full Backup), copy this backup to the SECONDARY server and restore using the "WITH NORECOVERY" option This will leave the SECONDARY database in the Restoring state.

Back on the PRIMARY server, right click on the database and select Tasks > Mirror

Run through the "Configure Security..." wizard
Do not use a witness server
You may need to log on to the SECONDARY SQL Server using appropriate credentials. It will automatically detect the endpoint created earlier.
When prompted for a user for the principal and Mirror, DO NOT ENTER ANY DETAILS
The Mirroring Configuration Wizard will complete with 0 errors or Warnings.
Select Do Not Start Mirroring

Still on the primary server, select the Principal server address and change it so it is a FQDN (including a domain)
for example server1.sqltesting.com:5022
For the most likely to succeed option inspect the Mirror server address.

Once this is set, hit Start Mirroring. You will get an error message that the mirror database has insufficient transaction log data to preserve the log backup chain of the principal database...
Hit OK on this BUT do not ok or cancel off the datbase properties page for the PRIMARY database. This indicates that they can successfully communicate.

On Management Studio on the PRIMARY, right click on the database and select tasks> Backup
In the backup type, select Transaction Log and back it up to an appropriate location.

On the SECONDARY server,right click on the database to be mirrored and select Tasks > Restore Transaction Log
Select the path to the transaction log backup from the PRIMARY server.
Restore this ensuring to select the WITH NORECOVERY option on the options screen.

On the PRIMARY server, on the still open properties page, do not change the Operating mode unless you know what you are doing, then click Start Mirroring

There will be a slight delay and the Status will change to Synchronizing, hit refresh and as long as not too many transactions have gone through, it should change to Synchronized.

You can now close this window and have mirrored databases.

Anonymous Internet Browsing

(Or How BT Mobile Broadband can make you feel like a criminal)

This post was inspired by the despicable means that BT use to try and prevent you from doing what you want on the internet whilst using one of their mobile dongles. Some people (myself included) don't like other's seeing what they do on the internet, this is how you get around it.

**DISCLAIMER**

This can be used to get around proxy services and servers that your friendly neighbourhood SysAdmin might have put in place for the safety of their network. If you get caught using this and violating your employer's acceptable use policy, on your own head be it.

A SysAdmin will probably beat on you with a spanner for just discussing this, Yes I am a SysAdmin and Yes I would.

So enough of that nonsense and thinly veiled threats, let's get down to getting you on the internet.

Go and download FirefoxPortable from portableapps.com
Install this to your USB Thumbdrive or to a location on your hard drive

Download TOR from www.torproject.org

when installing TOR/Vidalia, Select a "Base" install and expand out the Torbutton option, deselect "Add to Firefox"
Change the destination folder to be a folder on your USB Drive, I called mine Vidalia.
Don't run the Installed components just yet.

Go to the installed folder and browse to the Torbutton folder, right click on the torbutton-1.2.0-fx.xpi and select "open with..." point this to your portable firefox installation and run it, then restart firefox portable. Open up the add-ons options for Torbutton and ensure that "Use Privoxy" is enabled

When you want to browse anonymously, run Vidalia from your USB drive, open up firefox portable, and down in the bottom right, click on Tor Disabled to start Tor and browse to your hearts content, relatively safe in the knowledge that no one can see your browsing activity.

To add Flash to this, copy flashplayer.xpt and NPSFW32.dll from c:\windows\system32 into FirefoxPortable\App\DefaultData\plugins and restart firefox. This doesn't work with all flash video players but youTube works.

Kubuntu 9.04 on Vostro 220s with dual monitors

Installation of Kubuntu 9.04 "Jaunty Jackelope" on a vanilla Vostro 220s is very straightforward. My Vostro however is not vanilla in that I have added an addin graphics card, an nVidia GeForce 8400GS with dual outputs.

This is what caused my problems from earlier when I tried to move to 9.04 beta release.

How you get it running on this system is as follows.

Open up your case and pull the VGA output off the graphics card, this tells the card that it only has one output.

Start up your machine and open the BIOS settings and tell your machine to use the pci-express graphics card before the on-board one. Dell machines normally complain otherwise.

Install [K]ubuntu 9.04 as normal in whatever layout you want.

After installation, get your system updates and enable the restricted nVidia Drivers (V. 180)

Reboot and check your machine still works and that you now have the nVidia Server Settings option in your K menu (or wherever it goes for Gnome)

Power off after testing and plug your VGA output back in on the card, attach your second monitor

Open up your nVidia Server Settings application and enable the second monitor. DO NOT CLOSE THIS APPLICATION YET

Open up a terminal window (ALT+F2 "konsole") and enter

sudo chmod a+w /etc/X11

Back in your nVidia Server Settings app, hit "save to X configuration" and you are now done. Dual screens persistent across reboots.

TA bloody DA.

Burning ISOs from Command Line Linux

isowrite.sh

#!/bin/sh
sudo cdrecord -v dev=1,0,0 -data $1
sudo eject

install cdrecord (apt-get install cdrecord) then create a bash file somewhere in your $PATH (/usr/bin) then run:

isowrite.sh /Path/To/ISO.iso

Removing Sticky Stuff

Peeled a few labels off a Dell Latitude 131L (yes the one that doesn't want to install Vista, can't really blame it) and got left with a load of very sticky stuff and bits of label guff.

Don't have any spirits or thinners to hand to remove it and wouldn't really want to use them in case it eats through the laptop casing (would be very bad as it's not my laptop)

Whip out the old gaffer tape/duct tape and tear off a strip. Stick it down on the surface with the sticky stuff and rip it off, takes a bit of the sticky crap with it. Repeat as necessary. Yes you may worship me.

vLite - Unattended Installations for Windows VIsta

How to create your very own bootable ISO with all the drivers you could need on it.

Go to www.driverpacks.net and download all the driver packs for your architecture (x86/x64) Extract the .7z files to a local directory using 7-zip (www.7-zip.org) or winRAR (www.rarlabs.com)

Download vLite and the Windows Automated Installation Kit (W.A.I.K.), these are both free and should be the first hits in google

Install the WAIK and then install vLite - don't run it just yet.

Copy the wimgapi.dll from the Windows AIK/Tools/YourArchitecture folder (x86/ia64/amd64) into the vLite root folder. Windows AIK defaults to installing in "c:\Program Files\Windows AIK"

Run vLite and on the first screen pop in your Vista DVD and direct it to that drive (it will prompt you to create a local copy) or point it to a location where you have copied all the files from the CD.

NOTE 1: I recommend copying the files across yourself and then making an additional copy of the folder. Using vLite can be a destructive process and you may not get it right first time. If you have a spare copy on your hard drive, your golden master, so to speak. It's a lot easier and quicker to just clone this folder than having to: find your DVD or mount the ISO, copy the files across etc. etc. etc.

NOTE 2: If you are struggling for space you can uninstall the WAIK and save a few gigabytes as you will need them shortly to create your ISO, at least 6G is what I would recommend leaving available so you can copy the files locally and build your ISO image.

vLite will now detect your architecture type and the version of Vista that you have given it. On the next screen, all the options with the exception of Integration is optional (technically it is but then you wouldn't have any drivers installed on your DVD which is kinda the point of this post)

The checkboxes let you do several things, most of them are self-explanatory from the name of the checkbox but let me give you a quick overview.

Integration - HotFixes, Drivers and Additional Language Packs
Using this will let you integrate HotFixes from Microsoft, Drivers from 3rd Parties (or MS) Language packs (Haven't used this option yet)

Components - Component Removal
This lets you remove components that you are not intending to use - EVER.
There is an optional popup screen to protect certain applications that use shared files etc. but unless you know what you are doing and the consequences, which could potentially be far reaching if you don't know what the system will be used for. It's best to leave this alone except as mentionned for very specific uses.

Tweaks - Optional Tweaks
In here you can specify tweaks that mean you don't have to do as much on first boot into your new O/S. Things like specifying that the control panel should default to classic mode (very useful), or that the IE Phishing filter should be disabled (why are you using IE anyway?) etc. There are quite a few things in here and it's worth a look

Unattended - Install without your intervention
All the options in this section are used to make your life easier. You can specify your product key, skip activation, set your language settings, set up the Administrator User, name your PC (Not that useful in a corporate environment) and a few other bits.

You should take a look at most of the options with the possible exception of the Component removal and Tweaks. If you know enough that you are going to integrate additional installers onto your disc you should know to ignore creating the bootable ISO as you will have to do that later yourself.

Once you've completed all your modifications, you can hit apply and it will update the copy of the Vista installation files (see NOTE 1 above)

THIS STEP DOES NOT CREATE THE ISO. Do not press exit if you want to create a bootable ISO image.

Click on the next button and you will be presented with an additional screen. This will let you create your ISO image OR burn directly to DVD. I recommend creating the ISO.
On this screen there is also the option to split the image if its very large or possibly to make it fit on CDs if you don't have a DVD ROM in your target device. I haven't used this option yet so can't guid you on its use.

Once you are happy with the name of your new disc/disc image (defaults to VistaLite even though it might be a bit bigger) hit Make ISO or Burn. In the case of Make ISO it will ask you for the output path.

NOTE 3: Do Not Integrate all drivers if you want to install it on a Dell Latitude 131L, I'm still working on what is actually required to install Vista on this without it BSODing regarding the graphics card.

American Idiot (Politician)

Seriously though, where the hell do they get these people AND WHY ARE THEY RUNNING THE COUNTRY?

Youtube Linkage

Piracy - Garrrr

Okay, this is going to be a bit of a rant, I need to get this off my chest before I go on the rampage. I'm not in any way condoning the practise of copying media that you do not own but

COPYING SOFTWARE/MEDIA FILES IS NOT PIRACY. It's not even theft!

I think the image below expresses my feelings appropriately:


Peer-to-peer networking is a useful tool, it is not the exclusive realm of the "Pirate", [oh fuck, I can't even say pirate. - ed] Lets try it again
It's not the realm of the person that wants to copy files across the network (internet/LAN) that they do not hold copyright licenses for.

In my opinion, the judgment in the PirateBay.org case was incorrect, they are merely providing an information repository that does not in any way contain copyrighted files.
The decision to find them guilty in this case was incredibly poor judgment, take this for example.
You burn a DVD containing several MP3 files for your "Friend", you post it to him/her but forget to put enough postage on it. The post office holds it and tell your "Friend" to come and collect it.
Are they in breach of copyright? Of course not. The same should have applied to PirateBay.

Next on my list, "Downloading films is stealing" trailers on every bloody DVD that you BUY.

How mentally retarded are these people? They are effectively encouraging people not to buy films if they put these ridiculous trailers at the start of every film that in some cases you can't skip through. I bought your bloody DVD now fuck off and let me watch it. You don't get these stupid messages on pirate DVDs!

And Another Thing, when your message goes

You Wouldn't steal a Purse
You Wouldn't steal a Car
etc.

You bloody well would if you could download it off the internet as IT'S NOT STEALING

Downloading ALL your media from the internet should be ENCOURAGED, the Record Companies/Movie Studios/Rights Holders could make even MORE money if they distributed it via the internet, think about it. No packaging costs, no delivery costs (You, yes you in the back, shut up about bandwidth, it's something I'll come to in another post), quicker delivery times.
My "proposal" goes like this.

No DRM on the media (as its stupid and retarded and an inconvenience and useless, did I mention it was stupid?) - Saves people the inconvenience of having to rip/extract/convert to all their different media players. By extension don't pick a dumb (not open) file type - I'm looking at you WMV/M4P etc.

People pay a monthly subscription to download a limited/unlimited amount, categorised by the bandwidth consumed, NOT the quantity of items DL'ed. You want to download the unlimited amount? pay more, you only want a few movies/songs a month, a lower tariff for you.

New Releases - Available online at the same time as DVD release

I think that this will work (i.e. be profitable) for a few reasons
1. The Content Delivery Mechanism already exists and is a mature technology
2. The absence of DRM encourages people to use it as they KNOW it will work on "their" device be it a set top box, and iPod, a Zune, a PSP etc etc
3. Yes, you will get people on the "unlimited" plan ripping the arse out of it (you could establish a "fair usage" case but don't dare call it an "unlimited" plan) BUT by the same criteria the majority of users will play fair. Some of them will probably download an incredible amount in the first 2-3 months but after that will only download a limited selectio, if for example they only download files every 2 months THIS IS FREE MONEY.

So to sum up
Peer To Peer networking == Good and can be profitable for the "studios"
Peer To Peer networking != Piracy
Copyright Infringement != Theft
Copyright Infringement != Piracy
Piracy == Stealing Shit on The High Seas

Installing Debian and KDE 4.2 - EPIC FAIL

Installed Debian 5.0.0 Testing from NetInstall CD
Assigned Static IP in our subnet
Used the entire 1st disk with guided partitioning and all files in one partition (Don't Judge me I just wanted it to work!)
Added a temp user as if it worked I wanted to have "MY" home directory under subversion
Told Aptitude to use

http://username:password@proxy.server.com:8080

so that it can get to the internet via ISA Proxy server
Decided not to participate in Package Usage Contest
Deselected the Desktop Environment Option
Installed GRUB to MBR when prompted
Logged in after reboot

su
aptitude install sudo nano jed vim
aptitude install ntlmaps

Added the unstable Repos to /etc/apt/sources.list

aptitude update
aptitude -t squeeze upgrade 

(This command appeared to access the unstable repo so didn't do what I told it to.)

aptitude -t squeeze dist-upgrade
aptitude -t unstable upgrade
aptitude -t unstable dist-upgrade
aptitude -t unstable install xserver-xorg
aptitude -t unstable install kdebase-runtime-bin-kde4
aptitude -t unstable install kde4 

(accepted Solution relating to gnome and libnautilus)
Set the root password for mySQL
Set the default Domain for SAMBA

Rebooted, KDM started and was able to login, initial login was slightly longer but assumed this was down to the kde config doing it's magic and setting up the initial config files that would be missing for each user.
Shut down
Added in graphics card (dual head so on-board graphics DISABLED)
Start up, KDE starts fine, login - Hangs on KDE Splash screen

THE SAME BLOODY WAY IT DID WHEN I DID 3 INSTALLS YESTERDAY

What I want to know is why it didn't do what my current install of Kubuntu and KDE4 does... and just bloody worked when I added the extra card in.

UPDATE

See my latest post on Kubuntu 9.04 with dual monitors. Silly Daniel.

Twittering

I've started twittering again (tweeting is it?) and have found it to be a. quite useful and b. good fun.

It's (in my mind anyway) similar to a broadcast email, except that it's targetted at people who actually "want" to pay attention to you (followers).

All the tweets with the exception of a direct message end up in your timeline, so you can see a conversation flowing along, if only there was a way to tie replies back to actual tweets rather than just a reply to someone (@user) that would make it a bit easier to follow a conversation between people that you may not follow rather than hopping back through their timeline.

I find it's a pretty good way to expand your circle of friends and meet new and interesting people. If they aren't interesting DON'T FOLLOW THEM!

There are some exceptions, Stephen Fry is Quite Interesting but a twit-flooder, i.e. your timeline could potentially be just Stephen.

EDIT: Silly Me, I forgot to put my twitter name here, it's danmcl0703

Blog Changes

I'll be playing about with this blog over the next few weeks/months...

I'm specifically going to be playing with AdSense and the blog layout itself.I'm also going to be posting more, things that make me laugh, things that I need to remember (the basic initial premise of this blog) and anything else that I want really.

So if you don't like it you don't have to read it, but I would really like it if you did!

Linux Admin in a Windows corporation

Over the next few months, I'm going to be writing about the tools, software, and problems/solutions I'm having being a linux admin in a windows corporation, everything so far runs on various versions of Windows, from windows 2000 right through to 2008 enterprise edition in a fair number of its guises.

It's not been too bad so far, I have Windows 7 running inside Virtualbox on my Kubuntu desktop for things that absolutely require windows and some office stuff (like our corporate intranet site) but other than that I've been using kubuntu as my main machine.

I've already implemented a squid proxy for some sites in our DMZ so that we can plug that hole in our firewall and allow them access out to the internet without hopping back to our internal network to the corporate ISA server.

I've also got Nagios running alongside Splunk for Monitoring and SysLog collection for Windows Servers, they are running quite nicely but definitely need some time fettling with them, I have to say the 15min guide for Nagios on their new site is actually lying, it doesn't take anywhere near 15 minutes, its on the good side of 10!

Anyway, enough for now.

Central Syslog for Servers

EDIT: This post was written in a hurry but I promise I will come back to it soon to elaborate.

There's something incredibly useful about not having your server logs only on the server itself, the first is when someone compromises your server, plays about with it a bit and then deletes the log files.
The second is having all your log files in one place so you can run tools like Splunk on them.

This is how you go about doing it. I will assume that the syslog server (where the logs go to) is running some variation of Linux, these instructions will be largely focussed on Debian.

/etc/init.d/sysklogd stop
edit /etc/sysklogd.conf
change syslogd "" to syslogd "-r -m0"

This will allow remote machines to log to this (-r) and will remove the --MARK-- (-m0) that plagues your logs, I'm still in 2 minds about removing the "mark" as it lets you know that your logs are being written to, but on a large network there will (most likely) always be something somewhere writing to a log file.

okay, next open up /etc/syslog.conf and add

local7.debug /var/log/enterprise.log

this will allow Cisco and Windows devices to log to this machine.

/etc/init.d/sysklogd start

DONE on the server

On Windows Clients

Download SNARE from intersect Alliance install it and don't use the web interface.

run regedit and edit HKEY_LOCAL_MACHINE\SOFTWARE\InterSect Alliance\AuditService\

in config, change the delimiter to be " " (i.e. a space)
in network change the destination to be your syslog server
and also in network check that the port is set to 514, this is the default.

Python ZFS Backup Script

This is my incremental backup script for ZFS on Solaris 10
REQUIREMENTS:
mysql
python
pymysql
install these by doing this

/opt/csw/bin/pkg-get -i mysql5
/opt/csw/bin/pkg-get -i python
/opt/csw/bin/pkg-get -i pymysql

Requires a mySQL database with a table called logs in a database called backups, please feel free to amend this but remember to update the script below.
NOTES:
You will have to tab indent this script manually as I haven't figured out how to do it in here
SCRIPT:

#!/usr/bin/python
#backup_script_v0.1.py - Backup ZFS pool for sportsware
import sys
import MySQLdb
import os
import commands
import smtplib
import time
#set fixed parameters here
smtpserver = "IP.ADDRESS"
adminEmail = "address mail comes from"
backupsEmail = "address mail goes to"
targetZFSHost = "IP/hostname of ZFS target"
sourceZFSPool = "the zfs volume to be backed up"
targetZFSPool = "the zfs volume to back up to"
thisServer = "name of this server"
thisClient = "name of client"

#database connection attempts go here
try:
      DBlog = MySQLdb.connect (host = "database IP",
            user = "backups_user",
            passwd = "backups_pass",
            db = "backups")
except MySQLdb.Error, e:
      print "Error %d: %s" % (e.args[0], e.args[1])
      sys.exit (1)

startTime = time.time()
timestamp = time.strftime("%Y%m%d%H%M")
buildSnapshotCommand = "zfs snapshot "+sourceZFSPool+"@"+timestamp
lastSnapshotCommand = "zfs list -r -t snapshot -o name "+sourceZFSPool
lastSnapshotInput = commands.getoutput(lastSnapshotCommand)
lastSnapshot = lastSnapshotInput[-12:]
zfsSendRecvCommand = "zfs send -i "+sourceZFSPool+"@"+lastSnapshot+" "+sourceZFSPool+"@"+timestamp+"  ssh -C "+targetZFSHost+" zfs recv "+targetZFSPool
print "Creating Snapshot"
#CREATING THE SNAPSHOT
status = commands.getoutput(buildSnapshotCommand)
if status == "":
      logStatus="No snapshot error occurred"
else:
      logStatus=status
      print logStatus
      #build mail connection
      mailSession = smtplib.SMTP(smtpserver)
      emailMessage="To: "+adminEmail+"\nFrom: "+backupsEmail+"\nSubject:ZFS Snapshot Error occurred:\nThe following error occured at "+time.strftime("%H:%M - %d/%m/%Y")+"\n"+logStatus
      mailSession.sendmail(backupsEmail,adminEmail,emailMessage)
      mailSession.quit()

Logging = DBlog.cursor()
LoggingInsert = "INSERT INTO logs (site_name,server_name,log_output) VALUES ('"+thisClient+"\','"+thisServer+"\',\'"+logStatus+"\');"
Logging.execute(LoggingInsert)
endTime = time.time()
timeSpent=endTime - startTime
print "Sending Snapshot"
#ZFS SEND/RECV
status = commands.getoutput(zfsSendRecvCommand)
if status == "":
      sendlogStatus="No ZFS transmission error occurred"
else:
      logStatus=status
      print logStatus
      #build mail connection
      mailSession = smtplib.SMTP(smtpserver)
      emailMessage="To: "+adminEmail+"\nFrom: "+backupsEmail+"\nSubject:ZFS Send/Recv Error occurred:\nThe following error occured at "+time.strftime("%H:%M - %d/%m/%Y")+"\n"+logStatus
      mailSession.sendmail(backupsEmail,adminEmail,emailMessage)
      mailSession.quit()

Logging = DBlog.cursor()
LoggingInsert = "INSERT INTO logs (site_name,server_name,log_output) VALUES ('"+thisClient+"\','"+thisServer+"\',\'"+logStatus+"\');"
Logging.execute(LoggingInsert)
endTime = time.time()
timeSpent=endTime - startTime


emailCompletionMessage="To: "+adminEmail+"\nFrom: "+backupsEmail+"\nSubject:Backups Completed at "+time.strftime("%H:%M - %d/%m/%Y")+"\nThe ZFS Backups Completed @"+time.strftime("%H:%M - %d/%m/%Y")+"\n\n They completed in "+str(timeSpent)+" seconds"
zipMailSession = smtplib.SMTP(smtpserver)
zipMailSession.sendmail(backupsEmail,adminEmail,emailCompletionMessage)
zipMailSession.quit()
print endTime
DBconn.close()
sys.exit(0)

00:11:09:94:84:27

Nothing to see here, move along.

Simple password protection in Apache 2.x

Just dropping this in here so I can find it again, I could never get .htaccess files to work in windows so this works in the same way

Use htpasswd -cb filename username password to create your hashed password file

put

<directory "some directory tree to protect">
   AllowOverride None
   Options None
   AuthType Basic 
   AuthUserFile "path to password file 
   AuthName "message for users" 
   require valid-user 
   Order deny, allow
</directory>

Tech I Touch #2

Time for another installment of this section! This time it's the turn of my macbooks.

At the minute I am currently using 2 macbooks, one a 1st generation MacBook and the other is the latest version of the MacBook Pro.

Both are admirable performers in their own way, they both fulfill computing needs that I have.

The MacBook Pro was supplied by my employers (cheers for that if anyone is reading!) as my day-to-day office machine, the 15.4" screen makes it a bit more pleasing to use for longer periods. It's a fantastic piece of hardware, up to my usual exceptionally high engineering standards.

My MacBook (Black 2 GHz Core Duo) is my own machine, its a few years old now but is still my number one machine, I use it primarily at home as the smaller screen is a bit less intrusive, if I had to travel a lot, I would definitely have requested another one of these as the smaller size isn't noticeable in use but definitely when packing it or carrying it about.

Both have their individual merits, the backlit keyboard on the MBP but I prefer the feel of the keys on the MB, they remind me of the ZX spectrum I owned once upon a time. I find it more pleasant to type on but I am a very aggressive typist.

I always said to people that "personally I didn't see a use for the MacBook Air", but I think that I may have been taken out of context. I think it is a very capable machine but it just doesn't suit my computing style; that's not to say that I wouldn't want to have one to play about with. I like the compactness but would miss several of the features, a wired ethernet port being the most important. But there is definitely a market for it, as evidenced by the slew of ultraportables that have been released in direct competition for it.

If I had to choose an ultraportable it most likely would be the Air as the price is about right and it can run OS X (legally and without hackery) which is definitely my preferred operating system at the moment. A linux KDE system might overtake it but I'm not particularly taken by KDE 4 right at this present moment, 3.x was fine and I preferred it to Gnome and KDE 4 but I'm strongly tempted to go back to Gnome if 3.x becomes unavailable.

Oh dear, this has turned into a rant of some kind, and I don't want to start a browser/os/window manager war at all.