People I Know
Categories
Sunday, December 14. 2008
Posted by the_angry_angel
in Geek, Links, Personal, Projects, Unix-like at
22:13
Comments (0)
Trackbacks (0)
Comments (0)
Trackbacks (0)
IPv6, IPv4, and ARP on Xen for VPS
If Xen is your thing, Cory von Wallenstein's relatively recent article on IPv6, Ipv6, and ARP on Xen might be of interest to you.
I'm unsure if his patches have been merged into the main Xen source, but it's still an interesting read and useful if you're wanting to secure Xen domU's, or experiment with IPv6.
I'm unsure if his patches have been merged into the main Xen source, but it's still an interesting read and useful if you're wanting to secure Xen domU's, or experiment with IPv6.
Friday, December 12. 2008
Posted by the_angry_angel
in Geek, Mindless Hatred, Personal, Unix-like at
00:33
Comments (0)
Trackbacks (0)
Comments (0)
Trackbacks (0)
Like German Tourists...
...the stupid are everywhere.
It's an old joke from the days of Red Dwarf, and I'm sure I've used it before many times. However, reading utter uninformed crap from a school teacher, regarding free and open source software warrants the usage again, in my mind.
I can understand that some one has a difference in opinion and I can understand the right to complain. What I don't understand is why you'd write such a thing if you appear to know absolutely nothing about the subject†.
The thing I most love about the article is that it ends in such a childish way. The 9 year old nerd in me loves that.
† Scrub that. All you need to do is take a look at the BBC's open comments to see why.
It's an old joke from the days of Red Dwarf, and I'm sure I've used it before many times. However, reading utter uninformed crap from a school teacher, regarding free and open source software warrants the usage again, in my mind.
I can understand that some one has a difference in opinion and I can understand the right to complain. What I don't understand is why you'd write such a thing if you appear to know absolutely nothing about the subject†.
The thing I most love about the article is that it ends in such a childish way. The 9 year old nerd in me loves that.
† Scrub that. All you need to do is take a look at the BBC's open comments to see why.
Sunday, December 7. 2008
Posted by the_angry_angel
in Books, Geek, Multimedia, Unix-like at
13:40
Comments (0)
Trackbacks (0)
Comments (0)
Trackbacks (0)
Reviewing 'Running Xen: A Hands-On Guide to the Art of Virtualization'
I tend to buy geek and nerd related books for two main reasons: 1, because I don't like taking my laptop to the bog and reading, and 2, because there's nothing really like a book. There are a few others, which orientate around being able to read a book away from the computer or laptop, relaxing on the sofa, or in the garden, but they aren't as important to me - but mostly only because I do my best thinking in the bathroom.
Anyway. 'Running Xen' was on the few books I had delivered a few days ago. To clarify this is a book on running Xen, the open source hypervisor. Like all books I was hoping for something that delivered a little bit more than the man pages and online docs. Sadly this wasn't really the case.
Now I'm not saying that 'Running Xen' is a bad book. It's not. It's just missing that "something more", that "je ne sais quoi" (I cannot believe I've just typed that and not removed it). If you're going to somewhere without man pages or online docs, then it's an invaluable reference.
Worth £21 (it's current cost on Amazon)? Without reading more books on Xen, I honestly don't know, but despite feeling as I do, I am glad that I've got it.
Mostly because I've had some awesome ideas, whilst on the bog with it.
Anyway. 'Running Xen' was on the few books I had delivered a few days ago. To clarify this is a book on running Xen, the open source hypervisor. Like all books I was hoping for something that delivered a little bit more than the man pages and online docs. Sadly this wasn't really the case.
Now I'm not saying that 'Running Xen' is a bad book. It's not. It's just missing that "something more", that "je ne sais quoi" (I cannot believe I've just typed that and not removed it). If you're going to somewhere without man pages or online docs, then it's an invaluable reference.
Worth £21 (it's current cost on Amazon)? Without reading more books on Xen, I honestly don't know, but despite feeling as I do, I am glad that I've got it.
Mostly because I've had some awesome ideas, whilst on the bog with it.
Thursday, October 30. 2008
Recent Adobe products don't like...
...redirected App data directories, and causes a crash (Visual C++ Runtime error). Unfortunately after updating one or two of our customers at work it appeared that a few user accounts still had a redirected app data directory, presumably because they weren't around when it was removed.
Thankfully fixing it is pretty easy (although potentially time consuming depending on your setup), if the redirection policy isn't active and is simply a case of changing the relevant entry under HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, and then logging off and back on, and migrating the redirected files back into the local profile directory.
As far as I'm aware the affected products are;
If you're not using redirected app data directories any more then this is obviously a handy fix. If for whatever reason you're still using redirected directories and not roaming profiles, then you're screwed as it appears that Adobe aren't planning on fixing this.
Things like this really piss me off and just make me feel like the majority of my work is working around bug, flaws or oversights and is just why I prefer open solutions and platforms; at least I'd have the possibility of trying to fix it in-house.
Thankfully fixing it is pretty easy (although potentially time consuming depending on your setup), if the redirection policy isn't active and is simply a case of changing the relevant entry under HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, and then logging off and back on, and migrating the redirected files back into the local profile directory.
As far as I'm aware the affected products are;
- Adobe Acrobat and Reader 9
- The entire CS4 suite
If you're not using redirected app data directories any more then this is obviously a handy fix. If for whatever reason you're still using redirected directories and not roaming profiles, then you're screwed as it appears that Adobe aren't planning on fixing this.
Things like this really piss me off and just make me feel like the majority of my work is working around bug, flaws or oversights and is just why I prefer open solutions and platforms; at least I'd have the possibility of trying to fix it in-house.
Monday, October 20. 2008
Outlook, Exchange and calendars asking for authentication
This one really had us at work and really threw us massively. Imagine a customer who has recently had a number of non trivial modifications to their network. Now imagine several users, whom have Outlook over HTTP RPC (Outlook Anywhere) configured and enabled for slow networks only, and get asked for authentication when accessing a handful calendars. On the same site as the servers (i.e. on the fast network). Disabling Outlook over HTTP RPC completely, or enabling it for slow and fast networks, and the problem would not occur. With no useful logs what so ever.
The main problem was that so much stuff had changed it was difficult to know where to start, and even harder with nothing useful being logged. It wasn't hitting the proxy server, which had recently had authentication forcefully enabled, it wasn't the IIS and Exchange box.
Turns out that the affected calendars that people were trying to view had recently had their mailbox moved from one storage group, to another, and we were obsessed with it being something else to the point that we'd dismissed this without looking into it. Without HTTP RPC enabled redirection happened without trouble, but with it on it required authentication. But the weird thing was that you could actually see the calendar if you selected Open other user's mailbox, rather than using the "shortcut" (i.e. tickbox) that had already been added in the calendar view.
Simple solution - remove and readd the affected calendars. Our best guess is that this is stored with various pointers or references to not only the mailbox, but also the storage group. After all, it would make sense from a performance point of view if you didn't have to look it up each time.
The moral for me personally, since I'd taken quite a lot of this problem on, is to never forget Occam's Razor. I might actually get a representation of that tattoo'ed on my body, whenever I get around to that part of life again.
The main problem was that so much stuff had changed it was difficult to know where to start, and even harder with nothing useful being logged. It wasn't hitting the proxy server, which had recently had authentication forcefully enabled, it wasn't the IIS and Exchange box.
Turns out that the affected calendars that people were trying to view had recently had their mailbox moved from one storage group, to another, and we were obsessed with it being something else to the point that we'd dismissed this without looking into it. Without HTTP RPC enabled redirection happened without trouble, but with it on it required authentication. But the weird thing was that you could actually see the calendar if you selected Open other user's mailbox, rather than using the "shortcut" (i.e. tickbox) that had already been added in the calendar view.
Simple solution - remove and readd the affected calendars. Our best guess is that this is stored with various pointers or references to not only the mailbox, but also the storage group. After all, it would make sense from a performance point of view if you didn't have to look it up each time.
The moral for me personally, since I'd taken quite a lot of this problem on, is to never forget Occam's Razor. I might actually get a representation of that tattoo'ed on my body, whenever I get around to that part of life again.
Wednesday, October 15. 2008
World server is down
I guess when a patch of this magnitude gets released for any hosted product, regardless of whether it's a game or business application, you should really expect disruption. Sadly most users won't really "get" that. As much planning can go ahead, but with a fundamental change and introduction of new features you can't really predict just how many of your user base will try to logon at once, and perhaps the financial backing isn't there to prepare for the worst case scenario.
If you're confused as to what I'm rambling on about, then I can safely assume you don't play World of Warcraft. Or if you do then you've not tried logging in today.
If you have, then undoubtedly you've managed to get the final major patch before Lich King drops on your front door mat, and you've also undoubtedly been receiving the "World server is down". If you managed to get into Stormwind, which is relatively busy at the best of times, then you'll probably know one of the few reasons why this is occuring. If you weren't lucky enough, then the following screenshot might help out a bit.
When you do manage to login you'll probably be a bit confused, especially if you've not read the patch notes. You really should skim the patch notes.
Anyway -
From a sysadmin point of view I'd absolutely love to see what's behind the World of Warcraft system, and understand just how it's architectured. It's undoubtedly a massive system and on that front I envy the techies behind it. However, I think if I saw the amount of moaning on the forums, my optimism and love for the job would probably be in jeopardy. I certainly know it is when I've been working for hours on a customer's system and they don't feel like things are being worked at fast enough, and my user base at work is tiny in comparison.
If you're confused as to what I'm rambling on about, then I can safely assume you don't play World of Warcraft. Or if you do then you've not tried logging in today.
If you have, then undoubtedly you've managed to get the final major patch before Lich King drops on your front door mat, and you've also undoubtedly been receiving the "World server is down". If you managed to get into Stormwind, which is relatively busy at the best of times, then you'll probably know one of the few reasons why this is occuring. If you weren't lucky enough, then the following screenshot might help out a bit.
When you do manage to login you'll probably be a bit confused, especially if you've not read the patch notes. You really should skim the patch notes.
Anyway -
- Mounts no longer take up space in your bags, you "use" them, and they get applied to a new area in your character screen
- Your talent points have been reset, the reason being that there are fundamental changes to all classes
- Inscriptions have been introduced, and you can buy the low level stuff from vendors, and higher level stuff from the AH
- Don't like your character's appearance? Goto the Barber. As long as you don't want a new beard (ffs), you should be a-ok! Just try and avoid the mohawk. There are a lot of them about
- Yes, the graphics have been overhauled a tad
- BM hunters can get exotic pets. Two headed hellhounds? Awesome
From a sysadmin point of view I'd absolutely love to see what's behind the World of Warcraft system, and understand just how it's architectured. It's undoubtedly a massive system and on that front I envy the techies behind it. However, I think if I saw the amount of moaning on the forums, my optimism and love for the job would probably be in jeopardy. I certainly know it is when I've been working for hours on a customer's system and they don't feel like things are being worked at fast enough, and my user base at work is tiny in comparison.
Thursday, October 9. 2008
Relying on Bloglines much?
This lunch time I've had a bit of a thought about just how much I use Bloglines (beta). In the mornings it's one of the first tabs opened, and it's almost always loaded when I close the browser. For that I can thank chip in particular. And it's a good thing. I think. It's certainly made my life easier and better.
However, if I went back just 2 years ago the whole concept of a feed reader sort of repulsed me - I liked the idea of visiting a site to get the news and bits and bobs that I want, and I almost felt like I should go to the site so that the various writers and owners got a meagre bit of cash from advertising. Whilst I still do that for a small number of sites, in particular Penny Arcade, XKCD and Questionable Content, digg and BBC News, for everything else I now rely on Bloglines.
Not only do I use it to read and keep up to date on what's going on, but also as a way of making and taking mental notes without having to write anything. It's like a wiki, but better, and because of this I rarely update my own personal techy wiki with anything at all. More often than not someone will write about something that I find interesting or want to do, or will be doing shortly. It's brilliant and also somewhat scary sometimes just how many people are on the same sort of page as me in terms of work and personal stuff - which for me very much overlap.
However, the bit that scares me the most is I think that I'm now at the point where if Bloglines goes away that I'll have problems. Ok, I could export all of my feeds out and into whatever I want using the various OPML ex/importers. But these don't export the stuff that I've got pinned or saved, and these are the bits that now make my own little world go around.
However, if I went back just 2 years ago the whole concept of a feed reader sort of repulsed me - I liked the idea of visiting a site to get the news and bits and bobs that I want, and I almost felt like I should go to the site so that the various writers and owners got a meagre bit of cash from advertising. Whilst I still do that for a small number of sites, in particular Penny Arcade, XKCD and Questionable Content, digg and BBC News, for everything else I now rely on Bloglines.
Not only do I use it to read and keep up to date on what's going on, but also as a way of making and taking mental notes without having to write anything. It's like a wiki, but better, and because of this I rarely update my own personal techy wiki with anything at all. More often than not someone will write about something that I find interesting or want to do, or will be doing shortly. It's brilliant and also somewhat scary sometimes just how many people are on the same sort of page as me in terms of work and personal stuff - which for me very much overlap.
However, the bit that scares me the most is I think that I'm now at the point where if Bloglines goes away that I'll have problems. Ok, I could export all of my feeds out and into whatever I want using the various OPML ex/importers. But these don't export the stuff that I've got pinned or saved, and these are the bits that now make my own little world go around.
Tuesday, September 16. 2008
Posted by the_angry_angel
in Geek, Mindless Hatred, Personal, Windows, Work at
18:59
Comments (0)
Trackbacks (0)
Comments (0)
Trackbacks (0)
Windows DFS shares, junctions and permissions
Here's another one that caught me out today, but I've never come across before.
Under a DFS share, any linked shares are created as junctions. It appears that the permissions on these junctions do affect the permissions of the data within the linked share. Whilst this is logical, given how junction points work, what really threw me was that the wonderful, wonderful GUI didn't reflect this and the permissions on the junction point had been inadvertently changed.
It's not like you ever need another reason to chalk one up for the command line, but there we go!
Under a DFS share, any linked shares are created as junctions. It appears that the permissions on these junctions do affect the permissions of the data within the linked share. Whilst this is logical, given how junction points work, what really threw me was that the wonderful, wonderful GUI didn't reflect this and the permissions on the junction point had been inadvertently changed.
It's not like you ever need another reason to chalk one up for the command line, but there we go!
Monday, September 15. 2008
Specifying a driver, for redirected printers
I guess I've not come across this before as most of the printers we deploy use the same driver name for client side and server side drivers, but it appears that you can force a Terminal Server to use a certain driver, in place of what the client is telling the server.
KB239088 details the process. I found that the wizard wasn't much use at all - but it's not like the process is particularly complicated. Doing it manually also demonstrates that deploying the "fix" over multiple servers is childs play.
As 64 bit Terminal Servers become more common, and clients with printers stay at 32 bit (i.e. home or remote workers) I can see this becoming more relevant over the next few years.
KB239088 details the process. I found that the wizard wasn't much use at all - but it's not like the process is particularly complicated. Doing it manually also demonstrates that deploying the "fix" over multiple servers is childs play.
As 64 bit Terminal Servers become more common, and clients with printers stay at 32 bit (i.e. home or remote workers) I can see this becoming more relevant over the next few years.
Tuesday, September 9. 2008
Never trust a computer scientist
This popped up on the Bath and Bristol LUG mailing list a few days ago, from Shevek, and I thought it was pretty "cute" -
Scientific method is the process of experimentation and observation. Computer science is therefore defined as "Let's try it and see if it works." Computing, on the other hand, is doing it, knowing that it will work. Never trust a computer scientist.
Wednesday, August 27. 2008
Linksys WAG160N
Since my DSL went active I've been using the Linksys WAG160N, with mixed opinions. After running OpenWRT and DD-WRT on my other routers over the last few years I may've been somewhat spoilt, however I'm finding the web GUI for the WAG160N absolutely crap. I'm also finding the stability of the thing to be somewhat sketchy. I've tried all the various firmware revisions and it's made no difference. Would I buy it again? Right now I honestly don't know. I was going to see what I could do to patch OpenWRT to get it running, however since I use this router for work and personal, and I can't really justify spending the same again on a play box this makes doing so somewhat hard to convince myself to do.
Thursday, August 14. 2008
Posted by the_angry_angel
in Coding, Geek, Personal, Windows, Work at
16:50
Comments (0)
Trackbacks (0)
Comments (0)
Trackbacks (0)
Fixing redirected My Docs ACLs, using Powershell
For many of our customers we redirect a user's My Documents to a directory of the same name, on a Windows share. For example, the user 'JMcCockFaceTheIII' may have their My Docs redirected to "\\FILESERVER\Home\JMcCockFaceTheIII\My Documents", which are stored in a local path of D:\Data\Users\JMcCockFaceTheIII, on FILESERVER. Obviously you can switch \\FILESERVER\Home for a DFS share, etc.
In some instances you might have a significant number and for whatever reason the permissions may have been altered, and the Group Policy defaults don't quite suit your requirements.
In days of old we'd sort this with a batch script and it would be ok, but might take a while to run. Powershell has changed things though. The script we've popped together (below) runs lightning quick in comparison, and we thought someone else might also find it useful.
Just save it in a ps1 file, and invoke it from powershell, providing your directory path that you want to "fix".
To use our example from above, you'd call the script on FILESERVER, from Powershell:
The script would then go over each directory and try and add that user to the ACL with Modify rights - i.e. the JMcCockFaceTheIII user to the D:\Data\Users\JMcCockFaceTheIII directory.
In our scenario we required ourselves, a specific group, SYSTEM and each user to have access only - So we pushed the common permissions from the parent, and then ran the script to add the individual users.
There's no warranty on this, so use and test at your own risk - I can tell you it works in our scenario, however.
Any similarity to actual persons, living or dead, is purely coincidental. I should also probably point out this was also published on $company blog, but with a few obvious alterations.
In some instances you might have a significant number and for whatever reason the permissions may have been altered, and the Group Policy defaults don't quite suit your requirements.
In days of old we'd sort this with a batch script and it would be ok, but might take a while to run. Powershell has changed things though. The script we've popped together (below) runs lightning quick in comparison, and we thought someone else might also find it useful.
Just save it in a ps1 file, and invoke it from powershell, providing your directory path that you want to "fix".
To use our example from above, you'd call the script on FILESERVER, from Powershell:
PS C:\Users\Karl> C:\path\to\scripts\fix-perms.ps1 "D:\Data\Users"
The script would then go over each directory and try and add that user to the ACL with Modify rights - i.e. the JMcCockFaceTheIII user to the D:\Data\Users\JMcCockFaceTheIII directory.
In our scenario we required ourselves, a specific group, SYSTEM and each user to have access only - So we pushed the common permissions from the parent, and then ran the script to add the individual users.
# Fix-Perms
# Iterates over all child directories, and adds the user, with the same name as the directory, to the ACL with modify rights
# Usage:
# Fix-Perms "C:\Path\To\Directory"
# Or, for the current directory
# Fix-Perms "."
# our parameters, throw a warning if we get none
param (
[string] $dirpath = $(throw "Please specify the full path to the directory!")
)
# get list of all child directories, in the current directory
$directories = dir $dirpath | where {$_.PsIsContainer}
# iterate over the directories
foreach ($dir in $directories)
{
# echo out what the full directory is that we're working on now
write-host Working on $dir.fullname using $dir.name
# setup the inheritance and propagation as we want it
$inheritance = [system.security.accesscontrol.InheritanceFlags]"ContainerInherit, ObjectInherit"
$propagation = [system.security.accesscontrol.PropagationFlags]"None"
# get the existing ACLs for the directory
$acl = get-acl $dir.fullname
# add our user (with the same name as the directory) to have modify perms
$aclrule = new-object System.Security.AccessControl.FileSystemAccessRule($dir.name, "Modify", $inheritance, $propagation, "Allow")
# check if given user is Valid, this will barf if not
$sid = $aclrule.IdentityReference.Translate([System.Security.Principal.securityidentifier])
# add the ACL to the ACL rules
$acl.AddAccessRule($aclrule)
# set the acls
set-acl -aclobject $acl -path $dir.fullname
}
There's no warranty on this, so use and test at your own risk - I can tell you it works in our scenario, however.
Any similarity to actual persons, living or dead, is purely coincidental. I should also probably point out this was also published on $company blog, but with a few obvious alterations.
Thursday, August 14. 2008
Moving sucks giant donkey cock
Having never actually moved, in memorable life, I clearly had no idea what I was letting myself in for. About 15 days ago I started the process of moving into my new house with a few guys I know from school. Bugger me sideways it's ridiculously hard work, and ridiculously shit. We were only moving from Bath to Bristol, and that was bad enough. I dread to think what its like moving from one side of a country to another, let alone to another country altogether.
I had wanted to write a massive Clarkson-esque rant, but quite frankly I can't be arsed. Moving is fun. The act of moving sucks giant donkey cock.
Not exactly elegant, but pretty much how I feel about the whole thing!
On the off chance there was an important non-work related email, PM, or whatever I apologise if I've not yet responded. Unfortunately between all the mailing lists, and even with 99.8% accurate spam filtering, I have rather a lot of stuff in my inbox to sort. If was really important, it might be quicker just to mail again.
I had wanted to write a massive Clarkson-esque rant, but quite frankly I can't be arsed. Moving is fun. The act of moving sucks giant donkey cock.
Not exactly elegant, but pretty much how I feel about the whole thing!
On the off chance there was an important non-work related email, PM, or whatever I apologise if I've not yet responded. Unfortunately between all the mailing lists, and even with 99.8% accurate spam filtering, I have rather a lot of stuff in my inbox to sort. If was really important, it might be quicker just to mail again.
Saturday, July 19. 2008
The embodiment of metal...
..is a 62 year old monk, who sings in a metal band (link includes some footage). Now for the part just for the non-believers in the power of metal; Brother Cesare does it solely "to convert people to life, to understand life, to grab hold of life, to savour it and enjoy it. Full stop". How awesome is that?
Friday, July 11. 2008
Posted by the_angry_angel
in Geek, Mindless Hatred, Personal, Work at
16:28
Comment (1)
Trackbacks (0)
Comment (1)
Trackbacks (0)
Throttling baby penguins with packet shaping
Bandwidth throttling, or packet shaping, is becoming a more common feature that many ISPs give you, the consumer, for free. This is killing the planet. Bear with me and you'll see sense.
During UK working hours, and peak times in the evening many will see traffic being shaped (and these periods are being increased). Effectively this means that the only period where any legal and unhindered downloading can occur is between the hours of midnight and 9am. At the company I work for, we all work from home - which means pulling down ISOs and other media from companies like Microsoft, etc. during the day - which we can't do any more without the line being throttled. During the day this kills us as our VoIP phone system can get stuttery, connections to servers becomes unreliable or you get poor responsiveness.
This now increasingly means that I'm keeping PCs on during the night to get the stuff I need. For our small company multiply this by 3. Now take into account illegal downloads and the population of the UK. Now multiply this across the world.
I'd be willing to bet that the environmental impact of upgrading the infrastructure to the home would be less than that caused by the number of computers eating electricity.
So, ISPs - Stop killing the little baby penguins.
During UK working hours, and peak times in the evening many will see traffic being shaped (and these periods are being increased). Effectively this means that the only period where any legal and unhindered downloading can occur is between the hours of midnight and 9am. At the company I work for, we all work from home - which means pulling down ISOs and other media from companies like Microsoft, etc. during the day - which we can't do any more without the line being throttled. During the day this kills us as our VoIP phone system can get stuttery, connections to servers becomes unreliable or you get poor responsiveness.
This now increasingly means that I'm keeping PCs on during the night to get the stuff I need. For our small company multiply this by 3. Now take into account illegal downloads and the population of the UK. Now multiply this across the world.
I'd be willing to bet that the environmental impact of upgrading the infrastructure to the home would be less than that caused by the number of computers eating electricity.
So, ISPs - Stop killing the little baby penguins.


