bsd, unix, vmware, linux, and oracle - administration tools and tips by william nix : tronik

Port 88 open on Mac OS X - KDC monitoring daemon

2011-04-06T09:14:00.002-04:00

If you enable either File Sharing (AFP or SMB), Mac OS X 10.5.6 will have not only the AFP or SMB ports, but also port TCP/88 open. The daemon on this port is kdcmond(8), which is described as “KDC monitoring daemon – Open Directory Single Sign On”. Most people who are not connected to a Mac OS X Server-based network probably don't need this service.

If you would like to disable this daemon, you need to change the launchd(8) configuration, which is accomplished by this one-liner:

Disable:
sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.kdcmond.plist
Enable:
sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.kdcmond.plist
Note that these commands edit the above files, implying that the effects may be undone by future updates from Apple.

Mac OS X VPN and L2TP for Android / iPhone and iPad devices (or others l2tp)

2011-04-05T10:19:00.000-04:00

From: http://blog.theilluminatedengineer.com/?p=136
--- Ugh. The link to the original is good, I'll use it as long as its there, but I put this here to keep it just in case the other guys site goes down. Good article, props to the author... I got mine working.

-

Step 1: An Introduction

There are lots and lots of different types of VPN setup and I honestly don’t understand how most of them work. I do know that we will be using the L2TP protocol.

The phone will need 3 things to connect to the VPN server on the mac; a user name, password and a shared secret. The user name and password correspond to an account on the local computer. The shared secret is a code known only to the server and client and is used to secure the connection.

Were going to do a lot of tasks on the command line as the root user so start up the OSX terminal and enter the command:

1
$ sudo -s
and give it your password when it asks.

Step 2: Store a secret key in the OSX Key Chain

The shared key will be stored in the OSX Key Chain, this puts it some place secure rather than storing it in plain text where it can be seen by anyone with access to the box.

Ideally the shared key should be complex and hard to guess. Personally I use a 64 character random hexadecimal key from https://www.grc.com/passwords.htm but you may want to use something a little less awkward to type in.

To store this run the command:
$ sudo security add-generic-password -a com.apple.ppp.l2tp \
-s com.apple.net.racoon -T /usr/sbin/racoon -p "shared key" \
/Library/Keychains/System.keychain
Replace “shared key” with whatever shared key you picked above.

The VPN server is two part. The actual server is called vpnd but there is a second task called racoon. Racoon is, I believe, responsible for setting up the initial connection and handling the security. The “-T” option in the above command gives racoon permission to access the keychain and read the value

Step 3: Configure the VPND service

VPND takes it configuration from a standard plist configuration file. Start up vi (or the editor of your choice) and edit the file:

/Library/Preferences/SystemConfiguration/com.apple.RemoteAccessServers.plist
The file content should be:

{
ActiveServers = ("com.apple.ppp.l2tp");
Servers = {
"com.apple.ppp.l2tp" = {
Addresses = ("XXX.XXX.XXX.XXX");
DNS = {OfferedSearchDomains = (); OfferedServerAddresses = (); };
IPv4 = {
ConfigMethod = Manual;
DestAddressRanges = ("YYY.YYY.YYY.YYY", "ZZZ.ZZZ.ZZZ.ZZZ");
OfferedRouteAddresses = ();
OfferedRouteMasks = ();
OfferedRouteTypes = ();
};
Interface = {SubType = L2TP; Type = PPP; };
L2TP = {
IPSecSharedSecret = "com.apple.ppp.l2tp";
IPSecSharedSecretEncryption = Keychain;
Transport = IPSec;
};
PPP = {
AuthenticatorPlugins = (DSAuth);
AuthenticatorProtocol = (MSCHAP2);
IPCPCompressionVJ = 0;
LCPEchoEnabled = 1;
LCPEchoFailure = 5;
LCPEchoInterval = 60;
VerboseLogging = 1;
DSACLEnabled = 1;
Logfile = "/var/log/ppp/vpnd.log";
};
Server = {
Logfile = "/var/log/ppp/vpnd.log";
MaximumSessions = 128;
VerboseLogging = 1;
};
};
};
}
There are three values above that you need to set for your own network:

Set the value marked XXX.XXX.XXX.XXX to the IP address of the server. If you have more than 1 network interface set it to the one you want the server to listen on (e.g 192.168.2.10).
The values YYY.YYY.YYY.YYY and ZZZ.ZZZ.ZZZ.ZZZ indicate the range of IP addresses the VPN server should assign to clients when they connect. Make sure this range isn’t in use by any other computers or DHCP servers and its big enough for the number of clients you want to connect. (e.g 192.168.2.100 and 192.168.2.120).
It’s important the file has the correct permisions:

chown root:admin \
/Library/Preferences/SystemConfiguration/com.apple.RemoteAccessServers.plist
chmod u+w,a+r,a-x \
/Library/Preferences/SystemConfiguration/com.apple.RemoteAccessServers.plist
Step 4: Set up launchd to start the vpnd service at startup

We need to make sure the vpnd server starts up each time we restart the computer, doing it manually would get boring quickly.

Starting boot tasks is handled on OSX by the launchd service. Create a new plist file using vi (or your editor of choice) at:

/System/Library/LaunchDaemons/com.apple.ppp.l2tp.plist
Put in the following content:

Label
com.apple.ppp.l2tp
ProgramArguments

/usr/sbin/vpnd
-x
-i
com.apple.ppp.l2tp

OnDemand

It’s important the file has the correct permisions:

1
2
chown wheel /System/Library/LaunchDaemons/com.apple.ppp.l2tp.plist
chmod u+w,a+r,a-x /System/Library/LaunchDaemons/com.apple.ppp.l2tp.plist
There is two ways to get this file to read in and the server to start. You can reboot your computer or you can issue the following command:

1
launchctl load /System/Library/LaunchDaemons/com.apple.ppp.l2tp.plist
You should now have a running vpnd fully configured and ready to connect to. We can check this by examining the log files:

1
tail -f /var/log/ppp/vpnd.log
This file should contain lines of the form:

1
2010-05-26 01:38:10 BST Listening for connections...
If it doesn’t your going to need to start doing some debuging. Check the contents of the /var/log/ppp/vpnd.log or /var/log/system.log for useful messages. The comments on the Mac OSX Hints page have a lot of usefull information on things that could go wrong.

Step 5: Configure the Firewall

Make sure that your firewall / router is configured to forward UDP on ports 500, 1701 and 4500 to the server box.

There are so many different routers out there that you’ll need to go read the manual or search online for how to setup your specific brand.

Step 6: Configure the iPhone

If everything above went well you should now have a fully running and secured VPN server that can be accessed from any place on the internet.

To set your iPhone up to use the server go through the following steps:

Open the settings app
Select “General” > “Network” > “VPN”
Add a new VPN configuration
Set the VPN type to L2TP
Configure the following settings:
Description: Anything you want
Server: The IP Address of your server (This is the public address given to you by your internet provider. Depending on your provider this address may change frequently. I recommend setting up a dns alias account with http://www.dyndns.com/ to make this step easier and more robust)
Account: The user name of an account on the server (this can be the one you normally log in as)
RSA SecureID: Off
Password: The password for the account you set above
Secret: The shared secret you picked above (enjoy typing in the 64 character hex key if you used it. It’s worth it!)
Send All Traffic: Yes
Turn the VPN connection on via the switch at the top of the “General” > “Network” > “VPN” page. A switch also appears near the top of the launch screen of the settings application
Once your connected you should see a blue “VPN” icon in the bar at the top of the iPhone screen
Some of these settings could use going over in more detail. The VPN connection uses two levels of protection. The first is a user name and password that can be used to log on to the server machine, you can use your normal user account or create a new one with less permissions. The second is the shared key, which wraps up the entire communication. The longer and more complex your shared key is the harder it will be to break.

The “Send All Traffic” option tells the iPhone to send all traffic over the VPN connection, not just traffic directed at the VPN server. You want this on as it protects all of your traffic to any site by encrypting it and sending it to your VPN server before it then makes it out on to the internet. This makes it almost impossible for someone to monitor what your doing when your on a public WIFI or using 3G. It also has the effect of making your public IP address appear to be that of your home internet connection, in theory this lets you use UK restricted web sites when you’re out of the county (iPlayer etc.), but it may not work if the site uses more than just IP to determine where you are.

If you have any problems check the /var/log/ppp/vpnd.log or /var/log/system.log files for useful messages. The comments on the Mac OSX Hints page have a lot of useful information on things that could go wrong (keep an eye out for the dreaded MD5CHAP error that seemed to plague people on older versions of OSX, though I didn’t see it on 10.6).

Hopefully that’s you now up and running.

grep, od, and dos2unix - Need to fix some crappy files that won't grep?

2011-03-03T12:17:00.000-05:00

Recently I had to write a program to extract about 2500 passwords from a Novell eDirectory. That was all well and good, until I sent said output of file to a user who mangled the format on a Windows Machine. The user opened it in Excel or Notepad (or something...who knows...) and then worked with it, and send it back to me to pull the users they'd left in the file out of the Novell eDirectory.

Well that file wasn't in a format grep liked. How long did it take me to figure that out...quite a while, because there's nothing that looks different about the file to the naked eye (or naked editor.)

After googling and feeling very greptarded, I came upon the solution. I identified that the file I previously had and the file I receieved back had different octal values (man od) - I then used dos2unix to reconvert the file to a format grep would work with... grep really didn't like grepping on the improperly formatted file. Very strange... Simple magic... it worked, and the day was saved.

Aside from that, Novell, Netware, and eDirectory are crap. Unfortunately the place I work is still utilizing several servers that run it. Everything else is switched to Microsoft Windows and Active Directory (and my division which runs UNIX (HP-UX and RHEL))

default SSL enabled in Oracle Internet Application Server 10gr2 ias10gr2

2010-11-05T16:30:00.001-04:00

So, if you dont have a directive for "data id="start-mode" value="ssl-enabled"" in your opmn.xml file then any directives in your ssl.conf don't get loaded due to the IfDefine SSL thats in by default the httpd.conf and ssl.conf files.

Idiots in the industry.

2010-10-21T09:26:00.001-04:00

"You can buy 10 idiots to perform the tasks of what 2-3 highly qualified individuals can, IF customers don't care."

SELinux, Oracle, and RedHat Enterprise Linux revisited...

2010-06-24T16:36:00.000-04:00

Ran into some more issues with SELinux and Oracle. We have some libraries stored in another location that are compiled with -fpic -shared (CFLAGS) and the program linking to it wasn't, and neither are any of the other libraries it links to (provided by Oracle... 10gr2 DB software)

SELinux is set to enforcing, but targeted.

So whats the fix...Well you either set all the libraries to a textrelocatable context ala chcon -t texrel_shlib_t /u01/app/oracle/product/10.2/client/lib/*.so

for 64bit. Then, like I ran into with using an external php as it tries to call oracle libraries, you must set the exec stack... execstack -c /path/to/library.so

Ok, thats one way to do it..
The other is to `setsebool -P allow_execmod=1` to allow execmods across relocatable text...

Thats how I did it...because Oracle can't compile their libraries right, and my DBA was tired of waiting...I'd prefer to not have to do this at all though eh?

SELinux, Apache and PHP 5.

2009-12-03T19:32:00.000-05:00

Recently at work we hired a contractor to come in and do some work. The department that hired him requested a machine for him. Instead of giving the guy admin access on a CentOS machine, I decided he could run everything in user space. Thats fine...and I figured I'd duplicate the environment he'd use just so I could make sure it would work. I don't like to provision machines and give anyone but myself or my system administrators admin access.

The guy wanted PHP5, Apache 2 (I used 2.2), Moodle (Some Courseware php program), and PostgreSQL.

Everything compiled without a hitch (mostly, since I had to look up what all php modules he needed compiled in...also added Suhosin for good measure since who knows what this guy will be doing.)

After fighting a bit with PHP modules I then discovered that SELinux was denying access to libphp5.so in the apache httpd/modules directory.

This was an error : "cannot restore segment prot after reloc: Permission denied" - Of course, disabling SELinux fixed this...but I dont always want to disable SELinux...

Someone suggested running execstack against libphp5.so to enable a flag on the file so SELinux would let Apache load the module...That didn't work.

I'll update this post later with some answers...I hope. For now, I'm leaving the office.

yum rollback feature / rpm rollback feature

2009-11-27T10:21:00.000-05:00

Doing some upgrades this week on a production system and don't want anything to break...So, I looked into this.

One of the least-known secrets about rpm is that it can rollback (undo) package changes. It can take a fair bit of storage space to track the information necessary for rollback, but since storage is cheap, it’s worthwhile enabling this feature on most systems.
Here are cut-to-the-chase directions on using this feature:

To configure yum to save rollback information, add the line tsflags=repackage to /etc/yum.conf.
To configure command-line rpm to do the same thing, add the line %_repackage_all_erasures 1 to /etc/rpm/macros.
Install, erase, and update packages to your heart’s content, using pup, pirut, yumex, yum, rpm, and the yum automatic update service.

If/when you want to rollback to a previous state, perform an rpm update with the –rollback option followed by a date/time specification. Some examples: rpm -Uhv –rollback ‘9:00 am’, rpm -Uhv –rollback ‘4 hours ago’, rpm -Uhv –rollback ‘december 25′.

php5 / suhosin extension (not patch) on CentOS or RHEL

2009-11-13T16:22:00.002-05:00

Red Hat / CentOS Linux Install Suhosin PHP 5 Protection Security Patch

Q. Wordpress and many other open source application developers asks users to protect PHP apps using Suhosin patch to get protection from the full exploit. Suhosin is an advanced protection system for PHP installations. It was designed to protect your servers from various attacks. How do I install Suhosin under RHEL / CentOS / Fedora Linux?

A. Suhosin was designed to protect your servers against a number of well known problems in PHP applications and on the other hand against potential unknown vulnerabilities within these applications or the PHP core itself including wordpress and many other open source php based apps.

Install Suhosin as extension

Download latest version of Suhosin, enter:

# cd /opt
# wget http://download.suhosin.org/suhosin-0.9.27.tgz

Make sure you have php-devel installed:
# yum install php-devel

Compile Suhosin under PHP 5 and RHEL / CentOS Linux

Type the following commands:

# cd suhosin-0.9.27
# phpize
#./configure
# make
# make install

Configure Suhosin

Type the following command to create Suhosin configuration file:
# echo 'extension=suhosin.so' > /etc/php.d/suhosin.ini

Restart web server

Type the following command to restart httpd:
# service httpd restart
If you are using lighttpd, enter:
# service lighttpd restart

Verify Suhosin installation

Type the following command:
$ php -v
Sample output:

PHP 5.1.6 (cli) (built: Jun 12 2008 05:02:36)
Copyright (c) 1997-2006 The PHP Group
Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend Technologies
    with XCache v1.2.2, Copyright (c) 2005-2007, by mOo
    with Suhosin v0.9.27, Copyright (c) 2007, by SektionEins GmbH

You can find more information by running phpinfo():


phpinfo();
?>

Sample output:

Fig.01: Suhosin information and settings displayed by phpinfo()

setup bridging br0 eth0 on Centos or RHEL for KVM virtual machines

2009-11-03T13:34:00.000-05:00

There were several places online I could've visited to help me get bridging going on my system...They all seemed to be written for a home user though.

I recently setup a new CentOS 5.4 workstation on a machine here at work, and have been planning on moving everything over to that from my Mac Management station. Currently using a Macbook Pro as a management station but I'd like to free it up to do other things...

Also I wanted to do some KVM virtualizing because thats how RedHat does it, and thats our vendor...so...

For starters, I needed to let any VM's I created have bridged access to the network... This was probably the most difficult part, because it was just a mixed-bag when it came to how other people had done it. Here's how I did it, and it works for me.

The interface is an Intel gigabit card (wasn't supported until 5.3 out of the box!), so 1 physical interface formerly known as eth0.

`yum install bridge-utils` will install the proper utilities to enable bridging, and should also enable the kernel module on most distros.

I guess the tricky thing is, when you use bridging, you're actually kind of saying "ok bye eth0, we're going to replace you with br0 and then let br0 hand out access to any other interfaces" - This is hard for some people to grasp...

So goto /etc/sysconfig/network-scripts and `cp ifcfg-eth0 ifcfg-br0`

Then edit ifcfg-br0 to contain the following information:
DEVICE=br0
BOOTPROTO=static
ONBOOT=yes
NETMASK=255.255.255.0
IPADDR=x.x.x.x
GATEWAY= x.x.x.1
TYPE=Bridge
USERCTL=no
IPV6INIT=no
PEERDNS=yes

Then edit ifcfg-eth0, it should just have
DEVICE=eth0
ONBOOT=yes
BRIDGE=br0

-
You should then reboot. your main interface will have become br0, and eth0 will just be sitting there...waiting...for something.

Anyway,
You can use brctl show to show the current bridges on your system, and it gets more complicated from there on out.

You can then assign eth0 to virtual machines in the Virt Manager and the vm will use that as its bridge access. ;)

pidgin, otr, and random number generation

2009-11-02T15:49:00.000-05:00

on a new centos plus workstation (5.4) i was trying to IM with pidgin and otr with my friends. we use OTR for private communication.

the key generation was failing, hanging actually, strace showed some problem with timeouts and /dev/urandom.

On the advice of someone who ran into the same problem, I used rngd to feed /dev/urandom into /dev/random

rngd -o /dev/urandom -r /dev/random

This worked and key generation completed successfully. Joy.

Pam Update, security pam_limits and 64 bit libs

2009-10-14T11:12:00.002-04:00

ok, so, you have an x64 server and you updated pam, and you want to use pam_limits - cool story. until you try to login...and you're like, why isn't it working? because you added the line:

session required /lib/security/pam_limits.so

to /etc/pam.d/login

but you CAN login remotely and you check your log files and see 'Module unknown' when someone tries to login locally. This is because you're a 64bit server using a 32bit library...from /lib...so change that line to

session required /lib64/security/pam_limits.so

Then local logins work. =)

Updated on SSH Key authentication.

2009-10-13T09:41:00.000-04:00

Public key authentication is great, as most of us have known for years, but I'm still in the middle of converting everyone to it who use the systems where I work. Its actually a pretty big task since so many people do have to connect into our servers in order to get information...and if those accounts cannot connect then...well, stuff starts breaking.

We've done really well and our systems are really stable, of course they're still running HP Unix, but the new systems that are on their way into production are RedHat Linux (RHEL 5), so we have our work cut out for us. No problem -- They seem to be quite resilient and stable. I wish we could get some Oracle on BSD. Grr.

Anyway, a lot of interesting changes going on in the workplace right now, so, I'll leave those for another time. Just wanted to give a quick update to all the readers out there... I'm still alive. Thanks for your emails.

SSH and SSH Key Pair Authentication instead of Passwords

2009-09-18T16:51:00.000-04:00

Well, some of the users where I work were wanting to know what makes key authentication better than password authentication... Its a difficult thing to explain when people are unaware of the advantages of key auth, and the risks of password authentication. I suppose I try to explain it away with "this will actually make it simpler in the case of a compromise" ... So I may post more about this later, but a general reasoning behind this is described well by some PuTTY documentation.

Public key authentication - an introduction

Public key authentication is an alternative means of identifying yourself to a login server, instead of typing a password. It is more secure and more flexible, but more difficult to set up.
In conventional password authentication, you prove you are who you claim to be by proving that you know the correct password. The only way to prove you know the password is to tell the server what you think the password is. This means that if the server has been hacked, or spoofed (see section 2.2), an attacker can learn your password.
Public key authentication solves this problem. You generate a key pair, consisting of a public key (which everybody is allowed to know) and a private key (which you keep secret and do not give to anybody). The private key is able to generate signatures. A signature created using your private key cannot be forged by anybody who does not have that key; but anybody who has your public key can verify that a particular signature is genuine.
So you generate a key pair on your own computer, and you copy the public key to the server. Then, when the server asks you to prove who you are, PuTTY can generate a signature using your private key. The server can verify that signature (since it has your public key) and allow you to log in. Now if the server is hacked or spoofed, the attacker does not gain your private key or password; they only gain one signature. And signatures cannot be re-used, so they have gained nothing.
There is a problem with this: if your private key is stored unprotected on your own computer, then anybody who gains access to that will be able to generate signatures as if they were you. So they will be able to log in to your server under your account. For this reason, your private key is usually encrypted when it is stored on your local machine, using a passphrase of your choice. In order to generate a signature, PuTTY must decrypt the key, so you have to type your passphrase.
This can make public-key authentication less convenient than password authentication: every time you log in to the server, instead of typing a short password, you have to type a longer passphrase. One solution to this is to use an authentication agent, a separate program which holds decrypted private keys and generates signatures on request. PuTTY's authentication agent is called Pageant. When you begin a Windows session, you start Pageant and load your private key into it (typing your passphrase once). For the rest of your session, you can start PuTTY any number of times and Pageant will automatically generate signatures without you having to do anything. When you close your Windows session, Pageant shuts down, without ever having stored your decrypted private key on disk. Many people feel this is a good compromise between security and convenience. See chapter 9 for further details.
There is more than one public-key algorithm available. The most common is RSA, but others exist, notably DSA (otherwise known as DSS), the USA's federal Digital Signature Standard. The key types supported by PuTTY are described in section 8.2.2.

sudo, su, and you. oh, and root. and some tips...

2009-09-18T11:09:00.002-04:00

sudo(8) executes commands as a different user on Unix systems, as allowed by the sudoers configuration file. Commands run via sudo are logged via syslog, providing an audit trail. While sudo may not work on your friends, I consider it essential to system administration.

Alternatives

Consider also sudosh, or special logbash versions of the shell that log all commands. Never use the unsafe and unlogged sudo -s, sudo -i, and su commands. Between sudo and proper configuration management, logging in as root should be a very rare occasion.

List Commands

To see what commands can be run on a system, issue sudo -l. Depending on the sudoers configuration, this may prompt for the user’s password.

$ sudo -l
User admin may run the following commands on this host:
(ALL) NOPASSWD: ALL

If root is allowed to run sudo, one can inspect what commands another user may run:

$ sudo sudo -u someotheruser sudo -l
User someotheruser may run the following commands on this host:
(ALL) NOPASSWD: /usr/sbin/cleanup-logs

If administrators are allowed to sudo to any other user, this can be done directly via:

$ sudo -u someotheruser sudo -l
User someotheruser may run the following commands on this host:
(ALL) NOPASSWD: /usr/sbin/cleanup-logs

Configuration

The sudoers configuration file uses Extended Backus-Naur Form (EBNF), which is flexible but complex. For an overview, see the sudoers(5) documentation.

Always use visudo(8).

The visudo command should be used to edit the sudoers data. Otherwise, errors or permissions problems may crop up randomly. If building a complex sudoers file using configuration management software, sanity check the resulting data with visudo -f tempsudoers -c before moving it into production use.

Last entry wins

The last matching rule in sudoers wins; that is, if a NOPASSWD entry is followed by an entry that requires the implicit PASSWD, the user will be prompted to enter their password.

ALL ALL=(ALL) NOPASSWD: ALLALL ALL=(ALL) ALL

$ sudo -lUser admin may run the following commands on this host:(ALL) NOPASSWD: ALL(ALL) ALL$ sudo -k; sudo /bin/lsPassword:

To avoid this problem, place NOPASSWD entries after any entries that require a password. The following requires passwords for all commands excepting xinetd service changes on a RedHat Linux system:

%wheel ALL=(ALL) ALL%wheel ALL=NOPASSWD: /sbin/service xinetd *

Disallow Shell Access

Use the following configuration to avoid needless use of unsafe and unlogged shells. Encourage users to avoid launching a root shell, and reserve a special logbash shell that logs all commands for the rare occasions a root shell is needed.

# specify full list of shells and login commands here
Cmnd_Alias SHELLS= /bin/sh, /bin/ksh, /bin/bash, /bin/zsh, \
/bin/csh, /bin/tcsh, \
/usr/bin/login, /usr/bin/su

%wheel ALL=(ALL) ALL, !SHELLS

If the configuration is correct, a user attempting to gain shell access will be properly rejected:

$ sudo -s
Sorry, user jdoe is not allowed to execute '/bin/zsh' as root on …
$ sudo -i
Sorry, user jdoe is not allowed to execute '/bin/sh' as root on …
$ sudo su
Sorry, user jdoe is not allowed to execute '/usr/bin/su' as root on …

OpenSSH and SSH.COM Key generation - Some Concerns...

2009-09-17T10:40:00.001-04:00

Where I work some people use a very old commercial SSH Client - Its from circa 2002 and its really not that great. So we're switching to key based auth -- This brings some problems about. Some of my users will be using this antiquated client which generates some ugly keys. I'd prefer everything be openssh based. So, I found some information about this on someones blog, and I decided I would share it here on my blog, and leave it here for my reference as well as yours! Happy converting.
--

Connecting two server running different type of SSH can be nightmare if you does not know how to convert the key. In this tutorial, I will try to explain on how to convert the public key from OpenSSH to SSH2 and SSH2 to OpenSSH. To convert the key, it must be done in OpenSSH server.
Convert OpenSSH key to SSH2 key

Run the OpenSSH version of ssh-keygen on your OpenSSH public key to convert it into the format needed by SSH2 on the remote machine. This must be done on the system running OpenSSH.
#ssh-keygen -e -f ~/.ssh/id_dsa.pub > ~/.ssh/id_dsa_ssh2.pub

Convert SSH2 key to OpenSSH key

Run the OpenSSH version of ssh-keygen on your ssh2 public key to convert it into the format needed by OpenSSH. This needs to be done on the system running OpenSSH.
#ssh-keygen -i -f ~/.ssh/id_dsa_1024_a.pub > ~/.ssh/id_dsa_1024_a_openssh.pub

Steps involved to produce and convert the keys.
OpenSSH
To generate an OpenSSH sshv2 key
$ ssh-keygen -t dsa -f newkey
Generating public/private dsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in newkey.
Your public key has been saved in newkey.pub.
The key fingerprint is:
c6:db:3a:ff:4c:79:a7:d8:cb:be:82:e8:9d:db:8c:e9 brad@eta
To export to ssh.com
$ ssh-keygen -e -f newkey.pub
—- BEGIN SSH2 PUBLIC KEY —-
Comment: “1024-bit DSA, converted from OpenSSH by brad@eta”
AAAAB3NzaC1kc3MAAACBAJ7QKkrLoOE9TNPVmKVedk1GAr/S+Cruq3/GtjRnxvJqbBbfne
lWYUC+vbHc5a+7bgRsQfCgoCeGKH5wGD4CDWQMhy2XYomnGf1gUC86Hq77/Noqa02N441E
FSTIEoNlU2aYi8zwVQKlgP6e22mG9sK7zSaGX639ctaigHuST8qPAAAAFQC2az8dfxHkkD
ZAEw+RcvRn3cpXFQAAAIEAgYpPs6d+Kyw37ZaBarlMEaZoEfrxhUZ44SN+KoqBZYpSVwyH
J+/RB0zVUizXCmZ5RhYSsYZ57Iixx1bBmBxogaEh5d7xxUpg/9Xctf94Jsf7vxccjZ4XYA
RrVikq/0L9fuKOmo4ET9iAf+GL7w2u5gzxxZr+xX5jw/A7907lOCwAAACAMoHHk0o1XkG+
yeaPtuwbrHshGqTjpOUkJ/AYuQ8OBuVAOdqse1di9JpeHko26G0zoH3N+nDHMGdYYTNHzR
NYRd2q20ztcAP52crZo1rtpNdvs6c+RTEIgoP3oYh1e1+rg70tWKIW3R/NYB39CESHoyqs
AJ7vzOPm0iUOd36YECY=
—- END SSH2 PUBLIC KEY —-
SSH
To generate a key:
$ ssh-keygen
Generating 2048-bit dsa key pair
1 oOo.oO
Key generated.
2048-bit dsa, marshalb@obelix.cqu.edu.au, Tue Jul 15 2003 13:53:34 +1000
Passphrase :
Again :
Private key saved to /usr/users/staff/m/marshalb/.ssh2/id_dsa_2048_b
Public key saved to /usr/users/staff/m/marshalb/.ssh2/id_dsa_2048_b.pub
To convert from ssh.com to OpenSSH (using OpenSSH ssh-keygen):
$ ssh-keygen -i -f id_dsa_2048_b.pub
ssh-dss AAAAB3NzaC1kc3MAAAEBAKueha6mfr5OUcscc88lmQUBBgYSZ08htHFaYzke2N
5WG6ql1NgwQsyY2mMRxvvGckBeInx2GvRlz1+izDs5p4UGhkMzG8qOoT2y2vLwTFQyxi4I
XET1e0E8VYC0dcLfs5Zg6RxEY7GA5FiydS6dceuPnLJgCYDfyb9Qbk4rVEvREODo8dV/KR
lZxecEgaeKOO7ZnEzaIVPRCVb6U6EaRtZvxKfGnNFI957AfZ+Hqevz1IeQNDCp00EmaNli
8Ow4rjOPlH7o818r35Ea8mMoV0hkirNQ25zf/Z1LvCS3649537YDi/SVmMMpGCvT93w/TR
vk5RKlwVVy+TH52C8/MKEAAAAVAOuDCV61LvfKz0bd8hYEJ/gGof9XAAABAQCFRhlpWtVO
hTxcWcrnZp9EbbVRZO16St5TPjL86khb7b/VjScOAgt0tslHwtEEQzImv1xRkk6ZQ1o9pv
Azb1fMZrZMGIy9zUXvL0v6LNXxCxN9YIjx14OXYfH8EIQDZJGRJoxHvEvUVjv3lHnTuxbd
Krcbagvakxvgjq1wVyEueilO+g+WhJm+Q+XIYRl0TK9qtsAVFmzxBxT5USZFJ+1kbG7ipp
fFSGWRd3KPUCVQ8iGO3IMjtIlfcuGOArbKB06kMlxsdjNjhcEIHtR0jpaEeB2X+HrVScQE
oXG4S8YkiIExlIvjhrVr571BTOuO9H5VHt4CtKUxeXxKZWslulYwAAABAHm3zlMsXxPL/H
Oq29qf7Lk90b7El+j19E2UkyssfSu6+/k4bFf6ax2n3yEn31S5bUdNvgqmlEjdERc4SkU6
5b5LW2ZI1v7kRoegG+bD2Q21N9Rv/lwS7CTprenKiMMRJ8TU7FMIVT3zEZkV+etC7cbaN+
09GoiFTt+h7IDmo7onlo64oSMrcc+xt++ZUzENTVBgDoS92jlpnELkyJqZgb1/fdEPT6wR
j132yBxWLqDGmbp9msmY1us+XNDY8isF80u9yTTXGTskOtCSaeavDDtPOKN5ZR20sHpIBg
t6zd6mm/zKD6OZo14BLSJr7ldwSRzNNYMtkLnNyFSYxAIrm9Y=
You can then use the output in authorized_keys file on an openssh box.
OpenSSH v2 -> SSH v2
On the OpenSSH box, create a DSA key via the following:
$ ssh-keygen -t dsa
Export the key into ssh.com v2 format:
$ ssh-keygen -e -f ~/.ssh/id_dsa.pub > newPubKey
Copy the converted ssh key to the ssh.com server
$ scp newPubKey server:.ssh2/id_dsa.pub
On the server, tell the ssh.com server that the public key is allowed:
echo “Key id_dsa.pub” >> ~/.ssh2/authorization
SSH v2 -> OpenSSH v2
On the ssh.com box, generate a DSA key:
$ ssh-keygen
Copy the generated key to the openssh box:
$ scp ~/.ssh2/id_dsa_1024_a.pub server:.ssh
Convert the public key to openssh format and append to authorized_keys:
$ ssh-keygen -i -f id_dsa_1024_a.pub >> ~/.ssh/authorized_keys
On the ssh.com box setup the private key:
$ echo “IdKey id_dsa_1024_a” >> ~/.ssh2/identification
SSH v2 -> SSH v2
On the ssh.com client, generate a DSA key:
$ ssh-keygen
Copy the generated key to the server:
$ scp ~/.ssh2/id_dsa_1024_a.pub server:.ssh2
On the server, tell the ssh.com server that the public key is allowed:
$ echo “Key id_dsa._1024_a.pub” >> ~/.ssh2/authorization
On the ssh.com client setup the private key:
$ echo “IdKey id_dsa_1024_a” >> ~/.ssh2/identification
OpenSSH v2 -> OpenSSH v2
On the OpenSSH box, create a DSA key via the following:
$ ssh-keygen -t dsa
Copy the ssh key to the server
$ scp ~/.ssh/id_dsa.pub server:.ssh/id_dsa.pub
Add the key to the authorized_keys file on the server
$ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys

Oracle on Linux needs access to /proc? Only for Enterprise Manager?

2009-09-14T14:00:00.001-04:00

So, on some of our systems oracle runs as the oracle user, and the /proc filesystem is off limits for standard user accounts. This hasn't affected much...however I came across the error:
Error retrieving information from EMD. Exception: oracle.sysman.emSDK.emd.comm.MetricGetException: Could not open /proc/partitions

today...Hrm. Wonder what thats hurting...Probably nothing as everything seems to be running properly.

In addition...uname must be unrestricted in order for Oracle Wallet Manager (owm) to function. Probably lots of other java stuff too.

Linux, sudo, and environment variables

2009-09-14T12:13:00.001-04:00

Our DBA came to me and said he was having some problems with sudo. A little background, we recently upgraded our test systems to the latest version of RedHat Enterprise Linux. We have a pretty complicated setup with Oracle and Fujitsu NetCOBOL and a lot of customizations for our site. My latest round of updates with the systems prompted me to enact a new baseline security policy. One of the features of this new baseline policy is that it requires us going to a new procedure for issuing super user commands... Used to we'd just su, as thats how it had always been done here on HPUX and other UNIX Operating Systems. With little separation of duty due to such a small staff, the DBA and others have all frequently pitched in to help with administration tasks.

Anyway, enforcing su provides a lot of benefit, even if it does mean we have to change the way we're doing some things. Our system relies a lot upon environment variables being carried over from one environ to the other, and some of our system users and the tasks they perform depend largely upon those envars. So, it came to pass that there is a directive in the sudoers file that allows (or, by default, disallows) environment variables passing through with sudo execution. This is "Default env_reset" - Changed to "Default !env_reset" to say ! = NO! Don't reset the envars when using sudo!

This solved our issue, and the DBA was able to complete the upgrades.

The blackberry Curve 8300 - 83xx - Pretty cool.

2009-09-11T08:43:00.001-04:00

I recently came across a free Blackberry Curve 8300 for ATT - a friend of a friend was getting an iPhone 3G (after she had become enamored with the iPod touch) and was just going to give it to him, fortunately for me he has Verizon not ATT or T-Mobile, and I said I'd offer him some money for it. He said "nonsense (nice!), I'll ask her if I can give it to you." So she said yes.

The software that came with it was old, like it had never been updated. I later found out why. The synching/software interface for the blackberry is atrocious. I later found out too that you can do MOST things without synching. Such as over-the-airwaves App installs and stuff. Not to mention...Synching the blackberry to the computer is extremely slow. It took like 35 minutes just to do the software upgrade. The iPhone definitely has it beat in that arena.

Anway, I'm a happy, Loyal, iPhone user (only because its unix in my pocket, and jailbroken..so I can do the things I need to do with MY computer - hopefully all of this carrier-lock in junk will be over soon.), but I was impressed with this little device, despite its stubbornness in wanting to charge. It seems to have some issues...I bought a car charger for my girlfriend for this device, and it seemed to charge straight away. When I hooked it up to the computer (much like I had found trying to synch it at work) - It was a mess of steps to get the thing recognized and charging. Why can't I just plug the USB cable in and let it charge the battery. ARGH.

Anyway, hopefully I can work on her Vista machine some more (i did the synching and initial software upgrade on an XP machine) and get it to recognize the device so she can charge it there, since my friend forgot to bring me the wall charger.

Overall, I like the device. They're relatively inexpensive, though the data plan is more expensive than an iphone at 30$/month (35$/month if you want at least 200 txt messages...some are a requirement otherwise you're getting shafted at the .20/.30 cent per message mark. Lame.

Its not an iPhone, but its not half bad either, and it has a large community support base as well. Once I got past a few of the quirks, everything seems to be OK and she seemed to pick it up pretty intuitively.

unix security problems

2009-09-04T14:20:00.001-04:00

so, you're in a meeting and you get asked to provide an account to a group thats not in your department. when you tell your friends they tell you to tell the people you work "if you're so good at security make your own account"

that wouldn't go over well.

session recording with 'script' in linux/unix hosts.

2009-09-03T16:33:00.001-04:00

don't forget you can use the 'script' command 'script output.log' to record all commands you type.
you can use this as a reference to see what you've done in the session ( such as wanting to record all file permission changes that you make in a session )

Enable Oracle Application Server to run on port <1024 on HPUX

2009-08-26T12:31:00.002-04:00

Below are the instructions, probably a little too detailed, on how to enable oracle to start httpd as root then fork to user specified in httpd.conf (em -> advanced properties -> httpd.conf) - For most people, Since Oracle App server is just a modified apache...Task 1 is the only thing you really have to do. You can then add the port in EM, and add the vhost directive in either ssl.conf or whatever file you're sourcing vhosts from.

Task 1: Enable Oracle HTTP Server to Run as Root for Ports Set to Less Than 1024 (Unix Only)

If you are on a UNIX system and you are changing the Listen port to a number less than 1024, perform these steps before you change the Oracle HTTP Server Listen port.
By default, Oracle HTTP Server runs as a non-root user (the user that installed Oracle Application Server). On UNIX systems, if you change the Oracle HTTP Server Listen port number to a value less than 1024, you must enable Oracle HTTP Server to run as root, as follows:

Run the following commands in the middle-tier Oracle home:

cd ORACLE_HOME/Apache/Apache/bin
chown root .apachectl
chmod 6750 .apachectl

Task 2: Use the portconfig Command to Change the Oracle HTTP Server Listen Ports

Use the following procedure to change the Oracle HTTP Server HTTP or HTTPS listen port:

Set the ORACLE_HOME environment variable to the home directory of the Oracle Application Server instance where the Oracle HTTP Server resides.
For example:
```
(UNIX) setenv ORACLE_HOME /dev0/private/oracle/appserv1/ 
```
On UNIX systems, set the LD_LIBRARY_PATH, LD_LIBRARY_PATH_64, LIB_PATH, or SHLIB_PATH environment variables to the proper values. The actual environment variables and values that you must set depend on the type of your UNIX operating system.

Create an alias (on UNIX systems) to represent the portconfig command.
For example, to execute the command as an alias on UNIX systems, enter the following command:

alias portconfig '$ORACLE_HOME/jdk/bin/java -cp 
$ORACLE_HOME/sysman/webapps/emd/WEB-INF/lib/emd.jar:
$ORACLE_HOME/dcm/lib/dcm.jar:
$ORACLE_HOME/sso/lib/ossoreg.jar
oracle.sysman.ias.sta.tools.PortConfigCmdLine \!*'

Use the newly created portconfig command as follows:

portconfig -oracleHome ORACLE_HOME 
-oldPort old_port 
-newPort new_port 
[-sso -url http://sso_host:port -user http_server_admin_user 
  [-site name_of_sso_partner_application]
  [-admin mod_osso_admin_user]
  [-vHost path_to_mod_osso_configuration_file]]
[-webCache] [-debug]
{-start | -restart}

For example, on UNIX systems:

portconfig -oracleHome $ORACLE_HOME -oldPort 7777 -newPort 7778 -webCache

Changing VSWIF IP in VMWare ESX

2009-08-26T11:45:00.002-04:00

Pretty nice post on esxcfg commands...

Esxcfg command help

Esxcfg-firewall
Description: Configures the service console firewall ports
Syntax: esxcfg-firewall

Options:

-q	Lists current settings
-q	Lists settings for the specified service
-q incoming\|outgoing	Lists settings for non-required incoming/outgoing ports
-s	Lists known services
-l	Loads current settings
-r	Resets all options to defaults
-e	Allows specified service through the firewall (enables)
-d	Blocks specified service (disables)
-o	Opens a port
-c	Closes a port previously opened by –o
-h	Displays command help
-allowincoming	Allow all incoming ports
-allowoutgoing	Allow all outgoing ports
-blockincoming	Block all non-required incoming ports (default value)
-blockoutgoing	Block all non-required outgoing ports (default value)

Default Services:

AAMClient	Added by the vpxa RPM: Traffic between ESX Server hosts for VMware High Availability (HA) and EMC Autostart Manager – inbound and outbound TCP and UDP Ports 2050 – 5000 and 8042 – 8045
activeDirectorKerberos	Active Directory Kerberos - outbound TCPs Port 88 and 464
CIMHttpServer	First-party optional service: CIM HTTP Server - inbound TCP Port 5988
CIMHttpsServer	First-party optional service: CIM HTTPS Server - inbound TCP Port 5989
CIMSLP	First-party optional service: CIM SLP - inbound and outbound TCP and UDP Ports 427
commvaultDynamic	Backup agent: Commvault dynamic – inbound and outbound TCP Ports 8600 – 8619
commvaultStatic	Backup agent: Commvault static – inbound and outbound TCP Ports 8400 – 8403
ftpClient	FTP client - outbound TCP Port 21
ftpServer	FTP server - inbound TCP Port 21
kerberos	Kerberos - outbound TCPs Port 88 and 749
LicenseClient	FlexLM license server client - outbound TCP Ports 27000 and 27010
nfsClient	NFS client - outbound TCP and UDP Ports 111 and 2049 (0 – 65535)
nisClient	NIS client - outbound TCP and UDP Ports 111 (0 – 65535)
ntpClient	NTP client - outbound UDP Port 123
smbClient	SMB client - outbound TCP Ports 137 – 139 and 445
snmpd	SNMP services - inbound TCP Port 161 and outbound TCP Port 162
sshClient	SSH client - outbound TCP Port 22
sshServer	SSH server - inbound TCP Port 22
swISCSIClient	First-party optional service: Software iSCSI client - outbound TCP Port 3260
telnetClient	NTP client - outbound TCP Port 23
TSM	Backup agent: IBM Tivoli Storage Manager – inbound and outbound TCP Ports 1500
veritasBackupExec	Backup agent: Veritas BackupExec – inbound TCP Ports 10000 – 10200
veritasNetBackup	Backup agent: Veritas NetBackup – inbound TCP Ports 13720, 13732, 13734, and 13783
vncServer	VNC server - Allow VNC sessions 0-64: inbound TCP Ports 5900 – 5964
vpxHeartbeats	vpx heartbeats - outbound UDP Port 902

Note: You can configure your own services in the file /etc/vmware/firewall/services.xml

esxcfg-firewall examples:
Enable ssh client connections from the Service Console:
# esxcfg-firewall -e sshClient
Disable the Samba client connections:
# esxcfg-firewall -d smbClient
Allow syslog outgoing traffic:
# esxcfg-firewall -o 514,udp,out,syslog
Turn off the firewall:
# esxcfg-firewall -allowIncoming
# esxcfg-firewall -allowOutgoing
Re-enable the firewall:
# esxcfg-firewall -blockIncoming
# esxcfg-firewall –blockOutgoing

Esxcfg-nics
Description: Prints a list of physical network adapters along with information on the driver, PCI device, and link state of each NIC. You can also use this command to control a physical network adapter’s speed and duplexing.
Syntax: esxcfg-nics [nic]

Options:

-s	Set the speed of this NIC to one of 10/100/1000/10000. Requires a NIC parameter.
-d	Set the duplex of this NIC to one of 'full' or 'half'. Requires a NIC parameter.
-a	Set speed and duplex automatically. Requires a NIC parameter.
-l	Print the list of NICs and their settings.
-r	Restore the NICs configured speed/duplex settings. (Internal use only)
-h	Displays command help

esxcfg-nics examples:
Set the speed and duplex of a NIC (vmnic2) to 100/Full:
esxcfg-nics -s 100 -d full vmnic2
Set the speed and duplex of a NIC (vmnic2) to auto-negotiate:
esxcfg-nics -a vmnic2

Esxcfg-vswitch
Description: Creates and updates virtual machine (vswitch) network settings
Syntax: esxcfg-vswitch [vswitch[:ports]]

Options:

-a	Add a new virtual switch.
-d	Delete the virtual switch.
-l	List all the virtual switches.
-L	Set pnic as an uplink for the vswitch.
-U	Remove pnic from the uplinks for the vswitch.
-p	Specify a portgroup for operation. Use ALL for operation to work on all portgroups
-v	Set VLAN ID for portgroup specified by -p. 0 would disable the VLAN.
-c	Check to see if a virtual switch exists. Program outputs a 1 if it exists, 0 otherwise.
-A	Add a new portgroup to the virtual switch.
-D	Delete the portgroup from the virtual switch.
-C	Check to see if a portgroup exists. Program outputs a 1 if it exists, 0 otherwise.
-r	Restore all virtual switches from the configuration file (Internal use only)
-h	Displays command help

esxcfg-vswitch examples:
Add a pnic (vmnic2) to a vswitch (vswitch1):
esxcfg-vswitch -L vmnic2 vswitch1
Remove a pnic (vmnic3) from a vswitch (vswitch0):
esxcfg-vswitch -U vmnic3 vswitch0
Create a portgroup (VM Network3) on a vswitch (vswitch1):
esxcfg-vswitch -A "VM Network 3" vSwitch1
Assign a VLAN ID (3) to a portgroup (VM Network 3) on a vswitch (vswitch1):
esxcfg-vswitch -v 3 -p "VM Network 3" vSwitch1

Esxcfg-vswif
Description: Creates and updates service console network settings. This command is used if you cannot manage the ESX Server host through the VI Client because of network configuration issues.
Syntax: esxcfg-vswif [vswif]

Options:

-a	Add vswif, requires IP parameters. Automatically enables interface.
-d	Delete vswif.
-l	List configured vswifs.
-e	Enable this vswif interface.
-s	Disable this vswif interface.
-p	Set the portgroup name of the vswif.
-i or DHCP	The IP address for this vswif or specify DHCP to use DHCP for this address.
-n	The IP netmask for this vswif.
-b	The IP broadcast address for this vswif. (not required if netmask and ip are set)
-c	Check to see if a virtual NIC exists. Program outputs a 1 if the given vswif exists, 0 otherwise.
-D	Disable all vswif interfaces. (WARNING: This may result in a loss of network connectivity to the Service Console)
-E	Enable all vswif interfaces and bring them up.
-r	Restore all vswifs from the configuration file. (Internal use only)
-h	Displays command help.

Note: You can set the Service Console default gateway by editing the /etc/sysconfig/network file or through the VI Client under Configuration, DNS & Routing.

esxcfg-vswif examples:
Change your Service Console (vswif0) IP and Subnet Mask:
esxcfg-vswif -i 172.20.20.5 -n 255.255.255.0 vswif0
Add a Service Console (vswif0):
esxcfg-vswif -a vswif0 -p "Service Console" -i 172.20.20.40 -n 255.255.255.0

Esxcfg-route
Description: Sets or retrieves the default VMkernel gateway route
Syntax: esxcfg-route [ [] ]
can be specified in 2 ways: as a single argument in / format or as a pair.
is either an IP address or 'default'

Options:

-a	Add route to the VMkernel, requires network address (or 'default') and gateway IP address.
-d	Delete route from the VMkernel, requires network address (or 'default').
-l	List configured routes for the Service Console.
-r	Restore route setting to configured values on system start. (Internal use only)
-h	Displays command help

esxcfg-route examples:
Set the VMkernel default gateway route:
esxcfg-route 172.20.20.1
Add a route to the VMkernel:
esxcfg-route -a default 255.255.255.0 172.20.20.1

Esxcfg-vmknic
Description: Creates and updates VMkernel TCP/IP settings for VMotion, NAS, and iSCSI
Syntax: esxcfg-vmknic [[portgroup]]

Options:

-a	Add a VMkernel NIC to the system, requires IP parameters and portgroup name.
-d	Delete VMkernel NIC on given portgroup.
-e	Enable the given NIC if disabled.
-D	Disable the given NIC if enabled.
-l	List VMkernel NICs.
-i	The IP address for this VMkernel NIC. Setting an IP address requires that the -n option be given in same command.
-n	The IP netmask for this VMkernel NIC. Setting the IP netmask requires that the -i option be given in the same command.
-r	Restore VMkernel TCP/IP interfaces from configuration file. (Internal use only)
-h	Displays command help

esxcfg-vmknic examples:
Add a VMkernel NIC and set the IP and subnet mask:
esxcfg-vmknic -a "VM Kernel" -i 172.20.20.19 -n 255.255.255.0

Serial Console on VMWare ESX

2009-08-26T08:22:00.002-04:00

I primarily use HP ILO's on our DL360s. I never get ILO Advanced Pack..Its expensive, and I ues UNIX so, for my BSD and Linux machines I just use serial consoles... It beats buying the license...and I don't need the graphical stuff... Thats what X servers are for.

Compiled this from a defunct wiki from some edu, but its pretty much common sense. Just wanted to document it for those who care ;)

For an ESX Server:
This is about enabling the console of ESX server to be a serial port. Running an IP KVM for ESX servers seems a really expensive thing to do, when it just needs a shell.

This is a method I use for RHEL/CentOS. I had to modify it slightly for VMware ESX:
Edit /boot/grub/grub.conf
Add the following lines after "timeout=3" line

serial --unit=0 --speed=9600 --word=8 --parity=no --stop=1
terminal --timeout=8 serial console

* The first line tells GRUB to use the first serial port at a baud rate of 9600
* The second line gives the user 8 seconds to decide where GRUB should output it's information. * Please adjust port number and speed as per your setup.

Append the kernel entry in /boot/grub/grub.conf to add serial console:

kernel /vmlinuz ro root=UUID=675026ae-e3ee-4340-8614-9173f59d5bfb mem=300M quiet console=ttyS0,9600

Edit /etc/inittab to add a new line for agetty. I placed this after the mingetty entries:

s0:2345:respawn:/sbin/agetty -L -f /etc/issueserial 9600 ttyS0 vt100

Additional notes: - root logins are restricted over ttysX by default unless your ttysX is added to the securetty config. So, edit /etc/securettty and add your port to your config if you want to allow root logins.

For a VM:
To add a serial console to VMWare ESX, there's no way to do it either from the web console nor from their dinky vmware-console. There's just grayed out menu items that torment your soul leaving you with a bitter taste of unfulfilled possibilites. Yet there is hope!

Here I add serial console 0. serial0.present = "TRUE" serial0.fileType = "file" serial0.fileName = "/tmp/console.debian26_dan"

then add in your kernel boot options (ie, in /boot/grub/menu.lst) console=ttyS0,19200
like this: kernel /boot/vmlinuz root=/dev/sdc1 ro console=ttyS0,19200 console=tty0

now as you do crazy things to the kernel and crash it (ie, run zap), you can access your kernel log for debugging information in /tmp/console.debian26_dan.

NOTE: this enables a serial console for a guest machine on ESX. It does not enable a serial console for the ESX system itself, for that see above. ;p

it is the whole thing.

2009-08-21T10:44:00.002-04:00

see subject. no comment. sigh.

mpage!

2009-08-18T10:15:00.002-04:00

so...i guess, i just screwed up when i was working with mpage before trying to get the fonts right. it appears now that Courier-Bold as a -F parameter is working. ;) Yay.

That's how you get darker color, Bob!

cups-pdf, cups, RHEL, Linux, and EPEL repositories...

2009-08-17T19:09:00.002-04:00

Soo...you want to add some other packages...
OK!

su -c 'rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm'

they should now be available in yum...in my case, cups-pdf.

using firefox 3.5.x in Linux ... Its not just that easy, apparently.

2009-08-16T15:27:00.002-04:00

I got tired of looking for a repo version and decided to get the bin pkg from Mozilla.

Here’s a really quick way to get 3.5.2 running on your Ubuntu or RHEL/CentOS system.

I removed the Firefox 3.0 that shipped... In this case, with CentOS. This tutorial taken from some Ubuntu user's post/page...I forget.

Open up Terminal (Applications > Accessories > Terminal) and run the following commands:

cd /tmp
wget "http://download.mozilla.org/?product=firefox-3.5.2&os=linux&lang=en-US"
Note: Your download link may be different depending on your country and language. I got the link by clicking the download link, canceling the automatic download, right-clicking the “Your download should automatically begin in a few seconds, but if not, click here” link, and selecting Copy Link Location.
tar xvjf firefox-*.bz2
sudo cp -r firefox /usr/lib/firefox-3.5.2
sudo mv /usr/bin/firefox /usr/bin/firefox.old
sudo ln -s /usr/lib/firefox-3.5.2/firefox /usr/bin/firefox-3.5.2
sudo ln -s /usr/bin/firefox-3.5.2 /usr/bin/firefox

Close Firefox and then reopen. You should now be running Firefox 3.5.2.

If for whatever reason you’d like to switch back to your previous version of Firefox, simply run the following commands from Terminal:

sudo mv /usr/bin/firefox /usr/bin/firefox.bak
sudo mv /usr/bin/firefox.old /usr/bin/firefox

enable rpmfusion, epel for CentOS / RHEL5 to install other repos...

2009-08-16T15:22:00.002-04:00

[root@caliban-centos ~]# su -c 'rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm'

[root@caliban-centos ~]# su -c 'rpm -Uvh http://download1.rpmfusion.org/free/el/updates/testing/5/i386/rpmfusion-free-release-5-0.1.noarch.rpm http://download1.rpmfusion.org/nonfree/el/updates/testing/5/i386/rpmfusion-nonfree-release-5-0.1.noarch.rpm'

- this should then allow software to be pulled from rpmfusion!

homemade tend skin recipe.

2009-06-25T16:40:00.002-04:00

Crush 18 tablets aspirin and dissolve in alcohol. Crush remaining 8 tablet aspirin and dissolve in witch hazel. Combine alcohol and witch hazel together. Pour into squeeze bottle. Make need to shake before each use, as aspirin may settle. Apply once daily after waxing or shaving to prevent and treat ingrown hairs.
26 tablets uncoated aspirin, divided
5 ½ oz. 70% rubbing alcohol
2 ½ oz. witch hazel extract

From a "Best of Craigslist"

2009-06-23T09:12:00.002-04:00

Dear Christians

Date: 2009-04-03, 5:02AM PDT

In the following argument of nine premises, I will aim to convince you that Jesus of Nazareth was a fictional character, and not a real person. I do not intend to sway the beliefs of many of you, nor even budge them - I know this to be an impossibility, for if the religious mind is well-trained at anything, it is circumventing rational argument. I only intend to sew seeds of doubt, in the hopes that perhaps some of you will nurture them and let them grow. Here goes.

1. Much, if not most, of the Bible is arguably fiction. Quit being so intellectually dishonest, Christians - this is the twenty-first century. That means the burden of proof is on YOU. If you make a claim about the universe, it is up to you to prove it is true, not the other way around. It is not up to us, the rest of the world, to prove your claims false - that is not scientific thinking, that is anti-scientific thinking. Because I am a man of my times, and believe in correcting ignorance, what I am doing here is out of courtesy to YOU, just as if I were to argue publicly that there is a Flying Spaghetti Monster orbiting Venus preparing to blow up Planet Earth, one of you would probably, out of simple human decency attempt to correct me and point me towards the truth. This is my way of doing that. Now, back to the Bible being fiction... that part's easy. Find me a snake with vocal chords, water that is dense enough for a human being to walk on, or a chemical process that converts complex carbohydrates to fish. Until then, you're out of luck, sucker. The evidence wins, and the evidence sides with me. These are invented stories... fictional dramas meant to impart some moral lesson. They are not real.

2. Following point two: from an objective, scrutinizing view, there is no reason to believe one story in the Bible over another. We cannot honestly engage shades of truth here - either the books in the Bible are historically true or they are not. Since they almost ubiquitously contain material to make the scientific person skeptical, we can chance to say the same is true of the entire book: either it happened, or it didn't. Therefore, it is no less plausible to disbelieve the Jesus myth than the myth about Enoch the nine-hundred year old man or the creation myth wherein God pats the first humans out of clay. Here's a hint: humans, like all other complex organisms, reached their present condition by millions of years of natural selection through the self-preservation of certain greedy genes. We can observe this happening today; anti-biotic resistant bacteria are a good example. Plus, we've mapped the human genome - we know our ancestry, and it's simian. Even Pope John Paul II said evolution is a historical fact. People did not come from clay.

3. By definition, intellect, or "reason" is the ability to revise one's beliefs in light of better argumentation. Taking simple, empirical data from the the world around you should make it easy to determine that the physical laws of the universe DO NOT CHANGE. It therefore stands to reason that "miracles" can only possible be one of two phenomena: A, an outside agent actually interfering with the laws of the universe; or B, hyperbolized coincidences. Considering the Bible was written in a time when allegory was the most common form of journalistic reporting and most people still believed spitting on a wound was an appropriate way to cure it, it is far more reasonable to assume the latter.

*Side note: Seriously Hoss, let me clue you in on something: things that are impossible to do now - like walking on water, resuscitation after days of biological death, and wine magically turning into blood - were just as impossible 2,000 years ago. There's a much greater power in the universe than "belief." It's called "observation."

4. To believe these stories, you must create strange rationalizations that do not hold up to true intellectual scrutiny. This brings us to the issue of honesty. Without deluding yourself, can you honestly answer the following questions? Such as, why doesn't God heal amputees? He heals everyone else miraculously, right? But neither you nor I have ever seen an amputee grow back a leg. Oh wait, God has a special plan for them. But isn't he supposed to be loving and just? What's with the discrimination, man? Or how about Jonah surviving in the belly of that whale? Wouldn't he be partially digested after three days? Maybe Baby Balooga had a slow metabolism?

5. Following four, and this one is my favorite: if Jesus is the one true messiah, the only God, whom you shall hath no other gods before him, yada yada, how come so many gods DID come before him having nearly identical biographies? There are no less than two dozen god-men of the ancient Mediterranean whose birth was heralded by a bright star in the East (Sirius, for those who don't practice astronomy), who were also adored by wise men, walked on water, fed the hungry, resurrected the dead, were crucified and rose again, etc. Many even had the same birthday as Jesus - December 25th! Not coincidentally, this was the Roman Holiday of Saturnalia centuries before the clergy decided to call it Jesus' birthday. Surprise! Christians plagiarized earlier religions. I cannot spell it out any clearer than that. Knowing that, how can one believe anything Christian doctrine teaches? How do you even begin to separate what was invented from what was borrowed? You don't. The cold, hard truth is, it was an old story then, and it's an old story now. These messianic archetypes - the man that is god, the man who conquers death - existed long, long before Jesus came around. They were old news when soap was a cutting-edge technology, before written language was even invented. They are ancient fucking history. Jesus was not the antitype of these messianic figures, he was their distillation.

7. Following point 6. If you are skeptical of this information (and you should be, as doubt is the seed of all knowing), investigate the matter for yourself. One hugely recurring problem I find when debating with Christians is that they either know very little about other religions or are ignorant of their existence entirely. This is counter-intuitive to me, and perhaps my own fault in failing to understand the religious mind. Shouldn't it be fairly crucial to make the most educated decision in choosing a religion, if practicing the "right" one is important to you? For example, you wouldn't want to choose a religion based on plagiarism, would you? Or one that literally absorbed every earlier belief system it encountered through endless politicizing or the diplomacy of the sword? Well, better crack those books then - there's a whole heap of gods who fit the Christ mold long before Christ. I suggest you begin by researching Mithra of Rome, Attis of Frigia, Dionysis of Greece, Krishna of India, and Horus of Egypt. The last should be of particular interest to you, as his mythology is almost an exact carbon copy of Jesus', right down to the twelve apostles and three-day rebound time after being murdered by jealous clergy. Though, I should point out that Horus was worshipped nearly 1000 years BEFORE Christianity began spreading through the Hebrew-populated Roman colonies. This should come as no surprise to you, as it's written right in the bible that the Hebrews came out of Egypt.

8. On a more serious note. Western civilization may have been "built" on Judeo-Christian values (at least the "don't kill" and "don't steal" parts), but we have become a modern society and have adopted the scientific way of thinking. While the aforementioned values have indisputable merits, maintaining the dogma in its entirety is no longer necessary, especially when we consider the violence and segregation it has caused throughout the ages. Furthermore, philosophically speaking, Christian ethics are severely outdated. Since the Enlightenment, the Western World has seen far superior ethicists to Jesus of Nazareth. Kant and Mill, for example, created life-affirming ethical systems that can be applied to a wider range of people without destroying their culture or beliefs about where the universe came from and what kind of sex they should consider perverse. Truly, there is no reason to cling to the old way any longer. We have adopted science and reason in every other aspect of our lives... yet somehow we have retained Bronze Age ethics? It makes no sense. Why should we continue to believe it is better to be tribalists than to be humanists? This mentality is not compatible with a just, egalitarian society. Besides, Jesus may tell us to love one another, but he also says we should maintain the Old Testament in its entirety - no cherry-picking - which means we technically must condone rape, incest, slavery, and genocide (!). If we can do away with these parts (and we have), why not do away with the whole thing?

9. In the grand scheme of things, it would be generally permissible for one to believe in Christian ethics if it were readily understood that Jesus was not a historical person, and the story is allegory. However, if you are a Christian, you probably do believe that Jesus was a real human being. This is a threat to both the advancement of science and the absolution of religious conflict in the world, two issues that are paramount to our survival as a species as our planet nears carrying capacity and is dangerously on the brink of overheating. It creates too slippery a slope for other theocratic nonsense to take hold; for example, tthe mindset that human beings can literally live after death (how many soldiers would we send to die if everyone believed this is the only life?); or that preserving the existence of cell clusters which bear no conceivable human traits is somehow a better aim than alleviating actual human suffering; or that sex is harmful, but killing, bigotry, and total obedience to clandestine authority are healthy practices; or that blood sacrifice is a value modern societies should endorse. But Jesus WAS a real person, you say! There's a plethora of evidence! No, not really, outside of the gospels. And those hardly count as "evidence." They are secondary sources at best. Here's why: if a historical Jesus really lived and died between 0 and 33 CE, then we know beyond a doubt that at least forty years passed before the earliest gospel - the one written by Mark - was scribed. Because the aforementioned gospel discusses the destruction of Solomon's temple, we know it was written in or sometime after 70 CE. Given the lifespan of the period, that means the author or authors were at best infants or young children when Jesus of Nazareth was supposed to have been crucified. Moreover, the gospel writers are not themselves mentioned in the gospels, and they make no claim to actually having met Jesus. None of the apostles who walked with Jesus nor anyone who even met him wrote accounts to that effect. Granted, there are certain mentions of a "Christ" in the writings of Mediterranean historians from that period (not Justin Martyr or Pontius Pilate - sorry, but those are proven forgeries). However, if are a serious Christian, these should be of little consideration to you, as you know "the Christ" is really a title that simply means "the Anointed," and was taken up by many rabbis of that time. In not ONE of these documents is a man named Jesus, or Yeshua of Nazareth mentioned.

In conclusion, the gospels which discuss the life of Jesus of Nazareth are at best hearsay, almost certainly hyperbolized, and at worst complete fabrications. What we can determine beyond a doubt is that for at least four decades after his death, everyone in the world, including his sworn followers and students, simply forgot their messiah existed. If that doesn't cast on you a serious shade of doubt, then nothing will, and perhaps I'm not "the fool".

- A

it's NOT ok to contact this poster with services or other commercial interests

PostingID: 1104940994

Resetting OS Passwords! Just a good writeup for those interested. ;)

2009-04-23T07:45:00.002-04:00

Windows
Windows is still the most popular operating system, and the method used to discover the login password is the easiest. The program used is called Ophcrack, and it is free. Ophcrack is based on Slackware, and uses rainbow tables to solve passwords up to 14 characters in length. The time required to solve a password? Generally 10 seconds. The expertise needed? None.

Simply download the Ophcrack ISO and burn it to a CD (or load it onto a USB drive via UNetbootin). Insert the CD into a machine you would like to gain access to, then press and hold the power button until the computer shuts down. Turn the computer back on and enter BIOS at startup. Change the boot sequence to CD before HDD, then save and exit.

The computer will restart and Ophcrack will be loaded. Sit back and watch as it does all the work for your. Write down the password it gives you, remove the disc, restart the computer, and log in as if it were you own machine.

Mac
The second most popular operating system, OS X is no safer when it comes to password cracking then Windows.

The easiest method would be to use Ophcrack on this, also, as it works with Mac and Linux in addition to Windows. However, there are other methods that can be used, as demonstrated below.

If the Mac runs OS X 10.4, then you only need the installation CD. Insert it into the computer, reboot. When it starts up, select UTILITIES > RESET PASSWORD. Choose a new password and then use that to log in.

If the Mac runs OS X 10.5, restart the computer and press COMMAND + S. When at the prompt, type:

fsck -fy

mount -uw /

launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist

dscl . -passwd /Users/UserName newpassword

That’s it. Now that the password is reset, you can login.

Linux
Finally, there is Linux, an operating system quickly gaining popularity in mainstream, but not so common you’re likely to come across it. Though Mac and Linux are both based on Unix, it is easier to change the password in Linux than it is OS X.

To change the password, turn on the computer and press the ESC key when GRUB appears. Scroll down and highlight ‘Recovery Mode’ and press the ‘B’ key; this will cause you to enter ‘Single User Mode’.

You’re now at the prompt, and logged in as ‘root’ by default. Type ‘passwd’ and then choose a new password. This will change the root password to whatever you enter. If you’re interested in only gaining access to a single account on the system, however, then type ‘passwd username’ replacing ‘username’ with the login name for the account you would like to alter the password for.

Conclusion
There you have it - that is how simple it is for someone to hack your password. It requires no technical skills, no laborious tasks, only simple words or programs. The moral of the story? Encrypt your data to keep it safe. Don’t use only a password, but actually encryption, such as Blowfish or AES-128. There are a number of programs that can do this - TrueCrypt for Windows, or the native encryption found on Ubuntu, creating a disk image in Mac, etc.

'08 nissan 350z - nogaro red paint code

2009-04-18T18:06:00.002-04:00

the factory paint code for my nogaro red 350z is A41.

...because i have to buy some touch up paint!

rEFIt - bootloader for the mac.

2009-04-12T20:45:00.002-04:00

http://refit.sf.net

The rEFIt Project

rEFIt is a boot menu and maintenance toolkit for EFI-based machines like the Intel Macs. You can use it to boot multiple operating systems easily, including triple-boot setups with Boot Camp. It also provides an easy way to enter and explore the EFI pre-boot environment.

burn a playable dvd from video_ts in Mac OS X

2009-03-27T12:20:00.002-04:00

Burn a playable DVD from a VIDEO_TS folder
Thu, Jun 14 2007 at 7:30AM PDT • Submitted by gavynj

After searching the forums and trying various things, I still couldn't find a quick, reliable, free method of burning a VIDEO_TS folder to a pure UDF DVD, so that it would play in regular DVD players, as well trigger DVD Player to start up automatically. Anyway, as often is the case, Terminal had the answers. Just type in this command and change the paths to suit:

hdiutil makehybrid -udf -udf-volume-name DVD_NAME \
-o MY_DVD.iso /path/to/VIDEO_TS/parent/folder

Make sure that /path/to/VIDEO_TS/parent/folder is the path to the folder containing the VIDEO_TS folder, not the VIDEO_TS folder itself. Once the .iso file has been created, drag this to Disk Utility and hit the Burn button.

some things someones father taught them...

2009-01-25T01:02:00.002-05:00

Things my father taught me

Date: 2008-04-13, 9:33AM PDT

The measurement of my finger from the tip to the first joint is 1 inch...depth for planting peas.
The measurement to the second joint is 2 inches...depth for corn.
Return borrowed things in better shape than when you borrowed them.
There are two types of trouble...one is the trouble you knowingly walk into, the other is trouble that just happens...it's important to know the difference.
Walk softly but carry a big stick.
if you have to use said stick, make sure who you use it on, doesn't get up.
Grits is good.
Foul language is a sign of a limited vocabulary
Orion, the Big and Little Dippers.
Everyone is a friend until proven otherwise.
Licorice ferns, huckleberries, nettles, sword ferns.
Tabasco won't kill you even if you eat it by the spoonfull.
Don't watch the clock when you're at work.
Fish can see you if you look over the side of the boat.
Fish can hear you if you talk to loud.
Respect the elders.
Never go to bed angry.
That which does not kill you will hurt like the dickens, but it will make you stronger.
Family is the most important thing on earth.
How to play the guitar, spoons, mouth harp, and water filled bottles.
The true meaning of "Self Made Man"
If you don't know something, go to the library and learn it.
The phrases "I don't know", "I forgot", or "I tried (and failed)" are excuses.
There is a difference between an excuse and a reason, know the difference.
Take care of your apperance...even if it is just a t-shirt and jeans.
The world can change everything about you, except your point of view...unless you allow it to.

David L. McDonald
born 1936-passed 2008
precious father
beloved husband
A right good fellow.

neopi, oracle on linux...10gr2..and my birthday.

2008-11-11T07:23:00.002-05:00

oh, and today is my birthday. yay.

so, i finally got around to writing about this. I succesfully got ora 10gr2 installed on RHEL5. thanks to the help of gathering dependencies by this free product called NEOPI. Its pretty nice...just a kind of automatic dependency generator, and it runs some other checks too, but it helped solve the issues I was running into with the misplaced/mislinked libraries. hopefully that puts the RHEL5 Oracle10gr2 fears to rest...and I can move on.

Oracle 10gR2 on RHEL5

2008-11-06T15:56:00.002-05:00

Preamble

This manual is directed show how to install Oracle database 10g on RedHat Enterprise Linux 5. The article show the process from system administrator point of view ad try to simplicity most of the tasks not related to system administration will in deep explanation of tasks and impacts of them. Be aware RHEL 5 x86 is not supported platform (in this moment) for Oracle 10g so when you ask questions in metalink don't be surprised get no answer. According to the product documentation supported platforms for x96 are RHEL AS/ES 3.4 or later, RHEL 4, SUSE Linux Enterprise Server 9.0SP2 or later and Asianux 1.0 and 2.0. Additionally you can't expect reliability from this system for production environment.

[edit]
Hardware requirements

From documentation you read Oracle 10g need at least 1 gigabyte of memory, but the absolute minimum is 512 MB. OK, with so little memory you are on the bottom line for required shared memory, but database can start. for testing 768 MB sound's much better. Similar is the situation with swap. Everything will work fine with only 1024 MB of swap.

[edit]
Software requirements

List of packages you will need for install Oracle 10g on RHEL include

binutils
compat-db
compat-libstdc++
control-center
gcc
gcc-c++
glibc
glibc-common
gnome-libs
libstdc++
libstdc++-devel
make
pdksh  (RHEL 5 ships with ksh instead)
sysstat
xscreensaver
setarch
libXp (to start runInstaller)

[edit]
Preinstalation tasks

Let's create users and groups for installation

# groupadd dba
# groupadd oinstall
# useradd -G dba -d /home/oracle -g oinstall oracle
# passwd oracle

Next create filesystem for oracle files and database. Do not forget to create appropriate changes in /etc/fstab to mount this filesystem on startup. In documentation of product is mentioned to use only RAID10 array(s) and for production is wise to use hardware based arrays, but here we just play and any filesystem and volume will be OK. Transfer files to the machine and extract zip's somewhere. I write files, because i recommend for installation not only Oracle database server, but 10g Release 2 (10.2.0.3) Patch Set 2 ever only for testing and playing. For more info about the the patch set read document 316900.1 and download file p5337014_10203_LINUX.zip from metalink. Now is time to login on the machine as root to set some parameters in linux kernel and operating system

- check if FQHN exist in /etc/hosts
- check the id of oracle user to ensure oinstall is primary group of user and user is member of group dba
- check for existence of user nobody
- check and set if need the parameters for semaphors:
semmsl - 250
semmns - 32000
semopm - 100
semmni – 128

[edit]
Semaphores explanation

semmsl – maximum number of semaphores per semaphore identifier. Should be increased carefully because very big number will eat memory not used later
semmns - maximum number of semaphores in the system. Size it carefully because of above reason
semopm - Define maximum number of semaphore operations per system call
semmni – maximum number of semaphores per semaphore identifier. Do not increase it over needed limit, because of waste of memory
if you have attached to the server additional hardware read carefully documentation of drivers for this hardware, because for example some drivers for FC controllers need additional semaphors to be set per controller

- check and set if need the parameters for shared memory
shmall 2097152
shmmax Half the size of physical memory (in bytes) or current value if bigger
shmmni 4096

[edit]
Shared memory explanation

shmall - maximum number of shared memory pages. If you set it to too low value can slowdown any program usng shared memory
shmmax – maximum size of shared memory segment that can be allocated in the memory. For servers with lots of memory can be increased to 80% of memory to avoid shared memory fragmentation
shmmni – maximum number of segments. It's good idea to change it only by vendor recommendation

- check and set if need the parameters for maximum number of file handlers, supported by system
file-max 65536

- check and set if need the parameters for network
ip_local_port_range Minimum:1024 Maximum:65000
rmem_default 1048576
rmem_max 1048576
wmem_default 262144
wmem_max 262144

[edit]
Network setting explanation

ip_local_port_range – define full range of local ports in Linux, normally upper limit is 32000
rmem_default Default Receive Window
rmem_max Maximum Receive Window
wmem_default Default Send Window
wmem_max Maximum Send Window

So you can add you /etc/sysctl.conf file something like

kernel.shmall = 2097152
kernel.shmmax = 2147483648
kernel.shmmni = 4096
kernel.sem = 250 32000 100 128
fs.file-max = 65536
net.ipv4.ip_local_port_range = 1024 65000
net.core.rmem_default = 1048576
net.core.rmem_max = 1048576
net.core.wmem_default = 262144
net.core.wmem_max = 262144

and execute

# sysctl -p

Next is time to set some environment variables for oracle user. Do not forget to put the in shell profile for oracle user. They should look's like

ORACLE_BASE=/home/oracle
ORACLE_HOME=$ORACLE_BASE/product/10.2.0
ORACLE_SID=test01

On this point it is very good idea to check the available diskspace in directory where will be installed oracle – you will need 4 GB average for software and database. To start successfully installer it's need to edit /etc/redhat-release and to change release from 5 to 4. Do not forget to return the value back later, otherwise you will be no able to update your server. Next is time to run runInstall. You will need running X server, because interactive installation need graphic display

[edit]
Actual installation

On the first step we choose advanced installation to have better control over the packages and options to be installed on the server. Later if it's need we can install additional packages almost seamless. Our target is Enterprise Server as more powerful and complex. on the next step Oracle Installer check for prerequisites for installation as physical memory, swap, networking, environment variables, etc. If you get warning about the amount of memory you can skip it without any problem. Next we will install only software without create new database. There is program, named dbca – database configuration assistant which one can help to create new database. Then read the summary screen and go back to change some packages you do not need or other parameter. It's out of scope of this document to discuss the idea and purpose of packages you can find in oracle database. Next we press install and wait a lot, because of very long process of installation. On the bottom part of the screen you can see the path to log file for current installation and you can inspect it if you get some errors or just from curiosity. In on of the stages of installation (almost on the end) you should execute 2 scripts as root user. And at the end we have installed Oracle database 10g. If you have patch mentioned above installation process for patch is similar: runInstaller....

Et voila, we are ready to play and test oracle on our RHEL 5 server :-)

tar over ssh to pipe files..

2008-11-04T15:55:00.002-05:00

I didn't have enough space on a vm i just built to copy all the data over as a tar and then untar it, so I went on a search...I found this and it worked VERY well:

From: http://www.cyberciti.biz/faq/howto-use-tar-command-through-network-over-ssh-session/

Q. How do I use tar command over secure ssh session?

A. The GNU version of the tar archiving utility (and other old version of tar) can be use through network over ssh session. Do not use telnet command, it is insecure. You can use Unix/Linux pipes to create actives. Following command backups /wwwdata directory to dumpserver.nixcraft.in (IP 192.168.1.201) host over ssh session.

The default first SCSI tape drive under Linux is /dev/st0. You can read more about tape drives naming convention used under Linux here.

# tar zcvf - /wwwdata | ssh root@dumpserver.nixcraft.in "cat > /backup/wwwdata.tar.gz"OR# tar zcvf - /wwwdata | ssh root@192.168.1.201 "cat > /backup/wwwdata.tar.gz"

Output:

tar: Removing leading `/' from member names
/wwwdata/
/wwwdata/n/nixcraft.in/
/wwwdata/c/cyberciti.biz/
....
..
...
Password:

You can also use dd command for clarity purpose:# tar cvzf - /wwwdata | ssh ssh root@192.168.1.201 "dd of=/backup/wwwdata.tar.gz"It is also possible to dump backup to remote tape device:# tar cvzf - /wwwdata | ssh ssh root@192.168.1.201 "cat > /dev/nst0"OR you can use mt to rewind tape and then dump it using cat command:# tar cvzf - /wwwdata | ssh ssh root@192.168.1.201 $(mt -f /dev/nst0 rewind; cat > /dev/nst0)$You can restore tar backup over ssh session: # cd / # ssh root@192.168.1.201 "cat /backup/wwwdata.tar.gz" | tar zxvf -If you wish to use above command in cron job or scripts then consider SSH keys to get rid of the passwords.

ubuntu intrepid ibex java needs icedtea

2008-10-17T08:55:00.002-04:00

in order to get mozilla working with java, you need to install the icedtea plugin after installing the open java stuff.

unix and windows: carriage returns with tr/sed/awk

2008-10-16T08:12:00.002-04:00

cat -v myfile.csv

...and then you will see them at the end of the line as ^M (Ctrl-M)

delete them using tr like this, but this will only work in the following form if "\r" is recognised as a carriage return character. Some versions of tr and sed do not. So before you try this out you should set up a test file with a few "r"s in it in obvious places to make sure the following command is not just deleting "r"s.

tr -d '\r' <> outfile.csv

If the above command deleted "r"s instead of carriage returns then instead of using '\r' use 'Cntl-v-m'. The Cntl-v works on a few shells to let it know that you are going to enter a special character and the "m" you follow it with indicates a carriage return. "m" as in the "^M" you see at the end of the lines when you use cat -v.

There are other ways of removing these carriage returns. You can use sed to do it but again you have to check is it accepts "\r" as a carriage return by experimenting on a very small test file with a few obvious "r"s in it.

sed 's/\r$//' infile.csv > outfile.csv

On a final note, you might have to convert a Unix file to a DOS/Windows file sometimes. You can do it like this:

awk '{ print $0 "\r"}' unix.txt > dos.txt

---

simple:
tr -d '\015' <> new.file

more simple:
perl -pi -e 's/\015//g' file

freebsd jails from sysinstall

2008-10-14T08:10:00.002-04:00

sysinstall nonInteractive=yes _ftpPath=ftp://ftp2.ch.freebsd.org/pub/FreeBSD mediaSetFTP distSetMinimum installRoot=/var/jails/192.168.0.1 releaseName=6.1-RELEASE installCommit

freebsd native firefox, linux-firefox, and linux-opera with flash and java.

2008-10-10T11:08:00.002-04:00

ok, i like firefox. dont really like opera. but...i had to succumb.

running freebsd 7 with native firefox for java v6 (diablo-latte) works great, and adds appropriate java entries to the pluginreg.dat which is actually shared with linux-firefox (for proper flash support...nspluginwrapper was causing flash to be out of synch (youtube) for me, but linux-firefox with linux-flashplugin7 worked fine.

linux-opera to the rescue ; everytime i started linux-firefox it would overwrite my pluginreg.dat (which i had some specific java variables in there) - it pissed me off that i couldn't use both firefoxes... i thought about maybe using a diff profile but it pulls pluginreg.dat before the profiles...so i just decided to use linux-opera and be done w/it. thats what i decided on.

btw, i hate flash and java. but both are necessary for my line of work...bullshit.

i need flash to watch videos and listen to music on youtube.
i need java to work with some screwed up oracle applications we use at work.

at least i get to use unix.

Renting or Owning a House...Hmm.

2008-09-27T22:31:00.002-04:00

Found this really good article... on yahoo. via digg i believe.

Taken from : http://realestate.yahoo.com/promo/renting-makes-more-financial-sense-than-homeownership.html;_ylc=X3oDMTFta3Jqcjk3BF9TAzI3MTYxNDkEX3MDOTc2MjA0NjUEc2VjA2ZwLXRvZGF5BHNsawNyZW50aW5nLWJldHRlcg--

Renting Makes More Financial Sense Than Homeownership

By Jack Hough

Sep 26th, 2008

ARTICLE TOOLS:

I have something un-American to confess: I rent an apartment, despite having enough money to buy a house. I plan to keep renting for as long as I can. I'm not just holding out for better prices. Renting will make me richer.

I normally write about stocks for SmartMoney.com, but the boss asked me to explain to readers my reason for renting. Here goes: Businesses are great investments while houses are poor ones, so I'd rather rent the latter and own the former.

Stocks vs. Houses: Returns

Shares of businesses return 7% a year over long time periods. I'm subtracting for inflation, gradual price increases for everything from a can of beer to an ear exam. (After-inflation or "real" returns are the only ones that matter. The point of increasing wealth is to increase buying power, not numbers on an account statement.) Shares have been remarkably consistent over the past two centuries in their 7% real returns. In Jeremy Siegel's book, "Stocks for the Long Term," he finds that real returns averaged 7.0% over nearly seven decades ending 1870, then 6.6% through 1925 and then 6.9% through 2004.

The average real return for houses over long time periods might surprise you. It's zero.

Shares return 7% a year after inflation because that's how fast companies tend to increase their profits. Houses have their own version of profits: rents. Tenant-occupied houses generate actual rents while owner-occupied houses generate ones that are implied but no less real: the rents their owners don't have to pay each year. House prices and rents have been closely linked throughout history, with both increasing at the rate of inflation, or about 3% a year since 1900. A house, after all, is an ordinary good. It can't think up ways to drive profits like a company's managers can. Absent artificial boosts to demand, house prices will increase at the rate of inflation over long time periods for a real return of zero.

Robert Shiller, a Yale economist and author of "Irrational Exuberance," which predicted the stock price collapse in 2000, has recently turned his eye to house prices. Between 1890 and 2004 he finds that real house returns would've been zero if not for two brief periods: one immediately following World War II and another since about 2000. (More on them in a moment.) Even if we include these periods houses returned just 0.4% a year, he says.

The average pundit, planner, lender or broker making the case for ownership doesn't look at returns since 1890. Sometimes they reduce the matter to maxims about "building equity" and "paying yourself" instead of "throwing money down the drain." If they do look at returns they focus on recent ones. Those tell a different story.

Between World War II and 2000 house prices beat inflation by about two percentage points a year. (Stocks during that time beat inflation by their usual seven percentage points a year.) Since 2000 houses have outpaced inflation by six percentage points a year. (Stocks have merely matched inflation.)

Stocks vs. Houses: Valuations

But while stock returns have come from increased earnings, house returns have come from ballooning valuations, not increased rents. The ratio of share prices to company earnings (the price/earnings ratio) has remained relatively steady. It's about 16 today, close to both its 1940 value of 17 and to its 130-year average of about 15. Not so, the ratio of house prices to rents. In 1940 the median single-family house price was $2,938, according to the U.S. Census, while the median rent was $27 a month, including utilities. That means the ratio of prices to annual rents was 9. By 2000 the ratio had swelled to 17. In 2005 it hit 20. We can adjust for the size of dwellings, but it doesn't make much difference. The ratio of single-family house prices to three-bedroom apartments is 19. In SmartMoney.com's home town of Manhattan, where more detailed data is available, the ratio of condo prices per square foot to apartment rents per square foot is 22.

Two main events have caused house valuations to inflate since World War II. First, the government subsidized housing by relaxing borrowing standards. Prior to the creation of the Federal Housing Authority in 1934 house buyers who borrowed typically put up 40% of the purchase price in cash for a five- to 15-year loan. By insuring mortgages, the FHA permitted terms of up to 20 years and down payments of just 20%. It later expanded the repayment periods to 30 years and reduced down payments to 5%. Today down payments for FHA loans are as low as 3%. Aggressive lenders offer loans with no down payments or even negative ones so that house buyers can borrow the full purchase price plus closing costs. Some require little documentation of income, assets or ability to pay.

That means more Americans can win loans for homes, and they can win them for far more expensive (larger) homes than their incomes previously allowed. Two-thirds of American households own homes today, up from 44% in 1940, even though the percentage of Americans living alone has tripled during that time. The ratio of house values to incomes has risen 260% in just under four decades.

A second event helped boost house demand in recent years. Share prices plunged in 2000. The Federal Reserve, fearing that the decline in stock wealth would cause consumers to stop spending, reduced the federal-funds rate, the core interest rate that determines the cost of everything from credit cards to mortgages, to 1% by the summer of 2003 from 6.5% at the start of 2001. Since most of the cost of financing a house over 30 years is interest, monthly house payments shrank and demand for houses soared. In some markets a string of big yearly increases in house prices led to panic buying.

Stocks vs. Houses: Conclusion

For house returns over the next 20 years to match those over the past 20, the government and private lenders would have to "up the ante" by relaxing borrowing standards further. Given the recent attention paid to swelling foreclosures, that seems unlikely. I suspect real returns will turn negative over most of the next two decades, but that house prices won't necessarily dip. Since 1963 they've done so in only two years, vs. 18 for stocks. That's because homeowners mostly just stick it out rather than sell during soft markets. But if house prices remain flat, they produce negative real returns due to the creep of inflation. According to calculations made by The Economist in the summer of 2005, house prices would have to stay flat for 12 years with annual inflation at 2.5% for the ratio of prices to rents to fall from its 2005 perch to merely its 1975 to 2000 average.

So to sum up why I rent: Shares right now cost 16 times earnings and over long time periods return 7% a year after inflation. Houses right now cost 19 times their "earnings" and over long time periods return zero after inflation. And they look likely to return less than that for a while.

On the following page I've tried to anticipate and address questions and objections.

Questions/Objections

"You can't live in your stocks" or "Renters throw money down the drain."

Rent is the cost of owning shares with money you would otherwise spend on a house. Houses have ownership costs, too: taxes, insurance and maintenance. Rent costs about 5% of house prices each year if we apply the price/rent ratio of 19. House incidentals often cost around 2%. If you have $300,000 and a choice between spending it on a house or shares, you'll pay $6,000 a year in incidentals if you buy the house or about $15,000 a year ($1,250 a month) in rent if you buy the shares. But the shares will return $21,000 a year after inflation while the house will return zero. (My numbers work out even better than these. I pay a smidgen less than $1,250 a month for rent, while house prices in my neighborhood are far higher than $300,000.)

Note that houses and shares have transaction costs, too. Home buyers pay around 1% in closing costs when they buy and 6% in broker commissions when they sell. Share buyers pay $10 trading commissions, which are negligible for buy-and-hold investors.

"House buyers get tax breaks."

So do share buyers, but both are a bad deal. The interest on loans for houses (mortgages) and shares (margin balances) is tax-deductible. But the rates are almost always too high. A big house loan presently costs 6.1% interest while a big stock loan costs about 9%. For the returns, we can forget about inflation because it helps debtors while hurting investors, making it a wash for those who borrow to invest. Still, nominal returns of 3% for houses and 10% for stocks aren't high enough to justify those rates. The tax breaks aren't really breaks at all. Moreover, a majority of homeowners don't claim them. Their incomes are low enough to make the standard deduction a better deal.

"What about the pride of home ownership?"

It's not for me. I define ownership as no longer having to pay for something and being able to do as I please with it. I own my coffee maker. House owners must pay taxes each year even when their mortgage payments are done. In certain markets they can't even make changes to the houses they've paid for without seeking the approval of others. Personally, I feel the pride of ownership for shares of businesses, and I'm proud to occupy a nice place while leaving the burden of poor returns and maintenance to someone else.

"You seem to knock government housing subsidies, but they've helped many Americans afford homes."

My inner socialist agrees. My other inner socialist worries that the government has effectively raised prices to the point where the middle class can't afford houses, or buries itself in debt to own them. My inner capitalist is too busy watching shares to care about house prices. My inner conspiracy theorist notes that while politicians tout the social benefits of homeownership none mentions its tax benefits to the government. I pay no taxes on the overall value of my stock portfolio, just on my cashed-in gains and collected dividends. But Americans pay taxes on the full $11 trillion worth of housing they own plus the $10 trillion worth of it they're still paying off.

"Houses are bigger than apartments."

True, and both can be rented. A third of renters live in single-family houses. I prefer an apartment for now. I like not having to fill it with stuff. I like using a fifth of the energy of the average American. I like being 20 minutes from work and (this is unique to New Yorkers) not having owned a car in 10 years. I like not stressing over whether to get the marble countertops or the imported tiles or the 52-inch flat screen. I'm not especially frugal; I spend a teacher's salary each year on restaurants and travel. But I guess I'm too busy or lazy right now to bother with a big house and its innards.

"Are you saying I should sell my big house and rent an apartment instead?"

No, unless you have more space than you need and moving wouldn't be disruptive to your family, and you want to cash in on recent housing gains, make more money over the next couple of decades, use less energy while simplifying your life, and you don't mind seeming odd to friends. In which case, yes. But really, I'm not trying to win anyone over. Strong demand for houses keeps my rent cheap.

"Renting is for poor people."

True. But it's for rich people, too. The average renter makes about $34,000 a year, but while the percentage of renters declines after incomes exceed $20,000 and rents exceed $600 a month, it jumps again once incomes top $150,000 and rents top $1,200 a month. In other words, poor people rent modest apartments for lack of choice. Middle-income people buy houses. High-income people, presumably with a dose of financial savvy, often rent nice apartments instead of buying.

"You say houses return zero. But I've made a fortune on my house in recent years."

I'm referring to inflation-adjusted returns over long time periods, absent external boosts to demand. You're referring to gross returns over a short time period that combined lax borrowing standards and ultra-low interest rates. Over the next 20 years I believe houses will return zero or slightly less after inflation and that stocks will return 7%.

"So you're never going to buy a house? What about raising a family?"

I might buy one eventually, but the longer I can put it off the more I'll get out of the shares I'll have to sell to afford it. I'm 34 now with a fiancée and a fish. I'm going to try to rent for at least 10 more years. If I have kids I'll probably move into a big apartment or a house once they reach running-around age. I'll rent, most likely.

10 Books that will Substitute A Computer Science Degree

2008-09-26T07:06:00.003-04:00

Found this list of books online, copied it down because I thought it was interesting. Now I'll share it with you. I do not have a CS Degree...and I do not want one - My degree is in History. However, this might be of interest to those who don't have one and DO want one...Or those who have one they're not happy with. (Hence, why I don't have one.)

1. Godel Escher and Bach by Douglas Hofstadter
Godel, Escher and Bach, written by Douglas Hofstadter, while the title would suggest it is discussion of a mathematician, an artist, and a composer, is a complex examination of how human beings develop perception and meaning. More specifically, the book explores, through a series of dialogues and narrations, how symbols, thought and language are all intertwined and how reality is essentially a composition of overlapping meanings and perceptions. The book challenges the reader to observe the system of symbolic meanings around him or her objectively.
2. The Art of Programming by Donald Knuth
The Art of Programming, by Donald Knuth, is a comprehensive, multi-volume work discussing various programming algorithms and their analysis. The work was voted by American Scientist as one of the twelve best scientific monographs of the twentieth century. The author famously offered a reward of two dollars and fifty cents for anyone who found and reported an error in the text. The work features exercises of multiple difficulty levels, from basic warm up exercises to ongoing research problems, allowing the reader to work up his skill and familiarity with the material.
3. The Elements of Programming Style by Brian W. Kernighan and P. J. Plauger
The Elements of Programming Style, by Brian W. Kernighan and P. J. Plauger, is an influential book on the study of computer programming styles and languages. It endorses the strategy that computer programs should be written not only to satisfy the compiler, but also keep the human readers in mind. The book utilizes examples taken from actual, published programs. The book’s recommendations are made in the context of the examples which are realistic rather than an academic vacuum.
4. Theory of Parsing, Translation and Compiling, by Alfred V. Aho, and Jeffrey D. Ullman
The book, Theory of Parsing, Translation and Compiling, by Alfred V. Aho, and Jeffrey D. Ullman, is intended for a senior or graduate course in compiling theory. It is a theoretical treatment of a practical computer science subject. Since computer science is an ever changing area of study, this book emphasizes ideas, rather than specific application details. The algorithms and concepts presented in the book should survive to new generations of computer technology, programs and systems. Numerous examples are given, with specific context, rather than on the large complicated contexts normally found in implementations, even in cases where the theoretical ideas are difficult to understand in isolation.
5. The Computer and the Brain, by John von Neumann
The Computer and the Brain, by John von Neumann, is theoretical work which examines mathematics, logic’s, and statistics as the basic tools of information. The book explores how these subjects make up the entirety of the planning, usage and coding of computers. The author explores how mathematics and logic are related to the functions of the organic human brain in the same way they are applied to the artificial automated computer processor.
6. A Programming Language, by Kenneth E. Iverson
A Programming Language, by Kenneth E. Iverson, explores how programming language is a signifier for a whole host of mathematical algorithms and procedures. The book focuses on specific areas of application which serve as universal examples and are chosen to illustrate particular facets of the effort to design explicit and concise programming languages.
7. Writing Efficient Programs, by Jon Louis Bentley
Writing Efficient Programs, by Jon Louis Bentley, illustrates to the reader how the
primary task of a software designer is the development of programs that are not only useful, but easy and inexpensive to maintain. Moreover, the book explores how software must have specific application as well as versatility to me modified for unforeseen uses. Lastly, efficient programs must be efficient to write as the cost of writing will determine their competitiveness in the software market.
8. Computation: Finite and Infinite Machines, by Marvin L. Minsky
Computation: Finite and Infinite Machines, by Marvin L. Minsky, explores how the
introduction of the computer in the last half century has affected the fabric of human society. The book essays to describe the application and limitation of computer technology as it relates to human progress and potential.
9. Operating System Principles, by Per Brinch Hansen
Operating System Principles, by Per Brinch Hansen, gives computer science and professional programmers a general explanation and analysis of operating systems. The book explains how an OS works to allow sharing of information easy and efficient.
10. Artificial Intelligence, by Elaine Rich
Artificial Intelligence, by Elaine Rich, gives programmers an introduction to the techniques and problems associated with A.I. The book features references throughout that allow the reader to pursue the topics deeper than would be possible within the defined scope and space limitations of the book.

If You Like What You Read Please Take The Time To Share It!

Samba / CIFS mounting in Xubuntu Linux with OS X Shares

2008-09-09T09:48:00.002-04:00

Add this to /etc/fstab
//saturn/sharename /home/username/mounted.smbfsdir smbfs iocharset=utf8,credentials=/home/username/.smbcredentials,uid=1000 0 0

cat ~username/.smbcredentials
username=user
password=pass

perms on .smbcredentials
-rw------- 1 root group 37 2008-09-09 09:12 .smbcredentials

-- On the Samba Server so you can follow symlinks properly in the share dir

follow symlinks = yes
wide symlinks = yes
unix extensions = no

Oh No! Vmware ESXi bug.

2008-08-12T15:21:00.002-04:00

Interesting details on the bug affecting vmware. For me, specifically ESXi - I just killed ntpd for now.

--

As of tomorrow morning, VM's running on all hosts with ESX 3.5U2 in enterprise configurations will not power on. VMotion/HA/DRS will probably also not work.

Boom.

Apparently, there is some bug in the vmware license management code. VMware is scrambling to figure out what happened and put out a patch.

Running VM's will not be immediately impacted.

There is a major discussion going on in the vmware communities about the issue: http://communities.vmware.com/thread/162377?tstart=0

OK, while we're all remaining calm....just imagine the implications that bugs like this can occur and get past QA testing....5 years down the road, nearly all server apps worldwide running in VM's if you believe a lot of forecasts ......some country decides to initiate cyberwarfare and manages to get a backdoor into whatever is the prevailing hypervisor of the day.....boom. All your VM's are belong to us.

I honestly think a lot of the hype from those who want to build a vm security industry is crap, but god protect us if the baseline code for critical hypervisors like ESX isn't kept secure and regularly audited.

I'd love to find out what happened here.

What regression testing on new releases does vmware do to check for date based bugs? I'd think they'd at least check for simple things like changing the date to 1 year or 1 month in the future.

UPDATE: Frank Wegner has posted the following suggestions:

You can see the latest status here: http://kb.vmware.com/kb/1006716 Please check back often, because it will notify you when this issue has been fixed. Until then the best workaround I can think of is:
* Do nothing
* Turn DRS off
* Avoid VMotion
* Avoid to power off VM's

I'd council against turning DRS off as that actually deletes resource pool settings....instead, set sensitivity to 5 which should effectively disable it w/ minimal impact.

UPDATE 2: VMware Website appears to be having trouble keeping up with people requesting updates.

UPDATE 3: VMware has stated they will have fixes available in 36hrs at the earliest.

UPDATE 4: Anand Mewalal comments:

We used the following workaround to power on the VM's.
Find the host where a VM is located
run ' vmware-cmd -l ' to list the vms.
issue the commands:
service ntpd stop
date -s 08/01/2008
vmware-cmd /vmfs/volumes/vm path/vmname.vmx start
service ntpd start

UPDATE 5: Apparently, there are no easily seen warnings in logs/etc or VC prior to hitting the bug. VC will continue to show the hosts as licensed and no errors will appear in vmkernel log file until you try to start up a new vm, reboot a vm, or reboot the host.

UPDATE 6: Welcome Slashdot readers! I've temporarily disabled comments to allow the server vm to handle the load. Apparently Movable Type 4.1 executes a seperate perl cgi script to handle comments on each page load. Load times might have been slow for the last 45 minutes, but should be OK now.

UPDATE 7: I made some minor corrections to this entry that others have requested.

SSH enable in VMWARE ESXi

2008-08-12T11:51:00.002-04:00

ESXi 3.5 does ship with the ability to run SSH, but this is disabled by default (and is not supported).

1) At the console of the ESXi host, press ALT-F1 to access the console window.
2) Enter unsupported in the console and then press Enter. You will not see the text you type in.
3) If you typed in unsupported correctly, you will see the Tech Support Mode warning and a password prompt. Enter the password for the root login.
4) You should then see the prompt of ~ #. Edit the file inetd.conf (enter the command vi /etc/inetd.conf).
5) Find the line that begins with #ssh and remove the #. Then save the file. If you're new to using vi, then move the cursor down to #ssh line and then press the Insert key. Move the cursor over one space and then hit backspace to delete the #. Then press ESC and type in :wq to save the file and exit vi. If you make a mistake, you can press the ESC key and then type it :q! to quit vi without saving the file.
6) Once you've closed the vi editor, run the command /sbin/services.sh restart to restart the management services. You'll now be able to connect to the ESXi host with a SSH client.

ESXi Adventures -

2008-08-12T10:56:00.002-04:00

From: http://traviskensil.wordpress.com/2008/08/11/esxi-adventures/

ESXi Adventures

August 11, 2008 · No Comments

This post will focus on some of the positives and negatives and some of my experiences thus far that I’ve had with ESXi. Part of this post will also outline some of my plans for backup/restore with the hopes of generating other’s opinions of the viability of these options, since very few exist from VMware currently.

COMPATIBILITY: Personally, I’ve always gone against the “norm” and run stuff that shouldn’t be run on things…I guess I like to tempt the odds. Same thing with ESXi. So far I’ve run ESXi on a Dell Poweredge 1900 and my Intel-motherboard based workstation with zero issues. My theory goes that most modern day servers/workstations should be compatible with it; or at least should have some way of making it work. Will soon be testing it on a Dell 2600 as well. Also tested on a Gateway workstation (E series) and confirmed IT DOESN’T work. The PERC controllers seem to be recognized and play well with ESXi. I know I’ve seen that HP and some Sun stuff also works well…we are 100% Dell for servers so thats the limit of my testing ability. I am sure as time rolls on that ESXi will mature in its compatibility ability.

INSTALL: Install is a piece of cake. Basically goto VMware’s site, give them your life history, then download the 200MB .ISO file and receive your license key and your good to go. Install should find your RAID/SATA controller right off the bat and present it as an option….if it doesn’t…..better switch hardware. I have also been investigating USB-boot…some guy on the Vmware communities’ seems to have got it figured out.

http://communities.vmware.com/blogs/Knorrhane/2008/01/21/installing-esx-3i-on-usb-stick

For my platform I just installed to the local disks; will be migrating to the USB drive soon!

BACKUP: I hate to complain about FREE but come on VMware….at least give us something to backup with. Maybe we don’t need enterprise features but a basic tool would be nice. Now, apparently according to the documentation there is the CLI-based way but there still should be some kind of GUI to it all…especially when you consider how nice the Infrastructure client is. This is one area where ESXi DOES NOT shine at all….in fact its a large disappointment! Later this year some 3rd party products are suppost to begin supporting ESXi backup but most can’t wait 3-6 months while thats figured out. If Microsoft Hypervisor has this it definitely could turn the tables for our support of VMware. I have however, devised a simple way to provide a basic level of backup. It is as follows….

ESX CONFIG/HOST

1) Create image of USB drive contents (using Winimage http://www.winimage.com/winimage.htm or other similiar tools). This should in theory preserve the entire ESXi config, directory/drive structure required to get the system going. The first part is to take the image and save it somewhere.

2) The second part is to take the image of USB1 and copy it to USB2 which should allow for a backup USB stick should the primary fail or become corrupt.

Virtual Machines

1) After successfully creating/importing the virtual machine, power it done properly. Go into the Datastore Browser and manually download the virtual machine files. Store in a safe place.

2) Obviously take the usual backups from within the virtual machine, use a backup proxy or however you perform “normal” backups.

That is my backup plan for ESXi currently. I have tested parts of it and found success…others need work. Ideally this would allow you to restore the ESXi config, restore your virtual machine then merge the most current data and be back up and running in a short period of time. I have yet to test this process. Please….let me know your thoughts as well….anyone got a better solution?

VMware Infrastructure Client

This is the one place ESXi shines and shines bright! The interface is clean and very easy. Tabs give access to everything one would need to know. I LOVE the networking visualization it shows; groups physical cards to virtual switches/groups…very nice. The performance and reporting per virtual machine or per server is sweet! My only gripe is that I experienced some bad delay when switching virtual machine consoles. I can’t completely rule out the workstation I was on but it still seemed pretty noticable. Also…be aware that ESXi itself doesn’t have any kind of network/IP checking in it. (Realized too late in the process that two machines had conflicting IPs…the ESXi console made no mention of that) To install the client just simply goto the IP address of the box (listed on the physical server’s console)…a splash page will load with download links to the software.

Thats pretty much it for now. Also, the VMware converter does a nice job of bringing in existing VMs into ESXi. My only complaint is the lack of efficient backup in the product. I realize VMware needs to make money, but I think a basic feature like backup, even in a simple form, should be included. Just having a simple export config and VM option would be fine. Most companies use 3rd party software for the majority of their backup needs anyway. I do feel this is one area that will limit ESXi’s deployment. Microsoft Hypervisor includes stuff like LIVE backup in its product without additional licensing (http://www.microsoft.com/windowsserver2008/en/us/virtualization-consolidation.aspx or so its site claims) which has VMware at an extreme disadvantage. The Infrastructure client is nice, but without backup included it is pretty useless I think.

So theres my results starting out. I failed to mention…my test environment is a Dell Poweredge 1900….running Domain Controller, Exchange 2003, Ubuntu Web/DNS services, File/Print servers and a test WinXP. So far so good.

With that said….anyone else using ESXi in testing or production use? What are your backup thoughts? Please share!

How does VMware ESXi Server compare to ESX Server?

2008-08-11T16:40:00.002-04:00

From: http://www.virtualizationadmin.com/articles-tutorials/vmware-esx-articles/general/vmware-esxi-server-compare-esx-server.html?printversion

How does VMware ESXi Server compare to ESX Server?

Published: Aug 06, 2008
Updated: Aug 06, 2008
Section: General
Author: David Davis
Printable Version

In this article we explain how VMware ESXi (the “thin” version) and ESX Server (the “full version”) compare to each other and why it is important to know the differences, as a VMware Virtualization Admin.

Introduction

Most of you are familiar with VMware ESX Server as it has been around for so many years. ESX Server offers the “service console” built in and it is a rather large installation (in comparison to ESXi). The latest version of ESXi is “thinner” and lacks the service console. You should note that ESXi is NOT a replacement for the traditional ESX Server but, instead, an alternate version available. In my opinion, neither of these versions is “better” than another. Instead, these two versions are just “different” from one another. Let us learn how these two differ and help you determine which one is best for you.

What are the 10 major differences between VMware ESX Server and ESXi Server?

1. VMware ESXi Server has no service console

The traditional (full) ESX Server has a special built-in virtual machine called the “service console”. This service console is really a modified version of Red Hat Enterprise Linux that is installed and running in every ESX Server by default. The service console has special access to the VMware-proprietary VMFS file system. 3rd party applications can be installed in the service console and Linux-based utilities can be run in the service console. Additionally, VMware includes a number of ESX-related tools in the service console, most of which start with “esxcfg-“ and they are run by accessing the service console with SSH.

As VMware ESXi Server has no service console, there is no SSH access to the server and there are no 3rd party applications that can be installed on the server. However, there are also benefits to NOT having these features (discussed more below).

2. VMware ESXi Server uses RCLI instead of service console utilities

As ESXi doesn’t have any CLI with VMware-related or Linux utilities, VMware needed to provide a CLI interface to ESXi. What VMware came up with is the Remote Command line Interface (RCLI). This is an application that you typically install as a VM and it is used to perform scheduled or ad hock scripting on the VMware Infrastructure. The ESXi RCLI is its own command line where ESX server service console scripting would be made up of mostly Linux utilities.

For more information on how to manage ESXi, take a look at Managing VMware ESXi.

3. VMware ESXi Server is extremely thin = fast installation + faster boot

Because the service console has been removed from ESXi, the footprint in memory has been reduced to just 32MB. In my opinion, it is truly amazing that you can run a hypervisor, allowing you to run virtual machines on your server, with just 32MB of RAM overhead. In comparison, the full ESX Server on disk footprint is about 2GB.

Because the hypervisor is so small, the installation happens in about 10 minutes (or so) and the server boots up in 1-2 minutes. This is quite different from the full ESX server installation and boot, both of which are longer.

4. VMware ESXi Server can be purchased as an embedded hypervisor on hardware

While ESXi is so small that it can be easily installed and can even be booted from a USB Flash disk, what is truly unique about ESXi is that it is being sold by hardware vendors as a built-in hypervisor. That means that, say, you buy a Dell server, ESXi can be built inside the server (embedded) on a flash chip, on the motherboard. There is no installation of ESXi on disk.

5. VMware ESXi Server’s service console (firewall) is configured differently

As there is no service console to protect with the ESX Server security profile (software firewall), the security profile configuration in ESXi is very simplistic. The ESXi security profile configuration consists of a couple of services that you can either enable or not enable with inbound access. Here is a comparison between the two:

Figure 1: ESXi Security Profile – only 2 services

Figure 2: VMware ESX Server (full) Security Profile

For more information on how to configure VMware ESX Server Security Profiles – see my VirtualizationAdmin.com article How to schedule tasks with the VMware Infrastructure Client and ESX Server.

6. VMware ESXi Server has a “yellow firmware console”

Instead of the full ESX Server “service console” boot (which looks like a Linux server booting), ESXi has a tiny “Direct Console User Interface (DCUI)”. Unofficially, I like to call this the “yellow firmware console”. In this ESXi console, all that you can configure are some very basic ESXi server options such as the root user password, network settings, and a couple other items. In the graphic below, you can see why I call it “yellow”:

Figure 3: ESXi yellow firmware console / DCUI

Because this tiny firmware console (did I mention that it’s yellow?) has so few features, the server is virtually “stateless”. A new server can be configured in seconds because there is almost nothing to configure.

7. VMware ESXi Server has server health status built in

With ESXi some hardware monitoring features are built into the hypervisor. With ESX Server, this is not yet built in. Instead, you must install hardware monitoring software in the service console. For more information on ESXi server health status and how to install vendor-specific utilities to provide similar information on ESX Servers, please see my article: Obtaining server health status in VMware ESX and VMware ESXi.

Figure 4: ESXi Health Status

8. Some networking features are configured through the service console are not available or are experimental

As ESXi is relatively new and as ESX server has the option to install code for advanced ESX Server features, not all features available in the full ESX Server are also available in ESXi. In fact, I have had issues getting VMware High Availability (VMHA) to work in ESXi. VMHA was not officially supported on ESXi until some recent patches came out for ESXi. Still, even after the patches, I had difficulties with ESXi and VMHA.

There are other ESX Server features that are “experimental” on ESXi. For the full list visit: Differences in Supported Networking Features Between ESX Server 3.5 and ESX Server 3i

9. VMware ESXi Server requires fewer patches and less rebooting

Because the full ESX server essentially has a modified Linux system as the service console, there are many patches that have to be deployed to keep it secure. With ESXi, on the contrary, the server has very few patches that need to be applied. Because ESXi has no service console and it is considered more secure and more reliable. Security, Reliability, and Maintainability, are all major factor when considering a hypervisor.

10. You can buy VMware ESXi Server for as little as $495

With the full version of ESX Server, the least expensive purchase option is the Foundation (Starter) kit for about $1,500, while you can purchase ESXi only (with no support) for $495. On the other hand, if you do get the Foundation kit, you not only get the full ESX Server but also ESXi and a number of VMware Infrastructure Suite options. Still, obtaining ESXi for under $500 allows a server to do so much more than it ever could before.

Which version of VMware ESX Server is best for you?

I am not here to sell you on VMware, on ESX Server, or ESXi Server, what I am here to do is to inform you of the drastic differences between these two versions of “ESX Server”. In my opinion, ESX Server (full) must be used if you have 3rd party apps or if you just want to have access to the “Linux-style” service console.

On the other hand, if you are willing to give up those two benefits, with ESXi, you will get an ESXi Server that boots faster, has fewer patches to deploy, and is more reliable. ESXi is also the least expensive option.

I recommend testing both VMware ESX Server and ESXi server. Both are available for a free evaluation download from VMware Inc.

Conclusion

In this article, you learned about VMware ESX Server the differences between ESXi and ESX Server. Additionally, you learned about how to make the right choice for you. Both of these hypervisors from VMware can be evaluated at no cost.

For more information on VMware ESXi and its architecture, take a look at: VMware.com Whitepaper – the Architecture of VMware ESXi.

For information on ESXi’s features, visit: VMware.com ESXi Features.

iSCSI Initiator Support on FreeBSD 7

2008-08-11T16:38:00.002-04:00

Thanks to http://www.cyberciti.biz/faq/freebsd-iscsi-initiator-howto/

Q. How do I install and configure iSCSI initiator service under FreeBSD server?

A. FreeBSD 7.x has full support for iSCSI. Older version such as FreeBSD 6.3 requires backport for iSCSI. Following instruction are known to work under FreeBSD 7.0 only.
FreeBSD iscsi_initiator driver

The iscsi_initiator implements the kernel side of the Internet SCSI (iSCSI) network protocol standard, the user land companion is iscontrol and permits access to remote virtual SCSI devices via cam.
Compile driver

Please note that FreeBSD 7.x has this driver compiled by default. You can skip this step if driver exists at /boot/kernel/iscsi_initiator.ko. To compile this driver into the kernel,
# cd /usr/src/sys/i386/conf
# cp GENERIC ISCSIKERNEL
# vi ISCSIKERNEL
Place the following lines in your kernel configuration file:
device iscsi_initiator
Save and close the file. Building a Kernel, type the following commands:
# cd /usr/src
# make buildkernel KERNCONF=ISCSIKERNEL
Install the new kernel:
# make installkernel KERNCONF=ISCSIKERNEL
Now reboot the system:
# reboot
Install iSCSI Initiator driver under FreeBSD

You need FreeBSD kernel driver for the iSCSI protocol. You need to use driver called /boot/kernel/iscsi_initiator.ko. You can load this driver by typing following command as root user:
# kldload -v iscsi_initiator.ko
Output:

Loaded iscsi_initiator.ko, id=6

Alternatively, to load the driver as a module at boot time, place the following line in /boot/loader.conf:
# vi /boot/loader.conf
# Beginning of the iSCSI block added by Vivek
iscsi_initiator_load="YES"
# End of the block added by Vivek
Save and close the file.
FreeBSD iscontrol command to login / negotiator / control for an iSCSI initiator session

Now, you need to use iscontrol command. First, do a discovery session and exit:
# iscontrol -d targetaddress=iSCSI-SERVER-IP-ADDRESS initiatorname=nxl
# iscontrol -v -d targetaddress=192.168.1.100 initiatorname=nxl
Please note down the list of available targetnames/targetadresses. Once you know the target name, edit /etc/iscsi.conf file:
# vi /etc/iscsi.conf
Append config directives as follows:

officeiscsi {
authmethod = CHAP
chapIName = YOUR-ISCSI-USERNAME
chapSecret = YOUR-ISCSI-PASSWORD
initiatorname = nxl
TargetName = iqn.XYZZZZZZZZZZZZZ # whatever "iscontrol -v -d " gives you
TargetAddress = 192.168.1.100:3260,1 # your iscsi server IP
}

Save and close the file.
Where,

* officeiscsi { : Start config for iSCSI.
* authmethod : Set authentication method to chap
* chapIName : Your username
* chapSecret : Your password
* initiatorname : if not specified, defaults to iqn.2005-01.il.ac.huji.cs:
* TargetName : is the name by which the target is known, not to be confused with target address, either obtained via the target administrator, or from a discovery session.
* TargetAddress : is of the form domainname[:port][,portal-group-tag] to quote the RFC: The domainname can be specified as either a DNS host name, a dotted-decimal IPv4 address, or a bracketed IPv6 address as specified in [RFC2732].
* } : End of config

Start an iSCSI session

The following command will read options from /etc/iscsi.conf, use the targetaddress found in the block nicknamed myiscsi, login and negotiate whatever options are specified, and start an iscsi-session.
# iscontrol -c /etc/iscsi.conf -n officeiscsi
Once you run the iscontrol command it should create a new device in /dev directory. To see the device name run dmesg command:
# dmesg
Format iSCSI volume

Now run sysinstall command to format just discovered iSCSI device name at /dev location:
# sysinstall
Select Custom > 3 Partition > Select iSCSI device name such as da1. Once formatted just mount device, enter:
# mkdir /iscsi
# mount /dev/da1s1 /iscsi
You may also need to update /etc/fstab file:
/dev/ad1s1 /iscsi ufs rw 3 3

get in shape with little or no equipment:

2008-08-09T07:26:00.002-04:00

http://lifehacker.com/400053/get-in-shape-with-little-or-no-equipment

ESXi - [Unsupported] Console Access

2008-08-08T07:23:00.002-04:00

ESXi - [Unsupported] Console Access

To access the ESXi console in unsupported mode do the following.

1. Open the console of your ESXi host, you should see a screen that look something like the following ( altered to protect the innocent ):

2. Use the key-combo Alt+F1, and you'll bounce to a virutal terminal (vtty1) with some log messages in it. Though you won't get a response to any characters that you type in here type 'unsupported' and then hit enter.

3. Once you access the unsupported mode, you'll be greeted with a friendly reminder that you shouldn't be accessing the console without the help of your friendly neighborhood VMware support engineer. Enter your root password here and you'll have unfettered access to the console. Some of your old friends are still here like esxtop and esxcfg-mpath, and so are some new ones like esxcfg-locker.

Standard warnings apply here. You really shouldn't be messing around in here if you don't know what you're doing.

Lol...Very interesting article on people types who will ruin your party...

2008-07-31T08:09:00.002-04:00

http://www.holytaco.com/2008/07/29/8-people-who-will-ruin-your-party/

Throwing a party is a lot of work, so it’s a real disappointment when somebody you invited ruins it. Here’s 8 types of people to watch out for before you make your next invite list.

8. Person Who Insists On Cleaning Up Your Party While It’s Still Going On

WHERE YOU CAN FIND THEM: Right in front of you, asking if your drink is finished. Or, methodically moving through the party with a white trash bag and a look on their face as if they’ve been hunting Osama Bin laden for the last 6 years and have narrowed down his whereabouts to somewhere in this party.

WHY THEY WILL RUIN YOUR PARTY: Drinking a beer, much like sex, is far less enjoyable when someone is asking you if you’re finished every five minutes. It’s great that they want to help you clean up, but if you’ve decided to have a party, you’ve already resigned yourself to the fact that when it’s over, your house is going to probably look like the bathroom that Cary Elwes and Danny Glover woke up in, in the first Saw movie. I wonder if these people also decide to wipe their ass in the middle of taking a shit, just to “cut down on the work that has to be done when it’s all over!”

7. GUY WHO GETS WASTED IN THE FIRST HOUR

WHERE YOU WILL FIND HIM: Right by the fridge, bro, cause that’s where all the beer is!

HOW HE WILL RUIN YOUR PARTY: From the moment this guy shows up, everything he says has an exclamation point at the end of it. “This party rules, dude!” “I am ready to party TO-night!” “Let’s shotgun these, bro!” “Tits!” Then, one hour and 13 beers later this guy is incoherent, weaving on his feet and saying stuff like “Paartyyyygjlskdvm…” So, instead of kicking back and hanging out with your friends, you have to spend the rest of the night making sure he doesn’t puke on your couch, piss in your plants or crap on your coffee table.

6. Person Who Only Knows You

WHERE YOU CAN FIND THEM: About two feet to the right of you, standing silently, staring at either you or the person you’re talking to.

WHY THEY WILL RUIN YOUR PARTY: You invited them because during the four and a half minutes a day you talk to them at work, they seem pretty cool and/or really enjoy the impression you do of a fellow coworker. Except as soon as they get to your party, they tense up like Alex Rodriguez’s asshole during a game in October. You have two options at this point, 1) entertain them and include them in every conversation you have the entire night, like they’re your wife or husband even though you probably don’t know their last name, or 2) leave them on their own which leads to them standing in a corner by themselves, staring at you, causing your friends to ask you “I think that dude in the corner is planning on raping you.”

5. GIRL WHO STARTS CRYING

WHERE YOU WILL FIND HER: She’s usually holed up in the bathroom (taking up valuable toilet space) with three of her bestest girlfriends—all three of whom are overweight.

HOW SHE WILL RUIN YOUR PARTY: The worst part is that this girl isn’t crying because her parents just died or she lost a limb. She’s sobbing into a fistful of tissues because she always needs to be the center of attention. If everyone’s not focused on her and all her problems, she just starts crying louder about her job or some lame guy who won’t date her or how fat her friends are. This means you either sit there and let her bring down the vibe of your party or you take her outside and listen to her whine about absolutely nothing. If possible, pair her up with the super wasted guy. She’ll think he’s listening and he’ll think he’s going to score.

4. Person Who Just Got Dumped By Their Girlfriend/Boyfriend

WHERE YOU CAN FIND THEM: In any corner where they were able to trap and force someone to listen to them talk about how they “don’t know what happened,” and how it “seemed like things were fine and then all of a sudden she just said that she thought that we were different people now. What does that even mean? Do you know, because I sure as fuck don’t! I just miss her so much. My name’s Brian by the way.”

WHY THEY WILL RUIN YOUR PARTY: If I wanted people to get depressed as fuck at my party, I’d screen a copy of Schlindler’s list. The problem with these people is, they don’t care who they talk to, and no excuse you give will stop them from talking to you. “Hey, I gotta run to the bathroom,” “No worries, I’ll just wait for you until your done, unlike my EX girlfriend, who wouldn’t wait no matter HOW important it was to go to the bathroom and would just leave you with NOTHING while you were in there.”

3. Creepy Dude Who Tries To Bang Chicks At The Very End Of The Party

WHERE YOU CAN FIND THEM: Towards the end of the party, he’ll be wherever he hears the words “I can’t believe my friends left without me, they were my ride!” or “I’m so (hiccup) fucked up (hiccup) I gotta lay down or something.”

WHY THEY WILL RUIN YOUR PARTY: There’s a reason why this dude waits till the end of the party to try and score; he’s way too fucking creepy to do so when someone isn’t in some sort of desperate situation. Thus, although he’s there because he’s either family, a neighbor, or someone else invited him, you now have to hope to God he doesn’t take advantage of someone at your party, otherwise your party will not be remembered as “That Fourth of July Party at Bill’s house,” and instead be remembered as “that party at Bill’s house where that creepy guy tried to fingerbang Michele while she was puking.”

2. Couple Who Brings Their Baby

COUPLE WHO BRING THEIR BABY: Off to the side, on their knees, pleading with a 6 month old child to stop screaming or right next to you, asking you where he can dispose of a shit filled diaper.

WHY THEY WILL RUIN THEIR PARTY: Nothing says party like the sound of a screaming child and the stench of talcum powder and baby diarrhea! If there was a dude puking, shitting and crying at your party, would you be cool with that? No, you’d either be like “Who the fuck brought this guy?” But if you say that about a baby suddenly that makes you an asshole. Meanwhile, the party sucks becase everyone is being super cautious and attentive to the baby, as if the other 99% of the time that they’re not there the baby is barely eluding death due to unsupervision.

1. THE POLITICS GUY

WHERE YOU WILL FIND HIM: At the beginning of the night he usually stands right next to the front door where he overtly shows off his political button or T-shirt that says something like “Once You Go Barack, You Won’t Go Back” or “McCain = McStupid.” Then, after everyone shows up, he stealthily mingles from group to group while nonchalantly dropping lines like “Did you see what those fatcats tried to pull?” anytime there’s a lull in the conversation.

HOW HE WILL RUIN YOUR PARTY: No one in the history of parties has ever changed their political beliefs based on some asshole screaming about health care reform in the kitchen of a two bedroom apartment. His endlessly tiresome factoids and statistics about how much oil we consume and how the death penalty doesn’t work will make your guests either leave or kill themselves where they stand.

OTHER STUFF YOU MIGHT LIKE:

8 Truthful Celebrity Autobiography Covers

9 College Mascots That Should Be Real

The 8 Places You Probably Lost Your Virginity

Highlights Magazine: The Evil Version

7 Best Paternity Results Reactions

Java...fail.

2008-07-29T20:21:00.002-04:00

from: http://itmanagement.earthweb.com/entdev/article.php/3761921

The 'Anti-Java' Professor and the Jobless Programmers
By James Maguire
July 29, 2008

When I noticed that this list of the popular programming languages placed Java in the top position, I picked up the phone to call Robert Dewar. Several months back I interviewed Dewar, a professor emeritus of computer science at New York University, about Java’s role in the college classroom.
What he said in that interview about Java in the classroom wasn’t pretty.

In essence, he said that today’s Java-savvy college grad is tomorrow’s pizza delivery man. Their skills are so easily outsourced that they’re heading for near-term obsolescence.

Dewar stresses that he’s not against Java itself. But the fact that Java is taught as the core language in so many colleges is resulting in a weak field of computer science grads, he says.

The reason: students’ reliance on Java’s libraries of pre-written code means they aren’t developing the deep programming skills necessary to make them invaluable. Colleges, alarmed by falling CS enrollment, have dumbed down the course requirements. Consequently, CS majors sail through a curriculum of Math Lite, earning a smiley-face on their papers for “developing” projects using pre-built libraries.

In the end, they graduate with a diploma whose value is questionable. They may be equipped for a dynamic career in fast food delivery, yet they are not fully prepared to compete against what is now a global field of rigorously educated software developers.

But What About the List?

But wait a second, Professor Dewar. (Actually, Dewar is both a professor and a CEO. He co-founded AdaCore, whose clients include Boeing and Lockheed Martin, so his experience includes decades in private industry.) I wanted to ask him, since this list of popular programming languges puts Java at No. 1 – ahead of biggies like C, C++ and Visual Basic – doesn’t that negate his theory?

I mean, if Java is this popular, maybe universities should teach it first. It called “being in touch with the real world,” isn’t it?

“This list is pretty meaningless in my opinion,” he says. “Using YouTube and Google to measure popularity just means that you pick up the buzz factor. Many serious application developers are not even present on the Web, which tends to overemphasize academic and hobbyist views. As the list itself says, this has nothing to do with quality of languages or level of usage.”

“Furthermore, Java is mainly used in Web applications that are mostly fairly trivial,” Dewar says, with his characteristic candor. “If all we do is train students to be able to do simple Web programming in Java, they won't get jobs, since those are the jobs that can be easily outsourced. What we need are software engineers who understand how to build complex systems.”

“By the way Java has almost no presence in such systems. At least as of a few months ago, there was not a single line of safety-critical Java flying in commercial or military aircraft. I recently talked to a customer who had a medium-sized application in Java, which was to be adapted to be part of a safety-critical avionics system. They immediately decided that this meant it would have to be recoded in a suitable language, probably either C or Ada.”

Robert Dewar (Ada, by the way, is down at No. 19 in the list of popular programming languages.)
Dewar says he has been deluged with emails supporting his view that computer science programs must move beyond – far beyond – focusing on Java.

“One was quite interesting,” he says. “It was from a software/hardware company in the Valley. The writer said that at the end of ads for software engineers, they added the sentence ‘This job will not involve any use of Java, or any Web-based application programming’, and that this single sentence was enough to essentially eliminate American applicants for their jobs – which was their idea; they felt they had wasted too much time interviewing incompetent college graduates.”

--
Questions for New CS Grads

Dewar says that if he were interviewing applicants for a development job, he would quickly eliminate the under-trained by asking the following questions:

1.) You begin to suspect that a problem you are having is due to the compiler generating incorrect code. How would you track this down? How would you prepare a bug report for the compiler vendor? How would you work around the problem?

2.) You begin to suspect that a problem you are having is due to a hardware problem, where the processor is not conforming to its specification. How would you track this down? How would you prepare a bug report for the chip manufacturer, and how would you work around the problem?

“I am afraid I would be met by blank stares from most recent CS graduates, many of whom have never seen assembly or machine language!” he says.

Lest he go too far, Dewar stresses that there are indeed some graduates who are unquestionably well prepared.

“There are a couple of top schools where I think the students come in knowing a heck of a lot and they leave knowing even more,” he says. “Places like Carnegie [Mellon] and MIT – those are not dummies who come out of those schools, by any means. So my comments don’t talk about everyone everywhere.”

Anxiety Tremors

To look back a few decades, universities once focused on programming languages that lent themselves to greater intellectual rigor, in Dewar’s view, like Fortran and Pascal.

But with the tech revolution of the 1990s, a blizzard of change swept through university CS departments.

“I can relate what happened at NYU and I think it’s probably pretty typical of many places,” he says. ”So we’re sitting around, and we ask, ‘What language should we teach?’ And it was “Oh, we’d like to teach Java.’ Now no one around the table actually knows Java. But they’re sure they want to teach it because it’s an upcoming language that the industry’s gonna use, and everyone will be doing everything in Java.”

“And it sort of swept the field – pretty quickly. It swept away Pascal. At that time there were about 200 universities teaching ADA as a first language in the U.S. And a somewhat smaller number teaching C and C++. And it largely swept those away.”

Java as a core teaching language is now universal. “A good indication is that the [college placement] AP class is exclusively Java. Used to be C and C++. So Java has a really dominant place in the university curriculum.”

As the sunny 1990s gave way to the troubled 2000s, two seismic shifts hit the software industry: the dotcom bust and a steady flow of outsourcing headlines. Both factors helped turn a healthy crowd of CS students into a comparatively smaller cohort. Enrollment trended ever downward. Academic deans felt anxiety tremors.

Here in 2008 the clouds are dark. “Everyone is desperately worried about the dropping enrollments – it’s dramatic,” Dewar says.

“We had 650 [NYU] undergraduate students in advanced courses, it’s now less than 300. A huge change. And you’ll find that repeated across the country, it’s not isolated,” he says. “ You can imagine, if suddenly half your students disappear, then your budget gets under extreme pressure. The dean is unhappy if he sees that happening.”

“These are market economies in most universities – no students, no faculty money, etc, etc.”

In response, colleges have compromised – heavily – to attract students, Dewar explains. “So two things: reducing requirements and getting rid of annoying math courses and things like that. And also trying to make courses ‘fun.’ I believe that computer science should be fun, but the fun should come out of solving problems – not making pretty pictures. That’s the danger, I think.”

The situation has the potential to turn into a vicious circle: Enrollment is down, so CS programs lower requirements. This in turn creates more CS grads who are replaced by outsourcing. As a result, news of this outsourcing keeps driving down CS enrollment – and the spiral continues.

--
Solutions (And a Ray of Hope?)

If it’s true that CS curriculums need to be improved, to be bulked up and made more in-depth, does Dewar foresee any improvements on the way?

“I don’t know,” he says. “We got a fair amount of interest going. And a nice thing that’s happening is that there’s going to be an ACM [Association of Computer Machinery] point-counterpoint, with me writing the point and some guy from some other university writing the counterpoint on this whole issue.”

“I just like to keep it as a topic of discussion. I know it strikes a chord among many university people, too. Part of the trouble with universities is that there are relatively few faculty members who know much about software. They know about the theory of computer science and the theory of programming languages. But there are relatively few faculty who really are programmers and software engineers and understand what’s involved in writing big applications.”

“It’s just not the kind of thing that universities are into, really. Because they tend to regard computer science as a scientific field rather than an engineering field. So I’ve always felt that was a weakness.”

Part of the problem is that programming is hard to teach. “Programming is a mixture of a highly technical skill and an aesthetic art. And that’s a very difficult combination.”

Dewar sees at least four ways to better educate programmers:

• More one-on-one mentoring “My most successful teaching of programming was when I worked one-on-one with people,” he says. Of course that’s difficult at the university level, with a teacher-student ratio of 30 to 1, or 90 to 1.

• Read a whole lot of good code “One critical way of learning programming is to read a lot of code written by really good programmers. Most students don’t get that opportunity.”

• Work in Groups “I would like to see much more in terms of group projects. Now they’re hard to grade, and grading stands in the way of education, often – and this is one of those ways. It’s the same problem a manager faces, really understanding how much everyone has contributed.”

• Realize that “copying” code has value “It’s interesting when you think that the message that we give to students is: ‘You must do this all on your own, you mustn’t borrow anything from anyone else.’ And then we put them in a real industry situation and the message suddenly turns to, ‘Reuse code as much as you can.’ Real life programmers get good at using chunks of other people’s code.

While those may all be good suggestions, Dewar’s voice alone isn’t enough to produce change. As he sees it, CS departments need to light a fresh fire.

“I’ve got all these people saying ‘Yeah, Yeah, Yeah,’ but that’s not good enough to say ‘Yeah, Yeah, Yeah’ – you have to do something.”

“One obvious thing is that we need to get much more industry presence in the ACM curriculum discussion, because that’s a real focus. ACM has a real influence over curriculums. Each year they produce a recommended computer science curriculum. So that’s a real entry point.”

One obstacle: “The inertia is huge. So many members don’t really want to learn new stuff, particularly.”

Still, amid his doubts, Dewar believes that a bright, well-trained CS grad can have a good career.

“My feeling is, it’s not a field where any idiot will be able to get a high paying job. Which at the height of the dotcom thing, any idiot could get a high paying. But competent, well-educated students will be able to find jobs without problem. I think that’s a fairly widely held view.”

--

Gross.

How to Run Injury-Free By Jeff Galloway

2008-07-29T10:14:00.002-04:00

How to Run Injury-Free
By Jeff Galloway
For Active.com
June 13, 2007

One of my proudest accomplishments is being free of overuse injuries for almost 30 years. Below you will find the risks and the ways to avoid them.

My advice comes from working with over 200,000 runners in Galloway training groups, one-day running schools, Tahoe retreats, e-coaching and individual consultations. As the runners send me the results of my suggestions, I adjust the training and rest schedules. The current injury-free program is listed below, but I continue to look for better ways of avoiding problems and reducing downtime.

Fewer days of training per week

Those who run three days a week have the lowest rate of injury. I believe that almost all runners, except for Olympic candidates and world record aspirants, can be just as fit and perform as well running every other day. This may involve two-a-day workouts and more quality on each day.

Having 48 hours between runs is like magic in repairing damage. Those who insert a short and slow jog on recovery day (junk miles) are not allowing for complete recovery. When a client complains about lingering aches and pains, I cut them back to every other day and the problems usually go away.

Go slower on the long runs

After 30 years of tracking injuries during marathon training programs, I've found that most are due to running the long ones too fast. You can't run the long ones too slowly -- you get the same endurance whether you go very fast or very slow. Slow running will allow your legs to recover faster. The fastest that I want our Galloway Training groups to run is two minutes per mile slower than goal pace. Many run three or four min/mi slower and experience very fast recovery. Be sure to slow down as the temperature increases: 30 sec/mi slower for each 5 degrees of temperature increase above 60 degrees Fahrenheit.

More walk breaks

The continuous use of any muscle used the same way, increases fatigue more rapidly. Continuing to run continuously, with fatigued muscles, will greatly increase the chance of injury. You'll see on my Web site the recommended frequency of walk breaks, based upon pace. If you have aches and pains already, it is best to walk more often, from the beginning, than is recommended. The most important walk breaks are those taken in the beginning of the run, for these can erase all of the fatigue. Walk breaks will also tend to produce a faster time in all races from 5K up. The average improvement in a marathon among those who've run several without walk breaks is 13 minutes faster by taking the strategic walks.

Don't stretch if you have an ache, pain, or injury

Stretching a tight or injured muscle or tendon will increase the damage dramatically. Even one stretch will produce tears in the fibers, resulting in a longer recovery. Stretching a muscle that has been tightened by running can injure it within a minute. Massage is a great way to deal with the natural tightening produced by running. The tightening is mostly a good thing, allowing you to run more efficiently.

Be careful with speed training

Speed workouts produce a lot of injuries. You can reduce the odds of this happening by warming up very well, doing a few light accelerations as described in my books Testing Yourself, Year-Round Plan, Half Marathon and Marathon. Other important injury-reduction factors are the following walking more between each speed repetition and staying smooth at the expense of time. Don't strain to run a certain time. This is most important at the end of a workout.

Never push through pain, inflammation or loss of function

If you experience one of the above, stop the run immediately. Continuing to run for another block or another lap will often produce multiples of damage requiring weeks or months off for repair -- instead of days.

For more information, see Jeff's books Marathon, Half-Marathon, Running -- A Year Round Plan, Walking -- The Complete Book and Galloway's Book on Running, 2nd Ed. These are available, autographed, from www.RunInjuryFree.com. Join Jeff's blog: www.jeffgallowayblog.com

Healty diet foundations...just add meat. ;)

2008-07-29T07:08:00.002-04:00

Snagged this from zenhabits:
http://zenhabits.net/2008/07/the-building-blocks-of-a-super-healthy-diet-with-a-sample-meal-plan/
--

The Building Blocks of a Super Healthy Diet (with a sample meal plan)

Most people know how to eat healthy, and know that they should — it’s just that when it comes down to implementing this knowledge, there’s a bridge that needs to be crossed from knowledge to action.

How do you actually eat healthy, instead of just knowing that you should eat healthy?

Create a meal plan, constructed with super healthy foods that you enjoy eating.

Now, there are three parts of that solution, if you look closely, and all three parts are equally important:

1. Create a meal plan. Without this, you’ll just know what to eat, vaguely, but you need to actually make a plan and implement it (meaning, go shopping for the foods in the plan and actually cook the foods and eat them).
2. Super healthy foods. A meal plan without this doesn’t get you to where you want to go. Build your meals around stuff that’s really good for you. You can add other stuff, of course, but the super healthy stuff should be the majority of the food.
3. Food you really love. This is key. If you don’t enjoy the foods, you won’t stick with the plan for long. No one can eat food they don’t enjoy for more than a month or so (usually less). It’s why most diets fail — anyone can stick with a diet for a couple of weeks, but if you feel that you are suffering by eating it, you’ll fall off it after a little while. Instead, make sure you love your food. Add variety, of course, and mix up the plan every few weeks, but stick with foods you love.

Given those simple components, the solution doesn’t seem so hard, does it? And with a super healthy meal plan like this — one that you love — you can pair it with some exercise and get healthier than ever.

What follows are some of my building blocks. They aren’t the only possible building blocks, and you shouldn’t use them exclusively, but they’re a good starting point for anyone. Below those building blocks are some sample meals you can use, but only if you love these foods like I do. Instead of following it exactly, use it as a starting place, as a few ideas you can use to construct your own meal plan — with foods you love, not ones that I love.

Super Healthy Building Blocks

Spinach and other greens. Spinach is my favorite of the greens, but other good ones include kale, bok choi, collards, dark green lettuce (skip iceberg), and other similar greens. Try to build a couple of your meals around these greens, as they are high in fiber, vitamins and minerals. And best yet: super low in calories. You can eat a whole plate of greens and while they can fill you up, you couldn’t possibly get fat on them (unless you added a bunch of butter or fatty dressing or something like that).

Avocadoes. I love these things. Full of good fats and good flavor, avocadoes are perfect for salads, sandwiches, wraps and more.

Tomatoes. There are other good fruits and veggies, but tomatoes are one of my favorites, not only for their nutritional content but because of the flavor they add to any dish — salads, sandwiches, pastas, soups, anything.

Fruits. Don’t worry about their “carb content”. Fruits are incredible snacks, because they are filled with fiber and vitamins but are low in calories. I eat lots of apples, oranges, bananas, mangoes, pears, grapes, melons. I like to get a big back of small apples and just munch on them whenever I’m hungry. I also add fruits to all kinds of uncooked meals, chopped up or as a side dish.

Berries. They’re fruits, but they’re so special to me that I add them as a separate item. I absolutely adore berries. They are like a dessert to me, eaten cold and slowly and with my eyes closed. I add them to cereal, yogurt, smoothies, desserts, oatmeal and more … and of course just eat them by themselves.

Nuts. Full of fiber and good fats and protein. I like to chop them up and put them in hot cereal or salads or stir frys, or just eat them raw and whole as snacks (almonds are my favorites). I also enjoy almond butter instead of peanut butter (although I eat both).

Beans. Great sources of fiber and protein, low in calories, you can eat beans all day long. I like them in chili, soups, tacos and more. Get a variety — red, black, pinto, white, lentils.

Whole grains. This is a broad category that includes all kinds of cereals, breads, wraps, brown rice, pizza dough, and more. Try to go for as much whole grain as possible — if you see “wheat flour” or “enriched wheat flour” it’s not as good. I especially like sprouted grains, such as Ezekiel sprouted bread or English muffins or cereals. Oatmeal is good (avoid instant) as is muesli.

Olive or canola oil. You need fats, but they should be the good kind. Avoid saturated, although a little saturated fat is fine. I usually use olive oil or canola oil, although there are other good ones too. Again, nuts and avocadoes also provide good fats. I also use ground flaxseed on lots of things for fiber and good fats.

Lean protein. As a vegetarian, I eat lean vegetable protein — lots of soy protein and beans and nuts. Whole grains also contain protein, as do other veggies. It’s not hard to meet your daily requirements, even with lots of exercise raising your requirements. However, if you’re not vegetarian, fish and lean poultry are best, and lean red meat can be included if you don’t eat too much of it. Note: Please, let’s not get into another debate about soy protein or meat! Let those sleeping dogs lie.

Lean calcium. I try to stick to soy sources, but that’s not necessary for good health. However, try to stick with lower-fat versions, as whole dairy can have too much saturated fat. Lower-fat milk, yogurt, and cheese are good choices. Soy milk and yogurt are great because they are very low in saturated fat.

A Sample Meal Plan

This is not something you should just adopt wholesale, without making changes. In fact, if these are foods you don’t like, ditch the whole thing, but use it just to get an idea of what you can do. These are foods I love to eat, but you should choose your own.

Also remember that I’m not a dietician. I’ve run these meals through online calculators, and most of the time you’ll get plenty of all the things you’ll need, from protein and healthy fats to the major vitamins and minerals, including calcium and iron. But don’t take my advice as the advice of an expert.

Each day, you would choose one of the meals from each category (more from the snacks), or mix them up if you like. Be sure to get a variety, and change the options every few weeks or so.

Breakfasts

1. Hot oatmeal (using rolled oats) with chopped fruits or dried fruits, flaxseed, and/or berries.
2. Kashi cereal with soymilk and berries or other fruits.
3. Sprouted grain toast with almond butter, chopped fruits on the side.
4. Scrambled tofu with tomatoes, mushrooms, spinach, onions. (Try this recipe).
5. Fried brown rice — fry up with olive oil, onions, mushrooms, green veggies, tofu, soy sauce or tamari sauce. You can throw in some corn or carrots or other veggies.

Lunches

1. Veggie sandwich or wrap. Can have tomatoes, spinach or other greens, avocadoes, hummus, bell peppers, maybe some dijon mustard and/or Veganaise. Any combo that works for you. On thick whole grain bread or whole grain wrap.
2. Whole wheat pita with hummus. Add tomatoes and raw spinach and sprouts.
3. Veggie burger. Gardenburger is my favorite brand. On a sprouted grain bun, with dijon mustard and ketchup and maybe a touch of Veganaise, lots of veggies (greens, sprouts, tomatoes and avocadoes are my favorites). Add some homemade sweet potato fries (use olive oil and a little salt) if you’re feeling decadent. These fries also go well with the sandwich or wrap.
4. Amy’s Kitchen lunches. For when you’re lazy or in a hurry. Amy’s Kitchen has a whole variety of fairly healthy, vegetarian lunches made from whole foods. Very little processed stuff. The only weakness is that it’s usually high in sodium, but if the rest of your day is low in sodium (as most of these dishes are), then that’s not a worry.
5. Big salad. I like to use spinach or other greens, tomatoes, avocadoes, feta cheese, nuts, maybe some chopped fruit or berries, and a little bit of light vinaigrette (Newman’s Own is my favorite).
6. Leftovers from dinners or fried brown rice (see breakfasts)

Snacks

1. Fruits.
2. Chopped veggies. Carrots, broccoli, edamame are some of my favs. Dip in hummus if you like.
3. Nuts. Almonds are my favorites.
4. Protein shake. Good after a strength workout. I use soy protein, although whey is also a good choice, along with soy milk, frozen berries, banana and ground flaxseed.
5. Clif Bar. Good for before or after a workout (or during a really long workout, for that matter). My favorites are apricot or cranberry apple cherry.
6. Yogurt with berries or fruits and nuts.

Dinners

1. Tofu veggie stir fry. Just stir fry some onions, cubed tofu, and chopped veggies — various greens such as kale or bok choi work well, as do broccoli, bell peppers, carrots, anything really. Add some soy sauce or tamari, black pepper and anything else you’d like to add — nuts, sesame seed oil, ginger, garlic, a little honey all work well in different combinations. Serve over brown rice if you like.
2. Tacos. Some low-fat refried beans and/or black beans on soft corn tortillas with salsa (try Newman’s Own salsa or Amy’s), greens, tomatoes, maybe corn or even some Sour Supreme.
3. Chili. Here’s my veggie recipe. Great with brown rice or corn bread or on its own.
4. Spaghetti or other pasta. Cook any kind of pasta you like. Cook some onions with diced tomatoes and bell peppers and some tomato sauce and basil. Add some fresh Parmesan if you like. For a meatier version, cook some veggie “ground beef” (Bocca or MorningStar) with onions and then add some pre-made pasta sauce.
5. Homemade pizza. Get a pre-made whole-wheat pizza crust, add some pre-made spaghetti sauce, and then any chopped veggies you like, brushed with olive oil. Kale, broccoli, spinach, mushrooms, tomatoes, bell peppers all work great. Add some grated fresh cheese if you like.
6. Leo’s fabulous veggie soup. Simple awesome. Here’s the recipe. Will last you several days, even with a ridiculously large family like mine.

select random thoughts...

2008-07-28T23:50:00.002-04:00

me: hot blonde doctors rule ;(
shane: who cares if she likes jason mraz, shes a girl shes supposed to like shitty music
me: yeah, but she said she didn't know what techno was ;(
shane: girls who like good music are usually ugly or whores
me: lol!!
me: i just told her that..and she agreed. thats a nice line of wisdom!

-- later

shane: if i ever get married i want to have a few best men, but at least you know you're the one that makes it ...
me: ..i think those are called Groomsmen ;p
me: if i ever get married, i wont have a best man, and my bitch of a wife wont have any bridesmaids either. im going to have a judge marry me in a court room with the scales of justice behind me.
shane: lol

OSX Server Woes - and I have to agree.

2008-07-28T20:57:00.002-04:00

Here are some comments regarding the recent BIND problem and Apple's inaction in patching it thus far...and I have to say, the following two comments I must agree with, as I've had years of OS X server...Experience.

--
As someone that's cursed to administer an OS X Server machine, I have nothing good to say about Apple in general and OS X Server in particular. Apple's history of patching---or, in this case, not patching---stuff has been lukewarm at best and downright abysmal at worst. The Server 10.5.3 update introduced something that causes ClamAV to crash/reboot a Server machine when mail is turned on (since ClamAV is on by default. Nice one. They've had other stellar examples of their extreme lack of QA for their Server software, such as updating their included PHP to a version that was known to break Squirrelmail (the default webmail that comes with OS X Server), even though a fix had been available for months from the PHP maintainers.

I'm a huge fan of FreeBSD. I have been doing this OS X Server thing for more than two years now. I went in to it with an open mind, hoping that Apple wouldn't screw things up too badly. I was disappointed. The only things I've learned is that their Server QA is awful, they don't actually use their own Server software internally, their customer service is horrible when it comes to their Server stuff and their Server documentation is awful. I could rant about that for several pages. All of this leads me to believe that Apple really doesn't want to do well in the "server" segment of the market...Which is really too bad, cause they've finally got the hardware side of it to the point where there's not much separating them from most other low-end server vendors.

Now, that I've got that all that off my chest, Apple's dropped the ball on the BIND update. This is not surprising. Anyone that's administered OS X Server for any length of time probably feels the same way. It's so bad that I will suppress my OS X experience next time I am in the job market again; I hope to never work with OS X (particularly as a server) again and will do everything in my power to avoid doing so. I'm batting a thousand on persuading people interested in using OS X Server to use anything else...Apple really has to get things together or get out of the "server" market.

---

DVD/CD-Rom Drive problems ; Choppy Audio / Video

2008-07-28T09:04:00.002-04:00

I was having problems with DVD-Audio and Video on one of our Laptops in Windows XP, it turned out to be transfer mode for the hardware controller in device manager; below is the solution that solved it for me:

First off, go to:

Start -> Settings -> Control Panel -> System

This will open up a display. From here, on the top of this new window click on
"HARDWARE"

From under this tab, click on DEVICE MANAGER.

Another window should open up with several listings. Look for the one called
"IDE ATA/ATAPI controllers" or something very VERY similier to this.

Click on the + next to the name, a list of other things should drop down under it.

From in here, we ONLY want to look at
SECONDARY IDE CHANNEL

This is because, such things like your CD-ROM, DVD-ROM etc are connected through this.

Now, this is what you need to look for in the Secondary IDE Channel

Right click Secondary and select Properties

Another window will open up, look for the Tab named Advanced Settings and click on it.

Under this tab you should see two box's.

DEVICE 0 and DEVICE 1

NOTE: DEVICE 1 under CURRENT TRANSFER MODE might state it does not apply. If so, ignore it, if it does not state that it is not in use, then do the same for DEVICE 1 as you do for DEVICE 0

In Device 0 it should read out as following, there should not be anything stating PIO unless your computer is fairly old (like... 1999 or older.. it varies):
-----------------------------------------
DEVICE TYPE: Auto Detection
Transfer Mode: DMA if available
Current Transfer Mode: Ultra DMA Mode 5
-----------------------------------------

Now, Current Transfer Mode can say something different.
EX: Mode 1 is a slower form, and Mode 5 is very fast as in Ultra Quick. So it may display something a bit different, as long as it states it is in DMA mode it should be alright. Also, it may say something like.. "Multi-Word DMA Mode 2"

IF
TRANSFER MODE: "PIO Only"
switch that over to "DMA if available" and restart your computer.
Once restarted, come back in and continue the checks from this point
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

IF
-----------------------------
TRANSFER MODE: "DMA if available"
Current Transfer Mode: PIO Mode
-----------------------------
Then we have a problem, if this is TRUE, then click on the Driver Tab in this window at the top.

From here, Uninstall Drivers.
It will give you a warning, no worries, continue on. Once you restart your computer it will automatically detect the devices and reinstall everything for you.

Once done, try playing your DVD and see if it works. If not, go back in and make sure everything is the way it should be.

If not, sorry, you could try this again if you'd wish.

Causes for this changing over to PIO mode:

Disk Errors on the cd/dvd disk itself can cause this. For an example of what caused mine:

I've been playing Final Fantasy IX on my laptop using an emulator. Though, alot of the copies of DISK 2 for the game were bad copies and have corrupted files on it. I kept trying to play past these corrupted parts.

Sometimes, this repeated use to read the disk and it having to skip back and fourth trying to kicked it into another mode.. this usually happens after five or so of these. A dirty lense causing it to have plenty of trouble or dirty disk could also do the same thing.

when I see things like this it upsets me:

2008-07-23T06:25:00.002-04:00

Jan 9 2008 8:48 PM

Hey man! God has blessed us both with a great job! How awesome is He! He is even allowing us to work together! God is good! Thanks for your help man!

wooooo yay 4 god...hes letting us work together!!!
I'm sure he held a gun to the hiring manager's head, too.

2008-07-14T13:26:00.002-04:00

http://eriwen.com/tools/grep-is-a-beautiful-tool/

grep is a beautiful tool
July 13th, 2008 | Category: Productivity, Tools

Global Regular Expression Print is a staple of every command-line user’s toolbox. As with find, it derives a lot of power from being combined with other tools and can increase your productivity significantly.

Following is a simple tutorial that will help you realize the power of this simple and most useful command. If you are on Windows and haven’t already, download and install Cygwin. If you are also new to regular expressions (regex), here is a great regular expressions reference to get you started.
Tutorial

Suppose we want to search for duplicate functions in all of our JavaScript files. Let’s start basic and work up to it. This technique can be used to search for a TON of duplicate items like:

* Duplicate HTML IDs
* Check how many times a CSS class is used
* Duplicate java classes
* many, many more…

1.
# Search JS files in this directory for "function"
2.
grep function *.js

# Search JS files in this directory for "function"
grep function *.js

The above command will print the lines containing "function" in all JavaScript files in the current directory (NOT subdirectories). Printing out line contents would be much more helpful if we knew what files they come from and their line numbers:

1.
# Print filenames, line #s, and lines that start with "(white space)function"
2.
grep -EHn "^\s*(function \w+|\w+ \= function)" *.js

# Print filenames, line #s, and lines that start with "(white space)function"
grep -EHn "^\s*(function \w+|\w+ \= function)" *.js

Depending on how you format your JavaScript files, something like this will omit comments, anonymous functions, and also words like "functionality" giving you better results.

1.
# Print a list of: function and sort it
2.
grep -Eho "^\s*function \w+" *.js | sort

# Print a list of: function and sort it
grep -Eho "^\s*function \w+" *.js | sort

-o prints only the part that matches the regular expression. -E options gives me extended regex and -h suppresses printing of the file name. I am then piping to sort which just sorts the output so it a list of function . If you don’t have a lot of files/functions to go through, you can just scan the list and then note the duplicate function names you see. Let’s go a step further for those that DO have a big list:

1.
# Print only duplicate function names
2.
grep -hEo "^\s*function \w+" *.js | sort | uniq -d

# Print only duplicate function names
grep -hEo "^\s*function \w+" *.js | sort | uniq -d

There we go! That will list only the duplcated functions. I know that we can expand this with awk or other stuff and get the file names and line numbers of the duplicates, but I don’t want to explaining the details of awk ;). I actually had it in this article and then removed it so leave a comment or contact me if you want the code for that.
Other Examples

1.
# Count the number of functions in all JS files
2.
grep -c function *.js
3.

4.
# Print lines that DO NOT have "function"
5.
grep -v function *.js
6.

7.
# List processes that match "pidgin" (non-Windows)
8.
ps -ef | grep pidgin

# Count the number of functions in all JS files
grep -c function *.js

# Print lines that DO NOT have "function"
grep -v function *.js

# List processes that match "pidgin" (non-Windows)
ps -ef | grep pidgin

Conclusion

grep is one of the most used command-line tools, often piped to for filtering output. Understanding it is essential to increasing productivity on the command-line. There is so much more to grep than what I’ve shown here, and it would be cool to see your best uses in the comments!

2008-07-12T13:04:00.002-04:00

Originally Posted by cvbn
"if you shop best buy you paid 2 much"

'Not only is this inaccurate but it is such a broad statement that it just sounds idiotic. Like any retailer their non sales price is usually higher than I would like but Best Buy has some very slick deals sometimes.'

---

Thats a load of tripe. Best Buy is never actually the best buy...but often it is like a 'pretty good buy that I could get somewhere else most likely for a bit less.'

Archive files on Linux...

2008-07-08T22:40:00.002-04:00

http://www.ibm.com/developerworks/linux/library/l-backup/index.html?ca=drs-

Level: Intermediate

Carlos Justiniano, Software Architect, Ecuity Inc.

08 Jul 2004
Updated 03 Jul 2008

The loss of critical data can prove devastating. Still, millions of professionals ignore backing up their data. While individual reasons vary, one of the most common explanations is that performing routine backups can be a real chore. Because machines excel at mundane and repetitive tasks, the key to reducing the inherent drudgery and the natural human tendency for procrastination, is to automate the backup process.

If you use Linux, you already have access to extremely powerful tools for creating custom backup solutions. The solutions in this article can help you perform simple to more advanced and secure network backups using open source tools that are part of nearly every Linux distribution.

Simple backups

This article follows a step-by-step approach that is quite straightforward once you follow the basic steps.

Let's begin with a simple, yet powerful archive mechanism on our way to a more advanced distributed backup solution. Let's examine a handy script called arc, which will allow us to create backup snapshots from a Linux shell prompt.

Listing 1. The arc shell script

   #!/bin/sh
tar czvf $1.$(date +%Y%m%d-%H%M%S).tgz $1
exit $?

The arc script accepts a single file or directory name as a parameter and creates a compressed archive file with the current date embedded into the resulting archive file's name. For example, if you have a directory called beoserver, you can invoke the arc script, passing it the beoserver directory name to create a compressed archive such as: beoserver.20040321-014844.tgz

The use of the date command to embed a date and timestamp helps to organize your archived files. The date format is Year, Month, Day, Hour, Minutes, and Seconds -- although the use of the seconds field is perhaps a bit much. View the man page for the date command (man date) to learn about other options. Also, in Listing 1, we pass the -v (verbose) option to tar. This causes tar to display all of the files it's archiving. Remove the -v option if you'd like the backup to proceed silently.

Listing 2. Archiving the beoserver directory

   $ ls
arc  beoserver
$ ./arc beoserver
beoserver/
beoserver/bookl.dat
beoserver/beoserver_ab_off
beoserver/beoserver_ab_on
$ ls
arc  beoserver  beoserver.20040321-014844.tgz

Advanced backups

This simple backup example is useful; however, it still includes a manual backup process. The industry's best practices recommend backing up often, onto multiple media, and to separate geographic locations. The central idea is to avoid relying entirely on any single storage media or single location.

We'll tackle this challenge in our next example, where we'll examine a fictitious distributed network, illustrated in Figure 1, which shows a system administrator with access to two remote servers and an offsite data storage server.

Figure 1. Distributed network

The backup files on Server #1 and #2 will be securely transmitted to the offsite storage server, and the entire distributed backup process will occur on a regular basis without human intervention. We'll use a set of standard tools that are part of the Open Secure Shell tool suite (OpenSSH), as well as the tape archiver (tar), and the cron task scheduling service. Our overall plan will be to use cron for scheduling, shell programming and the tar application during the backup process, OpenSSH secure shell (ssh) encryption for remote access, and authentication, and secure shell copy (scp) to automate file transfers. Be sure to review each tool's man page for additional information.

Secure remote access using public/private keys

In the context of digital security, a key is a piece of data which is used to encrypt or decrypt other pieces of data. The public and private key scheme is interesting because data encrypted with a public key can only be decrypted with the associated private key. You may freely distribute a public key so that others can encrypt the messages they send you. One of the reasons that public/private key schemes have revolutionized digital security is because the sender and receiver don't have to share a common password. Among other things, public/private key cryptography has made e-commerce and other secure transactions possible. In this article, we'll create and use public and private keys to create a highly secure distributed backup solution.

Each machine involved in the backup process must be running the OpenSSH secure shell service (sshd) with port 22 accessible through any intermediate firewall. If you access remote servers, then there is a good chance you're already using secure shell.

Our goal will be to provide machines with secure access without requiring the need to manually provide passwords. Some people think that the easiest way to do this is to set up password-less access: do not do this. It is not secure. Instead, the approach we'll use in this article will take perhaps an hour of your time, set up a system which gives all the convenience of "passphraseless" accounts -- but is recognized as being highly secure.

Let's begin by ensuring that OpenSSH is installed and proceed to check its version number. At the time this article was written, the latest OpenSSH release was version 3.8, released on February 24, 2004. You should consider using a recent and stable release, and at the very least use a release which is newer than version 2.x. Visit the OpenSSH Security page for details regarding older version-specific vulnerabilities (see the link in Resources later in this article). At this point in time, OpenSSH is quite stable and has proven to be immune to many of the vulnerabilities which have been reported for other SSH tools.

At a shell prompt, type ssh with the capital V option to check the version number:

$ ssh -V OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090701f

If ssh returns a version number greater than 2.x, the machine is in relatively good shape. However, it is recommended that you use the latest stable releases of all software, and this is especially important for security-related software.

Our first step is to log in to the offsite storage server machine using the account, which will have the privilege of being able to access servers 1 and 2 (see Figure 1).

$ ssh accountname@somedomain.com

Once logged on to the offsite storage machine, use the ssh-keygen program to create a public/private key pair using the -t dsa option. The -t option is required, and is used to specify the type of encryption key we're interested in generating. We'll use the Digital Signature Algorithm (DSA), which will enable us to use the newer SSH2 protocol. See the ssh-keygen man page for more details.

During the execution of ssh-keygen, you'll be prompted for the location where the ssh keys will be stored before you're asked for a passphrase. Simply press enter when asked where to save the key and the ssh-keygen program will create a hidden directory called .ssh (if one doesn't already exist) along with two files, a public and private key file.

An interesting feature of ssh-keygen is that it will allow you to simply press enter when prompted for a passphrase. If you don't supply a passphrase, then ssh-keygen will generate keys which are not encrypted! As you can imagine, this isn't a good idea. When asked for a passphrase, make sure to enter a reasonably long string message which contains alphanumeric characters rather than a simple password string.

Listing 3. Always choose a good passphrase

   [offsite]:$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/accountname/.ssh/id_dsa):
Enter passphrase (empty for no passphrase): (enter passphrase)
Enter same passphrase again: (enter passphrase)
Your identification has been saved in /home/accountname/.ssh/id_dsa.
Your public key has been saved in /home/accountname/.ssh/id_dsa.pub.
The key fingerprint is:
7e:5e:b2:f2:d4:54:58:6a:fa:6b:52:9c:da:a8:53:1b accountname@offsite

Because the .ssh directory which ssh-keygen creates is a hidden "dot" directory, pass the -a option to the ls command to view the newly created directory:

[offsite]$ ls -a . .. .bash_logout .bash_profile .bashrc .emacs .gtkrc .ssh

Enter the hidden .ssh directory and list the contents:

[offsite]$ cd .ssh [offsite]$ ls -lrt id_dsa id_dsa.pub

We now have a private key (id_dsa) and a public key (id_dsa.pub) in the hidden .ssh directory. You can examine the contents of each key file using a text editor such as vi or emacs, or simply by using the less or cat commands. You'll notice that the contents consist of alphanumeric characters encoded in base64.

Next, we need to copy and install the public key on servers 1 and 2. Do not use ftp. Rather, use the secure copy program to transmit the public keys onto each of the remote machines:

Listing 4. Installing the public keys on the remote servers

   [offsite]$ scp .ssh/id_dsa.pub accountname@server1.com:offsite.pub
accountname@server1.com's password: (enter password, not new
passphrase!)
id_dsa.pub 100% |*****************************| 614 00:00

[offsite]$ scp .ssh/id_dsa.pub accountname@server2.com:offsite.pub
accountname@server2.com's password: (enter password, not new
passphrase!)
id_dsa.pub 100% |*****************************| 614 00:00

After we install the new public keys, we'll be able to sign on to each machine using the passphrase we specified when creating the private and public keys. For now, log in to each machine and append the contents of the offsite.pub file to a file called authorized_keys, which is stored in each remote machine's .ssh directory. We can use a text editor or simply use the cat command to append the offsite.pub file's contents onto the authorized_keys file:

Listing 5. Add offsite.pub to your list of authorized keys

   [offsite]$ ssh accountname@server1.com
accountname@server1.com's password: (enter password, not new
passphrase!)
[server1]$ cat offsite.pub >> ./ssh/authorized_keys

The next step involves employing a bit of extra security. First, we change the access rights for the .ssh directory so that only the owner has read, write, and execute privileges. Next, we'll make sure that the authorized_keys file can only be accessed by the owner. And finally, we'll remove the previously uploaded offsite.pub key file, since it's no longer required. It's important to ensure that access permissions are properly set because the OpenSSH server may refuse to use keys which have non-secure access rights.

Listing 6. Changing permissions with chmod

   [server1]$ chmod 700 .ssh
[server1]$ chmod 600 ./ssh/authorized_keys
[server1]$ rm offsite.pub
[server1]$ exit

After completing the same process on server2, we are ready to return to the offsite storage machine to test the new passphrase type access. >From the offsite server you could type the following:

[offsite]$ ssh -v accountname@server1.com

Use the -v, or verbose flag option, to display debugging information while verifying that your account is now able to access the remote server using the new passphrase rather than the original password. The debug output displays important information which you might not otherwise see, in addition to offering a high level view of how the authentication process works. You won't need to specify the -v flag on subsequent connections; but it is quite useful to do so while testing a connection.

Automating machine access using ssh-agent

The ssh-agent program acts like a gatekeeper, securely providing access to security keys as needed. Once ssh-agent is started, it sits in the background and makes itself available to other OpenSSH applications such as ssh and scp programs. This allows the ssh program to request an already decrypted key, rather than asking you for the private key's secret passphrase each time it's required.

Let's take a closer look at ssh-agent. When ssh-agent runs it outputs shell commands:

Listing 7. ssh-agent in action

   [offsite]$ ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-XX1O24LS/agent.14179; export SSH_AUTH_SOCK;
SSH_AGENT_PID=14180; export SSH_AGENT_PID;
echo Agent pid 14180;

We can instruct the shell to execute the output commands which ssh-agent displays using the shell's eval command:

[offsite]$ eval `ssh-agent` Agent pid 14198

The eval command tells the shell to evaluate (execute) the commands generated by the ssh-agent program. Make sure that you specify the back-quote character (`) and not a single quote! Once executed, the eval `ssh-agent` statement will return the agent's process identifier. Behind the scenes, the SSH_AUTH_SOCK and SSH_AGENT_PID shell variables have been exported and are now available. You can view their values by displaying them to the shell console:

[offsite]$ echo $SSH_AUTH_SOCK /tmp/ssh-XX7bhIwq/agent.14197

The $SSH_AUTH_SOCK (short for SSH Authentication Socket) is the location of a local socket which applications can use to speak to ssh-agent. To ensure that the SSH_AUTH_SOCK and SSH_AGENT_PID variables are always registered, enter the eval `ssh-agent` statement into your ~/.bash_profile.

ssh-agent has now become a background process which is visible using the top and ps commands.

Now we're ready to share our passphrase with ssh-agent. To do so, we must use a program called ssh-add, which adds (sends) our passphrase to the running ssh-agent program.

Listing 8. ssh-add for hassle-free login

   [offsite]$ ssh-add
Enter passphrase for /home/accountname/.ssh/id_dsa: (enter passphrase)
Identity added: /home/accountname/.ssh/id_dsa
(/home/accountname/.ssh/id_dsa)

Now when we access server1, we're not prompted for a passphrase:

[offsite]$ ssh accountname@server1.com [server1]$ exit

If you're not convinced, try removing (kill -9) the ssh-agent process and reconnecting to server1. This time, you'll notice that server1 will request the passphrase for the private key stored in the id_dsa file in the .ssh directory:

[offsite]$ kill -9 $SSH_AGENT_PID [offsite]$ ssh accountname@server1.com Enter passphrase for key '/home/accountname/.ssh/id_dsa':

Simplifying key access using keychain

So far, we've learned about several OpenSSH programs (ssh, scp, ssh-agent and ssh-add), and we've created and installed private and public keys to enable a secure and automated login process. You may have realized that most of our setup work only has to be done once. For example, the process of creating the keys, installing them, and getting ssh-agent to execute via a .bash_profile only has to be done once per machine. That's the really good news.

The less than ideal news is that ssh-add must be invoked each time we sign on to the offsite machine and ssh-agent isn't immediately compatible with the cron scheduling process which we'll need to automate our backups. The reason that cron processes can't communicate with ssh-agent is that cron jobs are executed as child processes by cron and thus do not inherit the $SSH_AUTH_SOCK shell variable.

Fortunately, there is a solution which not only eliminates limitations associated with ssh-agent and ssh-add, but also allows us to use cron to automate all sorts of processes requiring secure passwordless access to other machines. In his 2001 three-part developerWorks series, OpenSSH key management (see Resources for a link), Daniel Robbins presented a shell script called keychain, which is a front-end to ssh-add and ssh-agent and which simplifies the entire passwordless process. Over time, the keychain script has undergone a number of improvements and is now maintained by Aron Griffis, with a recent 2.3.2-1 release posted on June 17, 2004.

The keychain shell script is a bit too large to list in this article because the well-written script includes lots of error checking, ample documentation, and a generous serving of cross-platform code. However, keychain can be quickly downloaded from the project's Web site (see Resources for a link).

Once you download and install keychain, using it is remarkably easy. Simply log in to each machine and add the following two lines to each .bash_profile:

keychain id_dsa . ~/.keychain/$HOSTNAME-sh

The first time you log back in to each machine, keychain will prompt you for the passphrase. However, keychain won't ask you to reenter the passphrase on subsequent login attempts unless the machine has been restarted. Best of all, cron tasks are now able to use OpenSSH commands to securely access remote machines without requiring the interactive use of passphrases. Now we have the best of both worlds, added security and ease of use.

Listing 9. Initializing keychain on each machine

   KeyChain 2.3.2; http://www.gentoo.org/projects/keychain
Copyright 2002-2004 Gentoo Technologies, Inc.; Distributed under the
GPL

* Initializing /home/accountname/.keychain/localhost.localdomain-sh
file...
* Initializing /home/accountname/.keychain/localhost.localdomain-csh
file...
* Starting ssh-agent
* Adding 1 key(s)...
Enter passphrase for /home/accountname/.ssh/id_dsa: (enter passphrase)

Scripting a backup process

Our next task is to create the shell scripts, which will perform the necessary backup operations. The goal is to perform a complete database backup of servers 1 and 2. In our example, each server is running the MySQL database server and we'll use the mysqldump command-line utility to export a few database tables to an SQL import file.

Listing 10. The dbbackup.sh shell script for server 1

   #!/bin/sh

# change into the backup_agent directory where data files are stored.
cd /home/backup_agent

# use mysqldump utility to export the sites database tables
mysqldump -u sitedb -pG0oDP@sswrd --add-drop-table sitedb --tables
tbl_ccode tbl_machine tbl_session tbl_stats > userdb.sql

# compress and archive
tar czf userdb.tgz userdb.sql

On server 2, we'll place a similar script which backs up the unique tables present in the site's database. Each script is flagged as executable using:

[server1]:$ chmod +x dbbackup.sh

With a dbbackup.sh file on servers 1 and 2, we return to the offsite data server, where we'll create a shell script to invoke each remote dbbackup.sh script prior to initiating a transfer of the compressed (.tgz) data files.

Listing 11. backup_remote_servers.sh shell script for use on the offsite data server

   #!/bin/sh

# use ssh to remotely execute the dbbackup.sh script on server 1
/usr/bin/ssh backup_agent@server1.com "/home/backup_agent/dbbackup.sh"

# use scp to securely copy the newly archived userdb.tgz file
# from server 1.  Note the use of the date command to timestamp
# the file on the offsite data server.
/usr/bin/scp backup_agent@server1.com:/home/backup_agent/userdb.tgz
/home/backups/userdb-$(date +%Y%m%d-%H%M%S).tgz

# execute dbbackup.sh on server 2
/usr/bin/ssh backup_agent@server2.com "/home/backup_agent/dbbackup.sh"

# use scp to transfer transdb.tgz to offsite server.
/usr/bin/scp backup_agent@server2.com:/home/backup_agent/transdb.tgz
/home/backups/transdb-$(date +%Y%m%d-%H%M%S).tgz

The backup_remote_servers.sh shell script uses the ssh command to execute a script on the remote servers. Because we've set up passwordless access, the ssh command is able to execute commands on servers 1 and 2 remotely from the offsite server. The entire authentication process is now handled automatically, thanks to keychain.

Scheduling

Our next and final task involves scheduling the execution of the backup_remote_servers.sh shell script on the offsite data storage server. We'll add two entries to the cron scheduling server to request execution of the backup script twice per day, at 3:34 am and again at 8:34 pm. On the offsite server invoke the crontab program with the edit (-e) option.

[offsite]:$ crontab -e

The crontab invokes the default editor, as specified using the VISUAL or EDITOR shell environment variables. Next, type two entries and save and close the file.

Listing 12. Crontab entries on the offsite server

   34 3 * * * /home/backups/remote_db_backup.sh
34 20 * * * /home/backups/remote_db_backup.sh

A crontab line contains two main sections, a time schedule section followed by a command section. The time schedule is divided into fields for specifying when a command should be executed:

Listing 13. Crontab format

          +---- minute
       | +----- hour
       | | +------ day of the month
       | | | +------ month
       | | | | +---- day of the week
       | | | | | +-- command to execute
       | | | | | |
      34 3 * * * /home/backups/remote_db_backup.sh

Verifying your backups

You should routinely check your backups to ensure that the process is working correctly. Automating processes can remove unnecessary drudgery, but should never be a way of escaping due diligence. If your data is worth backing up, then it's also worth spot checking from time to time.

Consider adding a cron job to remind yourself to check your backups at least once per month. In addition, it's a good idea to change security keys every once in a while, and you can schedule a cron job to remind you of that as well.

Additional security precautions

For added security, consider installing and configuring an Intrusion Detection System (IDS), such as Snort, on each machine. Presumably, an IDS will notify you when an intrusion is underway or has recently occurred. With an IDS in place, you'll be able to add other levels of security such as digitally signing and encrypting your backups.

Popular open source tools such as GNU Privacy Guard (GnuPG), OpenSSL and ncrypt enable securing archive files via shell scripts, but doing so without the extra level of shielding that an IDS provides isn't recommended (see Resources for more information on Snort).

Conclusion

This article has shown you how to allow your scripts to execute on remote servers and how to perform secure and automated file transfers. I hope you'll feel inspired to start thinking about protecting your own valuable data and building new solutions using open source tools like OpenSSH and Snort.

Resources

You'll find downloads, documentation, and more at the official OpenSSH home page and the OpenSSH Security page.
Read Daniel Robbins' excellent three-part IBM developerWorks article, "OpenSSH Key Management" (developerWorks, 2001) and download his keychain application.
To learn more about SSH, Carlos recommends O'Reilly's SSH, The Secure Shell: The Definitive Guide (O'Reilly & Associates, 2001).
The Snort Intrusion Detection System (IDS) is an open source best of breed product designed to detect and report unauthorized access or suspect behavior. Make sure to use an IDS if you're planning on automating the signing and encrypting of archive files.
You can sign and encrypt your archive backup files using GNU Privacy Guard (GnuPG), OpenSSL and ncrypt from your shell scripts.
If you aren't already using them, check out these tips on TCP wrappers and xinetd.
The Perl-inclined will also be interested in "Automating UNIX system administration with Perl" (developerWorks, 2001), "Intro to cfengine for system administration" (developerWorks, 2002), and "Application configuration with Perl" (developerWorks, 2000), all from Ted Zlatanov.
The developerWorks article "Windows-to-Linux roadmap: Part 8. Backup and recovery" (developerWorks, 2003) offers tips on backup strategies.

zenhabit: patience

2008-07-07T22:03:00.002-04:00

a zenhabits article on patience:

from http://zenhabits.net/2008/07/15-tips-for-becoming-as-patient-as-job/

15 Tips for Becoming as Patient as Job

“Patience and fortitude conquer all things.” - Ralph Waldo Emerson

In the Old Testament, the story of Job showed a very faithful man whose faith is put to test, and shows an extreme example of perseverance through suffering … but in my mind, whenever I read Job’s story, I am struck by the man’s supreme patience.

While living a very faithful and righteous life, he nevertheless endured one infliction after another without ever cursing God’s name. I think most of us would have lost our patience and become frustrated and angry much earlier in the story.

While Job’s patience is legendary, I believe that even the most impatient of us can learn to be more patient with practice.

Personally, patience is something I’ve been cultivating for a long time. And while I often fail, I believe I’ve progressed over the years, and things that used to get me hot and bothered now just float past me. I still get upset, of course, but not nearly as much as I used to.

Here are some tips that might help you become more patient, with practice:

Tally marks. This is the first strategy, if you have real problems with patience: start by simply keeping tally marks on a little sheet of paper every time you lose your patience. This is one of the most effective and important methods for controlling an impulse — by learning to become more aware of it. Once you become aware of your impulses, you can work out an alternative reaction.
Figure out your triggers. As you become more aware of losing your patience, pay close attention to the things that trigger you to lose that patience. Is it when your co-worker does something particularly irritating? When your spouse leaves dirty dishes in the sink? When your child doesn’t clean up her mess? Certain triggers will recur more frequently than others — these are the things you should focus on the most.
Deep breaths. When you first start to lose your patience, take a deep breath, and breathe out slowly. Then take another. And another. These three breaths will often do the trick, as your frustration will slowly melt away.
Count to 10. This one really works. When you feel yourself getting frustrated or angry, stop. Count slowly to 10 (you can do this in your head). When you’re done, most of the initial impulse to yell or do something out of frustation will go away. Combine this with the breathing tip for even more effectiveness.
Start small. Don’t try to become as patient as Job overnight. It won’t happen. Start with something small and manageable. Look for a trigger that only induces a mild impatience within you — not something that gets your blood boiling. Then focus on this, and forget the other triggers for now. Work on controlling your temper for that one trigger. If you can get this one under control, use what you learned to focus on the next small trigger. One at a time, and with practice, you’ll get there.
Take a time out. Often it’s best just to walk away for a few minutes. Take a break from the situation, just for 5-10 minutes, let yourself calm down, plan out your words and actions and solution, and then come back calm as a monk.
Remember what’s important. Sometimes we tend to get upset over little things. In the long run, these things tend not to matter, but in the heat of the moment, we might forget this. Stop yourself, and try to get things in perspective.
Keep practicing. Every time a situation stretches your patience to dangerous thinness, just think of it as an opportunity to practice your patience. Because that’s what it take to become patient — practice, practice, more practice, and even more practice. And then some more. And the more you practice, the better you’ll get. So cherish these wonderful opportunities to practice.
Visualize. This works best if you do it before the frustrating situation comes up. When you’re alone and in a quiet place. Visualize how you want to react the next time your trigger happens. How do you handle the situation? How do you look? What do you say? How does the other person react? How does it help your relationship, your life? Think about all these things, visualize the perfect situation, and then try to actually make that happen when the situation actually comes up.
Remember that things can take time. Nothing good happens right away. If you expect things to happen at the snap of your fingers, you’ll get impatient every time. Instead, realize that things will take time, and this realization can help your patience tremendously.
Teach. This is something that helps me a lot. I remember that no one is perfect, and that everyone has a lot to learn. Be patient, and teach others how to do things — even if you’ve tried before, it might be the 11th time when things click. And remember, none of us learn things on the first try. Find new ways to teach something, and you’re more likely to be successful.
Find healthy ways to relieve frustration. Frustration can build up like steam in a pressure cooker, and if you don’t relieve that steam, you’ll explode. So find ways to relieve that frustration in a healthy way. Punching a pillow, going outside to a place where you’re all alone and yelling, exercise, kickboxing … these are just a few examples. Once you get that frustration out of your system, you usually feel better.
Try meditation. You can’t meditate in the middle of a frustrating situation, usually, but often meditation can help you to learn to find a center of calm within yourself. Once you learn how to go to this calm place, you can go there when you begin to get angry. Meditation can also help you to be in the moment, instead of always wanting to get to the future, or instead of dwelling on the past and getting angry about it.
Just laugh. Sometimes we need to remind ourselves that no one is perfect, that we should be enjoying this time with our loved ones, and that life should be fun — and funny. Smile, laugh, be happy. Doesn’t always work, but it’s good to remind yourself of this now and then.
Just love. Instead of reacting with anger, teach yourself to react with love. Your child spills something or has a messy room or breaks your family heirloom? Your spouse yells at you or is cranky after work? React with love. It’s the best solution.

Bad Programmer

2008-07-04T16:25:00.002-04:00

Bad Programmers

Solving your skillset problems

Signs that you are a bad programmer

1. Inability to reason about code

Reasoning about code means being able to follow the execution path ("running the program in your head") while knowing what the goal of the code is.

Symptoms

The presence of "voodoo code", or code that has no effect on the goal of the program but is diligently maintained anyway (such as initializing variables that are never used, calling functions that are irrelevant to the goal, producing output that is not used, etc.)
Executing idempotent functions multiple times (eg: calling the save() function multiple times "just to be sure")
Fixing bugs by writing redundant code that overwrites the result of the faulty code
"YoYo code" that converts a value into a different representation, then converts it back to where it started (eg: converting a decimal into a string and then back into a decimal, or padding a string and then trimming it)
"Bulldozer code" that gives the appearance of refactoring by breaking out chunks into subroutines, but that are impossible to reuse in another context (very high cohesion)

Remedies

To get over this deficiency a programmer can practice by using the IDE's own debugger as an aide if it has the ability to step through the code one line at a time. In Visual Studio, for example, this means setting a breakpoint at the beginning of the problem area and stepping through with the 'F11' key, inspecting the value of variables--before and after they change--until you understand what the code is doing. If the target environment doesn't have such a feature, then practice in one that does.

The goal is to reach a point where you no longer need the debugger to be able to follow the flow of code in your head, and where you are patient enough to think about what the code is doing to the state of the program. The reward is the ability to identify redundant and unnecessary code, as well as how to find bugs in existing code without having to re-implement the whole algorithm from scratch.

2. Poor understanding of the language's programming model

Object Oriented Programming is an example of a language model, as is Functional or Declarative programming. They're each significantly different from procedural or imperative programming, just as procedural programming is significantly different from assembly or GOTO-based programming. Then there are languages which follow a major programming model (such as OOP) but introduce their own improvements such as list comprehensions, generics, duck-typing, etc.

Symptoms

Using whatever syntax is necessary to break out of the model, then writing the remainder of the program in imperative/procedural style
(OOP) Attempting to call non-static functions or variables in uninstantiated classes, and having difficulty understanding why it won't compile
(OOP) Writing lots of "xxxxxManager" classes that contain all of the methods for manipulating objects that have little or no methods of their own
(Relational) Treating the database as an object store by giving each table an identity column (or GUID) for the primary key, and possibly going as far as serializing the state of the object to a binary column
(Functional) Creating multiple versions of the same algorithm to handle different types or operators, rather than passing high-level functions to a generic implementation
(Functional) Manually caching the results of a deterministic function
(Pure Functional) Using cut-n-paste code from someone else's program to deal with I/O and Monads
(Declarative) Setting individual values in imperative code rather than using data-binding

Remedies

If your skills deficiency is a product of ineffective teaching or studying, then an alternative teacher is the compiler itself. There is no more effective way of learning a new programming model than starting a new project and committing yourself to use whatever the new constructs are, intelligently or not. You also need to practice explaining the model's features in crude terms of whatever you are familiar with, then recursively building on your new vocabulary until you understand the subtleties as well. For example:

Phase 1: "OOP is just records with methods"
Phase 2: "OOP methods are just functions running in a mini-program with its own global variables"
Phase 3: "The global variables are called fields, some of which are private and invisible from outside the mini-program"
Phase 4: "The idea of having private and public elements is to hide implementation details and expose a clean interface, and this is called Encapsulation"
Phase 5: "Encapsulation means my business logic doesn't need to be polluted with implementation details"

Phase 5 looks the same for all languages, since they are all really trying to get the programmer to the point where he can express the intent of the program without burying it in the specifics of how. Take functional programming as another example:

Phase 1: "Functional programming is just doing everything by chaining deterministic functions together"
Phase 2: "When the functions are deterministic, they don't need to be executed until the output is called for, and only for as much as needed. This is called Lazy Evaluation and Partial Evaluation"
Phase 3: "In order to support Lazy and Partial Evaluation, the compiler requires that I write functions in terms of how to transform a single parameter, sometimes into another function. This is called Currying"
Phase 4: "When all functions are curried, the compiler can choose the best execution plan by using a constraint solver"
Phase 5: "By letting a constraint solver figure out the mundane details, I can write programs by describing what I want, rather than how to give it to me"

3. Deficient research skills / Chronically poor knowledge of the platform's features

Modern languages and frameworks now come with an awesome breadth and depth of built-in commands and features, with some leading frameworks (Java, .Net, Cocoa) being too large to expect any programmer, even a good one, to learn in anything less than a few years. But a good programmer will search for a built-in function that does what they need before they begin to roll their own, and excellent programmers have the skill to break-down and identify the abstract problems in their task, then search for existing frameworks, patterns, models and languages that can be adapted before they even begin to design the program.

Symptoms

These are only indicative of the problem if they continue to appear in the programmer's work long after he should have mastered the new platform.

Re-inventing or laboring without basic mechanisms that are built-into the language, such as events-and-handlers or regular expressions
Re-inventing classes and functions that are built-into the framework (eg: timers, collections, sorting and searching algorithms)
"Email me teh code, plz" messages posted to help forums
"Roundabout code" that accomplishes in many instructions what could be done with far fewer (eg: rounding a number by converting a decimal into a formatted string, then converting the string back into a decimal)
Persistently using old-fashioned techniques even when new techniques are better in those situations (eg: still writes named delegate functions instead of using lambda expressions for one-offs)
Having a stark "comfort zone", and going to extreme lengths to solve complex problems with primitives

Remedies

A programmer can't acquire this kind of knowledge without slowing down, and it's likely that he's been in a rush to get each function working by whatever means necessary. He needs to have the platform's technical reference handy and be able to look through it with minimal effort, which can mean either having a hard copy of it on the desk right next to the keyboard, or having a second monitor dedicated to a browser. To get into the habit initially, he should refactor his old code with the aim of reducing its instruction count by 10:1 or more.

4. Inability to comprehend pointers

If you don't understand pointers then there is a very shallow ceiling on the types of programs you can write, as the concept of pointers enables the creation of complex data structures and efficient APIs. Managed languages use references instead of pointers, which are similar but add automatic dereferencing and prohibit pointer arithmetic to eliminate entire classes of bugs. They are still similar enough, however, that a failure to grasp the concept will be reflected in poor data-structure design and bugs that trace back to the difference between pass-by-value and pass-by-reference in method calls.

Symptoms

Failure to implement a linked list, or write code that inserts/deletes nodes from linked list without losing data
Allocating arbitrarily big arrays for variable-length collections and maintaining a separate collection-size counter, rather than using a linked list or other dynamic data structure
Inability to find or fix bugs caused by performing arithmetic on pointers
Modifying the dereferenced values from pointers passed as the parameters to a function, and not expecting it to change the values in the scope outside the function
Making a copy of a pointer, changing the dereferenced value via the copy, then assuming the original pointer still points to the old value
Serializing a pointer to the disk or network when it should have been the dereferenced value
Sorting an array of pointers by performing the comparison on the pointers themselves

Remedies

A friend of mine named Joe was staying somewhere else in the hotel, but I didn't know which room number. I did, however, know which room his acquaintance, Frank, was staying in. So I went up there and knocked on his door and asked him, "Where's Joe staying?" Frank didn't know, but he did know which room Joe's co-worker, Theodore, was staying in, and gave me that room number instead. So I went to Theodore's room and asked him where Joe was staying, and Theodore told me that Joe was in Room 414. And that, in fact, is where Joe was.

Pointers can be described with many different metaphors, and the data structures you can build translated into many analogies. The above is a simple analogy for a linked list, and anybody can invent their own, even if they aren't programmers. The comprehension failure doesn't occur when pointers are described, so you can't describe them any more thoroughly than they already have been. It fails when the programmer then tries to visualize what's going on in the computer's memory and it gets conflated with their understanding of regular variables, which are very similar. It may help to translate the code into a simple story to help reason about what's going on, until the distinction clicks and the programmer can visualize pointers and the data structures they enable as intuitively as scalar values and arrays.

5. Difficulty seeing through recursion

The idea of recursion is easy enough to understand, but programmers often have problems imagining the result of a recursive operation in their minds, or how a complex result can be computed with a simple function. This makes it harder to design a recursive function because you have trouble picturing "where you are" when you come to writing the test for the base condition or the parameters for the recursive call.

Symptoms

Hideously complex iterative algorithms for problems that can be solved recursively (eg: traversing a filesystem tree), especially where memory and performance is not a premium
Recursive functions that check the same base condition both before and after the recursive call
Recursive functions that don't test for a base condition
Recursive subroutines that concatenate/sum to a global variable or a carry-along output variable, and aren't implementing tail recursion
Apparent confusion about what to pass as the parameter in the recursive call, or recursive calls that pass the parameter unmodified

Remedies

Get your feet wet and be prepared for some stack overflows. Begin by writing code with only one base-condition check and one recursive call that uses the same, unmodified parameter that was passed. Stop coding even if you have the feeling that it's not enough, and run it anyway. It throws a stack-overflow exception, so now go back and pass a modified copy of the parameter in the recursive call. More stack overflows? Excessive output? Then do more code-and-run iterations, switching from tweaking your base-condition test to tweaking your recursive call until you start to intuit how the function is transforming its input. Resist the urge to use more than one base-condition test or recursive call unless you really know what you're doing.

Your goal is to have the confidence to jump in, even if you don't have a complete sense of "where you are" in the imaginary recursive path. Then when you now need to write a function for a real project you'd begin by writing a unit test first, and proceeding with the same technique above.

Signs that you are a mediocre programmer

1. Inability to think in sets

Transitioning from imperative programming to functional and declarative programming will immediately require you to think about operating on sets of data as your primitive, not scalar values. The transition is required whenever you use SQL with a relational database (and not as an object store), whenever you design programs that will scale linearly with multiple processors, and whenever you write code that has to execute on a SIMD-capable chip (such as modern graphics cards and video game consoles).

Symptoms

The following count only when they're seen on a platform with Declarative or Functional programming features that the programmer should be aware of.

Performing atomic operations on the elements of a collection within a for or foreach loop
Writing Map or Reduce functions that contain their own loop for iterating through the dataset
Fetching large datasets from the server and computing sums on the client, instead of using aggregate functions in the query
Functions acting on elements in a collection that begin by performing a new database query to fetch a related record
Writing business-logic functions with tragically compromising side-effects, such as updating a user interface or performing file I/O
Classes that open their own database connections or file handles and keep them open for their lifespan

Remedies

Funny enough, visualizing a card dealer cutting a deck of cards and interleaving the two stacks together by flipping through them with his thumbs can jolt the mind into thinking about sets and how you can operate on them in bulk. Other stimulating visualizations are:

freeway traffic passing through an array of toll booths (parallel processing)
springs joining to form streams joining to form creeks joining to form rivers (parallel reduce/aggregate functions)
a newspaper printing press (coroutines, pipelines)
the zipper tag on a jacket pulling the zipper teeth together (simple joins)
transfer RNA picking up amino acids and joining messenger RNA within a ribosome to become a protein (multi-stage function-driven joins, see animation)
the above happening simultaneously in billions of cells in an orange tree to convert soil, water and sunlight into orange juice (Map/Reduce on large distributed clusters)

If you are writing a program that works with collections, think about all the supplemental data and records that your functions need to work on each element and use Map functions to join them together in pairs before you have your Reduce function applied to each pair.

2. Lack of critical thinking

Unless you criticize your own ideas and look for flaws in your own thinking, you will miss problems that can be fixed before you even start coding. If you also fail to criticize your own code once written, you will only learn at the vastly slower pace of trial and error. This is the root of lazy thinking and egocentric thinking, so its symptoms seem to come from two different directions.

Symptoms

"Business Rule Engines"
Fat static utility classes, or multi-disciplinary libraries with only one namespace
Conglomerate applications, or attaching unrelated features to an existing application to avoid the overhead of starting a new project
Architectures that have begun to require epicycles
Adding columns to tables for tangential data
Inconsistent naming conventions
"Man with a hammer" mentality, or changing the definitions of problems so they can all be solved with one particular technology
Programs that dwarf the complexity of the problem they solve
Pathologically and redundantly defensive programming ("Enterprisey code")

Remedies

Start with a book like Critical Thinking by Paul and Elder, work on controlling your ego, and practice resisting the urge to defend yourself as you submit your ideas to friends and colleagues for criticism.

Once you get used to other people examining your ideas, start examining your own ideas yourself and practice imagining the consequences of them. In addition, you also need to develop a sense of proportion (to have a feel for how much design is appropriate for the size of the problem), a habit of double-checking assumptions (so you don't overestimate the size of the problem), and a healthy attitude towards failure (even Isaac Newton was wrong, but we needed him to try anyway).

Finally, you must have discipline. Being aware of flaws in your plan will not make you more productive unless you can muster the willpower to correct and rebuild what you're working on.

3. Pinball Programming

When you tilt the board just right, pull back the pin to just the right distance, and hit the flipper buttons in the right sequence, then the program runs flawlessly with the flow of execution bouncing off conditionals and careening unchecked toward the next state transition.

Symptoms

One Try-Catch block wrapping the entire body of Main() and resetting the program in the Catch clause (the pinball gutter)
Using strings/integers for values that have (or could be given) more appropriate wrapper types in a strongly-typed language
Packing complex data into delimited strings and parsing it out in every function that uses it
Failing to use assertions or method contracts on functions that make assumptions about their arguments
The use of Sleep() to wait for another thread to finish its task
Switch statements, on non-enumerated values, that don't have an "Otherwise" clause
Using Automethods or Reflection to invoke methods that are named in unqualified user input
Setting global variables in functions as a way to return multiple values
Classes with one method and a couple of fields, where you have to set the fields as the way of passing parameters to the method
Multi-row database updates without a transaction
Hail-Mary passes (eg: trying to restore the state of a database without a transaction and ROLLBACK)

Remedies

Imagine your program's input is water. It's going to fall through every crack and fill every pocket, so you need to think about what the consequences are when it flows somewhere other than where you've explicitly built something to catch it.

You will need to make yourself familiar with the mechanisms on your platform that help make programs robust and ductile. There are three basic kinds:

those which stop the program before any damage is done when something unexpected happens, then helps you identify what went wrong (type systems, assertions, exceptions, etc.),
those which direct program flow to whatever code best handles the contingency (try-catch blocks, multiple dispatch, event driven programming, etc.),
those which pause the thread until all your ducks are in a row (WaitUntil commands, mutexes and semaphores, SyncLocks, etc.)

There is also a fourth, Unit Testing, which you use at design time.

Using these ought to become second nature to you, like putting commas and periods in sentences. To get there, go through the above mechanisms (the ones in parenthesis) one at a time and refactor an old program to use them wherever you can cram them, even if it doesn't turn out to be appropriate (especially when they don't seem appropriate, so you also begin to understand why).

Signs that you shouldn't be a programmer

The following may not have any remedies if you still suffer from them after taking a programming course in school, so you will stand a better chance of advancing your career by choosing another profession.

1. Inability to determine the order of program execution

Symptoms

a = 5
b = 10
a = b

print a

You look at the code above and aren't sure what number gets printed out at the end

Alternative careers

Electrician
Plumber
Architect
Civil engineer

2. Insufficient ability to think abstractly

Symptoms

Difficulty comprehending the difference between objects and classes
Difficulty implementing design patterns for your program
Difficulty writing functions with low cohesion
Incompetence with Regular Expressions
Lisp is opaque to you
Cannot fathom the Church-Turing Thesis

Alternative careers

Contract negotiator
Method actor

3. Collyer Brothers syndrome

Symptoms

Unwilling to throw away anything, including garbage
Unwilling to delete anything, be it code or comments
The urge to build booby-traps for defense against trespassers
Unwilling to communicate with other people
Poor organization skills

Alternative careers

Antique dealer
Bag lady

4. Dysfunctional sense of causality

Symptoms

You seriously consider malice to be a reason why the compiler rejects your program
When called on to fix a bug in a deployed program, you try prayer
You take hidden variables for granted and don't think twice about blaming them for a program's misbehavior
You think the presence of code in a program will affect its runtime behavior, even if it is never invoked
Your debugging repertoire includes rituals like shining your lucky golf ball, twisting your wedding ring, and tapping the nodding-dog toy on your monitor. And when the debugging doesn't work, you think it might be because you missed one or didn't do them in the right order

Alternative careers

Playing the slot machines in Vegas

Ambient lighting.

2008-07-01T10:46:00.002-04:00

http://lifehacker.com/397415/set-up-cheap-ambient-lighting-with-rope-lights

The old UNIX Wars

2008-06-29T10:03:00.002-04:00

From a slashdot comment:

Don't you know the new required thought pattern? We aren't supposed to remember how nasty IBM were.

They are meant to be thought of as the poor unfortunate victims of an evil Microsoft, not the over confident and arrogant giant company who's failure to understand the market handed the world of computing to a small company whose owner lived on junk food and didn't wash much.

Being old I remember the time when Microsoft were this great company who liberated the computing world from the Unix wars. A company whose philosophy of getting their product out there cheaply and on everything meant I could finally afford a computer after several years of wanting, but not being able to buy, a Mac.

There was a time when Microsoft were the good guys, where people suddenly found that they could write a product for DOS and it would run on almost any computer. That meant it was possible to become a software house with a lot less effort and money than before.

I rather suspect people just don't realise what it was like before DOS.

Ok it didn't stay that way, or didn't unless you're a big Microsoft fan, but when I were young it was true.

Personally I wish they would get with the Open Source movement. I've been an open source developer for over five years, working with both Linux and Windows, and the lack of high level co-operation between the two camps is, in my opinion, is preventing a huge leap forward in computing.

5 Ways to Make Your Company Gen Y-Friendly

Katherine Spencer Lee, Computerworld.com

Thursday, June 26, 2008 11:03 AM PDT

Facing a potential onslaught of baby boomer retirements and a smaller pool of Generation X employees to replace them, IT managers who want to create or sustain a Best Place to Work environment will need the additional help of another group of professionals: Generation Y. Also known as Millennials, this group consists of nearly 80 million individuals born roughly between 1979 and 1999. They are the workforce of the future.

But what will it take to attract and keep these individuals? Are Generation Y's ideas about what makes a great employer different from those of other generations?

Yes, and no.

In many ways, the Millennial generation wants exactly what professionals from previous generations expect from employers. When polled for a recent study by our company and Yahoo HotJobs, the most senior members of Generation Y - those aged 21 to 28 and beginning their careers - placed salary, benefits and opportunities for professional growth at the top of their lists.

This isn't to say, however, that they are like their predecessors in every way. In terms of their workstyles, professional expectations and career concerns, they show some distinct preferences. Based on their responses to the survey, here are a few suggestions for making your company Gen Y-friendly.

No. 1: Offer attractive benefits. Salary is a key consideration for members of this group, but so are benefits. Growing up at a time when the U.S. health care system is delivering fewer services at higher costs and the future of Social Security benefits is in doubt, Gen-Yers are most attracted to companies that provide first-rate health care and retirement benefits.

No. 2: Promote work/life balance. Nearly 73% of Gen-Yers surveyed said they are concerned about being able to balance a career with personal obligations. Consider implementing specialized arrangements - such as flextime, telecommuting or a compressed workweek - that give employees more control over their work schedules.

No. 3: Narrow the rungs of the corporate ladder. Millennials are willing to work hard, but when it comes to moving up the ranks, they want to do so quickly. According to the study, 51% of Millennials surveyed believe professionals entering the workforce should have to spend only one to two years proving themselves in entry-level positions. That means you aren't likely to attract or keep talented Gen Y employees by requiring them to spend years "paying their dues."

No. 4: Ensure managers are engaged and accessible. In the survey, Millennials described their "dream boss" as being understanding, caring, flexible and open-minded, as well as someone who is authoritative but respects, values and appreciates his employees. They aren't looking for a micromanager, but they do value good management skills and regular contact with their supervisors; in fact, 35% of those surveyed want to communicate with the boss several times a day.

No. 5: Foster "face time." Even though Gen-Yers grew up with cell phones, e-mail and the Internet, two-thirds of survey respondents selected in-person conversations with their co-workers as their preferred communication method. You'll encourage longer tenures and greater loyalty among employees if you create opportunities for them to interact with others. Consider arranging workgroups in open seating areas, establishing project teams or developing a mentoring program.

Although Generation Y employees bring specific values and ideals to the business world, it would be a mistake to view all of them simply through a generational lens. Avoid stereotyping and be prepared to tailor your workplace policies and management strategies when necessary.

IT professionals who are members of Generation Y expect a lot from their employers, but they also expect a lot of themselves and enter the workforce eager to make contributions and prove their value. The key to successfully recruiting and retaining Millennials is taking the time to learn what they care most about on and off the job.

freebsd 7.0, dell latitude d830, intel snd_hda

2008-06-17T21:30:00.002-04:00

The latitude d830 I have uses intel's HDA - snd_hda.ko, this driver works, but i could only get sound out of the headphone / audio out jack...not the speakers.

so i enabled snd_hda_load="YES" in /boot/loader.conf
(this also loads sound.ko (sound core))

then added some device hints to /boot/device.hints for the snd_hda driver.
i went ahead and added all 'gpio' hints, even though i don't know what they mean ;p
hint.pcm.0.config="gpio0,gpio1,gpio2,gpio3,gpio4,gpio5,gpio6,gpio7"

There are several other hints in the snd_hda man page...dunno what they do.
Anyway, after adding the gpio flags Sound worked from the internal speakers! ;)
Not sure which flag exactly did it...but one of them did!

man in the first place i just wanted to setup this box as the ap

2008-06-17T08:11:00.002-04:00

[quleap] man in the first place i just wanted to setup this box as the ap
[quleap] instead of running an openvpn to it through a linksys
[quleap] i want some real security
[me] quleap: unplug it!~
[EdwardElric] haha
[EdwardElric] fool proof
[quleap] then there'd be nothign to secure
[quleap] i like it
[quleap] very zen
[quleap] lol

bsd, unix, vmware, linux, and oracle - administration tools and tips by william nix : tronik

Port 88 open on Mac OS X - KDC monitoring daemon

Mac OS X VPN and L2TP for Android / iPhone and iPad devices (or others l2tp)

grep, od, and dos2unix - Need to fix some crappy files that won't grep?

default SSL enabled in Oracle Internet Application Server 10gr2 ias10gr2

Idiots in the industry.

SELinux, Oracle, and RedHat Enterprise Linux revisited...

SELinux, Apache and PHP 5.

yum rollback feature / rpm rollback feature

php5 / suhosin extension (not patch) on CentOS or RHEL

Install Suhosin as extension

Compile Suhosin under PHP 5 and RHEL / CentOS Linux

Configure Suhosin

Restart web server

Verify Suhosin installation

setup bridging br0 eth0 on Centos or RHEL for KVM virtual machines

pidgin, otr, and random number generation

Pam Update, security pam_limits and 64 bit libs

Updated on SSH Key authentication.

SSH and SSH Key Pair Authentication instead of Passwords

Public key authentication - an introduction

sudo, su, and you. oh, and root. and some tips...

Alternatives

List Commands

Configuration

Disallow Shell Access

OpenSSH and SSH.COM Key generation - Some Concerns...

Oracle on Linux needs access to /proc? Only for Enterprise Manager?

Linux, sudo, and environment variables

The blackberry Curve 8300 - 83xx - Pretty cool.

unix security problems

session recording with 'script' in linux/unix hosts.

Enable Oracle Application Server to run on port <1024 on HPUX

Changing VSWIF IP in VMWare ESX

Serial Console on VMWare ESX

it is the whole thing.

mpage!

cups-pdf, cups, RHEL, Linux, and EPEL repositories...

using firefox 3.5.x in Linux ... Its not just that easy, apparently.

enable rpmfusion, epel for CentOS / RHEL5 to install other repos...

homemade tend skin recipe.

From a "Best of Craigslist"

Dear Christians

Resetting OS Passwords! Just a good writeup for those interested. ;)

'08 nissan 350z - nogaro red paint code

rEFIt - bootloader for the mac.

burn a playable dvd from video_ts in Mac OS X

some things someones father taught them...

Things my father taught me

neopi, oracle on linux...10gr2..and my birthday.

Oracle 10gR2 on RHEL5

Preamble

[edit] Hardware requirements

[edit] Software requirements

[edit] Preinstalation tasks

[edit] Semaphores explanation

[edit] Shared memory explanation

[edit] Network setting explanation

[edit] Actual installation

tar over ssh to pipe files..

ubuntu intrepid ibex java needs icedtea

unix and windows: carriage returns with tr/sed/awk

freebsd jails from sysinstall

freebsd native firefox, linux-firefox, and linux-opera with flash and java.

Renting or Owning a House...Hmm.

Found this really good article... on yahoo. via digg i believe.

Taken from : http://realestate.yahoo.com/promo/renting-makes-more-financial-sense-than-homeownership.html;_ylc=X3oDMTFta3Jqcjk3BF9TAzI3MTYxNDkEX3MDOTc2MjA0NjUEc2VjA2ZwLXRvZGF5BHNsawNyZW50aW5nLWJldHRlcg--

Renting Makes More Financial Sense Than Homeownership

Stocks vs. Houses: Returns

Stocks vs. Houses: Valuations

Stocks vs. Houses: Conclusion

Questions/Objections

"You can't live in your stocks" or "Renters throw money down the drain."

"House buyers get tax breaks."

"What about the pride of home ownership?"

"You seem to knock government housing subsidies, but they've helped many Americans afford homes."

"Houses are bigger than apartments."

"Are you saying I should sell my big house and rent an apartment instead?"

"Renting is for poor people."

"You say houses return zero. But I've made a fortune on my house in recent years."

[edit]
Hardware requirements

[edit]
Software requirements

[edit]
Preinstalation tasks

[edit]
Semaphores explanation

[edit]
Shared memory explanation

[edit]
Network setting explanation

[edit]
Actual installation