I wrote over 18 months ago about LinkedIn; and some trends I saw of people just linking with unknown contacts.
That’s still rife; I see colleagues who are linked to people and I know they have no idea who they are.
Guy Kawasaki wrote an interesting article about using LinkedIn – certainly good basic information; especially for those looking to hire or be hired. I especially like the comment about tracking down your potential manager.
Hot on the heels of WordPress 2.0.6 release candidate – is WordPress 2.1 beta 1.
I tried the alpha from subversion on this blog a while ago; it looked promising. Now we are at beta 1.
You can get the beta from here; knowing the test and release team – it will be live in weeks.
It was the Christmas of 1981 that I received my first computer; a Sinclair ZX81.
It’s been over 25 years since I started using Wordstar and dBase on CP/M running on TeleVideo TS802 and later TS803 machines.
Since then it’s been a downward spiral; through multiple BBC/Acorn machines; then 8086, 80286, 80386sx, 486, Pentium and beyond PCs.
I’ve been working with the next version of ZENworks all week; and for several reasons I needed to clear up my MSI database on several Windows machines.
Here’s a cool tool from Microsoft that makes it easy. The Windows Installer CleanUp Utility.
Update time again – this time for another security issue.
Here’s the mail from wp-testers:
http://wordpress.org/beta/wordpress-2.0.6-RC2.zip
http://wordpress.org/beta/wordpress-2.0.6-RC2.tar.gzRC2 addresses the following vulnerability.
http://seclists.org/fulldisclosure/2006/Dec/0463.htmlWe also changed how we escape HTML attributes. Escaping is done with a new
attribute_escape() function.http://trac.wordpress.org/changeset/4656
This touched a lot of files so we need to do some broad testing to make sure we didn’t fat finger anything.
Should be GA soon; advisable to upgrade.
I wrote about moving my primary mail server to SLES 10 and Netmail 3.5.2 a month ago.
Everything has been working really well – great uptime, better performance, another box moved to SLES 10..
Except for one little thing. Grania has been commenting that some of her email is missing.
Well – it’s not been in the inbound SpamAssassin kill files; it’s not stuck on the mail server; there are no errors with connectivity; no problems with DNS or MX records. The mail has been from all over – so it’s not someone like Yahoo being picky. Also normal mail has been coming in fine – so we’ve not been blackholed.
Tonight I decided to hunt down the problem.
It was me. I missed one step for the migration of mail; to use Netmail rules and forwarding the AutoReply agent needs creating and configuring.
The AutoReply Agent also enables users to forward their messages to another e-mail address. Users can specify if they want to retain a copy of the message in their NetMail mailbox or forward the message to the designated address.
Ooops. I missed that one. Three mouse clicks later and everything is back to normal.
I just trawled the aliases and there were over 400 mails to forward to the real mailboxes.
A month ago I got my hands on the RTM DVD of Windows Vista and took the plunge. I installed Vista Ultimate on my production IBM Thinkpad T42p; 80GB HDD, 2GB RAM. I installed Vista into my Active Directory environment
Currently here is what I’ve got running, as well as a list of applications that are working for me:
The only applications I’m having trouble with so far are
I found a couple of defects; Microsoft worked with me and got a fix for one:
The most annoying thing was the User Account Control – every action required confirmation. I’m a domain admin and local admin on the box; my own fault if I do something foolish. I turned off all of the UAC features within a few hours – just too in your face.
Next steps are to find the Lenovo/IBM Thinkpad tools for some of the key mappings; not essential. Also have another hack at the VPN client.
Usual disclaimer – some of the apps listed are not ‘supported’. In fact I’m probably the only person testing Collanos Workplace on Vista 😉
Back in full form with ‘The Life Pursuit’. First chance I’ve had to listen to it (baby and all that). “Another Sunny Day” is especially good.
Fun fun fun – server consolidation time.
Dell P4, 2GB RAM, 1TB storage (4x 300GB SATA RAID 5)
Install SLES 10, no GUI, runlevel 3 only. Disable pretty much everything not needed.
I chose ext3 for /, xfs for my NAS filesystem; I’ve had good results using xfs – reliability and performance.
Next optimisation of the filesystem:
#/etc/sysctl.conf
# Reduces the amount of work the TCP stack does.
net.ipv4.tcp_sack = 0
# The number of inodes (fs.inode-nr) available to the Linux kernel should be 3-4 times
# greater than the fs.file-max parameter
fs.inode-nr = 128000
# Maximum number of file handles that can open at a given time (default=4096)
fs.file-max = 64000
Apply the configuration and reboot:
chkconfig boot.sysctl on
Install Kerberos Client libraries. This can be done from YAST or the ZENworks updater. The basic modules needed are:
Install the SAMBA pieces:
Next configuration of SAMBA and the Kerberos environment; I found that using YAST wouldn’t let me set this up correctly. The two files are /etc/krb5.conf and /etc/samba/smb.conf
Note that krb5.conf expects everything AD related in upper case. Took me a few tries to realise that.
I’ve cleansed the real information – for the record there is no AD infrastructure at evilzenscientist.com – it’s just illustrative.
Active Directory server: 192.68.0.16, EZS-KDC
Active Directory tree: ezs-ad.evilzenscientist.com
Active Directory ‘domain’: EZS-AD
#/etc/krb5.conf
[libdefaults]
default_realm = EVILZENSCIENTIST.COM
clockskew = 300[realms]
EVILZENSCIENTIST.COM = {
kdc = 192.168.0.16
default_domain = EZS-AD
admin_server = 192.168.0.16
}[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmind.log
default = SYSLOG:NOTICE:DAEMON
[domain_realm]
.EZS-AD = EVILZENSCIENTIST.COM
[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
retain_after_close = false
minimum_uid = 0
try_first_pass = true
}
Next is the SAMBA configuration /etc/samba/smb.conf
#/etc/samba/smb.conf
[global]
workgroup = EZS-AD
realm = EZS-AD.EVILZENSCIENTIST.COM
password server = EZS-KDC.EZS-AD.EVILZENSCIENTIST.COM
security = ADS
encrypt passwords = yes
server string = %h SAMBA %v SLES 10winbind separator = +
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes[data]
comment = data
read only = no
path = /data
user = @”EZS-AD+domain users”
Next is the Active Directory authentication configuration.
Edit /etc/nsswitch.conf – and make sure that these lines are present:
#/etc/nsswitch.conf
passwd: compat winbind
group: compat winbind
Reboot and then test the Kerberos implementation:
Test the Kerberos implementation:
This should prompt for a password and return no errors. Note that time sync between the client and the AD KDC server needs to be pretty tight. Look at using NTP.
Join the server to the AD domain:
net ads join
Using short domain name — EZS-AD
Joined ‘EZS-NAS’ to realm ‘EZS-AD.EVILZENSCIENTIST.COM’
There are some testing steps; look at the getent tool:
getent passwd
getent groups
These should return users and groups from the AD world.
That’s it for now; I’m the happy owner of a good, fast NAS box that is integrated into my Active Directory.
For the record – I have found that SLES 10 + SAMBA is about 30% faster than a Windows 2003 server on the same hardware. Cheaper and Faster – now that’s a result.
I’ve been using Nero for about seven years to burn CDs and more recently DVDs.
I upgraded online to Nero 7 on Sunday; I paid by PayPal. I expected a serial number ‘within 24 hours’ – sadly disappointed.
I emailed the support line – nothing. The US support – nothing.
I’ve watched the spam filters like a hawk – nothing so far.
I eventually called into the US sales line – with a 15 minute hold – and eventually got the serial number mailed to me from the sales person.
Not good service this time around. The reason given was ‘we are busy’.
Recent Comments