tag:blogger.com,1999:blog-9998759285867071152024-03-13T09:47:45.638-07:00Linuxy Adventures in a Windows WorldAnonymoushttp://www.blogger.com/profile/11529524439991388341noreply@blogger.comBlogger31125tag:blogger.com,1999:blog-999875928586707115.post-88152763361749568932017-04-29T09:36:00.000-07:002017-04-29T09:36:43.070-07:00Google Cloud Functions always timeout<div>
If you've hopped onto the true "serverless" cloud, you've likely played with Amazon Lambda and Google Cloud functions.</div>
<div>
<br /></div>
<div>
I've had a particularly fun time with HTTP-triggered Cloud Functions from Google. My first foray however was shortly blocked by the strange behavior that every cloud function I wrote, would test fine in dev on Node.js but would simply timeout and hang when deployed to Google.</div>
<div>
<br /></div>
<div>
Struggled a bit with this, before finding his little gem, not so well-hidden in the docs, but overlooked by me:</div>
<blockquote class="tr_bq">
Note: You should always call a termination method such as send(), json(), or end() when your function has completed. Otherwise your function may continue to run and be forcibly terminated by the system.</blockquote>
So, you must always send some response for the function to complete.<br />
<br />
<pre>file.createReadStream({
start: 0,
end: 200
})
.on('error', function(err) {})
.on('end', function(data) {
while ( pos + 2 <= 200 ) {
pos += 2;
}
console.log('The file is fully downloaded');
res.send();
})
.on('data', function(data) {
bufs.push(data);
});
</pre>
<pre>
</pre>
In this case, a simple res.send() is done once the filestream ends.<br />
<blockquote class="tr_bq">
</blockquote>
<blockquote class="tr_bq">
</blockquote>
Anonymoushttp://www.blogger.com/profile/11529524439991388341noreply@blogger.com0tag:blogger.com,1999:blog-999875928586707115.post-51256818526098700282016-09-29T20:17:00.000-07:002017-04-29T09:50:24.189-07:00Be more intelligent with your `sleep`--or-- how to overengineer your scriptsThe universal solution to waiting for something to be ready in shell scripting is the `<span style="font-family: "courier new" , "courier" , monospace;">sleep</span>` command.<br />
<br />
Here, we're waiting for a dir to be created (say from a `<span style="font-family: "courier new" , "courier" , monospace;">yum install httpd</span>` going on in another terminal), so we can `<span style="font-family: "courier new" , "courier" , monospace;">ls</span>` the contents, perhaps as part of a script that configures <span style="font-family: "courier new" , "courier" , monospace;">httpd</span>.<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">sleep 6</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">ls /etc/</span><span style="font-family: "courier new" , "courier" , monospace;">init.d/httpd</span><br />
<br />
But is there a better way? What if the directory exists almost immediately? You've wasted nearly 6 seconds unnecessarily, which if you do this a lot in your script, adds a bunch of time.<br />
<br />
We need a way to continuously query if the resource exists. And it needs to be with a command that sets an error exit code if the resource is not found. Let's use `<span style="font-family: "courier new" , "courier" , monospace;">stat</span>` to do this.<br />
<br />
Leveraging the fact that `<span style="font-family: "courier new" , "courier" , monospace;">stat</span>` will set a non-zero exit code on failure<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">while true; do</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> stat /etc/</span><span style="font-family: "courier new" , "courier" , monospace;">init.d/httpd</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> if [ $? -eq 0 ]; then # check if the stat was successful</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> break</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> fi</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">done</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">ls /etc/</span><span style="font-family: "courier new" , "courier" , monospace;">init.d/httpd</span><br />
<br />
'<span style="font-family: "courier new" , "courier" , monospace;">true</span>' is a command, whose output is nothing and whose exit status is 0. In terms of performance we'd probably like not to call a binary, but `<span style="font-family: "courier new" , "courier" , monospace;">true`</span> is a shell built-in. The no-op operator `<span style="font-family: "courier new" , "courier" , monospace;">:</span>` accomplishes the same thing, ex: `<span style="font-family: "courier new" , "courier" , monospace;">while :; do`.</span><br />
<br />
We can simplify the <span style="font-family: "courier new" , "courier" , monospace;">if</span> statement by using the <span style="font-family: "courier new" , "courier" , monospace;">&&</span> operator which executes the following command <span style="font-family: "courier new" , "courier" , monospace;">break</span>, if <span style="font-family: "courier new" , "courier" , monospace;">stat</span> exits without error (sets a 0 status)<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">while true; do</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> stat /etc/init.d/httpd && break</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">done</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">ls /etc/</span><span style="font-family: "courier new" , "courier" , monospace;">init.d/httpd</span><br />
<br />
Instead of stat, we can use the `<span style="font-family: "courier new" , "courier" , monospace;">test</span>` command (aliased as `<span style="font-family: "courier new" , "courier" , monospace;">[</span>`). Here we check for a file using <span style="font-family: "courier new" , "courier" , monospace;">-f</span>.<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">while true; do</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> if [ -f /etc/init.d/httpd ]; then break; fi</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">done</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">ls /etc/</span><span style="font-family: "courier new" , "courier" , monospace;">init.d/httpd</span><br />
<span style="font-family: "times new roman";"><br /></span>
<span style="font-family: inherit;">However, in these examples, if the file never exists, the loop will <b>never exit</b>.</span><br />
<span style="font-family: "times new roman";"><br /></span>
<span style="font-family: "times new roman";">So, instead we can define a timeout and a shorter `</span><span style="font-family: "courier new" , "courier" , monospace;">sleep`</span><span style="font-family: "courier new" , "courier" , monospace;"><span style="font-family: inherit;"> interval, and a counter (</span><span style="font-family: "courier new" , "courier" , monospace;">i</span><span style="font-family: inherit;">) to track the iterations:</span></span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace;">i=0</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">while [ "$i" -lt 6 ]; do</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> if [ -f /etc/init.d/httpd ]; then break; fi</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> sleep 1</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> (( i++ )) # built-in arithmetic</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">done</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">ls /etc/</span><span style="font-family: "courier new" , "courier" , monospace;">init.d/httpd</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span>
Quote <span style="font-family: "courier new" , "courier" , monospace;">i</span><span style="font-family: inherit;"> for protection. Use the </span><span style="font-family: "courier new" , "courier" , monospace;">break</span><span style="font-family: inherit;"> keyword to escape the </span><span style="font-family: "courier new" , "courier" , monospace;">while</span><span style="font-family: inherit;"> loop.</span><br />
<br />
Alternatively, use Bash's built-in arithmetic:<br />
<span style="font-family: "courier new" , "courier" , monospace;">i=0</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">while (( i < 6 )); do</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> if [ -f /etc/init.d/httpd ]; then break; fi</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> sleep 1</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> (( i++ ))</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">done</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">ls /etc/</span><span style="font-family: "courier new" , "courier" , monospace;">init.d/httpd</span><br />
<br />
This is a good start. Calling <span style="font-family: "courier new" , "courier" , monospace;">test </span>(even as a builtin) in an infinite loop is also wasteful. If you are in bash, you can use the <span style="font-family: "courier new" , "courier" , monospace;">[[</span> keyword, which has the added benefit of protecting you against unquoted variables in a comparison.<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">i=0</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">while (( i < 6 )); do</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> if [[ -f /etc/init.d/httpd ]]; then break; fi</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace;"> sleep 1</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> (( i++ ))</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">done</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">ls /etc/</span><span style="font-family: "courier new" , "courier" , monospace;">init.d/httpd</span><br />
<br />
There is a bug here. <span style="font-family: "courier new" , "courier" , monospace;">ls</span> will run no matter whether the file was found or not.<br />
<br />
So now we exit the loop, but how do we notify the caller that it failed? The `break` statement does not return a non-zero. As far as the shell is concerned, the loop completed. We can use a RETVAL variable that we set explicitly to 0 when it succeeds, and 143 to mean "file not found".<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">i=0</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">while (( i < 6 )); do</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> </span><span style="font-family: "courier new" , "courier" , monospace;">if [[ -f "$path" ]];then</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> RETVAL=0</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> else</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> RETVAL=143</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> fi</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> </span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> [[ "$RETVAL" -eq 0 ]] && break</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace;"> sleep 1</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> (( i++ ))</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">done</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">[[ "$RETVAL" -eq 0 ]] && </span><span style="font-family: "courier new" , "courier" , monospace;">ls /etc/</span><span style="font-family: "courier new" , "courier" , monospace;">init.d/httpd || echo "ERR: file never created"</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="font-family: inherit;">I quote variables in the </span><span style="font-family: "courier new" , "courier" , monospace;">[[ ]]</span><span style="font-family: inherit;"> here even though it's not actually required.</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="font-family: inherit;">Which works fine, but we can simplify by simply unsetting RETVAL if there's a success. The test is expressed with </span><span style="font-family: "courier new" , "courier" , monospace;">[[ -z $xxx ]]</span><span style="font-family: inherit;">. Also it is best practice to send error messages to STDERR (file descriptor --or fd-- #2), using </span><span style="font-family: "courier new" , "courier" , monospace;">>&2.</span><br />
<div>
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span></div>
<span style="font-family: "courier new" , "courier" , monospace;">i=0</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">while (( i < 6 )); do</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> </span><span style="font-family: "courier new" , "courier" , monospace;">if [[ -f "$path" ]];then</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> unset RETVAL</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> else</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> RETVAL=143</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> fi</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> </span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> [[ -z "$RETVAL" ]] && break</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace;"> sleep 1</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> (( i++ ))</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">done</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">[[ -z "$RETVAL" ]] && </span><span style="font-family: "courier new" , "courier" , monospace;">ls /etc/</span><span style="font-family: "courier new" , "courier" , monospace;">init.d/httpd || echo "ERR: file never created" </span><span style="font-family: "courier new" , "courier" , monospace;">>&2</span><br />
<br />
Now, let's abstract the variables, and set an exit status.<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">i=0; path="/etc/init.d/httpd"; timeout=6</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">while (( i < $timeout )); do</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> </span><span style="font-family: "courier new" , "courier" , monospace;">if [[ -f "$path" ]]; then</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> unset RETVAL</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> else</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> RETVAL=143</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> fi</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> </span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> [[ -z "$RETVAL" ]] && break</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace;"> sleep 1</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> (( i++ ))</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">done</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">[[ -z "$RETVAL" ]] && </span><span style="font-family: "courier new" , "courier" , monospace;">ls "$path"</span><span style="font-family: "courier new" , "courier" , monospace;"> || (echo "ERR: file never created" </span><span style="font-family: "courier new" , "courier" , monospace;">>&2</span><span style="font-family: "courier new" , "courier" , monospace;">; exit $RETVAL )</span><br />
<div>
<br /></div>
<div>
Notice that the `<span style="font-family: "courier new" , "courier" , monospace;">exit</span>` is called from a subshell, as if it is called in the current context, it will exit your interactive shell which is annoying and undesirable. There is no way to use <span style="font-family: "courier new" , "courier" , monospace;">return</span> in this context since this is not yet in a function.</div>
<div>
<br /></div>
<div>
Testing with a bogus file.<br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace;">$ path=/etc/bogusfile</span></div>
<div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">$ while (( i < $timeout )); do</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">> </span><span style="font-family: "courier new" , "courier" , monospace;">if [[ -f "$path" ]]; then</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">> unset RETVAL</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">> else</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">> RETVAL=143</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">> fi</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">> [[ -z "$RETVAL" ]] && break</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">> sleep 1</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">> (( i++ ))</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">> done</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">$ [[ -z "$RETVAL" ]] && ls "$path" || (echo "ERR: file never created"; exit $RETVAL)</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">ERR: file never created</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">$ echo $?</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">143</span></div>
<div>
<span style="font-family: inherit;"><br /></span></div>
<div>
<span style="font-family: inherit;">Now put it in a reusable function!</span><br />
<span style="font-family: inherit;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace;">_testforfile () {</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> local i=0</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> local timeout="$1"</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> local path="$2"</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace;"> while (( i < $timeout )); do</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> if [[ -f "$path" ]];then</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> unset RETVAL</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> else</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> local RETVAL=143</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> fi</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace;"> [[ -z "$RETVAL" ]] && break</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace;"> sleep 1</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> (( i++ ))</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> done</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><span style="font-family: "courier new" , "courier" , monospace;"> [[ -z "$RETVAL" ]] && </span><span style="font-family: "courier new" , "courier" , monospace;">ls "$path"</span><span style="font-family: "courier new" , "courier" , monospace;"> || (echo "ERR: file never created" </span></span><span style="font-family: "courier new" , "courier" , monospace;">>&2; </span><span style="font-family: "courier new" , "courier" , monospace;">return "$RETVAL" )</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">}</span><br />
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;">Note the use of the `</span><span style="font-family: "courier new" , "courier" , monospace;">local</span><span style="font-family: inherit;">` keyword so we don't have our custom variables pollute the invoking environment, and the change of </span><span style="font-family: "courier new" , "courier" , monospace;">exit</span><span style="font-family: inherit;"> to </span><span style="font-family: "courier new" , "courier" , monospace;">return</span><span style="font-family: inherit;">. This function accepts two parameters as input. Call it like so:</span><br />
<span style="font-family: inherit;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace;">_testforfile 6 /etc/init.d/httpd</span><br />
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;">Now, we can enhance this by making sure that at least the first argument is numeric, and even set that to a default value of 5 if it was not provided.</span><br />
<span style="font-family: inherit;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace;">_testforfile () {</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> local i=0</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> local timeout=</span><span style="font-family: "courier new", courier, monospace;">"${2:-5}"</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> local path="$1"</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace;"> local re='^[0-9]+$'</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> if ! [[ $timeout =~ $re ]]; then</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> echo "ERR: Timeout was not a number" >&2</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> return 1</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> fi</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace;"> while (( i < $timeout )); do</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> if [[ -f "$path" ]];then</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> unset RETVAL</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> else</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> local RETVAL=143</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> fi</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> </span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> [[ -z "$RETVAL" ]] && break</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> </span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> sleep 1</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> (( i++ ))</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> done</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> [[ -z "$RETVAL" ]] && ls "$path" || (echo "ERR: file never created" >&2; return "$RETVAL" )</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">}</span><br />
<span style="font-family: inherit;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace;">re</span> is a regular expression used in conjunction with the <span style="font-family: "courier new" , "courier" , monospace;">=~</span> operator.<br />
<br />
In action:<br />
<span style="font-family: "courier new" , "courier" , monospace;">$ _testforfile 47d /etc/hosts</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">ERR: Timeout was not a number</span><br />
<div>
<br /></div>
<span style="font-family: inherit;">And maybe some tests in a future post.</span></div>
</div>
Anonymoushttp://www.blogger.com/profile/11529524439991388341noreply@blogger.com0tag:blogger.com,1999:blog-999875928586707115.post-41281027333189558282016-09-22T17:37:00.000-07:002016-11-04T15:18:24.194-07:00Kill an X application when you have multiple X servers runningMistakenly started a screensaver on my Chromoting session. Needless to say, a real pain when you have to unlock your local workstation AND the remote end after a minute of inactivity.<br />
<br />
Of course, now you have duplicate screensavers running, and it's not apparent in the process listing which one belongs to which X server. I certainly don't want to kill the real screensaver on :0, leaving my local console unlocked!<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">$ ps ax|grep screensave</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> 6166 ? S 16:30 xautolock -time 1 -locker xscreensaver-command -lock -detectsleep -corners -+00 -cornerdelay 1</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> 17200 ? S 9:25 xscreensaver -nosplash</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> 25747 ? S 7:13 xautolock -time 1 -locker xscreensaver-command -lock -detectsleep -corners -+00 -cornerdelay 1</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> 56143 pts/17 SN+ 0:00 grep --color=auto screensave</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">140723 ? S 0:07 xscreensaver -nosplash</span><br />
<br />
Seeing as the DISPLAY var is a part of the environment where the X application was invoked, it should be in:<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">/proc/<PID>/environ</span><br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">cat /proc/<PID>/environ</span> gives a whole block of unbroken text (unsure why this is not broken), but if you look closely you'll find the <span style="font-family: "courier new" , "courier" , monospace;">DISPLAY</span> variable in there.<br />
<br />
<span style="font-family: inherit;">The </span><span style="font-family: "courier new" , "courier" , monospace;">awk</span><span style="font-family: inherit;"> command was borrowed from elsewhere on the Internet. It basically says, break things apart using </span><span style="font-family: "courier new" , "courier" , monospace;">'=' </span><span style="font-family: inherit;">as a field separator </span><span style="font-family: "courier new" , "courier" , monospace;">(FS)</span><span style="font-family: inherit;"> and </span><span style="font-family: "courier new" , "courier" , monospace;">\0</span><span style="font-family: inherit;"> as a return separator </span><span style="font-family: "courier new" , "courier" , monospace;">(RS)</span><span style="font-family: inherit;">. I tried investigating this further, seeing as </span><span style="font-family: "courier new" , "courier" , monospace;">'\0'</span><span style="font-family: inherit;"> is the null return used in some GNU utils including </span><span style="font-family: "courier new" , "courier" , monospace;">xargs</span><span style="font-family: inherit;">, went down the following path:</span><br />
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;">This seemed like the most straightforward way to break it out:</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">/bin/echo -e $(cat /proc/137572/environ)</span><br />
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;">However the output was still not broken into lines. Oh well.</span><br />
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;">Note the use of </span><span style="font-family: "courier new" , "courier" , monospace;">/bin/echo</span><span style="font-family: inherit;"> as </span><span style="font-family: "courier new" , "courier" , monospace;">echo</span><span style="font-family: inherit;"> is usually a shell built-in.</span><br />
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;">Anyway, let's use </span><span style="font-family: "courier new" , "courier" , monospace;">awk</span><span style="font-family: inherit;"> like I mentioned before, by substituting the PIDs I found above.</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span>
<br />
<div>
<span style="font-family: "courier new" , "courier" , monospace;">PID=17200</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">$ awk 'BEGIN{FS="="; RS="\0"} $1=="DISPLAY" {print $2; exit}' /proc/$PID/environ</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">:0</span></div>
<div>
<br /></div>
<div>
Well that's not it.</div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">PID=140723</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">$ awk 'BEGIN{FS="="; RS="\0"} $1=="DISPLAY" {print $2; exit}' /proc/$PID/environ</span></div>
<div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">:20</span></div>
</div>
<div>
<br /></div>
<div>
Bingo.</div>
<div>
<br /></div>
<div>
Tie it together loosely:</div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">for PID in $(pgrep xscreensa); do echo -n $PID; awk 'BEGIN{FS="="; RS="\0"} $1=="DISPLAY" {print $2; exit}' /proc/$PID/environ;done</span></div>
<div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">6166:0</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">25747:20</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="font-family: inherit;">Now I can quickly tell which processe below to which DISPLAY.</span></div>
</div>
<div>
<br /></div>
<div>
<br /></div>
Anonymoushttp://www.blogger.com/profile/11529524439991388341noreply@blogger.com0tag:blogger.com,1999:blog-999875928586707115.post-54049942060005023312016-09-03T08:36:00.003-07:002016-09-03T08:37:15.239-07:00Simple field searching with MongoDBTons of articles detailing full-text search. But that's not what we want.<br />
<br />
For us UNIX folks, we just want to "grep" a field:<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">db.collection.find( {path: /serverpush.html/ } )</span><br />
<br />
The slashes are essentially wildcards.Anonymoushttp://www.blogger.com/profile/11529524439991388341noreply@blogger.com0tag:blogger.com,1999:blog-999875928586707115.post-38128390640883847682016-09-03T08:36:00.000-07:002016-09-03T08:36:00.256-07:009menu vs ratmenu vs dmenuToday I played around with some of the X11 popup menu options available out there, after I had started using i3 as my window manager. i3's simplicity is great, but it also left a bit of a hole in my toolset, as I often used a system-wide context menu, or root menu, to get access to shortcuts, such as.<br />
<ol>
<li>go into dynamic submenu that contains a list of recent clipboard contents to get them back in the copy-paste buffer</li>
<li>navigate files and folders quickly through submenus</li>
<li>use xfreerdp to connect to the windows machine hostname that I currently have highlighted in another document</li>
<li>call a special paste function that types my clipboard contents (in some remote sessions such as Java-based ones, copy-paste does not work)</li>
<li>take the current X selection and remove http:// and https:// from it (due to Chrome undermining copy and <a href="https://www.reddit.com/r/chrome/comments/1a9zth/copy_url_from_address_bar_without_http/">inserting</a> the <a href="http://superuser.com/questions/503436/how-to-remove-http-adding-in-addressbar-of-google-chrome-firefox">protocol</a> into copied hostnames</li>
</ol>
<h3>
Summary</h3>
<h4>
ratmenu</h4>
<ul>
<li>has a "prev" function to recall the previous menu in a hierarchy</li>
<li>will not take STDIN or process a script to generate menus</li>
<li>no mouse support</li>
<li>no hinting that it's a popup (though you can tell your tiling WM to pop it out)</li>
<li>easy config</li>
</ul>
<h4>
9menu</h4>
<ul>
<li>mouse support</li>
<li>no text search to select items</li>
<li>easy config</li>
<li>will take STDIN?</li>
<li>window hints for a popover</li>
</ul>
<h4>
dmenu</h4>
<ul>
<li>full text search to select items</li>
<li>no back option, but you can simply call the previous dmenu</li>
<li>no mouse support</li>
<li>scripts can be used to generate menus</li>
<li>a bit tricky to get it to recognize your bashrc</li>
</ul>
<br />
Ideally, there would be a standalone port of the Openbox root menu. However, the code looks very intertwined with Openbox itself. In addition, I find the XML of the Openbox root menu rc.xml to be pretty messy, and would probably re-implement it with a json or plaintext structure.<br />
<br />
So, without being able to port the Openbox root menu, the best option for me is 9menu. I've successfully written dynamic menus for it, though nothing too complicatedAnonymoushttp://www.blogger.com/profile/11529524439991388341noreply@blogger.com0tag:blogger.com,1999:blog-999875928586707115.post-48651592792887306542016-09-03T08:21:00.003-07:002016-09-03T08:22:09.169-07:00Errors running iodined serveriodine does not need an actual IPv6 interface, but will fail if AF_INET6 is not enabled, so you should change your kernel params as so:<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;"># sysctl -w net.ipv6.conf.all.disable_ipv6=0</span><br />
<br />
It was likely <span style="font-family: "courier new" , "courier" , monospace;">net.ipv6.conf.all.disable_ipv6=1</span>.<br />
<br />
I encountered this problem on Google Compute Engine, which surprisingly does not enable IPv6 by default.Anonymoushttp://www.blogger.com/profile/11529524439991388341noreply@blogger.com0tag:blogger.com,1999:blog-999875928586707115.post-53962836612745215602015-11-23T12:45:00.003-08:002015-11-23T12:45:32.575-08:00Chrome refuses to "Show in folder" in the correct application on LinuxTrying to set the handler for "inode/directory" was failing to work.<br />
<br /><br /><span style="font-family: Courier New, Courier, monospace;"><strike>$ xdg-mime default Thunar.desktop inode/directory</strike></span><br /><br /><br />Instead, use the interactive mimeopen utility:<br />
<br />
<span style="font-family: Courier New, Courier, monospace;">$ mimeopen -d $HOME</span><br />
<br />
and choose the application you want.Anonymoushttp://www.blogger.com/profile/11529524439991388341noreply@blogger.com0tag:blogger.com,1999:blog-999875928586707115.post-57515587905563408242015-01-16T10:59:00.002-08:002015-01-23T13:41:10.794-08:00VPN from a misconfigured cafe using NAT and Linux network namespaces (netns)Recently I found myself at a cafe that had a wifi connection that was using the whole 10.0.0.0/8 subnet, meaning all addresses from 10.0.0.1-10.255.255.254. This was set up by a professional networking company. In my opinion, someone needs to re-do their CCNA.<br />
<br />
So what this means is that if your corporate network is, say, on 10.34.0.0, you will be unable to route traffic easily over the VPN.<br />
<br />
I am told there are 2 ways of getting around this<br />
<br />
<ol>
<li>Use network namespaces and NAT'ing to run your chosen applications in their own namespace that is NAT'ed through your real connection</li>
<li>Use iptables prerouting if you know which subnets you are trying to get to on the other side of the VPN.</li>
<li>Convince your coffee shop to use a sane network architecture</li>
</ol>
<div>
I chose #1 for now, and this guide goes over that.</div>
<div>
<br /></div>
<h2>
Let's Get Started</h2>
<div>
Add the network namespace and confirm that it was created:</div>
<br />
# ip netns add vpn_nat<br />
# ip netns list<br />
<br />
Add virtual ethernet interfaces (peers)<br />
# ip link add name veth0 type veth peer name veth1<br />
<br />
Move one of those peers into the vpn_nat namespace<br />
# ip link set veth1 netns vpn_nat<br />
<br />
In the namespace context, set up the network<br />
# ip netns exec vpn_nat ifconfig lo up<br />
# ip netns exec vpn_nat ifconfig veth1 192.168.148.2/24 up<br />
# ip netns exec vpn_nat route add default gw 192.168.148.1<br />
<br />
The eagle-eyed reader will notice that I am pointing to a gateway that doesn't exist! We fix that like so:<br />
# ifconfig veth0 192.168.148.1/24 up<br />
<div>
<br /></div>
<h3>
Test that the vpn_nat namespace can reach veth0</h3>
<div>
<div>
Execute ping in the namespace context vpn_nat:<br />
# ip netns exec vpn_nat ping 192.168.148.1</div>
<div>
PING 192.168.148.1 (192.168.148.1) 56(84) bytes of data.</div>
<div>
64 bytes from 192.168.148.1: icmp_seq=1 ttl=64 time=0.088 ms</div>
<div>
64 bytes from 192.168.148.1: icmp_seq=2 ttl=64 time=0.041 ms</div>
<div>
<br /></div>
<div>
The next step is to connect the veth0 to your physical network either using NAT or bridging. This requires the masquerading kernel module, but I believe it gets loaded automatically.</div>
<div>
# sysctl net.ipv4.ip_forward=1</div>
<div>
# iptables -t nat -A POSTROUTING -s 192.168.148/24 -d 0.0.0.0/0 -j MASQUERADE</div>
<div>
<br /></div>
<h3>
Verify the routing tables</h3>
# iptables -t nat -L -n<br />
<h3>
Ping a google address in the namespace context</h3>
# ip netns exec vpn_nat ping www.google.com<br />
<div>
<h3>
Verify the routing table in the netns</h3>
# ip netns exec vpn_natroute<br />
<h2>
Run your application in the namespace</h2>
<div>
I am running as an unprivileged user</div>
$ ip netns exec vpn_nat firefox<br />
<h3>
Undoing</h3>
</div>
<div>
# iptables -t nat -D POSTROUTING 1</div>
<div>
<br />
<div>
<div>
<h3>
References</h3>
</div>
http://blog.scottlowe.org/2013/09/04/introducing-linux-network-namespaces/<br />
http://how-to.wikia.com/wiki/How_to_set_up_a_NAT_router_on_a_Linux-based_computer<br />
http://www.opencloudblog.com/?p=66</div>
</div>
</div>
Anonymoushttp://www.blogger.com/profile/11529524439991388341noreply@blogger.com0tag:blogger.com,1999:blog-999875928586707115.post-22132894299439151692015-01-08T16:04:00.003-08:002016-03-16T19:53:39.765-07:00Recovering Tinder messages from users who've deleted their accountsOkay, I've used Tinder.<br />
<br />
However, we'll put that aside and get more technical here.<br />
<br />
I ran into the situation where a person had given me some info to add her on Facebook, so that we could continue the conversation, but then deleted/disabled her Tinder account!<br />
<br />
For those who don't know, Tinder will remove such a person from your matches and you cannot look at the conversation history anymore. Well, that sucks!<br />
<br />
So here's a really, really, technical solution.<br />
<br />
For security reasons, Android will not let you look in /data/com.tinder. Inside /data/com.tinder/db/tinder.db is a copy of all of the messages you've sent and received in the app. So we need this file, but without a rooted phone, the only way to access this data is to access it through Tinder, which would require us to modify and recompile Tinder ;-). If you try to use a file manager to browse /data, nothing will show up.<br />
<br />
At this point you can root your phone, which requires unlocking the bootloader, which has been claimed to void your warranty, and naturally, when you unlock the bootloader the phone is wiped for security reasons.<br />
<br />
So rooting is really not an option for such a silly little thing. You might as well give up on this potential person, even if they are your soul mate? :-(<br />
<br />
The workaround is to enable ADB USB debugging in Android, and take a backup using the adb tool on your computer, while it's connected to the handset. Do not set a password!<br />
<br />
adb backup -f my_backup.ab -apk -shared -all<br />
<br />
And confirm from the phone that you want to allow this backup.<br />
<br />
At this point you'll have a huge file called my_backup.ab. You'll need to extract this using the <a href="http://sourceforge.net/projects/adbextractor/">Android Backup Extractor</a> which will require Java7 to be installed. Then you can run:<br />
<br />
java -jar abe.jar unpack my_backup.ab my_backup.tar<br />
<br />
Which will create a standard .tar file called my_backup.tar.<br />
<br />
We can then extract this using tar<br />
<br />
tar -xf my_backup.tar<br />
<br />
Then navigate to the folder that's created, apps/ then com.tinder/db<br />
<br />
From here, open the database (a SQLite DB) using sqlite3 command:<br />
<br />
sqlite3 tinder.db<br />
<br />
Let's view some messages!<br />
<br />
select * from main.messages LIMIT 10;<br />
<br />
Anything look familiar here? It should!<br />
<br />
Okay so this is all out of order. What we are looking for are the most recent conversations. The field we are interested in is called 'created', so let's order messages by that!<br />
<br />
SELECT * from main.messages ORDER BY created ASC;<br />
<br />
54ef7ac30147af1b7d000192|53ef05f9f6061a2f32055da4||2014-02-08T19:28:06.922Z||Lol I am, do you want to add me on Facebook? Suzy Queens|<br />
<br />
The names and unique IDs have been changed to protect everyone involved. But hey! There's the message I've been looking for! A match made in heaven. The person will owe you a drink for all of the hard work you've done ;-)<br />
<br />
So my advice would be, if you get a phone number or last name from someone you are interested in...take a screenshot right then and there...Tinder will hide the conversation if that person then leaves Tinder or unmatches you. Otherwise, use this method if you are nerdy, or just can't take a hint. ;-)Anonymoushttp://www.blogger.com/profile/11529524439991388341noreply@blogger.com31tag:blogger.com,1999:blog-999875928586707115.post-23763663924044861082014-04-13T12:52:00.001-07:002014-04-13T12:52:24.627-07:00Heartbleed: Why your replacement SSL certificate should be freeWe've all heard of Heartbleed, the devastating encryption vulnerability in the OpenSSL implementation of SSL/TLS used by an estimated <a href="http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/">2/3 of internet websites</a>.<div>
<br /></div>
<div>
Heartbleed was a simple programming mistake not caught by the small team of developers who manage OpenSSL and contribute to and manage the software.<br /><div>
<br /></div>
</div>
<div>
As a result of the vulnerability, which has existed for 2 years, all websites using OpenSSL need to have users change their passwords and they also must order replacement SSL certificates from a Certificate Authority.</div>
<div>
<br /></div>
<div>
Read more on how SSL works and <a href="https://www.namecheap.com/support/knowledgebase/article.aspx/334">what a root CA is</a>...</div>
<div>
<br /></div>
<div>
Unfortunately, SSL certificates cost money. They are usually in the $10-$150 range.</div>
<div>
<br /></div>
<div>
Considering that there are only 3 developers working on OpenSSL, and yet, most of the CA's customers will be using OpenSSL, in my mind, says that they should have developers contributing to, and auditing that codebase.</div>
<div>
<br /></div>
<div>
Their entire business relies on this chain of trust, so they should be auditing it. It's their job.</div>
<div>
<br />That's why a re-issue due to Heartbleed should be free of charge.</div>
Anonymoushttp://www.blogger.com/profile/11529524439991388341noreply@blogger.com0tag:blogger.com,1999:blog-999875928586707115.post-15821840972879796932014-04-05T18:44:00.000-07:002014-04-05T18:44:00.118-07:00Linux don't care...Say for example, Windows won't let you delete or back up an open file. Even if you wanted to easily create a snapshot of a volume and back up an open file in a consistent manner, it's not that easy.<br />
<br />
Linux don't care...<br />
<br />
In fact, a recent question I was asked in an interview pre-screening, was whether you can delete an in-use logfile and if that space is automatically marked free by the OS?<br />
<br />
The answer to that is, no. On Linux, a file can be deleted when it's in-use. The file will disappear from the FS, but the handle to the file will remain open, and in fact, the application will continue to write to the file even when its hard link count is now exactly zero! That log file will actually appear in the /proc filesystem under that process' PID, in its list of open files. In order to actually delete the file you need to close the file handle. This is done in various ways depending on the application, but it can usually be triggered quite easily, and as a sysadmin, you should why and how you should do this.<br />
<br />
UNIX expects you to be a competent and knowledgeable sysadmin, and this has the advantage of creating a very predictable environment with few exceptions to basic tenets laid out as a contract of sorts<br />
<br />
I like that.<br />
<br />
I like being treated like an adult.Anonymoushttp://www.blogger.com/profile/11529524439991388341noreply@blogger.com0tag:blogger.com,1999:blog-999875928586707115.post-46480341328901727792014-04-05T17:52:00.001-07:002014-04-05T17:52:29.087-07:00Mac OS X filesystems, frustratingly lackingI guess I'm a bit spoiled. Linux never leaves me hanging when I need to access a filesystem. Anything I throw at it--NTFS, FAT32, HFS+, ext2, ext3, XFS, ZFS.<br />
<br />
The other day I was trying to help my sister install dual boot Ubuntu with Mac OS. Apple's disk utility couldn't seem to resize the main HFS+ partition, claiming that there wasn't enough free space (even though 12GB was available). I figured it was a system file in use, so it was off to burn a bootable OS X install DVD--because she's like everyone else and lost her original one. As an aside: Who ever saves these things? I'm still dreaming of the day a client answers, "Yes!" to the question, "Do you have the original install CDs?"<br />
<br />
I had an ext3 formatted disk with the OS X .ISO file on it, and needed to use a Windows system that had a DVD-DL drive (the Mac OS X disk is 7.5GB). Even with some 3rd party ext3 utilities for OS X, I still could not read the ext3 partition. I gave up.<br />
<br />
Just because it's based on Open Source, doesn't mean it's for geeks.Anonymoushttp://www.blogger.com/profile/11529524439991388341noreply@blogger.com0tag:blogger.com,1999:blog-999875928586707115.post-11588210570881083272014-04-05T17:37:00.001-07:002014-04-05T17:37:29.627-07:00Storage Debate: NAS build or buy?You're a storage guru. You eat storage for breakfast, lunch, and dinner. Storage fears you. I/O buses cower in your presence.<br />
<br />
Okay, perhaps you aren't this intense. You don't have a VNX storage array in your bedroom. You aren't any lesser of a man or woman because of that.<br />
<br />
But you still need to store and backup your stuff! So you've decided that you want to do it in-house. What are some considerations? Read on to find out.<br />
<br />
<h3>
Well, what about the cloud?</h3>
The cloud is in the full throes of popularity, but with the recent NSA and <a href="http://www.informationweek.com/security/attacks/evernote-breach-7-security-lessons/240149911" target="_blank">privacy violations</a> from a <a href="http://gigaom.com/2013/10/30/adobe-breach-far-worse-than-thought/" target="_blank">multitude of companies</a>, it's no wonder that many people, like myself, prefer to keep their data in their own hands.<br />
<br />
In the arena of self-hosted data, it's a balance between cost, functionality, and complexity.<br />
<br />
Here, I'll look at the difference between Network Attached Storage devices--which are network attached appliances that simply let you store files--and a home-built PC file server.<br />
<br />
<h3>
Cutting Costs</h3>
The geeks among you may be saying, "why not just buy a computer with lots of storage bays and create an array and share it? I mean, a NAS is a computer!"<br />
<br />
Of course, this is all true. It's also true that a PC is cheaper to build, will be faster than the mostly ARM-based NASes on the market today, and can also do double duty with other roles and services. A PC contains commodity hardware that is both affordable, and readily available.<br />
<br />
<i>When it comes to cost, a PC is almost always cheaper.</i><br />
<br />
However, this does not factor in how valuable your time is or whether your intent is to learn the ins-and-outs of storage configuration, which can be a tiresome road to travel.<br />
<br />
In my case, I do not have the luxury of spending days tweaking a storage server, or logging in every week to kill runaway processes. I do not have the interest currently in researching all of the best-practice configuration file flags for critical file sharing services.<br />
<br />
<h3>
Future-proof & easy maintenance</h3>
NAS RAIDs are standard software RAIDs running on Linux's MD infrastructure. The MD subsystem is tried and true, but lacks some neat features offered at a bit of a higher level--that a NAS will not support. One such feature is the Logical Volume Manager of Linux, which allows very flexible allocation and de-allocation of storage into logical or virtual storage volumes. I use LVM quite frequently to grow shared storage by replacing drive, with almost zero downtime.<br />
<br />
Do you really want your NAS to be a full-blown computer? Subject to routine upgrade and maintenance needs, viruses. Do you want to manage a server? Are you a sysadmin?<br />
<br />
I've compared Synlogy, QNAP, and Thecus, the 3 underdogs of storage. (and NETGEAR, but I would relegate their NAS offerings to do duty as very well-built doorstops). My current favorite is QNAP.<br />
<br />
The boxes are well-built, performant, and QNAP participates in the community. The hardware has gotten so slick, with such cool features as HDMI output, that in the hardware, they've actually pre-installed the XBMC Media Center! I applaud QNAP for going with a best-of-breed existing solution rather than trying to home-bake their own multimedia management solution. That would have simply ended up being terrible and cause them lots of negative press. XBMC is almost universally recognized as one of the best unified entertainment centers among both the commercial and open-source offerings. It really is that good, and the documentation is even better, the <a href="http://wiki.xbmc.org/">XBMC wiki</a> is second to none.<br />
<br />
As I hear, Synology is offering similar features, but if you are one to consider who was there first (me), then you choose that vendor to encourage them to be ahead of the curve.<br />
<br />
<h3>
Joining a domain</h3>
If you are building your own storage server and want to integrate it into a domain, you are on your own in trying to get Kerberos and Samba talking Active Directory to your Domain Controllers. It's a secret sauce that Microsoft has kept the recipe under wraps for quite awhile.<br />
<br />
Don't get me wrong, it's certainly possible, and many smart people can get this running very quickly on a Linux box, but I am not one of those people.<br />
<br />
<h3>
Finesse and Purposeful Duty</h3>
Any PC can be cheap, but a power-mising, living-room-quiet, compact mini PC starts to get into NAS cost territory anyway. A small ITX motherboard, compact case, and other PC components are expensive.<br />
<br />
In that respect, a NAS is really great value!<br />
<br />
But, even if you thought the PC was the cheaper solution, you've still gotta configure the RAID, keep track of what drives in which bays are on which SATA ports and hope you don't destroy your array if you remove the wrong drive when you go to do maintenance.<br />
<br />
Add to this that most NASes are hot-plug ready, meaning zero downtime if you are just swapping out a drive on a RAID5 volume for example.<br />
<br />
<h3>
Plug and Play Apps</h3>
Most NAS devices these days come with cool addons, one of which is XBMC as mentioned earlier. I use my QNAP to stream webcams and create time lapses. I use it as a remote music player, since it has a nice streaming interface. I rsync my backups to it, I use it to tunnel SSH ports into my home network as a pseudo-VPN. I use it for VPN (OpenVPN). I use it to Torrent things and time them so I am not torrenting during peak evening hours when the Internet is slow.<br />
<br />
You can plug in a USB audio stick and stream tunes straight from the NAS into your stereo system. It talks to your USB UPS and will shut down gracefully.<br />
<br />There are so many neat things you can use a low power, embedded Linux system for, it's quite amazing.<br />
<br />
<h3>
What to do with your hard-earned money?</h3>
Give it to QNAP or Synology, browse their respective forums, and enjoy easier and safer access to your files, along with a slew of great add-on apps.Anonymoushttp://www.blogger.com/profile/11529524439991388341noreply@blogger.com0tag:blogger.com,1999:blog-999875928586707115.post-15187543510900032332013-11-11T06:12:00.000-08:002016-09-03T09:03:49.771-07:00Why I would not buy a NETGEAR ReadyNASRecently I had the fortune to test a NETGEAR ReadyNAS. Now this review is rather harsh toward the ReadyNAS, so I say "fortunate" because I most likely would have not been exposed to this hardware in any other context, and within minutes of beginning work on managing these devices it was clear to me that I would not use my own money to buy one. I'll detail why in just a moment.<br />
<br />
For those not familiar with Network Attached Storage (NAS), a quick explanation would be that a NAS is like a hard disk that connects to a network. In addition to simple storage, a network-attached disk like this usually offers some other software features like all-inclusive backup, remote access through VPN, and media sharing. In summary, a NAS is a storage appliance; a place to store data that is plug and play. <br />
<br />
This disappointing design and functionality of the ReadyNAS made me chuckle a bit, because I've been regularly called by NETGEAR marketers about selling ReadyNAS as part of my solution portfolio. I've explained to them that I am a QNAP and Synology guy, but they persist, attempting to answer my questions and assure me that their product does everything the QNAP does, and they act interested in my suggestions to improve the NETGEAR line. I don't know, from my perspective, the ReadyNAS is a solution beyond hope, and I feel that NETGEAR should just drop the product line. They are not a storage company.<br />
<br />
http://www.theinquirer.net/inquirer/review/1014485/netgear-storage-central-killed-pcs<br />
<br />
<h2>
Introduction</h2>
My exposure comes from a job site where I was responsible for integrating a Philips Ultrasound system called <a href="http://www.healthcare.philips.com/main/products/healthcare_informatics/products/cardiology_informatics/xcelera/">Xcelera</a>. As part of this solution, Philips uses 2 stock ReadyNAS Pro 4 to store and archive patient studies, which is basically all of the Ultrasound and analysis data that is generated. <br />
<br />
As a sysadmin I am tasked with checking that studies are appearing on the NAS and subsequently copied to a second NAS.<br />
<br />
<h3>
User Interface</h3>
Firstly, the firmware for the ReadyNAS is called RAIDar. It has a web interface which I found to be quite poor functionally when compared to current firmwares from QNAP and Synology. The design and interactivity of I would estimate to be somewhere in the 2003 era, even though the firmware is dated 2012. While I may not be a fan of the "Desktop in your browser" mentality of the Synology and QNAP firmwares, at least they are featureful, perform well, are easy to use, and interactive in their feedback.<br />
<br />
<h3>
No Link to Admin Mode</h3>
Also, the first thing you do when you get to the RAIDar login page is
realize that even if you log in as admin, there is nothing to
configure! It's not readily apparent that you must use a separate URL
for admin, otherwise from the base URL you are directed to a simple file
manager page. There should be a link from the file management interface to the admin area.<br />
<br />
https://netgear/shares/ = generic file manager<br />
https://netgear/admin/ = admin area<br />
<h3>
File Manager </h3>
Since the file manager was one of the first things I saw in RAIDar, here's what it looks like:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-FWxNXaNmycE/Un6lx4jyPsI/AAAAAAAABv8/9Vb2umLqh0A/s1600/NETGEAR+File+Manager.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="123" src="https://2.bp.blogspot.com/-FWxNXaNmycE/Un6lx4jyPsI/AAAAAAAABv8/9Vb2umLqh0A/s400/NETGEAR+File+Manager.png" width="400" /></a></div>
Very rudimentary indeed. Here's the QNAP equivalent, which includes a nicer multi-pane view including previews, and search.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-Tix8J2_nARA/Un6mF1rPBdI/AAAAAAAABwE/NhIeaHAffXc/s1600/QNAP+File+Manager.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="205" src="https://1.bp.blogspot.com/-Tix8J2_nARA/Un6mF1rPBdI/AAAAAAAABwE/NhIeaHAffXc/s400/QNAP+File+Manager.png" width="400" /></a></div>
<br />
<br />
<h3>
Share Creation</h3>
Creating shares is done through this form on the ReadyNAS.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-7dgoKoUOvQE/Un6mYZmLowI/AAAAAAAABwQ/Q4FQn9zEGLQ/s1600/NETGEAR+Add+Shares.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="211" src="https://4.bp.blogspot.com/-7dgoKoUOvQE/Un6mYZmLowI/AAAAAAAABwQ/Q4FQn9zEGLQ/s320/NETGEAR+Add+Shares.png" width="320" /></a></div>
There is nothing dynamic about this page unfortunately. But I can say that the bulk-operations aspect is somewhat appealing, on the QNAP you must go through 7 steps of a wizard to create a single share, but at least on the QNAP you can assign permissions on a share during creation. On the ReadyNAS, you must first create a share, then switch to manage permissions.<br />
<br />
<h3>
Audit Features</h3>
In the process of integrating the ReadyNAS Pro 4 into my auditing and logging framework, I quickly realized that remote logging is not supported. This leads me to conclude that the ReadyNAS and RAIDar are not auditable and should not be used in secure environments. This seems
to be ignored in practice, as in this case the device is being used in a medical context. I suspect anyone using ReadyNAS at a PCI-DSS or HIPAA compliant site is ignoring this major shortcoming and possibly not being forthcoming
with their suppliers, managers, and customers.<br />
<br />
The interesting thing is that NETGEAR has shipped syslogd, which can send logs to a central logging host, however, you must log into the NAS via SSH (and possibly get denied future support) to get it to work!<br />
<br />
The ReadyNAS forum has a particular thread started in 2008 where
a user requests syslog functionality. It's 2013 as of this writing and
it still has not been implemented.<br />
<br />
In contrast, the QNAP can both log to remote hosts and itself act as a syslog server, and even send email alerts on syslog events, all without touching a config file! Very slick.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-G2Wa3m-x4rA/Un6sVtuYkxI/AAAAAAAABwc/QBT9GIzXkXM/s1600/QNAP+Syslog+Server.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="196" src="https://4.bp.blogspot.com/-G2Wa3m-x4rA/Un6sVtuYkxI/AAAAAAAABwc/QBT9GIzXkXM/s320/QNAP+Syslog+Server.png" width="320" /></a></div>
<br />
<br />
<h3>
Add Ons & Community</h3>
The market for add-ons on the ReadyNAS is relatively poor. In addition, I could not get the market listing to load on my ReadyNAS, I needed to download packages manually from NETGEAR's website.<br />
<br />
In contrast, what QNAP has done is taken great Open Source projects and ported them to work on the Turbo NAS series. In fact the newest Turbo NASes include HDMI output and QNAP went to lengths to port XBMC, a best-of-breed media center package, to the QNAP NAS, rather than doing something silly like writing their own solution. The included apps on QNAP are also quite nice, like OpenVPN, MySQL, ClamAV, and Photo, Video, and Music apps that let you access content through a web browser without the complexities of VPN.<br />
<br />
The QNAP forums and QNAP wiki are also much more active and complete, respectively, than the NETGEAR ones.<br />
<h3>
Apps Market</h3>
This section of the post is relevant mostly to consumers and prosumers, as remote access to a NAS in a corporate environment is not a feature most companies are looking for.<br />
<br />
However, I think that an active set of mobile apps shows a company's commitment to current technologies and the competency of their development team.<br />
<br />
Let's compare!<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-IY4lbR0H_lI/Ul2yXaqm39I/AAAAAAAABuo/YdlnBWTNne0/s1600/Screenshot+-+131013+-+05:06:53+PM.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="229" src="https://4.bp.blogspot.com/-IY4lbR0H_lI/Ul2yXaqm39I/AAAAAAAABuo/YdlnBWTNne0/s320/Screenshot+-+131013+-+05:06:53+PM.png" width="320" /></a></div>
Here is the NETGEAR app list for Android. Very poor reviews! The icons don't even match. It seems either the apps don't work, or people are having trouble using them. 2-star averages.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-gkepJCvGwKU/Ul2yXUNHBXI/AAAAAAAABus/Bv61VkwdBls/s1600/Screenshot+-+131013+-+05:07:13+PM.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="230" src="https://1.bp.blogspot.com/-gkepJCvGwKU/Ul2yXUNHBXI/AAAAAAAABus/Bv61VkwdBls/s320/Screenshot+-+131013+-+05:07:13+PM.png" width="320" /></a></div>
And here is a list for Synology. At least all of their icons are consistent looking. There are a lot of apps! Generally 4-star reviews.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-R5wyVIwl5_4/Ul2yXUAEqSI/AAAAAAAABu0/ZdvW6W4ZcNA/s1600/Screenshot+-+131013+-+05:07:32+PM.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="230" src="https://3.bp.blogspot.com/-R5wyVIwl5_4/Ul2yXUAEqSI/AAAAAAAABu0/ZdvW6W4ZcNA/s320/Screenshot+-+131013+-+05:07:32+PM.png" width="320" /></a></div>
And here is QNAP. The reviews are generally favorable, and most icons are consistent.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-lGTt0jwYLz8/Ul2yX5rsxDI/AAAAAAAABu8/Un5pp1o1FoA/s1600/Screenshot+-+131013+-+05:12:31+PM.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="198" src="https://4.bp.blogspot.com/-lGTt0jwYLz8/Ul2yX5rsxDI/AAAAAAAABu8/Un5pp1o1FoA/s320/Screenshot+-+131013+-+05:12:31+PM.png" width="320" /></a></div>
And Thecus. Not many apps, but maybe features are consolidated in each app.<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<h3>
In summary</h3>
In short, my experiences with NETGEAR have shown them to be a lackluster company when it
comes to quality control and feature requests. They do seem to <a href="http://www.tripwire.com/register/security-advisory-netgear-readynas/">fix their bugs</a>.<br />
<br />
My experience with NETGEAR support on a VPN firewall I have from them also convinced me that NETGEAR is interested in selling hardware, but not interested in supporting it.<br />
<br />
I would not
recommend NETGEAR ReadyNAS, or their other products to any of my clients, save for network
switches or any of their other products that do not have complex firmware or functionality. As far as I'm concerned, NETGEAR is a simple network gear company that
excels only at creating "dumb" devices. They should stick to their niche.<br />
<br />
The positives:<br />
<ul>
<li>Nice little handle at the back of the machines to make them easy to carry</li>
<li>Build quality is professional </li>
<li>NETGEAR donates to netatalk, the FLOSS project that develops the AFP functionality in all NASes</li>
<li>Some cool addons @ http://www.readynas.com/?cat=75</li>
<li>Batch adding of shares </li>
</ul>
<br />
The negatives:<br />
<ul>
<li>Clunky user interface</li>
<li>Lacking advanced features </li>
<li>Threatening disclaimers when trying to get root shell access</li>
<li>Poor community involvement and community documentation</li>
<li>Poorly rated mobile apps</li>
<li>No syslog auditing for compliance, a critical enterprise feature</li>
</ul>
<br />
If you are looking for an extensible, feature-rich, easy-to-use NAS, with a great support community, and enterprisey features, look elsewhere.<br />
<br />Anonymoushttp://www.blogger.com/profile/11529524439991388341noreply@blogger.com0tag:blogger.com,1999:blog-999875928586707115.post-65335764843233943062013-10-04T14:45:00.000-07:002013-11-03T14:45:38.804-08:00What do I name my server? (server naming guidelines)<h2 id="tocHeadRef">
Best practices</h2>
For more ideas on server naming, I really like <a href="http://retrohack.com/zen-and-the-art-of-naming-conventions-hostnames/" target="_blank">this article</a>, and the handy abbreviations he has come up with.<br />
<location><role><sequence><br />
<br />
Example for some database servers in Ontario (ON = Ontario, SQL = SQL Server):<br />
ONSQL01<br />
ONSQL02<br />
<h2>
Drawbacks of the "smart" naming approach</h2>
The one drawback of this approach is that server roles are often
changing, and installing a new service would could render the function
of a server to something completely different. Many services will refuse
to work properly if the server is renamed, and this is often hard to
predict, so the approach should always be "don't rename servers" in my
book. There may be certain roles that never change, i.e. things like Active Directory, where its fairly certain that an AD server will always be an AD server.<br />
<br />
The second drawback of such a naming scheme is that the names can get so unwieldy that you may as well have gone with servers named after Looney Tunes characters and simply looked them up in a name -> role table.<br />
<br />
Commentor "Bish" in the above reference blog post at retrohack.com writes:<br />
<blockquote class="tr_bq">
My company is the embodiment of your plan. USWAFTP104, UKLODC62,
etc. It is the hell anyone would instantly recognize after 12 seconds
of consideration.</blockquote>
<blockquote class="tr_bq">
Which machine was that? Do you mean USMIESX<b>4H2</b> or was that
USMIESX<b>2H4</b> that you just shut down? Oh no! The amount of times that
someone remotes (ssh, rdp, etc) into a box and – even if they
double-check the number 6 times – shuts down, patches or reboots the
wrong host is astounding.</blockquote>
A lot of my clients are using UNC paths (\\) to launch applications and services, and trying to explain to a user to open a Run window and type USMIESX4H2 as the server name is just very unfriendly.<b><br /></b><br />
<br />
Because of this, it may be wise to implement completely "agnostic" names such as those listed at <a href="http://namingschemes.com/">namingschemes.com</a>.
Of course, naming all of your servers after ships that appear in Star Trek may is probably a logical approach (thanks, Spock), but your resident boss may think they are too childish. In my
opinion this plays a factor only if your organization is client facing,
ie, "Hi Mr. Schneider, yes, log into your client portal on <b>daffy.procompany.com</b>".<br />
<br />
My picks today are (appropriately nerdy):<br />
<ol>
<li><a href="http://namingschemes.com/Car_Parts" target="_blank">Car parts</a> (pedal, clutch, wheel)</li>
<li><a href="http://namingschemes.com/Chess_Pieces" target="_blank">Chess pieces</a> (rook, queen, pawn)</li>
<li><a href="http://namingschemes.com/Elements" target="_blank">Periodic table elements</a> (copper, chromium, hydrogen)</li>
<li><a href="http://namingschemes.com/Planets/Stars" target="_blank">Planets</a> (mars, jupiter, saturn)</li>
<li><a href="http://namingschemes.com/Greek_Alphabet" target="_blank">Greek alphabet</a> (alpha, beta, though there are some unfriendly names like 'mu'), this is closely related to the <a href="http://namingschemes.com/NATO_Alphabet" target="_blank">UN/NATO Alphabet</a>.</li>
</ol>
Take
Greek Gods for example, you can name Athena, and expand this either
numerically, like 'athena1', 'athena2', or geographically like
'athena-west' 'athena-east' and still have some semblance of user
friendliness. However, it should be noted that some common practices
include making regional servers part of their own DNS subdomains such as
athena.west.example.com and athena.east.example.com, but conversely many DNS naming
documents suggest NOT having the same hostnames for any servers even if they are in
different DNS domains!<br />
<br />
<h2>
What Microsoft Says</h2>
And of course, what post on this blog would be complete without poking a bit of fun at Microsoft for going the exact opposite direction in recommending non-industry standard naming conventions. I like this gem:<br />
<blockquote class="tr_bq">
<i>"Identify the owner of the computer in the computer name."</i></blockquote>
from <a href="http://support.microsoft.com/kb/909264" target="_blank">KB909264</a> at Microsoft's site.<br />
<br />
<br />
No! No! No! This is some terrible advice! I run into this all of the time, where a client lets an employee go and wants to change the name, or confusion rising out of "Fred" using a PC called "TomPC1". Absolutely couter-intuitive.<br />
<br />
Not to mention that some well-known RFCs discourage this naming convention, such as <a href="http://www.faqs.org/rfcs/rfc1178.html" target="_blank">RFC1178.</a><br />
<br />
<br />
Not only that, but I've had clients insist that the name of their computer be changed, even though for most intents and purposes, the hostname is never seen and is irrelevant to their job function, but it just <i>feels </i>wrong, because "Tom" stole from the company and "I might get some bad juju from being associated with him in any way." Then I need to explain that changing the name may break some services in an unpredictable way somewhere down the line, and in the process see the user get the glazed-over look. <br />
<br />
<h2>
For client PCs</h2>
I settled at first on <i>desktop-XX</i> for desktops then <i>notebook-XX</i> for notebooks as my company's naming conventions for clients (under 100 employees), and later I dropped the hyphen because it's unnecessary.<br />
<br />
So there you have it.<br />
<br />Anonymoushttp://www.blogger.com/profile/11529524439991388341noreply@blogger.com0tag:blogger.com,1999:blog-999875928586707115.post-75508329692571420242013-09-30T10:22:00.002-07:002013-09-30T10:22:32.299-07:00Hybrid ISO disc images - CD/DVD or USB boot compatible!<h3>
Optical drives going out of style </h3>
Due to the lack of optical drives on modern netbooks and ultrabooks, it's often necessary to convert optical disc media into bootable USB keys. Normally this process is fairly difficult.Tools like unetbootin claim to do this easily. Personally I've never had good luck with this software; it's cumbersome to use and trying to address a problem that should be solved by the vendor distributing discs and ISO images.<br />
<br />
A technology I'm rather fond of is the Hybrid ISO, which is an ISO format that can be directly burned to DVD or written directly to a USB disk in a straigtforward way in Windows, Linux, or Mac OS.<br />
<br />
It's as easy as<br />
dd if=yourISO.iso of=/dev/sdb<br />
<br />
Where /dev/sdb is your USB key.<br />
<br />
Here is a small list of distributions that currently offer hybrid ISO images that can be written to DVDs or USB sticks:<br />
<ul>
<li>SuSE Live KDE</li>
<li>SuSE Live</li>
<li>SolusOS</li>
<li>ArchBang</li>
<li>CrunchBang</li>
<li>Arch</li>
<li>Linux Mint</li>
<li>Ubuntu</li>
</ul>
I'd love if they did this with Windows install images as well!<br />
<br />
What are the pitfalls of hybrid ISO images? Why doesn't everyone distribute bootable images this way?Anonymoushttp://www.blogger.com/profile/11529524439991388341noreply@blogger.com0tag:blogger.com,1999:blog-999875928586707115.post-79266331280700969612013-09-30T10:15:00.001-07:002013-09-30T10:15:07.742-07:00Xerox and Konica-Minolta administrator web interface lockout when control panel in useI've worked with a fair number of all-in-one professional copiers for business, such as Xerox Workcentre, Konica Minolta BizHub, Canon imageRunner, and Ricoh Aficio.<br />
<br />
In this new area of network-everything, a strange area emerges where traditional office appliance service companies are offering devices that are heavily IT-integrated, and yet they do not know the intricacies of managing devices in this way. Therefore I find myself taking administrative control of these appliances from an IT standpoint and letting them manage the physical hardware.<br />
<br />
It is super convenient to be able to login to a web UI and manage a diverse set of options on these devices. However, during my troubleshooting, I've run into an issue with more than one manufacturer where you cannot change settings in the Web UI when the printer is processing a job or a user is at the front panel.<br />
<br />
The Konica-Minolta front panel is exceptionally bad: it will prevent a user from making copies if it detects ANY activity in the web UI, and the time out is quite long.<br />
<br />
The Xerox machines, while quite fast--and with by far the most configurable options--are plagued by the opposite effect, where the front panel overrides the web UI administrator. You cannot apply any settings when the printer thinks it has a user at the front panel. In my experience this detection mechanism is very poorly written and the user <i>will insist</i> that they are not at the control panel even though the web UI reports this. Add to this that the timeout before the printer thinks no one is working is set very long, and <b>cannot be changed in the web UI itself</b> and you get an unproductive 15 minutes for a task that should have taken 2.<br />
<br />
This must be frustrating for administrators working in universities where a library printer may never <i>not</i> have a user at the keypad. I also work with medical clinics where the machine is in use 98% of the time during working hours.<br />
<br />
When I get a service call for one of these machines, like when the scan-to-email function is not working, my first goal is to use VPN or SSH tunneling to get at the device's web UI to check the settings. And having your hands tied like this is immensely frustrating, especially when it interferes with even benign operations like adding an address book contact. The device manufacturers should know better!<br />
<br />
Considering cheap Brother devices do not
have such interlocks on web UI administration, I'm hard pressed to reward Xerox and Konica-Minolta in particular with kudos, despite how nice the devices themselves are.<br />
<br />
I expect the device to trust me as a sysadmin to change settings while the device is in use. It's just poor or lazy design.<br />
<br />
Perhaps some of these settings can be changed over SNMP which gets around this limitation?<br />
<br />
As a side note, my personal picks are Ricoh Aficios and Xerox Workcentres. However, I do not know if the Aficio line suffers from this interlock problem. <br />
<br />Good luck to all you sysadmins out there managing office printers!<br />
<h3>
References</h3>
http://forum.support.xerox.com/t5/Hardware/Unable-to-enter-Administrator-Mode/td-p/740Anonymoushttp://www.blogger.com/profile/11529524439991388341noreply@blogger.com0tag:blogger.com,1999:blog-999875928586707115.post-78935773235348786952013-04-17T08:57:00.000-07:002013-06-11T14:42:29.446-07:00Windows Gripe #38The built-in arp command on Windows will not take a hostname as an argument, you must specify an IP. In contrast, Linux will let you specify a hostname and it will do DNS to get an IP and then report the MAC of that IP, eliminating a step.<br />
<br />
Perhaps Microsoft did this because conceivably you could have a machine with 2 or more IP addresses, and Windows wants to make <a href="http://thatfoxykid.blogspot.com/2013/04/windows-really-suretechnology.html" target="_blank">Really Sure™</a> that you want the MAC address of that particular IP.<br />
<br />
This will be the first article in which I mention Windows' "Really Sure™" technology. You know, the one where you have to click 12 times to get through an install Wizard, and you are asked 2x if you really, truly, deeply want to delete that file. If you don't trust yourself, or you have a multiple personality disorder, Windows Really Sure™ will save your bacon.<br />
<br />
Or it'll result in you and your friends blindly clicking any "OK" "Yes" "Confirm" and "Next" button that you see.Anonymoushttp://www.blogger.com/profile/11529524439991388341noreply@blogger.com0tag:blogger.com,1999:blog-999875928586707115.post-25120889155878263342013-04-17T08:56:00.000-07:002013-04-17T08:56:03.887-07:00Windows Really Sure™Technology<br />
This will be the first article in which I mention Windows' "Really Sure™" technology.<br />
<br />
You know, the one where you have to click 12 times to get through an install wizard.<br />
<br />
Or you are asked 2x if you really, truly, deeply want to delete that file.<br />
<br />
If you don't trust yourself, Windows Really Sure™ will save your bacon.<br />
<br />
Or it'll result in us and our friends blindly clicking any "OK" "Yes" "Confirm" and "Next" button that we see. I think it's the more the latter.<br />
Anonymoushttp://www.blogger.com/profile/11529524439991388341noreply@blogger.com0tag:blogger.com,1999:blog-999875928586707115.post-69692507785334470612013-04-14T08:51:00.001-07:002013-04-14T14:45:02.767-07:00Google Maps mobile app double tapping<div>
<div dir="ltr">
Have you ever gotten frustrated about not being able to use Google Maps with one finger? Think it's impossible to zoom in or out without two-finger pinch?</div>
<div dir="ltr">
<br /></div>
<div dir="ltr">
Try tapping twice quickly and hold down on the second tap. Drag that finger toward and away from that point and the map zooms accordingly.</div>
<div dir="ltr">
Another hidden feature!</div>
</div>
Anonymoushttp://www.blogger.com/profile/11529524439991388341noreply@blogger.com0tag:blogger.com,1999:blog-999875928586707115.post-58485977611645817722013-03-17T17:32:00.001-07:002013-03-27T11:52:21.974-07:00Microsoft attacks Google for snooping - with ridiculous campaign<a href="http://www.scroogled.com/">http://www.scroogled.com/</a><br />
<br />
I really don't like the idea of giving them any more traffic, but it's just too funny to not link to.<br />
<br />
The picture of the woman doing the "mea culpa" pose over the man makes me think she just knocked him down--and told him to stay down. He looks surprised. Really weird graphic.<br />
<h3>
</h3>
<h3>
Eyes superimposed over the email</h3>
This is a total red-herring.<br />
<br />
Firstly, Google does not have people actively reading your email to give you ads.<br />
<br />
Secondly, is your email really that private that you would be bothered by someone reading it? Everyone should already know that you do not send personal info through
your email. I know most are guilty, but seriously guys, no passwords, no
credit card numbers, no comments about the diseases you have. E-Mail is
<b><i>not</i></b> private.<br />
<br />
In fact, I would tell people to always imagine creepy eyes above their screen because it will give them pause to think about 1) "should I be sending this info via insecure email", and 2) "maybe I should cool down before I send it". <br />
<br />
I think that most people are willing to have their email scanned in exchange for the service that Google offers. I know I am, GMail is pretty awesome.<br />
<br />
Is this really worse than the way Hotmail (now Windows Live Mail, or Outlook.com, I can't remember) used to insert ads under the sig in any email sent from Hotmail. That was pretty sleazy and made your @hotmail.com address look even less professional than it already did.<br />
<br />
<br />
<h3>
Somehow you are being screwed</h3>
I'm not being screwed by Google. Maybe I'm being inconvenienced with ads...but again, a small price to pay. Let's not forget that Google offers GMail, YouTube, and even Blogger, free of direct fees.<br />
<br />
<h3>
Link to Google's own video </h3>
In the Microsoft campaign they include a video snippet from Google, where Google talks about this 'feature'.<br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen='allowfullscreen' webkitallowfullscreen='webkitallowfullscreen' mozallowfullscreen='mozallowfullscreen' width='320' height='266' src='https://www.youtube.com/embed/mpmOL-MT5lQ?feature=player_embedded' frameborder='0'></iframe></div>
<br />
Microsoft is trying to pitch this as a negative, but honestly, it puts Google in a pretty good light; in the video the CEO is actually citing how Google aims to not intrude so much so as to be creepy. It's actually reassuring that Google is thinking about where the line of creepy is. Anonymoushttp://www.blogger.com/profile/11529524439991388341noreply@blogger.com0tag:blogger.com,1999:blog-999875928586707115.post-86010768960049462092013-03-17T17:14:00.000-07:002013-04-17T08:46:52.824-07:00Product Pick: High-Rely 2-bay AMT disk to disk backup applianceA great majority of my worrying for my clients comes in the form of <strike>backup</strike> disaster preparedness. It happens far too often in my line of work that companies don't grasp the idea of how a few hundred dollars now, will save them (and me) countless hours of worry, lost productivity, lost money, and extreme anxiety.<br />
<br />
I don't think I'm alone as a sysadmin in feeling guilt about saying to a client "Sorry, there's nothing that I can do." I feel like it's my fault...sigh.<br />
<br />
Hardware is replaceable, data is not. One cannot make up data; it was created for a purpose, you pay your employees to create it, and your customers are expecting you to deliver it. If you need to make a shipment tomorrow and the important details were in an Excel file that was lost by a failed hard disk, all the money in the world won't bring it back, and more importantly, even if it did, would it be recreated in time for your deadlines?<br />
<br />
Please, backup, and test that you can get <strike>the</strike> your data back. See some of my other posts for software hints for packages that can help with this.<br />
<h3>
The Dinosaur that Won't Die - Tape</h3>
Sysadmins like myself really dislike tape backup, and this has been the 'go-to' technology for the last, say, 40 years? Linear tape really is an old-fashioned media. It is reliable, but difficult to manage. Since the data is stored in a long stream (linearly) along the tape, individual file restores are very time consuming. The fact that that tape is so cumbersome to write to means that you need a big backup software package to control what goes onto each tape to manage the indexes of which files are located where. The indexes themselves are not usually stored to tape, therefore they have to be recreated if you lose your server, which means manually spending hours feeding tapes and letting your backup software re-index all of the files on each tape.<br />
<br />
Then of course there's the human factor issue with tape, where you have to train people to rotate tapes, keep to the schedule, report errors and possibly interact with the server to see status messages (dangerous!). This user(s) may also become "forgetful" and not take the tapes off-site or will forget to bring them back on-site to actually update the tape data. These elaborate retention and rotation schemes are just asking for trouble, and the incremental nature of most tape backups means that you have to have all of your tapes to get all of your data back, the most recent tapes will only contain recently changed files. Yikes!<br />
<br />
Another thing to consider is that your disaster recovery plan probably also includes contingencies for if your building burns down. Unfortunately, tapes are no good without a compatible tape drive. They require special hardware to be read. Tape drives run from $2000-$4000 new, and aren't something you can pick up from your local computer fix-it store. This will delay your server/data restoration, unless of course you purchase an extra tape drive that waits and depreciates in an off-site closet for an event that hopefully will never occur.<br />
<br />
So you have a lot of things working against you with tape:<br />
<ol>
<li>Specialized hardware</li>
<li>Recreation of indexes</li>
<li>Inability/difficulty in restoring</li>
<li>Incremental backups</li>
<li>Labourous and error-prone physical management of media</li>
</ol>
And yet, even Google, in a data loss incident a few years ago, went back to tape to restore data for the 2% of GMail users who had lost emails due to a software update!<br />
<br />
While tape is good enough for Google, I believe they have the money for nice automated tape libraries (think "tape jukebox") and dedicated personnel to manage their tapes. Most SMBs don't.<br />
<br />
Here I'm going to talk about disk-to-disk backup, because for most of my clients, their
Internet connections are not beefy enough to do real on-line backup,
and furthermore most online backup houses will not ship you a hard disk
when you need to restore everything, you have to download it all. For
businesses that I work for, that have average of 1TB of data on shares
and Outlook PSTs, that's just not reasonable.<br />
<br />
So I recommend disk-to-disk backup to all of my clients.<br />
<br />
<h3>
More on Disk Backup</h3>
Disk-to-disk backup is as simple as it seems. You simply use another hard disk(s) to backup the hard disk(s) in your computers and servers. We are up to 4TB density on 3.5" hard disks these days, so data density is very good, for a competitive price. In combination with modern block-level backup (instead of file-based like tape) only the changes to data are stored, and we can do these differential block-based backups granularly on the disk because hard disks are made for random access, unlike tape.<br />
<br />
In my own business, I first I tried USB external drives with clients. USB drives always had to be replugged, would spontaneously change drive letters, would have their internal boards fail (Western Digital, I'm looking at you), and people would have this nasty habit of knocking them over while they were running, which would just toast them. On top of that the USB connectors would be destroyed by constant replugging, as they are really not designed for a high number of replug cycles.<br />
<br />
Then I looked at purpose made devices like RDX drives. These seem like an intelligent solution until you notice that you need custom software and have to buy media from the manufaturer at inflated prices at storage capacities that are 12-months behind the storage curve. Plus RDX drives were 2.5" meaning they are reduced capacity to begin with, and the portability argument of 2.5" drives over 3.5" wasn't convincing to me.<br />
<br />
How could we combine the reliability and robustness of tape with the random access performance and low price of commodity hard disks?<br />
<br />
<h3>
Highly Reliable Systems to the Rescue</h3>
After scouring the Internet for a few hours I came upon a company based in Reno, Nevada, making a wide range of devices including a nice appliance that houses 2 x 3.5" standard SATA drives in a nice hot-pluggable configuration. For extra usability they include LCD displays and LEDs right on the device to tell the end user the status of drives and replication.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-u9O3KHDA1-w/UUZbK7xfGHI/AAAAAAAABeA/NGleYeoGrO8/s1600/High-Rely+2-Bay+AMT.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="265" src="http://1.bp.blogspot.com/-u9O3KHDA1-w/UUZbK7xfGHI/AAAAAAAABeA/NGleYeoGrO8/s400/High-Rely+2-Bay+AMT.jpg" width="400" /></a></div>
<br />
<br />
<br />
They call it the High-Rely 2-bay AMT. I call it common sense.<br />
<br />
The way it works is that one drive always remains in the AMT. To the OS, the AMT looks like any other eSATA drive. The swapping of drives is not visible to the OS, meaning no problems with backups being missed because drive letters change or because something wonky happened on the USB bus.<br />
<br />
The trays are nice and beefy, and on High-Rely's site you can see them chuck a tray with disk inside off of a roof and then demonstrate that the hard disk still functions perfectly.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-_PApH4Iyl1s/UUZcBTitQTI/AAAAAAAABeI/T-zfQq2n7QI/s1600/P1110872_1280x1024.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="265" src="http://4.bp.blogspot.com/-_PApH4Iyl1s/UUZcBTitQTI/AAAAAAAABeI/T-zfQq2n7QI/s400/P1110872_1280x1024.jpg" width="400" /></a></div>
Because the High-Rely looks like to the host system as a regular fixed disk, the compatibility with backup software becomes ten-fold better than tape, RDX, or USB. You can use Windows' new inbuilt backup to great effect. Not only that, but you can use it in 'exotic' scenarios like hooking it up to a NAS or SAN and do seamless backups of those devices as well!<br />
<br />
And what does the user do to manage the High-Rely? When they come into work, and both drives are in green state, just unlock either drive and remove it, insert another one, and watch the lights furiously blink until replication is complete. There is always one drive off-site, just like we IT people like.<br />
<br />
All of the RAID1 replication is done inside the High-Rely, so there is no load to the OS, and no management of RAID or the replication process. However, it should be noted that doing a backup to the High-Rely while it is replicating between drives will increase the time until both drives are ready, and will slow the backup job as well.<br />
<br />
The sleds are aluminum, with an LCD in front and a hot-swap connector on the back. They don't use the drive's actual SATA connector, to reduce the likelihood of damaging it through continued replugging. There are four screws holding the disk in the caddy, so you can remove and replace the drive with an higher-capacity one down the line. I asked High-Rely support about this and surprisingly they didn't threaten me with claims of invalidating the warranty, they actually laughed and said that's the point! When you need to recover, you can simply take the SATA drive out, connect it to a computer and <b>get your data</b>. What a concept!<br />
<br />
Oh, and with <a href="http://thatfoxykid.blogspot.ca/2013/01/cant-suspend-backups-with-wbadmin.html" target="_blank">Windows Server Backup (wbadmin.exe)</a> you get unlimited retention (until disk is full), so each disk contains weeks of revisions of every file on your server. One client of mine has 800GB of data, and with daily "full" block based backups gets 12 days worth of complete snapshots on each 2TB sled. Very cool.<br />
<br />
<h3>
Some Issues</h3>
The one thing I can complain about is optional host software is silly looking. I use it because it offers features like email notification and visual status separate from the front panel.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-JjruFVzwn5M/UUZYTj1zKsI/AAAAAAAABd4/r69iZiAUUUI/s1600/2013-03-17--1363564571_794x581_scrot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="234" src="http://2.bp.blogspot.com/-JjruFVzwn5M/UUZYTj1zKsI/AAAAAAAABd4/r69iZiAUUUI/s320/2013-03-17--1363564571_794x581_scrot.png" width="320" /></a></div>
<br />
<br />
I called their HQ and spoke to the owner and asked him about integrating other software with this communication channel over SATA and he said the Chinese company that makes the RAID solution used in the High-Rely will not disclose the way that they are sending info over the SATA, so we're stuck with this.<br />
<br />
It seems that after a power failure, the High-Rely goes into a state where it doesn't know how to replicate anymore. There is a process I have to go through every months with a client to get it back to normal. It is a simple fix, and no data is lost, I don't have to reconfigure or reset backups. With a proper UPS and stable power grid this would normally never happen, I think.<br />
<br />
<h3>
Summary</h3>
So, in conclusion, I always recommend this solution to clients if they have lots of data (over 500GB), and they are willing to shell out the approx. $900 for the appliance and 3 sleds with drives.<br />
<br />
High-Rely also offers some more sophisticated NAS-based devices that have large swappable cages that have 3 drives in them. That's 3x4TB, or 12GB, for those in the graphics or video industry.Anonymoushttp://www.blogger.com/profile/11529524439991388341noreply@blogger.com2tag:blogger.com,1999:blog-999875928586707115.post-2084352619916123892013-01-16T20:07:00.000-08:002013-01-16T20:07:01.090-08:00Can't suspend backups with wbadminDid you know that Windows Server 2008 and later include a new wbadmin.exe that replaces ntbackup.exe.<br />
<br />
Thank goodness, right? Because ntbackup.exe fostered the creation of a whole backup software industry based on its inadequacy as a backup tool.<br />
<br />
Having used wbadmin.exe, I have to say, I was initially impressed with Microsoft's renewed commitment to bringing universal OS and server features that should be part of the OS back under the auspices of the OS designer.<br />
<br />
The fact that basic backup had to be outsourced to a 3rd party software vendor was silly in the first place. Linux for example includes LVM2 to do snapshotting already, and so many adequate backup tools like rsync, rsnapshot, dd readily available.<br />
<br />
I'll go into wbamin in another post but for the time being I wanted to point out that while testing other backup software it's impossible to suspend wbadmin from doing its thing.<br />
<br />
Even in the CLI, you simply can't pause backups. Look in the Task Scheduler, and you'll find no mention that wbadmin is even set to run at all!<br />
<br />
In fact the only way to preemptively cancel Windows Server Backup is to delete the entire backup schedule, at which point your previous backups are kept <i>until</i> you go to start the schedule again and Windows will <b>format and delete</b> your accumulated backups on the fixed disk you have been using! Talk about unintuitive and dangerous!<br />
<br />
So basically you can't suspend backups at all with wbadmin. Your only option if you don't want to lose your backup history is to wait until the scheduled job start, and issue 'wbadmin stop job' at the CLI, and you must remember to do this shortly after every scheduled backup starts!<br />
<br />
Here are some pointers to MS:<br />
<ul>
<li>Include webadmin in the Task Scheduler</li>
<li>Allow suspension of backup plan in the GUI or at least CLI</li>
<ul>
<li>and as an extension, don't delete the previous backups and require running the backup wizard from scratch again </li>
</ul>
<li>Warn the user with a taskbar warning or something when backup is suspended</li>
</ul>
<br />
And for you, faithful sysadmin, keep on your toes, make sure wbadmin has got your back.Anonymoushttp://www.blogger.com/profile/11529524439991388341noreply@blogger.com2tag:blogger.com,1999:blog-999875928586707115.post-21389576066229840822012-12-03T11:36:00.000-08:002013-01-23T07:05:58.866-08:00Visio lite: Google Docs Draw<div>
<div dir="ltr">
Often I have clients asking about how they can visualize their processes and other aspects of their business.</div>
<div dir="ltr">
<br />
The obvious answer is always Microsoft's Visio. Don't get me wrong--it's a great product that allows free-form and rigid design all the same. </div>
<div dir="ltr">
<br />
But it's overkill for the average business person, and suffers from an avalanche of features that most people looking for a simple sketching tool won't ever exploit. Not to mention of course that it's expensive!</div>
<div dir="ltr">
<br /></div>
<div dir="ltr">
Of course, in a cloud-enabled world, we can avoid costly and time-consuming management of desktop software like Visio. Imagine if Google had a cloud-connected version of Visio?! Well, in a word, they do!</div>
<div dir="ltr">
<br /></div>
<div dir="ltr">
Enter Google Docs Draw. Basically it lets you create shapes, and link them with unbreakable lines that move and snap to your shapes. This makes it really easy to create simple flowcharts and organizational aides.</div>
<div dir="ltr">
<br />
<h3>
Some features</h3>
</div>
<ul>
<li>Collaborate - share and collectively modify drawings with people inside and outside of your organization</li>
<ul>
<li>It's very trippy and cool to see someone moving some shapes around in a corner of the document </li>
</ul>
<li>Connect shapes with unbreakable lines</li>
<li>Export PDF or image files of your Draw documents</li>
</ul>
<div dir="ltr">
<br /></div>
<div dir="ltr">
<h3>
What kind of things can you do with Google Draw?</h3>
Do some basic graphic design:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-5po9thORSGw/UPhRPjU-1XI/AAAAAAAABb8/ndFjh6ho16U/s1600/2013-01-17--1358450567_664x480_scrot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="231" src="http://4.bp.blogspot.com/-5po9thORSGw/UPhRPjU-1XI/AAAAAAAABb8/ndFjh6ho16U/s320/2013-01-17--1358450567_664x480_scrot.png" width="320" /></a></div>
<br />
Plan out the flow of your phone menu and secretarial procedures:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-62UJ2t4lq-k/UPhRQaqfz3I/AAAAAAAABcE/QnxXIhuan5w/s1600/2013-01-17--1358450648_763x724_scrot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="303" src="http://2.bp.blogspot.com/-62UJ2t4lq-k/UPhRQaqfz3I/AAAAAAAABcE/QnxXIhuan5w/s320/2013-01-17--1358450648_763x724_scrot.png" width="320" /></a></div>
<br /></div>
<div dir="ltr">
Or insert a background picture and add on top of that. Here, a basic Gantt chart:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-HyD3sP2EVuo/UPhR9SZlNXI/AAAAAAAABck/QHEE2eKWfZ4/s1600/2013-01-17--1358451196_997x616_scrot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="245" src="http://4.bp.blogspot.com/-HyD3sP2EVuo/UPhR9SZlNXI/AAAAAAAABck/QHEE2eKWfZ4/s400/2013-01-17--1358451196_997x616_scrot.png" width="400" /></a></div>
<br />
<br />
Mock up some forms for graphic design:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-QPfBBqJ7NSI/UPhRRLZqf_I/AAAAAAAABcU/LUvp5U3NVwg/s1600/2013-01-17--1358450956_744x561_scrot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="301" src="http://1.bp.blogspot.com/-QPfBBqJ7NSI/UPhRRLZqf_I/AAAAAAAABcU/LUvp5U3NVwg/s400/2013-01-17--1358450956_744x561_scrot.png" width="400" /> </a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Design some user interfaces for software:</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-Fe0gRhHaSaw/UPhRQqqzTVI/AAAAAAAABcM/v2J1Mw_u1d4/s1600/2013-01-17--1358450878_782x673_scrot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="343" src="http://3.bp.blogspot.com/-Fe0gRhHaSaw/UPhRQqqzTVI/AAAAAAAABcM/v2J1Mw_u1d4/s400/2013-01-17--1358450878_782x673_scrot.png" width="400" /></a></div>
<br />
Make a floor plan:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-A8maditohUg/UPhRRkekDKI/AAAAAAAABcc/barD0_TLdDQ/s1600/2013-01-17--1358450907_863x704_scrot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="326" src="http://3.bp.blogspot.com/-A8maditohUg/UPhRRkekDKI/AAAAAAAABcc/barD0_TLdDQ/s400/2013-01-17--1358450907_863x704_scrot.png" width="400" /></a></div>
<br />
<h3>
Some other tips</h3>
I've found that some people are confused about the "canvas" or viewable area in Google Docs Draw. They don't understand that your drawing can actually be larger than the canvas, and wonder why when they export the drawing, there are edges or entire portions that are missing!<br />
<br />
The canvas is represented by a checkered pattern as illustrated in the above screenshots. If any part of your image is outside of this area, it <i>will</i> be clipped off when you export the image to another format using File->Download as-><br />
<br />
Please note of course, that if you share the Google Drawing, the people whom you share it with will see everything, inside the canvas or not. <br />
<br />
Say for example you want to show a portion of a proprietary document to an outsider? In this case, we can resize the canvas to expose only the area that we want to show, then export as a PNG or JPEG that can be sent by email to a semi-trusted party. The recipient will see only the area inside the canvas.<br />
<br />
Here's an example where the canvas only encompasses a small part of the entire drawing.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-hA7rv4TSsTQ/UP_7tA76OII/AAAAAAAABc0/wbZwA-KDFKk/s1600/2013-01-23--1358953361_997x590_scrot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="189" src="http://3.bp.blogspot.com/-hA7rv4TSsTQ/UP_7tA76OII/AAAAAAAABc0/wbZwA-KDFKk/s320/2013-01-23--1358953361_997x590_scrot.png" width="320" /></a></div>
And now, when I export as a PNG file, the recipient sees:</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-sUGma7QbEKA/UP_71WmpOJI/AAAAAAAABc8/ikRZq7QjhpE/s1600/2013-01-23--1358953440_469x647_scrot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="http://4.bp.blogspot.com/-sUGma7QbEKA/UP_71WmpOJI/AAAAAAAABc8/ikRZq7QjhpE/s320/2013-01-23--1358953440_469x647_scrot.png" width="231" /></a></div>
<div dir="ltr">
<br />Another good use of the canvas is if you have a set of small figures that you are using as a library, where you copy items from off of the canvas and paste them into the viewable area. When you export, all of those little items you've left off to the side will not be visible!<br />
<br />
In summary, Google Docs Draw is not Visio, but for many purposes it fits the bill for ease of use, availability, and functionality.</div>
</div>
Anonymoushttp://www.blogger.com/profile/11529524439991388341noreply@blogger.com0tag:blogger.com,1999:blog-999875928586707115.post-62743555113482854212012-09-20T09:27:00.002-07:002012-09-20T12:40:48.308-07:00Why people get malwareAs an IT consultant I can always lament the fact that people just don't seem to care enough about their computers.<br />
<br />
On the other hand, the Internet can be a treacherous place where one can be baited into anything. See the below screenshot for a view of a website where you can download a particular piece of software.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-Jk5C58FqjoM/UFtDTFLuIGI/AAAAAAAABVg/xqGraFkHzzU/s1600/2012-09-20--1348150855_856x1100_scrot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="http://2.bp.blogspot.com/-Jk5C58FqjoM/UFtDTFLuIGI/AAAAAAAABVg/xqGraFkHzzU/s640/2012-09-20--1348150855_856x1100_scrot.png" width="497" /></a></div>
<br />
See all of the Download buttons (I count 3). Note that none of those is the correct one!<br />
<br />
Would I expect a normal person using a computer to understand which one to click? I don't think so. To me it's obvious, but I'm not your average user.<br />
<br />
Recently I have been spending some time with a yoga instructor, and I have to say that from the outside, remaining mindful of the body becomes an all-encompassing process that yields great rewards in spirit and energy.<br />
<br />
Imagine if people treated their computers as their holy temple, their valuable body.<br />
<br />
I'm still entranced by the idea that many users treat their machines so poorly, as though they are unimportant adornments to their modern life, but Zeus help me if that same computer breaks! The user bemoans and grieves the loss of their digital companion as if they could not possibly drudge on in this waking life without email and Facebook. And of course by extension I am called up and asked to work miracles, where even real miracles cannot fix the damage. Here at <a href="http://www.avianblue.net/" target="_blank">AvianBLUE</a> we are only human.<br />
<br />
Don't know what you have till you've lost it, right?<br />
<br />
So here's to the tender care and feeding of your trusted computer:<br />
<br />
<br />
<ol>
<li>Tap thee lightly on the keypad, for these letters facilitate your once-hourly Facebook updates: "I'm having soo much fun sipping a latté at Starbucks!"</li>
<li>Gently remove thy dust bunnies from between the finger-keys and fan-apparati using the purposeful breeze of a canned windstorm with attached straw, available at your local supplier of office doodads.</li>
<li>Lay heed to the words and wisdom of your IT guru, update and upgrade often, as this is the spiritual path to computer enlightenment.</li>
<li>Carry one's computer companion with the loftiness of a cloud, and set lovingly upon the clean and composed workspace.</li>
<li>Tread only the clean areas of the Internet, and beware the pitfalls as described above.</li>
</ol>
Anonymoushttp://www.blogger.com/profile/11529524439991388341noreply@blogger.com0